CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

28 matches found

Snyk•added 2026/04/23 3:7 p.m.•1 views

Incomplete List of Disallowed Inputs

Overview pyspector is an A high-performance, security-focused static analysis tool for Python, powered by Rust. Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the PluginSecurity.validateplugincode validation logic. An attacker can achieve arbitrary co...

7.8CVSS6.4AI score0.00021EPSS

Exploits1References2

NVD•added 2026/04/23 2:16 a.m.•2 views

CVE-2026-41206

PySpector is a static analysis security testing SAST Framework engineered for modern Python development workflows. The plugin security validator in PySpector uses AST-based static analysis to prevent dangerous code from being loaded as plugins. Prior to version 0.1.8, the blocklist implemented in...

7.8CVSS0.00021EPSS

Exploits1References3

CVE•added 2026/04/23 12:42 a.m.•7 views

CVE-2026-41206

Summary: CVE-2026-41206 affects PySpector, a Python SAST framework. The vulnerability lies in the plugin security validator’s static analysis in the function/class handling plugin loading via PluginSecurity.validate_plugin_code. Before version 0.1.8, the blocklist is incomplete and can be bypasse...

7.8CVSS6.3AI score0.00021EPSS

Exploits1References3Affected Software1

Cvelist•added 2026/04/23 12:42 a.m.•32 views

CVE-2026-41206 PySpector has a Plugin Code Execution Bypass via Incomplete Static Analysis in PluginSecurity.validate_plugin_code

6.9CVSS0.00021EPSS

Exploits1References3

ATTACKERKB•added 2026/04/23 12:42 a.m.•3 views

CVE-2026-41206

6.9CVSS6.3AI score0.00021EPSS

Exploits1References4Affected Software1

Vulnrichment•added 2026/04/23 12:42 a.m.•0 views

CVE-2026-41206 PySpector has a Plugin Code Execution Bypass via Incomplete Static Analysis in PluginSecurity.validate_plugin_code

6.9CVSS6.3AI score0.00021EPSS

Exploits1References3

CNNVD•added 2026/04/23 12:0 a.m.•3 views

PySpector 安全漏洞

PySpector is a high-performance Python static security analysis framework based on graphs, developed by Tommaso Bona. Versions of PySpector prior to 0.1.8 contained security vulnerabilities. These vulnerabilities stemmed from an incomplete blacklist of plugin security validators, which could allo...

7.8CVSS6.1AI score0.00021EPSS

Exploits1References1

RedhatCVE•added 2026/03/26 3:9 p.m.•2 views

CVE-2026-33140

PySpector is a static analysis security testing SAST Framework engineered for modern Python development workflows. PySpector versions 0.1.6 and prior are affected by a stored Cross-Site Scripting XSS vulnerability in the HTML report generator. When PySpector scans a Python file containing...

6.1CVSS5.9AI score0.00017EPSS

Exploits1References1

Veracode•added 2026/03/21 5:26 a.m.•1 views

Arbitrary Code Execution

PySpector is vulnerable to Arbitrary Code Execution. The vulnerability is due to incomplete AST validation in the plugin system where indirect calls via getattr are not properly resolved, which allows an attacker to bypass security checks and execute arbitrary system commands through malicious...

8.3CVSS6.1AI score0.00039EPSS

Exploits1References2Affected Software1

NVD•added 2026/03/20 8:16 p.m.•1 views

CVE-2026-33140

6.1CVSS0.00017EPSS

Exploits1References1

NVD•added 2026/03/20 8:16 p.m.•0 views

CVE-2026-33139

PySpector is a static analysis security testing SAST Framework engineered for modern Python development workflows. PySpector versions 0.1.6 and prior are affected by a security validation bypass in the plugin system. The validateplugincode function in pluginsystem.py, performs static AST analysis...

8.3CVSS0.00039EPSS

Exploits1References1

Cvelist•added 2026/03/20 8:0 p.m.•18 views

CVE-2026-33140 PySpector: Stored XSS in PySpector HTML Report Generation leads to Javascript Code Execution

5.3CVSS0.00017EPSS

Exploits1References1

Vulnrichment•added 2026/03/20 8:0 p.m.•1 views

CVE-2026-33140 PySpector: Stored XSS in PySpector HTML Report Generation leads to Javascript Code Execution

5.3CVSS5.9AI score0.00017EPSS

Exploits1References1

CVE•added 2026/03/20 8:0 p.m.•1 views

CVE-2026-33140

PySpector HTML report generation contains a stored XSS in HTML reports for PySpector versions

6.1CVSS5.9AI score0.00017EPSS

Exploits1References1Affected Software1

ATTACKERKB•added 2026/03/20 8:0 p.m.•3 views

CVE-2026-33140

5.3CVSS5.9AI score0.00017EPSS

Exploits1References2Affected Software1

CVE•added 2026/03/20 7:59 p.m.•2 views

CVE-2026-33139

PySpector has a Plugin Sandbox Bypass vulnerability (GHSA-V3XV-8VC3-H2M6) affecting versions

8.3CVSS5.9AI score0.00039EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2026/03/20 7:59 p.m.•1 views

CVE-2026-33139 PySpector: Plugin Sandbox Bypass leads to Arbitrary Code Execution

8.3CVSS5.9AI score0.00039EPSS

Exploits1References1

Cvelist•added 2026/03/20 7:59 p.m.•17 views

CVE-2026-33139 PySpector: Plugin Sandbox Bypass leads to Arbitrary Code Execution

8.3CVSS0.00039EPSS

Exploits1References1

ATTACKERKB•added 2026/03/20 7:59 p.m.•5 views

CVE-2026-33139

8.3CVSS5.9AI score0.00039EPSS

Exploits1References2Affected Software1

CNNVD•added 2026/03/20 12:0 a.m.•3 views

PySpector 跨站脚本漏洞

PySpector is a high-performance Python static security analysis framework developed by Tommaso Bona. Versions of PySpector 0.1.6 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from a storage-based cross-site scripting mechanism in the HTML report generator,...

6.1CVSS5.6AI score0.00017EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by