Lucene search
+L

59092 matches found

Nuclei
Nuclei
added 18 hours ago106 views

Python Flask-Security - Open Redirect

Python Flask-Security contains an open redirect vulnerability. Existing code validates that the URL specified in the next parameter is either relative or has the same network location as the requesting URL. Certain browsers accept and fill in the blanks of possibly incomplete or malformed URLs. A...

6.1CVSS6.6AI score0.03289EPSS
Exploits0References5
Nuclei
Nuclei
added 18 hours ago17 views

dash-uploader 0.1.0 - 0.7.0a2 - Unauthenticated Arbitrary File Write via Path Traversal

fohrloop dash-uploader v0.1.0 through v0.7.0a2 contains a directory traversal vulnerability caused by improper handling in dashuploader/httprequesthandler.py components, letting remote attackers execute arbitrary code, exploit requires no special privileges. id: CVE-2026-38360 info: name:...

9.8CVSS8.7AI score0.05982EPSS
Exploits4References4
Nuclei
Nuclei
added 18 hours ago19 views

Google ADK-Python - Unauthenticated Builder Endpoint

Google Agent Development Kit ADK 1.7.0 through 1.28.1 and 2.0.0a1 through 2.0.0a2 on Python OSS, Cloud Run, and GKE contains a code injection and missing authentication vulnerability, letting unauthenticated remote attackers execute arbitrary code on the server, exploit requires no authentication...

10CVSS6.1AI score0.01816EPSS
Exploits0References1
Nuclei
Nuclei
added 18 hours ago73 views

Mesop AI Sandbox <= 1.2.2 - Remote Code Execution

Mesop = 1.2.2 contains an unrestricted remote code execution caused by unauthenticated ingestion and execution of base64-encoded Python code in the /exec-py endpoint of ai/testing module, letting attackers execute arbitrary commands on the host, exploit requires HTTP access to the server. id:...

9.8CVSS6.7AI score0.05289EPSS
Exploits0References2
Nuclei
Nuclei
added 18 hours ago73 views

Gradio - Absolute Path Traversal

Gradio 6.7 on Windows with Python 3.13+ contains an absolute path traversal caused by incorrect path validation in path joining logic, letting unauthenticated attackers read arbitrary files from the server. id: CVE-2026-28414 info: name: Gradio - Absolute Path Traversal author: 0xAkoko severity:...

7.5CVSS8.5AI score0.03095EPSS
Exploits1References2
Nuclei
Nuclei
added 18 hours ago40 views

Twisted - Open Redirect & XSS

Twisted is an event-based framework for internet applications, supporting Python 3.6+. The Twisted web framework's redirectTo function is vulnerable to reflected XSS if an attacker can control the redirect URL. This template tests for an open redirect and XSS vulnerability in the URL parameter...

6.1CVSS5.4AI score0.01176EPSS
Exploits0References2
Nuclei
Nuclei
added 18 hours ago72 views

Pypiserver <1.2.5 - Carriage Return Line Feed Injection

Pypiserver through 1.2.5 and below is susceptible to carriage return line feed injection. An attacker can set arbitrary HTTP headers and possibly conduct cross-site scripting attacks via a %0d%0a in a URI. id: CVE-2019-6802 info: name: Pypiserver 1.2.5 - Carriage Return Line Feed Injection author...

6.1CVSS6AI score0.03922EPSS
Exploits1References5
Nuclei
Nuclei
added 18 hours ago46 views

Contentful <=2020-05-21 - Cross-Site Scripting

Contentful through 2020-05-21 for Python contains a reflected cross-site scripting vulnerability via the api parameter to the-example-app.py. id: CVE-2020-13258 info: name: Contentful alert...

6.1CVSS5.8AI score0.0249EPSS
Exploits1References4
OPENSUSE Linux
OPENSUSE Linux
added 21 hours ago3 views

Security update for python-weasyprint (moderate)

openSUSE Security Update: Security update for python-weasyprint Announcement ID: openSUSE-SU-2026:0251-1 Rating: moderate References: 1270401 Cross-References: CVE-2026-49452 CVSS scores: CVE-2026-49452 SUSE: 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: openSUSE Backports...

6.5CVSS5.3AI score
Exploits0References1
NVD
NVD
added yesterday9 views

CVE-2026-9147

uproot dynamically generates Python class source code from ROOT TStreamerInfo records in a file and compiles it at runtime. Some file-controlled streamer metadata fields for example, streamer element names are interpolated into the generated Python source without safe quoting via repr or the !r...

8.5CVSS
Exploits0References4
Cvelist
Cvelist
added yesterday30 views

CVE-2026-9147 uproot 5.7.4 and prior Code Injection via TStreamerInfo Metadata

uproot dynamically generates Python class source code from ROOT TStreamerInfo records in a file and compiles it at runtime. Some file-controlled streamer metadata fields for example, streamer element names are interpolated into the generated Python source without safe quoting via repr or the !r...

8.5CVSS
Exploits0References4
CVE
CVE
added yesterday9 views

CVE-2026-9147

CVE-2026-9147 affects uproot 5.7.4 and prior. The issue arises when uproot dynamically generates Python class source code from ROOT TStreamerInfo records and compiles it at runtime. Some file-controlled streamer metadata fields (e.g., streamer element names) are interpolated into the generated Py...

8.5CVSS6.2AI score
Exploits0References4
EUVD
EUVD
added yesterday7 views

EUVD-2026-45374

uproot dynamically generates Python class source code from ROOT TStreamerInfo records in a file and compiles it at runtime. Some file-controlled streamer metadata fields for example, streamer element names are interpolated into the generated Python source without safe quoting via repr or the !r...

8.5CVSS6.2AI score
Exploits0References4
ATTACKERKB
ATTACKERKB
added yesterday8 views

CVE-2026-9147

uproot dynamically generates Python class source code from ROOT TStreamerInfo records in a file and compiles it at runtime. Some file-controlled streamer metadata fields for example, streamer element names are interpolated into the generated Python source without safe quoting via repr or the !r...

8.5CVSS6.1AI score
Exploits0References5
Nuclei
Nuclei
added yesterday77 views

pyLoad Flask Config - Access Control

pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the SECRETKEY variable. This issue has been patched in version 0.5.0b3.dev77. id: CVE-2024-21644 info: name: pyLoad Flask Config ...

7.5CVSS7.1AI score0.42173EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added yesterday4 views

openSUSE 16 Security Update : python-weasyprint (openSUSE-SU-2026:21364-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:21364-1 advisory. Changes in python-weasyprint: - CVE-2026-49452: CSS Injection via Presentational Hints bsc1270401 Tenable has extracted the preceding description block...

5.4AI score
Exploits0References3
OSV
OSV
added 2 days ago8 views

MAL-2026-10771 Malicious code in trongridme (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e0388d3aee1f1a4d5c6a27ab1c30e0cb6c8b9679708bd8b1cf3f5c5e76624f77 Source: kam193 04117292d543eae5a1d22c78d8a4507cc196c8770c9fb0a09ae2f9a10a8009d4 Package appears to be designed for private key exfiltration, but no known...

5.3AI score
Exploits0References3
Cvelist
Cvelist
added 2 days ago30 views

CVE-2026-14499 Langflow is affected by remote code execution, denial of service, path traversal, and exposed credentials due to multiple unauthenticated and insufficiently authorized API endpoints

IBM Langflow OSS 1.0.0 through 1.10.1 Langflow could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input in the Python Interpreter component...

8.8CVSS0.0043EPSS
Exploits0References1
CVE
CVE
added 2 days ago22 views

CVE-2026-14499

CVE-2026-14499 affects Langflow OSS 1.0.0–1.10.1. An authenticated user could execute arbitrary commands with elevated privileges due to improper validation of user-supplied input in the Python Interpreter component, resulting in OS command injection (CWE-78). IBM’s bulletin assigns CVSS v3.1 bas...

8.8CVSS5.8AI score0.0043EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-45306

IBM Langflow OSS 1.0.0 through 1.10.1 Langflow could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input in the Python Interpreter component...

8.8CVSS5.8AI score0.0043EPSS
Exploits0References1
Rows per page
Query Builder