CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

634 matches found

F5 Networks•added 2026/01/14 4:3 p.m.•12 views

K000159546: Python vulnerability CVE-2024-5642

Security Advisory Description CPython 3.9 and earlier doesn't disallow configuring an empty list "" for SSLContext.setnpnprotocols which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used see CVE-2024-5535 for OpenSSL. This vulnerability is of...

6.5CVSS7.2AI score0.00744EPSS

Exploits0

Tenable Nessus•added 2026/01/14 12:0 a.m.•4 views

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 : Python vulnerability (USN-7951-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7951-1 advisory. It was discovered that Python's http.client did not properly handle the Content-Length header in HTTP response...

7.5CVSS7.3AI score0.01468EPSS

Exploits0References2

Tenable Nessus•added 2026/01/13 12:0 a.m.•5 views

MiracleLinux 9 : python3.9-3.9.21-2.el9 (AXSA:2025-10382:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10382:01 advisory. python: cpython: URL parser allowed square brackets in domain names CVE-2025-0938 Tenable has extracted the preceding description block directly from the...

6.3CVSS6.8AI score0.01437EPSS

Exploits0References2

Tenable Nessus•added 2026/01/13 12:0 a.m.•4 views

MiracleLinux 9 : python3.11-3.11.9-7.el9_5.3 (AXSA:2025-9841:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9841:01 advisory. cpython: python: Uncontrolled CPU resource consumption when in http.cookies module CVE-2024-7592 Tenable has extracted the preceding description block direct...

7.5CVSS6.7AI score0.02303EPSS

Exploits1References2

RedhatCVE•added 2026/01/09 9:52 a.m.•7 views

CVE-2020-10799

The svglib package through 0.9.3 for Python allows XXE attacks via an svg2rlg call...

9.8CVSS6.9AI score0.01448EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:27 a.m.•9 views

CVE-2023-45167

IBM AIX's 7.3 Python implementation could allow a non-privileged local user to exploit a vulnerability to cause a denial of service. IBM X-Force ID: 267965...

6.2CVSS6.2AI score0.00252EPSS

Exploits0References1

RedHat Linux•added 2026/01/06 10:47 a.m.•1 views

cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service

A flaw was found in cpython. This vulnerability allows impacted availability via a quadratic algorithm in xml.dom.minidom methods, such as appendChild, when building excessively nested documents due to a dependency on clearidcache...

6.3CVSS5.8AI score0.00696EPSS

Exploits0References6

Tenable Nessus•added 2026/01/06 12:0 a.m.•5 views

RHEL 8 : python3.12 (RHSA-2026:0123)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0123 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

6.3CVSS6.9AI score0.00696EPSS

Exploits0References7

Tenable Nessus•added 2026/01/05 12:0 a.m.•4 views

Amazon Linux 2 : python3, --advisory ALAS2-2025-3103 (ALAS-2025-3103)

The version of python3 installed on the remote host is prior to 3.7.16-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3103 advisory. When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache th...

6.3CVSS7.1AI score0.00696EPSS

Exploits0References6

Tenable Nessus•added 2025/12/24 12:0 a.m.•2 views

RockyLinux 10 : python3.12 (RLSA-2025:23940)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:23940 advisory. cpython: python: Python zipfile End of Central Directory EOCD Locator record offset not checked CVE-2025-8291 Tenable has extracted the preceding description...

4.3CVSS6.9AI score0.00345EPSS

Exploits0References3

Redos•added 2025/12/23 12:0 a.m.•2 views

ROS-20251223-7324

A vulnerability in the urllib.parse.urlsplit and urlparse functions of the Python programming language interpreter is related to insufficient validation of incoming requests. Exploitation of the vulnerability could allow an attacker acting remotely to affect data integrity...

6.3CVSS6.8AI score0.0067EPSS

Exploits0

Tenable Nessus•added 2025/12/19 12:0 a.m.•2 views

SUSE SLES12 Security Update : python36 (SUSE-SU-2025:4487-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4487-1 advisory. - CVE-2025-6075: quadratic complexity in os.path.expandvars can lead to performance degradation when values passed to it are user-controlled...

5.5CVSS6.7AI score0.00345EPSS

Exploits0References7

RedHat Linux•added 2025/12/18 1:21 p.m.•7 views

python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used

A vulnerability was found in Python/CPython that does not disallow configuring an empty list "" for SSLContext.setnpnprotocols, which is an invalid value for the underlying OpenSSL API. This issue results in a buffer over-read when NPN is used. See CVE -2024-5535 for OpenSSL for more information...

6.5CVSS7.5AI score0.00744EPSS

Exploits0References5

RedHat Linux•added 2025/12/18 1:35 a.m.•5 views

python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used

6.5CVSS7.5AI score0.00744EPSS

Exploits0References5

IBM Security Bulletins•added 2025/12/17 2:16 p.m.•16 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a path traversal in Python [CVE-2025-4517]

Summary IBM Watson Speech Services Cartridge is vulnerable to a path traversal due to an issue in Python that allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". CVE-2025-4517. Python is used in our speech service runtimes. This vulnerabilitiy...

9.4CVSS7.9AI score0.01184EPSS

Exploits11Affected Software1

Tenable Nessus•added 2025/12/12 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2025-67725

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the...

7.5CVSS6.4AI score0.00396EPSS

Exploits0References2

vulnersOsv•added 2025/12/09 2:25 p.m.•1 views

acherion (>=0.2.0 <=0.7.2), aesp (=2025.9.12) +205 more potentially affected by CVE-2025-66645 via nicegui (>=3.0.4 <=3.3.1)

nicegui PYPI version =3.0.4, =0.2.0, =1.0.0, =0.4.0, =0.1.0, =0.2.200, =0.3.0, =0.0.0, =0.4.14, =1.0.0, =0.4.4, =0.4.9 and more Source cves: CVE-2025-66645 Source advisory: SNYK:PYTHON-NICEGUI-14236612...

7.5CVSS5.4AI score0.00963EPSS

Exploits1

OpenVAS•added 2025/12/04 12:0 a.m.•3 views

Python DoS Vulnerability (Dec 2025) - Linux

Python is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

6.3CVSS6.5AI score0.00696EPSS

Exploits0References4