CVE-2025-26411

An authenticated attacker is able to use the Plugin Manager of the web interface of the Wattsense Bridge devices to upload malicious Python files to the device. This enables an attacker to gain remote root access to the device. An attacker needs a valid user account on the Wattsense web interface...

CVE-2025-26411

An authenticated attacker is able to use the Plugin Manager of the web interface of the Wattsense Bridge devices to upload malicious Python files to the device. This enables an attacker to gain remote root access to the device. An attacker needs a valid user account on the Wattsense web...

PT-2025-6175 · Wattsense · Wattsense Bridge

Name of the Vulnerable Software and Affected Versions: Wattsense Bridge versions prior to 6.1.0 Description: An authenticated attacker can use the Plugin Manager of the web interface to upload malicious Python files, enabling remote root access to the device. The attacker needs a valid user accou...

SUSE CVE-2024-50636

PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of arbitrary Python code embedded within .PYM files. Attackers can craft a malicious .PYM file containing a Python reverse shell payload and exploit the function to achieve Remote Command Execution RCE...

CVE-2024-50636

PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of arbitrary Python code embedded within .PYM files. Attackers can craft a malicious .PYM file containing a Python reverse shell payload and exploit the function to achieve Remote Command Execution RCE...

Security update for python3

This update for python3 fixes the following issues: CVE-2024-9287: Fixed quoted path names provided when creating a virtual environment bsc1232241. Bug fixes: Drop .pyc files from docdir for reproducible builds bsc1230906. Patch Instructions: To install this SUSE update use the SUSE recommended...

CVE-2024-27173

Remote Command program allows an attacker to get Remote Code Execution by overwriting existing Python files containing executable code. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is...

CVE-2024-27173

Toshiba e-STUDIO multi-function printers are affected by CVE-2024-27173 in the Remote Command program, enabling remote code execution by overwriting Python executables. Root cause involves execution of code via uploaded/modified Python files, with impact to confidentiality, integrity, and availab...

CVE-2024-27173 insecure upload

Remote Command program allows an attacker to get Remote Code Execution by overwriting existing Python files containing executable code. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is...

CVE-2024-27173 insecure upload

Remote Command program allows an attacker to get Remote Code Execution by overwriting existing Python files containing executable code. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is...

PT-2024-21705 · Toshiba Tec · Toshiba Tec E-Studio Multi-Function Peripheral +35

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A remote attacker can exploit the insecure upload functionality to overwrite any Python file, resulting in Remote Code Execution. Recommendations: At th...

PT-2024-21707

Name of the Vulnerable Software and Affected Versions Toshiba Tec Remote Command program affected versions not specified Description The issue allows an attacker to achieve Remote Code Execution by overwriting existing Python files that contain executable code. This can be difficult to execute...

CVE-2024-5278

gaizhenbiao/chuanhuchatgpt is vulnerable to an unrestricted file upload vulnerability due to insufficient validation of uploaded file types in its /upload endpoint. Specifically, the handlefileupload function does not sanitize or validate the file extension or content type of uploaded files,...

CVE-2024-5278

CVE-2024-5278 affects gaizhenbiao/chuanhuchatgpt. A vulnerability in the /upload endpoint allows unrestricted file uploads because handle_file_upload does not sanitize or validate file extensions or content types, enabling upload of HTML or Python files. This can lead to stored XSS and potentiall...

PT-2022-23136 · Rizin · Rizin

Name of the Vulnerable Software and Affected Versions: Rizin versions 0.4.0 and prior Description: Rizin is a UNIX-like reverse engineering framework and command-line toolset. The issue arises from an out-of-bounds write when getting data from PYC python files. A user opening a malicious PYC file...

Aura - Python Source Code Auditing And Static Analysis On A Large Scale

Source code auditing and static code analysis Aura is a static analysis framework developed as a response to the ever-increasing threat of malicious packages and vulnerable code published on PyPI. Project goals: provide an automated monitoring system over uploaded packages to PyPI, alert on...

Design/Logic Flaw

An attacker may be able to execute malicious actions due to the lack of device access protections and device permissions when using the web application. This could lead to uploading python files which can be later executed...

CVE-2022-2634 Digi ConnectPort X2D

An attacker may be able to execute malicious actions due to the lack of device access protections and device permissions when using the web application. This could lead to uploading python files which can be later executed...

CVE-2022-2634

The CVE-2022-2634 entry maps to Digi ConnectPort X2D Gateway vulnerabilities where the web application lacks device access protections and permissions, allowing an attacker to upload Python files that can be executed. Concrete details from connected sources indicate affected products are Digi Con...

Liberapay: Full Path disclosure on 500 error

On manipulating cookie + parameter: gitHub 500 error returned with path disclosing of Python Files. Error Below: Traceback most recent call last: File "/opt/python/run/venv/local/lib/python3.6/site-packages/statechain.py", line 328, in loop newstate = functiondeps.askwargs File...