CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Web2py versions 2.14.5 and below was affected by Local File Inclusion vulnerability, which allows a malicious intended user to read/access web server sensitive...

7.5CVSS7.4AI score0.10077EPSS

Exploits5References2

Tenable Nessus•added 2025/09/10 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2023-22432

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Open redirect vulnerability exists in web2py versions prior to 2.23.1. When using the tool, a web2py user may be redirected to an arbitrary website by accessing...

6.1CVSS5.7AI score0.02382EPSS

Exploits1References2

Tenable Nessus•added 2025/09/10 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2022-33146

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Open redirect vulnerability in web2py versions prior to 2.22.5 allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attac...

6.1CVSS5.7AI score0.01211EPSS

Exploits1References2

Tenable Nessus•added 2025/09/10 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2023-45158

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An OS command injection vulnerability exists in web2py 2.24.1 and earlier. When the product is configured to use notifySendHandler for logging not the default...

9.8CVSS8.3AI score0.03689EPSS

Exploits0References2

Tenable Nessus•added 2025/09/10 12:0 a.m.•1 views

Linux Distros Unpatched Vulnerability : CVE-2016-4807

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an attacker to perform an XSS attack on logged in user admin...

4.8CVSS5.6AI score0.0228EPSS

Exploits5References2

RedhatCVE•added 2025/05/23 3:15 a.m.•2 views

CVE-2023-22432

Open redirect vulnerability exists in web2py versions prior to 2.23.1. When using the tool, a web2py user may be redirected to an arbitrary website by accessing a specially crafted URL. As a result, the user may become a victim of a phishing attack...

6.1CVSS6.8AI score0.02382EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 1:10 a.m.•5 views

CVE-2022-33146

Open redirect vulnerability in web2py versions prior to 2.22.5 allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL...

6.1CVSS6.7AI score0.01211EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 11:17 a.m.•3 views

CVE-2013-2311

Cross-site scripting XSS vulnerability in static/js/share.js aka the social bookmarking widget in Web2py before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.9AI score0.0118EPSS

Exploits0References1

BDU FSTEC•added 2023/12/15 12:0 a.m.•1 views

The vulnerability of the web application development framework web2py arises from the lack of measures taken to eliminate special elements used in the operating system’s command line. This allows attackers to execute arbitrary commands.

The vulnerability of the web2py web application development framework exists due to the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

10CVSS8AI score0.03689EPSS

Exploits0References6Affected Software1

OSV•added 2023/10/16 8:15 a.m.•19 views

CVE-2023-45158

An OS command injection vulnerability exists in web2py 2.24.1 and earlier. When the product is configured to use notifySendHandler for logging not the default configuration, a crafted web request may execute an arbitrary OS command on the web server using the product...

9.8CVSS7.9AI score

Exploits0References4