CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

PyPA•added 2023/10/19 10:15 p.m.•4 views

PYSEC-2023-213

Inadequate encryption strength in mycli 1.27.0 allows attackers to view sensitive information via /mycli/config.py...

7.5CVSS6.6AI score0.00074EPSS

Exploits1References2Affected Software1

UbuntuCve•added 2023/10/19 10:15 p.m.•12 views

CVE-2023-44690

Inadequate encryption strength in mycli 1.27.0 allows attackers to view sensitive information via /mycli/config.py...

7.5CVSS7.1AI score0.00074EPSS

Exploits1References2

Veracode•added 2022/11/17 11:2 a.m.•13 views

Authentication Bypass

rdiffweb is vulnerable to authentication bypass. The vulnerability exits in config.py, because the application does not ask for 2FA during the user email change, allowing a local attacker to turn of 2FA on an account...

4.3CVSS5AI score0.00422EPSS

Exploits1References4Affected Software1

NVD•added 2021/08/27 7:15 p.m.•10 views

CVE-2020-19001

Command Injection in Simiki v1.6.2.1 and prior allows remote attackers to execute arbitrary system commands via line 64 of the component 'simiki/blob/master/simiki/config.py'...

10CVSS0.07465EPSS

Exploits1References2

OSV•added 2021/08/27 7:15 p.m.•9 views

CVE-2020-19001

Command Injection in Simiki v1.6.2.1 and prior allows remote attackers to execute arbitrary system commands via line 64 of the component 'simiki/blob/master/simiki/config.py'...

9.8CVSS10AI score

Exploits0References2

Prion•added 2021/08/27 7:15 p.m.•9 views

Command injection

Command Injection in Simiki v1.6.2.1 and prior allows remote attackers to execute arbitrary system commands via line 64 of the component 'simiki/blob/master/simiki/config.py'...

10CVSS10AI score0.07465EPSS

Exploits1References2Affected Software1

GithubExploit•added 2021/05/02 3:57 a.m.•113 views

Exploit for Cross-Site Request Forgery (CSRF) in Anchorcms Anchor_Cms

CVE-2020-23342 Note: When pulling this...

8.8CVSS7.3AI score0.09213EPSS

Exploits4

Github Security Blog•added 2018/07/18 6:28 p.m.•20 views

Unsafe deserialization in confire

An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from "/.confire.yaml" using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command execution. An...

9.8CVSS9.4AI score0.01919EPSS

Exploits1References6Affected Software1

Prion•added 2017/11/10 9:29 a.m.•13 views

Input validation

7.5CVSS9.8AI score0.01919EPSS

Exploits1References3Affected Software1

OSV•added 2017/11/10 9:29 a.m.•7 views

CVE-2017-16763

9.8CVSS9.8AI score0.01919EPSS

Exploits1References3

CVE•added 2017/11/10 9:0 a.m.•70 views

CVE-2017-16763

The CVE-2017-16763 entry covers Confire 0.2.0: YAML parsing in config.py loads user config from ~/.confire.yaml using yaml.load, enabling arbitrary Python execution and command execution on the host. This is a YAML deserialization issue that can be triggered by injected YAML. The connected docume...

9.8CVSS9.7AI score0.01919EPSS

Exploits1References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by