AZL-76496 CVE-2026-1703 affecting package python-virtualenv 20.26.6-2

When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical situations...

CVE-2026-1703

CVE-2026-1703 describes a path traversal in wheel extraction during pip install. When parsing a malicious wheel, files may be extracted outside the installation directory, but the traversal is limited to prefixes of the installation directory and is not able to inject/overwrite executable files i...

Linux Distros Unpatched Vulnerability : CVE-2018-20225

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in pip all versions because it installs the version with the highest version number, even if the user had intended to obtain a private...

Picklescan Allows Remote Code Execution via Malicious Pickle File Bypassing Static Analysis

CVE-2025-1716 Summary An unsafe deserialization vulnerability in Python’s pickle module allows an attacker to bypass static analysis tools like Picklescan and execute arbitrary code during deserialization. This can be exploited to run pip install and fetch a malicious package, enabling remote cod...

ComfyUI-Manager 安全漏洞

ComfyUI-Manager is an extension from the individual developer of Dr. Lt. Data designed to enhance the usability of ComfyUI. A security vulnerability exists in ComfyUI-Manager that stems from a lack of validation of the pip field, allowing an attacker to craft a request to trigger a pip installati...

Bbot - OSINT Automation For Hackers

BEE·bot OSINT automation for hackers. BBOT is a recursive , modular OSINT framework written in Python. It is capable of executing the entire OSINT process in a single command, including subdomain enumeration, port scanning, web screenshots with its gowitness module, vulnerability scanning with...

jwtXploiter - A Tool To Test Security Of Json Web Token

A tool to test security of JSON Web Tokens. Test a JWT against all known CVEs; Tamper with the token payload: changes claims and subclaims values. Exploit known vulnerable header claims kid, jku, x5u Verify a token Retrieve the public key of your target's ssl connection and try to use it in a key...

PYSEC-2021-43

Products.GenericSetup is a mini-framework for expressing the configured state of a Zope Site as a set of filesystem artifacts. In Products.GenericSetup before version 2.1.1 there is an information disclosure vulnerability - anonymous visitors may view log and snapshot files generated by the Gener...

PYSEC-2021-44

Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthService before version 2.6.0 there is an information disclosure vulnerability - everyone can list the names of roles defined in the ZODB Role Manager plugin if the site uses this...

ApkLeaks - Scanning APK File For URIs, Endpoints And Secrets

Scanning APK file for URIs, endpoints & secrets. Installation To install apkLeaks , simply: $ git clone https://github.com/dwisiswant0/apkleaks $ cd apkleaks/ $ pip install -r requirements.txt Or download at release tab. Dependencies This package works in Python2 not Python3. Install global...

Pocsuite

This repository is an offensive tool for penetration testing and vulnerability assessment. It is an open-sourced remote vulnerability testing and proof-of-concept development framework developed by the Knownsec Security Team. The primary purpose of this tool is to assist penetration testers and...

Lk Scraper - An Fully Configurable Linkedin Scrape (Scrape Anything Within Linkedin)

Scrapes Any Linkedin Data Installation $ pip install git+git://github.com/jqueguiner/lkscraper Setup Using Docker compose $ docker-compose up -d $ docker-compose run lkscraper python3 Using Docker only forselenium server First, you need to run a selenium server $ docker run -d -p 4444:4444...

Btlejack - Bluetooth Low Energy Swiss-army Knife

Btlejack provides everything you need to sniff, jam and hijack Bluetooth Low Energy devices. It relies on one or more BBC Micro:Bit. devices running a dedicated firmware. You may also want to use an Adafruit's Bluefruit LE sniffer or a nRF51822 Eval Kit, as we added support for these devices...

Bluto - DNS Recon, DNS Zone Transfer, and Email Enumeration

BLUTO DNS recon | Brute forcer | DNS Zone Transfer | Email Enumeration The target domain is queried for MX and NS records. Sub-domains are passively gathered via NetCraft. The target domain NS records are each queried for potential Zone Transfers. If none of them gives up their spinach, Bluto wil...

InstaRecon - Automated Digital Reconnaissance

Automated basic digital reconnaissance. Great for getting an initial footprint of your targets and discovering additional subdomains. InstaRecon will do: DNS direct, PTR, MX, NS lookups Whois domains and IP lookups Google dorks in search of subdomains Shodan lookups Reverse DNS lookups on entire...

MGASA-2013-0250 Updated python packages fix CVE-2013-4238 and pip

Updated python packages fix security vulnerability: Ryan Sleevi of the Google Chrome Security Team has discovered that Python's SSL module doesn't handle NULL bytes inside subjectAltNames general names. This could lead to a breach when an application uses ssl.matchhostname to match the hostname...