Astra Linux - уязвимость в python-django

A issue was discovered in Django 5.0, prior to versions 5.0.7 and 4.2, prior to version 4.2.14. The derived classes of the django.core.files.storage.Storage base class, when they override generatefilename without replicating the file-path validations from the parent class, may allow directory...

pentest-automation-framework

pentest-automation-framework Built this to speed up structure...

pentestfr

Pentest Framework — Kali Linux / VirtualBox Framework Python...

UBUNTU-CVE-2026-34516

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, a response with an excessive number of multipart headers may be allowed to use more memory than intended, potentially allowing a DoS vulnerability. This issue has been patched in version 3.13....

CVE-2026-34525 AIOHTTP: Duplicate Host header accepted

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host headers were allowed in aiohttp. This issue has been patched in version 3.13.4...

Amazon Linux 2023 : python3-tornado (ALAS2023-2026-1502)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1502 advisory. Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the maxbodysize setting...

CVE-2025-66469

NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to Reflected XSS through its ui.addcss, ui.addscss, and ui.addsass functions. The functions lack proper sanitization or encoding for the JavaScript context they generate. An attacker can break out of the intended or...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service [CVE-2025-54121]

Summary Python module starlette is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service. This bulletin provides patch information to address the reported...

Aether - Adaptive Exploit and Threat Hunting Engine for EVM-based Repositories

Aether is a Python-based framework for analyzing Solidity smart contracts, generating vulnerability findings, producing Foundry-based proof-of-concept PoC tests, and optionally validating those tests on mainnet forks. It combines static analysis, prompt-driven LLM analysis, and AI-ensemble...

offensive-toolkit

Offensive Security Toolkit A comprehensive, modular Python fr...

EUVD-2024-2360

Malicious code in bioql PyPI...

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses AIOHTTP asynchronous Python parser which is vulnerable to CVE-2025-53643.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses AIOHTTP asynchronous Python parser which is vulnerable to CVE-2025-53643. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-53643 DESCRIPTION: AIOHT...

mitmf

This is a Python-based framework for Man-In-The-Middle MITM attacks, called MITMf. It is designed to provide a one-stop-shop for various network attacks and techniques. The framework contains a built-in SMB, HTTP, and DNS server that can be controlled and used by various plugins. It also includes...

isf

This is a Python-based exploitation framework called ISF Industrial Exploitation Framework that is similar to Metasploit. It is designed for industrial control system ICS exploitation and is used for testing and demonstrating vulnerabilities in ICS devices. The framework is based on the open-sour...

CVE-2025-54121 Starlette has possible denial-of-service vector when parsing large files in multipart forms

Starlette is a lightweight ASGI Asynchronous Server Gateway Interface framework/toolkit, designed for building async web services in Python. In versions 0.47.1 and below, when parsing a multi-part form with large files greater than the default max spool size starlette will block the main thread t...

Mobius Forensic Toolkit 2.16

Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools...

[SECURITY] Fedora 41 Update: python-django4.2-4.2.22-1.fc41

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

CVE-2025-46725

Langroid is a Python framework to build large language model LLM-powered applications. Prior to version 0.53.15, LanceDocChatAgent uses pandas eval through computefromdocs. As a result, an attacker may be able to make the agent run malicious commands through QueryPlan.dataframecalc compromising t...

CVE-2025-46725 Langroid has a Code Injection vulnerability in LanceDocChatAgent through vector_store

Langroid is a Python framework to build large language model LLM-powered applications. Prior to version 0.53.15, LanceDocChatAgent uses pandas eval through computefromdocs. As a result, an attacker may be able to make the agent run malicious commands through QueryPlan.dataframecalc compromising t...

CVE-2025-46724 Langroid has a Code Injection vulnerability in TableChatAgent

Langroid is a Python framework to build large language model LLM-powered applications. Prior to version 0.53.15, TableChatAgent uses pandas eval. If fed by untrusted user input, like the case of a public-facing LLM application, it may be vulnerable to code injection. Langroid 0.53.15 sanitizes...