CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

807 matches found

UbuntuCve•added 2026/04/17 12:0 a.m.•4 views

CVE-2026-40260

pypdf is a free and open-source pure-python PDF library. In versions prior to 6.10.0, manipulated XMP metadata entity declarations can exhaust RAM. An attacker who exploits this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP metadata. This issue has...

6.9CVSS5.8AI score0.00423EPSS

Exploits0References3

Redos•added 2026/04/17 12:0 a.m.•7 views

ROS-20260417-73-0014

Vulnerability in python-PyPDF2 related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

6.9CVSS5.8AI score0.00168EPSS

Exploits0

vulnersOsv•added 2026/04/16 9:30 p.m.•1 views

3m (>=0.1.0 <=0.1.3), a2d-diary (>=0.1.0 <=0.1.5) +1779 more potentially affected by CVE-2026-41313 via pypdf2 (>=1.24.0 <=3.0.1)

pypdf2 PYPI version =1.24.0, =0.1.0, =0.1.0, =1.1.0, =0.0.0.1, =0.0.1, =0.0.0.1, =0.0.0.1, =0.0.0.1, =0.0.0.1, =0.0.0.2, =0.0.0.1, =0.0.0.1, =0.0.0.1, =0.0.0.1, =0.0.0.1, =0.0.0.1038 and more Source cves: CVE-2026-41313 Source advisory: SNYK:PYTHON-PYPDF2-16097904...

6.5CVSS5.4AI score0.00214EPSS

Exploits0

vulnersOsv•added 2026/04/16 9:16 p.m.•3 views

adoc (>=0.1.0 <=0.1.5), adr (>=0.4.0 <=0.4.1) +231 more potentially affected by CVE-2026-41205 via mako (>=1.0.1 <=1.3.10)

mako PYPI version =1.0.1, =0.1.0, =0.4.0, =0.1.0, =1.0.4, =0.0.1, =0.7.0, =1.0.1, =0.1.2, =0.1.0, =0.3.24, =0.1.0, =0.1.1, =0.1.6 and more Source cves: CVE-2026-41205 Source advisory: SNYK:PYTHON-MAKO-16098253...

8.7CVSS5.4AI score0.00361EPSS

Exploits0

Fedora•added 2026/04/16 12:56 a.m.•6 views

[SECURITY] Fedora 43 Update: python-cairosvg-2.9.0-1.fc43

CairoSVG is a SVG 1.1 to PNG, PDF, PS and SVG converter which can also be used as a Python library...

7.5CVSS5.8AI score0.0049EPSS

Exploits2

vulnersOsv•added 2026/04/16 12:29 a.m.•4 views

aws-credential-process (=0.20.0), aws-session-daemon (>=0.1.0 <=0.6.0) +2 more potentially affected by CVE-2026-40947 via yubikey-manager (>=5.0.0 <=5.1.1)

yubikey-manager PYPI version =5.0.0, =0.1.0, =1.0.0, =1.6.6 Source cves: CVE-2026-40947 Source advisory: SNYK:PYTHON-YUBIKEYMANAGER-16325204...

2.9CVSS5.8AI score0.00131EPSS

Exploits0

OSV•added 2026/04/14 9:55 p.m.•3 views

MAL-2026-2671 Malicious code in kryptex-os (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 034201cad27492b279f5c274a5091b2e617da50f27125c7774db069256b3486e Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...

6AI score

Exploits0References1

vulnersOsv•added 2026/04/10 7:20 p.m.•8 views

article-extractor (=0.5.8), nscraper (>=0.1.0 <=0.1.5) potentially affected by unknown CVE via justhtml (>=1.13.0 <=1.14.0)

justhtml PYPI version =1.13.0, =0.1.0, =0.1.5 Source cves: unknown CVE Source advisory: SNYK:PYTHON-JUSTHTML-16032358...

5.8AI score

Exploits0

vulnersOsv•added 2026/04/10 5:8 p.m.•3 views

adversarial-attacks-white-black-box (=0.1.7), datagenkit (=0.1.1) +37 more potentially affected by CVE-2026-40086 via rembg (>=2.0.57 <=2.0.69)

rembg PYPI version =2.0.57, =0.0.3, =1.0.0, =1.9.2, =5.1.6, =2.12.0, =1.0.0, =0.1.0, =1.0.3, =0.0.7, =2.0.0, =1.0.0, =1.0.0, =1.0.4 and more Source cves: CVE-2026-40086 Source advisory: SNYK:PYTHON-REMBG-15969263...

5.3CVSS5.8AI score0.00592EPSS

Exploits1

Tenable Nessus•added 2026/04/10 12:0 a.m.•4 views

Unity Linux 20.1070e Security Update: python-ldap (UTSA-2026-007085)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007085 advisory. python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, ldap.dn.escapednchars escapes \x00 incorrectly by...

6.9CVSS6AI score0.00418EPSS

Exploits1References4

OPENSUSE Linux•added 2026/04/09 12:0 a.m.•4 views

python311-lupa-2.7-1.1 on GA media (moderate)

python311-lupa-2.7-1.1 on GA media Announcement ID: openSUSE-SU-2026:10507-1 Rating: moderate Cross-References: CVE-2026-34444 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

10CVSS5.9AI score0.00515EPSS

Exploits1

vulnersOsv•added 2026/04/08 12:4 a.m.•2 views

01os (>=0.0.1 <=0.0.14), 0xpwn (=0.1.1) +734 more potentially affected by unknown CVE via litellm (>=1.0.0 <=1.82.6)

litellm PYPI version =1.0.0, =0.0.1, =0.0.1a0, =0.3.5, =0.7.3, =0.1.0, =0.4.0, =0.8.1, =0.1.0, =0.1.39, =0.2.1, =0.2.1.10102025 - agent-memory-server =0.15.0 - agent-opt =0.0.1 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-LITELLM-15928842...

5.5AI score

Exploits0

vulnersOsv•added 2026/04/06 6:16 p.m.•3 views

ai-dynamo (=0.1.0), bento2seldon (>=0.1.0 <=0.4.0) +16 more potentially affected by CVE-2026-35043 via bentoml (>=0.10.1 <=1.4.3)

bentoml PYPI version =0.10.1, =0.1.0, =0.1.0, =0.0.10, =0.0.5, =0.3.12, =0.0.1, =1.0.3, =0.0.10, =0.0.1, =0.0.1, =0.0.13 and more Source cves: CVE-2026-35043 Source advisory: OSV:PYSEC-2026-158...

7.8CVSS5.8AI score0.00315EPSS

Exploits1

Veracode•added 2026/04/04 5:35 a.m.•6 views

Claude SDK For Python: Memory Tool Path Validation Race Condition Allows Sandbox Escape

The async local filesystem memory tool in the Anthropic Python SDK validated that model-supplied paths resolved inside the sandboxed memory directory, but then returned the unresolved path for subsequent file operations. A local attacker able to write to the memory directory could retarget a...

5.8CVSS5.8AI score0.00138EPSS

Exploits0Affected Software1

vulnersOsv•added 2026/04/03 9:59 p.m.•4 views

0xpwn (=0.1.1), a2a-acl (=0.0.14) +160 more potentially affected by CVE-2026-35030 via litellm (>=1.80.9 <=1.82.6)

litellm PYPI version =1.80.9, =0.0.1a0, =0.7.3, =0.1.46, =0.0.1, =0.1.14.13, =0.5.2, =0.1.0, =0.10.0, =2.0.0, =2.0.0, =2.0.1 - browser-use =0.12.4 and more Source cves: CVE-2026-35030 Source advisory: SNYK:PYTHON-LITELLM-15907831...

9.4CVSS5.4AI score0.00395EPSS

Exploits1

vulnersOsv•added 2026/04/03 9:59 p.m.•3 views

01os (>=0.0.1 <=0.0.14), 0xpwn (=0.1.1) +734 more potentially affected by CVE-2026-35029 via litellm (>=1.0.0 <=1.82.6)

litellm PYPI version =1.0.0, =0.0.1, =0.0.1a0, =0.3.5, =0.7.3, =0.1.0, =0.4.0, =0.8.1, =0.1.0, =0.1.39, =0.2.1, =0.2.1.10102025 - agent-memory-server =0.15.0 - agent-opt =0.0.1 and more Source cves: CVE-2026-35029 Source advisory: SNYK:PYTHON-LITELLM-15907616...

8.8CVSS5.4AI score0.27194EPSS

Exploits2

OSV•added 2026/04/03 1:37 p.m.•4 views

CLSA-2026-1775222005 python: Fix of CVE-2025-15367

CVE-2025-15367: reject control characters in POP3 commands to prevent command injection via newlines...

5.9CVSS7.1AI score0.00315EPSS

Exploits0References1

vulnersOsv•added 2026/04/01 9:48 p.m.•2 views

a-mailx (=0.1.0), a2a-acl (=0.0.15) +1217 more potentially affected by CVE-2026-34519 via aiohttp (>=3.0.0b0 <=3.13.3)

aiohttp PYPI version =3.0.0b0, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =72.0.0 and more Source cves: CVE-2026-34519 Source advisory: SNYK:PYTHON-AIOHTTP-15873731...

6.9CVSS5.4AI score0.00292EPSS

Exploits0

OSV•added 2026/04/01 9:17 p.m.•2 views

GHSA-W828-4QHX-VXX3 Claude SDK for Python: Memory Tool Path Validation Race Condition Allows Sandbox Escape

5.8CVSS5.9AI score0.00138EPSS

Exploits0References5

OSV•added 2026/04/01 9:15 p.m.•2 views

GHSA-Q5F5-3GJM-7MFM Claude SDK for Python has Insecure Default File Permissions in Local Filesystem Memory Tool

The local filesystem memory tool in the Anthropic Python SDK created memory files with mode 0o666, leaving them world-readable on systems with a standard umask and world-writable in environments with a permissive umask such as many Docker base images. A local attacker on a shared host could read...

4.8CVSS5.9AI score0.00122EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by