EUVD-2026-34037

A vulnerability was found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The affected element is the function requests.get of the file src/blendermcp/server.py of the component ZIP File Handler. The manipulation of the argument zipfileurl results in server-side request...

CVE-2026-42545 Granian: DoS via WSGI response header panic

Granian is a Rust HTTP server for Python applications. From 0.2.0 to 2.7.4, Granian aborts a worker process if a WSGI application returns an invalid HTTP response header name or value. The WSGI response conversion path uses .unwrap on both the header name and header value constructors, so malform...

Astra Linux – Vulnerability in Pypy, Jython

The documentation XML-RPC server in Python, from versions 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4, has XSS vulnerabilities due to the servertitle field. This issue occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If the setservertitle function ...

PT-2026-26217

Name of the Vulnerable Software and Affected Versions NLTK versions 3.9.3 and prior Description NLTK Natural Language Toolkit contains a reflected cross-site scripting XSS issue in the lookup ... route of nltk.app.wordnet app. A crafted lookup URL can inject arbitrary HTML/JavaScript into the...

[SECURITY] Fedora 43 Update: python-socketio-5.14.2-1.fc43

Socket.IO is a transport protocol that enables real-time bidirectional event-based communication between clients typically, though not always, web browsers and a server. The official implementations of the client and server components are written in JavaScript. This package provides Python...

EUVD-2008-0989

Malware in sbrugna...

EUVD-2008-0987

Malware in sbrugna...

EUVD-2025-7124

Malicious code in bioql PyPI...

Exploit for Path Traversal in Citrix Application_Delivery_Controller_Firmware

PoC exploit for CVE-2019-19781, a vulnerability in Citrix Application Delivery Controller ADC and Gateway. The repository, CitrixHoneypot, is a honeypot designed to detect and log scan and exploitation attempts for this vulnerability. The tool is written in Python and uses the http.server module ...

Denial Of Service (DoS)

litellm is vulnerable to Denial of Service DoS. The vulnerability is due to the use of ast.literaleval to parse user input, allowing an attacker to send specially crafted input that crashes the litellm Python server...

Exploit for Cross-site Scripting in Warfareplugins Social_Warfare

CVE-2019-9978 - Social Warfare WordPress Plugin RCE system'ca...

CVE-2024-10188

A vulnerability in BerriAI/litellm, as of commit 26c03c9, allows unauthenticated users to cause a Denial of Service DoS by exploiting the use of ast.literaleval to parse user input. This function is not safe and is prone to DoS attacks, which can crash the litellm Python server...

CVE-2024-10955

A Regular Expression Denial of Service ReDoS vulnerability exists in gaizhenbiao/chuanhuchatgpt, as of commit 20b2e02. The server uses the regex pattern r'+' to parse user input. In Python's default regex engine, this pattern can take polynomial time to match certain crafted inputs. An attacker c...

CVE-2024-10188

A vulnerability in BerriAI/litellm, as of commit 26c03c9, allows unauthenticated users to cause a Denial of Service DoS by exploiting the use of ast.literaleval to parse user input. This function is not safe and is prone to DoS attacks, which can crash the litellm Python server...

waitress: Waitress has a denial of service leading to high CPU usage/resource exhaustion

A flaw was found in the Waitress WSGI server for Python. When a remote client closes the connection before waitress has had the opportunity to call getpeername, waitress will incorrectly clean up the connection, leading to the main thread attempting to write to a socket that no longer exists, and...

waitress: Waitress has a denial of service leading to high CPU usage/resource exhaustion

A flaw was found in the Waitress WSGI server for Python. When a remote client closes the connection before waitress has had the opportunity to call getpeername, waitress will incorrectly clean up the connection, leading to the main thread attempting to write to a socket that no longer exists, and...

waitress: Waitress has a denial of service leading to high CPU usage/resource exhaustion

A flaw was found in the Waitress WSGI server for Python. When a remote client closes the connection before waitress has had the opportunity to call getpeername, waitress will incorrectly clean up the connection, leading to the main thread attempting to write to a socket that no longer exists, and...

Exploit for Code Injection in Vmware Spring_Framework

Project Spring4Shell CVE-2022-22965 Blocker Firewall Se...

Exploit for Out-of-bounds Write in Haxx Libcurl

It is an offensive tool for web exploitation. This repository co...

AZL-10618 CVE-2021-28861 affecting package python3 for versions less than 3.9.19-1

Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple / at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states...