CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/05/04 12:0 a.m.•5 views

PPTAgent 安全漏洞

PPTAgent is an open-source intelligent presentation generation tool based on large models developed by ICIP-CAS. Previous versions of PPTAgent 418491a contained security vulnerabilities. These vulnerabilities stemmed from issues with the Python eval function when executing code generated by LLM,...

8.6CVSS6.1AI score0.00027EPSS

Tenable Nessus•added 2026/05/04 12:0 a.m.•6 views

RHCOS 9 : OpenShift Container Platform 4.13.54 (RHSA-2024:10815)

The remote Red Hat Enterprise Linux CoreOS 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:10815 advisory. - waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request CVE-2024-49768 -...

9.1CVSS5.8AI score0.01524EPSS

Exploits0References6

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux - уязвимость в python-urllib3

urllib3 is a user-friendly HTTP client library for Python. Prior to version 2.5.0, it was possible to disable redirections for all requests by instantiating a PoolManager and specifying retries in a way that disables redirections. By default, requests and botocore users are not affected. An...

6.1CVSS6.5AI score0.00079EPSS

Exploits1References2

AstraLinux•added 2026/05/03 11:59 p.m.•6 views

Astra Linux - уязвимость в python-py

A denial of service attack via regular expressions in the py.path.svnwc component of py also known as python-py in versions up to 1.9.0 could be exploited by attackers to trigger a compute-time denial of service attack by providing malicious input to the blame functionality...

7.5CVSS6.8AI score0.00781EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux - уязвимость в python-babel

In Babel.Locale before version 2.9.1, attackers could load arbitrary locale .dat files containing serialized Python objects through directory traversal, resulting in code execution...

7.8CVSS7.2AI score0.00169EPSS

Exploits1References2

AstraLinux•added 2026/05/03 11:59 p.m.•6 views

Astra Linux - уязвимость в python-django

A issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The methods django.utils.text.Truncator.chars and Truncator.words with html=True, along with the truncatecharshtml and truncatewordshtml template filters, allow a remote attacker to cause a potential...

7.5CVSS7.1AI score0.00079EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•7 views

Astra Linux - уязвимость в python-urllib3

In urllib3 before version 1.24.2, the authorization HTTP header is not removed when following a cross-origin redirect i.e., a redirect that differs in host, port, or scheme. This can allow credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE:...

6.1CVSS6.8AI score0.00223EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux - уязвимость в python3.7, python2.7

A issue was discovered in Python before version 3.11.1. An unnecessary quadratic algorithm exists in one path when processing certain inputs to the IDNA RFC 3490 decoder. This can lead to an excessive CPU usage when a maliciously crafted, unreasonably long hostname is provided to the decoder...

7.5CVSS6.9AI score0.0013EPSS

Exploits1References2

GithubExploit•added 2026/05/03 10:44 p.m.•55 views

pentest-automation-framework

pentest-automation-framework Built this to speed up structure...

5.8AI score

Exploits0

OSSF Malicious Packages•added 2026/05/03 9:26 p.m.•8 views

Malicious code in gauth-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 aea1fab5eb3b9422c65232e53e79eb71ba3436355601cd61e7a7b0177779df4e Package impersonates Google and attempts to exfiltrate various credential files. It also setups PTH file for automated start during Python initialization. In t...

5.8AI score

OSV•added 2026/05/03 9:26 p.m.•2 views

MAL-2026-3252 Malicious code in gauth-client (PyPI)

5.8AI score

OSV•added 2026/05/03 8:58 p.m.•4 views

MAL-2026-3251 Malicious code in puan31 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 27d04731b8fc3968b624ec2435d48b09d1afffb46fefb44745c2c8ff31bf4855 During import, package automatically starts a connection to a C2 server, exfiltrates information about the host and data like the browser's history and sensiti...

OSSF Malicious Packages•added 2026/05/03 8:23 p.m.•5 views

Malicious code in rostilesolver (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 eef0922e5bb8ba3371baad4b76542215ff15e445a9d6ed6fb5546230fe5da4df During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

OSV•added 2026/05/03 8:23 p.m.•2 views

Exploits0References9

MAL-2026-3250 Malicious code in rostilesolver (PyPI)

OSSF Malicious Packages•added 2026/05/03 12:20 p.m.•5 views

Exploits0References9

Malicious code in puan4 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6be2e7028440f68ad3621664d195d72288e6a1d8658f16a421f3ec52d63d6f7a During import, package automatically starts a connection to a C2 server, exfiltrates information about the host and data like sensitive files and browsers' dat...