Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

12247 matches found

Packet Storm
Packet Stormadded 2023/04/20 12:0 a.m.339 views

FUXA 1.1.13-1186 Remote Code Execution

Exploit Title: FUXA V.1.1.13-1186- Unauthenticated Remote Code Execution RCE Date: 18/04/2023 Exploit Author: Rodolfo Mariano Vendor Homepage: https://github.com/frangoteam/FUXA Version: FUXA V.1.1.13-1186 current from argparse import RawTextHelpFormatter import argparse, sys, threading, requests...

6.8AI score
Exploits0
0day.today
0day.todayadded 2023/04/20 12:0 a.m.234 views

FUXA V.1.1.13-1186 - Unauthenticated Remote Code Execution Exploit

Exploit Title: FUXA V.1.1.13-1186- Unauthenticated Remote Code Execution RCE Exploit Author: Rodolfo Mariano Vendor Homepage: https://github.com/frangoteam/FUXA Version: FUXA V.1.1.13-1186 current from argparse import RawTextHelpFormatter import argparse, sys, threading, requests def mainrhost,...

7.1AI score
Exploits0
0day.today
0day.todayadded 2023/04/20 12:0 a.m.315 views

Chitor-CMS v1.1.2 - Pre-Auth SQL Injection Exploit

!/usr/bin/python3 Exploit Title: Chitor-CMS v1.1.2 - Pre-Auth SQL Injection Date: 2023/04/13 ExploitAuthor: msd0pe Project: https://github.com/waqaskanju/Chitor-CMS My Github: https://github.com/msd0pe-1 Patched the 2023/04/16: 69d3442 commit description = 'Chitor-CMS 1.1.2 Pre-Auth SQL Injection...

6.8AI score
Exploits0
OSV
OSVadded 2023/04/19 12:15 a.m.14 views

CVE-2023-27043

The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is...

5.3CVSS5.5AI score
Exploits0References44
NVD
NVDadded 2023/04/19 12:15 a.m.17 views

CVE-2023-27043

The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is...

5.3CVSS5.7AI score0.00161EPSS
Exploits1References46
Prion
Prionadded 2023/04/19 12:15 a.m.356 views

Authentication flaw

The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is...

5CVSS5.4AI score0.00161EPSS
Exploits1References23Affected Software1
UbuntuCve
UbuntuCveadded 2023/04/19 12:15 a.m.109 views

CVE-2023-27043

The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is...

5.3CVSS6.7AI score0.00161EPSS
Exploits1References8
OSV
OSVadded 2023/04/19 12:15 a.m.0 views

UBUNTU-CVE-2023-27043

The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is...

5.3CVSS6.7AI score0.00161EPSS
Exploits1References9
Cvelist
Cvelistadded 2023/04/18 11:51 p.m.17 views

CVE-2023-29516 Code injection from view right on XWiki.AttachmentSelector in xwiki-platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights on XWiki.AttachmentSelector can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is imprope...

9.9CVSS9.8AI score0.2689EPSS
Exploits1References3
Cvelist
Cvelistadded 2023/04/18 11:44 p.m.15 views

CVE-2023-29512 Code injection in xwiki-platform-web-templates

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights on a page e.g., it's own user page, can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is...

9.9CVSS9.8AI score0.29358EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2023/04/18 11:29 p.m.5 views

CVE-2023-29518 Code injection from view right using Invitation.InvitationCommon in xwiki-platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of...

9.9CVSS9.6AI score0.29358EPSS
Exploits1References3
AlpineLinux
AlpineLinuxadded 2023/04/18 10:15 p.m.29 views

CVE-2023-30608

sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS Regular Expression Denial of Service. This issue was introduced by commit e75e358. The vulnerability may lead to Denial of Service DoS. This...

7.7AI score0.01264EPSS
Exploits0
NVD
NVDadded 2023/04/18 10:15 p.m.18 views

CVE-2023-30608

sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS Regular Expression Denial of Service. This issue was introduced by commit e75e358. The vulnerability may lead to Denial of Service DoS. This...

7.5CVSS6.5AI score0.01264EPSS
Exploits0References6
UbuntuCve
UbuntuCveadded 2023/04/18 10:15 p.m.51 views

CVE-2023-30608

sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS Regular Expression Denial of Service. This issue was introduced by commit e75e358. The vulnerability may lead to Denial of Service DoS. This...

7.5CVSS6.7AI score0.01264EPSS
Exploits0References4
Prion
Prionadded 2023/04/18 10:15 p.m.20 views

Design/Logic Flaw

sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS Regular Expression Denial of Service. This issue was introduced by commit e75e358. The vulnerability may lead to Denial of Service DoS. This...

5CVSS7.5AI score0.01264EPSS
Exploits0References5Affected Software2
PyPA
PyPAadded 2023/04/18 10:15 p.m.7 views

PYSEC-2023-87

sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS Regular Expression Denial of Service. This issue was introduced by commit e75e358. The vulnerability may lead to Denial of Service DoS. This...

7.5CVSS7.6AI score0.01264EPSS
Exploits0References7Affected Software1
GithubExploit
GithubExploitadded 2023/04/18 9:47 p.m.1083 views

Exploit for Double Free in Openbsd Openssh

OpenSSH Pre-Auth Double Free CVE-2023-25136 POCThis repository c...

6.5CVSS6.8AI score0.88329EPSS
Exploits10
CVE
CVEadded 2023/04/18 9:32 p.m.231 views

CVE-2023-30608

CVE-2023-30608 affects the Python package sqlparse (non-validating SQL parser module). A vulnerable regular expression in the parser can cause Regular Expression Denial of Service (ReDoS) leading to DoS conditions. The issue was introduced by commit e75e358 and is fixed in sqlparse 0.4.4 via comm...

7.5CVSS6.5AI score0.01264EPSS
Exploits0References6Affected Software1
Debian CVE
Debian CVEadded 2023/04/18 9:32 p.m.26 views

CVE-2023-30608

sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS Regular Expression Denial of Service. This issue was introduced by commit e75e358. The vulnerability may lead to Denial of Service DoS. This...

7.5CVSS7.7AI score0.01264EPSS
Exploits0
OSV
OSVadded 2023/04/18 9:32 p.m.26 views

CVE-2023-30608 Parser contains an inefficient regular expression in sqlparse

sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS Regular Expression Denial of Service. This issue was introduced by commit e75e358. The vulnerability may lead to Denial of Service DoS. This...

5.5CVSS6.8AI score0.01264EPSS
Exploits0References8
Rows per page
Query Builder