Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

12247 matches found

Tenable Nessus
Tenable Nessusadded 2023/04/14 12:0 a.m.29 views

FreeBSD : py39-py -- Regular expression Denial of Service vulnerability (28a37df6-ba1a-4eed-bb64-623fc8e8dfd0)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 28a37df6-ba1a-4eed-bb64-623fc8e8dfd0 advisory. - The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS Regular expressio...

7.5CVSS6.6AI score0.00131EPSS
Exploits1References4
Tenable Nessus
Tenable Nessusadded 2023/04/14 12:0 a.m.31 views

FreeBSD : py-cryptography -- allows programmers to misuse an API (a32ef450-9781-414b-a944-39f2f61677f2)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a32ef450-9781-414b-a944-39f2f61677f2 advisory. - cryptography is a package designed to expose cryptographic primitives and recipes to Python developer...

6.5CVSS6.8AI score0.00688EPSS
Exploits1References3
Ubuntu
Ubuntuadded 2023/04/13 9:17 p.m.47 views

USN-6019-1: Flask-CORS vulnerability

It was discovered that Flask-CORS did not properly escape paths before evaluating resource rules. An attacker could possibly use this to expose sensitive information...

7.5CVSS8AI score0.0138EPSS
Exploits0
OSV
OSVadded 2023/04/12 8:36 p.m.13 views

GHSA-F4V8-58F6-MWJ4 org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability

Impact Any user with view rights on commonly accessible documents can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the documentTree macro parameters in This macro is installed by default in...

9.9CVSS9.5AI score0.36083EPSS
Exploits1References5
Github Security Blog
Github Security Blogadded 2023/04/12 8:36 p.m.30 views

org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability

Impact Any user with view rights on commonly accessible documents can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the documentTree macro parameters in This macro is installed by default in...

9.9CVSS8.9AI score0.36083EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blogadded 2023/04/12 8:35 p.m.24 views

org.xwiki.platform:xwiki-platform-panels-ui Eval Injection vulnerability

Impact Any user with edit rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the included pages in the IncludedDocuments panel. Precondition: As an admin, add the Panels.IncludedDocuments...

9.9CVSS8.7AI score0.06474EPSS
Exploits1References5Affected Software1
OSV
OSVadded 2023/04/12 8:35 p.m.27 views

GHSA-C5F4-P5WV-2475 xwiki.platform:xwiki-platform-panels-ui Eval Injection vulnerability

Impact Any user with edit rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the included pages in the included documents edit panel. A proof of concept exploit is to edit a document and ad...

9.9CVSS9.3AI score0.07739EPSS
Exploits1References5
OSV
OSVadded 2023/04/12 8:35 p.m.18 views

GHSA-W7V9-FC49-4QG4 org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki Eval Injection vulnerability

Impact Any user with view rights WikiManager.DeleteWiki can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the wikiId url parameter. A proof of concept exploit is to open...

9.9CVSS9.4AI score0.07811EPSS
Exploits1References5
Github Security Blog
Github Security Blogadded 2023/04/12 8:35 p.m.20 views

org.xwiki.platform:xwiki-platform-notifications-ui Eval Injection vulnerability

Impact Any user with view rights on commonly accessible documents including the notification preferences macros can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the user parameter of the macro...

9.9CVSS8.8AI score0.06474EPSS
Exploits1References5Affected Software1
OSV
OSVadded 2023/04/12 8:35 p.m.16 views

GHSA-9PC2-X9QF-7J2Q org.xwiki.platform:xwiki-platform-legacy-notification-activitymacro Eval Injection vulnerability

Impact Any user with view rights on commonly accessible documents including the legacy notification activity macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the macro parameters of the...

9.9CVSS9.3AI score0.18932EPSS
Exploits1References5
Github Security Blog
Github Security Blogadded 2023/04/12 8:35 p.m.28 views

org.xwiki.platform:xwiki-platform-legacy-notification-activitymacro Eval Injection vulnerability

Impact Any user with view rights on commonly accessible documents including the legacy notification activity macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the macro parameters of the...

9.9CVSS8.7AI score0.18932EPSS
Exploits1References5Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2023/04/12 8:23 p.m.44 views

Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.

Summary Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak. Golang Go is used by IBM Robotic Process Automation as part of the operator CVE-2022-2879, CVE-2022-2880, CVE-2022-41715, CVE-2022-41716, CVE-2022-41721. Python is used by IBM Robotic Process...

7.5CVSS7.8AI score0.01395EPSS
Exploits3Affected Software1
Metasploit
Metasploitadded 2023/04/12 7:43 p.m.196 views

Command Shell, Reverse SCTP (via python)

Creates an interactive shell via Python, encodes with base64 by design. Compatible with Python 2.6-2.7 and 3.4+. Module Options msf use payload/python/shellreversesctp msf payloadshellreversesctp show actions ...actions... msf payloadshellreversesctp set ACTION msf payloadshellreversesctp show...

7.1AI score
Exploits0
Metasploit
Metasploitadded 2023/04/12 7:43 p.m.148 views

Python Exec, Command Shell, Reverse SCTP (via python)

Execute a Python payload from a command. Creates an interactive shell via Python, encodes with base64 by design. Compatible with Python 2.6-2.7 and 3.4+. Module Options msf use payload/cmd/windows/python/shellreversesctp msf payloadshellreversesctp show actions ...actions... msf...

7.1AI score
Exploits0
Metasploit
Metasploitadded 2023/04/12 7:43 p.m.45 views

Python Exec, Command Shell, Reverse SCTP (via python)

Execute a Python payload as an OS command from a Posix-compatible shell. Creates an interactive shell via Python, encodes with base64 by design. Compatible with Python 2.6-2.7 and 3.4+. Module Options msf use payload/cmd/unix/python/shellreversesctp msf payloadshellreversesctp show actions...

7.2AI score
Exploits0
Hacker One
Hacker Oneadded 2023/04/11 10:0 p.m.29 views

GitHub Security Lab: [Python]: Timing attack

Vulnerability description not provided...

7.1AI score
Exploits0
Veracode
Veracodeadded 2023/04/11 5:32 p.m.17 views

Arbitrary Code Execution

langchain is vulnerable to Arbitrary Code Execution.The vulnerability exists in the processllmresult function due to the insecure usage of the Python exec method, which allows an attacker to carry out prompt injection attacks resulting in arbitrary code execution...

9.8CVSS9.4AI score0.03769EPSS
Exploits1References5Affected Software1
Exploit DB
Exploit DBadded 2023/04/08 12:0 a.m.274 views

pfsenseCE v2.6.0 - Anti-brute force protection bypass

!/usr/bin/python3 Exploit Title: pfsenseCE v2.6.0 - Anti-brute force protection bypass Google Dork: intitle:"pfSense - Login" Date: 2023-04-07 Exploit Author: FabDotNET Fabien MAISONNETTE Vendor Homepage: https://www.pfsense.org/ Software Link:...

9.8CVSS9.7AI score0.03048EPSS
Exploits5
Mageia
Mageiaadded 2023/04/06 9:20 p.m.65 views

Updated python-cairosvg packages fix security vulnerability

CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to version 2.7.0, Cairo can send requests to external hosts when processing SVG files. A malicious actor could send a specially crafted SVG file that allows them to perform a server-side request forgery or denial of service...

9.9CVSS6.8AI score0.00086EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletinsadded 2023/04/06 7:12 p.m.45 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary commands execution in Python (CVE-2015-20107)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary commands execution in Python , caused by improper input validation in mailcap module. CVE-2015-20107. Python is included as part of our runtime components. This vulnerabilitiy has been addressed...

8CVSS8.1AI score0.00801EPSS
Exploits1Affected Software1
Rows per page
Query Builder