Code injection

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper...

CVE-2023-27479 Improper Neutralization of Directives in Dynamically Evaluated Code in org.xwiki.platform:xwiki-platform-panels-ui

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper...

Ubuntu 18.04 ESM : Python vulnerability (USN-5930-1)

The remote Ubuntu 18.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5930-1 advisory. It was discovered that Python incorrectly handled certain inputs. If a user or an automated system were tricked into running a specially crafted input, a remote...

Ubuntu 18.04 ESM : Python vulnerability (USN-5931-1)

The remote Ubuntu 18.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5931-1 advisory. It was discovered that Python incorrectly handled certain inputs. If a user or an automated system were tricked into running a specially crafted input, a remote...

Ubuntu: Security Advisory (USN-5767-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

python: Fix of CVE-2023-24329

CVE-2023-24329: Prevent urllib.parse.urlparse from accepting schemes that don't begin with an alphabetical ASCII character...

Exploit for Improper Input Validation in Moodle

CVE-2022-35649 Payload Generator using Python 2 and Det...

Important: python

Issue Overview: An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service...

[SECURITY] Fedora 37 Update: python-django3-3.2.18-1.fc37

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

Exploit for OS Command Injection in Netgate Pfblockerng

CVE-2022-31814 WebApp bug import argparse import requ...

[SECURITY] Fedora 36 Update: python-django3-3.2.18-1.fc36

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

X-force - IBM Security Utilitary Library In Python. Search And Query All Sources: Threat_Activities And Groups, Malware_Analysis, Industries

IBM Security X-FORCE Exchange library in Python 3. Search: threatactivities, threatgroups, malwareanalysis, collector and industries. Install pip3 install XForce Use Using you APIKEY make a basic authentication. After make a base64 code → Key + : + Password: printf...

org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability

Impact It's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the newThemeName request parameter URL parameter, in combination with additional parameters formtoken=1&action=create. For instance:...

GHSA-R8QR-WWG3-2R85 Saleor has Staff-Authenticated Error Message Information Disclosure Vulnerability via Python Exceptions

Impact Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like user email address in staff-authenticated requests. This issue has been patched in versions 3.1.48, 3.7.59, 3.8.30, 3.9.27, 3.10.1...

Saleor has Staff-Authenticated Error Message Information Disclosure Vulnerability via Python Exceptions

Impact Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like user email address in staff-authenticated requests. This issue has been patched in versions 3.1.48, 3.7.59, 3.8.30, 3.9.27, 3.10.1...

Malicious code in esqcraftlibcv (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 3235b06cec4390f31e93a91475a908629c779bbc2855d55e68dab3660e656eb2 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

GHSA-3HVJ-3CG9-V242 Saleor Unauthenticated Information Disclosure Vulnerability via Python Exceptions

Impact Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like infrastructure details in unauthenticated requests. Affected versions: Saleor ≥ 2.0.0 Workarounds None For more information If you...

Saleor Unauthenticated Information Disclosure Vulnerability via Python Exceptions

Impact Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like infrastructure details in unauthenticated requests. Affected versions: Saleor ≥ 2.0.0 Workarounds None For more information If you...

CVE-2023-26051

Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like user email address in staff-authenticated...

Information disclosure

Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like infrastructure details in unauthenticated...