Lucene search
K

58388 matches found

Tenable Nessus
Tenable Nessus
added 2025/12/15 12:0 a.m.4 views

SUSE SLES15 Security Update : python-eventlet (SUSE-SU-2025:03051-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:03051-1 advisory. - CVE-2025-58068: improper handling of HTTP trailer sections in WSGI parser leads to HTTP request smuggling bsc1248994. Tenable has extracted the...

9.1CVSS5.7AI score0.00363EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/12/15 12:0 a.m.2 views

openSUSE 15 Security Update : python-maturin (SUSE-SU-2025:03082-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:03082-1 advisory. - CVE-2025-58160: terminal escape injection via ANSI sequences from untrusted input bsc1249011. Tenable has extracted the preceding description block direct...

2.3CVSS5.5AI score0.00303EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/12/13 6:30 p.m.7 views

Universal Tool Calling Protocol (UTCP) client library for Python vulnerable to Trust Boundary Violation through Manual JSON specification

The vulnerability arises when a client fetches a tools’ JSON specification, known as a Manual, from a remote Manual Endpoint. While a provider may initially serve a benign manual e.g., one defining an HTTP tool call, earning the clients’ trust, a malicious provider can later change the manual to...

7.5CVSS7AI score0.0022EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/12/13 6:30 p.m.4 views

GHSA-75MJ-4G74-9RG2 Universal Tool Calling Protocol (UTCP) client library for Python vulnerable to Trust Boundary Violation through Manual JSON specification

The vulnerability arises when a client fetches a tools’ JSON specification, known as a Manual, from a remote Manual Endpoint. While a provider may initially serve a benign manual e.g., one defining an HTTP tool call, earning the clients’ trust, a malicious provider can later change the manual to...

7.5CVSS6.9AI score0.0022EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2025/12/13 5:55 p.m.136 views

Exploit for Injection in Dlink Dns-320_Firmware

CVE-2024-10914POC PoC para explota...

9.8CVSS7AI score0.97432EPSS
Exploits11
Cvelist
Cvelist
added 2025/12/13 9:59 a.m.24 views

CVE-2025-14542 Command execution in python-utcp allows attackers to achieve remote code execution when fetching a remote Manual from a malicious endpoint

The vulnerability arises when a client fetches a tools’ JSON specification, known as a Manual, from a remote Manual Endpoint. While a provider may initially serve a benign manual e.g., one defining an HTTP tool call, earning the clients’ trust, a malicious provider can later change the manual to...

7.5CVSS0.0022EPSS
Exploits0References2
CVE
CVE
added 2025/12/13 9:59 a.m.13 views

CVE-2025-14542

The CVE-2025-14542 issue affects the Python UTCP client library (utcp) where the client trusts a tool’s JSON Manual from a remote Manual Endpoint. A malicious remote Manual can alter the specification to execute arbitrary commands on the client, enabling remote code execution. Remediation provide...

7.5CVSS6.6AI score0.0022EPSS
Exploits0References2
Veracode
Veracode
added 2025/12/13 7:29 a.m.9 views

Local File Inclusion (LFI)

pythonmistralclient is vulnerable to Local File Inclusion LFI. The vulnerability is due to improper validation of file paths in the 'Create Workbook' feature, which allows an attacker to include and read arbitrary local files from the system...

6.5CVSS5.9AI score0.00399EPSS
Exploits0References8Affected Software1
Veracode
Veracode
added 2025/12/13 7:25 a.m.10 views

Privilege Escalation

awsadvancedpythonwrapper is vulnerable to Privilege Escalation. The vulnerability is due to improper execution context handling of user-defined functions, which allows an attacker to create crafted functions that execute with elevated privileges and gain unauthorized access...

8.6CVSS6AI score0.00381EPSS
Exploits0References15Affected Software2
Veracode
Veracode
added 2025/12/13 7:22 a.m.5 views

XML External Entity (XXE) Injection

peppolpy is vulnerable to XML External Entity XXE injection. The vulnerability is due to insecure Saxon XML parser configuration, where external entities are allowed during XML invoice validation, enabling attackers to read local files and exfiltrate their contents to a remote host...

5CVSS5.7AI score0.00299EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2025/12/13 7:20 a.m.5 views

Template Injection

langchain-core is vulnerable to Template Injection. The vulnerability is due to the lack of validation in template strings, where attackers can access Python object internals through template syntax. This allows attackers to extract sensitive information from object internals and potentially...

8.3CVSS6.9AI score0.00466EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/12/13 12:0 a.m.4 views

SUSE SLES15: libpython2_7-1_0 / libpython2_7-1_0-32bit / python / python-32bit / etc (SUSE-SU-2025:4389-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4389-1 advisory. - CVE-2025-6075: quadratic complexity in os.path.expandvars can lead to performance degradation when values passed to it are...

5.5CVSS6.3AI score0.00345EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/12/13 12:0 a.m.4 views

SUSE SLES15 / openSUSE 15 Security Update : python-Django (SUSE-SU-2025:4384-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4384-1 advisory. - CVE-2025-13372: Fixed SQL Injection in FilteredRelation bsc1254437 - CVE-2025-64460: Fixed denial of service via specially...

7.5CVSS8.3AI score0.02143EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2025/12/12 3:53 p.m.137 views

HenBR-Autoload

HenBR-Autoload Download any PS4 exploit in one click...

6.8AI score
Exploits0
SUSE Linux
SUSE Linux
added 2025/12/12 1:49 p.m.5 views

Security update for python

This update for python fixes the following issues: CVE-2025-6075: quadratic complexity in os.path.expandvars can lead to performance degradation when values passed to it are user-controlled bsc1252974. CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory EOCD record allows...

4.8CVSS6.8AI score0.00345EPSS
Exploits0References8
OSV
OSV
added 2025/12/12 1:49 p.m.2 views

SUSE-SU-2025:4389-1 Security update for python

This update for python fixes the following issues: - CVE-2025-6075: quadratic complexity in os.path.expandvars can lead to performance degradation when values passed to it are user-controlled bsc1252974. - CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory EOCD record...

5.5CVSS6.6AI score0.00345EPSS
Exploits0References5
OSV
OSV
added 2025/12/12 12:20 p.m.4 views

OESA-2025-2809 python-requests security update

Requests is an HTTP library, written in Python, as an alternative to Python's builtin urllib2 which requires work even method overrides to perform basic tasks. Features of Requests: - GET, HEAD, POST, PUT, DELETE Requests: + HTTP Header Request Attachment. + Data/Params Request Attachment. +...

5.6CVSS6.8AI score0.0034EPSS
Exploits0References2
OSV
OSV
added 2025/12/12 12:20 p.m.5 views

OESA-2025-2808 python-requests security update

Requests is an HTTP library, written in Python, as an alternative to Python's builtin urllib2 which requires work even method overrides to perform basic tasks. Features of Requests: - GET, HEAD, POST, PUT, DELETE Requests: + HTTP Header Request Attachment. + Data/Params Request Attachment. +...

5.6CVSS6.8AI score0.0034EPSS
Exploits0References2
OSV
OSV
added 2025/12/12 12:20 p.m.5 views

OESA-2025-2807 python-requests security update

Requests is an HTTP library, written in Python, as an alternative to Python's builtin urllib2 which requires work even method overrides to perform basic tasks. Features of Requests: - GET, HEAD, POST, PUT, DELETE Requests: + HTTP Header Request Attachment. + Data/Params Request Attachment. +...

5.6CVSS6.8AI score0.0034EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/12/12 6:51 a.m.4 views

a-mailx (=0.1.0), abracadabra (>=0.0.0 <=0.0.7) +650 more potentially affected by CVE-2025-67724 via tornado (>=6.0.0 <=6.5.2)

tornado PYPI version =6.0.0, =0.0.0, =0.7.3, =0.0.5, =1.0.0, =1.0.0, =0.31.0, =1.3.0, =0.1.23, =0.0.9.1, =0.20.0, =0.9.5, =22.5.13, =25.12.0 and more Source cves: CVE-2025-67724 Source advisory: SNYK:PYTHON-TORNADO-14400978...

6.1CVSS6AI score0.00185EPSS
Exploits0
Rows per page
Query Builder