CVE-2026-7066 choieastsea simple-openstack-mcp server.py exec_openstack os command injection

A vulnerability was found in choieastsea simple-openstack-mcp up to 767b2f4a8154cca344344b9725537a58399e6036. The affected element is the function execopenstack of the file server.py. The manipulation results in os command injection. It is possible to launch the attack remotely. The exploit has...

EUVD-2026-23739

A vulnerability was found in ComfyUI up to 0.13.0. Affected by this issue is some unknown functionality of the file server.py of the component View Endpoint. Performing a manipulation results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made...

CVE-2026-6593 ComfyUI View Endpoint server.py cross site scripting

A vulnerability was found in ComfyUI up to 0.13.0. Affected by this issue is some unknown functionality of the file server.py of the component View Endpoint. Performing a manipulation results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made...

CVE-2026-6589

A security vulnerability has been detected in ComfyUI up to 0.13.0. This affects the function createoriginonlymiddleware of the file server.py. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The...

CVE-2026-6589

A security vulnerability has been detected in ComfyUI up to 0.13.0. This affects the function createoriginonlymiddleware of the file server.py. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The...

CVE-2026-5001

A vulnerability (CVE-2026-5001) affects PromtEngineer localGPT. The flaw resides in the function do_POST of the file backend/server.py , enabling unrestricted remote file upload . Exploit has been published and may be used (exploit maturity: proof-of-concept). The product uses a rolling release; ...

CVE-2026-4994

CVE-2026-4994 affects wandb OpenUI up to 1.0/3.5-turb. The vulnerable component is generic_exception_handler in backend/openui/server.py of the APIStatusError Handler. The issue arises from manipulation of the argument key, leading to information exposure through error messages. Access to the loc...

CVE-2026-4992

WandB OpenUI vulnerability CVE-2026-4992 affects the HTMLAnnotator component, specifically the create_share/get_share function in backend/openui/server.py. The issue arises from manipulating the ID argument, enabling HTML injection. Exploitation is possible remotely and the exploit has been publi...

EUVD-2025-7126

Malicious code in bioql PyPI...

Deserialization of Untrusted Data

Overview lazyllm is an A Low-code Development Tool For Building Multi-agent LLMs Applications. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the lazyllmcall function in server.py. An attacker can execute arbitrary code or manipulate application behavior...

GHSA-8X9J-2P8R-7XC6 ml-logger has path traversal in the file argument

A vulnerability was identified in geyang ml-logger 0.10.36 and prior. Affected by this vulnerability is the function loghandler of the file mllogger/server.py. Such manipulation of the argument File leads to path traversal. It is possible to launch the attack remotely. The exploit is publicly...

CVE-2025-10950 geyang ml-logger Ping server.py log_handler deserialization

A vulnerability was determined in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected is the function loghandler of the file mllogger/server.py of the component Ping Handler. This manipulation of the argument data causes deserialization. It is possible to initiate the attack...

Upsonic is vulnerable to Path Traversal attack through its os.path.join function

A vulnerability classified as critical was found in Upsonic up to 0.55.6. This vulnerability affects the function os.path.join of the file markdown/server.py. The manipulation of the argument file.filename leads to path traversal. The exploit has been disclosed to the public and may be used...

CVE-2024-10019

A vulnerability in the startappserver function of parisneo/lollms-webui V12 Strawberry allows for path traversal and OS command injection. The function does not properly sanitize the appname parameter, enabling an attacker to upload a malicious server.py file and execute arbitrary code by...

Exploit for Path Traversal in Aiohttp

CVE-2024-23334-PoC A proof of concept of the path traversal vu...

RHEL 8 : python39:3.9 and python39-devel:3.9 (RHSA-2023:2764)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2764 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

AlmaLinux 8 : python3 (ALSA-2023:0833)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:0833 advisory. - A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using inttext, a system could take 50ms to parse a...

SUSE SLED12 / SLES12 Security Update : python (SUSE-SU-2022:3553-1)

The remote SUSE Linux SLED12 / SLEDSAP12 / SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3553-1 advisory. - DISPUTED Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection...

Ubuntu 16.04 ESM : Python vulnerability (USN-5629-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5629-1 advisory. It was discovered that the Python http.server module incorrectly handled certain URIs. An attacker could potentially use this to redirect web traffic. Tenable has...

Denial Of Service (DoS)

sanic is vulnerable to denial of service. When using python 3.10 version, An attacker can crash the application by sending an HTTP request to server.py...