CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

24 matches found

RedhatCVE•added 2026/05/14 7:58 p.m.•8 views

CVE-2026-45227

Heym before 0.0.21 contains a sandbox escape vulnerability in the custom Python tool executor that allows authenticated workflow authors to bypass sandbox restrictions by using object-graph introspection primitives. Attackers can use Python introspection techniques to recover the unrestricted...

8.8CVSS6.1AI score0.00227EPSS

Exploits0References1

Tenable Nessus•added 2026/01/22 12:0 a.m.•6 views

Azure Linux 3.0 Security Update: python3 (CVE-2023-6507)

The version of python3 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-6507 advisory. - An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython...

6.1CVSS5.7AI score0.01326EPSS

Exploits0References2

OSV•added 2025/01/17 3:6 p.m.•8 views

BIT-PYTHON-MIN-2023-6507 Groups not dropped before running subprocess when using empty 'extra_groups' parameter

An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the extragroups= parameter with an empty list as a value ie extragroups= the logic regressed to not call setgroups0, NULL before...

6.1CVSS5.6AI score0.01326EPSS

Exploits0References6

Hacker One•added 2024/12/17 7:54 p.m.•3 views

curl: OS Command Injection (subprocess Module Usage)

Summary The Bandit tool flagged the usage of the subprocessmodule in the file curl.pyunder the B404:blacklist rule. This rule highlights potential security risks associated with using the subprocess module without proper sanitization of inputs, which can lead to command injection vulnerabilities...

9AI score

Exploits0

BDU FSTEC•added 2024/11/01 12:0 a.m.•4 views

The vulnerability of the subprocess module in the Python programming language interpreter allows a perpetrator to trigger a service failure.

The vulnerability of the subprocess module in the Python programming language interpreter is related to privilege management errors. Exploiting this vulnerability can allow a malicious actor to cause service failures...

7.1CVSS6.7AI score0.01326EPSS

Exploits0References7Affected Software3

GithubExploit•added 2024/08/05 7:6 a.m.•53 views

zzz

It is an offensive tool for Linux. The repository appears to be...

7.6AI score

Exploits0

Prion•added 2023/12/08 7:15 p.m.•19 views

Design/Logic Flaw

3.3CVSS7.1AI score0.01326EPSS

Exploits0References3Affected Software1

UbuntuCve•added 2023/12/08 7:15 p.m.•46 views

CVE-2023-6507

6.1CVSS6.7AI score0.01326EPSS

Exploits0References3

Vulnrichment•added 2023/12/08 6:20 p.m.•15 views

CVE-2023-6507 Groups not dropped before running subprocess when using empty 'extra_groups' parameter

6.1CVSS6.8AI score0.01326EPSS

Exploits0References5

CVE•added 2023/12/08 6:20 p.m.•101 views

CVE-2023-6507

Affects CPython 3.12.0 on POSIX via the subprocess module. When using extra_groups=[], the code regressed to not calling setgroups(0, NULL) before exec(), so original process groups aren’t dropped before starting the new process. The issue only impacts privileged CPython processes (typically root...

6.1CVSS5.7AI score0.01326EPSS

Exploits0References5Affected Software1

OSV•added 2023/12/08 6:20 p.m.•22 views

PSF-CVE-2023-6507 Groups not dropped before running subprocess when using empty 'extra_groups' parameter

6.1CVSS5.6AI score0.01326EPSS

Exploits0References3

Positive Technologies•added 2023/12/08 12:0 a.m.•5 views

PT-2023-9621 · Python +2 · Cpython +2

Name of the Vulnerable Software and Affected Versions: CPython version 3.12.0 Description: The issue is related to errors in privilege management in the subprocess module of the CPython interpreter. When using the extra groups= parameter with an empty list as a value, the logic regressed to not...

9.8CVSS6.5AI score0.23293EPSS

Exploits27References193

OSV•added 2023/05/05 2:18 a.m.•16 views

GHSA-FWJ4-72FM-C93G Under-validated ComSpec and cmd.exe resolution in Mutagen projects

Impact Mutagen projects offer shell-based execution functionality. On Windows, the shell is resolved using the standard %ComSpec% mechanism, with a fallback to a %PATH%-based search for cmd.exe. While this is the standard practice on Windows systems, it presents somewhat risky behavior. Firstly,...

6.8AI score

Exploits0References2

OpenVAS•added 2021/07/07 12:0 a.m.•21 views

Huawei EulerOS: Security Advisory for PyYAML (EulerOS-SA-2021-2165)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.3AI score0.05031EPSS

Exploits1References2

OSV•added 2021/04/20 4:40 p.m.•38 views

GHSA-3PQX-4FQF-J49F Deserialization of Untrusted Data in PyYAML

PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and loadall functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342...

9.8CVSS9.8AI score0.05031EPSS

Exploits1References8

Tenable Nessus•added 2020/11/06 12:0 a.m.•42 views

EulerOS Virtualization 3.0.6.6 : PyYAML (EulerOS-SA-2020-2475)

According to the versions of the PyYAML package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability in the implementation of the Short Message Service SMS handling functionality of Cisco IOS Software and Cisco IOS ...

9.8CVSS7AI score0.06081EPSS

Exploits2References3