CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

picklescan is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of pickle files in UnixSubprocessTransport.start, which allows an attacker to execute arbitrary code by providing a malicious pickle file...

8.3AI score

Exploits0

RedhatCVE•added 2025/09/11 8:27 p.m.•4 views

CVE-2025-58763

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. A command injection vulnerability in Tautulli v2.15.3 and prior allows attackers with administrative privileges to obtain remote code execution on the application server. This vulnerability requires the application to...

8CVSS8.6AI score0.00867EPSS

Exploits1References1

GithubExploit•added 2025/09/10 8:46 p.m.•268 views

vulnerable-python-poc-exploit

Отчет по анализу уязвимостей Python приложения vulnerable...

7.7AI score

Exploits0

Microsoft CVE•added 2025/09/03 10:23 p.m.•5 views

Unintentional exposure of environment variables to subprocesses in sentry-sdk

...

5.3CVSS7AI score0.00028EPSS

Exploits0

Github Security Blog•added 2025/08/26 9:40 p.m.•4 views

Picklescan is missing detection when calling built-in python library asyncio.unix_events._UnixSubprocessTransport._start

Summary Using asyncio.unixevents.UnixSubprocessTransport.start function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to...

7.9AI score

Exploits0References3Affected Software1

OSV•added 2025/08/11 1:52 p.m.•4 views

BIT-LIBPYTHON-2023-6507 Groups not dropped before running subprocess when using empty 'extra_groups' parameter

An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the extragroups= parameter with an empty list as a value ie extragroups= the logic regressed to not call setgroups0, NULL before...

6.1CVSS7.2AI score0.00083EPSS

Exploits0References6

Positive Technologies•added 2025/07/31 12:0 a.m.•2 views

PT-2025-32492 · Pypi · Ms-Swift

I. Detailed Description: 1. Install ms-swift pip install ms-swift -U 2. Start web-ui swift web-ui --lang en 3. After startup, access through browser at http://localhost:7860/ to see the launched fine-tuning framework program 4. Fill in necessary parameters In the LLM Training interface, fill in...

5.9CVSS7.6AI score

Exploits0References4

OSV•added 2025/07/02 2:15 p.m.•3 views

CVE-2025-34073

An unauthenticated command injection vulnerability exists in stamparm/maltrail Maltrail versions =0.54. A remote attacker can execute arbitrary operating system commands via the username parameter in a POST request to the /login endpoint. This occurs due to unsafe handling of user-supplied input...

10CVSS6.2AI score0.65833EPSS

Exploits1References5

Positive Technologies•added 2025/07/02 12:0 a.m.•4 views

PT-2025-27631

Name of the Vulnerable Software and Affected Versions: Maltrail versions =0.54 Description: An unauthenticated command injection issue exists, allowing a remote attacker to execute arbitrary operating system commands via the username parameter in a POST request to the "/login" endpoint. This occu...

10CVSS7.7AI score0.65833EPSS

Exploits1References11

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by