13 matches found
CVE-2026-12003
To allow builds of Python to be run from an in-tree layout rather than an installed file layout, the VPATH variable is defined at build time and used to locate certain landmarks - specifically, Modules/setup.local. When this landmark is found relative to VPATH relative to the executable, Python...
EUVD-2026-37125
To allow builds of Python to be run from an in-tree layout rather than an installed file layout, the VPATH variable is defined at build time and used to locate certain landmarks - specifically, Modules/setup.local. When this landmark is found relative to VPATH relative to the executable, Python...
Siemens SIMATIC S7-1500 Untrusted Search Path (CVE-2020-15801)
In Python 3.8.4, sys.path restrictions specified in a python38.pth file are ignored, allowing code to be loaded from arbitrary locations. The .pth file e.g., the python.pth file is not affected. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for...
PyInstaller 代码注入漏洞
PyInstaller is a Python library from the Python Foundation that analyzes your code to discover all the other modules and libraries your scripts need to execute. A code injection vulnerability exists in PyInstaller versions prior to 6.0.0, which stems from improper handling of sys.path and could...
Uncontrolled Search Path Element
Overview Affected versions of this package are vulnerable to Uncontrolled Search Path Element via the unintended import of a test.py file. An attacker can execute arbitrary code by placing a malicious test.py file in the same directory or within the sys.path that is accessible when the module is...
GHSA-XQRQ-4MGF-FF32 Withdrawn Advisory: Python-Future Module Arbitrary Code Execution via Unintended Import of test.py
Withdrawn Advisory This advisory has been withdrawn because it describes a documented feature of Python’s import system in the handling of sys.path. For more information, see https://github.com/PythonCharmers/python-future/issues/650. Original Description A vulnerability in the Python-Future 1.0....
UBUNTU-CVE-2025-50817
A vulnerability in the Python-Future 1.0.0 module allows for arbitrary code execution via the unintended import of a file named test.py. When the module is loaded, it automatically imports test.py, if present in the same directory or in the sys.path. This behavior can be exploited by an attacker...
CVE-2025-3970
A vulnerability classified as problematic has been found in baseweb JSite up to 1.0. Affected is an unknown function of the file /sys/office/save. The manipulation of the argument Remarks leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed t...
PT-2025-16693
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the version that includes the fix for this issue Description A vulnerability in the Linux kernel has been resolved, which prevented multiple calls in a row to napi disable, causing a hang. The issue occurred when...
SUSE CVE-2008-4863
Untrusted search path vulnerability in BPYinterface in Blender 2.46 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySysSetArgv function...
SUSE CVE-2008-5983
Untrusted search path vulnerability in the PySysSetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv0 argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse...
SUSE CVE-2015-1341
Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function pythonmodulepath...
CVE-2016-10769
cPanel before 60.0.25 allows an open redirect via /cgi-sys/FormMail-clone.cgi SEC-162...