273 matches found
Astra Linux - уязвимость в python3.11, python3.7
A vulnerability has been identified in the CPython venv module and CLI. This vulnerability arises from improper quoting of path names when creating a virtual environment. As a result, attackers can inject commands into the virtual environment “activation” scripts e.g., using “source...
ExploitReaper
Exploit Reaper...
Terraform / OpenTofu Provider for Proxmox VE 安全漏洞
Terraform/OpenTofu Provider for Proxmox VE is a software developed by Pavel Boldyrev. Versions of Terraform/OpenTofu Provider for Proxmox VE prior to 0.93.1 contained security vulnerabilities. These vulnerabilities stemmed from insecure sudoer lines in the SSH configuration files, which could lea...
virtualenv Has TOCTOU Vulnerabilities in Directory Creation
Impact TOCTOU Time-of-Check-Time-of-Use vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local access can exploit a race condition between directory existence checks and creation to redirect virtualenv's appdat...
MiracleLinux 7 : python3-3.6.8-21.0.3.el7.AXS7 (AXSA:2025-9726:01)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9726:01 advisory. - CVE-2024-9287: fix path names quoting to prevent command injection in virtual environment activation scripts CVEs: CVE-2024-9287 A vulnerability has been...
CVE-2022-31358
A reflected cross-site scripting XSS vulnerability in Proxmox Virtual Environment prior to v7.2-3 allows remote attackers to execute arbitrary web scripts or HTML via non-existent endpoints under path /api2/html/...
CVE-2022-35508
Proxmox Virtual Environment PVE and Proxmox Mail Gateway PMG are vulnerable to SSRF when proxying HTTP requests between pvepmgproxy and pvepmgdaemon. An attacker with an unprivileged account can craft an HTTP request to achieve SSRF and file disclosure of any files on the server. Also, in Proxmox...
CVE-2022-35507
A response-header CRLF injection vulnerability in the Proxmox Virtual Environment PVE and Proxmox Mail Gateway PMG web interface allows a remote attacker to set cookies for a victim's browser that are longer than the server expects, causing a client-side DoS. This affects Chromium-based browsers...
AlmaLinux 8 : python39:3.9 (ALSA-2025:23530)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:23530 advisory. python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used CVE-2024-5642 python: Virtual environment venv activation scripts don't...
RLSA-2025:23530 Important: python39:3.9 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
python: Virtual environment (venv) activation scripts don't quote paths
A vulnerability has been found in the Python venv module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts, for example, "source venv/bin/activate". This flaw allows...
ProbeSuite
text...
Exploit for CVE-2024-21545
CVE-2024-21545-PoC Pro...
Exploit for Deserialization of Untrusted Data in Huggingface Transformers
Running - have docker and uv installed, then clone repo and run...
XSS-Scanner-cross-site-scanning-
Basic XSS Lab Local — Flask + CLI Scanner Quick start W...
EUVD-2015-6861
Malware in sbrugna...
EUVD-2012-5982
Malware in sbrugna...
Unity Linux 20.1070e Security Update: python3 (UTSA-2025-987414)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987414 advisory. A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing th...
EUVD-2025-27406
Malicious code in bioql PyPI...
EUVD-2024-0172
Malicious code in bioql PyPI...