Linux Distros Unpatched Vulnerability : CVE-2026-25198

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - web2py versions 2.27.1-stable+timestamp.2023.11.16.08.03.57 and prior contain an open redirect vulnerability. If this vulnerability is exploited, the user may b...

web2py has an Open Redirect Vulnerability

web2py versions 2.27.1-stable+timestamp.2023.11.16.08.03.57 and prior contain an Open Redirect vulnerability. If this vulnerability is exploited, the user may be redirected to an arbitrary website when accessing a specially crafted URL. As a result, the user may become a victim of a phishing atta...

UBUNTU-CVE-2026-25198

web2py versions 2.27.1-stable+timestamp.2023.11.16.08.03.57 and prior contain an open redirect vulnerability. If this vulnerability is exploited, the user may be redirected to an arbitrary website when accessing a specially crafted URL. As a result, the user may become a victim of a phishing atta...

CVE-2023-45158

An OS command injection vulnerability exists in web2py 2.24.1 and earlier. When the product is configured to use notifySendHandler for logging not the default configuration, a crafted web request may execute an arbitrary OS command on the web server using the product...

EUVD-2016-4964

Malware in sbrugna...

EUVD-2013-2257

Malware in sbrugna...

EUVD-2022-4423

Malicious code in bioql PyPI...

EUVD-2022-3984

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-22432

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Open redirect vulnerability exists in web2py versions prior to 2.23.1. When using the tool, a web2py user may be redirected to an arbitrary website by accessing...

CVE-2022-33146

Open redirect vulnerability in web2py versions prior to 2.22.5 allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL...

CVE-2013-2311

Cross-site scripting XSS vulnerability in static/js/share.js aka the social bookmarking widget in Web2py before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

web2py vulnerable to OS command injection

Overview web2py web application framework contains an OS command injection vulnerability CWE-78. Masashi Yamane of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When web2py is configured to u...

Web2py Reflected XSS vulnerability

Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an attacker to perform an XSS attack on logged in user admin...

UBUNTU-CVE-2016-3954

web2py before 2.14.2 allows remote attackers to obtain the sessioncookiekey value via a direct request to examples/simpleexamples/status. NOTE: this issue can be leveraged by remote attackers to execute arbitrary code using CVE-2016-3957...

UBUNTU-CVE-2016-3957

The secureload function in gluon/utils.py in web2py before 2.14.2 uses pickle.loads to deserialize session information stored in cookies, which might allow remote attackers to execute arbitrary code by leveraging knowledge of encryptionkey...