Lucene search
+L

7044 matches found

PyPA
PyPA
added 2026/07/02 2:13 p.m.4 views

Improper Access Control in MySQL Connector Python

Vulnerability in the MySQL Connectors component of Oracle MySQL subcomponent: Connector/Python. Supported versions that are affected are 8.0.13 and prior and 2.1.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Connector...

8.1CVSS6.8AI score0.02518EPSS
Exploits0References9Affected Software1
PyPA
PyPA
added 2026/07/02 2:13 p.m.4 views

OpenStack Identity Keystone is vulnerable to Block delegation escalation of privilege

OpenStack Identity Keystone before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a 1 trust or 2 OAuth token with impersonation enabled to create a new token with...

6CVSS6AI score0.02308EPSS
Exploits1References9Affected Software1
PyPA
PyPA
added 2026/07/02 2:13 p.m.4 views

OpenStack Identity Keystone Improper Privilege Management

OpenStack Identity Keystone before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same ID...

6.5CVSS7.1AI score0.01386EPSS
Exploits1References10Affected Software1
PyPA
PyPA
added 2026/07/02 2:13 p.m.5 views

OpenStack Ironic Exposure of Sensitive Information to an Unauthorized Actor

The ironic-api service in OpenStack Ironic before 4.2.5 Liberty and 5.x before 5.1.2 Mitaka allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the...

7.5CVSS6.9AI score0.02836EPSS
Exploits0References16Affected Software1
PyPA
PyPA
added 2026/07/02 2:13 p.m.5 views

OpenStack Keystone Denial of Service vulnerability via a large HTTP request

OpenStack Keystone Grizzly before 2013.1, Folsom, and possibly earlier allows remote attackers to cause a denial of service CPU and memory consumption via a large HTTP request, as demonstrated by a long tenantname when requesting a token...

6.5CVSS6AI score0.03067EPSS
Exploits0References10Affected Software1
PyPA
PyPA
added 2026/07/02 2:13 p.m.4 views

Openstack Manila Persistent XSS in Metadata field

Cross-site scripting XSS vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form...

5.4CVSS6.2AI score0.01266EPSS
Exploits0References13Affected Software1
PyPA
PyPA
added 2026/07/02 2:13 p.m.4 views

OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in OpenStack Dashboard Horizon 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form...

5.4CVSS6.8AI score0.02068EPSS
Exploits0References20Affected Software1
PyPA
PyPA
added 2026/07/02 2:13 p.m.4 views

Server-Side Request Forgery in scout-browser

Pypi package scout-browser GitHub repository clinical-genomics/scout prior to v4.52 is vulnerable to server-side request forgery. An attacker could make the application perform arbitrary requests to steal cookies, request access to private areas, or lead to cross-site scripting...

9.4CVSS7.2AI score0.01095EPSS
Exploits1References8Affected Software1
PyPA
PyPA
added 2026/07/02 2:13 p.m.4 views

instack-undercloud vulnerable to symlink attack on tmp files

A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploi...

6.4CVSS6.6AI score0.00347EPSS
Exploits0References14Affected Software1
PyPA
PyPA
added 2026/07/02 2:13 p.m.4 views

OpenStack Keystone allows context-dependent attackers to bypass access restrictions

OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the 1 user, 2 tenant, or 3 domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions...

5CVSS6AI score0.01747EPSS
Exploits1References13Affected Software1
PyPA
PyPA
added 2026/07/02 2:13 p.m.3 views

OpenStack Neutron Race Condition vulnerability

A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before 10.0.2-1.1, where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0:...

5.9CVSS6.2AI score0.01847EPSS
Exploits0References14Affected Software1
PyPA
PyPA
added 2026/07/02 2:13 p.m.4 views

MoinMoin Cross-site scripting (XSS) vulnerability in the antispam feature

Cross-site scripting XSS vulnerability in the antispam feature security/antispam.py in MoinMoin 1.7 and 1.8.1 allows remote attackers to inject arbitrary web script or HTML via crafted, disallowed content...

4.3CVSS6.1AI score0.02346EPSS
Exploits0References14Affected Software1
PyPA
PyPA
added 2026/07/02 2:13 p.m.4 views

OpenStack Keystone and other components vulnerable to Improper Certificate Validation

HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates...

5.9CVSS6.3AI score0.00962EPSS
Exploits1References14Affected Software1
PyPA
PyPA
added 2026/07/02 2:13 p.m.4 views

Mercurial Directory traversal vulnerability

Directory traversal vulnerability in patch.py in Mercurial before 1.0.2 allows user-assisted attackers to modify arbitrary files via ".." dot dot sequences in a patch file...

6.8CVSS7.3AI score0.01885EPSS
Exploits3References17Affected Software1
PyPA
PyPA
added 2026/07/02 2:13 p.m.4 views

Zope DocumentTemplate package allows unauthenticated write

The DocumentTemplate package in Zope 2.2 and earlier allows a remote attacker to modify DTMLDocuments or DTMLMethods without authorization...

7.5CVSS6AI score0.02944EPSS
Exploits0References9Affected Software1
PyPA
PyPA
added 2026/07/02 2:13 p.m.5 views

Plone Cross-site Scripting vulnerability in the LiveSearch module

Cross-site scripting XSS vulnerability in the LiveSearch module in Plone before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the Description field for search results, as demonstrated using the onerror Javascript even in an IMG tag...

4.3CVSS6.1AI score0.01144EPSS
Exploits1References8Affected Software1
PyPA
PyPA
added 2026/07/02 2:13 p.m.4 views

Roundup Improper Access Control

The EditCSVAction function in cgi/actions.py in Roundup 1.2 before 1.2.1, 1.4 through 1.4.6, and possibly other versions does not properly check permissions, which allows remote authenticated users with edit or create privileges for a class to modify arbitrary items within that class, as...

5.5CVSS6.1AI score0.02322EPSS
Exploits0References14Affected Software1
PyPA
PyPA
added 2026/07/02 2:13 p.m.4 views

Path Traversal in scout-browser

Scout is a Variant Call Format VCF visualization interface. The Pypi package scout-browser is vulnerable to path traversal due to sendfile call in versions prior to 4.52...

7.5CVSS6.8AI score0.01296EPSS
Exploits1References9Affected Software1
PyPA
PyPA
added 2026/07/02 2:13 p.m.4 views

MoinMoin Multiple cross-site scripting (XSS) vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with 1 the rename parameter or 2 the drawing parameter aka the basename variable...

4.3CVSS6AI score0.05435EPSS
Exploits1References15Affected Software1
PyPA
PyPA
added 2026/07/02 2:13 p.m.4 views

Zope Cross-site scripting (XSS) vulnerability in ZMI pages

Cross-site scripting XSS vulnerability in ZMI pages that use the managetabsmessage in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12...

6.1CVSS6.7AI score0.02055EPSS
Exploits0References10Affected Software1
PyPA
PyPA
added 2026/07/02 2:13 p.m.4 views

SaltStack RSA Key Generation allows remote users to decrypt communications

SaltStack RSA Key Generation allows remote users to decrypt communications...

8.1CVSS7.2AI score0.01945EPSS
Exploits0References10Affected Software1
PyPA
PyPA
added 2026/07/02 2:13 p.m.3 views

MoinMoin Improper ACL handling for calendars and includes

MoinMoin before 20070507 does not properly enforce ACLs for calendars and includes, which allows remote attackers to read certain pages via unspecified vectors...

5CVSS6AI score0.01474EPSS
Exploits0References10Affected Software1
PyPA
PyPA
added 2026/07/02 2:13 p.m.4 views

MoinMoin Directory traversal vulnerability

Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. dot dot in the MOINID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter. The issue has been...

5CVSS6.5AI score0.14787EPSS
Exploits0References16Affected Software1
PyPA
PyPA
added 2026/07/02 2:13 p.m.6 views

MoinMoin Multiple cross-site scripting (XSS) vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 certain input processed by formatter/textgedit.py aka the gui editor formatter; 2 a page name, which triggers an injection in PageEditor.py when the...

4.3CVSS6AI score0.02537EPSS
Exploits1References17Affected Software1
PyPA
PyPA
added 2026/07/02 2:13 p.m.4 views

Django Arbitrary Code Execution

bin/compile-messages.py in Django 0.95 does not quote argument strings before invoking the msgfmt program through the os.system function, which allows attackers to execute arbitrary commands via shell metacharacters in a 1 .po or 2 .mo file...

7.5CVSS6.2AI score0.0156EPSS
Exploits0References9Affected Software1
PyPA
PyPA
added 2026/07/02 2:13 p.m.4 views

MoinMoin Improper Access Control

macroGetval in wikimacro.py in MoinMoin 1.5.8 and earlier does not properly enforce ACLs, which allows remote attackers to read protected pages. The issue has been fixed on 4a7de0173734...

5CVSS6AI score0.02005EPSS
Exploits0References16Affected Software1
PyPA
PyPA
added 2026/07/02 2:13 p.m.4 views

MoinMoin Cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in MoinMoin 1.5.x through 1.5.8 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the login action...

4.3CVSS6.1AI score0.01735EPSS
Exploits0References18Affected Software1
PyPA
PyPA
added 2026/07/02 2:13 p.m.4 views

MoinMoin Multiple cross-site scripting (XSS) vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in MoinMoin before 1.5.7 allow remote attackers to inject arbitrary web script or HTML via 1 the page info, or the page name in a 2 AttachFile, 3 RenamePage, or 4 LocalSiteMap action...

4.3CVSS6AI score0.02326EPSS
Exploits0References14Affected Software1
PyPA
PyPA
added 2026/07/02 2:13 p.m.5 views

Plone credentials stored in session cookie

Plone CMS 3.1.x uses invariant data a client username and a server secret when calculating an HMAC-SHA1 value for an authentication cookie, which makes it easier for remote attackers to gain permanent access to an account by sniffing the network...

4.3CVSS6AI score0.0113EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2026/07/02 2:13 p.m.4 views

FTP backend for Duplicity Discloses Passwords to Process Listing

The FTP backend for Duplicity before 0.4.9 sends the password as a command line argument when calling ncftp, which might allow local users to read the password by listing the process and its arguments...

4.6CVSS6AI score0.00371EPSS
Exploits0References10Affected Software1
PyPA
PyPA
added 2026/07/02 2:13 p.m.5 views

Plone Improper Session Management

Plone CMS before 3, places a base64 encoded form of the username and password in the ac cookie for the admin account, which makes it easier for remote attackers to obtain administrative privileges by sniffing the network...

10CVSS6AI score0.02877EPSS
Exploits1References10Affected Software1
PyPA
PyPA
added 2026/07/02 2:13 p.m.4 views

MoinMoin Insertion of Sensitive Information into Log File

An information leak was discovered in MoinMoin's debug reporting version 1.5.7, which could expose information about the versions of software running on the host system. MoinMoin administrators can add "showtraceback=0" to their site configurations to disable debug tracebacks...

5CVSS5.9AI score0.01284EPSS
Exploits0References9Affected Software1
PyPA
PyPA
added 2026/07/02 2:13 p.m.4 views

Plone CMS Improper Session Management

Plone CMS before 3 places a base64 encoded form of the username and password in the ac cookie for all user accounts, which makes it easier for remote attackers to obtain access by sniffing the network...

7.5CVSS6AI score0.01424EPSS
Exploits0References9Affected Software1
PyPA
PyPA
added 2026/07/02 2:13 p.m.5 views

MoinMoin Cross-Site Scripting (XSS) vulnerability via hitcounts and general parameters

Multiple cross-site scripting XSS vulnerabilities in Info pages in MoinMoin 1.5.7 allow remote attackers to inject arbitrary web script or HTML via the 1 hitcounts and 2 general parameters, different vectors than CVE-2007-0857. NOTE: the provenance of this information is unknown; the details are...

4.3CVSS6AI score0.02326EPSS
Exploits0References9Affected Software1
PyPA
PyPA
added 2026/07/02 2:13 p.m.4 views

MoinMoin Multiple cross-site scripting (XSS) vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in action/AttachFile.py in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 message, 2 pagename, and 3 target filenames. The issue was fixed on db212dfc58ef...

4.3CVSS6AI score0.02537EPSS
Exploits0References17Affected Software1
PyPA
PyPA
added 2026/07/02 2:13 p.m.3 views

Zope does not properly verify the access for objects with proxy roles

Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration...

7.5CVSS5.9AI score0.01571EPSS
Exploits0References10Affected Software1
PyPA
PyPA
added 2026/07/02 2:13 p.m.5 views

Zope does not properly perform security registration for legacy names

Zope 2.2.0 through 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow attackers to perform unauthorized activities...

7.5CVSS5.9AI score0.01427EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2026/07/02 2:13 p.m.3 views

Plone allows remote users to modify arbitrary portraits

Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the 1 changeMemberPortrait, 2 deletePersonalPortrait, and 3 testCurrentPassword methods, which allows remote attackers to modify portraits...

5CVSS6AI score0.03891EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2026/07/02 2:13 p.m.3 views

Py2Play Unpickles Untrusted Objects

Py2Play allows remote attackers to execute arbitrary Python code via pickled objects, which Py2Play unpickles and executes...

7.5CVSS6.3AI score0.0189EPSS
Exploits0References10Affected Software1
PyPA
PyPA
added 2026/07/02 2:13 p.m.14 views

Zope Server vulnerable to DoS via header injection

Zope is a Web application server for Linux. Zope versions 2.0 through 2.5.1 b1 are vulnerable to a denial of service attack, caused by a vulnerability that occurs when using the "through the Web code" capability. A remote attacker could inject malicious headers into a response to cause the...

5CVSS6AI score0.01467EPSS
Exploits0References10Affected Software1
PyPA
PyPA
added 2026/07/02 2:13 p.m.4 views

ZCatalog plug-in for Zope allows anonymous users to bypass access restrictions

ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 allows anonymous users and untrusted code to bypass access restrictions and call arbitrary methods of catalog indexes...

7.5CVSS6.1AI score0.01427EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2026/07/02 2:13 p.m.12 views

Zope allows attackers to modify raw image and file data

Zope 2.2.0 through 2.2.4 does not properly protect a data updating method on Image and File objects, which allows attackers with DTML editing privileges to modify the raw data of these objects...

5CVSS6AI score0.0153EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2026/07/02 2:13 p.m.4 views

Django Improper Access Control

The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests, which allows remote authenticated users to gain the privileges of a different user...

6.5CVSS6AI score0.01188EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2026/07/02 2:13 p.m.5 views

Cheetah Path Search Order Hijacking

Cheetah 0.9.15 and 0.9.16 searches the /tmp directory for modules before using the paths in the PYTHONPATH variable, which allows local users to execute arbitrary code via a malicious module in /tmp/...

7.2CVSS6.3AI score0.00433EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/07/02 2:13 p.m.2 views

MoinMoin allows administrative access

MoinMoin 1.2.1 and earlier allows remote attackers to gain privileges by creating a user with the same name as an existing group that has higher privileges...

7.5CVSS6AI score0.01752EPSS
Exploits0References9Affected Software1
PyPA
PyPA
added 2026/07/02 2:13 p.m.4 views

Zope does not properly restrict access to the getRoles method

Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request...

7.2CVSS6AI score0.00467EPSS
Exploits0References9Affected Software1
PyPA
PyPA
added 2026/07/02 2:13 p.m.4 views

OpenStack Nova Exposure of Sensitive Information to an Unauthorized Actor

OpenStack Nova before 2012.1 allows someone with access to an EC2ACCESSKEY equivalent to a username to obtain the EC2SECRETKEY equivalent to a password. Exposing the EC2ACCESSKEY via http or tools that allow man-in-the-middle over https could allow an attacker to easily obtain the EC2SECRETKEY. A...

5.9CVSS6.3AI score0.01446EPSS
Exploits1References10Affected Software1
PyPA
PyPA
added 2026/07/02 2:13 p.m.5 views

MoinMoin Improper Access Control

Unknown vulnerability in MoinMoin 1.2.2 and earlier allows remote attackers to gain unauthorized access to administrator functions such as 1 revert and 2 delete...

7.5CVSS6AI score0.01582EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2026/07/02 2:13 p.m.7 views

Zope DTML implementation Improper Authentication

The DTML implementation in the Z Object Publishing Environment Zope allows remote attackers to conduct unauthorized activities...

10CVSS6AI score0.02218EPSS
Exploits0References4Affected Software1
PyPA
PyPA
added 2026/07/02 2:13 p.m.4 views

Mailman Cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the 1 email or 2 language parameters...

4.3CVSS6AI score0.04721EPSS
Exploits0References10Affected Software1
Total number of security vulnerabilities7044