Lucene search
+L

7044 matches found

PyPA
PyPA
•added 2026/07/02 2:13 p.m.•4 views

mailman Cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page...

4.3CVSS6.1AI score0.01782EPSS
Exploits0References13Affected Software1
PyPA
PyPA
•added 2026/07/02 2:13 p.m.•3 views

Mailman Sensitive Information Disclosure

Mailman before 2.1.5 allows remote attackers to obtain user passwords via a crafted email request to the Mailman server...

5CVSS6AI score0.02984EPSS
Exploits0References13Affected Software1
PyPA
PyPA
•added 2026/07/02 2:13 p.m.•6 views

MoinMoin Improper Access Control

Unknown vulnerability in MoinMoin 1.2.2 and earlier allows remote attackers to gain unauthorized access to administrator functions such as 1 revert and 2 delete...

7.5CVSS6AI score0.01582EPSS
Exploits0References8Affected Software1
PyPA
PyPA
•added 2026/07/02 2:13 p.m.•3 views

MoinMoin allows administrative access

MoinMoin 1.2.1 and earlier allows remote attackers to gain privileges by creating a user with the same name as an existing group that has higher privileges...

7.5CVSS6AI score0.01752EPSS
Exploits0References9Affected Software1
PyPA
PyPA
•added 2026/07/02 2:13 p.m.•4 views

Openstack nova qcow format could expose host filesystem information

Versions of nova before 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem...

8.6CVSS6.3AI score0.00734EPSS
Exploits0References6Affected Software1
PyPA
PyPA
•added 2026/07/02 2:13 p.m.•4 views

Mercurial Improper Certificate Validation vulnerability

Mercurial before 1.6.4 fails to verify the Common Name field of SSL certificates which allows remote attackers who acquire a certificate signed by a Certificate Authority to perform a man-in-the-middle attack...

5.9CVSS6.3AI score0.00814EPSS
Exploits0References11Affected Software1
PyPA
PyPA
•added 2026/07/02 2:13 p.m.•4 views

Open Redirect in Flask-AppBuilder

Flask-AppBuilder is an application development framework built on top of Flask. Versions prior to 3.4.5 contain an open redirect vulnerability when using the database authentication login page. There are no known workarounds. Users are recommended to upgrade to version 3.4.5 or later. For more...

6.1CVSS6.5AI score0.00923EPSS
Exploits0References8Affected Software1
PyPA
PyPA
•added 2026/07/02 2:13 p.m.•4 views

Zope XSS Vulnerability

Cross-site scripting XSS vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3, 3.1.1 through 3.4.1. allows remote attackers to inject arbitrary web script or HTML via vectors related to the way error messages perform...

6.1CVSS6.5AI score0.0195EPSS
Exploits0References13Affected Software1
PyPA
PyPA
•added 2026/07/02 2:13 p.m.•4 views

Uncontrolled Resource Consumption in Matrix Synapse

ImpactSynapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Connections will only be terminated after maxspidersize default: 10M bytes have been downloaded, which can in some cases lead t...

6.5CVSS6.4AI score0.00827EPSS
Exploits0References9Affected Software1
PyPA
PyPA
•added 2026/07/02 2:13 p.m.•4 views

Cobbler Web Interface Lacks CSRF Protection

cobbler: Web interface lacks CSRF protection when using Django framework...

8.8CVSS7.2AI score0.0063EPSS
Exploits0References10Affected Software1
PyPA
PyPA
•added 2026/07/02 2:13 p.m.•15 views

Exposure of Sensitive Information to an Unauthorized Actor in OpenStack tripleo-heat-templates

An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the wwwauthenticateuri parameter which is visible to all end users in configuration files. This would give sensitive...

4.3CVSS5.9AI score0.00754EPSS
Exploits0References8Affected Software1
PyPA
PyPA
•added 2026/07/02 2:13 p.m.•4 views

Insertion of Sensitive Information into Log File in ansible

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucketpipelinevariable module. This flaw allows an attacker to steal bitbucketpipeline credentials. The highest threat from this vulnerabili...

5.5CVSS6.7AI score0.00307EPSS
Exploits0References11Affected Software1
PyPA
PyPA
•added 2026/07/02 2:13 p.m.•4 views

pgAdmin 4 Path Traversal vulnerability

When run in server mode, pgAdmin 4 allows users to store files on the server under individual storage directories. Files such as SQL scripts may be uploaded through the user interface. The URI to which upload requests are made fails to validate the upload path to prevent path traversal techniques...

6.5CVSS6.6AI score0.00953EPSS
Exploits0References6Affected Software1
PyPA
PyPA
•added 2026/07/02 2:13 p.m.•4 views

XML External Entities Vulnerability in CVRF-CSAF-Converter

CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities XXE. This leads to the inclusion of arbitrary local file content into the generated output document. An attacker can exploit this to disclose information from the system running the converter...

6.1CVSS6.2AI score0.00679EPSS
Exploits0References5Affected Software1
PyPA
PyPA
•added 2026/07/02 2:13 p.m.•4 views

Nicotine+ DoS on Null Character in Download Request

Denial of service DoS vulnerability in Nicotine+ starting with version 3.0.3 and prior to version 3.2.1 allows a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character...

7.5CVSS7.1AI score0.01586EPSS
Exploits1References8Affected Software1
PyPA
PyPA
•added 2026/07/02 2:13 p.m.•4 views

Cross-site Scripting in FreeTAKServer-UI

FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting XSS vulnerability via the Callsign parameter...

5.4CVSS6AI score0.00479EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2026/07/02 2:13 p.m.•4 views

SQL Injection in FreeTAKServer-UI

FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint /AuthenticateUser...

6.5CVSS6.7AI score0.00855EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2026/07/02 2:13 p.m.•4 views

Exposure of Sensitive Information to an Unauthorized Actor in FreeTAKServer-UI

FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Websocket keys...

7.5CVSS7AI score0.01073EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2026/07/02 2:13 p.m.•4 views

Path traversal in FreeTAKServer-UI

An issue in the ?filename= argument of the route /DataPackageTable in FreeTAKServer-UI v1.9.8 allows attackers to place arbitrary files anywhere on the system...

6.5CVSS6.8AI score0.00719EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2026/07/02 2:13 p.m.•4 views

Allocation of Resources Without Limits or Throttling in nvflare

ImpactNVIDIA FLARE contains a vulnerability in Admin Interface, where an un-authorized attacker can cause Allocation of Resources Without Limits or Throttling, which may lead to cause system unavailableAll versions before 2.0.16 are affected. PatchesThe patch will be included in nvflare==2.0.16...

7.8CVSS7AI score0.01042EPSS
Exploits0References5Affected Software1
PyPA
PyPA
•added 2026/07/02 2:13 p.m.•4 views

Unrestricted Upload of File with Dangerous Type in motionEye

motionEye = 0.42.1 and motioneEyeOS = 20200606 allow a remote attacker to upload a configuration backup file containing a malicious python pickle file. This is possible when an installation is accessible over the Internet and uses no or poor authentication credentials.The GitHub repositories for...

7.2CVSS7.1AI score0.02951EPSS
Exploits0References6Affected Software1
PyPA
PyPA
•added 2026/07/02 2:13 p.m.•4 views

saleor Missing Authorization vulnerability

Missing Authorization in saleor prior to 3.1.2...

6.5CVSS6.6AI score0.00994EPSS
Exploits1References6Affected Software1
PyPA
PyPA
•added 2026/07/02 2:13 p.m.•4 views

Improper Restriction of XML External Entity Reference in trytond and proteus

An XXE issue was discovered in Tryton Application Platform Server 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform Command Line Client proteus 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An authenticated user...

6.5CVSS6.8AI score0.01374EPSS
Exploits1References10Affected Software1
PyPA
PyPA
•added 2026/07/02 2:13 p.m.•4 views

XML Entity Expansion in trytond and proteus

An XML Entity Expansion XEE issue was discovered in Tryton Application Platform Server 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform Command Line Client proteus 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. A...

7.5CVSS7.1AI score0.01927EPSS
Exploits0References10Affected Software1
PyPA
PyPA
•added 2026/07/02 2:13 p.m.•4 views

Open Redirect in CPython that affects users of OpenStack Nova

A vulnerability was found in CPython which is used by openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL...

6.1CVSS6.8AI score0.26792EPSS
Exploits1References12Affected Software1
PyPA
PyPA
•added 2026/07/02 2:13 p.m.•4 views

open redirect in pollbot

From https://bugzilla.mozilla.org/showbug.cgi?id=1753838Summary:There was an open redirection vulnerability in the path of:https://pollbot.services.mozilla.com/ and https://pollbot.stage.mozaws.net/Description:An attacker can redirect anyone to malicious sites.Steps To Reproduce:Type in this...

6.1CVSS6.4AI score0.00426EPSS
Exploits0References9Affected Software1
PyPA
PyPA
•added 2026/07/02 2:13 p.m.•4 views

Out of bounds read in Tensorflow

ImpactThe TFG dialect of TensorFlow MLIR makes several assumptions about the incoming GraphDef before converting it to the MLIR-based dialect.If an attacker changes the SavedModel format on disk to invalidate these assumptions and the GraphDef is then converted to MLIR-based IR then they can caus...

8.8CVSS6.2AI score0.00142EPSS
Exploits0References6Affected Software1
PyPA
PyPA
•added 2026/07/02 2:13 p.m.•4 views

Open Redirect in django-spirit

django-spirit prior to version 0.12.3 is vulnerable to open redirect. In the /user/login endpoint, it doesn't check the value of the next parameter when the user is logged in and passes it directly to redirect which result to open redirect. This also affects /user/logout, /user/register,...

6.1CVSS6AI score0.0262EPSS
Exploits1References6Affected Software1
PyPA
PyPA
•added 2026/07/02 2:13 p.m.•7 views

calibre-web is vulnerable to Cross-Site Request Forgery (CSRF)

calibre-web is vulnerable to Cross-Site Request Forgery CSRF...

8.8CVSS7.1AI score0.0054EPSS
Exploits1References6Affected Software1
PyPA
PyPA
•added 2026/07/02 2:13 p.m.•3 views

APM Java Agent Local Privilege Escalation

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. Using this vector, a malicious or compromised user account could use the agent to run commands at a higher level of...

7.8CVSS7AI score0.00208EPSS
Exploits0References5Affected Software1
PyPA
PyPA
•added 2026/07/02 2:13 p.m.•4 views

Cross-site Scripting in Ericsson CodeChecker

In Ericsson CodeChecker prior to 6.18.2, a Stored Cross-site scripting XSS vulnerability in the comments component of the reports viewer allows remote attackers to inject arbitrary web script or HTML via the POST JSON data of the /CodeCheckerService API...

6.1CVSS6.6AI score0.01626EPSS
Exploits1References12Affected Software1
PyPA
PyPA
•added 2026/07/02 2:13 p.m.•4 views

Code injection in FreeIPA

A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function berscanf was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated attacker who could trigger...

8.8CVSS7AI score0.06329EPSS
Exploits0References13Affected Software1
PyPA
PyPA
•added 2026/07/02 2:13 p.m.•4 views

calibre-web is vulnerable to Cross-site Scripting

calibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

7.3CVSS6.7AI score0.00802EPSS
Exploits1References6Affected Software1
PyPA
PyPA
•added 2026/07/02 2:13 p.m.•4 views

Cross Site Request Forgery in mailman

In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request using that token to set a new admin password or make other changes...

8.8CVSS6.9AI score0.0073EPSS
Exploits0References6Affected Software1
PyPA
PyPA
•added 2026/07/02 2:13 p.m.•4 views

Classic Buffer Overflow in pyo

Buffer Overflow Vulnerability exists in ajaxsoundstudio.com in Pyo 1.03 in the Serverdebug function, which allows remote attackers to conduct DoS attacks by deliberately passing on an overlong audio file name...

7.5CVSS7.1AI score0.01389EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2026/07/02 2:13 p.m.•3 views

Path Traversal in nemo-toolkit

NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp, in which ../ Path Traversal may lead to deletion of any directory when admin privileges are available...

4.4CVSS6AI score0.00298EPSS
Exploits0References5Affected Software1
PyPA
PyPA
•added 2026/07/02 2:13 p.m.•6 views

Cross-site scripting vulnerability in TinyMCE plugins

ImpactA cross-site scripting XSS vulnerability was discovered in the URL processing logic of the image and link plugins. The vulnerability allowed arbitrary JavaScript execution when updating an image or link using a specially crafted URL. This issue only impacted users while editing and the...

6.1CVSS6.5AI score0.00956EPSS
Exploits1References8Affected Software1
PyPA
PyPA
•added 2026/07/02 2:13 p.m.•4 views

Out-of-bounds Write in OpenCV

In opencv calls that use libpng, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges required. User interaction is not required for exploitation. Product: AndroidVersions: Android-10Android...

7.8CVSS7.2AI score0.00293EPSS
Exploits0References9Affected Software1
PyPA
PyPA
•added 2026/07/02 2:13 p.m.•4 views

Out-of-bounds Read in OpenCV

An out-of-bounds read was discovered in OpenCV before 4.1.1 OpenCV-Python before 4.1.0.25. Specifically, variable coarsestscale is assumed to be greater than or equal to finestscale within the calc/oclcalc functions in disflow.cpp. However, this is not true when dealing with small images, leading...

6.5CVSS6.3AI score0.01742EPSS
Exploits1References8Affected Software1
PyPA
PyPA
•added 2026/07/02 2:13 p.m.•4 views

Out-of-bounds Write in OpenCV.

In OpenCV 3.3.1 corresponding with OpenCV-Python 3.3.1.11, a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmtjpeg2000.cpp when parsing a crafted image file...

5.5CVSS6.8AI score0.01507EPSS
Exploits1References10Affected Software1
PyPA
PyPA
•added 2026/07/02 2:13 p.m.•4 views

Out-of-bounds Write in OpenCV

An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, version 4.1.0 corresponds with OpenCV-Python version 4.1.2.30. A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code...

8.8CVSS7.5AI score0.10618EPSS
Exploits1References10Affected Software1
PyPA
PyPA
•added 2026/07/02 2:13 p.m.•4 views

Out-of-bounds Read in OpenCV

OpenCV 4.1.1 has an out-of-bounds read in halbaseline::vload in core/hal/intrinsse.hpp when called from computeSSDMeanNorm in modules/video/src/disflow.cpp...

5.3CVSS6.1AI score0.01662EPSS
Exploits0References8Affected Software1
PyPA
PyPA
•added 2026/07/02 2:13 p.m.•4 views

Information disclosure vulnerability in OnionShare

An information disclosure vulnerability in OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to retrieve the full list of participants of a non-public OnionShare node via the --chat feature...

5.3CVSS6.7AI score0.01737EPSS
Exploits1References6Affected Software1
PyPA
PyPA
•added 2026/07/02 2:13 p.m.•4 views

Out-of-bounds Write in OpenCV

An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV 4.1.0 corresponds with OpenCV-Python 4.1.0.25. A specially crafted XML file can cause a buffer overflow, resulting in multiple heap corruptions and potential code execution. An...

8.8CVSS7.5AI score0.20947EPSS
Exploits1References9Affected Software1
PyPA
PyPA
•added 2026/07/02 2:13 p.m.•3 views

NULL Pointer Dereference in OpenCV.

An issue was discovered in OpenCV before 4.1.1 OpenCV-Python before 4.1.1.26. There is a NULL pointer dereference in the function cv::XMLParser::parse at modules/core/src/persistence.cpp...

7.5CVSS6.8AI score0.0337EPSS
Exploits1References7Affected Software1
PyPA
PyPA
•added 2026/07/02 2:13 p.m.•4 views

Out-of-bounds Read in OpenCV

An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1 OpenCV-Python before 3.4.7.28 and 4.x before 4.1.1.26. There is an out of bounds read in the function cv::predictOrdered in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service...

8.2CVSS6.7AI score0.02647EPSS
Exploits1References8Affected Software1
PyPA
PyPA
•added 2026/07/02 2:13 p.m.•3 views

Integer Overflow or Wraparound in OpenCV

In opencv/modules/imgcodecs/src/grfmtpxm.cpp, function ReadNumber did not checkout the input length, which lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects OpenCV 3.3 corresponding with OpenCV-Python version 3.3.0.9 and...

8.8CVSS7.4AI score0.02699EPSS
Exploits0References9Affected Software1
PyPA
PyPA
•added 2026/07/02 2:13 p.m.•3 views

Improper Restriction of Operations within the Bounds of a Memory Buffer in OpenCV

OpenCV 3.3.1 corresponding with opencv-python and opencv-contrib-python 3.3.1.11 has a Buffer Overflow in the cv::PxMDecoder::readData function in grfmtpxm.cpp, because an incorrect size value is used...

6.5CVSS6.6AI score0.0224EPSS
Exploits0References10Affected Software1
PyPA
PyPA
•added 2026/07/02 2:13 p.m.•4 views

Divide By Zero in OpenCV.

An issue was discovered in OpenCV 4.1.0 OpenCV-Python 4.1.0.25. There is a divide-by-zero error in cv::HOGDescriptor::getDescriptorSize in modules/objdetect/src/hog.cpp...

5.9CVSS6.7AI score0.02351EPSS
Exploits1References8Affected Software1
PyPA
PyPA
•added 2026/07/02 2:13 p.m.•5 views

Out-of-bounds Read and Out-of-bounds Write in OpenCV

An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1 OpenCV-Python before 3.4.7.28 and 4.x before 4.1.1.26. There is an out of bounds read/write in the function HaarEvaluator::OptFeature::calc in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service...

7.5CVSS6.7AI score0.0276EPSS
Exploits1References8Affected Software1
Total number of security vulnerabilities7044