JawadPy

10 exploits Active since Jun 2021
CVE-2025-43919 GITHUB MEDIUM python WORKING POC
GNU Mailman 2.1.1-2.1.38 - Unauthenticated Path Traversal via Username Parameter
GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to read arbitrary files via ../ directory traversal at /mailman/private/mailman (aka the private archive authentication endpoint) via the username parameter. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used.
1 stars
CVSS 5.8
CVE-2023-41105 GITHUB HIGH python WORKING POC
Python 3.11.0-3.11.4 - Untrusted Search Path via os.path.normpath()
An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x.
1 stars
CVSS 7.5
CVE-2023-43804 GITHUB MEDIUM python WORKING POC
urllib3 <1.26.17, <2.0.5 - Info Disclosure
urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.
1 stars
CVSS 5.9
CVE-2021-24321 GITHUB CRITICAL python NO CODE
Bello WordPress Theme < 1.6.0 - SQL Injection via Unsanitized Listing Parameters
The Bello - Directory & Listing WordPress theme before 1.6.0 did not sanitise the bt_bb_listing_field_price_range_to, bt_bb_listing_field_now_open, bt_bb_listing_field_my_lng, listing_list_view and bt_bb_listing_field_my_lat parameters before using them in a SQL statement, leading to SQL Injection issues
1 stars
CVSS 9.8
CVE-2021-24891 GITHUB MEDIUM python NO CODE
Elementor Website Builder 1.5.0-3.1.4 - DOM Cross-Site Scripting via Malicious Hash
The Elementor Website Builder WordPress plugin before 3.4.8 does not sanitise or escape user input appended to the DOM via a malicious hash, resulting in a DOM Cross-Site Scripting issue.
1 stars
CVSS 6.1
CVE-2022-22817 GITHUB CRITICAL python WORKING POC
Pillow < 9.0.1 - Remote Code Execution via ImageMath.eval Expression Injection
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used.
1 stars
CVSS 9.8
CVE-2023-24329 GITHUB HIGH python WORKING POC
Python < 3.11.4 - URL Blocklist Bypass via Leading Blank Characters in urllib.parse
An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.
1 stars
CVSS 7.5
CVE-2023-30861 GITHUB HIGH python WORKING POC
Flask < 2.2.5 and 2.3.0-2.3.2 - Session Cookie Exposure via Caching Proxy
Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches `Set-Cookie` headers, it may send one client's `session` cookie to other clients. The severity depends on the application's use of the session and the proxy's behavior regarding cookies. The risk depends on all these conditions being met. 1. The application must be hosted behind a caching proxy that does not strip cookies or ignore responses with cookies. 2. The application sets `session.permanent = True` 3. The application does not access or modify the session at any point during a request. 4. `SESSION_REFRESH_EACH_REQUEST` enabled (the default). 5. The application does not set a `Cache-Control` header to indicate that a page is private or should not be cached. This happens because vulnerable versions of Flask only set the `Vary: Cookie` header when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified. This issue has been fixed in versions 2.3.2 and 2.2.5.
1 stars
CVSS 7.5
CVE-2023-46136 NOMISEC HIGH WORKING POC
Werkzeug < 2.3.8 and 3.0.0 - Denial of Service via Crafted Multipart Data
Werkzeug is a comprehensive WSGI web application library. In versions on the 3.x branch prior to 3.0.1 and on the 2.x branch prior to 2.3.8, if an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is performed on growing buffer. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. This vulnerability has been patched in version 3.0.1 and 2.3.8.
CVSS 8.0
CVE-2023-24329 NOMISEC HIGH WORKING POC
Python < 3.11.4 - URL Blocklist Bypass via Leading Blank Characters in urllib.parse
An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.
CVSS 7.5