Python Exploits

6,614 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-110136 EXPLOITDB python
Online Leave Management System 1.0 - Arbitrary File Upload to Shell (Unauthenticated)
by Justin White
CVE-2021-3441 EXPLOITDB MEDIUM python
HP OfficeJet 7110 Firmware >=2117a - Cross-Site Scripting
A potential security vulnerability has been identified for the HP OfficeJet 7110 Wide Format ePrinter that enables Cross-Site Scripting (XSS).
by Tyler Butler
CVSS 4.8
EIP-2026-111680 EXPLOITDB python
RaspAP 2.6.6 - Remote Code Execution (RCE) (Authenticated)
by Moritz Gruber
EIP-2026-110198 EXPLOITDB python
Online Traffic Offense Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated)
by Halit AKAYDIN
CVE-2023-27040 EXPLOITDB CRITICAL python
Simple Image Gallery Web App 1.0 - Remote Code Execution via Username Parameter
Simple Image Gallery v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the username parameter.
by Tagoletta
CVSS 9.8
CVE-2006-1236 EXPLOITDB python
CrossFire 1.9.0 - Buffer Overflow via Long Setup Sound Command
Buffer overflow in the SetUp function in socket/request.c in CrossFire 1.9.0 allows remote attackers to execute arbitrary code via a long setup sound command, a different vulnerability than CVE-2006-1010.
by Khaled Salem
CVE-2021-38841 EXPLOITDB HIGH python
Simple Water Refilling Station Management System 1.0 - RCE
Remote Code Execution can occur in Simple Water Refilling Station Management System 1.0 via the System Logo option on the system_info page in classes/SystemSettings.php with an update_settings action.
by Matt Sorrell
CVSS 8.8
CVE-2021-38840 EXPLOITDB CRITICAL python
Simple Water Refilling Station Management System 1.0 - SQL Injection
SQL Injection can occur in Simple Water Refilling Station Management System 1.0 via the water_refilling/classes/Login.php username parameter.
by Matt Sorrell
CVSS 9.8
CVE-2021-38834 EXPLOITDB HIGH python
easy-mock <1.6.0 - Command Injection
easy-mock v1.5.0-v1.6.0 allows remote attackers to bypass the vm2 sandbox and execute arbitrary system commands through special js code.
by LionTree
CVSS 8.8
CVE-2021-4466 EXPLOITDB HIGH python
IPCop <= 2.1.9 - Authenticated Remote Code Execution via Email Configuration
IPCop versions up to and including 2.1.9 contain an authenticated remote code execution vulnerability within the web-based administration interface. The email configuration component inserts user-controlled values, including the EMAIL_PW parameter, directly into system-level operations without proper input sanitation. By modifying the email password field to include shell metacharacters and issuing a save-and-test-mail action, an authenticated attacker can execute arbitrary operating system commands with the privileges of the web interface, resulting in full system compromise.
by Mücahit Saratar
CVE-2020-35848 EXPLOITDB CRITICAL python
Agentejo Cockpit < 0.11.2 - NoSQL Injection via Auth Controller New Password Function
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function.
by Brian Ombongi
CVSS 9.8
CVE-2021-29281 EXPLOITDB CRITICAL python
GFI Archiver <= 15.1 - Unauthenticated Arbitrary File Upload via Telerik Web UI Plugin
File upload vulnerability in GFI Mail Archiver versions up to and including 15.1 via insecure implementation of Telerik Web UI plugin which is affected by CVE-2014-2217, and CVE-2017-11317.
by Amin Bohio
CVSS 9.8
EIP-2026-109583 EXPLOITDB python
Moodle 3.9 - Remote Code Execution (RCE) (Authenticated)
by lanz
CVE-2020-7246 EXPLOITDB HIGH python VERIFIED
qdPM < 9.1 - Authenticated Remote Code Execution via Profile Photo Path Traversal
A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code file via the profile photo functionality, by leveraging a path traversal vulnerability in the users['photop_preview'] delete photo feature, allowing bypass of .htaccess protection. NOTE: this issue exists because of an incomplete fix for CVE-2015-3884.
by Leon Trappett
CVSS 8.8
EIP-2026-107651 EXPLOITDB python
Hotel Management System 1.0 - Cross-Site Scripting (XSS) Arbitrary File Upload Remote Code Execution (RCE)
by Merbin Russel
CVE-2021-29995 EXPLOITDB HIGH python
CloverDX < 5.7.1 - Cross-Site Request Forgery in Server Console
A Cross Site Request Forgery (CSRF) issue in Server Console in CloverDX through 5.9.0 allows remote attackers to execute any action as the logged-in user (including script execution). The issue is resolved in CloverDX 5.10, CloverDX 5.9.1, CloverDX 5.8.2, and CloverDX 5.7.1.
by niebardzo
CVSS 8.8
EIP-2026-106935 EXPLOITDB python
Event Registration System with QR Code 1.0 - Authentication Bypass
by Javier Olmedo
EIP-2026-110632 EXPLOITDB python
PHP 7.3.15-3 - 'PHP_SESSION_UPLOAD_PROGRESS' Session Data Injection
by S1lv3r
CVE-2021-47798 EXPLOITDB CRITICAL python
NoteBurner 2.35 - Denial of Service via License Code Input Buffer Overflow
NoteBurner 2.35 contains a buffer overflow vulnerability in the license code input field that allows attackers to crash the application. Attackers can generate a 6000-byte payload and paste it into the 'Name' and 'Code' fields to trigger an application crash.
by stresser
CVSS 9.8
CVE-2021-47797 EXPLOITDB HIGH python
Leawo Prof. Media 11.0.0.1 - Denial of Service via Oversized Activation Keycode
Leawo Prof. Media 11.0.0.1 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized payload in the activation keycode field. Attackers can generate a 6000-byte buffer of repeated characters to trigger an application crash when pasted into the registration interface.
by stresser
CVSS 7.5
CVE-2021-22146 EXPLOITDB HIGH python
Elastic Cloud Enterprise - Info Disclosure
All versions of Elastic Cloud Enterprise has the Elasticsearch “anonymous” user enabled by default in deployed clusters. While in the default setting the anonymous user has no permissions and is unable to successfully query any Elasticsearch APIs, an attacker could leverage the anonymous user to gain insight into certain details of a deployed cluster.
by Joan Martinez
CVSS 7.5
CVE-2021-22145 EXPLOITDB MEDIUM python
Elasticsearch 7.10.0-7.13.3 - Memory Disclosure via Malformed Query Error Message
A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query that would result in an error message returned containing previously used portions of a data buffer. This buffer could contain sensitive information such as Elasticsearch documents or authentication details.
by r0ny
CVSS 6.5
CVE-2020-1147 EXPLOITDB HIGH python
.NET Framework, SharePoint Server, and Visual Studio - Remote Code Execution via XML Input Deserialization
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.
by Podalirius
CVSS 7.8
CVE-2021-31761 EXPLOITDB CRITICAL python
Webmin 1.973 - Reflected Cross-Site Scripting to Remote Command Execution via Running Process Feature
Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through Webmin's running process feature.
by Mesh3l_911
CVSS 9.6
CVE-2022-25012 EXPLOITDB MEDIUM python VERIFIED
Argus Surveillance DVR 4.0 - Inadequate Encryption Strength
Argus Surveillance DVR v4.0 employs weak password encryption.
by Salman Asad
CVSS 5.5
By Source
All 6,614 Writeup 62,526 Exploitdb 50,076 Nomisec 22,480 Github 3,713 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 480 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,614 ruby 6,006 c 3,635 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 231 shell 137 go 73 postscript 25 typescript 25