Python Exploits

6,615 exploits tracked across all sources.

Sort: Activity Stars
CVE-2022-25012 EXPLOITDB MEDIUM python VERIFIED
Argus Surveillance DVR 4.0 - Inadequate Encryption Strength
Argus Surveillance DVR v4.0 employs weak password encryption.
by Salman Asad
CVSS 5.5
CVE-2021-35464 EXPLOITDB CRITICAL python
ForgeRock Access Management < 6.5.4 & OpenAM 9.0.0-14.6.3 - RCE via Jato PageSession Deserialization
ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/* request to the server. The vulnerability exists due to the usage of Sun ONE Application Framework (JATO) found in versions of Java 8 or earlier
by Photubias
CVSS 9.8
EIP-2026-101972 EXPLOITDB python
Seagate BlackArmor NAS sg2000-2000.1331 - Command Injection
by Metin Yunus Kandemir
CVE-2021-25155 EXPLOITDB MEDIUM python
Aruba Instant <6.4.4.8-4.2.4.17 <6.5.4.18 <8.3.0.14 <8.5.0.11 - Remote Arbitrary File Modification
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
by Gr33nh4t
CVSS 6.5
CVE-2021-42362 EXPLOITDB HIGH python
WordPress Popular Posts <= 5.3.2 - Authenticated Arbitrary File Upload in Image.php
The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image.php file which makes it possible for attackers with contributor level access and above to upload malicious files that can be used to obtain remote code execution, in versions up to and including 5.3.2.
by Simone Cristofaro
CVSS 8.8
EIP-2026-110380 EXPLOITDB python
osCommerce 2.3.4.1 - Remote Code Execution (2)
by Bryan Leong
CVE-2021-25162 EXPLOITDB HIGH python
Aruba Instant <=8.7.1.1 Remote Code Execution
A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
by Aleph Security
CVSS 8.1
CVE-2021-31762 EXPLOITDB HIGH python
Webmin 1.973 - Cross-Site Request Forgery via User Addition Feature
Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature.
by Mesh3l_911
CVSS 8.8
EIP-2026-107347 EXPLOITDB python
Garbage Collection Management System 1.0 - SQL Injection + Arbitrary File Upload
by Luca Bernardi
EIP-2026-105846 EXPLOITDB python
Church Management System 1.0 - SQL Injection (Authentication Bypass) + Arbitrary File Upload + RCE
by Eleonora Guardini
CVE-2021-36622 EXPLOITDB CRITICAL python
Online Covid Vaccination Scheduler System 1.0 - Arbitrary File Upload via Admin Profile Photo
Sourcecodester Online Covid Vaccination Scheduler System 1.0 is affected vulnerable to Arbitrary File Upload. The admin panel has an upload function of profile photo accessible at http://localhost/scheduler/admin/?page=user. An attacker could upload a malicious file such as shell.php with the Content-Type: image/png. Then, the attacker have to visit the uploaded profile photo to access the shell.
by faisalfs10x
CVSS 9.8
EIP-2026-114078 EXPLOITDB python
Wordpress Plugin SP Project & Document Manager 4.21 - Remote Code Execution (RCE) (Authenticated)
by Ron Jost
EIP-2026-106952 EXPLOITDB python
Exam Hall Management System 1.0 - Unrestricted File Upload + RCE (Unauthenticated)
by Davide \'yth1n\' Bianchin
CVE-2018-15877 EXPLOITDB HIGH python
Plainview Activity Monitor < 20180826 - OS Command Injection via IP Parameter
The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainview_activity_monitor&tab=activity_tools request.
by Beren Kuday GÖRÜN
CVSS 8.8
CVE-2021-22911 EXPLOITDB CRITICAL python VERIFIED
Rocket.Chat 3.11-3.13 - Unauthenticated NoSQL Injection and Remote Code Execution
A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE.
by enox
CVSS 9.8
CVE-2021-47977 EXPLOITDB HIGH python
WordPress Anti-Malware Security Bruteforce Firewall 4.20.59 Directory Traversal
WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the file parameter. Attackers can send requests to the duplicator_download action via admin-ajax.php with path traversal sequences to access sensitive system files outside the intended directory.
by TheSmuggler
CVSS 7.5
CVE-2019-14322 EXPLOITDB HIGH python
Pallets Werkzeug <0.15.5 - Path Traversal
In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames.
by faisalfs10x
CVSS 7.5
EIP-2026-105481 EXPLOITDB python
Billing System Project 1.0 - Remote Code Execution (RCE) (Unauthenticated)
by Talha DEMİRSOY
EIP-2026-101865 EXPLOITDB python
Netgear DGN2200v1 - Remote Command Execution (RCE) (Unauthenticated)
by SivertPL
EIP-2026-101568 EXPLOITDB python
Black Box Kvm Extender 3.4.31307 - Local File Inclusion
by Ferhat Çil
CVE-2021-47976 EXPLOITDB HIGH python
TextPattern CMS 4.9.0-dev Authenticated Remote Code Execution via Plugin Upload
TextPattern CMS 4.9.0-dev contains a remote code execution vulnerability that allows authenticated attackers to upload arbitrary PHP files by exploiting the plugin upload functionality. Attackers can authenticate, retrieve a CSRF token from the plugin event page, and upload malicious PHP files to the textpattern/tmp/ directory for code execution.
by Mevlüt Akçam
CVSS 8.8
CVE-2021-43484 EXPLOITDB CRITICAL python
Simple Client Management System 1.0 - RCE
A Remote Code Execution (RCE) vulnerability exists in Simple Client Management System 1.0 in create.php due to the failure to validate the extension of the file being sent in a request.
by Ishan Saha
CVSS 9.8
CVE-2021-24155 EXPLOITDB HIGH python
Backup Guard < 1.6.0 - Authenticated Arbitrary File Upload via SGBP Import
The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+) to upload arbitrary files, including PHP ones, leading to RCE.
by Ron Jost
CVSS 7.2
EIP-2026-110204 EXPLOITDB python
Online Voting System 1.0 - SQLi (Authentication Bypass) + Remote Code Execution (RCE)
by Geiseric
EIP-2026-101959 EXPLOITDB python
Ricon Industrial Cellular Router S9922XL - Remote Command Execution (RCE)
by LiquidWorm
By Source
All 6,615 Writeup 62,527 Exploitdb 50,076 Nomisec 22,481 Github 3,717 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 480 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,615 ruby 6,006 c 3,635 perl 2,849 html 2,076 php 1,334 bash 462 java 371 c++ 261 javascript 231 shell 137 go 73 postscript 25 typescript 25