Python Exploits

5,840 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-107616 EXPLOITDB python
Horde Imp - 'imap_open' Remote Command Execution
by Paolo Serracino_ Pietro Minniti_ Damiano Proietti
EIP-2026-101828 EXPLOITDB python
Lenovo R2105 - Cross-Site Request Forgery (Command Execution)
by Nathu Nandwani
CVE-2019-25625 EXPLOITDB MEDIUM python
Blob Studio 2.17 Denial of Service via Malformed Input
Blob Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the key entry mechanism. Attackers can create a text file with a large buffer of repeated characters and trigger the application to read it, causing the application to crash or become unresponsive.
by Ihsan Sencan
CVSS 6.2
CVE-2019-25624 EXPLOITDB MEDIUM python
Liquid Studio 2.17 Denial of Service via Malformed Input
Liquid Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can trigger the vulnerability by entering arbitrary characters during application runtime, causing the application to become unresponsive or terminate abnormally.
by Ihsan Sencan
CVSS 6.2
CVE-2019-25623 EXPLOITDB MEDIUM python
Luminance Studio 2.17 Denial of Service via Malformed Input
Luminance Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can create a text file with arbitrary character sequences and trigger the application to process the input, causing the application to become unresponsive or terminate abnormally.
by Ihsan Sencan
CVSS 6.2
CVE-2019-25622 EXPLOITDB MEDIUM python
Paint Studio 2.17 Denial of Service via Malformed Input
Paint Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the key entry mechanism. Attackers can create a text file with a large buffer of characters and trigger the application to read it, causing the application to crash and become unavailable.
by Ihsan Sencan
CVSS 6.2
CVE-2019-25621 EXPLOITDB MEDIUM python
Pixel Studio 2.17 Denial of Service via Malformed Input
Pixel Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can trigger the vulnerability by entering arbitrary characters, causing the application to become unresponsive or terminate abnormally.
by Ihsan Sencan
CVSS 6.2
CVE-2019-25620 EXPLOITDB MEDIUM python
Tree Studio 2.17 Denial of Service via Malformed Input
Tree Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can trigger the vulnerability by entering arbitrary characters during application runtime, causing the application to become unresponsive or terminate abnormally.
by Ihsan Sencan
CVSS 6.2
EIP-2026-116976 EXPLOITDB python
Code Blocks 17.12 - Local Buffer Overflow (SEH) (Unicode)
by bzyo
EIP-2026-116975 EXPLOITDB python
Code Blocks 17.12 - Local Buffer Overflow (SEH) (Unicode)
by bzyo
EIP-2026-116232 EXPLOITDB python
Selfie Studio 2.17 - Denial of Service (PoC)
by Ihsan Sencan
EIP-2026-116231 EXPLOITDB python
Selfie Studio 2.17 - Denial of Service (PoC)
by Ihsan Sencan
CVE-2019-6111 EXPLOITDB MEDIUM python
Openbsd Openssh < 7.9 - Path Traversal
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).
by Harry Sintonen
CVSS 5.9
CVE-2018-25258 EXPLOITDB HIGH python
RGui 3.5.0 Local Buffer Overflow SEH DEP Bypass
RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can craft malicious input in the Language for menus and messages field to trigger a stack-based buffer overflow, execute a ROP chain for VirtualAlloc allocation, and achieve arbitrary code execution.
by bzyo
CVSS 8.4
CVE-2019-9622 EXPLOITDB MEDIUM python
eBrigade <4.5 - Path Traversal
eBrigade through 4.5 allows Arbitrary File Download via ../ directory traversal in the showfile.php file parameter, as demonstrated by reading the user-data/save/backup.sql file.
by AkkuS
CVSS 4.3
CVE-2019-25709 EXPLOITDB CRITICAL python
CF Image Hosting Script 1.6.5 Unauthorized Database Access
CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the application database by accessing the imgdb.db file in the upload/data directory. Attackers can extract delete IDs stored in plaintext from the deserialized database and use them to delete all pictures via the d parameter.
by David Tavarez
CVSS 9.8
CVE-2019-25712 EXPLOITDB MEDIUM python
BlueAuditor 1.7.2.0 Buffer Overflow Denial of Service via Registration Key
BlueAuditor 1.7.2.0 contains a buffer overflow vulnerability in the registration key field that allows local attackers to crash the application by submitting an oversized key value. Attackers can trigger a denial of service by entering a 256-byte buffer of repeated characters in the Key registration field, causing the application to crash during registration processing.
by Luis Martínez
CVSS 6.2
CVE-2019-25711 EXPLOITDB MEDIUM python
SpotFTP Password Recover 2.4.2 Denial of Service via Name Field
SpotFTP Password Recover 2.4.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized buffer in the Name field during registration. Attackers can generate a 256-byte payload, paste it into the Name input field, and trigger a crash when submitting the registration code.
by Luis Martínez
CVSS 6.2
EIP-2026-115272 EXPLOITDB python
Foscam Video Management System 1.1.4.9 - 'Username' Denial of Service (PoC)
by Luis Martínez
EIP-2026-115271 EXPLOITDB python
Foscam Video Management System 1.1.4.9 - 'Username' Denial of Service (PoC)
by Luis Martínez
CVE-2014-5395 EXPLOITDB python
Huawei E5180s-22 Firmware - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI before V100R007B100D03SP01C03, E5180s-22 before 21.270.21.00.00, and E586Bs-2 before 21.322.10.00.889 allow remote attackers to hijack the authentication of users for requests that (1) modify configurations, (2) send SMS messages, or have other unspecified impact via unknown vectors.
by Nathu Nandwani
EIP-2026-119603 EXPLOITDB python
NetworkSleuth 3.0.0.0 - 'Key' Denial of Service (PoC)
by Luis Martínez
EIP-2026-119602 EXPLOITDB python
NetworkSleuth 3.0.0.0 - 'Key' Denial of Service (PoC)
by Luis Martínez
EIP-2026-119600 EXPLOITDB python
NBMonitor Network Bandwidth Monitor 1.6.5.0 - 'Name' Denial of Service (PoC)
by Luis Martínez
EIP-2026-119599 EXPLOITDB python
NBMonitor Network Bandwidth Monitor 1.6.5.0 - 'Name' Denial of Service (PoC)
by Luis Martínez
By Source
All 5,840 Exploitdb 50,135 Writeup 46,974 Nomisec 21,281 Metasploit 3,228 Github 2,465 Vulncheck_xdb 900 Inthewild 518 Gitlab 440 Gitee 415 Patchapalooza 312
By Language
text 31,346 ruby 5,959 python 5,840 c 3,571 perl 2,854 html 2,055 php 1,334 bash 459 java 361 javascript 260 c++ 247 shell 89 go 48 postscript 25 xml 24