Python Exploits

6,634 exploits tracked across all sources.

Sort: Activity Stars
CVE-2020-28871 EXPLOITDB CRITICAL python VERIFIED
Monitorr 1.7.6m - Unauthenticated Remote Code Execution via Insecure File Upload
Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload.
by Lyhin\'s Lab
CVSS 9.8
EIP-2026-114049 EXPLOITDB python
WordPress Plugin Simple File List 4.2.2 - Arbitrary File Upload
by H4rk3nz0
EIP-2026-102354 EXPLOITDB python
Apache Flink 1.9.x - File Upload RCE (Unauthenticated)
by bigger.wing
EIP-2026-112081 EXPLOITDB python
Simple College Website 1.0 - 'username' SQL Injection / Remote Code Execution
by yunaranyancat
EIP-2026-104201 EXPLOITDB python
Citadel WebCit < 926 - Session Hijacking Exploit
by Simone Quatrini
EIP-2026-102433 EXPLOITDB python
WebLogic Server 10.3.6.0.0 / 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 - Unauthenticated RCE via GET request
by Mohammed Althibyani
CVE-2020-5791 EXPLOITDB HIGH python
Nagios XI 5.6.0-5.7.3 - Mibs.php Authenticated Remote Code Exection
Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user.
by Matthew Aberegg
CVSS 7.2
EIP-2026-102944 EXPLOITDB python
PackageKit < 1.1.13 - File Existence Disclosure
by Vaisha Bernard
EIP-2026-102779 EXPLOITDB python
aptdaemon < 1.1.1 - File Existence Disclosure
by Vaisha Bernard
EIP-2026-112381 EXPLOITDB python
Sphider Search Engine 1.3.6 - 'word_upper_bound' RCE (Authenticated)
by Gurkirat Singh
CVE-2019-15813 EXPLOITDB HIGH python
Sentrifugo 3.2 - Authenticated Arbitrary File Upload via Restriction Bypass
Multiple file upload restriction bypass vulnerabilities in Sentrifugo 3.2 could allow authenticated users to execute arbitrary code via a webshell.
by Gurkirat Singh
CVSS 8.8
EIP-2026-101294 EXPLOITDB python
GoAhead Web Server 5.1.1 - Digest Authentication Capture Replay Nonce Reuse
by LiquidWorm
CVE-2020-28870 EXPLOITDB CRITICAL python VERIFIED
InoERP 0.7.2 - Unauthenticated Remote Code Execution via /modules/sys/form_personalization/json_fp.php
In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code on the server side due to lack of validations in /modules/sys/form_personalization/json_fp.php.
by Lyhin\'s Lab
CVSS 9.8
CVE-2017-16783 EXPLOITDB CRITICAL python
CMS Made Simple 2.1.6 - Server-Side Template Injection via cntnt01detailtemplate Parameter
In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter.
by Gurkirat Singh
CVSS 9.8
CVE-2020-37002 EXPLOITDB CRITICAL python
Ajenti 2.1.36 - Authenticated Remote Code Execution via Terminal API
Ajenti 2.1.36 contains a post-authenticated remote command execution vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/terminal/create endpoint to send a netcat reverse shell payload targeting a specified IP and port.
by Ahmet Ümit BAYRAM
CVSS 9.8
EIP-2026-112617 EXPLOITDB python VERIFIED
TextPattern CMS 4.8.3 - Remote Code Execution (Authenticated)
by 0blio_
CVE-2019-17240 EXPLOITDB CRITICAL python VERIFIED
Bludit 3.9.2 - Authentication Bruteforce Mitigation Bypass via X-Forwarded-For Header
bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.
by Mayank Deshmukh
CVSS 9.8
EIP-2026-112680 EXPLOITDB python
Tiki Wiki CMS Groupware 21.1 - Authentication Bypass
by Maximilian Barz
CVE-2020-37004 EXPLOITDB HIGH python
Ultimate Project Manager CRM PRO 2.0.5 - SQL Injection
The Ultimate Project Manager CRM PRO version 2.0.5 contains a blind SQL injection vulnerability that allows attackers to extract usernames and password hashes from the tbl_users database table. Attackers can exploit the /frontend/get_article_suggestion/ endpoint by crafting malicious search parameters to progressively guess and retrieve user credentials through boolean-based inference techniques.
by nag0mez
CVSS 8.2
EIP-2026-111777 EXPLOITDB python VERIFIED
RiteCMS 2.2.1 - Remote Code Execution (Authenticated)
by H0j3n
EIP-2026-102356 EXPLOITDB python
Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution
by Jonatas Fil
EIP-2026-101604 EXPLOITDB python
Comtrend AR-5387un router - Persistent XSS (Authenticated)
by OscarAkaElvis
CVE-2020-25790 EXPLOITDB HIGH python
Typesetter CMS 5.0-5.1 - Authenticated Remote Code Execution via ZIP Archive Upload
Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because "admins are considered trustworthy"; however, the behavior "contradicts our security policy" and is being fixed for 5.2
by Rodolfo Tavares
CVSS 7.2
EIP-2026-111964 EXPLOITDB python
Seat Reservation System 1.0 - Remote Code Execution (Unauthenticated)
by Rahul Ramkumar
EIP-2026-107652 EXPLOITDB python
Hotel Management System 1.0 - Remote Code Execution (Authenticated)
by Aporlorxl23
By Source
All 6,634 Writeup 62,596 Exploitdb 50,076 Nomisec 22,501 Github 3,746 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 483 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,634 ruby 6,006 c 3,635 perl 2,849 html 2,076 php 1,334 bash 462 java 371 c++ 261 javascript 231 shell 139 go 73 postscript 25 typescript 25