Python Exploits

6,637 exploits tracked across all sources.

Sort: Activity Stars
CVE-2020-2555 EXPLOITDB CRITICAL python
Oracle Coherence 3.7.1.0/12.1.3.0.0/12.2.1.3-4 - RCE
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
by nu11secur1ty
CVSS 9.8
CVE-2020-37126 EXPLOITDB CRITICAL python
Free Desktop Clock 3.0 - Buffer Overflow
Free Desktop Clock 3.0 contains a stack overflow vulnerability in the Time Zones display name input that allows attackers to overwrite Structured Exception Handler (SEH) registers. Attackers can exploit the vulnerability by crafting a malicious Unicode input that triggers an access violation and potentially execute arbitrary code.
by boku
CVSS 9.8
CVE-2019-20085 EXPLOITDB HIGH python
TVT NVMS-1000 Firmware - Path Traversal via GET Request
TVT NVMS-1000 devices allow GET /.. Directory Traversal
by Mohin Paramasivam
CVSS 7.5
EIP-2026-114832 EXPLOITDB python
AbsoluteTelnet 11.12 - 'SSH1/username' Denial of Service (PoC)
by chuyreds
EIP-2026-100943 EXPLOITDB python
Zen Load Balancer 3.10.1 - 'index.cgi' Directory Traversal
by Basim Alabdullah
CVE-2020-5735 EXPLOITDB HIGH python
Amcrest Cameras and NVR - Authenticated Stack-based Buffer Overflow via Port 37777
Amcrest cameras and NVR are vulnerable to a stack-based buffer overflow over port 37777. An authenticated remote attacker can abuse this issue to crash the device and possibly execute arbitrary code.
by Jacob Baines
CVSS 8.8
CVE-2020-37128 EXPLOITDB MEDIUM python
ZOC Terminal 7.25.5 - Denial of Service via Malicious REXX Script Processing
ZOC Terminal 7.25.5 contains a script processing vulnerability that allows local attackers to crash the application by loading a maliciously crafted REXX script file. Attackers can generate an oversized script with 20,000 repeated characters to trigger an application crash and cause a denial of service.
by chuyreds
CVSS 6.2
CVE-2020-37127 EXPLOITDB MEDIUM python
Dnsmasq-utils <2.79-1 - Buffer Overflow
Dnsmasq-utils 2.79-1 contains a buffer overflow vulnerability in the dhcp_release utility that allows attackers to cause a denial of service by supplying excessive input. Attackers can trigger a core dump and terminate the dhcp_release process by sending a crafted input string longer than 16 characters.
by JosueEncinar
CVSS 5.5
CVE-2025-34086 EXPLOITDB HIGH python
Bolt CMS <3.7.0 - Authenticated RCE
Bolt CMS versions 3.7.0 and earlier contain a chain of vulnerabilities that together allow an authenticated user to achieve remote code execution. A user with valid credentials can inject arbitrary PHP code into the displayname field of the user profile, which is rendered unsanitized in backend templates. The attacker can then list and rename cached session files via the /async/browse/cache/.sessions and /async/folder/rename endpoints. By renaming a .session file to a path under the publicly accessible /files/ directory with a .php extension, the attacker can turn the injected code into an executable web shell. Finally, the attacker triggers the payload via a crafted HTTP GET request to the rogue file. NOTE: The vendor announced that Bolt 3 reached end-of-life after 31 December 2021.
by r3m0t3nu11
CVSS 8.8
CVE-2020-37134 EXPLOITDB HIGH python
UltraVNC Viewer 1.2.4.0 - Denial of Service via Malformed VNC Server Input
UltraVNC Viewer 1.2.4.0 contains a denial of service vulnerability that allows attackers to crash the application by manipulating VNC Server input. Attackers can generate a malformed 256-byte payload and paste it into the VNC Server connection dialog to trigger an application crash.
by chuyreds
CVSS 7.5
CVE-2020-37133 EXPLOITDB HIGH python
UltraVNC < 1.2.4.0 - Denial of Service via Repeater Host Configuration Field
UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in the Repeater Host configuration field that allows attackers to crash the application. Attackers can paste an overly long string of 300 characters into the Repeater Host property to trigger an application crash.
by chuyreds
CVSS 7.5
CVE-2020-37132 EXPLOITDB MEDIUM python
UltraVNC < 1.2.4.0 - Denial of Service via Password Field Overflow
UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in its password configuration properties that allows local attackers to crash the application. Attackers can paste an overly long 300-character string into the password field to trigger an application crash and prevent normal launcher functionality.
by chuyreds
CVSS 6.2
CVE-2020-37131 EXPLOITDB MEDIUM python
Nsauditor Product Key Explorer <4.2.2.0 - DoS
Nsauditor Product Key Explorer 4.2.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by inputting a specially crafted registration key. Attackers can generate a payload of 1000 bytes of repeated characters and paste it into the 'Key' input field to trigger the application crash.
by 0xMoHassan
CVSS 6.2
CVE-2020-37130 EXPLOITDB HIGH python
Nsauditor < 3.2.0.0 - Denial of Service via Registration Name Input Field
Nsauditor 3.2.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can create a malicious payload of 1000 bytes of repeated characters to trigger an application crash when pasted into the registration name field.
by 0xMoHassan
CVSS 7.5
EIP-2026-118032 EXPLOITDB python
Triologic Media Player 8 - '.m3l' Buffer Overflow (Unicode) (SEH)
by Felipe Winsnes
EIP-2026-116302 EXPLOITDB python
SpotAuditor 5.3.4 - 'Name' Denial of Service (PoC)
by 0xMoHassan
EIP-2026-115307 EXPLOITDB python
Frigate 3.36 - Denial of Service (PoC)
by inter
EIP-2026-116752 EXPLOITDB python
AIDA64 Engineer 6.20.5300 - 'Report File' filename Buffer Overflow (SEH)
by Hodorsec
EIP-2026-110463 EXPLOITDB python
Pandora FMS 7.0NG - 'net_tools.php' Remote Code Execution
by Basim Alabdullah
CVE-2020-36881 EXPLOITDB HIGH python
Flexsense DiskBoss 7.7.14 - Buffer Overflow
Flexsense DiskBoss 7.7.14 contains a local buffer overflow vulnerability in the 'Input Directory' component that allows unauthenticated attackers to execute arbitrary code on the system. Attackers can exploit this by pasting a specially crafted directory path into the 'Add Input Directory' field.
by Paras Bhatia
CVSS 7.8
CVE-2020-36882 EXPLOITDB HIGH python
Flexsense DiskBoss 7.7.14 - Unauthenticated Arbitrary File Upload via Search Files Directory Field
Flexsense DiskBoss 7.7.14 allows unauthenticated attackers to upload arbitrary files via /Command/Search Files/Directory field, leading to a denial of service by crashing the application.
by Paras Bhatia
CVSS 7.5
EIP-2026-116689 EXPLOITDB python
10Strike LANState 9.32 - 'Force Check' Buffer Overflow (SEH)
by Hodorsec
EIP-2026-115256 EXPLOITDB python
FlashFXP 4.2.0 Build 1730 - Denial of Service (PoC)
by Paras Bhatia
EIP-2026-101763 EXPLOITDB python
Grandstream UCM6200 Series WebSocket 1.0.20.20 - 'user_password' SQL Injection
by Jacob Baines
CVE-2020-5726 EXPLOITDB HIGH python
Grandstream UCM6200 <1.0.20.22 - SQL Injection
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8888. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords.
by Jacob Baines
CVSS 7.5
By Source
All 6,637 Writeup 62,600 Exploitdb 50,076 Nomisec 22,502 Github 3,754 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 483 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,637 ruby 6,006 c 3,635 perl 2,849 html 2,076 php 1,334 bash 462 java 371 c++ 261 javascript 231 shell 140 go 74 postscript 25 typescript 25