Python Exploits

5,917 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-118419 EXPLOITDB python VERIFIED
Disk Savvy Enterprise 9.0.32 - 'Login' Remote Buffer Overflow
by Tulpa
EIP-2026-100935 EXPLOITDB python
Witbe - Remote Code Execution
by BeLmar
CVE-2016-2776 EXPLOITDB HIGH python
Oracle Linux < 9.9.9 - Improper Input Validation
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
by Infobyte
CVSS 7.5
CVE-2025-34108 EXPLOITDB HIGH python VERIFIED
Disk Pulse Enterprise <9.0.34 - Buffer Overflow
A stack-based buffer overflow vulnerability exists in the login functionality of Disk Pulse Enterprise version 9.0.34. An attacker can send a specially crafted HTTP POST request to the /login endpoint with an overly long username parameter, causing a buffer overflow in the libspp.dll component. Successful exploitation allows arbitrary code execution with SYSTEM privileges.
by Tulpa
EIP-2026-103778 EXPLOITDB python
KeepNote 0.7.8 - Command Execution
by R-73eN
CVE-2015-2866 EXPLOITDB python
Grandstream Gxv3611 HD Firmware < 1.0.3.6 - SQL Injection
SQL injection vulnerability on the Grandstream GXV3611_HD camera with firmware before 1.0.3.9 beta allows remote attackers to execute arbitrary SQL commands by attempting to establish a TELNET session with a crafted username.
by pizza1337
EIP-2026-116490 EXPLOITDB python VERIFIED
VideoLAN VLC Media Player 2.2.1 - Buffer Overflow
by sultan albalawi
CVE-2016-20047 EXPLOITDB HIGH python
EKG Gadu 1.9 Local Buffer Overflow via Username Parameter
EKG Gadu 1.9~pre+r2855-3+b1 contains a local buffer overflow vulnerability in the username handling that allows local attackers to execute arbitrary code by supplying an oversized username string. Attackers can trigger the overflow in the strlcpy function by passing a crafted buffer exceeding 258 bytes to overwrite the instruction pointer and execute shellcode with user privileges.
by Juan Sacco
CVSS 8.4
EIP-2026-101198 EXPLOITDB python
Cisco ASA 9.2(3) - 'EXTRABACON' Authentication Bypass
by Sean Dillon
EIP-2026-119647 EXPLOITDB python
PrivateTunnel Client 2.7.0 (x64) - Local Credentials Disclosure
by Yakir Wizman
CVE-2015-8309 EXPLOITDB MEDIUM python VERIFIED
Cherry Music <0.36.0 - Path Traversal
Directory traversal vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to read arbitrary files via the "value" parameter to "download."
by feedersec
CVSS 4.3
CVE-2016-6662 EXPLOITDB CRITICAL python
Oracle MySQL, MariaDB, Percona Server - Privilege Escalation via my.cnf
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.
by Dawid Golunski
CVSS 9.8
EIP-2026-103153 EXPLOITDB python
LamaHub 0.0.6.2 - Remote Buffer Overflow
by Pi3rrot
EIP-2026-102106 EXPLOITDB python
Vodafone Mobile Wifi - Reset Admin Password
by Daniele Linguaglossa
EIP-2026-119639 EXPLOITDB python
LogMeIn Client 1.3.2462 (x64) - Local Credentials Disclosure
by Yakir Wizman
EIP-2026-119631 EXPLOITDB python
Dropbox Desktop Client 9.4.49 (x64) - Local Credentials Disclosure
by Yakir Wizman
EIP-2026-116802 EXPLOITDB python
Apple iCloud Desktop Client 5.2.1.0 - Local Credentials Disclosure
by Yakir Wizman
EIP-2026-114562 EXPLOITDB python
Zabbix 2.0 < 3.0.3 - SQL Injection
by Zzzians
EIP-2026-119654 EXPLOITDB python
TeamViewer 11.0.65452 (x64) - Local Credentials Disclosure
by Alexander Korznikov
CVE-2016-4264 EXPLOITDB HIGH python VERIFIED
Adobe ColdFusion <11-Update 10 - Info Disclosure
The Office Open XML (OOXML) feature in Adobe ColdFusion 10 before Update 21 and 11 before Update 10 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via a crafted OOXML spreadsheet containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
by Dawid Golunski
CVSS 8.6
CVE-2015-7547 EXPLOITDB HIGH python
GNU C Library <2.23 - Buffer Overflow
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
by SpeeDr00t
CVSS 8.1
EIP-2026-119645 EXPLOITDB python
Navicat Premium 11.2.11 (x64) - Local Database Password Disclosure
by Yakir Wizman
EIP-2026-119644 EXPLOITDB python
MySQL 5.5.45 (x64) - Local Credentials Disclosure
by Yakir Wizman
EIP-2026-101556 EXPLOITDB python
Belkin F9K1122v1 1.00.30 - Buffer Overflow (via Cross-Site Request Forgery)
by b1ack0wl
EIP-2026-117176 EXPLOITDB python
FortiClient SSLVPN 5.4 - Credentials Disclosure
by Viktor Minin
By Source
All 5,917 Writeup 52,991 Exploitdb 50,135 Nomisec 21,420 Metasploit 3,228 Github 2,580 Vulncheck_xdb 903 Inthewild 518 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,346 ruby 5,959 python 5,917 c 3,577 perl 2,854 html 2,056 php 1,334 bash 459 java 362 javascript 260 c++ 250 shell 95 go 52 postscript 25 xml 24