Python Exploits

5,738 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-104350 EXPLOITDB python
Nagios XI Version 2024R1.01 - SQL Injection
by Jarod Jaslow (MAWK)
CVE-2023-6538 EXPLOITDB HIGH python
SMU <14.8.7825.01 - Info Disclosure
SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or combined Server+Storage administrative roles are able to access SMU configuration backup, that would normally be barred to those specific administrative roles.
by Arslan Masood
CVSS 7.6
CVE-2023-37679 GITHUB CRITICAL python
Mirth Connect Deserialization RCE
A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server.
by jakabakos
5 stars
CVSS 9.8
CVE-2024-24725 EXPLOITDB HIGH python
Gibbon <26.0.00 - Code Injection
Gibbon through 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the modules/System%20Admin/import_run.php&type=externalAssessment&step=4 URI.
by Ali Maharramli_Fikrat Guliev_Islam Rzayev
CVSS 8.8
EIP-2026-114642 EXPLOITDB python
ZoneMinder Snapshots < 1.37.33 - Unauthenticated RCE
by Ravindu Wickramasinghe
EIP-2026-104174 EXPLOITDB python
Atlassian Confluence < 8.5.3 - Remote Code Execution
by MaanVader
EIP-2026-101467 EXPLOITDB python
TELSAT marKoni FM Transmitter 1.9.5 - Root Command Injection
by LiquidWorm
EIP-2026-117396 EXPLOITDB python
LaborOfficeFree 19.10 - MySQL Root Password Calculator
by Peter Gabaldon
EIP-2026-102388 EXPLOITDB python
Karaf v4.4.3 Console - RCE
by Andrzej Olchawa_ Milenko Starcik
CVE-2024-23749 EXPLOITDB HIGH python
9bis Kitty < 0.76.1.13 - Command Injection
KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insufficient input sanitization and validation, failure to escape special characters, and insecure system calls (at lines 2369-2390). This allows an attacker to add inputs inside the filename variable, leading to arbitrary code execution.
by DEFCESCO
CVSS 7.8
CVE-2024-25004 EXPLOITDB HIGH python
KiTTY <0.76.1.13 - Buffer Overflow
KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the username, occurs due to insufficient bounds checking and input sanitization (at line 2600). This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution.
by DEFCESCO
CVSS 7.8
CVE-2024-25003 EXPLOITDB HIGH python
KiTTY <0.76.1.13 - Buffer Overflow
KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the hostname, occurs due to insufficient bounds checking and input sanitization. This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution.
by DEFCESCO
CVSS 7.8
CVE-2023-42793 EXPLOITDB CRITICAL python
Jetbrains Teamcity < 2023.05.4 - Missing Authentication
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
by ByteHunter
CVSS 9.8
CVE-2023-5702 EXPLOITDB MEDIUM python
Viessmann Vitogate 300 <2.1.3.0 - Direct Request
A vulnerability was found in Viessmann Vitogate 300 up to 2.1.3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/. The manipulation leads to direct request. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243140. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
by ByteHunter
CVSS 4.3
CVE-2023-23333 EXPLOITDB CRITICAL python
Contec Solarview Compact Firmware < 6.00 - Command Injection
There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php.
by ByteHunter
CVSS 9.8
EIP-2026-101425 EXPLOITDB python
Ruijie Switch PSG-5124 26293 - Remote Code Execution (RCE)
by ByteHunter
CVE-2023-3710 EXPLOITDB CRITICAL python
Honeywell Pm43 Firmware < p10.19.050004 - Command Injection
Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).
by ByteHunter
CVSS 9.9
EIP-2026-104386 EXPLOITDB python
OSGi v3.8-3.18 Console - RCE
by Andrzej Olchawa_ Milenko Starcik
EIP-2026-104385 EXPLOITDB python
OSGi v3.7.2 (and below) Console - RCE
by Andrzej Olchawa_ Milenko Starcik
EIP-2026-104120 EXPLOITDB python
VMware Cloud Director 10.5 - Bypass identity verification
by Abdualhadi khalifa
EIP-2026-101588 EXPLOITDB python
Cisco Firepower Management Center < 6.6.7.1 - Authenticated RCE
by Abdualhadi khalifa
EIP-2026-113697 EXPLOITDB python
WordPress Plugin Duplicator < 1.5.7.1 - Unauthenticated Sensitive Data Exposure to Account Takeover
by Dmitrii Ignatyev
EIP-2026-104151 EXPLOITDB python
Adobe ColdFusion versions 2018_15 (and earlier) and 2021_5 and earlier - Arbitrary File Read
by Youssef Muhammad
EIP-2026-101773 EXPLOITDB python
Hitachi NAS (HNAS) System Management Unit (SMU) Backup & Restore < 14.8.7825.01 - IDOR
by Arslan Masood
EIP-2026-100662 EXPLOITDB python
Sitecore - Remote Code Execution v8.2
by abhishek morla
By Source
All 5,738 Exploitdb 50,121 Writeup 46,733 Nomisec 21,197 Metasploit 3,189 Github 2,248 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,738 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 359 javascript 260 c++ 247 shell 68 go 41 postscript 25 xml 24