Python Exploits

6,607 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-101425 EXPLOITDB python
Ruijie Switch PSG-5124 26293 - Remote Code Execution (RCE)
by ByteHunter
CVE-2023-3710 EXPLOITDB CRITICAL python
Honeywell PM43 Firmware < P10.19.050004 - Command Injection via Printer Web Page Modules
Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).
by ByteHunter
CVSS 9.9
CVE-2023-54344 EXPLOITDB CRITICAL python
Eclipse Equinox OSGi 3.7.2 Remote Code Execution via Console
Eclipse Equinox OSGi 3.7.2 and earlier contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending payloads to the console interface. Attackers can connect to the OSGi console port and send base64-encoded bash commands wrapped in fork directives to achieve code execution and establish reverse shell connections.
by Andrzej Olchawa_ Milenko Starcik
CVSS 9.8
CVE-2023-54342 EXPLOITDB CRITICAL python
Eclipse Equinox OSGi 3.8-3.18 Console Remote Code Execution
Eclipse Equinox OSGi versions 3.8 through 3.18 contain a remote code execution vulnerability in the console interface that allows unauthenticated attackers to execute arbitrary code by exploiting the fork command functionality. Attackers can establish a telnet connection to the OSGi console, perform a telnet handshake, and send fork commands to download and execute malicious Java code, establishing a reverse shell connection.
by Andrzej Olchawa_ Milenko Starcik
CVSS 9.8
EIP-2026-104120 EXPLOITDB python
VMware Cloud Director 10.5 - Bypass identity verification
by Abdualhadi khalifa
EIP-2026-101588 EXPLOITDB python
Cisco Firepower Management Center < 6.6.7.1 - Authenticated RCE
by Abdualhadi khalifa
EIP-2026-113697 EXPLOITDB python
WordPress Plugin Duplicator < 1.5.7.1 - Unauthenticated Sensitive Data Exposure to Account Takeover
by Dmitrii Ignatyev
EIP-2026-104151 EXPLOITDB python
Adobe ColdFusion versions 2018_15 (and earlier) and 2021_5 and earlier - Arbitrary File Read
by Youssef Muhammad
EIP-2026-101773 EXPLOITDB python
Hitachi NAS (HNAS) System Management Unit (SMU) Backup & Restore < 14.8.7825.01 - IDOR
by Arslan Masood
EIP-2026-100662 EXPLOITDB python
Sitecore - Remote Code Execution v8.2
by abhishek morla
CVE-2023-46453 EXPLOITDB CRITICAL python
GL.iNet 4.x - Authentication Bypass via SQL Injection
Certain GL.iNet devices with 4.x firmware allow authentication bypass (resulting in administrative control of the device) via a username that is both a valid SQL statement and a valid regular expression. For example, this affects version 4.3.7 on GL-MT3000 GL-AR300M GL-B1300 GL-AX1800 GL-AR750S GL-MT2500 GL-AXT1800 GL-X3000 and GL-SFT1200.
by Daniele Linguaglossa
CVSS 9.8
EIP-2026-106265 EXPLOITDB python
CSZ CMS Version 1.3.0 - Authenticated Remote Command Execution
by tmrswrr
CVE-2024-58275 EXPLOITDB HIGH python
Easywall 0.3.1 - Authenticated Remote Command Execution via Ports-Save Endpoint
Easywall 0.3.1 allows authenticated remote command execution via a command injection vulnerability in the /ports-save endpoint that suffers from a parameter injection flaw. Attackers can inject shell metacharacters to execute arbitrary commands on the server.
by Melvin Mejia
EIP-2026-105602 EXPLOITDB python
Boss Mini 1.4.0 - local file inclusion
by nltt0
EIP-2026-103761 EXPLOITDB python
A-PDF All to MP3 Converter 2.0.0 - DEP Bypass via HeapCreate + HeapAlloc
by George Washington
EIP-2026-101477 EXPLOITDB python
TitanNit Web Control 2.01 / Atemio 7600 - Root Remote Code Execution
by LiquidWorm
CVE-2023-46454 EXPLOITDB CRITICAL python
GL.iNET GL-AR300M <4.3.7 - Command Injection
In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality.
by cyberaz0r
CVSS 9.8
CVE-2023-46455 EXPLOITDB HIGH python
GL.iNET GL-AR300M <4.3.7 - Path Traversal
In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality.
by cyberaz0r
CVSS 7.5
CVE-2023-46456 EXPLOITDB CRITICAL python
GL.iNET GL-AR300M <3.216 - Command Injection
In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality.
by cyberaz0r
CVSS 9.8
EIP-2026-114378 EXPLOITDB python
WP Rocket < 2.10.3 - Local File Inclusion (LFI)
by E1 Coders
EIP-2026-113619 EXPLOITDB python
Wordpress Plugin Canto < 3.0.5 - Remote File Inclusion (RFI) and Remote Code Execution (RCE)
by Leopoldo Angulo (leoanggal1)
EIP-2026-106081 EXPLOITDB python
comments-like-dislike < 1.2.0 - Authenticated (Subscriber+) Plugin Setting Reset
by Diaa Hanna
CVE-2024-58305 EXPLOITDB HIGH python
WonderCMS 4.3.2 - Stored Cross-Site Scripting via Module Installation Endpoint
WonderCMS 4.3.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious JavaScript through the module installation endpoint. Attackers can craft a specially designed XSS payload to install a reverse shell module and execute remote commands by tricking an authenticated administrator into accessing a malicious link.
by Anas Zakir
CVSS 8.8
EIP-2026-116586 EXPLOITDB python
XAMPP - Buffer Overflow POC
by Talson
EIP-2026-108090 EXPLOITDB python
JFrog Artifactory < 7.25.4 - Blind SQL Injection
by ardr
By Source
All 6,607 Writeup 62,509 Exploitdb 50,076 Nomisec 22,473 Github 3,698 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 480 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,607 ruby 6,006 c 3,632 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 231 shell 135 go 73 postscript 25 typescript 25