Python - CVE CyberSecurity Database News

Jan 19, 2024 Exploit Python Pillow

CVE-2023-50447: Exploiting Arbitrary Code Execution in Pillow through 10.1. using PIL.ImageMath.eval() Environment Parameter

Another significant security issue has been uncovered in the popular Python Imaging Library (Pillow) and has been assigned CVE-2023-50447. This vulnerability allows for arbitrary code

Oct 15, 2023 API Exploit Python Urllib3

CVE-2018-25091 - urllib3 Authorization Header Leak When Following Cross-Origin Redirects

In this post, we will cover a security vulnerability identified as CVE-2018-25091, which affects urllib3 versions prior to 1.24.2. This vulnerability exposes the

CVE-2023-40217: Unauthenticated Data Leakage in Python TLS Client Authentication

Aug 25, 2023 Exploit Python

CVE-2023-40217: Unauthenticated Data Leakage in Python TLS Client Authentication

A security vulnerability (CVE-2023-40217) has been discovered in multiple versions of Python, primarily affecting servers (such as HTTP servers) that use TLS client authentication. The

CVE-2023-41105 - Python 3.11 Path Truncation Vulnerability Leading to Security Bypass

Aug 23, 2023 Exploit Python

CVE-2023-41105 - Python 3.11 Path Truncation Vulnerability Leading to Security Bypass

A vulnerability has been discovered in Python 3.11 through 3.11.4, which could allow an attacker to bypass security measures that were functional

Aug 22, 2023 XXE Exploit Python

CVE-2022-48565 - XXE Vulnerability in Python up to 3.9.1, Plistlib Module Affected

A vulnerability CVE-2022-48565, an XML External Entity (XXE) issue, was recently discovered in Python up to version 3.9.1. This issue potentially exposes the