Vulnerabilidades em Python Software Foundation
60 resultadosCVE-2025-8291MEDIUMZIP64 End of Central Directory (EOCD) Locator record offset not checkedEPSS 0.3%CVE-2024-0450MEDIUMQuoted zip-bomb protection for zipfileEPSS 0.3%CVE-2025-15366MEDIUMIMAP command injection in user-controlled commandsEPSS 0.3%CVE-2025-15367MEDIUMPOP3 command injection in user-controlled commandsEPSS 0.3%CVE-2023-6597HIGHAn issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and priEPSS 0.3%CVE-2024-4030HIGHtempfile.mkdtemp() may be readable and writeable by all users on WindowsEPSS 0.3%CVE-2024-3219MEDIUMPure-Python fallback of socket.socketpair() doesn’t authenticate peer connectionEPSS 0.2%CVE-2026-3479NONEpkgutil.get_data() does not enforce documented restrictionsEPSS 0.2%CVE-2026-6019LOWBaseCookie.js_output() does not neutralize embedded charactersEPSS 0.2%CVE-2026-4519HIGHwebbrowser.open() allows leading dashes in URLsEPSS 0.2%CVE-2026-4786HIGHIncomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()EPSS 0.2%CVE-2026-2297MEDIUMSourcelessFileLoader does not use io.open_code()EPSS 0.2%CVE-2026-3446MEDIUMBase64 decoding stops at first padded quad by defaultEPSS 0.2%CVE-2025-13837LOWOut-of-memory when loading PlistEPSS 0.2%CVE-2026-5271MEDIUMPossible to hijack modules in current working directoryEPSS 0.2%CVE-2025-4516MEDIUMUse-after-free in "unicode_escape" decoder with error handlerEPSS 0.2%CVE-2025-13462LOWtarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handlingEPSS 0.2%CVE-2026-12003MEDIUMCPython >3.11 Insecure Input Validation resulting in privilege escalationEPSS 0.1%CVE-2026-5713MEDIUMOut-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious targetEPSS 0.1%CVE-2025-6075LOWQuadratic complexity in os.path.expandvars() with user-controlled templateEPSS 0.1%