Lucene search
K

1055 matches found

OSV
OSV
added yesterday5 views

ROOT-APP-PYPI-CVE-2026-31958 CVE-2026-31958 in rootio-tornado - Patched by Root

Root has patched CVE-2026-31958 in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...

7.5CVSS5.9AI score0.00375EPSS
Exploits0
OSV
OSV
added yesterday6 views

ROOT-APP-PYPI-GHSA-QPPV-J76H-2RPX GHSA-qppv-j76h-2rpx in rootio-tornado - Patched by Root

Root has patched GHSA-qppv-j76h-2rpx in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...

5.9AI score
Exploits0
OSV
OSV
added yesterday6 views

ROOT-APP-PYPI-GHSA-753J-MPMX-QQ6G GHSA-753j-mpmx-qq6g in rootio-tornado - Patched by Root

Root has patched GHSA-753j-mpmx-qq6g in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...

5.3CVSS5.9AI score
Exploits0
OSV
OSV
added yesterday7 views

ROOT-APP-PYPI-CVE-2024-52804 CVE-2024-52804 in rootio-tornado - Patched by Root

Root has patched CVE-2024-52804 in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...

7.5CVSS5.4AI score0.01051EPSS
Exploits0
OSV
OSV
added yesterday10 views

ROOT-APP-PYPI-CVE-2026-49853 CVE-2026-49853 in rootio-tornado - Patched by Root

Root has patched CVE-2026-49853 in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...

7.7CVSS5.3AI score0.00486EPSS
Exploits0
OSV
OSV
added yesterday6 views

ROOT-APP-PYPI-CVE-2023-28370 CVE-2023-28370 in rootio-tornado - Patched by Root

Root has patched CVE-2023-28370 in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...

6.1CVSS6.6AI score0.01132EPSS
Exploits0
OSV
OSV
added yesterday10 views

ROOT-APP-PYPI-CVE-2026-49855 CVE-2026-49855 in rootio-tornado - Patched by Root

Root has patched CVE-2026-49855 in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...

7.5CVSS5.3AI score0.00691EPSS
Exploits0
OSV
OSV
added yesterday6 views

ROOT-APP-PYPI-GHSA-78CV-MQJ4-43F7 GHSA-78cv-mqj4-43f7 in rootio-tornado - Patched by Root

Root has patched GHSA-78cv-mqj4-43f7 in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...

5.4CVSS5.9AI score
Exploits0
OSV
OSV
added yesterday6 views

ROOT-APP-PYPI-CVE-2025-47287 CVE-2025-47287 in rootio-tornado - Patched by Root

Root has patched CVE-2025-47287 in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...

7.5CVSS7AI score0.00672EPSS
Exploits0
OSV
OSV
added yesterday6 views

ROOT-APP-PYPI-CVE-2026-35536 CVE-2026-35536 in rootio-tornado - Patched by Root

Root has patched CVE-2026-35536 in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...

7.2CVSS5.9AI score0.00237EPSS
Exploits0
OSV
OSV
added yesterday5 views

ROOT-APP-PYPI-GHSA-W235-7P84-XX57 GHSA-w235-7p84-xx57 in rootio-tornado - Patched by Root

Root has patched GHSA-w235-7p84-xx57 in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...

6.5CVSS5.9AI score
Exploits0
NVD
NVD
added 2 days ago4 views

CVE-2026-49855

Tornado is a Python web framework and asynchronous networking library. Prior to 6.5.6, Tornado gzip decompression routines processed limited-size chunks but did not enforce an overall limit on accumulated decompressed chunks, allowing a malicious server accessed by SimpleAsyncHTTPClient or an...

7.5CVSS0.00691EPSS
Exploits0References3
NVD
NVD
added 2 days ago4 views

CVE-2026-49853

Tornado is a Python web framework and asynchronous networking library. Prior to 6.5.6, SimpleAsyncHTTPClient shallow-copied redirected requests and removed only the Host header, leaving Authorization, authusername, authpassword, and authmode in place when a redirect changed scheme, host, or port...

7.7CVSS0.00486EPSS
Exploits0References4
NVD
NVD
added 2 days ago4 views

CVE-2026-49854

Tornado is a Python web framework and asynchronous networking library. Prior to 6.5.6, the optional native extension tornado.speedups implemented websocketmask without validating that the mask argument is exactly four bytes, allowing the C function to read up to three bytes beyond the provided...

5.3CVSS0.0045EPSS
Exploits0References4
CVE
CVE
added 2 days ago22 views

CVE-2026-49855

Tornado (Python) prior to 6.5.6 allows a malicious server accessed via SimpleAsyncHTTPClient or an HTTPServer with decompress_request=True to accumulate decompressed data without an overall size limit, potentially causing memory exhaustion. Affected is gzip decompression routines that previously ...

7.5CVSS6.1AI score0.00691EPSS
Exploits0References3
CVE
CVE
added 2 days ago77 views

CVE-2026-49854

Summary: Tornado’s optional native extension tornado.speedups mishandles the websocket_mask length, reading beyond a four-byte buffer when invoked through the XSRF token decoder with the extension active. This out-of-bounds access affects Tornado up to version 6.5.5 and is fixed in 6.5.6. Impact:...

5.3CVSS6.1AI score0.0045EPSS
Exploits0References4
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-49854 Tornado: Out-of-bounds memory access in C extension

Tornado is a Python web framework and asynchronous networking library. Prior to 6.5.6, the optional native extension tornado.speedups implemented websocketmask without validating that the mask argument is exactly four bytes, allowing the C function to read up to three bytes beyond the provided...

5.3CVSS0.0045EPSS
Exploits0References4
Fedora
Fedora
added 4 days ago8 views

[SECURITY] Fedora 44 Update: python-tornado-6.5.7-1.fc44

Tornado is an open source version of the scalable, non-blocking web server and tools. The framework is distinct from most mainstream web server frameworks and certainly most Python frameworks because it is non-blocking and reasonably fast. Because it is non-blocking and uses epoll, it can handle...

8.7CVSS6.7AI score0.00375EPSS
Exploits0
Fedora
Fedora
added 4 days ago5 views

[SECURITY] Fedora 43 Update: python-tornado-6.5.7-1.fc43

Tornado is an open source version of the scalable, non-blocking web server and tools. The framework is distinct from most mainstream web server frameworks and certainly most Python frameworks because it is non-blocking and reasonably fast. Because it is non-blocking and uses epoll, it can handle...

8.7CVSS6.7AI score0.00375EPSS
Exploits0
Photon
Photon
added 2026/07/08 12:0 a.m.5 views

Important Photon OS Security Update - PHSA-2026-4.0-1053

Updates of 'python3-tornado', 'python3-ujson' packages of Photon OS have been released...

8.7CVSS6.1AI score0.00421EPSS
Exploits1
Rows per page
Query Builder