Lucene search
K

970 matches found

Cvelist
Cvelist
added 2026/02/25 1:9 a.m.22 views

CVE-2025-67752 OpenEMR Has Disabled SSL Certificate Verification in HTTP Client

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, OpenEMR's HTTP client wrapper oeHttp/oeHttpRequest disables SSL/TLS certificate verification by default verify: false, making all external HTTPS connections vulnerable ...

8.1CVSS0.00233EPSS
Exploits1References2
AlmaLinux
AlmaLinux
added 2026/02/10 12:0 a.m.8 views

Moderate: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.5CVSS7.3AI score0.01525EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/02/10 12:0 a.m.4 views

RHEL 8 : python3.12 (RHSA-2026:2419)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:2419 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

7.5CVSS7.3AI score0.01525EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/05 2:53 p.m.7 views

hibernate-reactive-core: Hibernate Reactive: Denial of Service due to connection leak on HTTP client disconnect

A flaw was found in Hibernate Reactive. When an HTTP endpoint is exposed to perform database operations, a remote client can prematurely close the HTTP connection. This action may lead to leaking connections from the database connection pool, potentially causing a Denial of Service DoS by...

4.3CVSS5.8AI score0.00376EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/02/05 12:0 a.m.13 views

Amazon Linux 2023 : python3-urllib3 (ALAS2023-2026-1418)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1418 advisory. urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server...

8.9CVSS5.8AI score0.02667EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/02/04 7:51 p.m.5 views

cpython: Excessive read buffering DoS in http.client

A flaw was found in the http.client module in the Python standard library. When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This issue allows a malicious server to cause the client to read large amounts of data into...

7.5CVSS5.7AI score0.01525EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/02/04 7:51 p.m.9 views

Moderate: Red Hat Security Advisory: python3.11 security update

An update for python3.11 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

7.5CVSS7.3AI score0.01525EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/02/04 3:4 p.m.4 views

cpython: Excessive read buffering DoS in http.client

A flaw was found in the http.client module in the Python standard library. When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This issue allows a malicious server to cause the client to read large amounts of data into...

7.5CVSS5.7AI score0.01525EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/02/03 3:42 p.m.5 views

cpython: Excessive read buffering DoS in http.client

A flaw was found in the http.client module in the Python standard library. When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This issue allows a malicious server to cause the client to read large amounts of data into...

7.5CVSS5.7AI score0.01525EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/01/28 8:3 p.m.29 views

CVE-2025-14840 HTTP Client Manager - Less critical - Information disclosure - SA-CONTRIB-2025-126

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal HTTP Client Manager allows Forceful Browsing.This issue affects HTTP Client Manager: from 0.0.0 before 9.3.13, from 10.0.0 before 10.0.2, from 11.0.0 before 11.0.1...

0.00263EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/28 8:3 p.m.6 views

EUVD-2025-206433

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal HTTP Client Manager allows Forceful Browsing.This issue affects HTTP Client Manager: from 0.0.0 before 9.3.13, from 10.0.0 before 10.0.2, from 11.0.0 before 11.0.1...

7.5CVSS5.9AI score0.00263EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/01/27 5:32 p.m.7 views

cpython: Excessive read buffering DoS in http.client

A flaw was found in the http.client module in the Python standard library. When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This issue allows a malicious server to cause the client to read large amounts of data into...

7.5CVSS5.7AI score0.01525EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/01/27 3:21 p.m.7 views

cpython: Excessive read buffering DoS in http.client

A flaw was found in the http.client module in the Python standard library. When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This issue allows a malicious server to cause the client to read large amounts of data into...

7.5CVSS5.7AI score0.01525EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : java-21-openjdk-21.0.5.0.10-3.el8.ML.1 (AXSA:2024-8941:16)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8941:16 advisory. giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function CVE-2023-48161 JDK: Array indexing integer overflow 8328544 CVE-2024-212...

7.1CVSS7AI score0.01157EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/01/15 5:22 p.m.5 views

CVE-2026-22779

BlackSheep is an asynchronous web framework to build event based web applications with Python. Prior to 2.4.6, the HTTP Client implementation in BlackSheep is vulnerable to CRLF injection. Missing headers validation makes it possible for an attacker to modify the HTTP requests e.g. insert a new...

6.3CVSS6.5AI score0.00307EPSS
Exploits0References1
OSV
OSV
added 2026/01/14 4:52 p.m.2 views

GHSA-6PW3-H7XF-X4GP BlackSheep's ClientSession is vulnerable to CRLF injection

Impact The HTTP Client implementation in BlackSheep is vulnerable to CRLF injection. Missing headers validation makes it possible for an attacker to modify the HTTP requests e.g. insert a new header or even create a new HTTP request. Exploitation requires developers to pass unsanitized user input...

6.3CVSS6.6AI score0.00307EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.4 views

PT-2026-2925

Name of the Vulnerable Software and Affected Versions BlackSheep versions prior to 2.4.6 Description BlackSheep, an asynchronous web framework for building event-based web applications with Python, has an issue in its HTTP Client implementation. Missing validation of headers allows an attacker to...

6.3CVSS6.5AI score0.00307EPSS
Exploits0References13
CNNVD
CNNVD
added 2026/01/14 12:0 a.m.5 views

undici 安全漏洞

undici is an open source HTTP/1.1 client for Node.js. A security vulnerability exists in undici versions prior to 7.18.0 and prior to 6.23.0, which stems from an unlimited number of links in an unzip chain, and could lead to high CPU usage and memory over-allocation...

7.5CVSS6.4AI score0.00433EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.4 views

MiracleLinux 7 : java-11-openjdk-11.0.26.0.4-1.0.1.el7.AXS7 (AXSA:2025-9817:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9817:01 advisory. - Upgrade to openjdk-11.0.26+4. The following CVEs were fixed: - CVE-2024-21131: potential UTF8 size overflow - CVE-2024-21138: excessive symbol...

7.4CVSS6.5AI score0.01257EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2026/01/09 11:20 a.m.9 views

CVE-2021-22049

The vSphere Web Client FLEX/Flash contains an SSRF Server Side Request Forgery vulnerability in the vSAN Web Client vSAN UI plug-in. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an...

9.8CVSS6.8AI score0.01673EPSS
Exploits0References1
Rows per page
Query Builder