[SECURITY] Fedora 41 Update: python-django5-5.1.10-1.fc41

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

[SECURITY] Fedora 41 Update: python-django4.2-4.2.22-1.fc41

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

Amazon Linux 2 : python-tornado (ALAS-2025-2888)

The version of python-tornado installed on the remote host is prior to 4.2.1-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2888 advisory. Tornado is a Python web framework and asynchronous networking library. When Tornado's multipart/form- data parser encounters...

The vulnerability of the django.utils.log.log_response() function in the Django web application framework allows a hacker to gain access and modify data in the log file.

The vulnerability of the django.utils.log.logresponse function in the Django web application framework is related to improper handling of log file output. Exploiting this vulnerability can allow an attacker to gain access and modify data in the log files...

CVE-2024-55885

beego is an open-source web framework for the Go programming language. Versions of beego prior to 2.3.4 use MD5 as a hashing algorithm. MD5 is no longer considered secure against well-funded opponents due to its vulnerability to collision attacks. Version 2.3.4 replaces MD5 with SHA256...

CVE-2024-55970

File Manager in Syncfusion Essential Studio for ASP.NET MVC before 27.1.55 has a traversal issue that is related to the request parameter, aka I644734...

CVE-2023-5457

A CWE-1269 “Product Released in Non-Release Configuration” vulnerability in the Django web framework used by the web application due to the “debug” configuration parameter set to “True” allows a remote unauthenticated attacker to access critical information and have other unspecified impacts to t...

CVE-2022-28959

Multiple cross-site scripting XSS vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows attackers to execute arbitrary web scripts or HTML...

CVE-2022-28961

Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the liertrad and where parameters...

CVE-2021-32742

Vapor is a web framework for Swift. In versions 4.47.1 and prior, bug in the Data.initbase32Encoded: function opens up the potential for exposing server memory and/or crashing the server Denial of Service for applications where untrusted data can end up in said function. Vapor does not currently...

CVE-2013-3473

The web framework in Cisco Prime Central for Hosted Collaboration Solution HCS Assurance before 9.1.1 does not properly determine the existence of an authenticated session, which allows remote attackers to discover usernames and passwords via an HTTP request, aka Bug ID CSCud32600...

CVE-2025-47287

Summary: CVE-2025-47287 affects Tornado (Python Tornado) where the multipart/form-data parser can log an excessive amount of messages and continue parsing, causing a DoS due to synchronous logging. All versions prior to 6.5.0 are affected; a patch is available in Tornado 6.5.0/6.50. Affects: Torn...

CVE-2025-47287 Tornado vulnerable to excessive logging caused by malformed multipart form data

Tornado is a Python web framework and asynchronous networking library. When Tornado's multipart/form-data parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs,...

CVE-2025-47287

Tornado is a Python web framework and asynchronous networking library. When Tornado's multipart/form-data parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs,...

DEBIAN-CVE-2025-47278

Flask is a web server gateway interface WSGI web application framework. In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key. Signing is provided by the itsdangerous library. A list of keys can...

CVE-2025-47278

CVE-2025-47278 affects Flask 3.1.0, where itsdangerous signing key handling constructs the key list in reverse, causing the last (oldest) key to be used for signing when key rotation is configured via SECRET_KEY_FALLBACKS. The result is signing sessions with stale keys, potentially hindering tran...

CVE-2025-47278

Flask is a web server gateway interface WSGI web application framework. In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key. Signing is provided by the itsdangerous library. A list of keys can...

CVE-2025-47278 Flask uses fallback key instead of current signing key

Flask is a web server gateway interface WSGI web application framework. In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key. Signing is provided by the itsdangerous library. A list of keys can...

DS-Java 安全漏洞

DS-Java is a forum system built on SSH Struts2+Spring+Hibernate by sixteen individual developers. A security vulnerability exists in DS-Java version 1.0, which stems from vulnerability to cross-site request forgery attacks...

Intumit SmartRobot 代码问题漏洞

Intumit SmartRobot is a web development framework from Intumit, Inc. A code issue vulnerability exists in Intumit SmartRobot that stems from vulnerability to server-side request forgery attacks...