Lucene search
K

133 matches found

OSV
OSV
added 2026/01/05 10:26 a.m.5 views

SUSE-SU-2026:0010-1 Security update for python-tornado6

This update for python-tornado6 fixes the following issues: - CVE-2025-67724: unescaped reason argument used in HTTP headers and in HTML default error pages can be used by attackers to launch header injection or XSS attacks bsc1254903. - CVE-2025-67725: quadratic complexity of string concatenatio...

7.5CVSS7AI score0.00396EPSS
Exploits0References7
CVE
CVE
added 2026/01/01 5:54 p.m.35 views

CVE-2026-21428

CVE-2026-21428 affects cpp-httplib (C++11 single-file header-only library). The vulnerability is in write_headers: it does not validate CR/LF in user-supplied header values, enabling injection of extra headers, potential tampering with the request body, and SSRF when paired with servers supportin...

8.7CVSS6.4AI score0.00372EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2025/12/22 1:31 p.m.4 views

SUSE-SU-2026:20007-1 Security update for python-tornado6

This update for python-tornado6 fixes the following issues: - CVE-2025-67724: unescaped reason argument used in HTTP headers and in HTML default error pages can be used by attackers to launch header injection or XSS attacks bsc1254903. - CVE-2025-67725: quadratic complexity of string concatenatio...

7.5CVSS6AI score0.00396EPSS
Exploits0References7
OSV
OSV
added 2025/12/12 6:15 a.m.5 views

AZL-72377 CVE-2025-67724 affecting package python-tornado 6.3.3-11

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML in the default error page where it could be used for XSS and can be exploited by...

6.1CVSS6AI score0.00185EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/12/12 5:36 a.m.1 views

CVE-2025-67724

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML in the default error page where it could be used for XSS and can be exploited by...

6.1CVSS6.4AI score0.00185EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/12/11 12:0 a.m.4 views

Fedora 43 : perl-CGI-Simple (2025-3dd97ed203)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-3dd97ed203 advisory. 1.282 - Sanitize all user-supplied values before inserting into HTTP headers; Fixed CVE-2025-40927. Tenable has extracted the preceding description block...

7.3CVSS5.5AI score0.00431EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/27 3:3 p.m.15 views

CVE-2025-62691

Security Point Windows of MaLion and MaLionCloud contains a stack-based buffer overflow vulnerability in processing HTTP headers. Receiving a specially crafted request from a remote unauthenticated attacker could lead to arbitrary code execution with SYSTEM privilege...

9.8CVSS10AI score0.00593EPSS
Exploits0References1
CNVD
CNVD
added 2025/11/25 12:0 a.m.4 views

WordPress BigBuy Dropshipping Connector for WooCommerce plugin IP address forgery vulnerability

WordPress BigBuy Dropshipping Connector for WooCommerce plugin is an open source plugin for the WordPress platform for WooCommerce e-commerce platform , support and BigBuy and other Dropshipping supplier docking , to achieve automatic synchronization of goods It supports interfacing with BigBuy a...

5.3CVSS6.6AI score0.00249EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/20 12:0 a.m.4 views

IBM Concert 安全漏洞

IBM Concert is a generative artificial intelligence-driven automated application management and monitoring tool based on the watsonx platform, announced by IBM in May 2024 at the IBMThink conference in Boston, USA. IBM Concert suffers from an information disclosure vulnerability that stems from t...

7.5CVSS5.8AI score0.00222EPSS
Exploits0References2
OSV
OSV
added 2025/11/17 11:47 p.m.4 views

BIT-MOODLE-2025-62396 Moodle: router (r.php) could expose application directories

An error-handling issue in the Moodle router r.php could cause the application to display internal directory listings when specific HTTP headers were not properly configured...

5.3CVSS6.8AI score0.00274EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/10 12:0 a.m.5 views

OAuth2-Proxy 安全漏洞

oauth2-proxy is a reverse proxy software from the OAuth2 Proxy open source. A security vulnerability exists in OAuth2-Proxy versions prior to 7.13.0, which stems from improper handling of HTTP headers and could lead to elevation of privilege...

8.5CVSS6.3AI score0.00625EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/11/08 10:57 p.m.3 views

CVE-2025-58186

Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption...

5.3CVSS6.9AI score0.00534EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/10/24 2:33 p.m.5 views

CVE-2025-1680

An acceptance of extraneous untrusted data with trusted data vulnerability has been identified in Moxa’s Ethernet switches, which allows attackers with administrative privileges to manipulate HTTP Host headers by injecting a specially crafted Host header into HTTP requests sent to an affected...

6.8AI score0.00168EPSS
Exploits0References1
NVD
NVD
added 2025/10/23 12:15 p.m.6 views

CVE-2025-62396

An error-handling issue in the Moodle router r.php could cause the application to display internal directory listings when specific HTTP headers were not properly configured...

5.3CVSS0.00274EPSS
Exploits0References2
OSV
OSV
added 2025/10/23 12:15 p.m.4 views

CVE-2025-62396

An error-handling issue in the Moodle router r.php could cause the application to display internal directory listings when specific HTTP headers were not properly configured...

5.3CVSS6.8AI score0.00274EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-31580

Malicious code in bioql PyPI...

6.8CVSS6.6AI score0.00179EPSS
Exploits0References2
NVD
NVD
added 2025/09/29 4:15 p.m.4 views

CVE-2025-11155

The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials...

6.8CVSS0.00179EPSS
Exploits0References1
CVE
CVE
added 2025/09/29 3:14 p.m.10 views

CVE-2025-11155

CVE-2025-11155 describes weak encoding for device password: credentials are sent in base64 inside HTTP headers, which is not encryption, allowing an interceptor to obtain them during login. The CVSS vector indicates Adjacent attack vector, Low attack complexity, no privileges, and Active user int...

6.8CVSS6.5AI score0.00179EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/29 12:0 a.m.3 views

SATO S86-ex 203dpi 安全漏洞

SATO S86-ex 203dpi is a print engine from SATO Japan. A security vulnerability exists in the SATO S86-ex 203dpi that originates from the device web server access credentials being sent as base64 via HTTP headers, which may be intercepted for acquisition...

6.8CVSS6.8AI score0.00179EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/17 12:0 a.m.7 views

PT-2025-38141

Name of the Vulnerable Software and Affected Versions Dokuzsoft Technology E-Commerce Web Design Product versions prior to 11.08.2025 Description The software contains an Improper Neutralization of Input During Web Page Generation vulnerability, which allows for Cross-site Scripting XSS through...

7.1CVSS5.4AI score0.00185EPSS
Exploits0References7
Rows per page
Query Builder