Lucene search
K

33 matches found

OSV
OSV
added 2026/06/12 12:26 p.m.14 views

OESA-2026-2661 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header...

5.3CVSS5.5AI score0.00359EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/03 1:16 p.m.15 views

EUVD-2026-34090

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.utils.cache.hasvaryheader in Django does not strip leading or trailing whitespace from Vary response header values before comparison, which allows remote attackers to read cached responses via requests to URLs whose...

3.1CVSS5.8AI score0.00354EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.16 views

Linux Distros Unpatched Vulnerability : CVE-2026-48587

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.utils.cache.hasvaryheader in Django does not strip leading or trailing whitespa...

5.3CVSS5.9AI score0.00354EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.10 views

Netty 注入漏洞

Netty is a non-blocking I/O client-server framework from the Netty community. It is primarily used for developing Java network applications, such as protocol servers and clients. Versions of Netty prior to 4.2.13.Final and 4.1.133.Final contained an injection vulnerability. This vulnerability...

5.3CVSS6.9AI score0.00307EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/04/21 8:39 p.m.13 views

Astro: XSS in define:vars via incomplete </script> tag sanitization

Summary The defineScriptVars function in Astro's server-side rendering pipeline uses a case-sensitive regex //g to sanitize values injected into inline tags via the define:vars directive. HTML parsers close elements case-insensitively and also accept whitespace or / before the closing , allowing ...

6.1CVSS6AI score0.00189EPSS
Exploits1References4Affected Software1
UbuntuCve
UbuntuCve
added 2026/01/10 5:16 a.m.5 views

CVE-2026-22691

pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible long runtimes for malformed startxref. An attacker who uses this vulnerability can craft a PDF which leads to possibly long runtimes for invalid startxref entries. When rebuilding the cross-referen...

6.9CVSS5.7AI score0.00391EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/09 8:56 a.m.8 views

CVE-2023-40194

An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to mistreatment of whitespace characters. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker nee...

8.8CVSS7.6AI score0.02001EPSS
Exploits1References1
OSV
OSV
added 2025/11/20 7:16 p.m.4 views

CVE-2025-55127

HackerOne community member Dao Hoang Anh yoyomiski has reported an improper neutralization of whitespace in the username when adding new users. A username with leading or trailing whitespace could be virtually indistinguishable from its legitimate counterpart when the username is displayed in the...

5.4CVSS5.8AI score0.00215EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-18311

Malware in sbrugna...

8.8CVSS8.6AI score0.0042EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2016-9577

Malware in sbrugna...

7.5CVSS6.2AI score0.13252EPSS
Exploits0References48
OSV
OSV
added 2023/11/27 4:15 p.m.4 views

CVE-2023-40194

An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to mistreatment of whitespace characters. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker nee...

8.8CVSS6AI score0.02001EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2023/06/29 12:0 a.m.5 views

The vulnerability of the Go programming language, related to errors in processing whitespace characters within JavaScript contexts, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Go programming language is related to errors in the handling of whitespace characters in JavaScript contexts. Exploiting this vulnerability can allow an attacker, operating remotely, to compromise the confidentiality, integrity, and accessibility of protected information...

10CVSS6.5AI score0.01548EPSS
Exploits0References9Affected Software16
OSV
OSV
added 2023/05/05 6:34 a.m.13 views

SUSE-SU-2023:2105-1 Security update for go1.20

This update for go1.20 fixes the following issues: Update to 1.20.4 bnc1206346: - CVE-2023-24539: Fixed an improper sanitization of CSS values boo1211029. - CVE-2023-24540: Fixed an improper handling of JavaScript whitespace boo1211030. - CVE-2023-29400: Fixed an improper handling of empty HTML...

9.8CVSS8.7AI score0.02281EPSS
Exploits0References18
Positive Technologies
Positive Technologies
added 2023/04/20 12:0 a.m.7 views

PT-2023-3321 · Alt Linux +9 · Alt Linux +9

Name of the Vulnerable Software and Affected Versions: No specific software name or affected versions are mentioned in the provided descriptions. Description: The issue is related to the handling of whitespace characters in JavaScript contexts. Not all valid JavaScript whitespace characters are...

10CVSS6.5AI score0.99999EPSS
Exploits22References260
SUSE CVE
SUSE CVE
added 2023/02/15 4:56 a.m.4 views

SUSE CVE-2016-8743

Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-en...

7.5CVSS8.4AI score0.13252EPSS
Exploits0References16
SUSE CVE
SUSE CVE
added 2023/02/15 4:30 a.m.4 views

SUSE CVE-2018-6560

In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon...

8.8CVSS6.9AI score0.0042EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/01/24 12:0 a.m.4 views

PT-2023-19074 · Unknown +1 · Opensearch +1

Name of the Vulnerable Software and Affected Versions: OpenSearch versions 1.0.0 through 1.3.7 OpenSearch versions 2.0.0 through 2.4.1 Description: OpenSearch uses JWTs to store role claims obtained from the Identity Provider IdP when the authentication backend is SAML or OpenID Connect. There is...

9CVSS8.2AI score0.00821EPSS
Exploits0References13
F5 Networks
F5 Networks
added 2022/12/15 9:58 p.m.81 views

K00373024: Apache vulnerability CVE-2016-8743

Security Advisory Description Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of...

7.5CVSS6.6AI score0.13252EPSS
Exploits0Affected Software16
RedHat Linux
RedHat Linux
added 2020/10/27 12:58 p.m.6 views

netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling

A flaw was found in Netty, where it mishandles Transfer-Encoding whitespace. This flaw allows HTTP Request Smuggling...

7.5CVSS7.1AI score0.03617EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2020/07/29 6:6 a.m.3 views

netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling

A flaw was found in Netty, where it mishandles Transfer-Encoding whitespace. This flaw allows HTTP Request Smuggling...

7.5CVSS7.1AI score0.03617EPSS
Exploits1References5
Rows per page
Query Builder