57402 matches found
CVE-2025-6591
CVE-2025-6591 affects Wikimedia Foundation MediaWiki, specifically the ApiFeedContributions.Php program file. The vulnerability enables HTML injection in the API output (action=feedcontributions) and affects MediaWiki releases listed as vulnerable before 1.39.13, 1.42.7, 1.43.2, and 1.44.0. Red H...
CVE-2025-6594
CVE-2025-6594 is an XSS in MediaWiki’s ApiSandbox.js (Special:ApiSandbox). The issue arises from improper neutralization of input during web page generation. Affected MediaWiki versions include 1.27.0 up to but not including 1.39.13, 1.42.7–1.43.2, and 1.44.0. Red Hat notes the flaw and its limit...
CVE-2025-6927
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/specials/pagers/BlockListPager.Php, includes/api/ApiQueryBlocks.Php. This issue affects MediaWiki: from = 1.42.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0...
CVE-2025-6927
CVE-2025-6927 affects Wikimedia Foundation MediaWiki components BlockListPager.Php and ApiQueryBlocks.Php, enabling information exposure via autoblocks/global suppressions. Affected versions include MediaWiki core releases 1.42.x prior to 1.39.13, 1.42.7–1.43.2, and 1.44.0; remediation is to upgr...
urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)
urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...
urllib3: urllib3 Streaming API improperly handles highly compressed data
A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...
urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)
urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...
OPENSUSE-SU-2026:20156-1 Security update for chromium
This update for chromium fixes the following issues: - Chromium 144.0.7559.109 boo1257404 CVE-2026-1504: Inappropriate implementation in Background Fetch API...
CVE-2025-47359
Memory Corruption when multiple threads simultaneously access a memory free API...
Important: Red Hat Security Advisory: python-urllib3 security update
An update for python-urllib3 is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)
urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...
CLSA-2026-1770046658 python3.11-urllib3: Fix of CVE-2025-66471
CVE-2025-66471: fix improper handling of highly compressed data in the Streaming API...
Important: Red Hat Security Advisory: python-urllib3 security update
An update for python-urllib3 is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
CVE-2025-47359
Technical details are not publicly available in the provided documents; monitor for updates.
CVE-2025-47359 Use After Free in Secure Processor
Memory Corruption when multiple threads simultaneously access a memory free API...
CVE-2025-47359
Memory Corruption when multiple threads simultaneously access a memory free API...
urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)
urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...
urllib3: urllib3 Streaming API improperly handles highly compressed data
A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...
CLSA-2026-1770035896 python3.11-urllib3: Fix of CVE-2025-66471
CVE-2025-66471: fix improper handling of highly compressed data in the Streaming API...
urllib3: urllib3 Streaming API improperly handles highly compressed data
A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...