Amazon Linux 2 : python-tornado, --advisory ALAS2-2026-3286 (ALAS-2026-3286)

The version of python-tornado installed on the remote host is prior to 4.2.1-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3286 advisory. In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to...

Tornado 安全漏洞

Tornado is a Python web framework and asynchronous networking library from Tornado China. This library can scale to thousands of open connections by using non-blocking network I/O, making it ideal for applications that require long-term polling, WebSocket, and other scenarios where long-term...

WordPress core < 6.5.5 - Contributor+ Path Traversal (Windows Only) vulnerability

Contributor+ Path Traversal Windows Only vulnerability discovered by Rafie M & Edouard L Patchstack in WordPress core versions 6.5.5...

Devellion CubeCart 安全漏洞

Devellion CubeCart is a free and open source e-commerce shopping cart software from the company of Devellion UK. The software supports selling products, adding/editing products or images, etc. in an online store. A security vulnerability exists in Devellion CubeCart versions prior to 6.5.5, which...