Lucene search
K

232 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

MiracleLinux 7 : firefox-60.3.0-1.0.1.el7.AXS7 (AXSA:2018-3376:08)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2018-3376:08 advisory. Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 CVE-2018-12390 Mozilla: Crash with nested event loops CVE-2018-12392 Mozilla:...

9.8CVSS8.1AI score0.03924EPSS
Exploits0References8
OSV
OSV
added 2026/01/09 2:5 p.m.7 views

OESA-2026-1018 python-tornado security update

Tornado is an open source version of the scalable, non-blocking web server and tools. Security Fixes: Tornado is a Python web framework and asynchronous networking library. Versions 6.5.2 and below use an inefficient algorithm when parsing parameters for HTTP header values, potentially causing a...

7.5CVSS6.7AI score0.00371EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/04 12:0 a.m.5 views

TencentOS Server 4: python-tornado (TSSA-2025:0977)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0977 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

7.5CVSS7AI score0.00396EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.7 views

PT-2026-20345

Name of the Vulnerable Software and Affected Versions fast-xml-parser versions prior to 5.3.6 Description The XML parser is susceptible to an unlimited amount of entity expansion. A small XML input can cause the parser to spend significant time processing a single request, leading to application...

8.2CVSS5.7AI score0.00811EPSS
Exploits1References202
SUSE CVE
SUSE CVE
added 2025/12/25 12:27 a.m.9 views

SUSE CVE-2025-67725

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation...

7.5CVSS6.5AI score0.00396EPSS
Exploits0References44
OSV
OSV
added 2025/12/12 6:15 a.m.10 views

AZL-72368 CVE-2025-67725 affecting package python-tornado 6.2.0-1

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation...

7.5CVSS6AI score0.00396EPSS
Exploits0References1
OSV
OSV
added 2025/12/12 6:15 a.m.5 views

UBUNTU-CVE-2025-67725

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation...

7.5CVSS5.9AI score0.00396EPSS
Exploits0References6
CVE
CVE
added 2025/12/12 6:13 a.m.51 views

CVE-2025-67726

Tornado (Python) vulnerability CVE-2025-67726 affects versions 6.5.2 and earlier, due to an inefficient _parseparam-based parsing of HTTP header parameters (e.g., Content-Disposition). The implementation repeatedly calls string.count() inside a nested loop while handling quoted semicolons, causin...

7.5CVSS6.4AI score0.00371EPSS
Exploits0References3Affected Software1
AlpineLinux
AlpineLinux
added 2025/12/12 5:49 a.m.4 views

CVE-2025-67725

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation...

7.5CVSS6.5AI score0.00396EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/12/09 12:0 a.m.4 views

Fedora 42 : libwebsockets (2025-0c12fa2541)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-0c12fa2541 advisory. Update to 4.3.7, enable glib event loop Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

7.5CVSS5.6AI score0.00369EPSS
Exploits0References5
EUVD
EUVD
added 2025/12/03 12:30 a.m.5 views

EUVD-2025-200372

Sending an HTTP request/response body with greater than 2^31 bytes triggers an infinite loop in proxygen::coro::HTTPQuicCoroSession which blocks the backing event loop and unconditionally appends data to a std::vector per-loop iteration. This issue leads to unbounded memory growth and eventually...

5.3CVSS6.3AI score0.00256EPSS
Exploits0References3
NVD
NVD
added 2025/12/02 10:16 p.m.5 views

CVE-2025-55181

Sending an HTTP request/response body with greater than 2^31 bytes triggers an infinite loop in proxygen::coro::HTTPQuicCoroSession which blocks the backing event loop and unconditionally appends data to a std::vector per-loop iteration. This issue leads to unbounded memory growth and eventually...

5.3CVSS0.00256EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-3474

Malware in sbrugna...

7.8CVSS7.6AI score0.0019EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-0395

Malware in sbrugna...

7.5CVSS7.6AI score0.01503EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2018-0589

Malware in sbrugna...

7.5CVSS7.4AI score0.01286EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2018-0292

Malware in sbrugna...

7.5CVSS7.5AI score0.01584EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-4098

Malicious code in bioql PyPI...

7.5CVSS6.5AI score0.00715EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.1 views

EUVD-2024-2764

Malicious code in bioql PyPI...

7.5CVSS7.1AI score0.00932EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2017-16119

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Fresh is a module used by the Express.js framework for HTTP response freshness testing. It is vulnerable to a regular expression denial of service when it is...

7.5CVSS7.3AI score0.01584EPSS
Exploits0References2
OSV
OSV
added 2025/08/14 6:52 p.m.1 views

MAL-2025-29607 Malicious code in precon-event-loop-helper (npm)

The package precon-event-loop-helper was found to contain malicious code...

7.2AI score
Exploits0
Rows per page
Query Builder