EUVD-2023-33025

Malicious code in bioql PyPI...

CVE-2025-54142

CVE-2025-54142 affects Akamai Ghost (versions prior to 2025-07-21). The issue is HTTP Request Smuggling via an OPTIONS request that carries an entity body, enabling a following request on the same persistent connection between an Akamai proxy and an origin server when the origin server violates c...

CVE-2025-54142

Akamai Ghost before 2025-07-21 allows HTTP Request Smuggling via an OPTIONS request that has an entity body, because there can be a subsequent request within the persistent connection between an Akamai proxy server and an origin server, if the origin server violates certain Internet standards...

CVE-2025-54142

Akamai Ghost before 2025-07-21 allows HTTP Request Smuggling via an OPTIONS request that has an entity body, because there can be a subsequent request within the persistent connection between an Akamai proxy server and an origin server, if the origin server violates certain Internet standards...

OESA-2025-1148 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

CVE-2024-23829

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against...

CVE-2024-23829 aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against...

CVE-2023-29456

URL validation scheme receives input from a user and then parses it to identify its various components. The validation scheme can ensure that all URL components comply with internet standards...

CVE-2023-29456

URL validation scheme receives input from a user and then parses it to identify its various components. The validation scheme can ensure that all URL components comply with internet standards...

CVE-2023-29456

URL validation scheme receives input from a user and then parses it to identify its various components. The validation scheme can ensure that all URL components comply with internet standards...

CVE-2023-29456

URL validation scheme receives input from a user and then parses it to identify its various components. The validation scheme can ensure that all URL components comply with internet standards...

UBUNTU-CVE-2023-29456

URL validation scheme receives input from a user and then parses it to identify its various components. The validation scheme can ensure that all URL components comply with internet standards...

Input validation

URL validation scheme receives input from a user and then parses it to identify its various components. The validation scheme can ensure that all URL components comply with internet standards...

CVE-2023-29456 Inefficient URL schema validation

URL validation scheme receives input from a user and then parses it to identify its various components. The validation scheme can ensure that all URL components comply with internet standards...

CVE-2023-29456

CVE-2023-29456 affects Zabbix’s URL validation scheme that parses user-input URLs to identify components. Multiple connected sources corroborate the issue and describe it as a vulnerability in the URL validation path used by Zabbix (across Debian advisories, OpenVAS, and Astra Linux security bull...

CVE-2023-29456

URL validation scheme receives input from a user and then parses it to identify its various components. The validation scheme can ensure that all URL components comply with internet standards...

CVE-2023-29456 Inefficient URL schema validation

URL validation scheme receives input from a user and then parses it to identify its various components. The validation scheme can ensure that all URL components comply with internet standards...

Foxmail (Windows client) suffers from a dll hijacking vulnerability

Foxmail is a domestic e-mail client software, providing Internet standards-based e-mail sending and receiving, digital signatures and encryption, local mailbox mail search and anti-spam and other functions. A dll hijacking vulnerability exists in Foxmail Windows client. An attacker can exploit th...

IETF Officially Deprecates SSLv3

Attacks such as POODLE and BEAST not only caused some sleepless nights for server admins having to patch against the respective weaknesses, but they also accelerated SSLV3 deprecation. In the time since both attacks were disclosed, major browsers have removed the fallback condition that enabled t...

POODLE vulnerability comeback, the impact of the TLS secure transmission protocols-vulnerability warning-the black bar safety net

! The Google security team in October found that a high-risk SSL vulnerability POODLE, now it a comeback, this time it is SSL upgrade version-the TLS Protocol. POODLE（Padding Oracle On Downgraded Legacy Encryption）vulnerabilities that had affected the most widely used Encryption Standard-SSL v3. ...