104 matches found
Astra Linux - уязвимость в firefox, thunderbird
By tricking the browser with a X-Frame-Options header, a sandboxed iframe could present a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12...
CVE-2021-27003
Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 and 9.9.1 are missing an X-Frame-Options header which could allow a clickjacking attack...
CVE-2026-28356
A flaw was found in multipart. The parseoptionsheader function in multipart.py uses a regular expression with an ambiguous alternation, causing an exponential backtracking ReDoS when parsing a specially crafted HTTP or multipart segment headers. A web application parsing request headers or...
SUSE CVE-2026-28356
multipart is a fast multipart/form-data parser for python. Prior to 1.2.2, 1.3.1 and 1.4.0-dev, the parseoptionsheader function in multipart.py uses a regular expression with an ambiguous alternation, which can cause exponential backtracking ReDoS when parsing maliciously crafted HTTP or multipar...
[SECURITY] [DSA 6161-1] multipart security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6161-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 12, 2026 https://www.debian.org/security/faq -...
GHSA-P2M9-WCP5-6QW3 multipart vulnerable to ReDoS in `parse_options_header()`
Summary The parseoptionsheader function in multipart.py uses a regular expression with an ambiguous alternation, which can cause exponential backtracking ReDoS when parsing maliciously crafted HTTP or multipart segment headers. This can be abused for denial of service DoS attacks against web...
Regular Expression Denial of Service (ReDoS)
Overview multipart is a Parser for multipart/form-data Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the parseoptionsheader function due to the use of a regular expression with ambiguous alternation. An attacker can cause significant resource...
EUVD-2026-11607
multipart vulnerable to ReDoS in parseoptionsheader...
DEBIAN-CVE-2026-28356
multipart is a fast multipart/form-data parser for python. Prior to 1.2.2, 1.3.1 and 1.4.0-dev, the parseoptionsheader function in multipart.py uses a regular expression with an ambiguous alternation, which can cause exponential backtracking ReDoS when parsing maliciously crafted HTTP or multipar...
UBUNTU-CVE-2026-28356
multipart is a fast multipart/form-data parser for python. Prior to 1.2.2, 1.3.1 and 1.4.0-dev, the parseoptionsheader function in multipart.py uses a regular expression with an ambiguous alternation, which can cause exponential backtracking ReDoS when parsing maliciously crafted HTTP or multipar...
CVE-2026-28356 ReDoS in multipart 1.3.0 - `parse_options_header()`
multipart is a fast multipart/form-data parser for python. Prior to 1.2.2, 1.3.1 and 1.4.0-dev, the parseoptionsheader function in multipart.py uses a regular expression with an ambiguous alternation, which can cause exponential backtracking ReDoS when parsing maliciously crafted HTTP or multipar...
CVE-2026-28356
multipart is a fast multipart/form-data parser for python. Prior to 1.2.2, 1.3.1 and 1.4.0-dev, the parseoptionsheader function in multipart.py uses a regular expression with an ambiguous alternation, which can cause exponential backtracking ReDoS when parsing maliciously crafted HTTP or multipar...
CVE-2026-28356 ReDoS in multipart 1.3.0 - `parse_options_header()`
multipart is a fast multipart/form-data parser for python. Prior to 1.2.2, 1.3.1 and 1.4.0-dev, the parseoptionsheader function in multipart.py uses a regular expression with an ambiguous alternation, which can cause exponential backtracking ReDoS when parsing maliciously crafted HTTP or multipar...
CVE-2026-27511
Summary: CVE-2026-27511 affects Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi. The issue is a clickjacking vulnerability in the web-based administrative interface caused by the absence of the X-Frame-Options header, enabling attacker-controlled sites to embed admin pages in an ifr...
Tenda F3 安全漏洞
Tenda F3 is a wireless router produced by the Chinese company Tenda. The Tenda F3 V12.01.01.55multi version has a security vulnerability. This vulnerability arises from the lack of the X-Frame-Options header set in the web management interface, which may lead to clickjacking attacks...
SUSE-SU-2026:0196-1 Security update for ovmf
This update for ovmf fixes the following issues: - CVE-2023-45231: Fixed out of bounds read when handling a ND Redirect message with truncated options bsc1218881. - CVE-2023-45232: Fixed infinite loop when parsing unknown options in the Destination Options header bsc1218882. - CVE-2023-45233: Fix...
CVE-2025-52987 Paragon Automation: A clickjacking vulnerability in the web server configuration has been addressed
A clickjacking vulnerability exists in the web portal of Juniper Networks Paragon Automation Pathfinder, Planner, Insights due to the application's failure to set appropriate X-Frame-Options and X-Content-Type HTTP headers. This vulnerability allows an attacker to trick users into interacting wit...
CVE-2025-52987 Paragon Automation: A clickjacking vulnerability in the web server configuration has been addressed
A clickjacking vulnerability exists in the web portal of Juniper Networks Paragon Automation Pathfinder, Planner, Insights due to the application's failure to set appropriate X-Frame-Options and X-Content-Type HTTP headers. This vulnerability allows an attacker to trick users into interacting wit...
CVE-2025-52987
A clickjacking vulnerability exists in the web portal of Juniper Networks Paragon Automation Pathfinder, Planner, Insights due to the application's failure to set appropriate X-Frame-Options and X-Content-Type HTTP headers. This vulnerability allows an attacker to trick users into interacting wit...
PT-2026-1317
Name of the Vulnerable Software and Affected Versions PLANKA version 2.0.0 Description The application does not implement X-Frame-Options and CSP frame-ancestors headers, which allows it to be embedded within malicious iframes. This can expose users to phishing attacks through UI Redressing,...