[SECURITY] Fedora 44 Update: python-django6-6.0.5-1.fc44

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

Amazon Linux 2 : python3-tornado, --advisory ALAS2-2025-3109 (ALAS-2025-3109)

The version of python3-tornado installed on the remote host is prior to 5.0.2-4. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3109 advisory. Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied...

[SECURITY] Fedora 42 Update: python-django4.2-4.2.27-1.fc42

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

CVE-2025-67726

Tornado is a Python web framework and asynchronous networking library. Versions 6.5.2 and below use an inefficient algorithm when parsing parameters for HTTP header values, potentially causing a DoS. The parseparam function in httputil.py is used to parse specific HTTP header values, such as thos...

CVE-2025-67725

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation...

CVE-2025-67724

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML in the default error page where it could be used for XSS and can be exploited by...

EUVD-2019-2437

Malware in sbrugna...

EUVD-2024-3349

Malicious code in bioql PyPI...

Web-Application-Vulnerability-scanner

Web-Application-Vulnerability-scanner A Python...

ZigStrike 2.0

ZigStrike is a robust shellcode loader developed in Zig, offering a variety of injection techniques and anti-sandbox features. It leverages compile-time capabilities for efficient shellcode allocation, demonstrating proven success in bypassing advanced security solutions. ZigStrike includes a...

Amazon Linux 2 : python-tornado (ALAS-2025-2888)

The version of python-tornado installed on the remote host is prior to 4.2.1-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2888 advisory. Tornado is a Python web framework and asynchronous networking library. When Tornado's multipart/form- data parser encounters...

CMU CERT/CC VINCE 2.0.6 - Stored XSS

Exploit Tile: CMU CERT/CC VINCE 2.0.6 - Stored XSS Vendor: Carnegie Mellon University Product web page: https://www.kb.cert.org/vince/ Affected version: -H "Cookie: sessionid=xxxx" \ -d 'content="ZSL%0A%0A&csrfmiddlewaretoken=xxx&paginateby=10&replyto=xxxxx'...

[SECURITY] Fedora 40 Update: python-django4.2-4.2.20-1.fc40

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

[SECURITY] Fedora 41 Update: python-django-4.2.20-1.fc41

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

CMU CERT/CC VINCE 2.0.6 Cross Site Scripting

Carnegie Mellon University CERT/CC VINCE version 2.0.6 framework suffers from an authenticated stored cross site scripting vulnerability. Input passed to the content POST parameter is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code...

USN-7205-1: Django vulnerability

It was discovered that Django incorrectly handled certain IPv6 strings. An attacker could possibly use this issue to cause a denial of service...

Amazon Linux 2 : python3-tornado (ALAS-2025-2725)

The version of python3-tornado installed on the remote host is prior to 5.0.2-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2725 advisory. Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Torna...

Important: python-waitress

Issue Overview: Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recvbytes defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default we won't read any more...

The vulnerability of the channel_request_lookahead() function in the WSGI server for Python Waitress allows a attacker to send hidden HTTP requests (HTTP Request Smuggling attack).

The vulnerability of the channelrequestlookahead function in the WSGI server for Python Waitress is related to synchronization errors when using shared resources due to inconsistent interpretation of HTTP requests. Exploiting this vulnerability allows a remote attacker to send hidden HTTP request...

Important: Red Hat Security Advisory: python-tornado security update

An update for python-tornado is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...