58388 matches found
AZL-72374 CVE-2025-67725 affecting package python-tornado 6.3.3-11
Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation...
CVE-2025-67726
Tornado is a Python web framework and asynchronous networking library. Versions 6.5.2 and below use an inefficient algorithm when parsing parameters for HTTP header values, potentially causing a DoS. The parseparam function in httputil.py is used to parse specific HTTP header values, such as thos...
CVE-2025-67725
Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation...
CVE-2025-67724
Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML in the default error page where it could be used for XSS and can be exploited by...
[SECURITY] Fedora 43 Update: python-urllib3-2.6.1-1.fc43
urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard libraries: =E2=80=A2 Thread safety. =E2=80=A2 Connection pooling. =E2=80=A2 Client-side SSL/TLS verification. =E2=80=A2 File uploads with multipart encoding...
SUSE SLED15: libpython3_6m1_0 / libpython3_6m1_0-32bit / python3 / python3-base / etc (SUSE-SU-2025:4368-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4368-1 advisory. - CVE-2025-6075: quadratic complexity in os.path.expandvars can lead to performance degradation...
Ubuntu: Security Advisory (USN-7927-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Linux Distros Unpatched Vulnerability : CVE-2025-67725
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the...
CVE-2025-66446 MaxKB has a Python sandbox LD_PRELOAD bypass
MaxKB is an open-source AI assistant for enterprise. Versions 2.3.1 and below have improper file permissions which allow attackers to overwrite the built-in dynamic linker and other critical files, potentially resulting in privilege escalation. This issue is fixed in version 2.4.0...
CVE-2025-66446 MaxKB has a Python sandbox LD_PRELOAD bypass
MaxKB is an open-source AI assistant for enterprise. Versions 2.3.1 and below have improper file permissions which allow attackers to overwrite the built-in dynamic linker and other critical files, potentially resulting in privilege escalation. This issue is fixed in version 2.4.0...
CVE-2025-66446
MaxKB (enterprise AI assistant) versions 2.3.1 and earlier are affected by improper file permissions that allow overwriting the built-in dynamic linker and other critical files, potentially enabling privilege escalation. The issue is fixed in version 2.4.0. Affected component: file permissions go...
EUVD-2025-202700
Malicious code in yzip PyPI...
Malicious code in yzip (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 81477965a8a70d1ffef0d388478d3e05ef2eea54ade0a9c00ef923deb41b00cf During initialization of the archive-support class, the package starts code from another file and downloads multi-stage malware --- Category: MALICIOUS - The...
MAL-2025-192468 Malicious code in yzip (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 81477965a8a70d1ffef0d388478d3e05ef2eea54ade0a9c00ef923deb41b00cf During initialization of the archive-support class, the package starts code from another file and downloads multi-stage malware --- Category: MALICIOUS - The...
Hunting for Mythic in network traffic
Post-exploitation frameworks Threat actors frequently employ post-exploitation frameworks in cyberattacks to maintain control over compromised hosts and move laterally within the organization's network. While they once favored closed-source frameworks, such as Cobalt Strike and Brute Ratel C4,...
CastleLoader Malware Now Uses Python Loader to Bypass Security
Cybersecurity researchers at Blackpoint Cyber discovered a new, evasive CastleLoader malware variant using Python and ClickFix social engineering to deliver RATs and info-stealers directly from memory...
SUSE: Security Advisory (SUSE-SU-2025:1004-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE 15: libpython3_10-1_0 / libpython3_10-1_0-32bit / python310 / etc (SUSE-SU-2025:4352-1)
The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4352-1 advisory. Update to 3.10.19: - CVE-2025-6075: Fixed simple quadratic complexity vulnerabilities of os.path.expandvars. bsc1252974 - CVE-2025-8291: Check the...
EasyImages 安全漏洞
EasyImages is a thin wrapper on PIL by Jakub Cieslik individual developer. It is used for exploring, visualizing and sharing images. A security vulnerability exists in EasyImages 2.0 2.8.6 and earlier versions, which stems from improper file upload functionality and could lead to the execution of...
Fedora 43 : brotli / perl-Alien-Brotli / python-urllib3 (2025-d93200cf16)
The remote Fedora 43 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2025-d93200cf16 advisory. Update brotli to 1.2.0 and python-urllib3 to 2.6.1. In python-urllib3: - Fixed a security issue where streaming API could improperly handle highly...