Lucene search
K

58388 matches found

OSV
OSV
added 2025/12/12 6:15 a.m.7 views

AZL-72374 CVE-2025-67725 affecting package python-tornado 6.3.3-11

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation...

7.5CVSS6.4AI score0.00396EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2025/12/12 6:13 a.m.4 views

CVE-2025-67726

Tornado is a Python web framework and asynchronous networking library. Versions 6.5.2 and below use an inefficient algorithm when parsing parameters for HTTP header values, potentially causing a DoS. The parseparam function in httputil.py is used to parse specific HTTP header values, such as thos...

7.5CVSS7.6AI score0.00371EPSS
Exploits0
Debian CVE
Debian CVE
added 2025/12/12 5:49 a.m.3 views

CVE-2025-67725

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation...

7.5CVSS7.5AI score0.00396EPSS
Exploits0
Debian CVE
Debian CVE
added 2025/12/12 5:36 a.m.3 views

CVE-2025-67724

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML in the default error page where it could be used for XSS and can be exploited by...

6.1CVSS5.3AI score0.00185EPSS
Exploits0
Fedora
Fedora
added 2025/12/12 1:34 a.m.8 views

[SECURITY] Fedora 43 Update: python-urllib3-2.6.1-1.fc43

urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard libraries: =E2=80=A2 Thread safety. =E2=80=A2 Connection pooling. =E2=80=A2 Client-side SSL/TLS verification. =E2=80=A2 File uploads with multipart encoding...

8.9CVSS7AI score0.00622EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/12/12 12:0 a.m.4 views

SUSE SLED15: libpython3_6m1_0 / libpython3_6m1_0-32bit / python3 / python3-base / etc (SUSE-SU-2025:4368-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4368-1 advisory. - CVE-2025-6075: quadratic complexity in os.path.expandvars can lead to performance degradation...

5.5CVSS6.3AI score0.00345EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2025/12/12 12:0 a.m.1 views

Ubuntu: Security Advisory (USN-7927-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.9CVSS6.8AI score0.00622EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/12/12 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-67725

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the...

7.5CVSS6.4AI score0.00396EPSS
Exploits0References2
OSV
OSV
added 2025/12/11 9:47 p.m.4 views

CVE-2025-66446 MaxKB has a Python sandbox LD_PRELOAD bypass

MaxKB is an open-source AI assistant for enterprise. Versions 2.3.1 and below have improper file permissions which allow attackers to overwrite the built-in dynamic linker and other critical files, potentially resulting in privilege escalation. This issue is fixed in version 2.4.0...

8.8CVSS6.9AI score0.00306EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/11 9:47 p.m.3 views

CVE-2025-66446 MaxKB has a Python sandbox LD_PRELOAD bypass

MaxKB is an open-source AI assistant for enterprise. Versions 2.3.1 and below have improper file permissions which allow attackers to overwrite the built-in dynamic linker and other critical files, potentially resulting in privilege escalation. This issue is fixed in version 2.4.0...

8.8CVSS6.5AI score0.00306EPSS
Exploits0References2
CVE
CVE
added 2025/12/11 9:47 p.m.11 views

CVE-2025-66446

MaxKB (enterprise AI assistant) versions 2.3.1 and earlier are affected by improper file permissions that allow overwriting the built-in dynamic linker and other critical files, potentially enabling privilege escalation. The issue is fixed in version 2.4.0. Affected component: file permissions go...

8.8CVSS6.5AI score0.00306EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/12/11 3:53 p.m.3 views

EUVD-2025-202700

Malicious code in yzip PyPI...

6.6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/12/11 3:53 p.m.8 views

Malicious code in yzip (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 81477965a8a70d1ffef0d388478d3e05ef2eea54ade0a9c00ef923deb41b00cf During initialization of the archive-support class, the package starts code from another file and downloads multi-stage malware --- Category: MALICIOUS - The...

7.3AI score
Exploits0References4
OSV
OSV
added 2025/12/11 3:53 p.m.4 views

MAL-2025-192468 Malicious code in yzip (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 81477965a8a70d1ffef0d388478d3e05ef2eea54ade0a9c00ef923deb41b00cf During initialization of the archive-support class, the package starts code from another file and downloads multi-stage malware --- Category: MALICIOUS - The...

7.2AI score
Exploits0References4
Securelist
Securelist
added 2025/12/11 12:0 p.m.15 views

Hunting for Mythic in network traffic

Post-exploitation frameworks Threat actors frequently employ post-exploitation frameworks in cyberattacks to maintain control over compromised hosts and move laterally within the organization's network. While they once favored closed-source frameworks, such as Cobalt Strike and Brute Ratel C4,...

7.2AI score
Exploits0
HackRead
HackRead
added 2025/12/11 9:28 a.m.6 views

CastleLoader Malware Now Uses Python Loader to Bypass Security

Cybersecurity researchers at Blackpoint Cyber discovered a new, evasive CastleLoader malware variant using Python and ClickFix social engineering to deliver RATs and info-stealers directly from memory...

7AI score
Exploits0
OpenVAS
OpenVAS
added 2025/12/11 12:0 a.m.3 views

SUSE: Security Advisory (SUSE-SU-2025:1004-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS6.8AI score0.00465EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/12/11 12:0 a.m.2 views

openSUSE 15: libpython3_10-1_0 / libpython3_10-1_0-32bit / python310 / etc (SUSE-SU-2025:4352-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4352-1 advisory. Update to 3.10.19: - CVE-2025-6075: Fixed simple quadratic complexity vulnerabilities of os.path.expandvars. bsc1252974 - CVE-2025-8291: Check the...

5.5CVSS6.3AI score0.00345EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/12/11 12:0 a.m.4 views

EasyImages 安全漏洞

EasyImages is a thin wrapper on PIL by Jakub Cieslik individual developer. It is used for exploring, visualizing and sharing images. A security vulnerability exists in EasyImages 2.0 2.8.6 and earlier versions, which stems from improper file upload functionality and could lead to the execution of...

8.8CVSS7AI score0.0045EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/12/11 12:0 a.m.4 views

Fedora 43 : brotli / perl-Alien-Brotli / python-urllib3 (2025-d93200cf16)

The remote Fedora 43 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2025-d93200cf16 advisory. Update brotli to 1.2.0 and python-urllib3 to 2.6.1. In python-urllib3: - Fixed a security issue where streaming API could improperly handle highly...

8.9CVSS7.3AI score0.00622EPSS
Exploits0References4
Rows per page
Query Builder