Lucene search
+L

1561 matches found

Amazon
Amazon
added 2026/01/05 12:0 a.m.8 views

Important: python-tornado

Issue Overview: Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML in the default error page where it could be used for XSS and can ...

7.5CVSS6.8AI score0.00403EPSS
Exploits0
EUVD
EUVD
added 2026/01/01 3:30 a.m.3 views

EUVD-2025-206124

To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used...

6.5AI score
Exploits0References1
Debian CVE
Debian CVE
added 2025/12/30 12:15 p.m.9 views

CVE-2023-54256

Removed by vendor...

7AI score
Exploits0
EUVD
EUVD
added 2025/12/16 3:30 p.m.4 views

EUVD-2025-203696

In the Linux kernel, the following vulnerability has been resolved: bpf: Add bpfprogrundatapointers syzbot found that clsbpfclassify is able to change tcskbcbskb-dropreason triggering a warning in skskbreasondrop. WARNING: CPU: 0 PID: 5965 at net/core/skbuff.c:1192 skskbreasondrop...

5.9AI score0.00179EPSS
Exploits0References7
NVD
NVD
added 2025/12/16 2:15 p.m.10 views

CVE-2025-68200

In the Linux kernel, the following vulnerability has been resolved: bpf: Add bpfprogrundatapointers syzbot found that clsbpfclassify is able to change tcskbcbskb-dropreason triggering a warning in skskbreasondrop. WARNING: CPU: 0 PID: 5965 at net/core/skbuff.c:1192 skskbreasondrop...

0.00179EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2025/12/16 2:15 p.m.3 views

CVE-2025-68200

In the Linux kernel, the following vulnerability has been resolved: bpf: Add bpfprogrundatapointers syzbot found that clsbpfclassify is able to change tcskbcbskb-dropreason triggering a warning in skskbreasondrop. WARNING: CPU: 0 PID: 5965 at net/core/skbuff.c:1192 skskbreasondrop...

5.9AI score0.00179EPSS
Exploits0References33
OSV
OSV
added 2025/12/16 2:15 p.m.4 views

UBUNTU-CVE-2025-68200

In the Linux kernel, the following vulnerability has been resolved: bpf: Add bpfprogrundatapointers syzbot found that clsbpfclassify is able to change tcskbcbskb-dropreason triggering a warning in skskbreasondrop. WARNING: CPU: 0 PID: 5965 at net/core/skbuff.c:1192 skskbreasondrop...

5.7AI score0.00179EPSS
Exploits0References34
Cvelist
Cvelist
added 2025/12/16 1:48 p.m.28 views

CVE-2025-68200 bpf: Add bpf_prog_run_data_pointers()

In the Linux kernel, the following vulnerability has been resolved: bpf: Add bpfprogrundatapointers syzbot found that clsbpfclassify is able to change tcskbcbskb-dropreason triggering a warning in skskbreasondrop. WARNING: CPU: 0 PID: 5965 at net/core/skbuff.c:1192 skskbreasondrop...

0.00179EPSS
Exploits0References6
CVE
CVE
added 2025/12/16 1:48 p.m.19 views

CVE-2025-68200

CVE-2025-68200 is a Linux kernel vulnerability addressed by introducing bpf_prog_run_data_pointers() to save/restore net_sched storage that collides with BPF data_meta/data_end. The issue stemmed from cls_bpf_classify() potentially modifying tc_skb_cb(skb)->drop_reason, triggering a warning in...

6.1AI score0.00179EPSS
Exploits0References6
OSV
OSV
added 2025/12/16 1:48 p.m.4 views

CVE-2025-68200 bpf: Add bpf_prog_run_data_pointers()

In the Linux kernel, the following vulnerability has been resolved: bpf: Add bpfprogrundatapointers syzbot found that clsbpfclassify is able to change tcskbcbskb-dropreason triggering a warning in skskbreasondrop. WARNING: CPU: 0 PID: 5965 at net/core/skbuff.c:1192 skskbreasondrop...

6.3AI score0.00179EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2025/12/13 12:24 a.m.8 views

SUSE CVE-2025-67724

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML in the default error page where it could be used for XSS and can be exploited by...

5.4CVSS6.5AI score0.00192EPSS
Exploits0References44
RedhatCVE
RedhatCVE
added 2025/12/12 10:21 p.m.4 views

CVE-2025-67724

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML in the default error page where it could be used for XSS and can be exploited by...

6.1CVSS6.2AI score0.00192EPSS
Exploits0References6
Snyk
Snyk
added 2025/12/12 6:51 a.m.4 views

HTTP Header Injection

Overview tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed. Affected versions of this package are vulnerable to HTTP Header Injection via the reason argument in HTTP status handling. An attacker can inject arbitrary HTTP headers or execute...

6.1CVSS7.2AI score0.00192EPSS
Exploits0References3
NVD
NVD
added 2025/12/12 6:15 a.m.13 views

CVE-2025-67724

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML in the default error page where it could be used for XSS and can be exploited by...

6.1CVSS0.00192EPSS
Exploits0References3
OSV
OSV
added 2025/12/12 6:15 a.m.6 views

AZL-72377 CVE-2025-67724 affecting package python-tornado 6.3.3-11

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML in the default error page where it could be used for XSS and can be exploited by...

6.1CVSS6AI score0.00192EPSS
Exploits0References1
OSV
OSV
added 2025/12/12 6:15 a.m.4 views

UBUNTU-CVE-2025-67724

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML in the default error page where it could be used for XSS and can be exploited by...

6.1CVSS6AI score0.00192EPSS
Exploits0References6
EUVD
EUVD
added 2025/12/12 5:36 a.m.4 views

EUVD-2025-203032

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML in the default error page where it could be used for XSS and can be exploited by...

5.4CVSS6.1AI score0.00192EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/12 5:36 a.m.33 views

CVE-2025-67724 Tornado vulnerable to Header Injection and XSS via reason argument

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML in the default error page where it could be used for XSS and can be exploited by...

5.4CVSS0.00192EPSS
Exploits0References3
CVE
CVE
added 2025/12/12 5:36 a.m.48 views

CVE-2025-67724

Summary (CVE-2025-67724 family: Tornado 6.5.x) Tornado, a Python web framework/networking library, is affected in versions 6.5.2 and earlier. The issue fixes unescaped reason phrases in HTTP headers (header injection risk) and in the default HTML error page (potential XSS) when data is passed to ...

6.1CVSS6.2AI score0.00192EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/12/12 5:36 a.m.3 views

CVE-2025-67724 Tornado vulnerable to Header Injection and XSS via reason argument

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML in the default error page where it could be used for XSS and can be exploited by...

5.4CVSS6.6AI score0.00192EPSS
Exploits0References5
Rows per page
Query Builder