CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

Tenable Nessus•added 2026/04/17 12:0 a.m.•2 views

Unity Linux 20.1070a Security Update: pcs (UTSA-2026-007275)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007275 advisory. Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server's...

7.5CVSS6.4AI score0.00212EPSS

Exploits0References4

Debian CVE•added 2026/02/03 2:38 p.m.•3 views

CVE-2025-14550

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. ASGIRequest allows a remote attacker to cause a potential denial-of-service via a crafted request with multiple duplicate headers. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not...

7.5CVSS7.2AI score0.00072EPSS

Exploits0

UbuntuCve•added 2026/02/03 2:0 p.m.•1 views

CVE-2025-14550

7.5CVSS7.1AI score0.00072EPSS

Exploits0References3

RedHat Linux•added 2026/01/21 3:59 p.m.•4 views

tornado: Tornado Quadratic DoS via Repeated Header Coalescing

A denial of service flaw has been discovered in the Tornado networking library. In Tornado, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation when the...

7.5CVSS5.7AI score0.00212EPSS

Exploits0References7

SUSE CVE•added 2025/12/25 12:27 a.m.•5 views

SUSE CVE-2025-67725

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation...

7.5CVSS6.5AI score0.00212EPSS

Exploits0References44