DEBIAN-CVE-2026-34519

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the reason parameter when creating a Response may be able to inject extra headers or similar exploits. This issue has been patched in version 3.13.4...

EUVD-2024-3071

Malicious code in bioql PyPI...

GHSA-JJ78-5FMV-MV28 Express Open Redirect vulnerability

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Express. This vulnerability affects the use of the Express Response object. This issue impacts Express: from 3.4.5 before 4.0.0-rc1...

CVE-2024-9266

A flaw was found in the Express package for Node.js. Certain versions are vulnerable to an open redirect attack, a URL redirection to an untrusted site, via the Express 3 Response object. This flaw may allow a user to be redirected to an untrusted page containing malware, which may compromise the...

CVE-2024-9266

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Express. This vulnerability affects the use of the Express Response object. This issue impacts Express: from 3.4.5 before 4.0.0...

PT-2024-39524 · Express · Express

Name of the Vulnerable Software and Affected Versions: Express versions 3.4.5 through 4.0.0 Description: This issue is related to a URL Redirection to Untrusted Site, also known as an 'Open Redirect' vulnerability, affecting the use of the Express Response object. Recommendations: For Express...

CVE-2024-21545

Proxmox Virtual Environment is an open-source server management platform for enterprise virtualization. Insufficient safeguards against malicious API response values allow authenticated attackers with 'Sys.Audit' or 'VM.Monitor' privileges to download arbitrary host files via the API. When handli...

SUSE-SU-2024:2970-1 Security update for python-WebOb

This update for python-WebOb fixes the following issues: - CVE-2024-42353: Fixed open redirect via WebOb's Response object in Location header bsc1229221...

Reflected Cross-site Scripting (XSS)

generator-hottowel is vulnerable to Reflected Cross-site Scripting XSS attacks. The library does not properly handle invalid calls to assets as it uses a custom 404 response object, allowing an attacker to inject and execute JavaScript through the app.use function in app/templates/src/server/app....

GHSA-3VX3-XF6Q-R5XP Exposure of Resource to Wrong Sphere in Apache Tomcat

While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was...

CVE-2019-9517

Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write many of the byt...

2016 - the year of web streams

Yeah, ok, it's a touch bold to talk about something being the thing of the year as early as January, but the potential of the web streams API has gotten me all excited. TL;DR: Streams can be used to do fun things like turn clouds to butts, transcode MPEG to GIF, but most importantly, they can be...

[SECURITY] Fedora 18 Update: php-symfony2-EventDispatcher-2.2.10-1.fc18

The Symfony2 Event Dispatcher component implements the Observer http://en.wikipedia.org/wiki/Observerpattern pattern in a simple and effective way to make all these things possible and to make your projects truly extensible. Take a simple example from the Symfony2 HttpKernel component. Once a...