Unity Linux 20.1070a Security Update: pcs (UTSA-2026-007275)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007275 advisory. Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server's...

CVE-2024-51915

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through = 6.5.2...

CVE-2024-51915

CVE-2024-51915 affects the LiteSpeed Cache (litespeed-cache) WordPress plugin up to version 6.5.2. The issue is improper input handling during web page generation, enabling Stored XSS in pages viewed by other users. Affected component: litespeed-cache; root cause: failure to properly neutralize i...

Important: python-tornado

Issue Overview: Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML in the default error page where it could be used for XSS and can ...

SUSE CVE-2025-67724

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML in the default error page where it could be used for XSS and can be exploited by...

AZL-72371 CVE-2025-67724 affecting package python-tornado 6.2.0-1

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML in the default error page where it could be used for XSS and can be exploited by...

CVE-2025-67724

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML in the default error page where it could be used for XSS and can be exploited by...

CVE-2025-67726

Tornado is a Python web framework and asynchronous networking library. Versions 6.5.2 and below use an inefficient algorithm when parsing parameters for HTTP header values, potentially causing a DoS. The parseparam function in httputil.py is used to parse specific HTTP header values, such as thos...

CVE-2025-67725

Tornado (Python) vulnerable in versions

CVE-2025-67725 Tornado is Vulnerable to Quadratic DoS via Repeated Header Coalescing

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation...

EUVD-2025-203031

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation...

CVE-2025-67724 Tornado vulnerable to Header Injection and XSS via reason argument

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML in the default error page where it could be used for XSS and can be exploited by...

Tornado 安全漏洞

Tornado is a Python web framework and asynchronous networking library from the Chinese Tornado Technology Tornado community. The library scales to thousands of open connections through the use of non-blocking network I/O, making it well suited for long-time polling, WebSockets, and other...

HCL iAutomate 安全漏洞

HCL iAutomate is a powerful and intelligent runbook automation product from HCL India. A security vulnerability exists in HCL iAutomate version v6.5.1 and v6.5.2, which stems from using the HTTP GET method to process a request and including sensitive information in the query string, which could...

CVE-2023-26260

OXID eShop 6.2.x before 6.4.4 and 6.5.x before 6.5.2 allows session hijacking, leading to partial access of a customer's account by an attacker, due to an improper check of the user agent...

CVE-2021-31852

A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the UID request parameter. The malicious script is reflected unmodified into the Policy Auditor web-based interface which coul...

WordPress LiteSpeed Cache plugin <= 6.5.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by TaiYou Patchstack Alliance in WordPress Plugin LiteSpeed Cache versions = 6.5.2...

WordPress Intro Tour Tutorial DeepPresentation plugin <= 6.5.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by thiennv in WordPress Plugin Intro Tour Tutorial DeepPresentation versions = 6.5.2...

WordPress 跨站脚本漏洞

WordPress is a suite of blogging platforms developed in the PHP language by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL. A cross-site scripting vulnerability exists in WordPress Core 6.5.2 and earlier versions, which stems from insufficient...

Atlassian Confluence Cross-Site Scripting Vulnerability (CNVD-2018-00231)

Atlassian Confluence is a teamwork software written in Java and used primarily in enterprise environments. A cross-site scripting vulnerability exists in the RSS Feed macro in Atlassian Confluence before 6.5.2. A remote attacker can exploit this vulnerability to inject arbitrary HTML or JavaScrip...