Lucene search
K

849 matches found

Nuclei
Nuclei
added 6 hours ago40 views

Twisted - Open Redirect & XSS

Twisted is an event-based framework for internet applications, supporting Python 3.6+. The Twisted web framework's redirectTo function is vulnerable to reflected XSS if an attacker can control the redirect URL. This template tests for an open redirect and XSS vulnerability in the URL parameter...

6.1CVSS6.3AI score0.01176EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.11 views

CVE-2026-42304

A flaw was found in Twisted, specifically within the twisted.names module. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted TCP DNS packet containing deeply chained compression pointers. This can lead to resource exhaustion, causing the...

7.5CVSS5.8AI score0.00433EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.10 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Twisted vulnerability (USN-8380-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8380-1 advisory. It was discovered that Twisted incorrectly handled DNS name decompression. A remote attacker could possibly use this issue to caus...

7.5CVSS5.6AI score0.00433EPSS
Exploits1References2
PyPA
PyPA
added 2026/06/03 2:16 p.m.9 views

PYSEC-2026-214

daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twisted does not treat \x0b, \x0c, \x1c, \x1d, \x1e, or \x85 as header line separators, but autobahn decodes header values to str and calls splitlines. An...

5.3CVSS5.4AI score0.00172EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2026/06/03 2:16 p.m.9 views

PYSEC-0000-CVE-2026-44546

daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twisted does not treat \x0b, \x0c, \x1c, \x1d, \x1e, or \x85 as header line separators, but autobahn decodes header values to str and calls splitlines. An...

5.3CVSS5.5AI score0.00172EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/03 2:16 p.m.8 views

PYSEC-2026-214

daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twisted does not treat \x0b, \x0c, \x1c, \x1d, \x1e, or \x85 as header line separators, but autobahn decodes header values to str and calls splitlines. An...

5.3CVSS5.4AI score0.00172EPSS
Exploits0References2
OSV
OSV
added 2026/06/03 2:16 p.m.10 views

UBUNTU-CVE-2026-44546

daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twisted does not treat \x0b, \x0c, \x1c, \x1d, \x1e, or \x85 as header line separators, but autobahn decodes header values to str and calls splitlines. An...

5.3CVSS5.5AI score0.00172EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2026/06/03 1:59 p.m.10 views

USN-8380-1: Twisted vulnerability

It was discovered that Twisted incorrectly handled DNS name decompression. A remote attacker could possibly use this issue to cause Twisted to consume excessive resources, leading to a denial of service...

7.5CVSS5.5AI score0.00433EPSS
Exploits1
OSV
OSV
added 2026/06/03 1:59 p.m.9 views

USN-8380-1 twisted vulnerability

It was discovered that Twisted incorrectly handled DNS name decompression. A remote attacker could possibly use this issue to cause Twisted to consume excessive resources, leading to a denial of service...

7.5CVSS5.8AI score0.00433EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/06/03 1:17 p.m.12 views

CVE-2026-44546

daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twisted does not treat \x0b, \x0c, \x1c, \x1d, \x1e, or \x85 as header line separators, but autobahn decodes header values to str and calls splitlines. An...

5.3CVSS5.8AI score0.00172EPSS
Exploits0
EUVD
EUVD
added 2026/06/03 1:17 p.m.15 views

EUVD-2026-34092

daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twisted does not treat \x0b, \x0c, \x1c, \x1d, \x1e, or \x85 as header line separators, but autobahn decodes header values to str and calls splitlines. An...

3.7CVSS5.8AI score0.00172EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/03 1:17 p.m.8 views

CVE-2026-44546

daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twisted does not treat \x0b, \x0c, \x1c, \x1d, \x1e, or \x85 as header line separators, but autobahn decodes header values to str and calls splitlines. An...

3.7CVSS5.8AI score0.00172EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.17 views

PT-2026-46110

It was discovered that Twisted incorrectly handled DNS name decompression. A remote attacker could possibly use this issue to cause Twisted to consume excessive resources, leading to a denial of service...

7.5CVSS5.8AI score0.00433EPSS
Exploits1References3
SUSE Linux
SUSE Linux
added 2026/06/02 6:2 a.m.11 views

Security update for python-Twisted

This update for python-Twisted fixes the following issue CVE-2026-42304: Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression bsc1265265. Patch Instructions: To install this SUSE update use the SUSE...

7.5CVSS5.8AI score0.00433EPSS
Exploits1References4
OSV
OSV
added 2026/06/02 6:2 a.m.8 views

SUSE-SU-2026:2219-1 Security update for python-Twisted

This update for python-Twisted fixes the following issue - CVE-2026-42304: Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression bsc1265265...

7.5CVSS5.8AI score0.00433EPSS
Exploits1References3
SUSE Linux
SUSE Linux
added 2026/06/02 6:0 a.m.11 views

Security update for python3-Twisted

This update for python3-Twisted fixes the following issue CVE-2026-42304: Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression bsc1265265. Patch Instructions: To install this SUSE update use the SUSE...

7.5CVSS5.8AI score0.00433EPSS
Exploits1References4
OSV
OSV
added 2026/06/02 6:0 a.m.8 views

SUSE-SU-2026:2218-1 Security update for python3-Twisted

This update for python3-Twisted fixes the following issue - CVE-2026-42304: Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression bsc1265265...

7.5CVSS5.8AI score0.00433EPSS
Exploits1References3
CBLMariner
CBLMariner
added 2026/06/02 2:56 a.m.14 views

CVE-2026-42304 affecting package python-twisted for versions less than 22.10.0-5

CVE-2026-42304 affecting package python-twisted for versions less than 22.10.0-5. A patched version of the package is available...

7.5CVSS5.8AI score0.00433EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/06/02 12:0 a.m.12 views

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-42304)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-42304 advisory. - Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior t...

7.5CVSS5.8AI score0.00433EPSS
Exploits1References1
OSV
OSV
added 2026/06/01 8:24 a.m.5 views

SUSE-SU-2026:22004-1 Security update for python-Twisted

This update for python-Twisted fixes the following issue - CVE-2026-42304: Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression bsc1265265...

7.5CVSS5.4AI score0.00433EPSS
Exploits1References3
Rows per page
Query Builder