Lucene search
K

10 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/18 12:0 a.m.7 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-tornado (UTSA-2026-021475)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021475 advisory. Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers wher...

6.1CVSS5.8AI score0.00192EPSS
Exploits0References4
Amazon
Amazon
added 2026/04/01 12:0 a.m.10 views

Important: python3.13-tornado

Issue Overview: Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML in the default error page where it could be used for XSS and can ...

8.7CVSS6.5AI score0.00403EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/01/13 2:1 p.m.5 views

Astra Linux – Vulnerability in python-tornado

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the provided “reason” phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML on the default error page where it could be used for XSS attacks. This...

6.1CVSS5.8AI score0.00192EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/12 10:21 p.m.3 views

CVE-2025-67724

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML in the default error page where it could be used for XSS and can be exploited by...

6.1CVSS6.2AI score0.00192EPSS
Exploits0References6
NVD
NVD
added 2025/12/12 6:15 a.m.13 views

CVE-2025-67724

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML in the default error page where it could be used for XSS and can be exploited by...

6.1CVSS0.00192EPSS
Exploits0References3
OSV
OSV
added 2025/12/12 6:15 a.m.6 views

AZL-72377 CVE-2025-67724 affecting package python-tornado 6.3.3-11

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML in the default error page where it could be used for XSS and can be exploited by...

6.1CVSS6AI score0.00192EPSS
Exploits0References1
OSV
OSV
added 2025/12/12 6:15 a.m.4 views

UBUNTU-CVE-2025-67724

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML in the default error page where it could be used for XSS and can be exploited by...

6.1CVSS6AI score0.00192EPSS
Exploits0References6
CVE
CVE
added 2025/12/12 5:36 a.m.45 views

CVE-2025-67724

Summary (CVE-2025-67724 family: Tornado 6.5.x) Tornado, a Python web framework/networking library, is affected in versions 6.5.2 and earlier. The issue fixes unescaped reason phrases in HTTP headers (header injection risk) and in the default HTML error page (potential XSS) when data is passed to ...

6.1CVSS6.2AI score0.00192EPSS
Exploits0References3Affected Software1
AlpineLinux
AlpineLinux
added 2025/12/12 5:36 a.m.2 views

CVE-2025-67724

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML in the default error page where it could be used for XSS and can be exploited by...

6.1CVSS6.4AI score0.00192EPSS
Exploits0
EUVD
EUVD
added 2025/12/12 5:36 a.m.3 views

EUVD-2025-203032

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML in the default error page where it could be used for XSS and can be exploited by...

5.4CVSS6.1AI score0.00192EPSS
Exploits0References3
Rows per page
Query Builder