Lucene search
K

968 matches found

almalinux
almalinux
added 2026/02/10 12:0 a.m.8 views

Moderate: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.5CVSS7.3AI score0.01525EPSS
Exploits0References4
redhat
redhat
added 2026/02/05 2:53 p.m.7 views

hibernate-reactive-core: Hibernate Reactive: Denial of Service due to connection leak on HTTP client disconnect

A flaw was found in Hibernate Reactive. When an HTTP endpoint is exposed to perform database operations, a remote client can prematurely close the HTTP connection. This action may lead to leaking connections from the database connection pool, potentially causing a Denial of Service DoS by...

4.3CVSS5.8AI score0.00376EPSS
Exploits0References4
nessus
nessus
added 2026/02/05 12:0 a.m.13 views

Amazon Linux 2023 : python3-urllib3 (ALAS2023-2026-1418)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1418 advisory. urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server...

8.9CVSS5.8AI score0.02667EPSS
Exploits0References8
redhat
redhat
added 2026/02/04 7:51 p.m.5 views

cpython: Excessive read buffering DoS in http.client

A flaw was found in the http.client module in the Python standard library. When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This issue allows a malicious server to cause the client to read large amounts of data into...

7.5CVSS5.7AI score0.01525EPSS
Exploits0References6
redhat
redhat
added 2026/02/04 7:51 p.m.9 views

Moderate: Red Hat Security Advisory: python3.11 security update

An update for python3.11 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

7.5CVSS7.3AI score0.01525EPSS
Exploits0References3
redhat
redhat
added 2026/02/04 3:4 p.m.4 views

cpython: Excessive read buffering DoS in http.client

A flaw was found in the http.client module in the Python standard library. When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This issue allows a malicious server to cause the client to read large amounts of data into...

7.5CVSS5.7AI score0.01525EPSS
Exploits0References6
redhat
redhat
added 2026/02/03 3:42 p.m.5 views

cpython: Excessive read buffering DoS in http.client

A flaw was found in the http.client module in the Python standard library. When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This issue allows a malicious server to cause the client to read large amounts of data into...

7.5CVSS5.7AI score0.01525EPSS
Exploits0References6
cvelist
cvelist
added 2026/01/28 8:3 p.m.29 views

CVE-2025-14840 HTTP Client Manager - Less critical - Information disclosure - SA-CONTRIB-2025-126

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal HTTP Client Manager allows Forceful Browsing.This issue affects HTTP Client Manager: from 0.0.0 before 9.3.13, from 10.0.0 before 10.0.2, from 11.0.0 before 11.0.1...

0.00263EPSS
Exploits0References1
euvd
euvd
added 2026/01/28 8:3 p.m.6 views

EUVD-2025-206433

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal HTTP Client Manager allows Forceful Browsing.This issue affects HTTP Client Manager: from 0.0.0 before 9.3.13, from 10.0.0 before 10.0.2, from 11.0.0 before 11.0.1...

7.5CVSS5.9AI score0.00263EPSS
Exploits0References1
redhat
redhat
added 2026/01/27 5:32 p.m.7 views

cpython: Excessive read buffering DoS in http.client

A flaw was found in the http.client module in the Python standard library. When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This issue allows a malicious server to cause the client to read large amounts of data into...

7.5CVSS5.7AI score0.01525EPSS
Exploits0References6
redhat
redhat
added 2026/01/27 3:21 p.m.7 views

cpython: Excessive read buffering DoS in http.client

A flaw was found in the http.client module in the Python standard library. When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This issue allows a malicious server to cause the client to read large amounts of data into...

7.5CVSS5.7AI score0.01525EPSS
Exploits0References6
nessus
nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : java-21-openjdk-21.0.5.0.10-3.el8.ML.1 (AXSA:2024-8941:16)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8941:16 advisory. giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function CVE-2023-48161 JDK: Array indexing integer overflow 8328544 CVE-2024-212...

7.1CVSS7AI score0.01157EPSS
Exploits1References6
redhatcve
redhatcve
added 2026/01/15 5:22 p.m.5 views

CVE-2026-22779

BlackSheep is an asynchronous web framework to build event based web applications with Python. Prior to 2.4.6, the HTTP Client implementation in BlackSheep is vulnerable to CRLF injection. Missing headers validation makes it possible for an attacker to modify the HTTP requests e.g. insert a new...

6.3CVSS6.5AI score0.00307EPSS
Exploits0References1
osv
osv
added 2026/01/14 4:52 p.m.2 views

GHSA-6PW3-H7XF-X4GP BlackSheep's ClientSession is vulnerable to CRLF injection

Impact The HTTP Client implementation in BlackSheep is vulnerable to CRLF injection. Missing headers validation makes it possible for an attacker to modify the HTTP requests e.g. insert a new header or even create a new HTTP request. Exploitation requires developers to pass unsanitized user input...

6.3CVSS6.6AI score0.00307EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/01/14 12:0 a.m.4 views

PT-2026-2925

Name of the Vulnerable Software and Affected Versions BlackSheep versions prior to 2.4.6 Description BlackSheep, an asynchronous web framework for building event-based web applications with Python, has an issue in its HTTP Client implementation. Missing validation of headers allows an attacker to...

6.3CVSS6.5AI score0.00307EPSS
Exploits0References13
cnnvd
cnnvd
added 2026/01/14 12:0 a.m.5 views

undici 安全漏洞

undici is an open source HTTP/1.1 client for Node.js. A security vulnerability exists in undici versions prior to 7.18.0 and prior to 6.23.0, which stems from an unlimited number of links in an unzip chain, and could lead to high CPU usage and memory over-allocation...

7.5CVSS6.4AI score0.00433EPSS
Exploits0References2
nessus
nessus
added 2026/01/13 12:0 a.m.4 views

MiracleLinux 7 : java-11-openjdk-11.0.26.0.4-1.0.1.el7.AXS7 (AXSA:2025-9817:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9817:01 advisory. - Upgrade to openjdk-11.0.26+4. The following CVEs were fixed: - CVE-2024-21131: potential UTF8 size overflow - CVE-2024-21138: excessive symbol...

7.4CVSS6.5AI score0.01257EPSS
Exploits0References12
redhatcve
redhatcve
added 2026/01/09 11:20 a.m.9 views

CVE-2021-22049

The vSphere Web Client FLEX/Flash contains an SSRF Server Side Request Forgery vulnerability in the vSAN Web Client vSAN UI plug-in. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an...

9.8CVSS6.8AI score0.01673EPSS
Exploits0References1
cvelist
cvelist
added 2026/01/07 9:39 a.m.25 views

CVE-2025-68637 Apache Uniffle: Insecure SSL Configuration in Uniffle HTTP Client

The Uniffle HTTP client is configured to trust all SSL certificates and disables hostname verification by default. This insecure configuration exposes all REST API communication between the Uniffle CLI/client and the Uniffle Coordinator service to potential Man-in-the-Middle MITM attacks. This...

0.0022EPSS
Exploits0References1
nvd
nvd
added 2026/01/06 4:15 p.m.13 views

CVE-2020-36925

Arteco Web Client DVR/NVR contains a session hijacking vulnerability with insufficient session ID complexity that allows remote attackers to bypass authentication. Attackers can brute force session IDs within a specific numeric range to obtain valid sessions and access live camera streams without...

9.8CVSS0.00595EPSS
Exploits1References8
Rows per page
Query Builder