📦 Tornado

CVE-2025-67726 is a denial-of-service vulnerability in Tornado web framework where inefficient parsing of HTTP header parameters allows attackers to cause quadratic CPU consumption. This affects Torna...

A denial-of-service vulnerability in Tornado web framework allows a single malicious HTTP request to block the server's event loop by exploiting inefficient string concatenation in the HTTPHeaders.add...

This vulnerability in Tornado web framework allows attackers to inject malicious content into HTTP headers or execute cross-site scripting (XSS) attacks by passing untrusted data to the 'reason' argum...