CVE-2024-42733

Critical CVSS: 9.8

An issue in Docmosis Tornado v.2.9.7 and before allows a remote attacker to execute arbitrary code via a crafted script to the UNC path input

Vendor

Product

CWE

Yayın Tarihi

2025-03-07 21:15:17

Güncelleme

2025-06-23 19:40:09

Source Identifier

cve@mitre.org

KEV Date Added

CWE-94 Tornado CRITICAL Docmosis 2025

https://github.com/Docmosis/tornado-docker/issues/14 https://github.com/Marsman1996/pocs/blob/master/redox/CVE-2024-57492/README.md

High

CVE-2026-31958

Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only l…

High

CVE-2025-67726

Tornado is a Python web framework and asynchronous networking library. Versions 6.5.2 and below use an inefficient algor…

Medium

CVE-2025-67724

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason…

High

CVE-2025-67725

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously…

High

CVE-2025-47287

Tornado is a Python web framework and asynchronous networking library. When Tornado's ``multipart/form-data`` parser enc…