All 8 CVE vulnerabilities found in tornado, with AI-generated Chinese analysis, references, and POCs.
Vendor: tornadoweb
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-35536 | Tornado 安全漏洞 CWE-159 | 7.2 | High | 2026-04-03 |
| CVE-2026-31958 | Tornado has a DoS due to too many multipart parts CWE-400 | 6.5AI | MediumAI | 2026-03-11 |
| CVE-2025-67726 | Tornado is Vulnerable to Quadratic DoS via Crafted Multipart Parameters CWE-834 | 7.5 | High | 2025-12-12 |
| CVE-2025-67725 | Tornado is Vulnerable to Quadratic DoS via Repeated Header Coalescing CWE-400 | 7.5 | High | 2025-12-12 |
| CVE-2025-67724 | Tornado vulnerable to Header Injection and XSS via reason argument CWE-79 | 5.4 | Medium | 2025-12-12 |
| CVE-2025-47287 | Tornado vulnerable to excessive logging caused by malformed multipart form data CWE-770 | 7.5 | High | 2025-05-15 |
| CVE-2024-52804 | Tornado has HTTP cookie parsing DoS vulnerability CWE-400 | 7.5 | High | 2024-11-22 |
| CVE-2023-28370 | Tornado 输入验证错误漏洞 | 6.1 | - | 2023-05-25 |
All 8 known CVE vulnerabilities affecting tornado with full Chinese analysis, references, and POCs where available.