Astra Linux – Vulnerability in pypdf2

PyPDF2 is an open-source Python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In versions prior to 1.27.5, an attacker who exploited this vulnerability could create a PDF that would cause an infinite loop if the PyPDF2 code attempted to access the...

CLEANSTART-2026-KW90815 Security fixes for CVE-2026-4428, ghsa-2gh3-rmm4-6rq5, ghsa-394x-vwmw-crm3, ghsa-434x-w66g-qw3r, ghsa-65p9-r9h6-22vj, ghsa-9f94-5g5w-gf6r, ghsa-hfpc-8r3f-gw53, ghsa-r6v5-fh4h-64xc, ghsa-rhfx-m35p-ff5j, ghsa-vw5v-4f2q-w9xf, ghsa-xwfj-jgwm-7wp5 applied in versions: 1.27.5-r1, 1.27.6-r0, 1.27.6-r1, 1.27.8-r0

Multiple security vulnerabilities affect the ztunnel-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.2.2

Red Hat OpenShift Service Mesh 3.2.2 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift Service Mesh 3.2....

CLEANSTART-2026-KN30288 Security fixes for GHSA-2GH3-RMM4-6RQ5, GHSA-434X-W66G-QW3R, GHSA-R6V5-FH4H-64XC, GHSA-RHFX-M35P-FF5J, GHSA-XWFJ-JGWM-7WP5 applied in versions: 1.27.5-r1, 1.27.6-r0

Multiple security vulnerabilities affect the ztunnel-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

EUVD-2022-0214

Malicious code in bioql PyPI...

EUVD-2024-44844

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-0755

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The various bsonappend functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final...

CVE-2024-50413

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Javier Carazo Import and export users and customers import-users-from-csv-with-meta allows Stored XSS.This issue affects Import and export users and customers: from n/a through = 1.27.5...

CVE-2025-0755 MongoDB C Driver bson library may be susceptible to buffer overflow

The various bsonappend functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size INT32MAX, resulting in a segmentation fault and possible application crash. This...

WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin <= 1.27.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Post and Page Builder by BoldGrid versions = 1.27.5...

WordPress plugin Import and export users and customers 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

PT-2024-34187 · Unknown · Codection Import/Export Users/Customers

Name of the Vulnerable Software and Affected Versions: codection Import and export users and customers versions 1.27.5 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS...

WordPress Import and export users and customers plugin <= 1.27.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by UKO Patchstack Alliance in WordPress Plugin Import and export users and customers versions = 1.27.5...

CVE-2024-32475 Envoy RELEASE_ASSERT using auto_sni with :authority header > 255 bytes

Envoy is a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used with autosni enabled, a request containing a host/:authority header longer than 255 characters triggers an abnormal termination of Envoy process. Envoy does not gracefully handle an error when settin...

PT-2024-3092 · Envoy +1 · Envoy +1

Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.27.5 Envoy versions prior to 1.28.3 Envoy versions prior to 1.29.4 Envoy versions prior to 1.30.1 Description: The issue arises when an upstream TLS cluster is used with auto sni enabled and a request contains a...

PYSEC-2022-194

PyPDF2 is an open source python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In versions prior to 1.27.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop if the PyPDF2 if the code attempts to get the content...

UBUNTU-CVE-2022-24859

PyPDF2 is an open source python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In versions prior to 1.27.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop if the PyPDF2 if the code attempts to get the content...

PYSEC-2022-194

PyPDF2 is an open source python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In versions prior to 1.27.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop if the PyPDF2 if the code attempts to get the content...

CVE-2022-24859 Manipulated inline images can cause Infinite Loop in PyPDF2

PyPDF2 is an open source python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In versions prior to 1.27.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop if the PyPDF2 if the code attempts to get the content...

CVE-2022-24859

PyPDF2 is an open source python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In versions prior to 1.27.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop if the PyPDF2 if the code attempts to get the content...