Exploit for XML Injection (aka Blind XPath Injection) in Fonttools

CVE-2025-66034 — fontTools varLib Arbitrary File Write → RCE...

Exploit for XML Injection (aka Blind XPath Injection) in Fonttools

fontTools varLib CVE-2025-66034 Exploit...

SUSE: Security Advisory (SUSE-SU-2026:20184-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2026:20184-1 Security update for python-FontTools

This update for python-FontTools fixes the following issues: - CVE-2025-66034: Fixed arbitrary file write vulnerability that could lead to remote code execution bsc1254366...

TencentOS Server 4: fonttools (TSSA-2025:0963)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0963 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Fedora: Security Advisory (FEDORA-2025-58e2bb0f1e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-7917-1 fonttools vulnerabilities

It was discovered that the subsetting module of fontTools was vulnerable to an XML External Entity XEE attack. An unauthenticated remote attacker could possibly use this issue to include arbitrary files from the file system or make web requests from the host system. This issue only affected Ubunt...

CVE-2025-66034 vulnerabilities

Vulnerabilities for packages: mlflow, open-webui, tensorflow-cpu-jupyter...

SUSE CVE-2025-66034

fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib or python3 -m fontTools.varLib script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The...

CVE-2025-66034

fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib or python3 -m fontTools.varLib script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The...

CVE-2025-66034

fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib or python3 -m fontTools.varLib script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The...

CVE-2025-66034

creationtimestamp| type| source ---|---|--- 2025-11-28 16:11:02+00:00| published-proof-of-concept| https://github.com/fonttools/fonttools/security/advisories/GHSA-768j-98cg-p3fv 2025-11-29 17:58:20+00:00| seen|...

EUVD-2025-66034

Malicious code in topporcupinez3n npm...