CVE-2025-63665

An issue in GT Edge AI Community Edition Versions before v2.0.12 allows attackers to execute arbitrary code via injecting a crafted JSON payload into the Prompt window...

CVE-2025-63665

CVE-2025-63665 affects GT Edge AI in multiple builds. GT Edge AI Community Edition versions before v2.0.12 are vulnerable to arbitrary code execution via a crafted JSON payload injected into the Prompt window. GT Edge AI Platform before v2.0.10-dev is similarly vulnerable to the same flaw. The is...

PT-2025-52522

Name of the Vulnerable Software and Affected Versions Ever Gauzy version 0.281.9 Description The software contains a JWT authentication issue due to a weak HMAC secret key implementation. This allows attackers to exploit the exposed JWT token to authenticate and gain unauthorized access,...

PT-2025-52498

Name of the Vulnerable Software and Affected Versions GT Edge AI Platform versions prior to 2.0.10-dev Description An issue in GT Edge AI Platform allows attackers to execute arbitrary code by injecting a crafted JSON payload into the Prompt window. The vulnerability involves the potential for co...

CVE-2025-68433

Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Model Context Protocol MCP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious MCP configuration can contain arbitrary shell...

CVE-2024-29370

A flaw was found in python-jose. This vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio, leading to significant memory allocation and processing time during decompression...

CVE-2025-68433

Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Model Context Protocol MCP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious MCP configuration can contain arbitrary shell...

CVE-2025-68433

CVE-2025-68433 affects Zed IDE prior to 0.218.2-pre. The vulnerability arises from loading MCP configurations from a project/.zed/settings.json without explicit user confirmation, allowing a malicious MCP to execute arbitrary shell commands on the host with the IDE user’s privileges when a projec...

Duplicate Advisory: python-jose denial of service via compressed JWE content

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cjwg-qfpm-7377. This link is maintained to preserve external references. Original Description In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS...

EUVD-2024-26381

In jose4j before 0.9.5, an attacker can cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during...

EUVD-2024-26380

In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...

GHSA-H4PW-WXH7-4VJJ Duplicate Advisory: python-jose denial of service via compressed JWE content

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cjwg-qfpm-7377. This link is maintained to preserve external references. Original Description In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS...

Allocation of Resources Without Limits or Throttling

Overview org.bitbucket.bc:jose4j is a robust and easy to use open source implementation of JSON Web Token JWT and the JOSE specification suite JWS, JWE, and JWK. It is written in Java and relies solely on the JCA APIs for cryptography. Please see https://bitbucket.org/bc/jose4j/wiki/Home for more...

DEBIAN-CVE-2024-29371

In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during...

PYSEC-2025-185

In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...

UBUNTU-CVE-2024-29370

In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...

Exploit for CVE-2025-65945

CVE-2025-65945: node-jws Signature Bypass This is a proof of...

jose4j 安全漏洞

jose4j is a powerful and easy-to-use open source implementation of the JSON Web Token JWT and the JOSE suite of specifications JWS, JWE, and JWK from Bitbucket Open Source. A security vulnerability exists in jose4j versions prior to 0.9.5, which stems from an attacker being able to construct...

python-jose 安全漏洞

python-jose is a JOSE implementation in Python by the individual developer Michael Davis. A security vulnerability exists in python-jose version 3.3.0, which stems from an attacker being able to construct malicious JSON Web Encryption tokens with extremely high compression rates, potentially...

Exploit for Deserialization of Untrusted Data in Facebook React

🔍 Next.js RCE Scanner - CVE-2025-55182 & CVE-2025-66478...