urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)

urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...

urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)

urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...

openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand

A flaw was found in OpenSSH where control characters in usernames were not properly validated when sourced from untrusted inputs like the command line or configuration expansion. If a ProxyCommand is used, these control characters could modify command behavior, potentially leading to code executi...

urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)

urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...

CVE-2026-25201

creationtimestamp| type| source ---|---|--- 2026-02-02 05:24:03+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mdu45yaayh2o 2026-02-02 05:24:43+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mdu4772n7d2h 2026-02-02 09:39:58+00:00| seen|...

Directory Traversal

Overview @backstage/plugin-techdocs-node is a Common node.js functionalities for TechDocs, to be shared between techdocs-backend plugin and techdocs-cli Affected versions of this package are vulnerable to Directory Traversal via the TechdocsGenerator function when processing documentation from...

CVE-2026-1699

creationtimestamp| type| source ---|---|--- 2026-01-30 10:35:46+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mdn46m5yul23 2026-01-30 11:54:50+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mdnalys3sa2i...

CVE-2026-22277

creationtimestamp| type| source ---|---|--- 2026-01-30 09:10:35+00:00| seen| https://infosec.exchange/users/vuldb/statuses/115983268882462022 2026-01-30 09:24:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mdmy7l4uug2c 2026-01-30 10:00:32+00:00| seen|...

ICA Foreign Threats to the 2020 US Federal Elections

This is the originally publicly disclosed government document titled Foreign Threats to the 2020 US Federal Elections. This document is a declassified version of a classified report. The analytic judgments outlined here are identical to those in the classified version, but this declassified...

CVE-2025-7713

creationtimestamp| type| source ---|---|--- 2026-01-29 16:00:31+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mdl5uf2wi72x 2026-01-29 17:29:54+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mdlcu7xdtu2n...

GHSA-2CP6-34R9-54XX Maker.js has Unsafe Property Copying in makerjs.extendObject

Summary The makerjs.extendObject function copies properties from source objects without proper validation, potentially exposing applications to security risks. The function lacks hasOwnProperty checks and does not filter dangerous keys, allowing inherited properties and potentially malicious...

CVE-2025-7016

creationtimestamp| type| source ---|---|--- 2026-01-29 12:23:03+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mdkrpj5dd52m 2026-01-29 13:34:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mdkvptnrs72g...

AZL-75698 CVE-2025-68119 affecting package golang for versions less than 1.24.12-1

Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g., custom domains can cause unexpected code execution due to how external VCS commands are constructed. This iss...

CVE-2025-68119

Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g., custom domains can cause unexpected code execution due to how external VCS commands are constructed. This iss...

AZL-75639 CVE-2025-68119 affecting package msft-golang for versions less than 1.24.12-1

Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g., custom domains can cause unexpected code execution due to how external VCS commands are constructed. This iss...

CVE-2025-57792

creationtimestamp| type| source ---|---|--- 2026-01-28 19:48:04+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mdj24exqzj2x 2026-01-28 19:56:21+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mdj2l6ujb72t...

EUVD-2025-206446

Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g., custom domains can cause unexpected code execution due to how external VCS commands are constructed. This iss...

CVE-2025-68119

Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g., custom domains can cause unexpected code execution due to how external VCS commands are constructed. This iss...

CVE-2025-68030

creationtimestamp| type| source ---|---|--- 2026-01-28 19:28:37+00:00| seen| Telegram/BteO5ttxmfdgIt4GAr6cRkWYwhZ7KE0e2fYBtMKgsN-sPs 2026-01-28 19:28:51+00:00| seen| Telegram/OoNBUBQQ6ycOaC7P7rGpkD618nTDPQeAS9RoVEBzcO4CDw...

CVE-2025-57793

creationtimestamp| type| source ---|---|--- 2026-01-28 19:21:42+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mdiyn7p42h26 2026-01-28 19:48:12+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mdj24mba3u23...