Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion

A Helm contributor discovered that it was possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory OOM termination. Impact A malicious chart can point $ref in values.schema.json to a device e.g. /dev/ or other problem file which...

GHSA-9H84-QMV7-982P Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion

A Helm contributor discovered that it was possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory OOM termination. Impact A malicious chart can point $ref in values.schema.json to a device e.g. /dev/ or other problem file which...

CVE-2025-55199 Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion

Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, it is possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory OOM termination. This issue has been resolved in Helm 3.18.5. A workaround involves...

DEBIAN-CVE-2025-55005

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, when preparing to transform from Log to sRGB colorspaces, the logmap construction fails to handle cases where the reference-black or reference-white value is larger than 1024...

CVE-2025-52386

CycloneDX Sunshine v0.9 is vulnerable to CSV Formula Injection via a crafted JSON file...

CVE-2025-55005 ImageMagick: heap-buffer overflow in log colorspace handling

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, when preparing to transform from Log to sRGB colorspaces, the logmap construction fails to handle cases where the reference-black or reference-white value is larger than 1024...

CVE-2025-55005

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, when preparing to transform from Log to sRGB colorspaces, the logmap construction fails to handle cases where the reference-black or reference-white value is larger than 1024...

ImageMagick 安全漏洞

ImageMagick is ImageMagick open source suite of open source image processing software that can read, convert or write images in a variety of formats. ImageMagick suffers from a buffer overflow vulnerability that originates from not handling reference values greater than 1024 during Log to sRGB...

CVE-2025-52386

CycloneDX Sunshine v0.9 is vulnerable to CSV Formula Injection via a crafted JSON file...

PT-2025-33103 · Helm · Helm

Name of the Vulnerable Software and Affected Versions: Helm versions prior to 3.18.5 Description: Helm is a package manager for Charts for Kubernetes. An improper validation of type error when parsing Chart.yaml and index.yaml files can lead to a panic. This issue impacts YAML validation where a...

PT-2025-33104

Name of the Vulnerable Software and Affected Versions: Helm versions prior to 3.18.5 Description: Helm, a package manager for Kubernetes Charts, is susceptible to a denial-of-service issue. A crafted JSON Schema file can cause Helm to exhaust available memory, leading to an out-of-memory OOM...

mod_security: ModSecurity Denial of Service Vulnerability

A denial of service flaw was found in ModSecurity. This vulnerability is present in the sanitiseArg/sanitizeArg function can be overloaded with a large number of arguments which will lead to excessive memory usage when processing json values. This may lead to a denial of service in the affected w...

CVE-2025-8808

A vulnerability was found in xujeff tianti 天梯 up to 2.3. It has been rated as problematic. This issue affects the function exportOrder of the file /tianti-module-admin/user/ajax/save of the component com.jeff.tianti.controller. The manipulation leads to csv injection. The attack may be initiated...

CVE-2025-8767

The AnWP Football Leagues plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 0.16.17 via the 'downloadcsvplayers' and 'downloadcsvgames' functions. This makes it possible for authenticated attackers, with Administrator-level access and above, to embed...

CVE-2025-8767 AnWP Football Leagues <= 0.16.17 - Authenticated (Administrator+) CSV Injection

The AnWP Football Leagues plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 0.16.17 via the 'downloadcsvplayers' and 'downloadcsvgames' functions. This makes it possible for authenticated attackers, with Administrator-level access and above, to embed...

CVE-2025-8767

The CVE-2025-8767 entry concerns the WordPress plugin AnWP Football Leagues. Affected versions are up to and including 0.16.17, with CSV injection in the functions download_csv_players and download_csv_games. Exploitation requires authenticated access at Administrator level or higher. An attacker...

WordPress plugin AnWP Football Leagues 安全漏洞

WordPress AnWP Football Leagues plugin is designed for WordPress website soccer tournament management plugin, support a variety of tournament modes such as knockout, round-robin, etc., including player data management, scheduling, match results statistics and other features. A code execution...

PT-2025-32633 · WordPress · Anwp Football Leagues

Name of the Vulnerable Software and Affected Versions: AnWP Football Leagues plugin for WordPress versions up to and including 0.16.17 Description: The AnWP Football Leagues plugin for WordPress is susceptible to CSV injection through the download csv players and download csv games functions...

WordPress AnWP Football Leagues plugin <= 0.16.17 - Authenticated (Administrator+) CSV Injection vulnerability

Authenticated Administrator+ CSV Injection vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin AnWP Football Leagues versions = 0.16.17...

Linux Distros Unpatched Vulnerability : CVE-2020-27194

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the Linux kernel before 5.8.15. scalar32minmaxor in kernel/bpf/verifier.c mishandles bounds tracking during use of 64-bit values, aka...