CVE-2026-33332

NiceGUI is a Python-based UI framework. Prior to version 3.9.0, NiceGUI's app.addmediafile and app.addmediafiles media routes accept a user-controlled query parameter that influences how files are read during streaming. The parameter is passed to the range-response implementation without...

PT-2025-5884 · Mindskip · Mindskip Xzs-Mysql 学之思开源考试系统

Name of the Vulnerable Software and Affected Versions: Mindskip xzs-mysql 学之思开源考试系统 version 3.9.0 Description: A problematic issue was found in the CORS Handler component, leading to a permissive cross-domain policy with untrusted domains. The attack can be launched remotely, but the complexity i...

Man Group D-Tale Code Issue Vulnerability

Man Group D-Tale is a pandas data structure visualization tool from Man Group. A code issue vulnerability exists in Man Group D-Tale versions prior to 3.9.0. An attacker could exploit the vulnerability to gain access to files on the server...

GHSA-4VVM-4W3V-6MR8 pypdf and PyPDF2 possible Infinite Loop when a comment isn't followed by a character

Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop if parsecontentstream is executed. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case if the...