SUSE SLES16 Security Update : python-jwcrypto (SUSE-SU-2026:21425-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:21425-1 advisory. - CVE-2026-39373: weak mitigation for JWT bomb attack in the deserialize function can lead to memory exhaustion via crafted compressed JWE...

GuardDog 安全漏洞

GuardDog is a CLI tool from GuardDog Open Source that allows identifying malicious PyPI packages. A security vulnerability exists in GuardDog versions prior to 2.7.1, which stems from the safeextract function not validating the unzipped file size, which could lead to a denial-of-service attack vi...

EUVD-2010-0236

Malware in sbrugna...

EUVD-2016-6342

Malware in sbrugna...

EUVD-2017-15218

Malware in sbrugna...

EUVD-2025-7112

Malicious code in bioql PyPI...

EUVD-2021-7882

Malicious code in bioql PyPI...

CVE-2025-58057

CVE-2025-58057 is a Netty vulnerability where, in affected releases of netty-codec-compression (≤ 4.1.124.Final) and netty-codec (≤ 4.2.4.Final), specially crafted input can cause BrotliDecoder and related decoders to allocate a large number of reachable byte buffers, leading to denial of service...

CVE-2025-46730 Mobile Security Framework (MobSF) Allows Web Server Resource Exhaustion via ZIP of Death Attack

MobSF is a mobile application security testing tool used. Typically, MobSF is deployed on centralized internal or cloud-based servers that also host other security tools and web applications. Access to the MobSF web interface is often granted to internal security teams, audit teams, and external...

GHSA-7XMC-VHJP-QV5Q Gradio Vulnerable to Denial of Service (DoS) via Crafted Zip Bomb

A vulnerability in the dataframe component of gradio-app/gradio version git 98cbcae allows for a zip bomb attack. The component uses pd.readcsv to process input values, which can accept compressed files. An attacker can exploit this by uploading a maliciously crafted zip bomb, leading to a server...

Gradio Vulnerable to Denial of Service (DoS) via Crafted Zip Bomb

A vulnerability in the dataframe component of gradio-app/gradio version git 98cbcae allows for a zip bomb attack. The component uses pd.readcsv to process input values, which can accept compressed files. An attacker can exploit this by uploading a maliciously crafted zip bomb, leading to a server...

CVE-2024-10569

A vulnerability in the dataframe component of gradio-app/gradio version git 98cbcae allows for a zip bomb attack. The component uses pd.readcsv to process input values, which can accept compressed files. An attacker can exploit this by uploading a maliciously crafted zip bomb, leading to a server...

Mattermost Denial of Service Vulnerability (CNVD-2025-12636)

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a denial of service vulnerability that stems from a failure to limit the file size of slack import file uploads. An attacker could exploit this vulnerability to import data to...

python: The zipfile module is vulnerable to zip-bombs leading to denial of service

A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed...

CVE-2024-28102 JWCrypto vulnerable to JWT bomb Attack in `deserialize` function

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and...

CVE-2024-28102 JWCrypto vulnerable to JWT bomb Attack in `deserialize` function

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and...

JWCrypto vulnerable to JWT bomb Attack in `deserialize` function

Affected version Vendor: https://github.com/latchset/jwcrypto Version: 1.5.5 Description An attacker can cause a DoS attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this Token, it will consume a lot of memory and processing time. Poc python from...

GHSA-J857-7RVV-VJ97 JWCrypto vulnerable to JWT bomb Attack in `deserialize` function

Affected version Vendor: https://github.com/latchset/jwcrypto Version: 1.5.5 Description An attacker can cause a DoS attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this Token, it will consume a lot of memory and processing time. Poc python from...

Typecho Security Vulnerability

typecho is a PHP blogging platform for typecho individual developers. It is simple and powerful. Typecho v1.2.1 version of a security vulnerability , the vulnerability stems from the component / index.php / action / xmlrpc has a security hole . Attackers can use the vulnerability for XML secondar...

Fides Webserver Vulnerable to Zip Bomb File Uploads

Impact The Fides webserver is vulnerable to a type of Denial of Service DoS attack. Attackers can exploit a weakness in the connector template upload feature to upload a malicious zip bomb file, resulting in resource exhaustion and service unavailability for all users of the Fides webserver. This...