Lucene search
K

259 matches found

Tenable Nessus
Tenable Nessus
added 2025/12/11 12:0 a.m.5 views

Fedora 43 : brotli / perl-Alien-Brotli / python-urllib3 (2025-d93200cf16)

The remote Fedora 43 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2025-d93200cf16 advisory. Update brotli to 1.2.0 and python-urllib3 to 2.6.1. In python-urllib3: - Fixed a security issue where streaming API could improperly handle highly...

8.9CVSS7.3AI score0.00633EPSS
Exploits0References4
Wired Threat Level
Wired Threat Level
added 2025/12/04 7:42 p.m.2 views

FBI Says DC Pipe Bomb Suspect Brian Cole Kept Buying Bomb Parts After January 6

The 30-year-old Virginia resident evaded capture for years after authorities discovered pipe bombs planted near buildings in Washington, DC, the day before the January 6, 2021, Capitol attack...

7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/12/04 12:11 a.m.14 views

CVE-2025-63914

An issue was discovered in Cinnamon kotaemon 0.11.0. The mayextractzip function in the \libs\ktem\ktem\index\file\ui.py file does not check the contents of uploaded ZIP files. Although the contents are extracted into a temporary folder that is cleared before each extraction, successfully uploadin...

6.5CVSS6.9AI score0.00312EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2025/11/20 9:56 p.m.31 views

CVE-2025-64508

Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.5, brotli "bombs" highly compressed brotli streams, such as many zeros can be sent to the server. Since the server will attempt to decompress these streams before applying various maximums, this can lead to exhaustion of the...

7.5CVSS6.8AI score0.00457EPSS
Exploits0References1
OSV
OSV
added 2025/11/14 12:38 p.m.4 views

OESA-2025-2669 brotli security update

Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It...

7.5CVSS6.5AI score0.00509EPSS
Exploits0References2
NVD
NVD
added 2025/11/10 10:15 p.m.5 views

CVE-2025-64508

Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.5, brotli "bombs" highly compressed brotli streams, such as many zeros can be sent to the server. Since the server will attempt to decompress these streams before applying various maximums, this can lead to exhaustion of the...

7.5CVSS0.00457EPSS
Exploits0References8
CVE
CVE
added 2025/11/10 9:44 p.m.16 views

CVE-2025-64508

CVE-2025-64508 affects Bugsink, a self-hosted error-tracking tool. In versions prior to 2.0.5, specially crafted Brotli streams (brotli bombs) can cause memory exhaustion when the server decompresses input before applying limits, enabling a Denial of Service if the DSN is known. The issue is expl...

7.5CVSS6.4AI score0.00457EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2025/11/01 4:2 a.m.9 views

SUSE CVE-2025-6176

Scrapy versions up to 2.13.2 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of...

7.5CVSS6.7AI score0.00509EPSS
Exploits0References7
Snyk
Snyk
added 2025/10/31 12:43 a.m.2 views

Allocation of Resources Without Limits or Throttling

Overview brotli is a Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose...

8.7CVSS7.5AI score0.00509EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/31 12:43 a.m.3 views

Allocation of Resources Without Limits or Throttling

Overview Scrapy is a high-level web crawling and web scraping framework, used to crawl websites and extract structured data from their pages. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to insufficient protection against decompressi...

8.7CVSS7.6AI score0.00509EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-1999-0106

Malware in sbrugna...

2.1CVSS6.4AI score0.00359EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2004-1725

Malware in sbrugna...

5CVSS6.4AI score0.03201EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2024-35247

Malicious code in bioql PyPI...

4.3CVSS6.3AI score0.00494EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-0733

Malicious code in bioql PyPI...

6.5CVSS5.8AI score0.00454EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2023-0475

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0. CVE-2023-0475 Note that Nessus relies on the presence ...

6.5CVSS6.6AI score0.00454EPSS
Exploits0References3
OSV
OSV
added 2025/08/11 1:52 p.m.3 views

BIT-LIBPYTHON-2024-0450 Quoted zip-bomb protection for zipfile

An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...

6.2CVSS6.4AI score0.00333EPSS
Exploits0References19
NVD
NVD
added 2025/07/10 8:15 p.m.6 views

CVE-2025-53633

Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario i.e. a zip archive, the size of the decoded content is not checked, potentially leading to zip bombs decompression. Exploitation does not require authentication nor authorization, ...

9.8CVSS0.00461EPSS
Exploits0References3
CVE
CVE
added 2025/07/10 7:38 p.m.30 views

CVE-2025-53633

CVE-2025-53633 affects Chall-Manager. The vulnerability arises when decoding a scenario (zip archive): the decoded content size is not checked, allowing potential zip-bomb decompression. Exploitation does not require authentication or authorization. A patch was implemented in commit 14042aa and s...

9.8CVSS6.6AI score0.00461EPSS
Exploits0References3Affected Software1
Wired Threat Level
Wired Threat Level
added 2025/06/22 9:41 p.m.4 views

What Satellite Images Reveal About the US Bombing of Iran's Nuclear Sites

The US concentrated its attack on Fordow, an enrichment plant built hundreds of feet underground. Aerial photos give important clues about what damage the “bunker-buster” bombs may have caused...

7.3AI score
Exploits0
CNNVD
CNNVD
added 2025/04/15 12:0 a.m.4 views

PeerTube 安全漏洞

PeerTube is a decentralized video sharing service platform open-sourced by Chocobozzz. It is used to create video projects. PeerTube suffers from a security vulnerability that stems from improper handling of Zip bombs, which can lead to running out of disk space...

6.5CVSS6.5AI score0.00491EPSS
Exploits1References2
Rows per page
Query Builder