BIT-PYTHON-MIN-2025-12084 Quadratic complexity in node ID cache clearing

When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can be impacted when building excessively nested documents...

BIT-PYTHON-2025-12084 Quadratic complexity in node ID cache clearing

When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can be impacted when building excessively nested documents...

PT-2026-34285

Name of the Vulnerable Software and Affected Versions CalJ versions prior to 1.6 Description The CalJ plugin for WordPress contains a missing authorization flaw. The CalJSettingsPage class constructor processes the 'save-obtained-key' operation from POST data without verifying if the user possess...

PT-2026-31069

Name of the Vulnerable Software and Affected Versions Product Feed PRO for WooCommerce by AdTribes versions 13.4.6 through 13.5.2.1 Description The Product Feed PRO for WooCommerce plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF due to missing or incorrect nonce validation...

PT-2026-20609

Name of the Vulnerable Software and Affected Versions Breeze - WordPress Cache Plugin versions through 2.2.21 Description The Breeze - WordPress Cache Plugin is affected by an issue allowing unauthorized cache clearing. The REST API endpoint /wp-json/breeze/v1/clear-all-cache is registered withou...

WordPress plugin Breeze - WordPress Cache Plugin 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CLSA-2026-1769509482 python3.9: Fix of CVE-2025-12084

CVE-2025-12084: fix denial-of-service by removing quadratic behavior in xml.dom.minidom node ID cache clearing when building deeply nested documents...

Security update for python311

This update for python311 fixes the following issues: CVE-2025-12084: prevent quadratic behavior in node ID cache clearing bsc1254997. CVE-2025-13836: prevent reading an HTTP response from a server, if no read amount is specified, with using Content-Length per default as the length bsc1254400...

SUSE-SU-2026:0299-1 Security update for python311

This update for python311 fixes the following issues: - CVE-2025-12084: prevent quadratic behavior in node ID cache clearing bsc1254997. - CVE-2025-13836: prevent reading an HTTP response from a server, if no read amount is specified, with using Content-Length per default as the length bsc1254400...

MGASA-2025-0324 Updated python3 packages fix security vulnerabilities

Excessive read buffering DoS in http.client. CVE-2025-13836 Out-of-memory when loading Plist. CVE-2025-13837 Quadratic complexity in node ID cache clearing. CVE-2025-12084...

Quadratic complexity in node ID cache clearing

...

CVE-2025-12084

CVE-2025-12084 affects Python’s xml.dom.minidom when building nested elements via methods like appendChild() that rely on _clear_id_cache(); the algorithm becomes quadratic, potentially impacting availability under heavily nested documents. Connected advisories confirm a patch exists across multi...

CVE-2025-12084 Quadratic complexity in node ID cache clearing

When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can be impacted when building excessively nested documents...

CVE-2025-64707 Frappe LMS revoking access did not show immediate effect as roles were cached

Frappe Learning is a learning system that helps users structure their content. Starting in version 2.0.0 and prior to version 2.41.0, when admins revoked a role from the user, the effect was not immediate because of caching. The issue has been fixed in version 2.41.0 by ensuring the cache is...

PT-2025-46769

Name of the Vulnerable Software and Affected Versions Frappe Learning versions 2.0.0 through 2.40.9 Description Frappe Learning is a learning system used to structure content. A flaw exists where changes to user roles made by administrators were not immediately reflected due to caching mechanisms...

CVE-2025-56799

Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism via a crafted folder name. NOTE: this is disputed by the Supplier because a crafted folder name would arise only if the local user were attacking himself...

CVE-2025-56799

Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism via a crafted folder name. NOTE: this is disputed by the Supplier because a crafted folder name would arise only if the local user were attacking himself...

CVE-2025-56799

Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism via a crafted folder name. NOTE: this is disputed by the Supplier because a crafted folder name would arise only if the local user were attacking himself...

CVE-2025-56799

CVE-2025-56799 affects the Reolink Desktop Application (v8.18.12). The issue is an OS command injection in the cache-clearing scheduler, where a shell command is assembled using a folder path read from a config file without proper sanitization. This can allow an attacker to inject arbitrary comma...

CVE-2025-56799

Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism via a crafted folder name. NOTE: this is disputed by the Supplier because a crafted folder name would arise only if the local user were attacking himself...