DEBIAN-CVE-2026-31072

The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...

cbor2 has a Denial of Service via Uncontrolled Recursion in cbor2.loads

Summary - The cbor2 library is vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion when decoding deeply nested CBOR structures. - This vulnerability affects both the pure Python implementation and the C extension cbor2. The C extension correctly uses Python's C-API for...

GHSA-3C37-WWVX-H642 cbor2 has a Denial of Service via Uncontrolled Recursion in cbor2.loads

Summary - The cbor2 library is vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion when decoding deeply nested CBOR structures. - This vulnerability affects both the pure Python implementation and the C extension cbor2. The C extension correctly uses Python's C-API for...

AZL-73325 CVE-2025-68131 affecting package python-cbor2 5.6.5-2

cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag 28 persist in memory an...

DEBIAN-CVE-2025-64076

Multiple vulnerabilities exist in cbor2 through version 5.7.0 in the decodedefinitelongstring function of the C extension decoder source/decoder.c: 1 Integer Underflow Leading to Out-of-Bounds Read CWE-191, CWE-125: An incorrect variable reference and missing state reset in the chunk processing...

EUVD-2025-20491

Malicious code in bioql PyPI...

CVE-2025-21432

Memory corruption while retrieving the CBOR data from TA...

CVE-2025-21432

Memory corruption while retrieving the CBOR data from TA...

CVE-2025-21432 Double Free in SPS-HLOS

Memory corruption while retrieving the CBOR data from TA...

CVE-2025-21432 Double Free in SPS-HLOS

Memory corruption while retrieving the CBOR data from TA...

CVE-2025-21432

CVE-2025-21432 concerns memory corruption while retrieving CBOR data from TA in Qualcomm closed‑source components. The CVSS 3.1 vector indicates LOCAL access with LOW privileges and LOW attack complexity, but HIGH impact across confidentiality, integrity, and availability, yielding a base score o...

PT-2025-28433 · Qualcomm · Snapdragon +214

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: Memory corruption occurs while retrieving the CBOR data from TA. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability...

Denial Of Service (DOS)

PeterO.Cbor is vulnerable to Denial Of Service. The vulnerability is due to use of less efficient data structures like regular a Dictionary that are not optimized for performance. An attacker can exploit this inefficiency by decoding specially crafted CBOR data which can potentially lead to Denia...