940 matches found
Exploit for Incorrect Calculation in Google Android
CVE-2020-0022 Many thanks to Insinuator for their amazing blo...
urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion
A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain...
urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion
A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain...
Case study: Securing AI application supply chains
The rapid adoption of AI applications, including agents, orchestrators, and autonomous workflows, represents a significant shift in how software systems are built and operated. Unlike traditional applications, these systems are active participants in execution. They make decisions, invoke tools,...
SUSE CVE-2025-68160
Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading ...
urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion
A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain...
CVE-2025-55095
The function uxhostclassstoragemediamount is responsible for mounting partitions on a USB mass storage device. When it encounters an extended partition entry in the partition table, it recursively calls itself to mount the next logical partition. This recursion occurs in...
Malicious code in chai-chains-async (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f4f83118d80cc6575c1c629c8591ed8a6a7a34ea03591cb737cdfb6ac45f0738 The package chai-chains-async was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview chai-chains-async is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2026-586 Malicious code in chai-chains-async (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f4f83118d80cc6575c1c629c8591ed8a6a7a34ea03591cb737cdfb6ac45f0738 The package chai-chains-async was found to contain malicious code. Source: ghsa-malware...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the context variable evaluation process. An attacker with policy creation privileges can exhaust system memory and disrupt service availability with policies that exponentially...
CVE-2025-55095
The function uxhostclassstoragemediamount is responsible for mounting partitions on a USB mass storage device. When it encounters an extended partition entry in the partition table, it recursively calls itself to mount the next logical partition. This recursion occurs in...
PT-2026-4935
The function ux host class storage media mount is responsible for mounting partitions on a USB mass storage device. When it encounters an extended partition entry in the partition table, it recursively calls itself to mount the next logical partition. This recursion occurs in ux host class storag...
Cascaded Vulnerability Attacks in Software Supply Chains
Most of the current software security analysis tools assess vulnerabilities in isolation. However, sophisticated software supply chain security threats often stem from cascaded vulnerability and security weakness chains that span dependent components. Moreover, although the adoption of Software...
urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion
A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain...
urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion
A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain...
CVE-2026-24047
Backstage is an open framework for building developer portals, and @backstage/cli-common provides config loading functionality used by the backend and command line interface of Backstage. Prior to version 0.1.17, the resolveSafeChildPath utility function in @backstage/backend-plugin-api, which is...
CVE-2026-0992
A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to...
CVE-2026-0992 Libxml2: libxml2: denial of service via crafted xml catalogs
A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to...
CVE-2025-68771
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix kernel BUG in ocfs2findvictimchain syzbot reported a kernel BUG in ocfs2findvictimchain because the clnextfreerec field of the allocation chain list next free slot in the chain list is 0, triggring the...