PT-2025-49637

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the EROFS implementation where hooked chains can create loops on deduplicated compressed images. This can occur when two chains link to each other...

urllib3 allows an unbounded number of links in the decompression chain

Impact urllib3 supports chained HTTP encoding algorithms for response content according to RFC 9110 e.g., Content-Encoding: gzip, zstd. However, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps...

CVE-2025-66418 urllib3 allows an unbounded number of links in the decompression chain

urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory...

OESA-2025-2780 golang security update

. Security Fixes: Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.CVE-2025-58187 The processing time for parsing some...

OESA-2025-2750 golang security update

. Security Fixes: Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.CVE-2025-58187 The processing time for parsing some...

Cross-LLM Generalization of Behavioral Backdoor Detection in AI Agent Supply Chains

As AI agents become integral to enterprise workflows, their reliance on shared tool libraries and pre-trained components creates significant supply chain vulnerabilities. While previous work has demonstrated behavioral backdoor detection within individual LLM architectures, the critical question ...

ysoserial

ysoserial !GitHub releasehttps://img.shields.io/github/do...

CVE-2025-13035 Code Snippets <= 3.9.1 - Authenticated (Contributor+) PHP Code Injection via extract() and PHP Filter Chains

The Code Snippets plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 3.9.1. This is due to the plugin's use of extract on attacker-controlled shortcode attributes within the evaluateshortcodefromflatfile method, which can be used to overwrite the...

WordPress Code Snippets plugin <= 3.9.1 - Authenticated (Contributor+) PHP Code Injection via extract() and PHP Filter Chains vulnerability

Authenticated Contributor+ PHP Code Injection via extract and PHP Filter Chains vulnerability discovered by mikemyers in WordPress Plugin Code Snippets versions = 3.9.1...

cve-exploit-chain-analyzer

🔐 CVE Exploit Chain Analyzer Automated vulnerability scanner...

Siemens SIMATIC S7-1500 Allocation of Resources Without Limits or Throttling (CVE-2023-23916)

An allocation of resources without limits or throttling vulnerability exists in curl v7.88.0 based on the chained HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable links in this...

Malicious code in close-sapphire-bee (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dbbe72a172ae6bf06d7def88d6187e24e9f75de9bb4076b297926991c3e37f84 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Amazon Linux 2023 : runfinch-finch (ALAS2023-2025-1270)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1270 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL...

CVE-2025-58187

Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains. Mitigation Mitigation for this issue is either not available or the...

CVE-2025-58188

Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains. Mitigation Mitigation for this issue is either not available or the...

BIT-GOLANG-2025-58187 Quadratic complexity when checking name constraints in crypto/x509

Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains...

EUVD-2025-36738

Due to the design of the name constraint checking algorithm, the processing time of some inputs scals non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains...

EUVD-2025-36732

Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains...

CVE-2025-58187

Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains...

CVE-2025-58188

Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains...