PYSEC-2025-235

XGrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to 0.1.18, Xgrammar includes a cache for compiled grammars to increase performance with repeated use of the same grammar. This cache is held in memory. Since the cache is unbounded, a system maki...

PYSEC-2025-235

XGrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to 0.1.18, Xgrammar includes a cache for compiled grammars to increase performance with repeated use of the same grammar. This cache is held in memory. Since the cache is unbounded, a system maki...

GHSA-389X-67PX-MJG3 xgrammar Vulnerable to Denial of Service (DoS) by abusing unbounded cache in memory

Summary Xgrammar includes a cache for compiled grammars to increase performance with repeated use of the same grammar. This cache is held in memory. Since the cache is unbounded, a system making use of xgrammar can be abused to fill up a host's memory and case a denial of service. For example,...

FreeBSD : Mozilla -- stack memory read (2fc74cae-13c8-11f0-a5bd-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 2fc74cae-13c8-11f0-a5bd-b42e991fc52e advisory. [email protected] reports: An attacker could read 32 bits of values spilled onto the stack in a JIT...

CVE-2025-3031 JIT optimization bug with different stack slot sizes

An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function. This vulnerability was fixed in Firefox 137 and Thunderbird 137...

CVE-2025-3031

An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function. This vulnerability was fixed in Firefox 137 and Thunderbird 137...

[SECURITY] Fedora 42 Update: InsightToolkit-4.13.3-26.fc42

ITK is an open-source software toolkit for performing registration and segmentation. Segmentation is the process of identifying and classifying data found in a digitally sampled representation. Typically the sampled representation is an image acquired from such medical instrumentation as CT or MR...

PT-2025-6214 · Esbuild · Esbuild

Name of the Vulnerable Software and Affected Versions: esbuild affected versions not specified Description: The issue allows any website to send requests to the development server and read the response due to default CORS settings. This is because esbuild sets the Access-Control-Allow-Origin:...

Security update for python311

This update for python311 fixes the following issues: CVE-2024-9287: Fixed quoted path names provided when creating a virtual environment bsc1232241. Bug fixes: Drop .pyc files from docdir for reproducible builds bsc1230906. Patch Instructions: To install this SUSE update use the SUSE recommended...

Security update for python3

This update for python3 fixes the following issues: CVE-2024-9287: Fixed quoted path names provided when creating a virtual environment bsc1232241. Bug fixes: Drop .pyc files from docdir for reproducible builds bsc1230906. Patch Instructions: To install this SUSE update use the SUSE recommended...

Security update for python3

This update for python3 fixes the following issues: Security fixes: CVE-2024-9287: properly quote path names provided when creating a virtual environment bsc1232241 Other fixes: Drop .pyc files from docdir for reproducible builds bsc1230906 Patch Instructions: To install this SUSE update use the...

Credentials Exposure

github.com/grafana/grafana-plugin-sdk-go is vulnerable to Credentials Exposure. The vulnerability is due to the inclusion of the full repository URI, including credentials, in the metadata bundled within the compiled binaries during the build process, which allows an attacker to gain unauthorized...

Malicious code in browser-cookies1 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5cabd14fc21e5314fd1778bac4e49f0cb8a145e773e147666070d85aa60e422c Package contains a compiled infostealer that is started instead of promised functionality --- Category: MALICIOUS - The campaign has clearly malicious intent,...

编号撤回

Google Golang is a static strongly typed, compiled language from Google.Go's syntax is close to that of C, but differs with respect to variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Process CSP.Other languages that adopt a...

CVE-2024-37763

MachForm up to version 19 is affected by an unauthenticated stored cross-site scripting which affects users with valid sessions whom can view compiled forms results...

CVE-2024-37763

MachForm up to version 19 is affected by an unauthenticated stored cross-site scripting which affects users with valid sessions whom can view compiled forms results...

CVE-2024-37763

MachForm up to version 19 is affected by an unauthenticated stored cross-site scripting which affects users with valid sessions whom can view compiled forms results...

CVE-2024-37763

MachForm up to version 19 is affected by an unauthenticated stored cross-site scripting vulnerability that can impact users with valid sessions who view compiled forms results. The issue is documented across multiple sources (NVD/Red Hat/CVE listings and third-party advisories) with no public exp...

RHEL 7 : firefox (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - firefox: Possible integer overflow to fix inside XMLParse in Expat CVE-2016-9063 - firefox: arbitrary cod...

The vulnerability of the CompiledRule::validateExpression method (/api/v1/policies/validation/condition/) of the OpenMetadata metadata management platform allows a violator to execute arbitrary code.

The vulnerability of the ‎CompiledRule::validateExpression /api/v1/policies/validation/condition/ method of the OpenMetadata platform is related to improper code generation management. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...