CPython 安全漏洞

CPython is a Python interpreter implemented in C from the Python Foundation. A security vulnerability exists in CPython that stems from an algorithmic complexity issue when constructing nested elements, which could lead to a usability impact when constructing excessively nested documents...

CVE-2025-13877 nocobase JWT Service jwt-service.ts hard-coded key

A vulnerability was detected in nocobase up to 1.9.4/2.0.0-alpha.37. The affected element is an unknown function of the file nocobase\packages\core\auth\src\base\jwt-service.ts of the component JWT Service. The manipulation of the argument APIKEY results in use of hard-coded cryptographic key . T...

CVE-2025-13813

A vulnerability was identified in moxi159753 Mogu Blog v2 up to 5.2. This issue affects some unknown processing of the file /storage/ of the component Storage Management Endpoint. The manipulation leads to missing authorization. The attack can be initiated remotely. The attack's complexity is rat...

PT-2025-48710

Name of the Vulnerable Software and Affected Versions nocobase versions 1.9.4 and 2.0.0-alpha.37 Description A security issue exists in nocobase that allows for remote attacks with high complexity and difficult exploitability. The issue involves the manipulation of the API KEY argument within an...

CVE-2025-13813

A vulnerability was identified in moxi159753 Mogu Blog v2 up to 5.2. This issue affects some unknown processing of the file /storage/ of the component Storage Management Endpoint. The manipulation leads to missing authorization. The attack can be initiated remotely. The attack's complexity is rat...

CVE-2025-13813

A vulnerability was identified in moxi159753 Mogu Blog v2 up to 5.2. This issue affects some unknown processing of the file /storage/ of the component Storage Management Endpoint. The manipulation leads to missing authorization. The attack can be initiated remotely. The attack's complexity is rat...

CVE-2025-13813 moxi159753 Mogu Blog v2 Storage Management Endpoint storage authorization

A vulnerability was identified in moxi159753 Mogu Blog v2 up to 5.2. This issue affects some unknown processing of the file /storage/ of the component Storage Management Endpoint. The manipulation leads to missing authorization. The attack can be initiated remotely. The attack's complexity is rat...

CVE-2025-13813

CVE-2025-13813 affects the moxi159753 Mogu Blog v2 family up to version 5.2. The issue resides in the Storage Management Endpoint’s handling of the file "/storage/", where missing authorization allows remote exploitation. Documented impact includes unauthorized access with high attack complexity ...

GHSA-FGMJ-6H3V-4Q56 NutzBoot vulnerable to deserialization

A weakness has been identified in nutzam NutzBoot up to 2.6.0-SNAPSHOT. This affects the function getInputStream of the file nutzcloud/nutzcloud-literpc/src/main/java/org/nutz/boot/starter/literpc/impl/endpoint/http/HttpServletRpcEndpoint.java of the component LiteRpc-Serializer. Executing...

CVE-2025-13805

A weakness has been identified in nutzam NutzBoot up to 2.6.0-SNAPSHOT. This affects the function getInputStream of the file nutzcloud/nutzcloud-literpc/src/main/java/org/nutz/boot/starter/literpc/impl/endpoint/http/HttpServletRpcEndpoint.java of the component LiteRpc-Serializer. Executing a...

CVE-2025-13805 nutzam NutzBoot LiteRpc-Serializer HttpServletRpcEndpoint.java getInputStream deserialization

A weakness has been identified in nutzam NutzBoot up to 2.6.0-SNAPSHOT. This affects the function getInputStream of the file nutzcloud/nutzcloud-literpc/src/main/java/org/nutz/boot/starter/literpc/impl/endpoint/http/HttpServletRpcEndpoint.java of the component LiteRpc-Serializer. Executing a...

Elevate Your Cloud Security Strategy

Learn to elevate your cloud security strategy & overcome complexity with Vision One™...

PT-2025-48982

Name of the Vulnerable Software and Affected Versions xml.dom.minidom affected versions not specified Description The software experiences a performance issue when constructing deeply nested XML documents using methods like appendChild. This is due to a quadratic algorithm within the clear id cac...

EUVD-2025-199909

A vulnerability was determined in motogadget mo.lock Ignition Lock up to 20251125. Affected by this vulnerability is an unknown functionality of the component NFC Handler. Executing manipulation can lead to use of hard-coded cryptographic key . The physical device can be targeted for the attack. ...

CVE-2025-6666

A vulnerability was determined in motogadget mo.lock Ignition Lock up to 20251125. Affected by this vulnerability is an unknown functionality of the component NFC Handler. Executing manipulation can lead to use of hard-coded cryptographic key . The physical device can be targeted for the attack. ...

SUSE-SU-2025:4297-1 Security update for python311

This update for python311 fixes the following issues: Update to 3.11.14: - CVE-2025-6075: Fixed simple quadratic complexity vulnerabilities of os.path.expandvars bsc1252974 - CVE-2025-8291: Fixed validity of the ZIP64 End of Central Directory EOCD not checked by the 'zipfile' module bsc1251305...

Inefficient Algorithmic Complexity

Overview Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity through the processing of a specially crafted file of approximately 2 MiB in size. An attacker can cause significant delays in processing by submitting such a file. Remediation There is no fixed versio...

openSUSE Security Advisory (SUSE-SU-2025:4258-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for gitea-tea (moderate)

openSUSE Security Update: Security update for gitea-tea Announcement ID: openSUSE-SU-2025:0443-1 Rating: moderate References: 1251471 1251663 Cross-References: CVE-2025-47911 CVE-2025-58190 CVSS scores: CVE-2025-47911 SUSE: 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N...

SUSE-SU-2025:4221-1 Security update for python39

This update for python39 fixes the following issues: Updated to 3.9.24: - CVE-2025-6075: Fixed simple quadratic complexity vulnerabilities of os.path.expandvars bsc1252974 - CVE-2025-8291: Fixed validity of the ZIP64 End of Central Directory EOCD not checked by the 'zipfile' module bsc1251305...