CVE-2025-12915 70mai X200 Init Script file inclusion

A vulnerability was found in 70mai X200 up to 20251019. This issue affects some unknown processing of the component Init Script Handler. The manipulation results in file inclusion. The attack requires a local approach. A high complexity level is associated with this attack. The exploitability is...

CVE-2025-12854

A vulnerability was identified in newbee-mall-plus up to 2.4.1. This vulnerability affects the function executeSeckill of the file /seckillExecution/. The manipulation of the argument userid leads to authorization bypass. It is possible to initiate the attack remotely. The attack is considered to...

CVE-2025-12854

A vulnerability was identified in newbee-mall-plus up to 2.4.1. This vulnerability affects the function executeSeckill of the file /seckillExecution/. The manipulation of the argument userid leads to authorization bypass. It is possible to initiate the attack remotely. The attack is considered to...

EUVD-2025-38252

A vulnerability was identified in newbee-mall-plus up to 2.4.1. This vulnerability affects the function executeSeckill of the file /seckillExecution/. The manipulation of the argument userid leads to authorization bypass. It is possible to initiate the attack remotely. The attack is considered to...

BIT-GOLANG-2025-61723 Quadratic complexity when parsing some invalid inputs in encoding/pem

The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs...

BIT-GOLANG-2025-58187 Quadratic complexity when checking name constraints in crypto/x509

Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains...

Quadratic complexity in os.path.expandvars() with user-controlled template

...

EUVD-2025-37470

A security vulnerability has been detected in PHPGurukul News Portal 1.0. The affected element is an unknown function of the file /onps/settings.py. Such manipulation of the argument SECRETKEY leads to use of hard-coded cryptographic key . The attack may be performed from remote. The attack...

CVE-2025-12616

A vulnerability was detected in PHPGurukul News Portal 1.0. The impacted element is an unknown function of the file /onps/settings.py. Performing a manipulation results in insertion of sensitive information into debugging code. It is possible to initiate the attack remotely. The attack's complexi...

CVE-2025-12616

A vulnerability was detected in PHPGurukul News Portal 1.0. The impacted element is an unknown function of the file /onps/settings.py. Performing a manipulation results in insertion of sensitive information into debugging code. It is possible to initiate the attack remotely. The attack's complexi...

CVE-2025-12616 PHPGurukul News Portal settings.py insertion of sensitive information into debugging code

A vulnerability was detected in PHPGurukul News Portal 1.0. The impacted element is an unknown function of the file /onps/settings.py. Performing a manipulation results in insertion of sensitive information into debugging code. It is possible to initiate the attack remotely. The attack's complexi...

EUVD-2025-37472

A vulnerability was detected in PHPGurukul News Portal 1.0. The impacted element is an unknown function of the file /onps/settings.py. Performing manipulation results in insertion of sensitive information into debugging code. It is possible to initiate the attack remotely. The attack's complexity...

CVE-2025-12616 PHPGurukul News Portal settings.py insertion of sensitive information into debugging code

A vulnerability was detected in PHPGurukul News Portal 1.0. The impacted element is an unknown function of the file /onps/settings.py. Performing a manipulation results in insertion of sensitive information into debugging code. It is possible to initiate the attack remotely. The attack's complexi...

CVE-2025-6075

CVE-2025-6075 affects Python’s os.path.expandvars() with user-controlled input, causing potential performance degradation during environment variable expansion. Connected advisories confirm this affects multiple Python versions and distributions, with patches available: Debian LTS DLA-4445-1 (pyt...

Quadratic complexity when parsing some invalid inputs in encoding/pem

...

GO-2025-4033 Apache Traffic Control has an Inefficient Regular Expression Complexity vulnerability in github.com/apache/trafficcontrol

Apache Traffic Control has an Inefficient Regular Expression Complexity vulnerability in github.com/apache/trafficcontrol...

CVE-2025-61723

CVE-2025-61723 describes a PEM parsing performance issue where processing time for some invalid inputs scales non-linearly with input size. The connected advisory for F5 products confirms this PEM parsing quadratic complexity and notes impact on disk encryption and telemetry exporter configuratio...

CVE-2025-61723 Quadratic complexity when parsing some invalid inputs in encoding/pem

The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs...

CVE-2025-61723

The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs...

CVE-2025-58187 Quadratic complexity when checking name constraints in crypto/x509

Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains...