UBUNTU-CVE-2025-66019

pypdf is a free and open-source pure-python PDF library. Prior to version 6.4.0, an attacker who uses this vulnerability can craft a PDF which leads to a memory usage of up to 1 GB per stream. This requires parsing the content stream of a page using the LZWDecode filter. This issue has been patch...

CVE-2025-66019 pypdf manipulated LZWDecode streams can exhaust RAM

pypdf is a free and open-source pure-python PDF library. Prior to version 6.4.0, an attacker who uses this vulnerability can craft a PDF which leads to a memory usage of up to 1 GB per stream. This requires parsing the content stream of a page using the LZWDecode filter. This issue has been patch...

pypdf's LZWDecode streams be manipulated to exhaust RAM

Impact An attacker who uses this vulnerability can craft a PDF which leads to a memory usage of up to 1 GB per stream. This requires parsing the content stream of a page using the LZWDecode filter. This is a follow up to GHSA-jfx9-29x2-rv3j to align the default limit with the one for zlib. Patche...

Malicious code in url-encode-decode (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37ce07aaa237eff3cc95c7bb560f4096191d2d5328de45f176f3f8662ca7cd34 The package url-encode-decode was found to contain malicious code. Source: ghsa-malware...

MAL-2025-190940 Malicious code in url-encode-decode (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37ce07aaa237eff3cc95c7bb560f4096191d2d5328de45f176f3f8662ca7cd34 The package url-encode-decode was found to contain malicious code. Source: ghsa-malware...

123cli-guessing-game (=1.0.0), @slatwall/cra-template-ultra-commerce-storefront (>=0.2.0 <=0.3.3) +5 more potentially affected by unknown CVE via url-encode-decode (=1.0.0)

url-encode-decode NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on url-encode-decode and may be impacted: - 123cli-guessing-game =1.0.0 - @slatwall/cra-template-ultra-commerce-storefront =0.2.0, =0.6.0, =1.0.0, =1.0.1, =0.1.0, =0.3.2...

123cli-guessing-game (=1.0.0), @slatwall/cra-template-ultra-commerce-storefront (>=0.2.0 <=0.3.3) +5 more potentially affected by unknown CVE via url-encode-decode (=1.0.0)

url-encode-decode NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on url-encode-decode and may be impacted: - 123cli-guessing-game =1.0.0 - @slatwall/cra-template-ultra-commerce-storefront =0.2.0, =0.6.0, =1.0.0, =1.0.1, =0.1.0, =0.3.2...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues The following security issues were fixed: CVE-2022-50327: ACPI: processor: idle: Check acpifetchacpidev return value bsc1249859. CVE-2022-50334: hugetlbfs: fix null-ptr-deref in hugetlbfsparseparam bsc1249857...

SUSE-SU-2025:4149-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50327: ACPI: processor: idle: Check acpifetchacpidev return value bsc1249859. - CVE-2022-50334: hugetlbfs: fix null-ptr-deref in hugetlbfsparseparam bsc124985...

TencentOS Server 4: python3.12 (TSSA-2025:0530)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0530 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

CVE-2025-64765 Astro middleware authentication checks based on url.pathname can be bypassed via url encoded values

Astro is a web framework. Prior to version 5.15.8, a mismatch exists between how Astro normalizes request paths for routing/rendering and how the application’s middleware reads the path for validation checks. Astro internally applies decodeURI to determine which route to render, while the...

Mozilla Thunderbird < 52.1

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 52.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-13 advisory. - Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex...

SUSE-SU-2025:4111-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP4 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50327: ACPI: processor: idle: Check acpifetchacpidev return value bsc1249859. - CVE-2022-50334: hugetlbfs: fix null-ptr-deref in hugetlbfsparseparam bsc1249857. ...

OSV-2025-900 Heap-buffer-overflow in DecodeFrame

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=460575093 Crash type: Heap-buffer-overflow READ Crash state: DecodeFrame testdecoderprocess EsOutSend...

EUVD-2025-177475

Malicious code in old-import-decode-table-process npm...

EUVD-2025-179058

Malicious code in error-bash-monitor-stack-decode npm...

EUVD-2025-176946

Malicious code in proxy-rain-decode-xi-error npm...

EUVD-2025-176644

Malicious code in rho-log-cluster-decode-pi npm...

EUVD-2025-179251

Malicious code in double-decode-encrypt-cache-bundle npm...

EUVD-2025-179382

Malicious code in decode-export-data-cold-error npm...