RHEL 10 : brotli (RHSA-2026:0008)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0008 advisory. Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffm...

PT-2026-2950

Name of the Vulnerable Software and Affected Versions Undici versions prior to 7.18.0 Undici versions prior to 6.23.0 Description Undici is an HTTP/1.1 client for Node.js. A malicious server can insert thousands of compression steps due to an unbounded number of links in the decompression chain a...

PT-2026-26290

Name of the Vulnerable Software and Affected Versions libarchive affected versions not specified Description An issue exists in libarchive’s zisofs decompression logic. Improper validation of the pz log2 bs field read from ISO9660 Rock Ridge extensions can lead to undefined behavior. An attacker...

PT-2026-25310

Name of the Vulnerable Software and Affected Versions libarchive affected versions not specified Description A flaw exists in the RAR5 archive decompression logic within the archive read data processing path of the libarchive library. Processing a specially crafted RAR5 archive can cause the...

Exploit for CVE-2025-14847

CVE-2025-14847 MongoBleed MongoDB zlib Compression Memory...

Exploit for CVE-2025-14847

mongobleed-scanner CVE-2025-14847 - MongoDB Unauthenticat...

MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide

A recently disclosed security vulnerability in MongoDB has come under active exploitation in the wild, with over 87,000 potentially susceptible instances identified across the world. The vulnerability in question is CVE-2025-14847 CVSS score: 8.7, which allows an unauthenticated attacker to...

Exploit for CVE-2025-14847

CVE-2025-14847 – MongoDB Unauthenticated Memory‑Leak Exploit...

Exploit for CVE-2025-14847

🩸 MongoBleed - CVE-2025-14847 Security Research Lab...

RLSA-2023:2417 Moderate: php:8.1 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 8.1.14. Security Fixes: XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cookie could b...

Exploit for CVE-2025-14847

mongobleed CVE-2025-14847 - MongoDB Unauthenticated Memor...

TencentOS Server 4: python-urllib3 (TSSA-2025:0972)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0972 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

CVE-2025-66909

Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an image decompression bomb denial of service vulnerability. The ExtendedOpenCVImage class in ai/djl/opencv/ExtendedOpenCVImage.java loads images using OpenCV's imread function without validating dimensions or pixel count before...

EUVD-2025-204541

Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an image decompression bomb denial of service vulnerability. The ExtendedOpenCVImage class in ai/djl/opencv/ExtendedOpenCVImage.java loads images using OpenCV's imread function without validating dimensions or pixel count before...

CVE-2025-66909

Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an image decompression bomb denial of service vulnerability. The ExtendedOpenCVImage class in ai/djl/opencv/ExtendedOpenCVImage.java loads images using OpenCV's imread function without validating dimensions or pixel count before...

CVE-2025-66909

Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an image decompression bomb denial of service vulnerability. The ExtendedOpenCVImage class in ai/djl/opencv/ExtendedOpenCVImage.java loads images using OpenCV's imread function without validating dimensions or pixel count before...

CVE-2025-66909

Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an image decompression bomb denial of service vulnerability. The ExtendedOpenCVImage class in ai/djl/opencv/ExtendedOpenCVImage.java loads images using OpenCV's imread function without validating dimensions or pixel count before...

turms 安全漏洞

turms is an instant messaging engine from turms-im open source. A security vulnerability exists in turms AI-Serving module v0.10.0-SNAPSHOT and prior versions, which originates from an image decompression bomb and may result in a denial of service...

CVE-2025-66909

Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an image decompression bomb denial of service vulnerability. The ExtendedOpenCVImage class in ai/djl/opencv/ExtendedOpenCVImage.java loads images using OpenCV's imread function without validating dimensions or pixel count before...

CVE-2025-66909

Turms AI-Serving module prior to v0.10.0 is affected by an image decompression bomb DoS. The ExtendedOpenCVImage class uses OpenCV imread() without validating image dimensions or pixel count before decompression, allowing a crafted compressed image (e.g., PNG) to expand to gigabytes in memory, ca...