Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3256 matches found

EUVD
EUVDadded 2025/10/22 9:31 p.m.5 views

EUVD-2025-33799

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allowing an attacker who can supply decryptable...

6.5CVSS6.3AI score0.00418EPSS
Exploits1References3
Debian CVE
Debian CVEadded 2025/10/22 9:31 p.m.4 views

CVE-2025-62706

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allowing an attacker who can supply decryptable...

6.5CVSS5.3AI score0.00418EPSS
Exploits1
Cvelist
Cvelistadded 2025/10/22 9:31 p.m.13 views

CVE-2025-62706 Authlib : JWE zip=DEF decompression bomb enables DoS

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allowing an attacker who can supply decryptable...

6.5CVSS0.00418EPSS
Exploits1References2
OSV
OSVadded 2025/10/22 9:31 p.m.4 views

CVE-2025-62706 Authlib : JWE zip=DEF decompression bomb enables DoS

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allowing an attacker who can supply decryptable...

6.5CVSS6.8AI score0.00418EPSS
Exploits1References5
CVE
CVEadded 2025/10/22 9:31 p.m.53 views

CVE-2025-62706

Authlib’s CVE-2025-62706 affects the JWE zip=DEF decompression path in prior releases. A small ciphertext could inflate to tens/hundreds of MB during decrypt, enabling DoS via memory and CPU exhaustion. A fix exists in v1.6.5; mitigations include rejecting or stripping zip=DEF for inbound JWEs, a...

6.5CVSS6.5AI score0.00418EPSS
Exploits1References3Affected Software1
CNNVD
CNNVDadded 2025/10/22 12:0 a.m.3 views

Authlib 安全漏洞

Authlib is the ultimate Python library for building OAuth and OpenID Connect servers open-sourced by Authlib. A security vulnerability exists in Authlib versions prior to 1.6.5, which stems from the JWE zip=DEF path executing an unrestricted DEFLATE decompression, which could lead to memory and C...

6.5CVSS6.4AI score0.00418EPSS
Exploits1References4
CNVD
CNVDadded 2025/10/21 12:0 a.m.6 views

ZenML Input Validation Error Vulnerability

ZenML is an extensible open source MLOps framework from ZenML Open Source for creating portable, production-ready machine learning pipelines. An input validation error vulnerability exists in ZenML version 0.83.1, which stems from the failure of the PathMaterializer class to effectively detect...

7.8CVSS7.4AI score0.00326EPSS
Exploits1References1
Fedora
Fedoraadded 2025/10/19 2:39 a.m.5 views

[SECURITY] Fedora 42 Update: suricata-7.0.12-1.fc42

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

7.5CVSS6.9AI score0.00344EPSS
Exploits0
OSV
OSVadded 2025/10/10 10:54 p.m.9 views

GHSA-G7F3-828F-7H7M Authlib : JWE zip=DEF decompression bomb enables DoS

Summary Authlib’s JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allowing an attacker who can supply decryptable tokens to exhaust memory and CPU and cause denial of service. Details - Affected component...

6.5CVSS7.1AI score0.00418EPSS
Exploits1References5
Github Security Blog
Github Security Blogadded 2025/10/10 10:54 p.m.7 views

Authlib : JWE zip=DEF decompression bomb enables DoS

Summary Authlib’s JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allowing an attacker who can supply decryptable tokens to exhaust memory and CPU and cause denial of service. Details - Affected component...

6.5CVSS6.5AI score0.00418EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologiesadded 2025/10/10 12:0 a.m.7 views

PT-2025-43412

Name of the Vulnerable Software and Affected Versions Authlib versions prior to 1.6.5 Description Authlib’s JWE implementation, specifically when handling the zip=DEF option, is susceptible to a denial of service. A small ciphertext can expand to a very large plaintext during decompression due to...

6.5CVSS5.2AI score0.00418EPSS
Exploits1References29
OSV
OSVadded 2025/10/09 9:46 p.m.3 views

JLSEC-2025-11 BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many...

BZ2decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors...

9.8CVSS8.8AI score0.08042EPSS
Exploits0References23
CNNVD
CNNVDadded 2025/10/09 12:0 a.m.2 views

BBOT 安全漏洞

BBOT is an open source recursive Internet scanner from Black Lantern Security. A security vulnerability exists in BBOT that stems from the decompression module's handling of malicious compressed files that could lead to arbitrary file writes, which could trigger remote code execution...

9.6CVSS7.7AI score0.00668EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2021-16025

Malware in sbrugna...

7.1CVSS7AI score0.00715EPSS
Exploits0References10
EUVD
EUVDadded 2025/10/07 12:30 a.m.4 views

EUVD-2002-0751

Malware in sbrugna...

5CVSS6.4AI score0.01348EPSS
Exploits0References5
EUVD
EUVDadded 2025/10/07 12:30 a.m.5 views

EUVD-2007-2958

Malware in sbrugna...

7.5CVSS6.4AI score0.05208EPSS
Exploits0References12
EUVD
EUVDadded 2025/10/07 12:30 a.m.8 views

EUVD-2017-1597

Malware in sbrugna...

6.5CVSS6.7AI score0.01681EPSS
Exploits1References4
EUVD
EUVDadded 2025/10/07 12:30 a.m.4 views

EUVD-2021-25624

Malware in sbrugna...

7.8CVSS6.5AI score0.00392EPSS
Exploits0References13
EUVD
EUVDadded 2025/10/07 12:30 a.m.4 views

EUVD-2020-6263

Malware in sbrugna...

8.1CVSS8AI score0.00665EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.4 views

EUVD-2016-6260

Malware in sbrugna...

5.5CVSS6AI score0.06877EPSS
Exploits2References9
Rows per page
Query Builder