CVE-2025-5302

A denial of service vulnerability exists in the JSONReader component of the run-llama/llamaindex repository, specifically in version v0.12.37. The vulnerability is caused by uncontrolled recursion when parsing deeply nested JSON files, which can lead to Python hitting its maximum recursion depth...

CVE-2025-5302

The CVE-2025-5302 affects the JSONReader in run-llama/llama_index v0.12.37, where unconstrained recursion on deeply nested JSON can exhaust Python recursion depth, causing high CPU/memory use and potential DoS. The issue is resolved in v0.12.38. Remediation: upgrade llama_index to 0.12.38 or late...

LlamaIndex 安全漏洞

LlamaIndex is a data framework for LLM applications from the LlamaIndex open source. A security vulnerability exists in LlamaIndex version v0.12.37, which stems from an uncontrolled recursion when parsing deeply nested JSON files by the JSONReader component, which could lead to a denial of servic...

com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError

A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur...

Linux Distros Unpatched Vulnerability : CVE-2020-36518

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. CVE-2020-36518 Note that Nessus...

Denial Of Service (DoS)

OpenEXR is vulnerable to Denial Of Service DoS. The vulnerability is due to a NULL pointer dereference due to improper handling of deep scanline images with large sample counts in reduceMemory mode...

Heap-based Buffer Overflow

OpenEXR is vulnerable to Heap-based Buffer Overflow. The vulnerability is due to improper memory handling due to a maliciously forged chunk header when decompressing ZIPS-packed deep scan-line EXR files...

Linux Distros Unpatched Vulnerability : CVE-2025-48073

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3....

Linux Distros Unpatched Vulnerability : CVE-2025-48071

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3...

CVE-2025-50861

The Lotus Cars Android app com.lotus.carsdomestic.intl 1.2.8 contains an exported component, PushDeepLinkActivity, which is accessible without authentication via ADB or malicious apps. This poses a risk of unintended access to application internals and can cause denial of service or logic abuse...

Machine Learning-Based AES Key Recovery Via Side-Channel Analysis on the ASCAD Dataset

Cryptographic algorithms like AES and RSA are widely used and they are mathematically robust and almost unbreakable but its implementation on physical devices often leak information through side channels, such as electromagnetic EM emissions, potentially compromising said theoretically secure...

Malicious code in deep-dev (npm)

The package deep-dev was found to contain malicious code...

MAL-2025-37515 Malicious code in ug-deep-alt (npm)

The package ug-deep-alt was found to contain malicious code...

MAL-2025-18175 Malicious code in deep-thought-relay-client (npm)

The package deep-thought-relay-client was found to contain malicious code...

Malicious code in deep-thought-relay-client (npm)

The package deep-thought-relay-client was found to contain malicious code...

Malicious code in ug-deep-alt (npm)

The package ug-deep-alt was found to contain malicious code...

Malicious code in ug-deep (npm)

The package ug-deep was found to contain malicious code...

MAL-2025-18174 Malicious code in deep-dev (npm)

The package deep-dev was found to contain malicious code...

MAL-2025-37514 Malicious code in ug-deep (npm)

The package ug-deep was found to contain malicious code...

CVE-2025-50861

The CVE-2025-50861 entry affects the Lotus Cars Android App (com.lotus.carsdomestic.intl) version 1.2.8, where the exported component PushDeepLinkActivity is accessible without authentication via ADB or malicious apps. This could allow unintended access to application internals and may lead to de...