SUSE-SU-2026:20154-1 Security update for python313

This update for python313 fixes the following issues: - Update to 3.13.11: - Security - CVE-2025-12084: cpython: Fixed quadratic algorithm in xml.dom.minidom leading to denial of service bsc1254997 - CVE-2025-13836: Fixed default Content-Lenght read amount from HTTP response bsc1254400 -...

Azure Linux 3.0 Security Update: espeak-ng (CVE-2023-49992)

The version of espeak-ng installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-49992 advisory. - Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Overflow via the function RemoveEnding at...

MiracleLinux 9 : dotnet6.0-6.0.109-1.el9.ML.1 (AXSA:2022-4110:18)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-4110:18 advisory. dotnet: DenialOfService - ASP.NET Core MVC vulnerable to stack overflow via ModelStateDictionary recursion. CVE-2022-38013 Tenable has extracted the precedin...

SUSE CVE-2022-21605

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Data Dictionary. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successf...

MiracleLinux 4 : wireshark-1.2.15-2.AXS4.1 (AXSA:2012-539:02)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2012-539:02 advisory. Wireshark is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library,...

CVE-2023-29736

Keyboard Themes 1.275.1.164 for Android contains a dictionary traversal vulnerability that allows unauthorized apps to overwrite arbitrary files in its internal storage and achieve arbitrary code execution...

CVE-2021-22097

In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString method, will deserialize a body for a message with content type application/x-java-serialized-object. It is possible to construct a malicious java.util.Dictionary object that can cause 100%...

CVE-2020-24159

NetEase Youdao Dictionary has a DLL hijacking vulnerability, which can be exploited by attackers to gain server permissions. This affects Guangzhou NetEase Youdao Dictionary 8.9.2.0...

CVE-2021-41995

A misconfiguration of RSA in PingID Mac Login prior to 1.1 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass...

CVE-2021-41992

A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass...

NiceGUI has Redis connection leak via tab storage causes service degradation

Summary An unauthenticated attacker can exhaust Redis connections by repeatedly opening and closing browser tabs on any NiceGUI application using Redis-backed storage. Connections are never released, leading to service degradation when Redis hits its connection limit. NiceGUI continues accepting...

CVE-2026-22041

Logging Redactor is a Python library designed to redact sensitive data in logs based on regex patterns and / or dictionary keys. Prior to version 0.0.6, non-string types are converted into string types, leading to type errors in %d conversions. The problem has been patched in version 0.0.6. No...

CVE-2019-12941

AutoPi Wi-Fi/NB and 4G/LTE devices before 2019-10-15 allows an attacker to perform a brute-force attack or dictionary attack to gain access to the WiFi network, which provides root access to the device. The default WiFi password and WiFi SSID are derived from the same hash function output input i...

OreaHax-Framework

OreaHax-Framework ╔════════════════════════════════════...

PT-2026-25910

Summary Decompressing invalid LZ4 data can leak data from uninitialized memory, or can leak content from previous decompression operations when reusing an output buffer. Details The LZ4 block format defines a "match copy operation" which duplicates previously written data or data from the...

SQL Injection

assyncmy is vulnerable to SQL Injection. The vulnerability is due to improper handling of crafted dictionary keys in SQL query construction, which allows an attacker to inject and execute arbitrary SQL commands...

CVE-2025-13372

A flaw was found in Django. This vulnerability allows Structured Query Language SQL injection in column aliases via a suitably crafted dictionary with dictionary expansion, as the kwargs passed to QuerySet.annotate or QuerySet.alias on PostgreSQL. Mitigation Mitigation for this issue is either no...

CVE-2025-66625

Umbraco is an ASP.NET CMS. Due to unsafe handling and deletion of temporary files in versions 10.0.0 through 13.12.0, during the dictionary upload process an attacker with access to the backoffice can trigger predictable requests to temporary file paths. The application’s error responses HTTP 500...

django: Django SQL injection

A potential SQL injection vulnerability has been discovered in the Django web framework. The methods QuerySet.filter, QuerySet.exclude, and QuerySet.get, and the class Q were subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the connector argument...

django: Django SQL injection

A potential SQL injection vulnerability has been discovered in the Django web framework. The methods QuerySet.filter, QuerySet.exclude, and QuerySet.get, and the class Q were subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the connector argument...