PT-2026-31348

Name of the Vulnerable Software and Affected Versions: LiquidJS versions prior to 10.25.3 Description: LiquidJS is a template engine. A flaw exists in the 'replace' filter when the 'memoryLimit' option is enabled. The memory usage calculation incorrectly accounts for the size of the output string...

NewStart CGSL MAIN 7.02 : brotli Vulnerability (NS-SA-2026-0038)

The remote NewStart CGSL host, running version MAIN 7.02, has brotli packages installed that are affected by a vulnerability: - Scrapy versions up to 2.13.2 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against...

CVE-2026-33155

DeepDiff is a project focused on Deep Difference and search of any Python data. From version 5.0.0 to before version 8.6.2, the pickle unpickler RestrictedUnpickler validates which classes can be loaded but does not limit their constructor arguments. A few of the types in SAFETOIMPORT have...

OPENSUSE-SU-2026:20396-1 Security update for librsvg

This update for librsvg fixes the following issues: Update to version 2.60.2: - CVE-2024-12224: Fixed idna accepts Punycode labels that do not produce any non-ASCII when decoded bsc1243867. - CVE-2024-43806: Fixed memory explosion in rustix bsc1229950...

SUSE-SU-2026:20910-1 Security update for librsvg

This update for librsvg fixes the following issues: Update to version 2.60.2: - CVE-2024-12224: Fixed idna accepts Punycode labels that do not produce any non-ASCII when decoded bsc1243867. - CVE-2024-43806: Fixed memory explosion in rustix bsc1229950...

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

PT-2026-21803

Name of the Vulnerable Software and Affected Versions Fiber versions prior to 3.1.0 Description The use of the fiber flash cookie can lead to an unbounded allocation on any server. A specially crafted 10-character cookie value triggers an attempt to allocate up to 85GB of memory through unvalidat...

Security update for librsvg

This update for librsvg fixes the following issues: Update to version 2.52.12. CVE-2024-12224: idna: incorrect hostname comparisons and URL parsing may be performed due to acceptance of Punycode labels that do not produce any non-ASCII output when decoded bsc1243867. CVE-2024-43806: rustix:...

SUSE-SU-2025:4411-1 Security update for librsvg

This update for librsvg fixes the following issues: Update to version 2.52.12. - CVE-2024-12224: idna: incorrect hostname comparisons and URL parsing may be performed due to acceptance of Punycode labels that do not produce any non-ASCII output when decoded bsc1243867. - CVE-2024-43806: rustix:...

OpenBao has potential Denial of Service vulnerability when processing malicious unauthenticated JSON requests

Summary JSON objects after decoding might use more memory than their serialized version. It is possible to tune a JSON to maximize the factor between serialized memory usage and deserialized memory usage similar to a zip bomb. While reproducing the issue, we could reach a factor of about 35. This...

CVE-2025-59043 OpenBao vulnerable to denial of service via malicious JSON request processing

OpenBao is an open source identity-based secrets management system. In OpenBao versions prior to 2.4.1, JSON objects after decoding may use significantly more memory than their serialized version. It is possible to craft a JSON payload to maximize the factor between serialized memory usage and...

SUSE-SU-2025:20858-1 Security update for rust-keylime

This update for rust-keylime fixes the following issues: - CVE-2025-55159: slab: incorrect bounds check in getdisjointmut function can lead to undefined behavior or potential crash due to out-of-bounds access bsc1248006 - CVE-2025-3416: openssl: Use-After-Free in Md::fetch and Cipher::fetch in...

EUVD-2019-11518

Malware in sbrugna...

EUVD-2023-2715

Malicious code in bioql PyPI...

Attack Graph Generation on HPC Clusters

Attack graphs AGs are graphical tools to analyze the security of computer networks. By connecting the exploitation of individual vulnerabilities, AGs expose possible multi-step attacks against target networks, allowing system administrators to take preventive measures to enhance their network's...

SUSE-SU-2025:02811-1 Security update for rust-keylime

This update for rust-keylime fixes the following issues: - Update to version 0.2.7+141: CVE-2025-58266: shlex: Fixed command injection bsc1247193 - Update to version 0.2.7+117: CVE-2023-26964: rust-keylime: hyper,h2: stream stacking when H2 processing HTTP2 RSTSTREAM frames bsc1210344...

Symbolic Execution in Practice: a Survey of Applications in Vulnerability, Malware, Firmware, and Protocol Analysis

Symbolic execution is a powerful program analysis technique that allows for the systematic exploration of all program paths. Path explosion, where the number of states to track becomes unwieldy, is one of the biggest challenges hindering symbolic execution's practical application. To combat this,...

CVE-2024-43806

Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using rustix::fs::Dir using the linuxraw backend, it's possible for the iterator to "get stuck" when an IO error is encountered. Combined with a memory over-allocation issue in rustix::fs::Dir::readmore, this can cause quick and...

Directed Greybox Fuzzing Via Large Language Model

Directed greybox fuzzing DGF focuses on efficiently reaching specific program locations or triggering particular behaviors, making it essential for tasks like vulnerability detection and crash reproduction. However, existing methods often suffer from path explosion and randomness in input mutatio...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the improper handling of HTTP metrics. An attacker can cause a denial of service by sending crafted requests that lead to metrics explosion. Remediation There is no fixed versi...