2dify (=1.0.1), a2grunnerp (>=0.1.0 <=0.1.8) +720 more potentially affected by unknown CVE via fonttools (>=4.0.0 <=4.61.1)

fonttools PYPI version =4.0.0, =0.1.0, =0.0.2, =1.0.0, =0.1.3, =3.0.1, =0.0.3.20, =0.0.1, =1.1.2, =1.5.0 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-FONTTOOLS-15869939...

Arbitrary Code Execution

Overview fonttools is a Tools to manipulate font files Affected versions of this package are vulnerable to Arbitrary Code Execution due to the parseBlendList function's usage of built-in Python's eval function when parsing TTX font data. An attacker can execute arbitrary scripts by supplying a...

Exploit for XML Injection (aka Blind XPath Injection) in Fonttools

CVE-2025-66034 — fontTools varLib Arbitrary File Write → RCE...

Advisory ROSA-SA-2026-3220

Software: fonttools 4.49.0 WASP: ROSA-CHROME unaffected versions = fonttools-4.49.0-2 affected versions fonttools-4.49.0-2 CVE-ID: CVE-2025-66034 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Arbitrary file write vulnerability in fontTools varLib allows a remote attacker to execute arbitrary code when...

Exploit for XML Injection (aka Blind XPath Injection) in Fonttools

fontvarlib.py — CVE-2025-66034 fontTools varLib — Arbi...

Exploit for XML Injection (aka Blind XPath Injection) in Fonttools

CVE-2025-66034-Poc-to-Get-RCE-for-HTB-VariaType Just run the...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection Component uses fontTools dependency which is vulnerable to CVE-2025-66034.

Summary IBM Maximo Application Suite - Visual Inspection Component uses fontTools dependency which is vulnerable to CVE-2025-66034. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-66034 DESCRIPTION: fontTools is a library fo...

Exploit for XML Injection (aka Blind XPath Injection) in Fonttools

No d...

Exploit for XML Injection (aka Blind XPath Injection) in Fonttools

CVE-2025-66034-Poc-to-Get-RCE-for-HTB-VariaType Just run the...

Exploit for XML Injection (aka Blind XPath Injection) in Fonttools

No d...

Exploit for XML Injection (aka Blind XPath Injection) in Fonttools

fontTools varLib CVE-2025-66034 Exploit...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an XML Injection in fonttools [CVE-2025-66034]

Summary IBM Watson Speech Services Cartridge is vulnerable to an XML Injection in fonttools, an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed CVE-2025-66034. fontTools is used in our service runtimes. This vulnerabilitiy has...

SUSE: Security Advisory (SUSE-SU-2026:20184-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for python-FontTools (moderate)

openSUSE security update: security update for python-fonttools ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20119-1 Rating: moderate References: bsc1254366 Cross-References: CVE-2025-66034 CVSS scores: CVE-2025-66034 SUSE : 6.3...

Security Bulletin: The IBM Maximo Application Suite AI-Service component uses multiple third-party dependencies that contain vulnerabilities associated with multiple CVEs.

Summary The IBM Maximo Application Suite AI-Service component uses"fonttools-4.44.3-cp311-cp311-manylinux217x8664.manylinux2014x8664.whl, fonttools-4.55.3-cp311-cp311-manylinux217x8664.manylinux2014x8664.whl, werkzeug-3.0.6-py3-none-any.whl, filelock-3.13.4-py3-none-any.whl,...

Security Bulletin: IBM Maximo Application Suite uses werkzeug-3.1.3,fonttools-4.60.0-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.whl,lodash.clonedeep-4.5.0.tgz,js-yaml-4.1.0.tgz,mdast-util-towhich is vulnerable to multiple CVEs

Summary IBM Maximo Application Suite uses werkzeug-3.1.3-py3-none-any.whl, fonttools-4.60.0-cp311-cp311-manylinux2014x8664.manylinux217x8664.whl, lodash.clonedeep-4.5.0.tgz, js-yaml-4.1.0.tgz, mdast-util-towhich is vulnerable to CVE-2025-66221, CVE-2025-66034, CVE-2018-16487, CVE-2025-64718,...

OPENSUSE-SU-2026:20119-1 Security update for python-FontTools

This update for python-FontTools fixes the following issues: - CVE-2025-66034: Fixed arbitrary file write vulnerability that could lead to remote code execution bsc1254366...

SUSE-SU-2026:20184-1 Security update for python-FontTools

This update for python-FontTools fixes the following issues: - CVE-2025-66034: Fixed arbitrary file write vulnerability that could lead to remote code execution bsc1254366...

openSUSE Security Advisory (SUSE-SU-2026:0199-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 / openSUSE 15 Security Update : python-FontTools (SUSE-SU-2026:0199-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:0199-1 advisory. - CVE-2025-66034: Fixed arbitrary file write vulnerability that could lead to remote code execution bsc1254366. Tenable has extracted the...