SUSE SLES15 Security Update : python311 (SUSE-SU-2025:02358-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:02358-1 advisory. - CVE-2025-6069: Avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser bsc1244705. Tenable...

SUSE-SU-2025:02358-1 Security update for python311

This update for python311 fixes the following issues: - CVE-2025-6069: Avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser bsc1244705...

Security update for python36

This update for python36 fixes the following issues: CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory bsc1244056 CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the...

Amazon Linux 2023 : python3.12, python3.12-devel, python3.12-idle (ALAS2023-2025-1056)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1056 advisory. The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service. CVE-2025-6069 Tenable has...

openSUSE 15 Security Update : python39 (SUSE-SU-2025:02232-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:02232-1 advisory. - CVE-2025-6069: Avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser bsc1244705. Tenable has extracted th...

SUSE-SU-2025:02232-1 Security update for python39

This update for python39 fixes the following issues: - CVE-2025-6069: Avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser bsc1244705...

AZL-64178 CVE-2025-6069 affecting package python3 for versions less than 3.12.9-3

The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service...

CVE-2025-6069

The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service...

CVE-2025-6069

The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service...

DEBIAN-CVE-2025-6069

The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service...

PSF-2025-10

The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service...

CVE-2025-6069 HTMLParser quadratic complexity when processing malformed inputs

The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service...

CVE-2025-6069

The issue CVE-2025-6069 affects Python’s standard library HTML parsing: the html.parser.HTMLParser class can exhibit worst-case quadratic complexity when handling crafted malformed inputs, potentially enabling amplified denial-of-service. The connected advisories confirm the affected component is...

CVE-2025-6069

The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service...

PT-2025-25656

Name of the Vulnerable Software and Affected Versions html.parser.HTMLParser affected versions not specified Description The issue concerns the html.parser.HTMLParser class, which has worse-case quadratic complexity when processing certain crafted malformed inputs. This could potentially lead to...

BIT-TYPO3-2021-32768

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding...

SUSE CVE-2019-14233

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.striptags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities...

RHEL 8 : python-django (RHSA-2020:1324)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1324 advisory. Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as muc...

MAL-2022-3695 Malicious code in htmlpjader (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5152a75e4aff480b4dca1381662c3ea32aca994973b19c3949b40f9801d67809 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Mutation Stored XSS at homepage

Description bookwyrm HTML input sanitizer is vulnerable to Mutation XSS. The payload could be stored and displayed on the homepage of the website path /feed or /discovery making it widely affects all users and the main website. Proof of Concept Edit a book description: // PoC Access to the /feed...