Amazon Linux 2023 : python3.11-pip, python3.11-pip-wheel (ALAS2023-2025-1211)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1211 advisory. When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706.Note that upgrading pip to a fixed version for this...

Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)

Summary Rack::Multipart::Parser buffers the entire multipart preamble bytes before the first boundary in memory without any size limit. A client can send a large preamble followed by a valid boundary, causing significant memory use and potential process termination due to out-of-memory OOM...

EUVD-2022-28751

Malicious code in bioql PyPI...

EUVD-2025-22999

Malicious code in bioql PyPI...

SUSE CVE-2022-50346

In the Linux kernel, the following vulnerability has been resolved: ext4: init quota for 'old.inode' in 'ext4rename' Syzbot found the following issue: ext4parseparam: swantextraisize=128 ext4inodeinfoinit: swantextraisize=32 ext4rename: old.inode=ffff88823869a2c8 old.dir=ffff888238699828...

CVE-2025-38512

In the Linux kernel, the following vulnerability has been resolved: wifi: prevent A-MSDU attacks in mesh networks This patch is a mitigation to prevent the A-MSDU spoofing vulnerability for mesh networks. The initial update to the IEEE 802.11 standard, in response to the FragAttacks, missed this...

UBUNTU-CVE-2025-8194

There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives...

CVE-2025-8194

There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives...

CVE-2024-27102

Wings is the server control plane for Pterodactyl Panel. This vulnerability impacts anyone running the affected versions of Wings. The vulnerability can potentially be used to access files and directories on the host system. The full scope of impact is exactly unknown, but reading files outside o...

CVE-2025-47942 Learners on edX Platform can download python_lib.zip

The Open edX Platform is a learning management platform. Prior to commit 6740e75c0fdc7ba095baf88e9f5e4f3e15cfd8ba, edxapp has no built-in protection against downloading the pythonlib.zip asset from courses, which is a concern since it often contains custom grading code or answers to course...

CVE-2025-37859

In the Linux kernel, the following vulnerability has been resolved: pagepool: avoid infinite loop to schedule delayed worker We noticed the kworker in pagepoolreleaseretry was waken up repeatedly and infinitely in production because of the buggy driver causing the inflight less than 0 and warning...

PT-2024-18905 · Uplot · Uplot

Name of the Vulnerable Software and Affected Versions: uplot versions prior to 1.6.31 Description: The issue is related to Prototype Pollution via the uplot.assign function due to a missing check if the attribute resolves to the object prototype. This allows for potential manipulation of the...

PT-2024-33408 · Sourcecodester · Sourcecodester Simple Online Bidding System

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Online Bidding System version 1.0 Description: A critical issue has been found in the system, affecting an unknown functionality of the file /simple-online-bidding-system/admin/ajax.php?action=save product. This issue...

PT-2024-22482 · Freeimage +1 · Freeimage +1

Name of the Vulnerable Software and Affected Versions: FreeImage version 3.19.0 Description: The issue allows a local attacker to cause a denial of service DoS via the FreeImage Unload function when reading images in HDR format. Recommendations: For FreeImage version 3.19.0, consider disabling th...

PT-2023-11506 · Zziplib +6 · Zziplib +6

Name of the Vulnerable Software and Affected Versions: zziplib version 0.13.69 Description: An issue was discovered in the function zzip disk entry to file header in mmapped.c, which will lead to a denial-of-service. Recommendations: For zziplib version 0.13.69, consider applying a patch or fix t...

CVE-2023-34232 Snowflake NodeJS Driver vulnerable to Command Injection

snowflake-connector-nodejs, a NodeJS driver for Snowflake, is vulnerable to command injection via single sign on SSO browser URL authentication in versions prior to 1.6.21. In order to exploit the potential for command injection, an attacker would need to be successful in 1 establishing a malicio...

PT-2023-1589 · Sourcecodester · Sourcecodester Medical Certificate Generator App

Name of the Vulnerable Software and Affected Versions: SourceCodester Medical Certificate Generator App version 1.0 Description: A critical issue has been found in the manage record.php file of the SourceCodester Medical Certificate Generator App, related to the incorrect neutralization of specia...

UBUNTU-CVE-2023-0045

The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ibprctlset function updates the Thread Information Flags TIFs for the task and updates the SPECCTRL MSR on the function speculationctrlupdate, but the IBPB is only issued on the next...

Exploit for CVE-2022-30190

MSDT Patcher, a.k.a. CVE-2022-30190-NSIS This is an NSIS scrip...

Authentication flaw

In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Loader FSBL by bypassing authentication and loading a malicious image onto the device. This in turn may further allow the attacker to perform additional attacks such as such as using the device as a...