GHSA-58PV-8J8X-9VJ2 jaraco.context Has a Path Traversal Vulnerability

Summary There is a Zip Slip path traversal vulnerability in the jaraco.context package affecting setuptools as well, in jaraco.context.tarball function. The vulnerability may allow attackers to extract files outside the intended extraction directory when malicious tar archives are processed. The...

github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation

A flaw was found in Expr, an expression language and expression evaluation for Go. This vulnerability allows a denial of service DoS via recursive traversal over user-provided deeply nested or cyclic data structures without enforcing a maximum recursion depth, leading to a stack overflow panic an...

github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation

A flaw was found in Expr, an expression language and expression evaluation for Go. This vulnerability allows a denial of service DoS via recursive traversal over user-provided deeply nested or cyclic data structures without enforcing a maximum recursion depth, leading to a stack overflow panic an...

github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation

A flaw was found in Expr, an expression language and expression evaluation for Go. This vulnerability allows a denial of service DoS via recursive traversal over user-provided deeply nested or cyclic data structures without enforcing a maximum recursion depth, leading to a stack overflow panic an...

Astra Linux - уязвимость в linux-6.12

In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP When running as an SNP or TDX guest under KVM, force the legacy PCI hole, i.e. memory between Top of Lower Usable DRAM and 4GiB, to be mapped as UC via a forc...

MiracleLinux 7 : libxslt-1.1.28-6.0.2.el7.AXS7 (AXSA:2025-9856:03)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9856:03 advisory. CVE-2025-24855: fix use-after-free issue in numbers.c by restoring XPath context node in nested XPath evaluations CVEs: CVE-2025-24855 numbers.c in libxslt...

PT-2026-3523

Name of the Vulnerable Software and Affected Versions jaraco.context versions prior to 6.1.0 Description jaraco.context, a software package providing decorators and context managers, contains a path traversal issue in the jaraco.context.tarball function. The issue allows attackers to extract file...

CVE-2019-18455

An issue was discovered in GitLab Community and Enterprise Edition 11 through 12.4 when building Nested GraphQL queries. It has a large or infinite loop...

CVE-2024-39010

chase-moskal snapstate v0.0.9 was discovered to contain a prototype pollution via the function attemptNestedProperty. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

CVE-2023-49195

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kyle Phillips Nested Pages allows Stored XSS.This issue affects Nested Pages: from n/a through 3.2.6...

CVE-2023-50730

Grackle is a GraphQL server written in functional Scala, built on the Typelevel stack. The GraphQL specification requires that GraphQL fragments must not form cycles, either directly or indirectly. Prior to Grackle version 0.18.0, that requirement wasn't checked, and queries with cyclic fragments...

CVE-2025-23061

Mongoose before 8.9.5 can improperly use a nested $where filter with a populate match, leading to search injection. NOTE: this issue exists because of an incomplete fix for CVE-2024-53900...

Amazon Linux 2023 : python3.11, python3.11-devel, python3.11-idle (ALAS2023-2025-1356)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1356 advisory. When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can be impacted when building...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000347)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000347 advisory. In the Linux kernel 4.15.x through 4.19.x before 4.19.2, mapwrite in kernel/usernamespace.c allows privilege escalation because it mishandles nested user namespaces...

Medium: python3.12

Issue Overview: When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can be impacted when building excessively nested documents. CVE-2025-12084 When reading an HTTP response from a server, i...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000309)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000309 advisory. A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested=1 virtualization is enabled. In...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000232)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000232 advisory. A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister MSR access with nested=1 virtualization enabled. In that, L1 guest could access...

SUSE-SU-2026:0025-1 Security update for python312

This update for python312 fixes the following issues: - CVE-2025-12084: quadratic complexity when building nested elements using xml.dom.minidom methods that depend on clearidcache can lead to availability issues when building excessively nested documents bsc1254997. - CVE-2025-13836: use of...

Allocation of Resources Without Limits or Throttling

Overview sqlatypemodel is a Typed JSON fields for SQLAlchemy with automatic mutation tracking Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to uncontrolled recursion when processing deeply nested JSON-like structures. An attacker can...

SQL Injection

Overview langchain-cloudflare is a Langchain Integrations for Cloudflare's WorkersAI and Vectorize Affected versions of this package are vulnerable to SQL Injection due to improper sanitization of nested metadata in D1 database operations. The d1upserttexts and ad1upserttexts methods construct SQ...