10 matches found
EUVD-2025-21069
Malicious code in bioql PyPI...
CVE-2025-53632
Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario i.e. a zip archive, the path of the file to write is not checked, potentially leading to zip slips. Exploitation does not require authentication nor authorization, so anyone can...
CVE-2025-53633
Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario i.e. a zip archive, the size of the decoded content is not checked, potentially leading to zip bombs decompression. Exploitation does not require authentication nor authorization, ...
CVE-2025-53632
Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario i.e. a zip archive, the path of the file to write is not checked, potentially leading to zip slips. Exploitation does not require authentication nor authorization, so anyone can...
CVE-2025-53634 Chall-Manager's HTTP Gateway have no header check timeout leading to potential slow loris attacks
Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. The HTTP Gateway processes headers, but with no timeout set. With a slow loris attack, an attacker could cause Denial of Service DoS. Exploitation does not require authentication nor authorization, so anyo...
CVE-2025-53634 Chall-Manager's HTTP Gateway have no header check timeout leading to potential slow loris attacks
Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. The HTTP Gateway processes headers, but with no timeout set. With a slow loris attack, an attacker could cause Denial of Service DoS. Exploitation does not require authentication nor authorization, so anyo...
CVE-2025-53634 Chall-Manager's HTTP Gateway have no header check timeout leading to potential slow loris attacks
Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. The HTTP Gateway processes headers, but with no timeout set. With a slow loris attack, an attacker could cause Denial of Service DoS. Exploitation does not require authentication nor authorization, so anyo...
CVE-2025-53633 Chall-Manager's scenario decoding process does not check for zip bombs
Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario i.e. a zip archive, the size of the decoded content is not checked, potentially leading to zip bombs decompression. Exploitation does not require authentication nor authorization, ...
CVE-2025-53633 Chall-Manager's scenario decoding process does not check for zip bombs
Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario i.e. a zip archive, the size of the decoded content is not checked, potentially leading to zip bombs decompression. Exploitation does not require authentication nor authorization, ...
CVE-2025-53632
CVE-2025-53632 affects Chall-Manager and describes a path traversal (zip slip) vulnerability during the decoding/extraction of a scenario archive. The root cause is that the target path for extracted files is not checked, enabling arbitrary file writes and potential impact on integrity and availa...