EUVD-2022-37394

Malicious code in bioql PyPI...

EUVD-2022-0634

Malicious code in bioql PyPI...

EUVD-2023-1717

Malicious code in bioql PyPI...

EUVD-2024-20838

Malicious code in bioql PyPI...

G_variant_byteswap() can take a long time with some non-normal inputs

...

BIT-GITLAB-2025-10868 Business Logic Errors in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.4 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 where certain string conversion methods exhibit performance degradation with large inputs...

Security update for pam

This update for pam fixes the following issues: Improve previous CVE-2024-10041 fix which led to CPU performance issues bsc1232234 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...

CVE-2025-48074

OpenEXR (v3.3.2) is vulnerable due to unvalidated dataWindow size values in file headers, causing excessive memory allocation and potential performance degradation or denial of service. The issue is fixed in v3.3.3; affected component is the OpenEXR EXR reader/writer code that processes header da...

CVE-2025-48074 OpenEXR's Unbounded File Header Values can Lead to Out-Of-Memory Errors

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, applications trust unvalidated dataWindow size values from file headers, which can lead to excessive memory allocation and performance...

PT-2025-30841 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw was identified in the Linux kernel related to the access ok function and TASK SIZE MAX definition. A previous commit attempted to optimize access ok by setting TASK SIZE MAX to...

Security Bulletin: Using untrusted strings with .replace on Babel-compiled regex named capturing groups can lead to performance degradation, which affects IBM watsonx.data

Summary Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and 8.0.0-alpha.17 to compile regular expression named capturing groups, Babel will generate a polyfill for the .replace method that has quadratic complexity on some specific...

CBL Mariner 2.0 Security Update: frr (CVE-2024-55553)

The version of frr installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-55553 advisory. - In FRRouting FRR before 10.3 from 6.0 onward, all routes are re-validated if the total size of an update receiv...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in path-to-regexp-0.1.7.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of path-to-regexp-0.1.7.tgz Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be...

CVE-2022-49964

CVE-2022-49964 affects the Linux kernel arm64 cacheinfo path. The root cause was assigning a signed error value (-ENOENT) returned by acpi_find_last_cache_level() to an unsigned fw_level, causing the number of cache leaves to become an enormous value and triggering a warning in __alloc_pages. The...

CVE-2025-6069

The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service...

PT-2025-23224 · Vllm · Vllm

Name of the Vulnerable Software and Affected Versions: vLLM versions 0.6.4 through 0.9.0 Description: The issue is a Regular Expression Denial of Service ReDoS vulnerability in the file vllm/entrypoints/openai/tool parsers/pythonic tool parser.py. The root cause is the use of a highly complex and...

Python Library Django 4.2.x < 4.2.21 / 5.1.x < 5.1.9 / 5.2.x < 5.2.1 DoS

The detected version of the Django Python package, Django, is 4.2.x prior to 4.2.21 or 5.1.x prior to 5.1.9 or 5.2.x prior to 5.2.1. It is, therefore, affected by a denial of service vulnerability as disclosed in Django's May 7th 2025 security advisory. The django.utils.html.striptags function is...

Updated python-django packages fix security vulnerability

An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.striptags function is vulnerable to a potential denial-of-service slow performance when processing inputs containing large sequences of incomplete HTML tags. The template filter...

Django has a denial-of-service possibility in strip_tags()

An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.striptags function is vulnerable to a potential denial-of-service slow performance when processing inputs containing large sequences of incomplete HTML tags. The template filter...

CVE-2025-32873

CVE-2025-32873 affects Django: vulnerable in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The issue is in django.utils.html.strip_tags(), which can be exploited to cause a denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTM...