68 matches found
EUVD-2025-18708
Malicious code in bioql PyPI...
EUVD-2025-18706
Malicious code in bioql PyPI...
EUVD-2025-18700
Malicious code in bioql PyPI...
EUVD-2025-18766
Malicious code in bioql PyPI...
Regular Expression Denial Of Service (ReDoS)
PowSyBl is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression handling due to unvalidated user-supplied regex being compiled and evaluated in the RegexCriterion class, leading to potential CPU exhaustion...
CVE-2025-47293
PowSyBl Power System Blocks is a framework to build power system oriented software. Prior to version 6.7.2, in certain places, powsybl-core XML parsing is vulnerable to an XML external entity XXE attack and to a server-side request forgery SSRF attack. This allows an attacker to elevate their...
CVE-2025-48058
PowSyBl Power System Blocks is a framework to build power system oriented software. Prior to version 6.7.2, there is a potential polynomial Regular Expression Denial of Service ReDoS vulnerability in the PowSyBl's DataSource mechanism. If successfully exploited, a malicious actor can cause...
CVE-2025-47771
PowSyBl Power System Blocks is a framework to build power system oriented software. In versions 6.3.0 to 6.7.1, there is a deserialization issue in the read method of the SparseMatrix class that can lead to a wide range of privilege escalations depending on the circumstances. This method takes in...
XML External Entity (XXE) Injection
PowSyBl is vulnerable to XML External Entity XXE. The vulnerability is due to the use of untrusted XML input in the XmlReader class, which can be exploited to read arbitrary files or perform unauthorized network requests...
CVE-2025-48059
PowSyBl Power System Blocks is a framework to build power system oriented software. In com.powsybl:powsybl-iidm-criteria versions 6.3.0 to before 6.7.2 and com.powsybl:powsybl-contingency-api versions 5.0.0 to before 6.3.0, there is a a potential polynomial Regular Expression Denial of Service...
CVE-2025-48059 PowSyBl Core Contains a Polynomial ReDoS in RegexCriterion
PowSyBl Power System Blocks is a framework to build power system oriented software. In com.powsybl:powsybl-iidm-criteria versions 6.3.0 to before 6.7.2 and com.powsybl:powsybl-contingency-api versions 5.0.0 to before 6.3.0, there is a a potential polynomial Regular Expression Denial of Service...
CVE-2025-48059 PowSyBl Core Contains a Polynomial ReDoS in RegexCriterion
PowSyBl Power System Blocks is a framework to build power system oriented software. In com.powsybl:powsybl-iidm-criteria versions 6.3.0 to before 6.7.2 and com.powsybl:powsybl-contingency-api versions 5.0.0 to before 6.3.0, there is a a potential polynomial Regular Expression Denial of Service...
CVE-2025-48059
PowSyBl Core contains a polynomial Regular Expression Denial of Service (ReDoS) in the RegexCriterion class used by powsybl-iidm-criteria (versions 6.3.0–6.7.1 and powsybl-contingency-api 5.0.0–6.3.0). The vulnerability arises from unvalidated user-supplied regex patterns compiled and evaluated a...
CVE-2025-48059 PowSyBl Core Contains a Polynomial ReDoS in RegexCriterion
PowSyBl Power System Blocks is a framework to build power system oriented software. In com.powsybl:powsybl-iidm-criteria versions 6.3.0 to before 6.7.2 and com.powsybl:powsybl-contingency-api versions 5.0.0 to before 6.3.0, there is a a potential polynomial Regular Expression Denial of Service...
CVE-2025-48058
PowSyBl Power System Blocks is a framework to build power system oriented software. Prior to version 6.7.2, there is a potential polynomial Regular Expression Denial of Service ReDoS vulnerability in the PowSyBl's DataSource mechanism. If successfully exploited, a malicious actor can cause...
CVE-2025-48058 PowSyBl Core contains Polynomial REDoS’es
PowSyBl Power System Blocks is a framework to build power system oriented software. Prior to version 6.7.2, there is a potential polynomial Regular Expression Denial of Service ReDoS vulnerability in the PowSyBl's DataSource mechanism. If successfully exploited, a malicious actor can cause...
CVE-2025-48058 PowSyBl Core contains Polynomial REDoS’es
PowSyBl Power System Blocks is a framework to build power system oriented software. Prior to version 6.7.2, there is a potential polynomial Regular Expression Denial of Service ReDoS vulnerability in the PowSyBl's DataSource mechanism. If successfully exploited, a malicious actor can cause...
CVE-2025-48058
PowSyBl Core contains a polynomial ReDoS vulnerability in the DataSource mechanism (affecting listNames regex handling) prior to version 6.7.2. Exploitation can cause high CPU due to regex backtracking. The issue has been patched in com.powsybl:powsybl-commons:6.7.2 and related patches in 6.7.2+;...
CVE-2025-48058 PowSyBl Core contains Polynomial REDoS’es
PowSyBl Power System Blocks is a framework to build power system oriented software. Prior to version 6.7.2, there is a potential polynomial Regular Expression Denial of Service ReDoS vulnerability in the PowSyBl's DataSource mechanism. If successfully exploited, a malicious actor can cause...
CVE-2025-47771
PowSyBl Power System Blocks is a framework to build power system oriented software. In versions 6.3.0 to 6.7.1, there is a deserialization issue in the read method of the SparseMatrix class that can lead to a wide range of privilege escalations depending on the circumstances. This method takes in...