58367 matches found
CVE-2025-67747
Fickling is a Python pickling decompiler and static analyzer. Versions prior to 0.1.6 are missing marshal and types from the block list of unsafe module imports. Fickling started blocking both modules to address this issue. This allows an attacker to craft a malicious pickle file that can bypass...
CVE-2024-29370
In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...
PT-2025-51835
In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...
CVE-2024-29370
CVE-2024-29370 affects python-jose 3.3.0 (jwe.decrypt). An attacker can craft a malicious JWE with an exceptionally high compression ratio, causing a Denial-of-Service through heavy memory allocation and processing time during decompression. The CVSS vector in the description indicates Availabili...
python-jose 安全漏洞
python-jose is a JOSE implementation in Python by the individual developer Michael Davis. A security vulnerability exists in python-jose version 3.3.0, which stems from an attacker being able to construct malicious JSON Web Encryption tokens with extremely high compression rates, potentially...
Linux Distros Unpatched Vulnerability : CVE-2025-14714
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An Authentication Bypass vulnerability existed where the application bundled an interpreter Python that inherits the Transparency, Consent, and Control TCC...
ALSA-2025:23530 Important: python39:3.9 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
CVE-2024-29370
In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...
Fedora: Security Advisory (FEDORA-2025-6407a7ee7e)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
0x20bf (=0.0.1), 31 (=2.3.0) +4281 more potentially affected by CVE-2025-68146 via filelock (>=3.0.10 <=3.20.0)
filelock PYPI version =3.0.10, =0.0.3, =0.1.0, =1.0.5, =0.0.1b1, =0.2.3, =0.2.7 - ac-solver =0.1.0 - acceldata-o2a =1.0.0 and more Source cves: CVE-2025-68146 Source advisory: SNYK:PYTHON-FILELOCK-14458335...
Code Execution in Jupyter Notebook Exports
After our research on Cursor , in the context of developer-ecosystem security, we turn our attention to the Jupyter ecosystem. We expose security risks we identified in the notebook’s export functionality, in the default Windows environment, to help organizations better protect their assets and...
AZL-72739 CVE-2025-68146 affecting package python-filelock for versions less than 3.20.1-1
filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use TOCTOU race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows lock file creation...
UBUNTU-CVE-2025-68142
PyMdown Extensions is a set of extensions for the Python-Markdown markdown project. Versions prior to 10.16.1 have a ReDOS bug found within the figure caption extension pymdownx.blocks.caption. In systems that take unchecked user content, this could cause long hanges when processing the data if a...
CVE-2025-68146
filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use TOCTOU race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows lock file creation...
SUSE-SU-2025:21218-1 Security update for salt
This update for salt fixes the following issues: salt: - Security issues fixed: - CVE-2025-62349: Added minimumauthversion to enforce security bsc1254257 - CVE-2025-62348: Fixed Junos module yaml loader bsc1254256 - Backport security fixes for vendored tornado BDSA-2024-3438 BDSA-2024-3439...
SUSE-SU-2025:21216-1 Security update 5.0.6 for Multi-Linux Manager Client Tools, Salt and Salt Bundle
This update fixes the following issues: salt: - Security issues fixed: - CVE-2025-62349: Added minimumauthversion to enforce security bsc1254257 - CVE-2025-62348: Fixed Junos module yaml loader bsc1254256 - Backport security fixes for vendored tornado BDSA-2024-3438 BDSA-2024-3439 BDSA-2024-9026 ...
PYSEC-2025-113
Fickling is a Python pickling decompiler and static analyzer. Versions prior to 0.1.6 had a bypass caused by pty missing from the block list of unsafe module imports. This led to unsafe pickles based on pty.spawn being incorrectly flagged as LIKELYSAFE, and was fixed in version 0.1.6. This impact...
[SECURITY] Fedora 42 Update: python3.14-3.14.2-1.fc42
Python 3.14 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.14 package provides the "python3.14" executable:...
[SECURITY] Fedora 43 Update: python3.13-3.13.11-1.fc43
Python 3.13 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.13 package provides the "python3.13" executable:...
EUVD-2025-203478
Fickling is a Python pickling decompiler and static analyzer. Versions prior to 0.1.6 had a bypass caused by pty missing from the block list of unsafe module imports. This led to unsafe pickles based on pty.spawn being incorrectly flagged as LIKELYSAFE, and was fixed in version 0.1.6. This impact...