Lucene search
K

58367 matches found

RedhatCVE
RedhatCVE
added 2025/12/17 12:55 a.m.6 views

CVE-2025-67747

Fickling is a Python pickling decompiler and static analyzer. Versions prior to 0.1.6 are missing marshal and types from the block list of unsafe module imports. Fickling started blocking both modules to address this issue. This allows an attacker to craft a malicious pickle file that can bypass...

8.5CVSS7.6AI score0.00237EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/12/17 12:0 a.m.27 views

CVE-2024-29370

In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...

0.00166EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.5 views

PT-2025-51835

In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...

5.3CVSS6.8AI score0.00166EPSS
Exploits1References2
CVE
CVE
added 2025/12/17 12:0 a.m.20 views

CVE-2024-29370

CVE-2024-29370 affects python-jose 3.3.0 (jwe.decrypt). An attacker can craft a malicious JWE with an exceptionally high compression ratio, causing a Denial-of-Service through heavy memory allocation and processing time during decompression. The CVSS vector in the description indicates Availabili...

5.3CVSS6.4AI score0.00166EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.6 views

python-jose 安全漏洞

python-jose is a JOSE implementation in Python by the individual developer Michael Davis. A security vulnerability exists in python-jose version 3.3.0, which stems from an attacker being able to construct malicious JSON Web Encryption tokens with extremely high compression rates, potentially...

5.3CVSS6.3AI score0.00166EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/12/17 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-14714

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An Authentication Bypass vulnerability existed where the application bundled an interpreter Python that inherits the Transparency, Consent, and Control TCC...

6.5CVSS5.5AI score0.0012EPSS
Exploits0References2
OSV
OSV
added 2025/12/17 12:0 a.m.9 views

ALSA-2025:23530 Important: python39:3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

9.4CVSS7AI score0.01499EPSS
Exploits14References26
Debian CVE
Debian CVE
added 2025/12/17 12:0 a.m.6 views

CVE-2024-29370

In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...

5.3CVSS5.2AI score0.00166EPSS
Exploits1
OpenVAS
OpenVAS
added 2025/12/17 12:0 a.m.2 views

Fedora: Security Advisory (FEDORA-2025-6407a7ee7e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.3CVSS6.8AI score0.00696EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2025/12/16 8:52 p.m.5 views

0x20bf (=0.0.1), 31 (=2.3.0) +4281 more potentially affected by CVE-2025-68146 via filelock (>=3.0.10 <=3.20.0)

filelock PYPI version =3.0.10, =0.0.3, =0.1.0, =1.0.5, =0.0.1b1, =0.2.3, =0.2.7 - ac-solver =0.1.0 - acceldata-o2a =1.0.0 and more Source cves: CVE-2025-68146 Source advisory: SNYK:PYTHON-FILELOCK-14458335...

6.5CVSS5.9AI score0.00184EPSS
Exploits1
Imperva Blog
Imperva Blog
added 2025/12/16 7:43 p.m.7 views

Code Execution in Jupyter Notebook Exports

After our research on Cursor , in the context of developer-ecosystem security, we turn our attention to the Jupyter ecosystem. We expose security risks we identified in the notebook’s export functionality, in the default Windows environment, to help organizations better protect their assets and...

9.8CVSS9.1AI score0.03862EPSS
Exploits3
OSV
OSV
added 2025/12/16 7:15 p.m.5 views

AZL-72739 CVE-2025-68146 affecting package python-filelock for versions less than 3.20.1-1

filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use TOCTOU race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows lock file creation...

6.5CVSS5.9AI score0.00184EPSS
Exploits1References1
OSV
OSV
added 2025/12/16 6:16 p.m.2 views

UBUNTU-CVE-2025-68142

PyMdown Extensions is a set of extensions for the Python-Markdown markdown project. Versions prior to 10.16.1 have a ReDOS bug found within the figure caption extension pymdownx.blocks.caption. In systems that take unchecked user content, this could cause long hanges when processing the data if a...

6.9CVSS5.8AI score0.00356EPSS
Exploits1References5
Debian CVE
Debian CVE
added 2025/12/16 6:10 p.m.2 views

CVE-2025-68146

filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use TOCTOU race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows lock file creation...

6.5CVSS5.7AI score0.00184EPSS
Exploits1
OSV
OSV
added 2025/12/16 8:19 a.m.1 views

SUSE-SU-2025:21218-1 Security update for salt

This update for salt fixes the following issues: salt: - Security issues fixed: - CVE-2025-62349: Added minimumauthversion to enforce security bsc1254257 - CVE-2025-62348: Fixed Junos module yaml loader bsc1254256 - Backport security fixes for vendored tornado BDSA-2024-3438 BDSA-2024-3439...

7.8CVSS5.8AI score0.00407EPSS
Exploits0References9
OSV
OSV
added 2025/12/16 7:20 a.m.2 views

SUSE-SU-2025:21216-1 Security update 5.0.6 for Multi-Linux Manager Client Tools, Salt and Salt Bundle

This update fixes the following issues: salt: - Security issues fixed: - CVE-2025-62349: Added minimumauthversion to enforce security bsc1254257 - CVE-2025-62348: Fixed Junos module yaml loader bsc1254256 - Backport security fixes for vendored tornado BDSA-2024-3438 BDSA-2024-3439 BDSA-2024-9026 ...

7.8CVSS5.8AI score0.00407EPSS
Exploits0References31
PyPA
PyPA
added 2025/12/16 1:15 a.m.10 views

PYSEC-2025-113

Fickling is a Python pickling decompiler and static analyzer. Versions prior to 0.1.6 had a bypass caused by pty missing from the block list of unsafe module imports. This led to unsafe pickles based on pty.spawn being incorrectly flagged as LIKELYSAFE, and was fixed in version 0.1.6. This impact...

8.5CVSS5.8AI score0.00235EPSS
Exploits1References3Affected Software1
Fedora
Fedora
added 2025/12/16 1:14 a.m.7 views

[SECURITY] Fedora 42 Update: python3.14-3.14.2-1.fc42

Python 3.14 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.14 package provides the "python3.14" executable:...

6.3CVSS7.2AI score0.00696EPSS
Exploits0
Fedora
Fedora
added 2025/12/16 12:46 a.m.6 views

[SECURITY] Fedora 43 Update: python3.13-3.13.11-1.fc43

Python 3.13 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.13 package provides the "python3.13" executable:...

6.3CVSS7.2AI score0.00696EPSS
Exploits0
EUVD
EUVD
added 2025/12/16 12:39 a.m.7 views

EUVD-2025-203478

Fickling is a Python pickling decompiler and static analyzer. Versions prior to 0.1.6 had a bypass caused by pty missing from the block list of unsafe module imports. This led to unsafe pickles based on pty.spawn being incorrectly flagged as LIKELYSAFE, and was fixed in version 0.1.6. This impact...

8.5CVSS6.3AI score0.00235EPSS
Exploits1References4
Rows per page
Query Builder