Linux Distros Unpatched Vulnerability : CVE-2024-42845

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1.99991 through 3.1.99998 allows attackers to execute arbitrary code...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the wrapBodyReader function in the body-reader.go. An attacker can cause the server to panic and crash by sending specially crafted AWS chunked data without a Content-Length header via a reverse proxy such a...

github.com/ulikunitz/xz leaks memory when decoding a corrupted multiple LZMA archives

Summary It is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current implementation allocates the full decoding buffer directly after reading the header. The LZMA head...

CVE-2025-5302

A flaw was found in the JSONReader component of the llamaindex Python package, where the depthfirstyield function has no limit on the recursive number of times it is called. This vulnerability causes Python to reach its maximum recursive depth when parsing deeply nested JSON files. The program...

Linux Distros Unpatched Vulnerability : CVE-2021-40592

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GPAC version before commit 71460d72ec07df766dab0a4d52687529f3efcf0a version v1.0.1 onwards contains loop with unreachable exit condition 'infinite loop'...

Linux Distros Unpatched Vulnerability : CVE-2019-10878

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Teeworlds 0.7.2, there is a failed bounds check in CDataFileReader::GetData and CDataFileReader::ReplaceData and related functions in...

Linux Distros Unpatched Vulnerability : CVE-2023-35956

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. A specially-crafted .fst...

Linux Distros Unpatched Vulnerability : CVE-2021-45087

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - XSS can occur in GNOME Web aka Epiphany before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title...

Linux Distros Unpatched Vulnerability : CVE-2023-35955

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. A specially-crafted .fst...

LlamaIndex affected by a Denial of Service (DOS) in JSONReader

A denial of service vulnerability exists in the JSONReader component of the run-llama/llamaindex repository, specifically in version v0.12.37. The vulnerability is caused by uncontrolled recursion when parsing deeply nested JSON files, which can lead to Python hitting its maximum recursion depth...

GHSA-7753-XRFW-CH36 LlamaIndex affected by a Denial of Service (DOS) in JSONReader

A denial of service vulnerability exists in the JSONReader component of the run-llama/llamaindex repository, specifically in version v0.12.37. The vulnerability is caused by uncontrolled recursion when parsing deeply nested JSON files, which can lead to Python hitting its maximum recursion depth...

Linux Distros Unpatched Vulnerability : CVE-2025-6275

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been declared as problematic. Affected by this vulnerability is the function GetFuncOffset of...

Linux Distros Unpatched Vulnerability : CVE-2025-6273

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in WebAssembly wabt up to 1.0.37 and classified as problematic. This issue affects the function LogOpcode of the file...

SUSE SLES12 Security Update : libqt4 (SUSE-SU-2025:02968-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02968-1 advisory. - CVE-2021-45930: Fixed out-of-bounds write leading to DoS bsc1196654 - CVE-2023-32573: Fixed missing initialization of QtSvg QSvgFont...

Uncontrolled Recursion

Overview llama-index-core is an Interface between LLMs and your data Affected versions of this package are vulnerable to Uncontrolled Recursion via the JSONReader component. An attacker can cause excessive resource consumption and crash the process by submitting deeply nested JSON files...

CVE-2025-5302

A denial of service vulnerability exists in the JSONReader component of the run-llama/llamaindex repository, specifically in version v0.12.37. The vulnerability is caused by uncontrolled recursion when parsing deeply nested JSON files, which can lead to Python hitting its maximum recursion depth...

CVE-2025-5302

A denial of service vulnerability exists in the JSONReader component of the run-llama/llamaindex repository, specifically in version v0.12.37. The vulnerability is caused by uncontrolled recursion when parsing deeply nested JSON files, which can lead to Python hitting its maximum recursion depth...

CVE-2025-5302

The CVE-2025-5302 affects the JSONReader in run-llama/llama_index v0.12.37, where unconstrained recursion on deeply nested JSON can exhaust Python recursion depth, causing high CPU/memory use and potential DoS. The issue is resolved in v0.12.38. Remediation: upgrade llama_index to 0.12.38 or late...

CVE-2025-5302 Denial of Service (DOS) in JSONReader in run-llama/llama_index

A denial of service vulnerability exists in the JSONReader component of the run-llama/llamaindex repository, specifically in version v0.12.37. The vulnerability is caused by uncontrolled recursion when parsing deeply nested JSON files, which can lead to Python hitting its maximum recursion depth...

PhpSpreadsheet vulnerable to SSRF when reading and displaying a processed HTML document in the browser

Product: PhpSpreadsheet Version: 3.8.0 CWE-ID: CWE-918: Server-Side Request Forgery SSRF CVSS vector v.3.1: 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS vector v.4.0: 8.7 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Description: SSRF occurs when a processed HTML document is read and...