7 matches found
EUVD-2025-29218
Malicious code in bioql PyPI...
CVE-2025-59328
A vulnerability in Apache Fory allows a remote attacker to cause a Denial of Service DoS. The issue stems from the insecure deserialization of untrusted data. An attacker can supply a large, specially crafted data payload that, when processed, consumes an excessive amount of CPU resources during...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the deserialization process. An attacker can exhaust CPU resources and render the application or system unresponsive by submitting a large, specially crafted data payload. Details Serialization is a...
CVE-2025-59328 Apache Fory: Denial of Service (DoS) due to Deserialization of Untrusted malicious large Data
A vulnerability in Apache Fory allows a remote attacker to cause a Denial of Service DoS. The issue stems from the insecure deserialization of untrusted data. An attacker can supply a large, specially crafted data payload that, when processed, consumes an excessive amount of CPU resources during...
PT-2025-37727
Name of the Vulnerable Software and Affected Versions: Apache Fory versions prior to 0.12.2 Description: A vulnerability in Apache Fory allows a remote attacker to cause a Denial of Service DoS. The issue is due to the insecure deserialization of untrusted data. An attacker can provide a large,...
Prototype Pollution
Overview appwrite/server-ce is an End to end backend server for frontend and mobile apps. Affected versions of this package are vulnerable to Prototype Pollution. When parsing the query string in the getJsonFromUrl function, the key that is set in the result object is not properly sanitized leadi...
PYSEC-2020-68
OAuthenticator is an OAuth login mechanism for JupyterHub. In oauthenticator from version 0.12.0 and before 0.12.2, the deprecated in jupyterhub 1.2 configuration Authenticator.whitelist, which should be transparently mapped to Authenticator.allowedusers with a warning, is instead ignored by...