CVE-2025-67899

uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMustBeSegmentNzNc with large input containing many commas...

CVE-2025-67899

uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMustBeSegmentNzNc with large input containing many commas...

CVE-2025-67899

CVE-2025-67899 affects uriparser up to version 0.9.9, where unbounded recursion leads to stack consumption on large inputs (ParseMustBeSegmentNzNc with many commas). Connected advisories confirm the issue and direct upgrade to uriparser-1.0.0 as the remediation (e.g., Fedora/FEDORA advisories). O...

Exploit for Injection in Dlink Dns-320_Firmware

CVE-2024-10914POC PoC para explota...

BIT-DJANGO-2025-13372 Potential SQL injection in FilteredRelation column aliases on PostgreSQL

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed to QuerySet.annotate or QuerySet.alias on PostgreSQL. Earlier...

Remote Code Execution (RCE)

Fugue is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe deserialization in the FlaskRPCServer implementation, where the decode function uses cloudpickle.loads on untrusted data, allowing attackers to send malicious serialized objects that execute arbitrary code on the...

Denial-of-service (DoS)

pypdf is vulnerable to Denial-of-service DoS. The vulnerability is due to improper handling of the LZWDecode filter while parsing a PDF page content stream, which allows an attacker to craft a malicious PDF that triggers excessive memory usage...

TorchGeo Remote Code Execution Vulnerability

Impact TorchGeo 0.4–0.6.0 used an ""eval"" https://docs.python.org/3/library/functions.htmleval statement in its model weight API that could allow an unauthenticated, remote attacker to execute arbitrary commands. All platforms that expose ""torchgeo.models.getweight""...

Denial Of Service (DoS)

Bugsink is vulnerable to Denial Of Service DoS. The vulnerability is due to inefficient handling of Brotli-compressed data during decompression, which allows an attacker to send crafted payloads that consume excessive CPU resources and disrupt service availability...

Denial Of Service (DoS)

urllib3 is vulnerable to Denial-Of-Service DoS. The vulnerability is due to improper handling of highly compressed data in the streaming API, where decompression continues until the requested chunk size is satisfied, allowing a small, highly compressed response to be fully decompressed in a singl...

Denial Of Service

rhino is vulnerable to a Denial of Service. The vulnerability is due to improper handling of attacker-controlled floating-point values in the toFixed function, where small or specially crafted numbers trigger an expensive call chain that attempts to raise 5 to an extremely large power, and...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : rhino (SUSE-SU-2025:4390-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:4390-1 advisory. Update to version 1.7.15.1. Security issues fixed: - CVE-2025-66453: high CPU consumption when processing...

Lightning Flow Scanner Vulnerable to Code Injection via Unsafe Use of `new Function()` in APIVersion Rule

Impact The APIVersion rule uses new Function to evaluate expression strings. A malicious crafted flow metadata file can cause arbitrary JavaScript execution during scanning. An attacker could execute arbitrary JavaScript during a scan by supplying a malicious expression within rule configuration ...

GHSA-55JH-84JV-8MX8 Lightning Flow Scanner Vulnerable to Code Injection via Unsafe Use of `new Function()` in APIVersion Rule

Impact The APIVersion rule uses new Function to evaluate expression strings. A malicious crafted flow metadata file can cause arbitrary JavaScript execution during scanning. An attacker could execute arbitrary JavaScript during a scan by supplying a malicious expression within rule configuration ...

CVE-2025-67750 Lightning Flow Scanner is Vulnerable to Code Injection via Unsafe Use of new Function() in APIVersion Rule

Lightning Flow Scanner provides a A CLI plugin, VS Code Extension and GitHub Action for analysis and optimization of Salesforce Flows. Versions 6.10.5 and below allow a maliciously crafted flow metadata file to cause arbitrary JavaScript execution during scanning. The APIVersion rule uses new...

Security update for rhino

This update for rhino fixes the following issues: Update to version 1.7.15.1. Security issues fixed: CVE-2025-66453: high CPU consumption when processing specific numbers via the toFixed function bsc1254481. Other changes and issues fixed: Version 1.7.15: Basic support for "rest parameters"...

Malicious Package

Overview sd-pay-ts is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious Package

Overview camscanner-seo is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview eslint-config-zoo is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview cmscompstatic is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...