CVE-2025-66471

urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than...

EUVD-2025-203376

An issue was discovered in allauth-django before 65.13.0. Both Okta and NetIQ were using preferredusername as the identifier for third-party provider accounts. That value may be mutable and should therefore be avoided for authorization decisions. The providers are now using sub instead...

Malicious Package

Overview bignumex is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious Package

Overview @revvity-signals/chemdraw-js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious Package

Overview elf-stats-sugarplum-fireplace-278 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

编号撤回

req, etc. are products of roc individual developers. req is a simple Go HTTP client that uses Black Magic. brian smith ring, etc. are products of brian smith individual developers. ring is a library. ico doornekamp duc, etc. are products of Ico Ico Doornekamp duc and others are products of Ico...

openSUSE Security Advisory (SUSE-SU-2025:4390-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

编号撤回

req, etc. are products of roc individual developers. req is a simple Go HTTP client that uses Black Magic. brian smith ring, etc. are products of brian smith individual developers. ring is a library. ico doornekamp duc, etc. are products of Ico Ico Doornekamp duc and others are products of Ico...

CVE-2025-67899

uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMustBeSegmentNzNc with large input containing many commas...

CVE-2025-67899

uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMustBeSegmentNzNc with large input containing many commas...

CVE-2025-67899

CVE-2025-67899 affects uriparser up to version 0.9.9, where unbounded recursion leads to stack consumption on large inputs (ParseMustBeSegmentNzNc with many commas). Connected advisories confirm the issue and direct upgrade to uriparser-1.0.0 as the remediation (e.g., Fedora/FEDORA advisories). O...

Exploit for Injection in Dlink Dns-320_Firmware

CVE-2024-10914POC PoC para explota...

BIT-DJANGO-2025-13372 Potential SQL injection in FilteredRelation column aliases on PostgreSQL

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed to QuerySet.annotate or QuerySet.alias on PostgreSQL. Earlier...

Remote Code Execution (RCE)

Fugue is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe deserialization in the FlaskRPCServer implementation, where the decode function uses cloudpickle.loads on untrusted data, allowing attackers to send malicious serialized objects that execute arbitrary code on the...

Denial-of-service (DoS)

pypdf is vulnerable to Denial-of-service DoS. The vulnerability is due to improper handling of the LZWDecode filter while parsing a PDF page content stream, which allows an attacker to craft a malicious PDF that triggers excessive memory usage...

TorchGeo Remote Code Execution Vulnerability

Impact TorchGeo 0.4–0.6.0 used an ""eval"" https://docs.python.org/3/library/functions.htmleval statement in its model weight API that could allow an unauthenticated, remote attacker to execute arbitrary commands. All platforms that expose ""torchgeo.models.getweight""...

Denial Of Service (DoS)

Bugsink is vulnerable to Denial Of Service DoS. The vulnerability is due to inefficient handling of Brotli-compressed data during decompression, which allows an attacker to send crafted payloads that consume excessive CPU resources and disrupt service availability...

Denial Of Service (DoS)

urllib3 is vulnerable to Denial-Of-Service DoS. The vulnerability is due to improper handling of highly compressed data in the streaming API, where decompression continues until the requested chunk size is satisfied, allowing a small, highly compressed response to be fully decompressed in a singl...

Denial Of Service

rhino is vulnerable to a Denial of Service. The vulnerability is due to improper handling of attacker-controlled floating-point values in the toFixed function, where small or specially crafted numbers trigger an expensive call chain that attempts to raise 5 to an extremely large power, and...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : rhino (SUSE-SU-2025:4390-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:4390-1 advisory. Update to version 1.7.15.1. Security issues fixed: - CVE-2025-66453: high CPU consumption when processing...