EUVD-2022-44941

Malicious code in bioql PyPI...

EUVD-2025-4099

Malicious code in bioql PyPI...

EUVD-2022-28121

Malicious code in bioql PyPI...

CVE-2025-26499

The CVE-2025-26499 entry describes a race-condition vulnerability: under heavy system utilization a concurrent action by two users during authentication or token refresh can grant a token for one user to another, enabling temporary impersonation until the session ends. Impact is exposure to anoth...

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release after establishing a TLS session. An attacker can cause excessive CPU utilization by initiating a half-shutdown of the connection during the handshake, leading the peer to enter a spin loop on socke...

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release after establishing a TLS session. An attacker can cause excessive CPU utilization by initiating a half-shutdown of the connection during the handshake, leading the peer to enter a spin loop on socke...

CVE-2025-6203

A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. This may lead to a timeout in Vault’s auditing subroutine, potentially resulting in the Vault server to become...

MAL-2025-41521 Malicious code in @twork-data-services/proxy-prime-api-v2-account-get-account-utilization-flag (npm)

--- -= Per source details. Do not edit below this line.=-...

Microarchitecture Design and Benchmarking of Custom SHA-3 Instruction for RISC-V

Integrating cryptographic accelerators into modern CPU architectures presents unique microarchitectural challenges, particularly when extending instruction sets with complex and multistage operations. Hardware-assisted cryptographic instructions, such as Intel's AES-NI and ARM's custom instructio...

CVE-2025-57810 jsPDF Parsing of Corrupt PNGs Leads to Potential Denial of Service (DoS)

jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.2, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful PNG...

PT-2025-34274 · Pyload · Pyload

Name of the Vulnerable Software and Affected Versions: pyLoad versions prior to 0.5.0b3.dev92 Description: The jk parameter in the pyLoad CNL Blueprint lacks proper verification. This allows a user-supplied jk parameter to be directly passed to dykpy.evaljs, leading to full server CPU utilization...

Advisory ROSA-SA-2025-2918

software: kernel-5.15 generic WASP: ROSA-CHROME unaffected versions = kernel-5.15-generic-5.15.178-1 affected versions kernel-5.15-generic-5.15.178-1 CVE-ID: CVE-2024-27397 BDU-ID: 2025-00432 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the nftables netfilter component of the Linux operating...

Ruby SAML DOS vulnerability with large SAML response

Summary A denial-of-service vulnerability exists in ruby-saml even with the messagemaxbytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64 format prior to checking the message size, leading to potential resource exhaustion. Details ruby-saml...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.1-IF004 (June 2025)

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.1-IF004. Vulnerability Details CVEID:CVE-2025-29907 DESCRIPTION: jsPDF is a library to generate PDFs in JavaScript. Prior to...

CVE-2025-21085

PingFederate OAuth2 grant duplication in PostgreSQL persistent storage allows OAuth2 requests to use excessive memory utilization...

CVE-2025-21085

PingFederate OAuth2 grant duplication in PostgreSQL persistent storage allows OAuth2 requests to use excessive memory utilization...

CVE-2025-21085

PingFederate CVE-2025-21085 describes a grant attribute duplication issue in the PostgreSQL persistence store that can cause excessive memory utilization for OAuth2 requests. The affected product is PingFederate; the root cause is duplication in the OAuth2 grant storage within PostgreSQL, leading...

PT-2025-25497 · Ping Identity · Pingfederate

Name of the Vulnerable Software and Affected Versions: PingFederate affected versions not specified Description: The issue concerns PingFederate OAuth2 grant duplication in PostgreSQL persistent storage, allowing OAuth2 requests to use excessive memory utilization. Recommendations: At the moment,...

Ubuntu: Security Advisory (USN-7547-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 22.04 LTS / 24.04 LTS / 24.10 / 25.04 : Tornado vulnerability (USN-7547-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 24.10 / 25.04 host has a package installed that is affected by a vulnerability as referenced in the USN-7547-1 advisory. It was discovered that Tornado inefficiently handled requests when parsing certain form data. An attacker could possibly use this issu...