CVE-2025-67221

The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...

SUSE CVE-2025-67221

The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...

orjson does not limit recursion for deeply nested JSON documents

The orjson.dumps function in orjson before 3.11.6 does not limit recursion for deeply nested JSON documents...

CVE-2025-67221

The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...

PYSEC-2026-107

The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...

CVE-2025-67221

The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...

CVE-2025-67221

The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...

CVE-2025-67221

CVE-2025-67221 concerns the orjson library: the orjson.dumps function in orjson up to version 3.11.4 fails to limit recursion for deeply nested JSON documents. The vulnerability is described across multiple sources (Red Hat, NVD, OSV, etc.), consistently stating that deeply nested JSON can trigge...

CVE-2025-67221

The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...

CVE-2025-14162

The BMLT WordPress Plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.11.4. This is due to missing nonce validation on the 'BMLTPlugincreateoption' and 'BMLTPlugindeleteoption ' action. This makes it possible for unauthenticated attackers to...

CVE-2025-39482

Missing Authorization vulnerability in imithemes Eventer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eventer: from n/a before 3.11.4...

Moodle <= 3.11.4 XSS Vulnerability

Moodle is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:moodle:moodle";...

BIT-MOODLE-2022-0335

A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The "delete badge alignment" functionality did not include the necessary token check to prevent a CSRF risk...

Moodle 3.11.x < 3.11.4 Multiple Vulnerabilities

The version of Moodle installed on the remote host is 3.9.x prior to 3.9.11, 3.10.x prior to 3.10.8 or 3.11.x prior to 3.11.4. It is, therefore, affected by multiple vulnerabilities: - A Remote Code Execution when restoring malformed backup files. CVE-2021-3943 - A vulnerable version of mlbackend...

Security feature bypass

An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters...

CVE-2022-34388

Dell SupportAssist for Home PCs version 3.11.4 and prior and SupportAssist for Business PCs version 3.2.0 and prior contain information disclosure vulnerability. A local malicious user with low privileges could exploit this vulnerability to view and modify sensitive information in the database of...

CVE-2022-34387

Dell SupportAssist for Home PCs version 3.11.4 and prior and SupportAssist for Business PCs version 3.2.0 and prior contain a privilege escalation vulnerability. A local authenticated malicious user could potentially exploit this vulnerability to elevate privileges and gain total control of the...

Dell SupportAssist < 3.11.4 Multiple Vulnerabilities

According to its self-reported version number, the version of Dell SupportAssist Client is affected by multiple vulnerabilities. - Dell SupportAssist for Home PCs version 3.11.4 and prior and SupportAssist for Business PCs version 3.2.0 and prior contain information disclosure vulnerability. A...

CVE-2022-0335

A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The "delete badge alignment" functionality did not include the necessary token check to prevent a CSRF risk...

jose-node-esm-runtime 安全漏洞

npm jose-node-esm-runtime is an application from npm, Inc. json web almost everything uses the Node.jscrypto module for JWA, JWS, JWE, JWT, JWK with no dependencies. jose-node-esm-runtime is a security vulnerability in jose-node-esm-runtime prior to version 3.11.4 that arises from a significant...