An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in `django.core.serializers.xml_serializer.getInnerText()` allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML input processed by the XML `Deserializer`. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were […]
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. `FilteredRelation` is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the `**kwargs` passed to `QuerySet.annotate()` or `QuerySet.alias()` on PostgreSQL. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated […]
Google fixes Android vulnerabilities “under targeted exploitation” (CVE-2025-48633, CVE-2025-48572) Google has shipped patches for 51 Android vulnerabilities, including two high-severity flaws (CVE-2025-48633, CVE-2025-48572) that “may be under limited, targeted exploitation”. According to the Decem … Read more Published Date: Dec 02, 2025 (1 hour, 23 minutes ago) Vulnerabilities has been mentioned in this article.
How a noisy ransomware intrusion exposed a long-term espionage foothold Zeljka Zorz reports: Getting breached by two separate and likely unconnected cyber attack groups is a nightmare scenario for any organization, but can result in an unexpected silver lining: the noisie … Read more Published Date: Dec 02, 2025 (1 hour, 29 minutes ago) Vulnerabilities has been […]
Google fixes two Android zero days exploited in attacks, 107 flaws Google has released the December 2025 Android security bulletin, addressing 107 vulnerabilities, including two flaws actively exploited in targeted attacks. The two high-severity vulnerabilities are t … Read more Published Date: Dec 02, 2025 (1 hour, 35 minutes ago) Vulnerabilities has been mentioned in this article.
The following table lists the changes that have been made to the CVE-2025-65858 vulnerability over time. Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics. New CVE Received by [email protected] Dec. 02, 2025 Action […]
The following table lists the changes that have been made to the CVE-2025-41066 vulnerability over time. Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics. New CVE Received by [email protected] Dec. 02, 2025 Action […]
CVE ID : CVE-2025-13731 Published : Dec. 2, 2025, 2:16 p.m. | 54 minutes ago Description : The Nexter Extension – Site Enhancements Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘nxt-year’ shortcode in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping. This makes […]
The following table lists the changes that have been made to the CVE-2025-13295 vulnerability over time. Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics. New CVE Received by [email protected] Dec. 02, 2025 Action […]
Vulnerability in the access control system of the GAMS licensing system that allows unlimited valid licenses to be generated, bypassing any usage restrictions. The validator uses an insecure checksum algorithm; knowing this algorithm and the format of the license lines, an attacker can recalculate the checksum and generate a valid license to grant themselves full […]
