Security
Headlines
HeadlinesLatestCVEs

Tag

#git

GHSA-h4pw-wxh7-4vjj: Duplicate Advisory: python-jose denial of service via compressed JWE content

### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cjwg-qfpm-7377. This link is maintained to preserve external references. ### Original Description In python-jose 3.3.0 (specifically jwe.decrypt), a vulnerability allows an attacker to cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression.

ghsa
Open in Source
#vulnerability#web#dos#js#git#intel
GHSA-3677-xxcr-wjqv: jose4j is vulnerable to DoS via compressed JWE content

In jose4j before 0.9.5, an attacker can cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression.

GHSA-m4f2-xpfq-h97v: Pagekit CMS is vulnerable to OS Command Injection via Storage component

An authenticated arbitrary file upload vulnerability in the /storage/poc.php component of Pagekit CMS v1.0.18 allows attackers to execute arbitrary code via uploading a crafted PHP file. The project is archived as of December 1, 2023.

14 Malicious NuGet Packages Found Stealing Crypto Wallets and Ad Data

ReversingLabs discovers 14 malicious NuGet packages, including Netherеum.All, using homoglyphs and fake downloads to steal crypto wallets and Google Ads data.

Border Patrol Bets on Small Drones to Expand US Surveillance Reach

Federal records show CBP is moving from testing small drones to making them standard surveillance tools, expanding a network that can follow activity in real time and extend well beyond the border.

10 Best AI Video Enhancers in 2025 to Instantly Boost Video Quality

Looking for the best AI video enhancer in 2025? Explore top AI tools to upscale videos, restore clarity, reduce noise, and achieve stunning 4K quality in just a few clicks.

UAT-9686 actively targets Cisco Secure Email Gateway and Secure Email and Web Manager

Cisco Talos is tracking the active targeting of Cisco AsyncOS Software for Cisco Secure Email Gateway, formerly known as Cisco Email Security Appliance (ESA), and Cisco Secure Email and Web Manager, formerly known as Cisco Content Security Management Appliance (SMA).

GHSA-jf5h-xfw4-p8gp: Mattermost GitHub Plugin Bot Identity Validation Bypass Allows Arbitrary GitHub Reaction Injection

Mattermost versions 10.11.x <= 10.11.6 and Mattermost GitHub plugin versions <=2.4.0 fail to validate plugin bot identity in reaction forwarding which allows attackers to hijack the GitHub reaction feature to make users add reactions to arbitrary GitHub objects via crafted notification posts.

GHSA-q66g-q98c-q454: Mattermost has missing redirect URL validation

Mattermost versions 10.11.x <= 10.11.4 fail to validate redirect URLs on the /error page, which allows an attacker to redirect a victim to a malicious site via a crafted link opened in a new tab.

APT28 Targets Ukrainian UKR-net Users in Long-Running Credential Phishing Campaign

The Russian state-sponsored threat actor known as APT28 has been attributed to what has been described as a "sustained" credential-harvesting campaign targeting users of UKR[.]net, a webmail and news service popular in Ukraine. The activity, observed by Recorded Future's Insikt Group between June 2024 and April 2025, builds upon prior findings from the cybersecurity company in May 2024 that