CVE-2025-49000 – InvenTree Label-Sheet Plugin Denial of Service Vulnerability

June 3, 2025

CVE ID : CVE-2025-49000

Published : June 3, 2025, 9:15 p.m. | 30 minutes ago

Description : InvenTree is an Open Source Inventory Management System. Prior to version 0.17.13, the skip field in the built-in `label-sheet` plugin lacks an upper bound, so a large value forces the server to allocate an enormous Python list. This lets any authenticated label-printing user trigger a denial-of-service via memory exhaustion. the issue is fixed in versions 0.17.13 and higher. No workaround is available aside from upgrading to the patched version.

Severity: 3.5 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-49001 – DataEase JWT Token Forgery Vulnerability

Next Article CVE-2025-48999 – DataEase SQL Injection Vulnerability

Highlights

CVE-2025-4095 – Docker Desktop MacOS Registry Access Bypass Vulnerability

April 29, 2025

CVE ID : CVE-2025-4095

Published : April 29, 2025, 6:15 p.m. | 52 minutes ago

Description : Registry Access Management (RAM) is a security feature allowing administrators to restrict access for their developers to only allowed registries. When a MacOS configuration profile is used to enforce organization sign-in, the RAM policies are not being applied, which would allow Docker Desktop users to pull down unapproved, and potentially malicious images from any registry.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

Handling JavaScript Event Listeners With Parameters

ChatGPT now has an agent mode

Scrum Alliance and Kanban University partner to offer new course that teaches both methodologies

Is ChatGPT down? You’re not alone. Here’s what OpenAI is saying

I found a tablet that could replace my iPad and Kindle – and it’s worth every penny

The best CRM software with email marketing in 2025: Expert tested and reviewed

This multi-port car charger can power 4 gadgets at once – and it’s surprisingly cheap

Execute Ping Commands and Get Back Structured Data in PHP

Execute Ping Commands and Get Back Structured Data in PHP

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

Zero Trust & Cybersecurity Mesh: Your Org’s Survival Guide

I Made Kitty Terminal Even More Awesome by Using These 15 Customization Tips and Tweaks

I Made Kitty Terminal Even More Awesome by Using These 15 Customization Tips and Tweaks

Microsoft confirms active cyberattacks on SharePoint servers

How to Manually Check & Install Windows 11 Updates (Best Guide)

CVE-2025-49000 – InvenTree Label-Sheet Plugin Denial of Service Vulnerability

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

3,500 Websites Hijacked to Secretly Mine Crypto Using Stealth JavaScript and WebSocket Tactics

For OpenAI to win, Google must lose Chrome — making ChatGPT “a better product with a really incredible experience”

Learn Godot – Course for Beginners in Spanish

Google Workspace Adds Real-Time Data Migration Logs to Admin Console, BigQuery Support Rolling

How AI coding agents could destroy open source software

CVE-2025-4095 – Docker Desktop MacOS Registry Access Bypass Vulnerability

Mamorukun ReCurse! Brings Bullet Hell Action to Xbox Series X|S This September

CVE-2025-6065 – WordPress Image Resizer On The Fly Remote Code Execution Vulnerability

CVE-2025-24270 – Apple macOS Network Information Leakage Vulnerability

CVE-2025-49000 – InvenTree Label-Sheet Plugin Denial of Service Vulnerability

Related Posts