Latest CVE Feed
-
9.0
HIGHCVE-2025-10838
A vulnerability was identified in Tenda AC21 16.03.08.16. The affected element is the function sub_45BB10 of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to buffer overflow. It is possible to initiate the attack remo... Read more
Affected Products : ac21_firmware- Published: Sep. 23, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Memory Corruption
-
5.8
MEDIUMCVE-2025-8410
Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.This issue affects Connext Professional: from 7.5.0 before 7.6.0.... Read more
Affected Products : connext_professional- Published: Sep. 23, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Memory Corruption
-
8.6
HIGHCVE-2025-9964
No password for the root user is set in Novakon P series. This allows phyiscal attackers to enter the console easily. This issue affects P series: P – V2001.A.C518o2.... Read more
Affected Products :- Published: Sep. 23, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Authentication
-
7.3
HIGHCVE-2025-59534
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.2, ... Read more
Affected Products : cryptolib- Published: Sep. 23, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Injection
-
7.6
HIGHCVE-2025-59826
Flag Forge is a Capture The Flag (CTF) platform. In version 2.1.0, non-admin users can create arbitrary challenges, potentially introducing malicious, incorrect, or misleading content. This issue has been patched in version 2.2.0.... Read more
Affected Products :- Published: Sep. 23, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Misconfiguration
-
7.0
HIGHCVE-2025-52905
Improper Input Validation vulnerability in TOTOLINK X6000R allows Flooding.This issue affects X6000R: through V9.4.0cu.1360_B20241207.... Read more
Affected Products : x6000r_firmware- Published: Sep. 23, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Denial of Service
-
0.0
NACVE-2025-39876
In the Linux kernel, the following vulnerability has been resolved: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() The function of_phy_find_device may return NULL, so we need to take care before dereferencing phy_dev.... Read more
Affected Products : linux_kernel- Published: Sep. 23, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2025-39873
In the Linux kernel, the following vulnerability has been resolved: can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB can_put_echo_skb() takes ownership of the SKB and it may be freed during or after the call. However, xilinx_c... Read more
Affected Products : linux_kernel- Published: Sep. 23, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-39880
In the Linux kernel, the following vulnerability has been resolved: libceph: fix invalid accesses to ceph_connection_v1_info There is a place where generic code in messenger.c is reading and another place where it is writing to con->v1 union member with... Read more
Affected Products : linux_kernel- Published: Sep. 23, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Memory Corruption
-
5.7
MEDIUMCVE-2025-23272
NVIDIA nvJPEG library contains a vulnerability where an attacker can cause an out-of-bounds read by means of a specially crafted JPEG file. A successful exploit of this vulnerability might lead to information disclosure or denial of service.... Read more
Affected Products : cuda_toolkit- Published: Sep. 24, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Information Disclosure
-
3.3
LOWCVE-2025-23271
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a user may cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. A successful exploit of this vulnerability may lead to a partial denial of serv... Read more
Affected Products : cuda_toolkit- Published: Sep. 24, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Memory Corruption
-
5.0
MEDIUMCVE-2024-21927
Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to use certain special characters in manipulated Redfish® API commands, causing service processes like OpenBMC to crash and reset, potentially resulti... Read more
Affected Products :- Published: Sep. 23, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Denial of Service
-
5.3
MEDIUMCVE-2025-6921
The huggingface/transformers library, versions prior to 4.53.0, is vulnerable to Regular Expression Denial of Service (ReDoS) in the AdamWeightDecay optimizer. The vulnerability arises from the _do_use_weight_decay method, which processes user-controlled ... Read more
Affected Products : transformers- Published: Sep. 23, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Denial of Service
-
3.3
LOWCVE-2025-23248
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a user may cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. A successful exploit of this vulnerability may lead to a partial denial of serv... Read more
Affected Products : cuda_toolkit- Published: Sep. 24, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Memory Corruption
-
5.0
MEDIUMCVE-2024-21935
Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to manipulate Redfish® API commands to remove files from the local root directory, potentially resulting in data corruption.... Read more
Affected Products :- Published: Sep. 23, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Path Traversal
-
5.8
MEDIUMCVE-2025-20339
A vulnerability in the access control list (ACL) processing of IPv4 packets of Cisco SD-WAN vEdge Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to the improper enforcement of the implicit... Read more
Affected Products : sd-wan_vedge_router- Published: Sep. 24, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Authorization
-
6.9
MEDIUMCVE-2025-58354
Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In Kata Containers versions from 3.20.0 and before, a malicious host can circumvent initdata verification. ... Read more
Affected Products : runtime- Published: Sep. 23, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Misconfiguration
-
7.8
HIGHCVE-2025-23349
NVIDIA Megatron-LM for all platforms contains a vulnerability in the tasks/orqa/unsupervised/nq.py component, where an attacker may cause a code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, in... Read more
Affected Products : megatron-lm- Published: Sep. 24, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Injection
-
8.2
HIGHCVE-2025-21484
Information disclosure when UE receives the RTP packet from the network, while decoding and reassembling the fragments from RTP packet.... Read more
Affected Products :- Published: Sep. 24, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Information Disclosure
-
7.8
HIGHCVE-2025-23348
NVIDIA Megatron-LM for all platforms contains a vulnerability in the pretrain_gpt script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of pr... Read more
Affected Products : megatron-lm- Published: Sep. 24, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Injection