Latest CVE Feed
-
5.3
MEDIUMCVE-2025-46149
In PyTorch before 2.7.0, when inductor is used, nn.Fold has an assertion error.... Read more
Affected Products :- Published: Sep. 25, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Misconfiguration
-
9.9
CRITICALCVE-2025-59823
Project Gardener implements the automated management and operation of Kubernetes clusters as a service. Code injection may be possible in Gardener Extensions for AWS providers prior to version 1.64.0, Azure providers prior to version 1.55.0, OpenStack pro... Read more
Affected Products :- Published: Sep. 25, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-10542
iMonitor EAM 9.6394 ships with default administrative credentials that are also displayed within the management client’s connection dialog. If the administrator does not change these defaults, a remote attacker can authenticate to the EAM server and gain ... Read more
Affected Products :- Published: Sep. 25, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Authentication
-
5.3
MEDIUMCVE-2025-46152
In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output for certain out-of-bounds values of the "other" argument.... Read more
Affected Products :- Published: Sep. 25, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2025-59834
ADB MCP Server is a MCP (Model Context Protocol) server for interacting with Android devices through ADB. In versions 0.1.0 and prior, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its ... Read more
Affected Products :- Published: Sep. 25, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Injection
-
5.3
MEDIUMCVE-2025-46153
PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallback_random=True.... Read more
Affected Products :- Published: Sep. 25, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2025-26278
A prototype pollution in the lib.set function of dref v0.1.2 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.... Read more
Affected Products :- Published: Sep. 25, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Denial of Service
-
2.4
LOWCVE-2025-59838
Monkeytype is a minimalistic and customizable typing test. In versions 25.36.0 and prior, improper handling of user input when loading a saved custom text results in XSS. This issue has been patched via commit f025b12.... Read more
Affected Products : monkeytype- Published: Sep. 25, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Cross-Site Scripting
-
4.4
MEDIUMCVE-2025-33116
IBM Watson Studio 4.0 through 5.2.0 on Cloud Pak for Data is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading ... Read more
Affected Products : watson_studio_on_cloud_pak_for_data- Published: Sep. 25, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Cross-Site Scripting
-
5.1
MEDIUMCVE-2025-10945
A security vulnerability has been detected in nuz007 smsboom up to 01b2f35bbbc23f3e0f60f38ca0e3d1b286f8d674. Impacted is an unknown function of the file d.php. Such manipulation of the argument hm leads to cross site scripting. The attack may be launched ... Read more
Affected Products :- Published: Sep. 25, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-55178
Llama Stack prior to version v0.2.20 accepted unverified parameters in the resolve_ast_by_type function which could potentially allow for remote code execution.... Read more
Affected Products :- Published: Sep. 24, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Injection
-
0.5
LOWCVE-2025-59824
Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to version 0.48.0, Omni Wireguard SideroLink has the potential to escape. Omni and each Talos machine establish a peer-to-peer (P2P) SideroLink connection using WireGuard to mut... Read more
Affected Products :- Published: Sep. 24, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Misconfiguration
-
8.7
HIGHCVE-2025-40698
SQL injection vulnerability in Prevengos v2.44 by Nedatec Consulting. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a POST request using the parameters “mpsCentroin”, “mpsEmpresa”, “mpsProyecto”, and “m... Read more
Affected Products :- Published: Sep. 25, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Injection
-
5.1
MEDIUMCVE-2025-10946
A vulnerability was detected in nuz007 smsboom up to 01b2f35bbbc23f3e0f60f38ca0e3d1b286f8d674. The affected element is an unknown function of the file dy.php. Performing manipulation of the argument hm results in cross site scripting. Remote exploitation ... Read more
Affected Products :- Published: Sep. 25, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-57351
A prototype pollution vulnerability exists in the ts-fns package versions prior to 13.0.7, where insufficient validation of user-provided keys in the assign function allows attackers to manipulate the Object.prototype chain. By leveraging this flaw, adver... Read more
Affected Products :- Published: Sep. 24, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Misconfiguration
-
8.6
HIGHCVE-2025-54520
Improper Protection Against Voltage and Clock Glitches in FPGA devices, could allow an attacker with physical access to undervolt the platform resulting in a loss of confidentiality.... Read more
Affected Products :- Published: Sep. 24, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Misconfiguration
-
6.7
MEDIUMCVE-2025-20313
Multiple vulnerabilities in Cisco IOS XE Software of could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of tru... Read more
Affected Products : ios_xe- Published: Sep. 24, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2025-57354
A vulnerability exists in the 'counterpart' library for Node.js and the browser due to insufficient sanitization of user-controlled input in translation key processing. The affected versions prior to 0.18.6 allow attackers to manipulate the library's tran... Read more
Affected Products :- Published: Sep. 24, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Injection
-
5.1
MEDIUMCVE-2025-10943
A security flaw has been discovered in MikeCen WeChat-Face-Recognition up to 6e3f72bf8547d80b59e330f1137e4aa505f492c1. This vulnerability affects the function valid of the file wx.php. The manipulation of the argument echostr results in cross site scripti... Read more
Affected Products :- Published: Sep. 25, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Cross-Site Scripting
-
7.7
HIGHCVE-2025-20327
A vulnerability in the web UI of Cisco IOS Software could allow an authenticated, remote attacker with low privileges to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation. An attacke... Read more
Affected Products : ios- Published: Sep. 24, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Denial of Service