Latest CVE Feed
-
6.1
MEDIUMCVE-2025-59825
astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.3 and earlier of astral-tokio-tar, tar archives may extract outside of their intended destination directory when using the Entry::unpack_in_raw API. Additionally, th... Read more
Affected Products :- Published: Sep. 23, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Path Traversal
-
10.0
CRITICALCVE-2025-9962
A buffer overflow vulnerability in Novakon P series allows attackers to gain root permission without prior authentication.This issue affects P series: P – V2001.A.C518o2.... Read more
Affected Products :- Published: Sep. 23, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Memory Corruption
-
6.1
MEDIUMCVE-2025-8282
The SureForms WordPress plugin before 1.9.1 does not sanitise and escape some parameters when outputing them in the page, which could allow admin and above users to perform Cross-Site Scripting attacks.... Read more
Affected Products : sureforms- Published: Sep. 23, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Cross-Site Scripting
-
5.7
MEDIUMCVE-2025-23272
NVIDIA nvJPEG library contains a vulnerability where an attacker can cause an out-of-bounds read by means of a specially crafted JPEG file. A successful exploit of this vulnerability might lead to information disclosure or denial of service.... Read more
Affected Products : cuda_toolkit- Published: Sep. 24, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Information Disclosure
-
9.0
HIGHCVE-2025-10838
A vulnerability was identified in Tenda AC21 16.03.08.16. The affected element is the function sub_45BB10 of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to buffer overflow. It is possible to initiate the attack remo... Read more
Affected Products : ac21_firmware- Published: Sep. 23, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Memory Corruption
-
3.3
LOWCVE-2025-23271
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a user may cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. A successful exploit of this vulnerability may lead to a partial denial of serv... Read more
Affected Products : cuda_toolkit- Published: Sep. 24, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Memory Corruption
-
7.2
HIGHCVE-2025-48868
Horilla is a free and open source Human Resource Management System (HRMS). An authenticated Remote Code Execution (RCE) vulnerability exists in Horilla 1.3.0 due to the unsafe use of Python’s eval() function on a user-controlled query parameter in the pro... Read more
Affected Products : horilla- Published: Sep. 24, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Injection
-
7.3
HIGHCVE-2025-9966
Improper privilege management vulnerability in Novakon P series allows attackers to gain root privileges if one service is compromized.This issue affects P series: P – V2001.A.C518o2.... Read more
Affected Products :- Published: Sep. 23, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Authorization
-
0.0
NACVE-2025-39888
In the Linux kernel, the following vulnerability has been resolved: fuse: Block access to folio overlimit syz reported a slab-out-of-bounds Write in fuse_dev_do_write. When the number of bytes to be retrieved is truncated to the upper limit by fc->max_... Read more
Affected Products : linux_kernel- Published: Sep. 23, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Memory Corruption
-
3.3
LOWCVE-2025-23248
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a user may cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. A successful exploit of this vulnerability may lead to a partial denial of serv... Read more
Affected Products : cuda_toolkit- Published: Sep. 24, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-39886
In the Linux kernel, the following vulnerability has been resolved: bpf: Tell memcg to use allow_spinning=false path in bpf_timer_init() Currently, calling bpf_map_kmalloc_node() from __bpf_async_init() can cause various locking issues; see the followin... Read more
Affected Products : linux_kernel- Published: Sep. 23, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Race Condition
-
0.0
NACVE-2025-39880
In the Linux kernel, the following vulnerability has been resolved: libceph: fix invalid accesses to ceph_connection_v1_info There is a place where generic code in messenger.c is reading and another place where it is writing to con->v1 union member with... Read more
Affected Products : linux_kernel- Published: Sep. 23, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-39887
In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fix null-ptr-deref in bitmap_parselist() A crash was observed with the following output: BUG: kernel NULL pointer dereference, address: 0000000000000010 Oops: Oops: 00... Read more
Affected Products : linux_kernel- Published: Sep. 23, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-23348
NVIDIA Megatron-LM for all platforms contains a vulnerability in the pretrain_gpt script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of pr... Read more
Affected Products : megatron-lm- Published: Sep. 24, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Injection
-
7.8
HIGHCVE-2025-23349
NVIDIA Megatron-LM for all platforms contains a vulnerability in the tasks/orqa/unsupervised/nq.py component, where an attacker may cause a code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, in... Read more
Affected Products : megatron-lm- Published: Sep. 24, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Injection
-
3.3
LOWCVE-2025-23340
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a user may cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. A successful exploit of this vulnerability may lead to a partial denial of serv... Read more
Affected Products : cuda_toolkit- Published: Sep. 24, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Denial of Service
-
7.8
HIGHCVE-2025-23354
NVIDIA Megatron-LM for all platforms contains a vulnerability in the ensemble_classifer script where malicious data created by an attacker may cause an injection. A successful exploit of this vulnerability may lead to code execution, escalation of privile... Read more
Affected Products : megatron-lm- Published: Sep. 24, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Injection
-
6.4
MEDIUMCVE-2025-9353
The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 7.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated a... Read more
Affected Products : builder- Published: Sep. 24, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Cross-Site Scripting
-
8.6
HIGHCVE-2025-10906
A flaw has been found in Magnetism Studios Endurance up to 3.3.0 on macOS. This affects the function loadModuleNamed:WithReply of the file /Applications/Endurance.app/Contents/Library/LaunchServices/com.MagnetismStudios.endurance.helper of the component N... Read more
Affected Products :- Published: Sep. 24, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Authentication
-
2.5
LOWCVE-2025-23273
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvJPEG where a local authenticated user may cause a divide by zero error by submitting a specially crafted JPEG file. A successful exploit of this vulnerability may lead to denial of servic... Read more
Affected Products : cuda_toolkit- Published: Sep. 24, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Denial of Service