CVE-2025-51480 affecting package pytorch for versions less than 2.2.2-15

CVE-2025-51480 affecting package pytorch for versions less than 2.2.2-15. A patched version of the package is available...

PJSIP 信任管理问题漏洞

PJSIP is an open-source, free and open-source multimedia communication library developed in C language. It implements standards-based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Prior to PJSIP version 2.17, there were vulnerabilities related to trust management. These vulnerabilities...

HashiCorp Vault和HashiCorp Vault Enterprise 安全漏洞

HashiCorp Vault and HashiCorp Vault Enterprise are products developed by HashiCorp, a company based in the United States. HashiCorp Vault is a private key access management tool. HashiCorp Vault Enterprise is an enterprise information archiving platform. There were security vulnerabilities in...

CVE-2026-32489

Missing Authorization vulnerability in bPlugins B Blocks b-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects B Blocks: from n/a through 2.0.30...

CVE-2026-3103 Deletion of passwords via RestApi

A logic error in the removepassword function in Checkmk GmbH's Checkmk versions 2.4.0p23, 2.3.0p43, and 2.2.0 EOL allows a low-privileged user to cause data loss...

Lobster 安全漏洞

Lobster is a programming language developed by Wouter van Oortmerssen. Versions of Lobster prior to 2.25 contain security vulnerabilities, which stem from uncontrolled recursion in the lobster::TypeName function...

Exploit for CVE-2025-2304

CVE-2025-2304-Camaleon-C...

CVE-2026-22923

A vulnerability has been identified in NX All versions V2512, NX Managed Mode All versions V2512. The affected application contains a data validation vulnerability that could allow an attacker with local access to interfere with internal data during the PDF export process that could potentially...

CVE-2026-1778

Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed certificates to succeed...

CVE-2025-3001 affecting package pytorch for versions less than 2.2.2-10

CVE-2025-3001 affecting package pytorch for versions less than 2.2.2-10. A patched version of the package is available...

PT-2026-2294

Name of the Vulnerable Software and Affected Versions Iris versions prior to 2.4.24 Description Iris is a web collaborative platform used by incident responders to share technical details during investigations. The DFIR-IRIS datastore file management system has an issue where authenticated users...

CVE-2025-12613

Versions of the package cloudinary before 2.7.0 are vulnerable to Arbitrary Argument Injection due to improper parsing of parameter values containing an ampersand. An attacker can inject additional, unintended parameters. This could lead to a variety of malicious outcomes, such as bypassing...

PT-2025-46417

Name of the Vulnerable Software and Affected Versions IntelR PresentMon versions prior to 2.3.1 Description The software has default permissions that, in some cases, may allow for an escalation of privilege. An unprivileged software adversary with an authenticated user and a high complexity attac...

EUVD-2025-50780

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a field with an error contains malicious content. Versions 2.7.13 and 3.2.2 protect rendered HTML content...

CVE-2025-47901

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100: before 2.5...

XMLUnit 安全漏洞

XMLUnit is an XML output library from the XMLUnit open source. A security vulnerability exists in versions of XMLUnit prior to 2.10.0, which stems from XSLT extensions being enabled in the default configuration and could lead to code execution...

CVE-2025-9550

CVE-2025-9550 : Drupal Facets has an improper neutralization of input during web page generation, allowing Cross-Site Scripting (XSS). Affected are Drupal Facets versions before 2.0.10 and before 3.0.1. Remediation is to upgrade to Facets 2.0.10+ or 3.0.1+. The CVSS 3.1 base score is 6.1 (MEDIUM)...

AZL-68120 CVE-2025-55552 affecting package pytorch for versions less than 2.0.0-11

pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randnlike are used together...

CVE-2025-59346

Dragonfly is an open source P2P-based file distribution and image acceleration system. Versions prior to 2.1.0 contain a server-side request forgery SSRF vulnerability that enables users to force DragonFly2’s components to make requests to internal services that are otherwise not accessible to...

GHSA-WJW6-95H5-4JPX Nautobot vulnerable to secrets exposure and data manipulation through Jinja2 templating

Impact What kind of vulnerability is it? Who is impacted? All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the Jinja2 templating feature used in computed fields, custom links, etc. in Nautobot: 1. A malicious...