CVE-2025-6273

The CVE-2025-6273 entry concerns WebAssembly wabt up to 1.0.37. It affects the LogOpcode function in src/binary-reader-objdump.cc, where input manipulation can trigger a reachable assertion. Local access is required, and the exploit has been disclosed publicly; the code maintainer notes the issue...

PT-2025-26226

Name of the Vulnerable Software and Affected Versions HDF5 versions up to 1.14.6 Description A critical vulnerability was found in HDF5, affecting the function H5C reconstruct cache entry of the file H5Cimage.c. This issue leads to a heap-based buffer overflow. The exploitation of this...

CVE-2025-36573

Dell Smart Dock Firmware, versions prior to 01.00.08.01, contain an Insertion of Sensitive Information into Log File vulnerability. A user with local access could potentially exploit this vulnerability, leading to Information disclosure...

CVE-2025-49182

Files in the source code contain login credentials for the admin user and the property configuration password, allowing an attacker to get full access to the application...

CVE-2025-36575

Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Exposure of Sensitive Information Through Data Queries vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure...

PT-2025-24386 · Tenda · Tenda Ac15

Name of the Vulnerable Software and Affected Versions: Tenda AC15 version 15.03.05.19 multi Description: A critical issue affects the fromadvsetlanip function of the /goform/AdvSetLanip file in the HTTP POST Request Handler component. The manipulation of the lanMask argument leads to a buffer...

Nazgul Nostromo nhttpd < 2.1 Path Traversal Vulnerability

Nazgul Nostromo nhttpd is prone to a path traversal vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

PT-2025-23821 · Cisco · Cisco Imc

Name of the Vulnerable Software and Affected Versions: Cisco Integrated Management Controller IMC for Cisco UCS B-Series, UCS C-Series, UCS S-Series, and UCS X-Series Servers affected versions not specified Description: A vulnerability in the SSH connection handling could allow an authenticated,...

CVE-2025-5286

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘additionalsettings’ parameter in all versions up to, and including, 5.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-5235 OpenSheetMusicDisplay <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter

The OpenSheetMusicDisplay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

BIT-PYTORCH-2025-3121 PyTorch torch.jit.jit_module_from_flatbuffer memory corruption

A vulnerability classified as problematic has been found in PyTorch 2.6.0. Affected is the function torch.jit.jitmodulefromflatbuffer. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used...

PT-2025-23003 · Gnu +1 · Gnu Binutils +1

Name of the Vulnerable Software and Affected Versions: GNU Binutils versions up to 2.44 Description: A critical vulnerability has been found in GNU Binutils, affecting the debug type samep function of the objdump component. This issue leads to memory corruption and requires local access to exploi...

CVE-2025-5169

CVE-2025-5169 affects Open Asset Import Library (Assimp) version 5.4.3. The issue is in MDLImporter::InternReadFile_3DGS_MDL345 inside MDLLoader.cpp and causes an out-of-bounds read. Local access is required. The description notes that the exploit has been disclosed publicly and may be used. Ther...

PT-2025-22913 · Llisoft · Llisoft Mta Maita Training System

Name of the Vulnerable Software and Affected Versions: llisoft MTA Maita Training System version 4.5 Description: A critical issue has been found in the this.fileService.download function of the file comllisoftcontrollerOpenController.java. The manipulation of the url argument leads to unrestrict...

CVE-2024-2257

This vulnerability exists in Digisol Router DG-GR1321: Hardware version 3.7L; Firmware version : v3.2.02 due to improper implementation of password policies. An attacker with physical access could exploit this by creating password that do not adhere to the defined security standards/policy on the...

CVE-2024-36505

An improper access control vulnerability CWE-284 in FortiOS 7.4.0 through 7.4.3, 7.2.5 through 7.2.7, 7.0.12 through 7.0.14 and 6.4.x may allow an attacker who has already successfully obtained write access to the underlying system via another hypothetical exploit to bypass the file integrity...

CVE-2024-11453

The WordPress Pinterest Plugin – Make a Popup, User Profile, Masonry and Gallery Layout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gspinwidget' shortcode in all versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping...

CVE-2024-11655

A vulnerability classified as critical was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. This vulnerability affects unknown code of the file /admin/network/diagpinginterface. The manipulation of the argument diagping leads to command injection. The attack can be initiated...

CVE-2024-13106

A vulnerability was found in D-Link DIR-816 A2 1.10CNB05R1B011D88210 and classified as critical. Affected by this issue is some unknown functionality of the file /goform/form2IPQoSTcAdd of the component IP QoS Handler. The manipulation leads to improper access controls. The attack may be launched...

CVE-2024-46664

A relative path traversal in Fortinet FortiRecorder CWE-23 version 7.2.0 through 7.2.1 and before 7.0.4 allows a privileged attacker to read files from the underlying filesystem via crafted HTTP or HTTPs requests...