CVE-2025-23325

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause uncontrolled recursion through a specially crafted input. A successful exploit of this vulnerability might lead to denial of service...

PT-2025-31466 · Unknown · Openviglet Shio

Name of the Vulnerable Software and Affected Versions: openviglet shio versions through 0.3.8 Description: A critical vulnerability exists in openviglet shio up to version 0.3.8. This issue affects the shStaticFilePreUpload function located in the file...

CVE-2025-7931 code-projects Church Donation System admin_pic.php unrestricted upload

A vulnerability was found in code-projects Church Donation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /members/adminpic.php. The manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. T...

CVE-2025-7571 UTT HiPER 840G aspApBasicConfigUrcp buffer overflow

A vulnerability classified as critical has been found in UTT HiPER 840G up to 3.1.1-190328. This affects an unknown part of the file /goform/aspApBasicConfigUrcp. The manipulation of the argument Username leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has be...

CVE-2025-7434

A vulnerability was found in Tenda FH451 up to 1.0.0.9 and classified as critical. Affected by this issue is the function fromAddressNat of the file /goform/addressNat of the component POST Request Handler. The manipulation of the argument page leads to stack-based buffer overflow. The attack may...

Open5GS 安全漏洞

Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. A denial of service vulnerability exists in Open5GS, which can be exploited by an attacker to cause a denial of service...

CVE-2025-5976

A vulnerability has been found in PHPGurukul Rail Pass Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/add-pass.php. The manipulation of the argument fullname leads to cross site scripting. The attack can be initiated remotely. The...

CVE-2025-5154 PhonePe App SQLite Database databases cleartext storage in a file or on disk

A vulnerability, which was classified as problematic, was found in PhonePe App 25.03.21.0 on Android. Affected is an unknown function of the file /data/data/com.phonepe.app/databases/ of the component SQLite Database. The manipulation leads to cleartext storage in a file or on disk. Local access ...

CVE-2025-5111 FreeFloat FTP Server TYPE Command buffer overflow

A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Affected by this issue is some unknown functionality of the component TYPE Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed...

CVE-2024-11996

A vulnerability was found in code-projects Farmacia 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /editar-fornecedor.php. The manipulation of the argument cidade leads to cross site scripting. The attack may be launched remotely. The exploit h...

CVE-2025-4997 H3C R2+ProG HTTP POST Request aspForm SetAPInfoById denial of service

A vulnerability, which was classified as problematic, was found in H3C R2+ProG up to 200R004. Affected is the function UpdateWanParams/AddMacList/EditMacList/AddWlanMacList/EditWlanMacList/EditBasicSSID/EditGuestSSIDFor2P4G/EditBasicSSID5G/SetAPInfoById of the file /goform/aspForm of the componen...

CVE-2025-3916

CWE-121: Stack-based Buffer Overflow vulnerability exists that could cause local attackers being able to exploit these issues to potentially execute arbitrary code while the end user opens a malicious project file SSD file provided by the attacker...

CVE-2025-4326

A vulnerability was found in MRCMS 3.1.2 and classified as problematic. This issue affects some unknown processing of the file /admin/chip/add.do of the component Add Fragment Page. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclose...

CVE-2025-4292

A vulnerability has been found in MRCMS 3.1.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/user/edit.do of the component Edit User Page. The manipulation of the argument Username leads to cross site scripting. The attack can be...

CVE-2025-4248 SourceCodester Simple To-Do List System complete_task.php sql injection

A vulnerability has been found in SourceCodester Simple To-Do List System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /completetask.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The...

GoBGP crashes in the flowspec parser

An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go flowspec parser by sending fewer than 20 bytes in a certain context...

CVE-2025-31201

This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this...

CVE-2025-3387 renrenio renren-security JSON cross site scripting

A vulnerability classified as problematic has been found in renrenio renren-security up to 5.4.0. This affects an unknown part of the component JSON Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the publi...

CVE-2025-2917

A vulnerability, which was classified as problematic, was found in ChestnutCMS up to 1.5.3. Affected is the function readFile of the file /dev-api/cms/file/read. The manipulation of the argument filePath leads to path traversal. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-2926

CVE-2025-2926 affects HDF5 up to 1.14.6. The issue is a null pointer dereference in H5O__cache_chk_serialize (src/H5Ocache.c). Local access is required to exploit; exploitation has been disclosed publicly. OSV entries corroborate this CVE and note a fix is planned/available via a patched package ...