CVE-2025-2149

CVE-2025-2149 affects PyTorch 2.6.0+cu124, specifically the Quantized Sigmoid Module’s nnq_Sigmoid func. The issue stems from improper initialization caused by manipulation of scale/zero_point, enabling a local attack with high attack complexity; exploitation has been disclosed. Connected IBM adv...

CVE-2025-2149

A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function nnqSigmoid of the component Quantized Sigmoid Module. The manipulation of the argument scale/zeropoint leads to improper initialization. The attack needs to be approached...

DEBIAN-CVE-2025-2148

A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch.ops.profiler.callendcallbacksonjitfut of the component Tuple Handler. The manipulation of the argument None leads to memory corruption. The attack can be launch...

CVE-2025-2148 PyTorch Tuple torch.ops.profiler._call_end_callbacks_on_jit_fut memory corruption

A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch.ops.profiler.callendcallbacksonjitfut of the component Tuple Handler. The manipulation of the argument None leads to memory corruption. The attack can be launch...

CVE-2025-2148 PyTorch Tuple torch.ops.profiler._call_end_callbacks_on_jit_fut memory corruption

A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch.ops.profiler.callendcallbacksonjitfut of the component Tuple Handler. The manipulation of the argument None leads to memory corruption. The attack can be launch...

CVE-2025-2148

CVE-2025-2148 : PyTorch 2.6.0+cu124 contains a vulnerability affecting torch.ops.profiler._call_end_callbacks_on_jit_fut in the Tuple Handler. Manipulating the argument None can cause memory corruption. The report notes a remote attack with high impact and high attack complexity; no explicit reme...

python-tornado: Tornado has HTTP cookie parsing DoS vulnerability

A flaw was found in Tornado's HTTP cookie parsing algorithm. This vulnerability allows excessive CPU consumption via maliciously crafted cookie headers due to Quadratic complexity, potentially blocking the processing of other requests and leading to the loss of availability of the system...

python-tornado: Tornado has HTTP cookie parsing DoS vulnerability

A flaw was found in Tornado's HTTP cookie parsing algorithm. This vulnerability allows excessive CPU consumption via maliciously crafted cookie headers due to Quadratic complexity, potentially blocking the processing of other requests and leading to the loss of availability of the system...

Amazon Linux 2 : gcc10-binutils (ALAS-2025-2772)

The version of gcc10-binutils installed on the remote host is prior to 2.35.2-9. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2772 advisory. A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function...

CVE-2025-2093

A vulnerability was found in PHPGurukul Online Library Management System 3.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /change-password.php. The manipulation of the argument email/phone number leads to weak password recovery. The...

CVE-2025-2129

A vulnerability was found in Mage AI 0.9.75. It has been classified as problematic. This affects an unknown part. The manipulation leads to insecure default initialization of resource. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability i...

CVE-2025-2122

A vulnerability classified as problematic was found in Thinkware Car Dashcam F800 Pro up to 20250226. Affected by this vulnerability is an unknown functionality of the component Connection Handler. The manipulation leads to denial of service. The attack can only be initiated within the local...

CVE-2025-2122 Thinkware Car Dashcam F800 Pro Connection denial of service

A vulnerability classified as problematic was found in Thinkware Car Dashcam F800 Pro up to 20250226. Affected by this vulnerability is an unknown functionality of the component Connection Handler. The manipulation leads to denial of service. The attack can only be initiated within the local...

CVE-2025-2122 Thinkware Car Dashcam F800 Pro Connection denial of service

A vulnerability classified as problematic was found in Thinkware Car Dashcam F800 Pro up to 20250226. Affected by this vulnerability is an unknown functionality of the component Connection Handler. The manipulation leads to denial of service. The attack can only be initiated within the local...

CVE-2025-2122

The CVE-2025-2122 entry concerns Thinkware Car Dashcam F800 Pro (up to 20250226). Affected component: Connection Handler. Vulnerability type: denial of service caused by manipulation of the Connection Handler, with attack possible only on the local network. Exploitation is described as high compl...

CVE-2025-2119

A vulnerability was found in Thinkware Car Dashcam F800 Pro up to 20250226. It has been declared as problematic. This vulnerability affects unknown code of the component Device Registration Handler. The manipulation leads to use of default credentials. It is possible to launch the attack on the...

CVE-2025-2119

The CVE-2025-2119 entry concerns Thinkware Car Dashcam F800 Pro (up to 20250226). A vulnerability in the Device Registration Handler allows use of default credentials, enabling an attack on the physical device. Reported impact is limited to credential misuse with low attack complexity (though use...

CVE-2025-2114

A vulnerability, which was classified as problematic, has been found in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 7. This issue affects some unknown processing of the file /WebPages/Adm/OperatorStop.asp of the component Reset Password Interface. The manipulation of t...

CVE-2025-2114 Shenzhen Sixun Software Sixun Shanghui Group Business Management System Reset Password Interface OperatorStop.asp improper authorization

A vulnerability, which was classified as problematic, has been found in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 7. This issue affects some unknown processing of the file /WebPages/Adm/OperatorStop.asp of the component Reset Password Interface. The manipulation of t...

PT-2025-10456

Name of the Vulnerable Software and Affected Versions: Mage AI version 0.9.75 Description: A vulnerability was found in Mage AI, which has been classified as problematic. The manipulation leads to insecure default initialization of resource. It is possible to initiate the attack remotely. The...