3636 matches found
CVE-2025-13433
CVE-2025-13433 affects Muse Group MuseHub 2.1.0.1567. The vulnerability arises in an unknown function within the Windows service component, specifically in the file path …\Muse.Updater.exe, causing an unquoted search path. Exploitation is restricted to local access with high attack complexity and...
CLSA-2025-1763568610 python-idna: Fix of CVE-2024-3651
CVE-2024-3651: more efficient resolution of joiner contexts in idna library to avoid quadratic complexity that leads to a DoS condition...
CVE-2025-40545
SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required...
Django: ASGIRequest header concatenation quadratic CPU DoS on Django via repeated headers leads to worker exhaustion
ASGIRequest header concatenation quadratic CPU DoS Reporter: Jiyong Yang / BAEKSEOK University Target: Django current main, affects all versions with ASGI support Type: Denial of Service CPU exhaustion Summary django.core.handlers.asgi.ASGIRequest builds the META dictionary by iterating over the...
CVE-2025-62484
Inefficient regular expression complexity in certain Zoom Workplace Clients before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access...
CVE-2025-27249
Uncontrolled resource consumption for some Gaudi software before version 1.21.0 within Ring 3: User Applications may allow a denial of service. System software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occu...
CVE-2025-27725
Time-of-check time-of-use race condition for some ACAT before version 3.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable denial of service. This result may potentially...
CVE-2025-32446
Untrusted pointer dereference for some Intel QuickAssist Technology software before version 2.6.0 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a low complexity attack may enable data manipulation. This...
CVE-2025-35968
Protection mechanism failure in the UEFI firmware for the Slim Bootloader within firmware may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via...
CVE-2025-22391
Improper access control for some SigTest before version 6.1.10 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially...
PT-2025-46839
Name of the Vulnerable Software and Affected Versions Zoom Workplace Clients versions prior to 6.5.10 Description An inefficient regular expression complexity in certain Zoom Workplace Clients may allow an unauthenticated user to conduct an escalation of privilege via network access. The issue...
CVE-2025-24314
Improper access control for some IntelR CIP software before version WINDCA2.4.0.11001 within Ring 3: User Applications may allow an information disclosure. Unprivileged software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may...
CVE-2025-32732
Buffer overflow for some IntelR QAT Windows software before version 2.6.0. within Ring 3: User Applications may allow a denial of service. System software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via...
CVE-2025-24519
Buffer overflow for some IntelR QAT Windows software before version 2.6.0. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a low complexity attack may enable data manipulation. This result may potentially...
CVE-2025-24863
Improper privilege management for some IntelR CIP software before version WINDCA2.4.0.11001 within Ring 3: User Applications may allow an information disclosure. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable data exposure. This result...
CVE-2025-24847
Improper input validation for some IntelR CIP software before version WINDCA2.4.0.11001 within Ring 3: User Applications may allow an information disclosure. Unprivileged software adversary with a privileged user combined with a low complexity attack may enable data exposure. This result may...
CVE-2025-30255
Out-of-bounds write for some IntelR PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable denial of service. This...
CVE-2025-24838
Improper privilege management for some IntelR CIP software before version WINDCA2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege...
CVE-2025-26405
Improper control of dynamically-managed code resources for some IntelR NPU Drivers within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may...
EUVD-2025-93473
Out-of-bounds read for some IntelR PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable denial of service. This...