5838 matches found
NVIDIA TensorRT-LLM python executor code issue vulnerability
NVIDIA TensorRT-LLM is a high-performance inference acceleration library from NVIDIA for defining, optimizing, and executing inference in production environments for large language models LLMs. A code issue vulnerability exists in NVIDIA TensorRT-LLM that stems from insufficient data validation a...
openSUSE 15 Security Update : chromium (openSUSE-SU-2025:0145-1)
The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025:0145-1 advisory. - Chromium 136.0.7103.48 stable release 2025-04-29 boo1242153 CVE-2025-4096: Heap buffer overflow in HTML. Reported by Anonymous on 2025-04-11...
Fedora 41 : chromium (2025-8fbc37e703)
The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-8fbc37e703 advisory. Update to 136.0.7103.59 CVE-2025-4096: Heap buffer overflow in HTML CVE-2025-4050: Out of bounds memory access in DevTools CVE-2025-4051: Insufficie...
CVE-2025-4051
Insufficient data validation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. Chromium security severity: Medium...
CVE-2025-4051
CVE-2025-4051 involves insufficient data validation in DevTools of Google Chrome/Chromium, allowing a remote attacker to bypass discretionary access control when a user is persuaded to perform specific UI gestures on a crafted HTML page. The vulnerability affects Chrome before version 136.0.7103....
CVE-2025-4051
Insufficient data validation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. Chromium security severity: Medium...
CVE-2025-4051
Insufficient data validation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. Chromium security severity: Medium...
CVE-2025-4051
Insufficient data validation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. Chromium security severity: Medium...
The vulnerability of the Orders component in the Oracle Configurator application of the Oracle E-Business Suite allows a malicious actor to gain access to read, modify, add, or delete data.
The vulnerability of the Orders component in the Oracle Configurator application of the Oracle E-Business Suite is related to insufficient validation of entered data. Exploiting this vulnerability may allow an attacker to gain access to read, modify, add, or delete data...
SUSE CVE-2025-4051
Insufficient data validation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. Chromium security severity: Medium...
Fedora 40 : chromium (2025-b1804b97fc)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-b1804b97fc advisory. Update to 136.0.7103.59 CVE-2025-4096: Heap buffer overflow in HTML CVE-2025-4050: Out of bounds memory access in DevTools CVE-2025-4051: Insufficie...
CVE-2025-1838
IBM Cloud Pak for Business Automation 24.0.0 and 24.0.1 through 24.0.1 IF001 Authoring allows an authenticated user to bypass client-side data validation in an authoring user interface which could cause a denial of service...
CVE-2025-1838
CVE-2025-1838 affects IBM Cloud Pak for Business Automation (IBM Business Automation Workflow) 24.0.0 and 24.0.1 through 24.0.1 IF001. The vulnerability stems from an authenticated user bypassing client-side data validation in the authoring UI, which could lead to a denial of service. Red Hat/IBM...
CVE-2025-1838 IBM Cloud Pak for Business Automation denial of service
IBM Cloud Pak for Business Automation 24.0.0 and 24.0.1 through 24.0.1 IF001 Authoring allows an authenticated user to bypass client-side data validation in an authoring user interface which could cause a denial of service...
CVE-2025-1838 IBM Cloud Pak for Business Automation denial of service
IBM Cloud Pak for Business Automation 24.0.0 and 24.0.1 through 24.0.1 IF001 Authoring allows an authenticated user to bypass client-side data validation in an authoring user interface which could cause a denial of service...
PT-2025-18953 · Ibm · Ibm Cloud Pak For Business Automation
Name of the Vulnerable Software and Affected Versions: IBM Cloud Pak for Business Automation versions 24.0.0 through 24.0.1 IF001 Description: The issue allows an authenticated user to bypass client-side data validation in the authoring user interface, which could cause a denial of service...
Microsoft Edge (Chromium) < 136.0.3240.50 Multiple Vulnerabilities
The version of Microsoft Edge installed on the remote Windows host is prior to 136.0.3240.50. It is, therefore, affected by multiple vulnerabilities as referenced in the May 1, 2025 advisory. - User interface ui misrepresentation of critical information in Microsoft Edge Chromium-based allows an...
The vulnerability of the phpseclib cryptographic protocol library, related to incorrect input validation, allows attackers to trigger a service failure.
The vulnerability of the phpseclib cryptographic protocol library is related to insufficient checks on the data entered by users. Exploiting this vulnerability could allow a malicious actor to cause service failures...
Chromium: CVE-2025-4052 Inappropriate implementation in DevTools
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
CVE-2025-23254
NVIDIA TensorRT-LLM (TensorRT-LLM Python executor) contains a data-validation vulnerability that can be exploited with local access to the TRTLLM server to achieve code execution, information disclosure, and data tampering. The CVE-2025-23254 entries across NVD/CVE lists describe a Python-executo...