942 matches found
GHSA-5P82-2Q3R-WJ3M ThingsBoard allows an authenticated user to upload malicious SVG images
ThingsBoard in versions prior to v4.2.1 allows an authenticated user to upload malicious SVG images via the "Image Gallery", leading to a Stored Cross-Site Scripting XSS vulnerability. The exploit can be triggered when any user accesses the public API endpoint of the malicious SVG images, or if t...
PT-2025-48282
Name of the Vulnerable Software and Affected Versions ThingsBoard versions prior to 4.2.1 Description An authenticated user can upload malicious SVG images through the "Image Gallery". This leads to a Stored Cross-Site Scripting XSS issue. The exploit is triggered when any user accesses the publi...
CVE-2025-62372
vLLM is an inference and serving engine for large language models LLMs. From version 0.5.5 to before 0.11.1, users can crash the vLLM engine serving multimodal models by passing multimodal embedding inputs with correct ndim but incorrect shape e.g. hidden dimension is wrong, regardless of whether...
Allocation Of Resources Without Limits Or Throttling
pdfmake is vulnerable to Allocation of Resources Without Limits or Throttling. The vulnerability is due to improper handling of repeatedly redirected URLs during file embedding, where the library follows redirect chains without enforcing limits, and an attacker can exploit this by supplying craft...
EUVD-2025-198357
vLLM is an inference and serving engine for large language models LLMs. From version 0.5.5 to before 0.11.1, users can crash the vLLM engine serving multimodal models by passing multimodal embedding inputs with correct ndim but incorrect shape e.g. hidden dimension is wrong, regardless of whether...
CVE-2025-62372
CVE-2025-62372 affects vLLM (inference/serving engine). From version 0.5.5 up to before 0.11.1, passing multimodal embedding inputs with correct ndim but incorrect shape (e.g., wrong hidden dimension) can crash the engine when serving multimodal models, regardless of whether those inputs are supp...
CVE-2025-62372 vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs
vLLM is an inference and serving engine for large language models LLMs. From version 0.5.5 to before 0.11.1, users can crash the vLLM engine serving multimodal models by passing multimodal embedding inputs with correct ndim but incorrect shape e.g. hidden dimension is wrong, regardless of whether...
CVE-2025-58181
SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption...
CVE-2025-64402
Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apache OpenOffice, documents that used "OLE objects" linked to...
CVE-2025-60714
Heap-based buffer overflow in Windows OLE allows an unauthorized attacker to execute code locally...
CVE-2025-60714
Heap-based buffer overflow in Windows OLE allows an unauthorized attacker to execute code locally...
EUVD-2025-93416
Heap-based buffer overflow in Windows OLE allows an unauthorized attacker to execute code locally...
CVE-2025-60714 Windows OLE Remote Code Execution Vulnerability
...
CVE-2025-60714 Windows OLE Remote Code Execution Vulnerability
...
Windows OLE Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows OLE allows an unauthorized attacker to execute code locally...
PT-2025-46475
Name of the Vulnerable Software and Affected Versions Windows OLE affected versions not specified Description A heap-based buffer overflow exists in Windows OLE. This flaw could allow an unauthorized attacker to execute code locally. Recommendations At the moment, there is no information about a...
Microsoft Windows 安全漏洞
Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft Corporation USA. A security vulnerability exists in Microsoft Windows OLE. An attacker exploiting this vulnerability could execute code. The following products and editions are affected:Windows 10 Version...
SteganoSNN: SNN-Based Audio-In-Image Steganography with Encryption
Secure data hiding remains a fundamental challenge in digital communication, requiring a careful balance between computational efficiency and perceptual transparency. The balance between security and performance is increasingly fragile with the emergence of generative AI systems capable of...
Cross-site Scripting (XSS)
starcitizenwiki/embedvideo is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper restriction of HTML attributes in the video embedding functionality, which allows an attacker to inject and execute arbitrary web scripts through crafted wikitext...
CVE-2025-64387 CLICKJACKING
The web application is vulnerable to a so-called ‘clickjacking’ attack. In this type of attack, the vulnerable page is inserted into a page controlled by the attacker in order to deceive the victim. This deception can range from making the victim click on a button to making them enter their login...