CVE-2025-15122 JeecgBoot datarule loadDatarule improper authorization

A vulnerability was found in JeecgBoot up to 3.9.0. The impacted element is the function loadDatarule of the file /sys/sysDepartRole/datarule/. Performing manipulation of the argument departId/roleId results in improper authorization. It is possible to initiate the attack remotely. The attack is...

RLSA-2023:2417 Moderate: php:8.1 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 8.1.14. Security Fixes: XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cookie could b...

CVE-2025-67729

LMDeploy is a toolkit for compressing, deploying, and serving LLMs. Prior to version 0.11.1, an insecure deserialization vulnerability exists in lmdeploy where torch.load is called without the weightsonly=True parameter when loading model checkpoint files. This allows an attacker to execute...

CVE-2025-67729

LMDeploy prior to v0.11.1 is affected by an insecure deserialization vulnerability in torch.load() called without weights_only=True when loading model checkpoint files (.bin/.pt). This can allow an attacker to execute arbitrary code on the victim's machine. The issue is patched in v0.11.1. Affect...

CVE-2025-67729 lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load()

LMDeploy is a toolkit for compressing, deploying, and serving LLMs. Prior to version 0.11.1, an insecure deserialization vulnerability exists in lmdeploy where torch.load is called without the weightsonly=True parameter when loading model checkpoint files. This allows an attacker to execute...

CVE-2025-67729 lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load()

LMDeploy is a toolkit for compressing, deploying, and serving LLMs. Prior to version 0.11.1, an insecure deserialization vulnerability exists in lmdeploy where torch.load is called without the weightsonly=True parameter when loading model checkpoint files. This allows an attacker to execute...

lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load()

Summary An insecure deserialization vulnerability exists in lmdeploy where torch.load is called without the weightsonly=True parameter when loading model checkpoint files. This allows an attacker to execute arbitrary code on the victim's machine when they load a malicious .bin or .pt model file...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the torch.load function. An attacker can execute arbitrary code by providing a specially crafted model file that is loaded without proper security parameters. Details Serialization is a process of...

GHSA-9PF3-7RRR-X5JH lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load()

Summary An insecure deserialization vulnerability exists in lmdeploy where torch.load is called without the weightsonly=True parameter when loading model checkpoint files. This allows an attacker to execute arbitrary code on the victim's machine when they load a malicious .bin or .pt model file...

EUVD-2025-205455

lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load...

curl: Security hardening: missing integer overflow check in curl_load_library()

Summary A missing integer overflow check was identified in lib/systemwin32.c::curlloadlibrary when calculating the buffer size for a DLL path. On 32-bit Windows builds, the unchecked size calculation can wrap around, resulting in an undersized heap allocation followed by unbounded string copies v...

Eaton UPS Companion 安全漏洞

Eaton UPS Companion is a power management software from Eaton Corporation USA. A security vulnerability exists in Eaton UPS Companion, which stems from an insecure library load and could lead to the execution of arbitrary code by an attacker with access to the software package...

PT-2025-53604

Name of the Vulnerable Software and Affected Versions LMDeploy versions prior to 0.11.1 Description LMDeploy is a toolkit used for compressing, deploying, and serving LLMs. A flaw exists where the torch.load function is called without the weights only=True parameter when loading model checkpoint...

Linux Distros Unpatched Vulnerability : CVE-2023-54000

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: hns3: fix deadlock issue when externellb and reset are executed together When externellb and reset are executed together, a deadlock may occur: 3147.217009...

CVE-2025-15088 ketr JEPaaS loadPostil postilService.loadPostils sql injection

A vulnerability was detected in ketr JEPaaS up to 7.2.8. Affected by this vulnerability is the function postilService.loadPostils of the file /je/postil/postil/loadPostil. Performing a manipulation of the argument keyWord results in sql injection. Remote exploitation of the attack is possible. Th...

CVE-2025-15088

The CVE-2025-15088 entry concerns ketr JEPaaS up to version 7.2.8. Affected component: function postilService.loadPostils in /je/postil/postil/loadPostil. Root cause: improper handling/manipulation of the keyWord argument enables SQL injection. Impact: remote exploitation is possible; exploitatio...

SUSE CVE-2022-50701

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921s: fix slab-out-of-bounds access in sdio host SDIO may need addtional 511 bytes to align bus operation. If the tailroom of this skb is not big enough, we would access invalid memory region. For low level...

SUSE CVE-2023-53998

In the Linux kernel, the following vulnerability has been resolved: hwrng: virtio - Fix race on dataavail and actual data The virtio rng device kicks off a new entropy request whenever the data available reaches zero. When a new request occurs at the end of a read operation, that is, when the...

SUSE CVE-2023-54000

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix deadlock issue when externellb and reset are executed together When externellb and reset are executed together, a deadlock may occur: 3147.217009 INFO: task kworker/u321:0:7 blocked for more than 120 seconds...

SUSE CVE-2023-54126

In the Linux kernel, the following vulnerability has been resolved: crypto: safexcel - Cleanup ring IRQ workqueues on load failure A failure loading the safexcel driver results in the following warning on boot, because the IRQ affinity has not been correctly cleaned up. Ensure we clean up the...