PT-2025-18943

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue concerns the vmxnet3 driver's XDP handling, which is buggy for packet sizes between 128 and 3k bytes. This bug can cause MTU-related connectivity issues, and in some cases, it...

CVE-2025-46508

Cross-Site Request Forgery CSRF vulnerability in kasonzhao Advanced lazy load advanced-lazy-load allows Stored XSS.This issue affects Advanced lazy load: from n/a through = 1.6.0...

CVE-2025-46508 WordPress Advanced lazy load plugin <= 1.6.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in kasonzhao Advanced lazy load advanced-lazy-load allows Stored XSS.This issue affects Advanced lazy load: from n/a through = 1.6.0...

CVE-2025-46508

CVE-2025-46508 refers to a CSRF-to-Stored XSS vulnerability in the WordPress plugin Advanced lazy load, affecting versions 1.6.0 and earlier. The vulnerability is described as CSRF that enables stored XSS on affected sites. Public disclosures in the supplied connected documents consistently ident...

CVE-2025-46508 WordPress Advanced lazy load plugin <= 1.6.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in kasonzhao Advanced lazy load advanced-lazy-load allows Stored XSS.This issue affects Advanced lazy load: from n/a through = 1.6.0...

WordPress plugin Advanced lazy load 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

The vulnerability of the torch.load() function in the PyTorch machine learning framework allows a hacker to execute arbitrary code.

The vulnerability of the torch.load function in the PyTorch machine learning framework is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

PT-2025-17814 · Unknown · Kasonzhao Advanced Lazy Load

Name of the Vulnerable Software and Affected Versions: kasonzhao Advanced lazy load versions 1.6.0 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...

ADM - CPU utilization is increasing and Debug is enabled

High Load on the CPU at Random time, collect the bundle and shared...

Deserialization of Untrusted Data

Overview llamafactory is an Easy-to-use LLM fine-tuning framework Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the torch.load function. An attacker can execute arbitrary commands by crafting a malicious .bin file that is then deserialized. PoC pyth...

SUSE CVE-2025-43964

In LibRaw before 0.21.4, tag 0x412 processing in phaseonecorrect in decoders/loadmfbacks.cpp does not enforce minimum w0 and w1 values...

[SECURITY] Fedora 41 Update: trafficserver-9.2.10-1.fc41

Traffic Server is a high-performance building block for cloud services. It's more than just a caching proxy server; it also has support for plugins to build large scale web applications. Key features: Caching - Improve your response time, while reducing server load and bandwidth needs by caching...

PT-2025-28994

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A potential null pointer dereference issue was identified in the fpga mgr test img load sgt function. The function allocates memory for sgt using kunit kzalloc, but fails to verify if...

CVE-2025-32431

Traefik pronounced traffic is an HTTP reverse proxy and load balancer. In versions prior to 2.11.24, 3.3.6, and 3.4.0-rc2. There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backe...

CVE-2025-32431 Traefik has a possible vulnerability with the path matchers

Traefik pronounced traffic is an HTTP reverse proxy and load balancer. In versions prior to 2.11.24, 3.3.6, and 3.4.0-rc2. There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backe...

CVE-2025-43964

In LibRaw before 0.21.4, tag 0x412 processing in phaseonecorrect in decoders/loadmfbacks.cpp does not enforce minimum w0 and w1 values...

AZL-61810 CVE-2025-43963 affecting package LibRaw 0.21.3-1

In LibRaw before 0.21.4, phaseonecorrect in decoders/loadmfbacks.cpp allows out-of-buffer access because splitcol and splitrow values are not checked in 0x041f tag processing...

AZL-61780 CVE-2025-43962 affecting package LibRaw 0.21.3-1

In LibRaw before 0.21.4, phaseonecorrect in decoders/loadmfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations...

DEBIAN-CVE-2025-43962

In LibRaw before 0.21.4, phaseonecorrect in decoders/loadmfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations...

CVE-2025-43962

In LibRaw before 0.21.4, phaseonecorrect in decoders/loadmfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations...