CVE-2025-3015

A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::ASEImporter::BuildUniqueRepresentation of the file code/AssetLib/ASE/ASELoader.cpp of the component ASE File Handler. The manipulation of the argument mIndices leads ...

Canon Printer Drivers Flaw Could Let Hackers Run Malicious Code

A critical vulnerability CVE-2025-1268 in Canon printer drivers allows remote code execution. See which drivers are affected, how to patch them...

PT-2025-14562 · Pytorch +1 · Pytorch +1

Name of the Vulnerable Software and Affected Versions: PyTorch version 2.6.0 Description: A problematic vulnerability has been found in PyTorch, affecting the function torch.jit.jit module from flatbuffer. This issue leads to memory corruption and requires local access to exploit. The exploit has...

WordPress Insert Headers and Footers Code – HT Script plugin <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update vulnerability

Missing Authorization to Authenticated Subscriber+ Limited Options Update vulnerability discovered by kr0d in WordPress Plugin Insert Headers and Footers Code – HT Script versions = 1.1.2...

CVE-2025-30204 affecting package telegraf for versions less than 1.29.4-13

CVE-2025-30204 affecting package telegraf for versions less than 1.29.4-13. A patched version of the package is available...

WordPress WP RealEstate plugin <= 1.6.26 - Authentication Bypass via 'process_register' vulnerability

Authentication Bypass via 'processregister' vulnerability discovered by Tonn in WordPress Plugin WP RealEstate versions = 1.6.26...

WordPress Secure Copy Content Protection and Content Locking plugin <= 4.4.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by astra.r3verii in WordPress Plugin Secure Copy Content Protection and Content Locking versions = 4.4.3...

WordPress Plugin Oficial – Getnet para WooCommerce plugin <= 1.7.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Plugin Oficial – Getnet para WooCommerce versions = 1.7.3...

CVE-2025-3016

A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function Assimp::MDLImporter::ParseTextureColorData of the file code/AssetLib/MDL/MDLMaterialLoader.cpp of the component MDL File Handler. The manipulation of the argument...

WordPress Photo Gallery plugin < 1.8.34 - Unauthenticated Stored XSS vulnerability

Unauthenticated Stored XSS vulnerability discovered by Matthew Rollings in WordPress Plugin Photo Gallery by 10Web versions 1.8.34...

PyTorch is vulnerable to memory corruption through its torch.lstm_cell function

A vulnerability classified as critical was found in PyTorch 2.6.0. This vulnerability affects the function torch.lstmcell. The manipulation leads to memory corruption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. A patch is available...

WordPress Import Export Suite for CSV and XML Datafeed plugin <= 7.19 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability

Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by mikemyers in WordPress Plugin WP Ultimate CSV Importer versions = 7.19...

WordPress Next-Cart Store to WooCommerce Migration plugin <= 3.9.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by LVT-tholv2k in WordPress Plugin Next-Cart Store to WooCommerce Migration versions = 3.9.4...

PyTorch is vulnerable to memory corruption through its unpack_sequence function

A vulnerability was found in PyTorch 2.6.0. It has been rated as critical. Affected by this issue is the function torch.nn.utils.rnn.unpacksequence. The manipulation leads to memory corruption. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. A pat...

PT-2025-14778

Name of the Vulnerable Software and Affected Versions XZ Utils versions 5.3.3alpha through 5.8.0 Description The multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on the null...

CVE-2025-30355

Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known...

tough root metadata version is not checked for sequential versioning

Summary When updating the root role, a TUF client must establish a trusted line of continuity to the latest set of keys. While sequentially downloading new versions of the root metadata file, tough will not check that the root object version it received was the next sequential version from the...

CVE-2025-30217

Frappe is a full-stack web application framework. Prior to versions 14.93.2 and 15.55.0, a SQL Injection vulnerability has been identified in Frappe Framework which could allow a malicious actor to access sensitive information. Versions 14.93.2 and 15.55.0 contain a patch for the issue. No known...

Security Bulletin: Vulnerability in Golang Go affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in Golang Go has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

Azure Linux 3.0 Security Update: python-twisted (CVE-2023-46137)

The version of python-twisted installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-46137 advisory. - Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when...