PT-2025-47989

Name of the Vulnerable Software and Affected Versions MongoDB Server versions prior to 7.0.26 MongoDB Server versions prior to 8.0.16 MongoDB Server versions prior to 8.2.1 Description An issue exists in the time series processing logic where inconsistent object size validation can lead to the...

NVIDIA Nemo Framework 代码注入漏洞

NVIDIA Nemo Framework is a framework for building and deploying generative AI models from NVIDIA. A code injection vulnerability exists in NVIDIA Nemo Framework that stems from the presence of malicious data in the NLP and LLM components, which could lead to code injection that could result in co...

CVE-2025-64720 LIBPNG is vulnerable to a buffer overflow in `png_image_read_composite` via incorrect palette premultiplication

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in pngimagereadcomposite when processing palette images with PNGFLAGOPTIMIZEALP...

ROS-20251124-14

A vulnerability in the Security component of Oracle GraalVM Enterprise Edition virtual machines, Oracle GraalVM for JDK and Oracle Java SE software platform is related to access control weaknesses. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to read,...

Tenda AC21 SetIpMacBind File Stack Buffer Overflow Vulnerability

Tenda AC21 is a dual-band Gigabit wireless router launched by Tenda Technology, designed for home high-speed Internet needs, supporting 802.11acwave2 technology, dual-band concurrent rate up to 2033Mbps, of which the 5GHz band rate up to 1733Mbps, to meet the high-bandwidth applications, such as ...

png -- Multiple vulnerabilities

https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g reports: LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow...

ROS-20251124-12

A vulnerability in the Security component of Oracle GraalVM Enterprise Edition virtual machines, Oracle GraalVM for JDK and Oracle Java SE software platform is related to access control weaknesses. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to read,...

EUVD-2025-198537

The Appointment Booking Calendar plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.96. This is due to the plugin exposing an unauthenticated booking processing endpoint cpabcappointmentscheckIPNverification that trusts attacker-supplied payment...

Security update for tomcat

This update for tomcat fixes the following issues: Update to Tomcat 9.0.111: CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT is enabled bsc1252753 CVE-2025-55754: Fixed improper neutralization of escape, meta, or control sequences vulnerability bsc1252905...

PT-2025-47711

Name of the Vulnerable Software and Affected Versions Vitepos – Point of Sale POS for WooCommerce versions up to and including 3.3.0 Description The Vitepos – Point of Sale POS for WooCommerce plugin for WordPress is susceptible to arbitrary file uploads due to a lack of file type validation with...

AMD CPU 安全漏洞

AMD CPUs are a family of CPUs from AMD. AMD CPUs suffer from an entropy mishandling vulnerability, no details of the vulnerability are provided at this time...

vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs

Summary Users can crash the vLLM engine serving multimodal models by passing multimodal embedding inputs with correct ndim but incorrect shape e.g. hidden dimension is wrong, regardless of whether the model is intended to support such inputs as defined in the Supported Models page. The issue has...

ShadowRay 2.0 Exploits Unpatched Ray Flaw to Build Self-Spreading GPU Cryptomining Botnet

Oligo Security has warned of ongoing attacks exploiting a two-year-old security flaw in the Ray open-source artificial intelligence AI framework to turn infected clusters with NVIDIA GPUs into a self-replicating cryptocurrency mining botnet. The activity, codenamed ShadowRay 2.0 , is an evolution...

TencentOS Server 4: gimp (TSSA-2025:0601)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0601 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

TencentOS Server 4: gdk-pixbuf2 (TSSA-2025:0706)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0706 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 4: LibRaw (TSSA-2025:0399)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0399 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

CVE-2025-63371

Milos Paripovic OneCommander 3.102.0.0 is vulnerable to Directory Traversal. The vulnerability resides in the ZIP file processing component, specifically in the functionality responsible for extracting and handling ZIP archive contents...

CVE-2025-55179

Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device. We have not seen...

Denial Of Service (DoS)

ImageMagick is vulnerable to Denial of Service DoS. The vulnerability is due to unsigned integer underflow and division-by-zero conditions in the CLAHEImage function when tile width or height is zero, which allows an attacker to trigger out-of-bounds memory access or application crashes by...

CVE-2025-63371

CVE-2025-63371 affects OneCommander 3.102.0.0. The vulnerability stems from the ZIP file processing component during extraction, enabling potential directory traversal via ZIP archive contents. Public documents consistently describe the flaw, but do not provide a confirmed fix version or remediat...