Skip to main content
CVE-2025-8869 MEDIUM PATCH This Month

When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Information Disclosure Red Hat Suse
NVD GitHub
CVSS 4.0
5.9
EPSS
0.0%
CVE-2025-23354 HIGH This Month

NVIDIA Megatron-LM for all platforms contains a vulnerability in the ensemble_classifer script where malicious data created by an attacker may cause an injection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Nvidia Code Injection Information Disclosure Megatron Lm
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-23353 HIGH This Month

NVIDIA Megatron-LM for all platforms contains a vulnerability in the msdp preprocessing script where malicious data created by an attacker may cause an injection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Nvidia Code Injection Information Disclosure Megatron Lm
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-23348 HIGH This Month

NVIDIA Megatron-LM for all platforms contains a vulnerability in the pretrain_gpt script, where malicious data created by an attacker may cause a code injection issue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Nvidia Code Injection Information Disclosure Megatron Lm
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-23346 LOW Monitor

NVIDIA CUDA Toolkit contains a vulnerability in cuobjdump, where an unprivileged user can cause a NULL pointer dereference. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Nvidia Cuda Toolkit
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-23340 LOW Monitor

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a user may cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Nvidia Information Disclosure Cuda Toolkit
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-23339 LOW Monitor

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in cuobjdump where an attacker may cause a stack-based buffer overflow by getting the user to run cuobjdump on a malicious ELF file. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Nvidia Stack Overflow RCE Cuda Toolkit
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-23308 LOW Monitor

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm where an attacker may cause a heap-based buffer overflow by getting the user to run nvdisasm on a malicious ELF file. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Nvidia RCE Cuda Toolkit
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-23275 MEDIUM Monitor

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvJPEG where a local authenticated user may cause a GPU out-of-bounds write by providing certain image dimensions. Rated medium severity (CVSS 4.2). No vendor patch available.

Nvidia Memory Corruption Buffer Overflow Denial Of Service Information Disclosure +2
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-23274 MEDIUM Monitor

NVIDIA nvJPEG contains a vulnerability in jpeg encoding where a user may cause an out-of-bounds read by providing a maliciously crafted input image with dimensions that cause integer overflows in. Rated medium severity (CVSS 4.5). No vendor patch available.

Denial Of Service Buffer Overflow Nvidia Information Disclosure
NVD
CVSS 3.1
4.5
EPSS
0.0%
CVE-2025-23273 LOW Monitor

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvJPEG where a local authenticated user may cause a divide by zero error by submitting a specially crafted JPEG file. Rated low severity (CVSS 2.5). No vendor patch available.

Denial Of Service Nvidia Cuda Toolkit Nvjpeg
NVD
CVSS 3.1
2.5
EPSS
0.0%
CVE-2025-23272 MEDIUM This Month

NVIDIA nvJPEG library contains a vulnerability where an attacker can cause an out-of-bounds read by means of a specially crafted JPEG file. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Buffer Overflow Nvidia Information Disclosure
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-9353 MEDIUM This Month

The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 7.6.9 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-60020 MEDIUM This Month

nncp before 8.12.0 allows path traversal (for reading or writing) during freqing and file saving via a crafted path in packet data. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-39890 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event Currently, in ath12k_service_ready_ext_event(),. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-58241 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Disable works on hci_unregister_dev This make use of disable_work_* on hci_unregister_dev since the hci_dev is. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-58457 MEDIUM POC PATCH Monitor

Improper permission check in ZooKeeper AdminServer lets authorized clients to run snapshot and restore command with insufficient permissions.9.0 before 3.9.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apache Zookeeper Red Hat
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-41716 MEDIUM This Month

The web application allows an unauthenticated remote attacker to learn information about existing user accounts with their corresponding role due to missing authentication for critical function. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-41715 CRITICAL This Week

The database for the web application is exposed without authentication, allowing an unauthenticated remote attacker to gain unauthorized access and potentially compromise it. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-48459 MEDIUM PATCH GHSA This Month

Deserialization of Untrusted Data vulnerability in Apache IoTDB.0.0 before 2.0.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Apache Iotdb
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2025-48392 HIGH PATCH This Month

A vulnerability in Apache IoTDB.3.3 through 1.3.4, from 2.0.1-beta through 2.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apache Iotdb
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-58319 HIGH This Month

Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Cncsoft G2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-58317 HIGH This Month

Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Cncsoft G2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-59930 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-59929 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-59928 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-59927 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-59926 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-59925 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-59924 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-43819 MEDIUM PATCH This Month

A Insufficient Session Expiration vulnerability in the Liferay Portal 7.4.3.121 through 7.3.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.3, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-43779 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2024.Q1.1 through 2024.Q1.18 and 7.4 GA through update 92 allows a remote. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
6.9
EPSS
0.0%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy