{
"Source": "CVE FEED",
"Title": "CVE-2025-10946 - nuz007 smsboom dy.php cross site scripting",
"Content": "CVE ID : CVE-2025-10946
Published : Sept. 25, 2025, 1:02 p.m. | 26 minutes ago
Description : A vulnerability was detected in nuz007 smsboom up to 01b2f35bbbc23f3e0f60f38ca0e3d1b286f8d674. The affected element is an unknown function of the file dy.php. Performing manipulation of the argument hm results in cross site scripting. Remote exploitation of the attack is possible. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-10946 - nuz007 smsboom dy.php cross site scripting",
"Content": "CVE ID : CVE-2025-10946
Published : Sept. 25, 2025, 1:02 p.m. | 26 minutes ago
Description : A vulnerability was detected in nuz007 smsboom up to 01b2f35bbbc23f3e0f60f38ca0e3d1b286f8d674. The affected element is an unknown function of the file dy.php. Performing manipulation of the argument hm results in cross site scripting. Remote exploitation of the attack is possible. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-10449 - Path Traversal in Saysis Computer Systems' Saysis Web Portal",
"Content": "CVE ID : CVE-2025-10449
Published : Sept. 25, 2025, 12:39 p.m. | 48 minutes ago
Description : Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Saysis Computer Systems Trade Ltd. Co. Saysis Web Portal allows Path Traversal.This issue affects Saysis Web Portal: from 3.1.9 & 3.2.0 before 3.2.1.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-10449 - Path Traversal in Saysis Computer Systems' Saysis Web Portal",
"Content": "CVE ID : CVE-2025-10449
Published : Sept. 25, 2025, 12:39 p.m. | 48 minutes ago
Description : Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Saysis Computer Systems Trade Ltd. Co. Saysis Web Portal allows Path Traversal.This issue affects Saysis Web Portal: from 3.1.9 & 3.2.0 before 3.2.1.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-10945 - nuz007 smsboom d.php cross site scripting",
"Content": "CVE ID : CVE-2025-10945
Published : Sept. 25, 2025, 12:32 p.m. | 56 minutes ago
Description : A security vulnerability has been detected in nuz007 smsboom up to 01b2f35bbbc23f3e0f60f38ca0e3d1b286f8d674. Impacted is an unknown function of the file d.php. Such manipulation of the argument hm leads to cross site scripting. The attack may be launched remotely. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-10945 - nuz007 smsboom d.php cross site scripting",
"Content": "CVE ID : CVE-2025-10945
Published : Sept. 25, 2025, 12:32 p.m. | 56 minutes ago
Description : A security vulnerability has been detected in nuz007 smsboom up to 01b2f35bbbc23f3e0f60f38ca0e3d1b286f8d674. Impacted is an unknown function of the file d.php. Such manipulation of the argument hm leads to cross site scripting. The attack may be launched remotely. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-10944 - yi-ge get-header-ip ip.php cross site scripting",
"Content": "CVE ID : CVE-2025-10944
Published : Sept. 25, 2025, 12:32 p.m. | 56 minutes ago
Description : A weakness has been identified in yi-ge get-header-ip up to 589b23d0eb0043c310a6a13ce4bbe2505d0d0b15. This issue affects the function ip of the file ip.php. This manipulation of the argument callback causes cross site scripting. The attack may be initiated remotely. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-10944 - yi-ge get-header-ip ip.php cross site scripting",
"Content": "CVE ID : CVE-2025-10944
Published : Sept. 25, 2025, 12:32 p.m. | 56 minutes ago
Description : A weakness has been identified in yi-ge get-header-ip up to 589b23d0eb0043c310a6a13ce4bbe2505d0d0b15. This issue affects the function ip of the file ip.php. This manipulation of the argument callback causes cross site scripting. The attack may be initiated remotely. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-10943 - MikeCen WeChat-Face-Recognition wx.php valid cross site scripting",
"Content": "CVE ID : CVE-2025-10943
Published : Sept. 25, 2025, 12:15 p.m. | 1 hour, 12 minutes ago
Description : A security flaw has been discovered in MikeCen WeChat-Face-Recognition up to 6e3f72bf8547d80b59e330f1137e4aa505f492c1. This vulnerability affects the function valid of the file wx.php. The manipulation of the argument echostr results in cross site scripting. The attack can be launched remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-10943 - MikeCen WeChat-Face-Recognition wx.php valid cross site scripting",
"Content": "CVE ID : CVE-2025-10943
Published : Sept. 25, 2025, 12:15 p.m. | 1 hour, 12 minutes ago
Description : A security flaw has been discovered in MikeCen WeChat-Face-Recognition up to 6e3f72bf8547d80b59e330f1137e4aa505f492c1. This vulnerability affects the function valid of the file wx.php. The manipulation of the argument echostr results in cross site scripting. The attack can be launched remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-10957 - Unrestricted FTP Access Vulnerability in Syrotech Router",
"Content": "CVE ID : CVE-2025-10957
Published : Sept. 25, 2025, 12:15 p.m. | 1 hour, 12 minutes ago
Description : This vulnerability exists in the Syrotech SY-GPON-2010-WADONT router due to improper access control in its FTP service. A remote attacker could exploit this vulnerability by establishing an FTP connection using default credentials, potentially gaining unauthorized access to configuration files, user credentials, or other sensitive information stored on the targeted device.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-10957 - Unrestricted FTP Access Vulnerability in Syrotech Router",
"Content": "CVE ID : CVE-2025-10957
Published : Sept. 25, 2025, 12:15 p.m. | 1 hour, 12 minutes ago
Description : This vulnerability exists in the Syrotech SY-GPON-2010-WADONT router due to improper access control in its FTP service. A remote attacker could exploit this vulnerability by establishing an FTP connection using default credentials, potentially gaining unauthorized access to configuration files, user credentials, or other sensitive information stored on the targeted device.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-40698 - SQL injection vulnerability in Prevengos",
"Content": "CVE ID : CVE-2025-40698
Published : Sept. 25, 2025, 12:15 p.m. | 1 hour, 12 minutes ago
Description : SQL injection vulnerability in Prevengos v2.44 by Nedatec Consulting. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a POST request using the parameters “mpsCentroin”, “mpsEmpresa”, “mpsProyecto”, and “mpsContrata” in “/servicios/autorizaciones.asmx/mfsRecuperarListado”.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-40698 - SQL injection vulnerability in Prevengos",
"Content": "CVE ID : CVE-2025-40698
Published : Sept. 25, 2025, 12:15 p.m. | 1 hour, 12 minutes ago
Description : SQL injection vulnerability in Prevengos v2.44 by Nedatec Consulting. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a POST request using the parameters “mpsCentroin”, “mpsEmpresa”, “mpsProyecto”, and “mpsContrata” in “/servicios/autorizaciones.asmx/mfsRecuperarListado”.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-43943 - Dell Cloud Disaster Recovery OS Command Injection",
"Content": "CVE ID : CVE-2025-43943
Published : Sept. 25, 2025, 3:22 p.m. | 10 minutes ago
Description : Dell Cloud Disaster Recovery, version(s) prior to 19.20, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-43943 - Dell Cloud Disaster Recovery OS Command Injection",
"Content": "CVE ID : CVE-2025-43943
Published : Sept. 25, 2025, 3:22 p.m. | 10 minutes ago
Description : Dell Cloud Disaster Recovery, version(s) prior to 19.20, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-26333 - Dell Crypto-J Information Exposure Vulnerability",
"Content": "CVE ID : CVE-2025-26333
Published : Sept. 25, 2025, 3:16 p.m. | 16 minutes ago
Description : Dell Crypto-J generates an error message that includes sensitive information about its environment and associated data. A remote attacker could potentially exploit this vulnerability, leading to information exposure.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-26333 - Dell Crypto-J Information Exposure Vulnerability",
"Content": "CVE ID : CVE-2025-26333
Published : Sept. 25, 2025, 3:16 p.m. | 16 minutes ago
Description : Dell Crypto-J generates an error message that includes sensitive information about its environment and associated data. A remote attacker could potentially exploit this vulnerability, leading to information exposure.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-59832 - Horrila Stored XSS Vulnerability via Ticket Comment section",
"Content": "CVE ID : CVE-2025-59832
Published : Sept. 25, 2025, 3:16 p.m. | 16 minutes ago
Description : Horilla is a free and open source Human Resource Management System (HRMS). Prior to version 1.4.0, there is a stored XSS vulnerability in the ticket comment editor. A low-privilege authenticated user could run arbitrary JavaScript in an admin’s browser, exfiltrate the admin’s cookies/CSRF token, and hijack their session. This issue has been patched in version 1.4.0.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-59832 - Horrila Stored XSS Vulnerability via Ticket Comment section",
"Content": "CVE ID : CVE-2025-59832
Published : Sept. 25, 2025, 3:16 p.m. | 16 minutes ago
Description : Horilla is a free and open source Human Resource Management System (HRMS). Prior to version 1.4.0, there is a stored XSS vulnerability in the ticket comment editor. A low-privilege authenticated user could run arbitrary JavaScript in an admin’s browser, exfiltrate the admin’s cookies/CSRF token, and hijack their session. This issue has been patched in version 1.4.0.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-59838 - Monkeytype Vulnerable to Self-XSS on loading saved custom text",
"Content": "CVE ID : CVE-2025-59838
Published : Sept. 25, 2025, 3:16 p.m. | 16 minutes ago
Description : Monkeytype is a minimalistic and customizable typing test. In versions 25.36.0 and prior, improper handling of user input when loading a saved custom text results in XSS. This issue has been patched via commit f025b12.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-59838 - Monkeytype Vulnerable to Self-XSS on loading saved custom text",
"Content": "CVE ID : CVE-2025-59838
Published : Sept. 25, 2025, 3:16 p.m. | 16 minutes ago
Description : Monkeytype is a minimalistic and customizable typing test. In versions 25.36.0 and prior, improper handling of user input when loading a saved custom text results in XSS. This issue has been patched via commit f025b12.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-59823 - Gardner providers vulnerable to code injection when Terraformer is used for infrastructure provisioning",
"Content": "CVE ID : CVE-2025-59823
Published : Sept. 25, 2025, 3:16 p.m. | 16 minutes ago
Description : Project Gardener implements the automated management and operation of Kubernetes clusters as a service. Code injection may be possible in Gardener Extensions for AWS providers prior to version 1.64.0, Azure providers prior to version 1.55.0, OpenStack providers prior to version 1.49.0, and GCP providers prior to version 1.46.0. This vulnerability could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster where the shoot cluster is managed. This affects all Gardener installations where Terraformer is used/can be enabled for infrastructure provisioning with any of the affected components. This issue has been patched in Gardener Extensions for AWS providers version 1.64.0, Azure providers version 1.55.0, OpenStack providers version 1.49.0, and GCP providers version 1.46.0.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-59823 - Gardner providers vulnerable to code injection when Terraformer is used for infrastructure provisioning",
"Content": "CVE ID : CVE-2025-59823
Published : Sept. 25, 2025, 3:16 p.m. | 16 minutes ago
Description : Project Gardener implements the automated management and operation of Kubernetes clusters as a service. Code injection may be possible in Gardener Extensions for AWS providers prior to version 1.64.0, Azure providers prior to version 1.55.0, OpenStack providers prior to version 1.49.0, and GCP providers prior to version 1.46.0. This vulnerability could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster where the shoot cluster is managed. This affects all Gardener installations where Terraformer is used/can be enabled for infrastructure provisioning with any of the affected components. This issue has been patched in Gardener Extensions for AWS providers version 1.64.0, Azure providers version 1.55.0, OpenStack providers version 1.49.0, and GCP providers version 1.46.0.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-59830 - Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters",
"Content": "CVE ID : CVE-2025-59830
Published : Sept. 25, 2025, 3:16 p.m. | 16 minutes ago
Description : Rack is a modular Ruby web server interface. Prior to version 2.2.18, Rack::QueryParser enforces its params_limit only for parameters separated by &, while still splitting on both & and ;. As a result, attackers could use ; separators to bypass the parameter count limit and submit more parameters than intended. Applications or middleware that directly invoke Rack::QueryParser with its default configuration (no explicit delimiter) could be exposed to increased CPU and memory consumption. This can be abused as a limited denial-of-service vector. This issue has been patched in version 2.2.18.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-59830 - Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters",
"Content": "CVE ID : CVE-2025-59830
Published : Sept. 25, 2025, 3:16 p.m. | 16 minutes ago
Description : Rack is a modular Ruby web server interface. Prior to version 2.2.18, Rack::QueryParser enforces its params_limit only for parameters separated by &, while still splitting on both & and ;. As a result, attackers could use ; separators to bypass the parameter count limit and submit more parameters than intended. Applications or middleware that directly invoke Rack::QueryParser with its default configuration (no explicit delimiter) could be exposed to increased CPU and memory consumption. This can be abused as a limited denial-of-service vector. This issue has been patched in version 2.2.18.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-46148 - PyTorch PairwiseDistance Eager Evaluation Vulnerability",
"Content": "CVE ID : CVE-2025-46148
Published : Sept. 25, 2025, 3:16 p.m. | 16 minutes ago
Description : In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistance(p=2) produces incorrect results.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-46148 - PyTorch PairwiseDistance Eager Evaluation Vulnerability",
"Content": "CVE ID : CVE-2025-46148
Published : Sept. 25, 2025, 3:16 p.m. | 16 minutes ago
Description : In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistance(p=2) produces incorrect results.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-46149 - PyTorch Inductor nn.Fold Assertion Error",
"Content": "CVE ID : CVE-2025-46149
Published : Sept. 25, 2025, 3:16 p.m. | 16 minutes ago
Description : In PyTorch before 2.7.0, when inductor is used, nn.Fold has an assertion error.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-46149 - PyTorch Inductor nn.Fold Assertion Error",
"Content": "CVE ID : CVE-2025-46149
Published : Sept. 25, 2025, 3:16 p.m. | 16 minutes ago
Description : In PyTorch before 2.7.0, when inductor is used, nn.Fold has an assertion error.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-46150 - PyTorch FractionalMaxPool2d Inconsistent Results Vulnerability",
"Content": "CVE ID : CVE-2025-46150
Published : Sept. 25, 2025, 3:16 p.m. | 16 minutes ago
Description : In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool2d has inconsistent results.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-46150 - PyTorch FractionalMaxPool2d Inconsistent Results Vulnerability",
"Content": "CVE ID : CVE-2025-46150
Published : Sept. 25, 2025, 3:16 p.m. | 16 minutes ago
Description : In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool2d has inconsistent results.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-46152 - PyTorch Bitwise Right Shift Out-of-Bounds Information Disclosure",
"Content": "CVE ID : CVE-2025-46152
Published : Sept. 25, 2025, 3:16 p.m. | 16 minutes ago
Description : In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output for certain out-of-bounds values of the "other" argument.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-46152 - PyTorch Bitwise Right Shift Out-of-Bounds Information Disclosure",
"Content": "CVE ID : CVE-2025-46152
Published : Sept. 25, 2025, 3:16 p.m. | 16 minutes ago
Description : In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output for certain out-of-bounds values of the "other" argument.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-46153 - PyTorch Bernoulli Decomposition Inconsistency",
"Content": "CVE ID : CVE-2025-46153
Published : Sept. 25, 2025, 3:16 p.m. | 16 minutes ago
Description : PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallback_random=True.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-46153 - PyTorch Bernoulli Decomposition Inconsistency",
"Content": "CVE ID : CVE-2025-46153
Published : Sept. 25, 2025, 3:16 p.m. | 16 minutes ago
Description : PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallback_random=True.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-55551 - PyTorch torch.linalg.lu Denial of Service",
"Content": "CVE ID : CVE-2025-55551
Published : Sept. 25, 2025, 3:16 p.m. | 16 minutes ago
Description : An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-55551 - PyTorch torch.linalg.lu Denial of Service",
"Content": "CVE ID : CVE-2025-55551
Published : Sept. 25, 2025, 3:16 p.m. | 16 minutes ago
Description : An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-40836 - Ericsson Indoor Connect 8855 - Improper Input Validation Vulnerability",
"Content": "CVE ID : CVE-2025-40836
Published : Sept. 25, 2025, 3:16 p.m. | 16 minutes ago
Description : Ericsson
Indoor Connect 8855 contains an improper input validation vulnerability which if exploited can lead to loss of integrity and confidentiality, as well
as unauthorized disclosure and modification of
of user
and configuration data. It may also be possible to execute commands with escalated privileges, impact
service availability, as well as modify system files and configuration
data.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-40836 - Ericsson Indoor Connect 8855 - Improper Input Validation Vulnerability",
"Content": "CVE ID : CVE-2025-40836
Published : Sept. 25, 2025, 3:16 p.m. | 16 minutes ago
Description : Ericsson
Indoor Connect 8855 contains an improper input validation vulnerability which if exploited can lead to loss of integrity and confidentiality, as well
as unauthorized disclosure and modification of
of user
and configuration data. It may also be possible to execute commands with escalated privileges, impact
service availability, as well as modify system files and configuration
data.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-40837 - Ericsson Indoor Connect 8855 - Missing Authorization Vulnerability",
"Content": "CVE ID : CVE-2025-40837
Published : Sept. 25, 2025, 3:16 p.m. | 16 minutes ago
Description : Ericsson
Indoor Connect 8855 contains a missing authorization vulnerability which if
exploited can allow access to the system as a user with higher privileges than
intended.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-40837 - Ericsson Indoor Connect 8855 - Missing Authorization Vulnerability",
"Content": "CVE ID : CVE-2025-40837
Published : Sept. 25, 2025, 3:16 p.m. | 16 minutes ago
Description : Ericsson
Indoor Connect 8855 contains a missing authorization vulnerability which if
exploited can allow access to the system as a user with higher privileges than
intended.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹