CVE-2025-36601 - Dell PowerScale OneFS Sensitive Information Disclosure Vulnerability
CVE ID : CVE-2025-36601
Published : Sept. 25, 2025, 2:54 p.m. | 28 minutes ago
Description : Dell PowerScale OneFS, versions 9.5.0.0 through 9.11.0.0, contains an exposure of sensitive information to an unauthorized actor vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to Information disclosure.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-36601
Published : Sept. 25, 2025, 2:54 p.m. | 28 minutes ago
Description : Dell PowerScale OneFS, versions 9.5.0.0 through 9.11.0.0, contains an exposure of sensitive information to an unauthorized actor vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to Information disclosure.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10951 - geyang ml-logger server.py log_handler path traversal
CVE ID : CVE-2025-10951
Published : Sept. 25, 2025, 3:02 p.m. | 21 minutes ago
Description : A vulnerability was identified in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected by this vulnerability is the function log_handler of the file ml_logger/server.py. Such manipulation of the argument File leads to path traversal. It is possible to launch the attack remotely. The exploit is publicly available and might be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10951
Published : Sept. 25, 2025, 3:02 p.m. | 21 minutes ago
Description : A vulnerability was identified in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected by this vulnerability is the function log_handler of the file ml_logger/server.py. Such manipulation of the argument File leads to path traversal. It is possible to launch the attack remotely. The exploit is publicly available and might be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55552 - PyTorch Unexpected Behavior in torch.rot90 and torch.randn_like
CVE ID : CVE-2025-55552
Published : Sept. 25, 2025, 4:15 p.m. | 3 hours, 8 minutes ago
Description : pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55552
Published : Sept. 25, 2025, 4:15 p.m. | 3 hours, 8 minutes ago
Description : pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55553 - PyTorch Denial of Service (DoS)
CVE ID : CVE-2025-55553
Published : Sept. 25, 2025, 4:15 p.m. | 3 hours, 8 minutes ago
Description : A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55553
Published : Sept. 25, 2025, 4:15 p.m. | 3 hours, 8 minutes ago
Description : A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55554 - PyTorch Integer Overflow Vulnerability in torch.nan_to_num-.long()
CVE ID : CVE-2025-55554
Published : Sept. 25, 2025, 4:15 p.m. | 3 hours, 8 minutes ago
Description : pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55554
Published : Sept. 25, 2025, 4:15 p.m. | 3 hours, 8 minutes ago
Description : pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55556 - TensorFlow Embedding Random Output Vulnerability
CVE ID : CVE-2025-55556
Published : Sept. 25, 2025, 4:15 p.m. | 3 hours, 8 minutes ago
Description : TensorFlow v2.18.0 was discovered to output random results when compiling Embedding, leading to unexpected behavior in the application.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55556
Published : Sept. 25, 2025, 4:15 p.m. | 3 hours, 8 minutes ago
Description : TensorFlow v2.18.0 was discovered to output random results when compiling Embedding, leading to unexpected behavior in the application.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55557 - PyTorch Inductor Cummin Name Error Denial of Service
CVE ID : CVE-2025-55557
Published : Sept. 25, 2025, 4:15 p.m. | 3 hours, 8 minutes ago
Description : A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55557
Published : Sept. 25, 2025, 4:15 p.m. | 3 hours, 8 minutes ago
Description : A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55558 - PyTorch Denial of Service Buffer Overflow
CVE ID : CVE-2025-55558
Published : Sept. 25, 2025, 4:15 p.m. | 3 hours, 8 minutes ago
Description : A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a Denial of Service (DoS).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55558
Published : Sept. 25, 2025, 4:15 p.m. | 3 hours, 8 minutes ago
Description : A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a Denial of Service (DoS).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55559 - TensorFlow Conv2D Padding Valid Denial of Service
CVE ID : CVE-2025-55559
Published : Sept. 25, 2025, 4:15 p.m. | 3 hours, 8 minutes ago
Description : An issue was discovered TensorFlow v2.18.0. A Denial of Service (DoS) occurs when padding is set to 'valid' in tf.keras.layers.Conv2D.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55559
Published : Sept. 25, 2025, 4:15 p.m. | 3 hours, 8 minutes ago
Description : An issue was discovered TensorFlow v2.18.0. A Denial of Service (DoS) occurs when padding is set to 'valid' in tf.keras.layers.Conv2D.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55560 - Apache PyTorch Denial of Service
CVE ID : CVE-2025-55560
Published : Sept. 25, 2025, 4:15 p.m. | 3 hours, 8 minutes ago
Description : An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55560
Published : Sept. 25, 2025, 4:15 p.m. | 3 hours, 8 minutes ago
Description : An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57446 - O-RAN Near Realtime RIC ric-plt-submgr J-Release Denial of Service
CVE ID : CVE-2025-57446
Published : Sept. 25, 2025, 4:15 p.m. | 3 hours, 8 minutes ago
Description : An issue in O-RAN Near Realtime RIC ric-plt-submgr in the J-Release environment, allows remote attackers to cause a denial of service (DoS) via a crafted request to the Subscription Manager API component.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57446
Published : Sept. 25, 2025, 4:15 p.m. | 3 hours, 8 minutes ago
Description : An issue in O-RAN Near Realtime RIC ric-plt-submgr in the J-Release environment, allows remote attackers to cause a denial of service (DoS) via a crafted request to the Subscription Manager API component.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59841 - FlagForgeCTF's Improper Session Handling Allows Access After Logout
CVE ID : CVE-2025-59841
Published : Sept. 25, 2025, 4:15 p.m. | 3 hours, 8 minutes ago
Description : Flag Forge is a Capture The Flag (CTF) platform. In versions from 2.2.0 to before 2.3.1, the FlagForge web application improperly handles session invalidation. Authenticated users can continue to access protected endpoints, such as /api/profile, even after logging out. CSRF tokens are also still valid post-logout, which can allow unauthorized actions. This issue has been patched in version 2.3.1.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59841
Published : Sept. 25, 2025, 4:15 p.m. | 3 hours, 8 minutes ago
Description : Flag Forge is a Capture The Flag (CTF) platform. In versions from 2.2.0 to before 2.3.1, the FlagForge web application improperly handles session invalidation. Authenticated users can continue to access protected endpoints, such as /api/profile, even after logging out. CSRF tokens are also still valid post-logout, which can allow unauthorized actions. This issue has been patched in version 2.3.1.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60018 - Glib-networking: out of bound reads on glib-networking through tls/openssl/gtlscertificate-openssl.c via "g_tls_certificate_openssl_get_property()"
CVE ID : CVE-2025-60018
Published : Sept. 25, 2025, 4:15 p.m. | 3 hours, 8 minutes ago
Description : glib-networking's OpenSSL backend fails to properly check the return value of a call to BIO_write(), resulting in an out of bounds read.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60018
Published : Sept. 25, 2025, 4:15 p.m. | 3 hours, 8 minutes ago
Description : glib-networking's OpenSSL backend fails to properly check the return value of a call to BIO_write(), resulting in an out of bounds read.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60019 - Glib-networking: uninitialized memory dereferences on glib-networking through glib-networking/tls/openssl/gtlsbio.c via g_tls_bio_new_from_iostream() and g_tls_bio_new_from_datagram_based()
CVE ID : CVE-2025-60019
Published : Sept. 25, 2025, 4:15 p.m. | 3 hours, 8 minutes ago
Description : glib-networking's OpenSSL backend fails to properly check the return value of memory allocation routines. An out of memory condition could potentially result in writing to an invalid memory location.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60019
Published : Sept. 25, 2025, 4:15 p.m. | 3 hours, 8 minutes ago
Description : glib-networking's OpenSSL backend fails to properly check the return value of memory allocation routines. An out of memory condition could potentially result in writing to an invalid memory location.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10879 - Insufficiently Protected Credentials in Dingtian DT-R002
CVE ID : CVE-2025-10879
Published : Sept. 25, 2025, 5:15 p.m. | 2 hours, 8 minutes ago
Description : All versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials vulnerability that could allow an attacker to retrieve the current user's username without authentication.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10879
Published : Sept. 25, 2025, 5:15 p.m. | 2 hours, 8 minutes ago
Description : All versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials vulnerability that could allow an attacker to retrieve the current user's username without authentication.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10880 - Insufficiently Protected Credentials in Dingtian DT-R002
CVE ID : CVE-2025-10880
Published : Sept. 25, 2025, 5:15 p.m. | 2 hours, 8 minutes ago
Description : All versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials vulnerability that could allow an attacker to extract the proprietary "Dingtian Binary" protocol password by sending an unauthenticated GET request.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10880
Published : Sept. 25, 2025, 5:15 p.m. | 2 hours, 8 minutes ago
Description : All versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials vulnerability that could allow an attacker to extract the proprietary "Dingtian Binary" protocol password by sending an unauthenticated GET request.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34227 - Nagios XI < 2026R1 Configuration Wizard Authenticated Command Injection
CVE ID : CVE-2025-34227
Published : Sept. 25, 2025, 5:15 p.m. | 2 hours, 8 minutes ago
Description : Nagios XI < 2026R1 is vulnerable to an authenticated command injection vulnerability within the MongoDB Database, MySQL Query, MySQL Server, Postgres Server, and Postgres Query wizards. It is possible to inject shell characters into arguments provided to the service and execute arbitrary system commands on the underlying host as the `nagios` user.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34227
Published : Sept. 25, 2025, 5:15 p.m. | 2 hours, 8 minutes ago
Description : Nagios XI < 2026R1 is vulnerable to an authenticated command injection vulnerability within the MongoDB Database, MySQL Query, MySQL Server, Postgres Server, and Postgres Query wizards. It is possible to inject shell characters into arguments provided to the service and execute arbitrary system commands on the underlying host as the `nagios` user.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10958 - Wavlink NU516U1 AddMac wireless.cgi sub_403010 command injection
CVE ID : CVE-2025-10958
Published : Sept. 25, 2025, 6:15 p.m. | 1 hour, 8 minutes ago
Description : A flaw has been found in Wavlink NU516U1 M16U1_V240425. Impacted is the function sub_403010 of the file /cgi-bin/wireless.cgi of the component AddMac Page. This manipulation of the argument macAddr causes command injection. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10958
Published : Sept. 25, 2025, 6:15 p.m. | 1 hour, 8 minutes ago
Description : A flaw has been found in Wavlink NU516U1 M16U1_V240425. Impacted is the function sub_403010 of the file /cgi-bin/wireless.cgi of the component AddMac Page. This manipulation of the argument macAddr causes command injection. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10959 - Wavlink NU516U1 firewall.cgi sub_401778 command injection
CVE ID : CVE-2025-10959
Published : Sept. 25, 2025, 6:15 p.m. | 1 hour, 8 minutes ago
Description : A vulnerability has been found in Wavlink NU516U1 M16U1_V240425. The affected element is the function sub_401778 of the file /cgi-bin/firewall.cgi. Such manipulation of the argument dmz_flag leads to command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10959
Published : Sept. 25, 2025, 6:15 p.m. | 1 hour, 8 minutes ago
Description : A vulnerability has been found in Wavlink NU516U1 M16U1_V240425. The affected element is the function sub_401778 of the file /cgi-bin/firewall.cgi. Such manipulation of the argument dmz_flag leads to command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10960 - Wavlink NU516U1 DeleteMac wireless.cgi sub_402D1C command injection
CVE ID : CVE-2025-10960
Published : Sept. 25, 2025, 6:15 p.m. | 1 hour, 8 minutes ago
Description : A vulnerability was found in Wavlink NU516U1 M16U1_V240425. The impacted element is the function sub_402D1C of the file /cgi-bin/wireless.cgi of the component DeleteMac Page. Performing manipulation of the argument delete_list results in command injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10960
Published : Sept. 25, 2025, 6:15 p.m. | 1 hour, 8 minutes ago
Description : A vulnerability was found in Wavlink NU516U1 M16U1_V240425. The impacted element is the function sub_402D1C of the file /cgi-bin/wireless.cgi of the component DeleteMac Page. Performing manipulation of the argument delete_list results in command injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10961 - Wavlink NU516U1 Delete_Mac_list wireless.cgi sub_4030C0 command injection
CVE ID : CVE-2025-10961
Published : Sept. 25, 2025, 6:15 p.m. | 1 hour, 8 minutes ago
Description : A vulnerability was determined in Wavlink NU516U1 M16U1_V240425. This affects the function sub_4030C0 of the file /cgi-bin/wireless.cgi of the component Delete_Mac_list Page. Executing manipulation of the argument delete_list can lead to command injection. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10961
Published : Sept. 25, 2025, 6:15 p.m. | 1 hour, 8 minutes ago
Description : A vulnerability was determined in Wavlink NU516U1 M16U1_V240425. This affects the function sub_4030C0 of the file /cgi-bin/wireless.cgi of the component Delete_Mac_list Page. Executing manipulation of the argument delete_list can lead to command injection. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...