Aggregator

A vulnerability has been found in HumanSignal label-studio-ml-backend up to 9fb7f4aa186612806af2becfb621f6ed8d9fdbaf and classified as problematic. Affected by this vulnerability is the function load of the file label-studio-ml-backend/label_studio_ml/examples/yolo/utils/neural_nets.py of the component PT File Handler. The manipulation of the argument path leads to deserialization. This vulnerability is known as CVE-2025-5173. An attack has to be approached locally. There is no exploit available. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

A vulnerability, which was classified as critical, was found in Econtrata up to 20250516. Affected is an unknown function of the file /valida. The manipulation of the argument usuario leads to sql injection. This vulnerability is traded as CVE-2025-5172. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #578126 / VDB-310261

Submit #579248 / VDB-310260

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Sarcoma Ransomware Unveiled: Anatomy of a Double Extortion Gang RVTools Bumblebee Malware Attack – How a Trusted IT Tool Became a Malware Delivery Vector   Malicious ‘Checker’ Packages on PyPI Probe TikTok and Instagram for Valid Accounts […]

A vulnerability, which was classified as critical, has been found in llisoft MTA Maita Training System 4.5. This issue affects the function this.fileService.download of the file com\llisoft\controller\OpenController.java. The manipulation of the argument url leads to unrestricted upload. The identification of this vulnerability is CVE-2025-5171. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical was found in llisoft MTA Maita Training System 4.5. This vulnerability affects the function AdminShitiListRequestVo of the file com\llisoft\controller\admin\shiti\AdminShitiController.java. The manipulation of the argument stTypeIds leads to sql injection. This vulnerability was named CVE-2025-5170. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #579088 / VDB-310259

Submit #579069 / VDB-310258

A vulnerability classified as problematic has been found in Open Asset Import Library Assimp 5.4.3. This affects the function MDLImporter::InternReadFile_3DGS_MDL345 of the file assimp/code/AssetLib/MDL/MDLLoader.cpp. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2025-5169. Local access is required to approach this attack. Furthermore, there is an exploit available. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been rated as problematic. Affected by this issue is the function MDLImporter::ImportUVCoordinate_3DGS_MDL345 of the file assimp/code/AssetLib/MDL/MDLLoader.cpp. The manipulation of the argument iIndex leads to out-of-bounds read. This vulnerability is handled as CVE-2025-5168. An attack has to be approached locally. Furthermore, there is an exploit available. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been declared as problematic. Affected by this vulnerability is the function LWOImporter::GetS0 in the library assimp/code/AssetLib/LWO/LWOLoader.h. The manipulation of the argument out leads to out-of-bounds read. This vulnerability is known as CVE-2025-5167. The attack needs to be approached locally. Furthermore, there is an exploit available. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been classified as problematic. Affected is the function MDCImporter::InternReadFile of the file assimp/code/AssetLib/MDC/MDCLoader.cpp of the component MDC File Parser. The manipulation of the argument pcVerts leads to out-of-bounds read. This vulnerability is traded as CVE-2025-5166. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function MDCImporter::ValidateSurfaceHeader of the file assimp/code/AssetLib/MDC/MDCLoader.cpp. The manipulation of the argument pcSurface2 leads to out-of-bounds read. The identification of this vulnerability is CVE-2025-5165. Attacking locally is a requirement. Furthermore, there is an exploit available. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

Submit #578004 / VDB-310257

Submit #578003 / VDB-310256

Submit #578002 / VDB-310255

Submit #578001 / VDB-310254

Submit #578000 / VDB-310253