Aggregator

A vulnerability classified as problematic was found in WebAssembly wabt 1.0.36. Affected by this vulnerability is the function BinaryReaderInterp::BeginFunctionBody of the file src/interp/binary-reader-interp.cc. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2025-3122. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic has been found in PyTorch 2.6.0. Affected is the function torch.jit.jit_module_from_flatbuffer. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2025-3121. Local access is required to approach this attack. Furthermore, there is an exploit available.

A vulnerability was found in SourceCodester Apartment Visitors Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /add-apartment.php. The manipulation of the argument apartmentno leads to sql injection. The identification of this vulnerability is CVE-2025-3120. The attack may be initiated remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.

A vulnerability was found in SourceCodester Online Tutor Portal 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /tutor/courses/manage_course.php. The manipulation of the argument ID leads to sql injection. This vulnerability was named CVE-2025-3119. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in SourceCodester Online Tutor Portal 1.0. It has been classified as critical. This affects an unknown part of the file /tutor/courses/view_course.php. The manipulation of the argument ID leads to sql injection. This vulnerability is uniquely identified as CVE-2025-3118. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Submit #525091 / VDB-303013

The Travelers Companies announced Travelers Cyber Risk Services, a suite of capabilities added to all cyber liability policies designed to help lower both the risk of a cyberattack and the cost to recover from one. In addition to always-on threat monitoring and tailored alerts, key benefits of Travelers Cyber Risk Services include: Cyber Risk Dashboard: This 24/7 tool gives consumers the ability to monitor risks and track progress over time, view customized recommendations ranked by … More →

The post Travelers Cyber Risk Services reduces the risk of a cyberattack appeared first on Help Net Security.

Submit #525049 / VDB-303012

Submit #524991 / VDB-303011

Submit #524990 / VDB-303010

Submit #524985 / VDB-303009

A vulnerability was found in HACHI Crypt::Salt 0.01 on Perl and classified as problematic. Affected by this issue is the function rand. The manipulation leads to cryptographically weak prng. This vulnerability is handled as CVE-2025-1805. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Django up to 5.0.13/5.1.7 on Windows and classified as problematic. Affected by this vulnerability is the function django.contrib.auth.views.LoginView/django.contrib.auth.views.LogoutView/django.views.i18n.set_language of the component Normalization Handler. The manipulation leads to allocation of resources. This vulnerability is known as CVE-2025-27556. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in SquirrelMail up to 1.4.23-svn-20250401/1.5.2-svn-20250401. Affected is an unknown function of the file mime.php of the component E-Mail Header Handler. The manipulation of the argument encoded leads to cross site scripting. This vulnerability is traded as CVE-2025-30090. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.13.7. This issue affects some unknown processing of the file fs/netfs/read_collect. The manipulation of the argument prev_donated leads to denial of service. The identification of this vulnerability is CVE-2025-21988. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 6.1.131/6.6.83/6.12.19/6.13.7. This vulnerability affects the function ibft_attr_show_nic of the file /sys/firmware/ibft/ethernetX/subnet-mask of the component iSCSI boot. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2025-21993. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.12.19/6.13.7. This affects the function dce60_tg_funcs of the component AMD Display. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2025-21989. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.17/6.13.5. It has been rated as problematic. Affected by this issue is the function amdgpu_ttm_clear_buffer of the component AMD GPU. The manipulation leads to uninitialized pointer. This vulnerability is handled as CVE-2025-21987. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.131/6.6.83/6.12.19/6.13.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component HID. The manipulation leads to denial of service. This vulnerability is known as CVE-2025-21992. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.131/6.6.83/6.12.19/6.13.7. It has been classified as problematic. Affected is the function load_microcode_amd. The manipulation leads to improper validation of array index. This vulnerability is traded as CVE-2025-21991. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.