7.5

CVSS3.1

CVE-2025-65886 -

A shape mismatch vulnerability in OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via supplying crafted tensor shapes.

πŸ“… Published: Jan. 28, 2026, midnight πŸ”„ Last Modified: Feb. 3, 2026, 6 p.m.

7.8

CVSS3.1

CVE-2025-57283 - browserstack-local: OS command injection in the logfile variable in lib/Local.js

The Node.js package browserstack-local 1.5.8 contains a command injection vulnerability. This occurs because the logfile variable is not properly sanitized in lib/Local.js.

πŸ“… Published: Jan. 28, 2026, midnight πŸ”„ Last Modified: Feb. 9, 2026, 7:17 p.m.

8.8

CVSS3.1

CVE-2025-69517 -

An HTML injection vulnerability in Amidaware Inc Tactical RMM v1.3.1 and earlier allows authenticated users to inject arbitrary HTML content during the creation of a new agent via the POST /api/v3/newagent/ endpoint. The agent_id parameter accepts up to 255 characters and is improperly sanitized us…

πŸ“… Published: Jan. 28, 2026, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.8

CVSS3.1

CVE-2026-1539 - Libsoup: libsoup: credential leakage via http redirects

A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different h…

πŸ“… Published: Jan. 28, 2026, midnight πŸ”„ Last Modified: April 16, 2026, 7:15 a.m.

5.8

CVSS3.1

CVE-2026-1536 - Libsoup: libsoup: http header injection or response splitting via crlf injection in content-disposi…

A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF (Carriage Return Line Feed) sequences into the header value. These sequences are then interpreted verbatim when the HTTP request or response is constructed, allowing arbitrary HTTP …

πŸ“… Published: Jan. 28, 2026, midnight πŸ”„ Last Modified: April 18, 2026, 1:45 a.m.

6.5

CVSS3.1

CVE-2025-65887 -

A division-by-zero vulnerability in the flow.floor_divide() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input tensor with zero.

πŸ“… Published: Jan. 28, 2026, midnight πŸ”„ Last Modified: Feb. 28, 2026, 4:16 a.m.

7.5

CVSS3.1

CVE-2025-71003 -

An input validation vulnerability in the flow.arange() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.

πŸ“… Published: Jan. 28, 2026, midnight πŸ”„ Last Modified: Feb. 3, 2026, 4:54 p.m.

6.5

CVSS3.1

CVE-2025-71002 -

A floating-point exception (FPE) in the flow.column_stack component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.

πŸ“… Published: Jan. 28, 2026, midnight πŸ”„ Last Modified: Feb. 3, 2026, 4:56 p.m.

7.5

CVSS3.1

CVE-2025-70999 -

A GPU device-ID validation flaw in the flow.cuda.get_device_capability() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted device ID.

πŸ“… Published: Jan. 28, 2026, midnight πŸ”„ Last Modified: Feb. 3, 2026, 5:51 p.m.

4.8

CVSS3.1

CVE-2025-70336 -

A Stored cross-site scripting (XSS) vulnerability in 'Create New Live Item' in PodcastGenerator 3.2.9 allows remote attackers to inject arbitrary script or HTML via the 'TITLE', 'SHORT DESCRIPTION' and 'LONG DESCRIPTION' parameters. The saved payload gets executed on 'View All Live Items' and 'Live…

πŸ“… Published: Jan. 28, 2026, midnight πŸ”„ Last Modified: Feb. 9, 2026, 6:50 p.m.
Total resulsts: 349182
Page 1919 of 34,919
Β« previous page Β» next page
Filters