7.5

CVSS3.1

CVE-2025-6921 - Regular Expression Denial of Service (ReDoS) in huggingface/transformers

The huggingface/transformers library, versions prior to 4.53.0, is vulnerable to Regular Expression Denial of Service (ReDoS) in the AdamWeightDecay optimizer. The vulnerability arises from the _do_use_weight_decay method, which processes user-controlled regular expressions in the include_in_weight…

📅 Published: Sept. 23, 2025, 1:56 p.m. 🔄 Last Modified: Oct. 10, 2025, 9:31 p.m.

7.8

CVSS3.1

CVE-2025-8354 - RFA File Parsing Type Confusion Vulnerability

A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Type Confusion vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

📅 Published: Sept. 23, 2025, 1:20 p.m. 🔄 Last Modified: Feb. 26, 2026, 5:48 p.m.

8.8

CVSS3.1

CVE-2025-9844 -

Uncontrolled Search Path Element vulnerability in Salesforce Salesforce CLI on Windows allows Replace Trusted Executable.This issue affects Salesforce CLI: before 2.106.6.

📅 Published: Sept. 23, 2025, 1:11 p.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

8.2

CVSS4.0

CVE-2025-10184 - OnePlus OxygenOS Telephony provider permission bypass

The vulnerability allows any application installed on the device to read SMS/MMS data and metadata from the system-provided Telephony provider without permission, user interaction, or consent. The user is also not notified that SMS data is being accessed. This could lead to sensitive information di…

📅 Published: Sept. 23, 2025, 1:02 p.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

0.0