7.5

CVSS3.1

CVE-2025-6638 - Regular Expression Denial of Service (ReDoS) in huggingface/transformers

A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically affecting the MarianTokenizer's `remove_language_code()` method. This vulnerability is present in version 4.52.4 and has been fixed in version 4.53.0. The issue arises โ€ฆ

๐Ÿ“… Published: Sept. 12, 2025, 10:46 a.m. ๐Ÿ”„ Last Modified: Oct. 21, 2025, 1:33 p.m.

7.5

CVSS4.0

CVE-2025-27240 - Secondary-order SQL injection in Zabbix Server when deleting an autoregistered host

A Zabbix adminitrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the 'Visible name' field.

๐Ÿ“… Published: Sept. 12, 2025, 10:33 a.m. ๐Ÿ”„ Last Modified: Feb. 26, 2026, 5:48 p.m.

2.1

CVSS4.0

CVE-2025-27238 - API hostprototype.get lists data to users with insufficient authorization.

Due to a bug in Zabbix API, the hostprototype.get method lists all host prototypes to users that do not have any user groups assigned to them.

๐Ÿ“… Published: Sept. 12, 2025, 10:33 a.m. ๐Ÿ”„ Last Modified: Oct. 8, 2025, 2:53 p.m.

5.7

CVSS4.0

CVE-2025-27233 - Zabbix Agent 2 smartctl plugin argument injection in Zabbix 6.0 and later.

Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. This can be used to leak the NTLMv2 hash from a Windows system.

๐Ÿ“… Published: Sept. 12, 2025, 10:32 a.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

7.3

CVSS4.0

CVE-2025-27234 - Zabbix Agent 2 smartctl plugin RCE vulnerability in Zabbix 5.0.

Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. In Zabbix 5.0 this allows for remote code execution.

๐Ÿ“… Published: Sept. 12, 2025, 10:31 a.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.9

CVSS4.0

CVE-2025-10267 - NewType Infortech๏ฝœNUP Portal - Missing Authentication

NUP Portal developed by NewType Infortech has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly upload files. If the attacker manages to bypass the file extension restrictions, they could upload a webshell and execute it on the server side.

๐Ÿ“… Published: Sept. 12, 2025, 10:24 a.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

9.3

CVSS4.0

CVE-2025-10266 - NewType Infortech๏ฝœNUP Portal - SQL Injection

NUP Pro developed by NewType Infortech has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

๐Ÿ“… Published: Sept. 12, 2025, 10:19 a.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

8.7

CVSS4.0

CVE-2025-10265 - Digiever๏ฝœNVR - OS Command Injection

Certain models of NVR developed by Digiever has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.

๐Ÿ“… Published: Sept. 12, 2025, 10:15 a.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

10

CVSS4.0

CVE-2025-10264 - Digiever๏ฝœNVR - Exposure of Sensitive Information

Certain models of NVR developed by Digiever has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remoter attackers to access the system configuration file and obtain plaintext credentials of the NVR and its connected cameras.

๐Ÿ“… Published: Sept. 12, 2025, 10:06 a.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

8.6

CVSS4.0

CVE-2025-7448 - Man in the middle (MitM) attack vulnerability in Wi-SUN library

Wi-SUN unexpected 4- Way Handshake packet receptions may lead to predictable keys and potentially leading to Man in the middle (MitM) attack

๐Ÿ“… Published: Sept. 12, 2025, 9:11 a.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.
Total resulsts: 349182
Page 3892 of 34,919
ยซ previous page ยป next page
Filters