9.8
CVE-2025-23310 -
NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause stack buffer overflow by specially crafted inputs. A successful exploit of this vulnerability might lead to remote code execution, denial of service, information disclosure, and data tamperinβ¦
5.3
CVE-2025-5197 - Regular Expression Denial of Service (ReDoS) in huggingface/transformers
A Regular Expression Denial of Service (ReDoS) vulnerability exists in the Hugging Face Transformers library, specifically in the `convert_tf_weight_name_to_pt_weight_name()` function. This function, responsible for converting TensorFlow weight names to PyTorch format, uses a regex pattern `/[^/]*_β¦
6.5
CVE-2025-46391 -
CWE-284: Improper Access Control
7.5
CVE-2025-46390 -
CWE-204: Observable Response Discrepancy
6.5
CVE-2025-46389 -
CWE-620: Unverified Password Change
4.3
CVE-2025-46388 -
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
8.8
CVE-2025-46387 -
CWE-639 Authorization Bypass Through User-Controlled Key
8.8
CVE-2025-46386 -
CWE-639 Authorization Bypass Through User-Controlled Key
6.5
CVE-2025-6013 - Vault LDAP MFA Enforcement Bypass When Using Username As Alias
Vault and Vault Enterpriseβs (βVaultβ) ldap auth method may not have correctly enforced MFA if username_as_alias was set to true and a user had multiple CNs that are equal but with leading or trailing spaces. Fixed in Vault Community Edition 1.20.2 and Vault Enterprise 1.20.2, 1.19.8, 1.18.13, and β¦
9.3
CVE-2025-22470 -
CL4/6NX Plus and CL4/6NX-J Plus (Japan model) with the firmware versions prior to 1.15.5-r1 allow crafted dangerous files to be uploaded. An arbitrary Lua script may be executed on the system with the root privilege.