3.7
CVE-2025-48946 - liboqs affected by theoretical design flaw in HQC
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. liboqs prior to version 0.13.0 supports the HQC algorithm, an algorithm with a theoretical design flaw which leads to large numbers of malformed ciphertexts sharing the same implicit β¦
6.9
CVE-2025-2503 -
An improper permission handling vulnerability was reported in Lenovo PC Manager that could allow a local attacker to perform arbitrary file deletions as an elevated user.
8.5
CVE-2025-2502 -
An improper default permissions vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges.
8.5
CVE-2025-2501 -
An untrusted search path vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges.
4.8
CVE-2025-1479 -
An open debug interface was reported in the Legion Space software included on certain Legion devices that could allow a local attacker to execute arbitrary code.
5.3
CVE-2025-48883 - Chrome PHP is missing encoding in `CssSelector`
Chrome PHP allows users to start playing with chrome/chromium in headless mode from PHP. Prior to version 1.14.0, CSS Selector expressions are not properly encoded, which can lead to XSS (cross-site scripting) vulnerabilities. This is patched in v1.14.0. As a workaround, users can apply encoding maβ¦
2.6
CVE-2025-48938 - Prevent GitHub CLI and extensions from executing arbitrary commands from compromised GitHub Enterprβ¦
go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has been identified in versions prior to 2.12.1 where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands on a user's machine by replacing HTTP URLs β¦
5.7
CVE-2025-48885 - application-urlshortener users can create arbitrary pages as long as they have view access to them
application-urlshortener create shortened URLs for XWiki pages. Versions prior to 1.2.4 are vulnerable to users with view access being able to create arbitrary pages. Any user (even guests) can create these docs, even if they don't exist already. This can enable guest users to denature the structurβ¦
6.5
CVE-2025-48944 - vLLM Tool Schema allows DoS via Malformed pattern and type Fields
vLLM is an inference and serving engine for large language models (LLMs). In version 0.8.0 up to but excluding 0.9.0, the vLLM backend used with the /v1/chat/completions OpenAPI endpoint fails to validate unexpected or malformed input in the "pattern" and "type" fields when the tools functionality β¦
6.5
CVE-2025-48943 - vLLM allows clients to crash the openai server with invalid regex
vLLM is an inference and serving engine for large language models (LLMs). Version 0.8.0 up to but excluding 0.9.0 have a Denial of Service (ReDoS) that causes the vLLM server to crash if an invalid regex was provided while using structured output. This vulnerability is similar to GHSA-6qc9-v4r8-22xβ¦