9
CVE-2025-30406 -
Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors (who know the machineKey) to serialize a payload for server-sideβ¦
6.5
CVE-2025-32052 - Libsoup: heap buffer overflow in sniff_unknown()
A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read.
5.9
CVE-2025-32050 - Libsoup: integer overflow in append_param_quoted
A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read.
5.1
CVE-2025-3123 - WonderCMS Theme Installation/Plugin Installation installUpdateModuleAction unrestricted upload
A vulnerability, which was classified as critical, has been found in WonderCMS 3.5.0. Affected by this issue is the function installUpdateModuleAction of the component Theme Installation/Plugin Installation. The manipulation leads to unrestricted upload. The attack may be launched remotely. The expβ¦
2.1
CVE-2025-3154 - Out-of-bounds array write due to invalid VerticesPerRow in Xpdf 4.05
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid VerticesPerRow value in a PDF shading dictionary.
6.3
CVE-2025-0257 - HCL DevOps Deploy / HCL Launch is susceptible to unauthorized access to other services
HCL DevOps Deploy / HCL Launch could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service.
2.3
CVE-2025-3122 - WebAssembly wabt binary-reader-interp.cc BeginFunctionBody null pointer dereference
A vulnerability classified as problematic was found in WebAssembly wabt 1.0.36. Affected by this vulnerability is the function BinaryReaderInterp::BeginFunctionBody of the file src/interp/binary-reader-interp.cc. The manipulation leads to null pointer dereference. The attack can be launched remotelβ¦
4.8
CVE-2025-3121 - PyTorch torch.jit.jit_module_from_flatbuffer memory corruption
A vulnerability classified as problematic has been found in PyTorch 2.6.0. Affected is the function torch.jit.jit_module_from_flatbuffer. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
9.3
CVE-2025-31484 - conda-forge infrastructure uses a bad token for Azure's cf-staging access
conda-forge infrastructure holds common configurations and settings for key pieces of the conda-forge infrastructure. Between 2025-02-10 and 2025-04-01, conda-forge infrastructure used the wrong token for Azure's cf-staging access. This bug meant that any feedstock maintainer could upload a packageβ¦
5.3
CVE-2025-3120 - SourceCodester Apartment Visitors Management System add-apartment.php sql injection
A vulnerability was found in SourceCodester Apartment Visitors Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /add-apartment.php. The manipulation of the argument apartmentno leads to sql injection. The attack may be initiated remotely. β¦