7.8
CVE-2025-4125 - ISPSoft File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file.
7.8
CVE-2025-4124 - ISPSoft File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file.
7.8
CVE-2025-22884 - ISPSoft File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to execute arbitrary code when parsing DVP file.
7.8
CVE-2025-22883 - ISPSoft File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Delta Electronics ISPSoft version 3.20 is vulnerable to an Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing DVP file.
7.8
CVE-2025-22882 - ISPSoft File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to leverage debugging logic to execute arbitrary code when parsing CBDGL file.
4.9
CVE-2025-3471 - SureForms < 1.4.4 - Contributor+ Settings Update
The SureForms WordPress plugin before 1.4.4 does not have proper authorisation check when updating its settings via the REST API, which could allow Contributor and above roles to perform such action
6.5
CVE-2025-3953 - WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin <= 14.13.3 - Missing Authorizati…
The WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'optionUpdater' function in all versions up to, and including, 14.13.3. This makes it possible for authenticated at…
10
CVE-2025-32444 - vLLM Vulnerable to Remote Code Execution via Mooncake Integration
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.6.5 and prior to 0.8.5, having vLLM integration with mooncake, are vulnerable to remote code execution due to using pickle based serialization over unsecured ZeroMQ sockets. The vulnerable…
6.5
CVE-2025-46560 - vLLM phi4mm: Quadratic Time Complexity in Input Token Processing leads to denial of service
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.8.0 and prior to 0.8.5 are affected by a critical performance vulnerability in the input preprocessing logic of the multimodal tokenizer. The code dynamically replaces placeholder tokens (…
7.5
CVE-2025-30202 - Data exposure via ZeroMQ on multi-node vLLM deployment
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.5.2 and prior to 0.8.5 are vulnerable to denial of service and data exposure via ZeroMQ on multi-node vLLM deployment. In a multi-node vLLM deployment, vLLM uses ZeroMQ for some multi-node…