8.5
CVE-2025-2502 -
An improper default permissions vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges.
8.5
CVE-2025-2501 -
An untrusted search path vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges.
4.8
CVE-2025-1479 -
An open debug interface was reported in the Legion Space software included on certain Legion devices that could allow a local attacker to execute arbitrary code.
5.3
CVE-2025-48883 - Chrome PHP is missing encoding in `CssSelector`
Chrome PHP allows users to start playing with chrome/chromium in headless mode from PHP. Prior to version 1.14.0, CSS Selector expressions are not properly encoded, which can lead to XSS (cross-site scripting) vulnerabilities. This is patched in v1.14.0. As a workaround, users can apply encoding maβ¦
2.6
CVE-2025-48938 - Prevent GitHub CLI and extensions from executing arbitrary commands from compromised GitHub Enterprβ¦
go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has been identified in versions prior to 2.12.1 where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands on a user's machine by replacing HTTP URLs β¦
5.7
CVE-2025-48885 - application-urlshortener users can create arbitrary pages as long as they have view access to them
application-urlshortener create shortened URLs for XWiki pages. Versions prior to 1.2.4 are vulnerable to users with view access being able to create arbitrary pages. Any user (even guests) can create these docs, even if they don't exist already. This can enable guest users to denature the structurβ¦
6.5
CVE-2025-48944 - vLLM Tool Schema allows DoS via Malformed pattern and type Fields
vLLM is an inference and serving engine for large language models (LLMs). In version 0.8.0 up to but excluding 0.9.0, the vLLM backend used with the /v1/chat/completions OpenAPI endpoint fails to validate unexpected or malformed input in the "pattern" and "type" fields when the tools functionality β¦
6.5
CVE-2025-48943 - vLLM allows clients to crash the openai server with invalid regex
vLLM is an inference and serving engine for large language models (LLMs). Version 0.8.0 up to but excluding 0.9.0 have a Denial of Service (ReDoS) that causes the vLLM server to crash if an invalid regex was provided while using structured output. This vulnerability is similar to GHSA-6qc9-v4r8-22xβ¦
6.5
CVE-2025-48942 - vLLM DOS: Remotely kill vllm over http with invalid JSON schema
vLLM is an inference and serving engine for large language models (LLMs). In versions 0.8.0 up to but excluding 0.9.0, hitting the /v1/completions API with a invalid json_schema as a Guided Param kills the vllm server. This vulnerability is similar GHSA-9hcf-v7m4-6m2j/CVE-2025-48943, but for regexβ¦
6.9
CVE-2025-5359 - Campcodes Online Hospital Management System appointment-history.php sql injection
A vulnerability classified as critical has been found in Campcodes Online Hospital Management System 1.0. This affects an unknown part of the file /appointment-history.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has beβ¦