2.6
CVE-2025-48938 - Prevent GitHub CLI and extensions from executing arbitrary commands from compromised GitHub Enterprβ¦
go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has been identified in versions prior to 2.12.1 where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands on a user's machine by replacing HTTP URLs β¦
5.7
CVE-2025-48885 - application-urlshortener users can create arbitrary pages as long as they have view access to them
application-urlshortener create shortened URLs for XWiki pages. Versions prior to 1.2.4 are vulnerable to users with view access being able to create arbitrary pages. Any user (even guests) can create these docs, even if they don't exist already. This can enable guest users to denature the structurβ¦
6.5
CVE-2025-48944 - vLLM Tool Schema allows DoS via Malformed pattern and type Fields
vLLM is an inference and serving engine for large language models (LLMs). In version 0.8.0 up to but excluding 0.9.0, the vLLM backend used with the /v1/chat/completions OpenAPI endpoint fails to validate unexpected or malformed input in the "pattern" and "type" fields when the tools functionality β¦
6.5
CVE-2025-48943 - vLLM allows clients to crash the openai server with invalid regex
vLLM is an inference and serving engine for large language models (LLMs). Version 0.8.0 up to but excluding 0.9.0 have a Denial of Service (ReDoS) that causes the vLLM server to crash if an invalid regex was provided while using structured output. This vulnerability is similar to GHSA-6qc9-v4r8-22xβ¦
6.5
CVE-2025-48942 - vLLM DOS: Remotely kill vllm over http with invalid JSON schema
vLLM is an inference and serving engine for large language models (LLMs). In versions 0.8.0 up to but excluding 0.9.0, hitting the /v1/completions API with a invalid json_schema as a Guided Param kills the vllm server. This vulnerability is similar GHSA-9hcf-v7m4-6m2j/CVE-2025-48943, but for regexβ¦
6.9
CVE-2025-5359 - Campcodes Online Hospital Management System appointment-history.php sql injection
A vulnerability classified as critical has been found in Campcodes Online Hospital Management System 1.0. This affects an unknown part of the file /appointment-history.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has beβ¦
6.9
CVE-2025-5358 - PHPGurukul/Campcodes Cyber Cafe Management System bwdates-reports-details.php sql injection
A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack may bβ¦
4.7
CVE-2025-5054 - Race Condition in Canonical Apport
Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a container, was beinβ¦
6.5
CVE-2025-48887 - vLLM has a Regular Expression Denial of Service (ReDoS, Exponential Complexity) Vulnerability in `pβ¦
vLLM, an inference and serving engine for large language models (LLMs), has a Regular Expression Denial of Service (ReDoS) vulnerability in the file `vllm/entrypoints/openai/tool_parsers/pythonic_tool_parser.py` of versions 0.6.4 up to but excluding 0.9.0. The root cause is the use of a highly compβ¦
6.9
CVE-2025-5357 - FreeFloat FTP Server PWD Command buffer overflow
A vulnerability was found in FreeFloat FTP Server 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component PWD Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed toβ¦