6.3
CVE-2025-0257 - HCL DevOps Deploy / HCL Launch is susceptible to unauthorized access to other services
HCL DevOps Deploy / HCL Launch could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service.
2.3
CVE-2025-3122 - WebAssembly wabt binary-reader-interp.cc BeginFunctionBody null pointer dereference
A vulnerability classified as problematic was found in WebAssembly wabt 1.0.36. Affected by this vulnerability is the function BinaryReaderInterp::BeginFunctionBody of the file src/interp/binary-reader-interp.cc. The manipulation leads to null pointer dereference. The attack can be launched remotelβ¦
4.8
CVE-2025-3121 - PyTorch torch.jit.jit_module_from_flatbuffer memory corruption
A vulnerability classified as problematic has been found in PyTorch 2.6.0. Affected is the function torch.jit.jit_module_from_flatbuffer. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
9.3
CVE-2025-31484 - conda-forge infrastructure uses a bad token for Azure's cf-staging access
conda-forge infrastructure holds common configurations and settings for key pieces of the conda-forge infrastructure. Between 2025-02-10 and 2025-04-01, conda-forge infrastructure used the wrong token for Azure's cf-staging access. This bug meant that any feedstock maintainer could upload a packageβ¦
5.3
CVE-2025-3120 - SourceCodester Apartment Visitors Management System add-apartment.php sql injection
A vulnerability was found in SourceCodester Apartment Visitors Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /add-apartment.php. The manipulation of the argument apartmentno leads to sql injection. The attack may be initiated remotely. β¦
5.3
CVE-2025-3119 - SourceCodester Online Tutor Portal manage_course.php sql injection
A vulnerability was found in SourceCodester Online Tutor Portal 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /tutor/courses/manage_course.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit β¦
1.7
CVE-2025-30218 - Next.js may leak x-middleware-subrequest-id to external hosts
Next.js is a React framework for building full-stack web applications. To mitigate CVE-2025-29927, Next.js validated the x-middleware-subrequest-id which persisted across multiple incoming requests. However, this subrequest ID is sent to all requests, even if the destination is not the same host asβ¦
5.4
CVE-2025-3130 - Obfuscate - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-029
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Obfuscate allows Stored XSS.This issue affects Obfuscate: from 0.0.0 before 2.0.1.
4.8
CVE-2025-3129 - Access code - Moderately critical - Access bypass - SA-CONTRIB-2025-028
Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Access code allows Brute Force.This issue affects Access code: from 0.0.0 before 2.0.4.
9.3
CVE-2025-31477 - Improper Scope Validation in the open Endpoint of tauri-plugin-shell
The Tauri shell plugin allows access to the system shell. Prior to 2.2.1, the Tauri shell plugin exposes functionality to execute code and open programs on the system. The open endpoint of this plugin is designed to allow open functionality with the system opener (e.g. xdg-open on Linux). This was β¦