7.5
CVE-2025-31674 - Drupal core - Moderately critical - Gadget Chain - SA-CORE-2025-003
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.
4.6
CVE-2025-31673 - Drupal core - Moderately critical - Access bypass - SA-CORE-2025-002
Incorrect Authorization vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.
6.1
CVE-2025-3057 - Drupal core - Critical - Cross site scripting - SA-CORE-2025-001
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.
4.8
CVE-2025-3017 - TA-Lib ta_regtest test_minmax.c setInputBuffer out-of-bounds write
A vulnerability, which was classified as critical, has been found in TA-Lib up to 0.6.4. This issue affects the function setInputBuffer of the file src/tools/ta_regtest/ta_test_func/test_minmax.c of the component ta_regtest. The manipulation leads to out-of-bounds write. It is possible to launch thβ¦
5.3
CVE-2025-3016 - Open Asset Import Library Assimp MDL File MDLMaterialLoader.cpp ParseTextureColorData resource consβ¦
A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function Assimp::MDLImporter::ParseTextureColorData of the file code/AssetLib/MDL/MDLMaterialLoader.cpp of the component MDL File Handler. The manipulation of the argument mβ¦
5.9
CVE-2024-24456 -
An E-RAB Release Command packet containing a malformed NAS PDUΒ will cause the Athonet MME to immediately crash, potentially due to aΒ buffer overflow.
5.3
CVE-2025-3015 - Open Asset Import Library Assimp ASE File ASELoader.cpp BuildUniqueRepresentation out-of-bounds
A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::ASEImporter::BuildUniqueRepresentation of the file code/AssetLib/ASE/ASELoader.cpp of the component ASE File Handler. The manipulation of the argument mIndices leads toβ¦
4.8
CVE-2025-3010 - Khronos Group glslang Intermediate.cpp isConversionAllowed null pointer dereference
A vulnerability, which was classified as problematic, has been found in Khronos Group glslang 15.1.0. Affected by this issue is the function glslang::TIntermediate::isConversionAllowed of the file glslang/MachineIndependent/Intermediate.cpp. The manipulation leads to null pointer dereference. The aβ¦
5.3
CVE-2025-31124 - Zitadel allows User Enumeration by loginname attribute normalization
Zitadel is open-source identity infrastructure software. ZITADEL administrators can enable a setting called "Ignoring unknown usernames" which helps mitigate attacks that try to guess/enumerate usernames. If enabled, ZITADEL will show the password prompt even if the user doesn't exist and report "Uβ¦
8.7
CVE-2025-31123 - Zitadel Expired JWT Keys Usable for Authorization Grants
Zitadel is open-source identity infrastructure software. A vulnerability existed where expired keys can be used to retrieve tokens. Specifically, ZITADEL fails to properly check the expiration date of the JWT key when used for Authorization Grants. This allows an attacker with an expired key to obtβ¦