Tagged: Cybersecurity Alert

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution,...

A Regular Expression Denial of Service (ReDoS) vulnerability exists in the Hugging Face Transformers library, specifically in the `convert_tf_weight_name_to_pt_weight_name()` function. This function, responsible for converting TensorFlow weight names to PyTorch format, uses a regex...

CWE-639 Authorization Bypass Through User-Controlled Key Assigner : cna@cyber.gov.il More information : https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0

CWE-639 Authorization Bypass Through User-Controlled Key Assigner : cna@cyber.gov.il More information : https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Assigner : cna@cyber.gov.il More information : https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0

CWE-620: Unverified Password Change Assigner : cna@cyber.gov.il More information : https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0

CWE-204: Observable Response Discrepancy Assigner : cna@cyber.gov.il More information : https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0

CWE-284: Improper Access Control Assigner : cna@cyber.gov.il More information : https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0

OS command injection vulnerability exists in CL4/6NX Plus and CL4/6NX-J Plus (Japan model) with the firmware versions prior to 1.15.5-r1. An arbitrary OS command may be executed on the system with a certain non-administrative...

CL4/6NX Plus and CL4/6NX-J Plus (Japan model) with the firmware versions prior to 1.15.5-r1 allow crafted dangerous files to be uploaded. An arbitrary Lua script may be executed on the system with the root...

Vault and Vault Enterprise’s (“Vault”) ldap auth method may not have correctly enforced MFA if username_as_alias was set to true and a user had multiple CNs that are equal but with leading or trailing...

ThrottleStop.sys, a legitimate driver, exposes two IOCTL interfaces that allow arbitrary read and write access to physical memory via the MmMapIoSpace function. This insecure implementation can be exploited by a malicious user-mode application to...

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to extract donor...

A Cross-Site Request Forgery (CSRF) in Elgato’s Key Lights and related light products allows an attacker to host a malicious webpage that remotely controlles the victim’s lights. Assigner : disclosure@toreon.com More information : https://www.toreon.com/flashing-your-lights-cve-2025-7202/