CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-25748
https://notcve.org/view.php?id=CVE-2025-25748
11 Mar 2025 — A CSRF vulnerability in the gestione_utenti.php endpoint of HotelDruid 3.0.7 allows attackers to perform unauthorized actions (e.g., modifying user passwords) on behalf of authenticated users by exploiting the lack of origin or referrer validation and the absence of CSRF tokens. A CSRF vulnerability in the gestione_utenti.php endpoint of HotelDruid 3.0.7 allows attackers to perform unauthorized actions (e.g., modifying user passwords) on behalf of authenticated users by exploiting the lack of origin or refe... • https://github.com/huyvo2910/CVE-2525-25748-Cross-Site-Request-Forgery-CSRF-Vulnerability-in-HotelDruid-3.0.7 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-25749
https://notcve.org/view.php?id=CVE-2025-25749
11 Mar 2025 — An issue in HotelDruid version 3.0.7 and earlier allows users to set weak passwords due to the lack of enforcement of password strength policies. • https://github.com/huyvo2910/CVE-2025-25749-Weak-Password-Policy-in-HotelDruid-3.0.7 • CWE-521: Weak Password Requirements •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-26695
https://notcve.org/view.php?id=CVE-2025-26695
10 Mar 2025 — When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length of the requested email address. This vulnerability affects Thunderbird < 136 and Thunderbird < 128.8. • https://bugzilla.mozilla.org/show_bug.cgi?id=1883039 •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-26696
https://notcve.org/view.php?id=CVE-2025-26696
10 Mar 2025 — Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were wrongly shown as being encrypted. This vulnerability affects Thunderbird < 136 and Thunderbird < 128.8. • https://bugzilla.mozilla.org/show_bug.cgi?id=1864205 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2153 – HDF5 h5 File H5SM.c H5SM_delete heap-based overflow
https://notcve.org/view.php?id=CVE-2025-2153
10 Mar 2025 — A vulnerability, which was classified as critical, was found in HDF5 1.14.6. Affected is the function H5SM_delete of the file H5SM.c of the component h5 File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The complexity of an attack is rather high. • https://github.com/HDFGroup/hdf5/issues/5329 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 2.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2149 – PyTorch Quantized Sigmoid Module nnq_Sigmoid initialization
https://notcve.org/view.php?id=CVE-2025-2149
10 Mar 2025 — A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function nnq_Sigmoid of the component Quantized Sigmoid Module. The manipulation of the argument scale/zero_point leads to improper initialization. The attack needs to be approached locally. • https://github.com/pytorch/pytorch/issues/147818 • CWE-665: Improper Initialization •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2148 – PyTorch Tuple torch.ops.profiler._call_end_callbacks_on_jit_fut memory corruption
https://notcve.org/view.php?id=CVE-2025-2148
10 Mar 2025 — A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch.ops.profiler._call_end_callbacks_on_jit_fut of the component Tuple Handler. The manipulation of the argument None leads to memory corruption. • https://github.com/pytorch/pytorch/issues/147722 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2123 – GeSHi CSS cssgen.php get_var cross site scripting
https://notcve.org/view.php?id=CVE-2025-2123
09 Mar 2025 — A vulnerability, which was classified as problematic, has been found in GeSHi up to 1.0.9.1. Affected by this issue is the function get_var of the file /contrib/cssgen.php of the component CSS Handler. The manipulation of the argument default-styles/keywords-1/keywords-2/keywords-3/keywords-4/comments leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/GeSHi/geshi-1.0/issues/159 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-1080 – Macro URL arbitrary script execution
https://notcve.org/view.php?id=CVE-2025-1080
04 Mar 2025 — LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could be constructed with an embedded inner URL that when passed to LibreOffice could call internal macros with arbitrary arguments. This issue affects LibreOffice: from 24.8 before < 24.8.5, from 25.2 before < 25.2.1. A flaw was found in L... • https://www.libreoffice.org/about-us/security/advisories/cve-2025-1080 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 21EXPL: 0CVE-2025-1937 – firefox: thunderbird: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8
https://notcve.org/view.php?id=CVE-2025-1937
04 Mar 2025 — Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, and Firefox ESR < 128.8. Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs sh... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1938471%2C1940716 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-1260: Improper Handling of Overlap Between Protected Memory Ranges •