CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2176 – libzvbi io-sim.c vbi_capture_sim_load_caption integer overflow
https://notcve.org/view.php?id=CVE-2025-2176
11 Mar 2025 — A vulnerability classified as critical has been found in libzvbi up to 0.2.43. This affects the function vbi_capture_sim_load_caption of the file src/io-sim.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/zapping-vbi/zvbi/commit/ca1672134b3e2962cd392212c73f44f8f4cb489f • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2175 – libzvbi _vbi_strndup_iconv integer overflow
https://notcve.org/view.php?id=CVE-2025-2175
11 Mar 2025 — A vulnerability was found in libzvbi up to 0.2.43. It has been rated as problematic. Affected by this issue is the function _vbi_strndup_iconv. The manipulation leads to integer overflow. The attack may be launched remotely. • https://github.com/zapping-vbi/zvbi/releases/tag/v0.2.44 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2174 – libzvbi conv.c vbi_strndup_iconv_ucs2 integer overflow
https://notcve.org/view.php?id=CVE-2025-2174
11 Mar 2025 — A vulnerability was found in libzvbi up to 0.2.43. It has been declared as problematic. Affected by this vulnerability is the function vbi_strndup_iconv_ucs2 of the file src/conv.c. The manipulation of the argument src_length leads to integer overflow. The attack can be launched remotely. • https://github.com/zapping-vbi/zvbi/commit/ca1672134b3e2962cd392212c73f44f8f4cb489f • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2173 – libzvbi conv.c vbi_strndup_iconv_ucs2 uninitialized pointer
https://notcve.org/view.php?id=CVE-2025-2173
11 Mar 2025 — A vulnerability was found in libzvbi up to 0.2.43. It has been classified as problematic. Affected is the function vbi_strndup_iconv_ucs2 of the file src/conv.c. The manipulation of the argument src_length leads to uninitialized pointer. It is possible to launch the attack remotely. • https://github.com/zapping-vbi/zvbi/commit/8def647eea27f7fd7ad33ff79c2d6d3e39948dce • CWE-824: Access of Uninitialized Pointer CWE-908: Use of Uninitialized Resource •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-25747
https://notcve.org/view.php?id=CVE-2025-25747
11 Mar 2025 — Cross Site Scripting vulnerability in DigitalDruid HotelDruid v.3.0.7 allows an attacker to execute arbitrary code and obtain sensitive information via the ripristina_backup parameter in the crea_backup.php endpoint • https://github.com/huyvo2910/CVE-2025-25747-HotelDruid-3-0-7-Reflected-XSS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-25748
https://notcve.org/view.php?id=CVE-2025-25748
11 Mar 2025 — A CSRF vulnerability in the gestione_utenti.php endpoint of HotelDruid 3.0.7 allows attackers to perform unauthorized actions (e.g., modifying user passwords) on behalf of authenticated users by exploiting the lack of origin or referrer validation and the absence of CSRF tokens. A CSRF vulnerability in the gestione_utenti.php endpoint of HotelDruid 3.0.7 allows attackers to perform unauthorized actions (e.g., modifying user passwords) on behalf of authenticated users by exploiting the lack of origin or refe... • https://github.com/huyvo2910/CVE-2525-25748-Cross-Site-Request-Forgery-CSRF-Vulnerability-in-HotelDruid-3.0.7 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-25749
https://notcve.org/view.php?id=CVE-2025-25749
11 Mar 2025 — An issue in HotelDruid version 3.0.7 and earlier allows users to set weak passwords due to the lack of enforcement of password strength policies. • https://github.com/huyvo2910/CVE-2025-25749-Weak-Password-Policy-in-HotelDruid-3.0.7 • CWE-521: Weak Password Requirements •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2153 – HDF5 h5 File H5SM.c H5SM_delete heap-based overflow
https://notcve.org/view.php?id=CVE-2025-2153
10 Mar 2025 — A vulnerability, which was classified as critical, was found in HDF5 1.14.6. Affected is the function H5SM_delete of the file H5SM.c of the component h5 File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The complexity of an attack is rather high. • https://github.com/HDFGroup/hdf5/issues/5329 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 2.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2149 – PyTorch Quantized Sigmoid Module nnq_Sigmoid initialization
https://notcve.org/view.php?id=CVE-2025-2149
10 Mar 2025 — A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function nnq_Sigmoid of the component Quantized Sigmoid Module. The manipulation of the argument scale/zero_point leads to improper initialization. The attack needs to be approached locally. • https://github.com/pytorch/pytorch/issues/147818 • CWE-665: Improper Initialization •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2148 – PyTorch Tuple torch.ops.profiler._call_end_callbacks_on_jit_fut memory corruption
https://notcve.org/view.php?id=CVE-2025-2148
10 Mar 2025 — A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch.ops.profiler._call_end_callbacks_on_jit_fut of the component Tuple Handler. The manipulation of the argument None leads to memory corruption. • https://github.com/pytorch/pytorch/issues/147722 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •