Security

CVE ID : CVE-2025-48943

Published : May 30, 2025, 7:15 p.m. | 2 hours, 25 minutes ago

Description : vLLM is an inference and serving engine for large language models (LLMs). Version 0.8.0 up to but excluding 0.9.0 have a Denial of Service (ReDoS) that causes the vLLM server to crash if an invalid regex was provided while using structured output. This vulnerability is similar to GHSA-6qc9-v4r8-22xg/CVE-2025-48942, but for regex instead of a JSON schema. Version 0.9.0 fixes the issue.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-48944

Published : May 30, 2025, 7:15 p.m. | 2 hours, 25 minutes ago

Description : vLLM is an inference and serving engine for large language models (LLMs). In version 0.8.0 up to but excluding 0.9.0, the vLLM backend used with the /v1/chat/completions OpenAPI endpoint fails to validate unexpected or malformed input in the “pattern” and “type” fields when the tools functionality is invoked. These inputs are not validated before being compiled or parsed, causing a crash of the inference worker with a single request. The worker will remain down until it is restarted. Version 0.9.0 fixes the issue.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5359

Published : May 30, 2025, 7:15 p.m. | 2 hours, 25 minutes ago

Description : A vulnerability classified as critical has been found in Campcodes Online Hospital Management System 1.0. This affects an unknown part of the file /appointment-history.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-1479

Published : May 30, 2025, 8:15 p.m. | 1 hour, 25 minutes ago

Description : An open debug interface was reported in the Legion Space software included on certain Legion devices that could allow a local attacker to execute arbitrary code.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-2503

Published : May 30, 2025, 8:15 p.m. | 1 hour, 25 minutes ago

Description : An improper permission handling vulnerability was reported in Lenovo PC Manager that could allow a local attacker to perform arbitrary file deletions as an elevated user.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-2501

Published : May 30, 2025, 8:15 p.m. | 1 hour, 25 minutes ago

Description : An untrusted search path vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges.

Severity: 7.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-2502

Published : May 30, 2025, 8:15 p.m. | 1 hour, 25 minutes ago

Description : An improper default permissions vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges.

Severity: 7.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-48871

Published : May 30, 2025, 8:15 p.m. | 1 hour, 25 minutes ago

Description : Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-47056. Reason: This candidate is a duplicate of CVE-2024-47056. Notes: All CVE users should reference CVE-2024-47056 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-48872

Published : May 30, 2025, 8:15 p.m. | 1 hour, 25 minutes ago

Description : Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-47055. Reason: This candidate is a duplicate of CVE-2024-47055. Notes: All CVE users should reference CVE-2024-47055 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-48873

Published : May 30, 2025, 8:15 p.m. | 1 hour, 25 minutes ago

Description : Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-5256. Reason: This candidate is a duplicate of CVE-2025-5256. Notes: All CVE users should reference CVE-2025-5256 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-48874

Published : May 30, 2025, 8:15 p.m. | 1 hour, 25 minutes ago

Description : Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-5257. Reason: This candidate is a duplicate of CVE-2025-5257. Notes: All CVE users should reference CVE-2025-5257 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-48882

Published : May 30, 2025, 8:15 p.m. | 1 hour, 25 minutes ago

Description : PHPOffice Math is a library that provides a set of classes to manipulate different formula file formats. Prior to version 0.3.0, loading XML data using the standard `libxml` extension and the `LIBXML_DTDLOAD` flag without additional filtration, leads to XXE. Version 0.3.0 fixes the vulnerability.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-48946

Published : May 30, 2025, 8:15 p.m. | 1 hour, 25 minutes ago

Description : liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. liboqs prior to version 0.13.0 supports the HQC algorithm, an algorithm with a theoretical design flaw which leads to large numbers of malformed ciphertexts sharing the same implicit rejection value. Currently, no concrete attack on the algorithm is known. However, prospective users of HQC must take extra care when using the algorithm in protocols involving key derivation. In particular, HQC does not provide the same security guarantees as Kyber or ML-KEM. There is currently no patch for the HQC flaw available in liboqs, so HQC is disabled by default in liboqs starting from version 0.13.0. OQS will update its implementation after the HQC team releases an updated algorithm specification.

Severity: 3.7 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-48948

Published : May 30, 2025, 8:15 p.m. | 1 hour, 25 minutes ago

Description : Navidrome is an open source web-based music collection server and streamer. A permission verification flaw in versions prior to 0.56.0 allows any authenticated regular user to bypass authorization checks and perform administrator-only transcoding configuration operations, including creating, modifying, and deleting transcoding settings. In the threat model where administrators are trusted but regular users are not, this vulnerability represents a significant security risk when transcoding is enabled. Version 0.56.0 patches the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-48870

Published : May 30, 2025, 8:15 p.m. | 1 hour, 25 minutes ago

Description : Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-47057. Reason: This candidate is a duplicate of CVE-2024-47057. Notes: All CVE users should reference CVE-2024-47057 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-48949

Published : May 30, 2025, 8:15 p.m. | 1 hour, 25 minutes ago

Description : Navidrome is an open source web-based music collection server and streamer. Versions 0.55.0 through 0.55.2 have a vulnerability due to improper input validation on the `role` parameter within the API endpoint `/api/artist`. Attackers can exploit this flaw to inject arbitrary SQL queries, potentially gaining unauthorized access to the backend database and compromising sensitive user information. Version 0.56.0 contains a patch for the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5360

Published : May 30, 2025, 8:15 p.m. | 1 hour, 25 minutes ago

Description : A vulnerability classified as critical was found in Campcodes Online Hospital Management System 1.0. This vulnerability affects unknown code of the file /book-appointment.php. The manipulation of the argument doctor leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5361

Published : May 30, 2025, 8:15 p.m. | 1 hour, 25 minutes ago

Description : A vulnerability, which was classified as critical, has been found in Campcodes Online Hospital Management System 1.0. This issue affects some unknown processing of the file /contact.php. The manipulation of the argument fullname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5362

Published : May 30, 2025, 9:15 p.m. | 25 minutes ago

Description : A vulnerability, which was classified as critical, was found in Campcodes Online Hospital Management System 1.0. Affected is an unknown function of the file /admin/doctor-specilization.php. The manipulation of the argument doctorspecilization leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5363

Published : May 30, 2025, 9:15 p.m. | 25 minutes ago

Description : A vulnerability has been found in Campcodes Online Hospital Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /doctor/index.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…