A device-ID validation flaw in OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) by calling flow.cuda.synchronize() with an invalid or out-of-range GPU device index.

CVE Database V5

Detailed information about CVE-2025-65890: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-65890: n/a - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-65890: n/a

CVE-2026-24685 is a critical command injection vulnerability in OpenProject versions prior to 16. 6. 6 and between 17. 0. 0 and 17. 0. 2. It allows users with browse_repository permission to inject arbitrary git show command options via the rev parameter, enabling arbitrary file writes. This can lead to overwriting application or configuration files, causing data loss and denial of service, impacting integrity and availability. No user interaction or elevated privileges beyond browse_repository permission are required.

CVE-2026-24685 is a command injection vulnerability classified under CWE-77 affecting OpenProject, an open-source web-based project management software. The flaw exists in the repository diff download endpoint (/projects/:project_id/repository/diff.diff) when rendering a single revision using the git show command. Specifically, the rev parameter is not properly sanitized, allowing an attacker to inject arbitrary git show command-line options. For example, by supplying rev=--output=/tmp/poc.txt, the attacker can cause git show to write its output to an arbitrary file path. Since OpenProject executes the git show command with the attacker-controlled rev value, this leads to an arbitrary file write vulnerability. Any user with the browse_repository permission on a project can exploit this to create or overwrite files that the OpenProject process user has write access to. The contents written are the git show output, including commit metadata and patch data. Overwriting critical application or configuration files can result in data loss, denial of service, and compromise of system integrity and availability. The vulnerability does not require user interaction or elevated privileges beyond browse_repository permission, making it easier to exploit. The issue affects OpenProject versions prior to 16.6.6 and versions from 17.0.0 up to but not including 17.0.2. The vendor has addressed the vulnerability in OpenProject 16.6.6 and 17.0.2. The CVSS 4.0 score is 9.4, reflecting the critical nature of this vulnerability with network attack vector, low attack complexity, no privileges or user interaction required, and high impact on confidentiality, integrity, and availability. No known exploits are currently reported in the wild, but the ease of exploitation and severity warrant immediate attention.

Detailed information about CVE-2026-24685: CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') in opf openproject affect

CVE-2026-24685: CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') in opf openproject - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2026-24685: CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') in opf openproject

CVE-2025-13919 is a medium severity vulnerability affecting Broadcom's Symantec Endpoint Protection Windows Client versions prior to 14. 3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3. It involves an uncontrolled search path element (CWE-427) leading to COM hijacking, where attackers can manipulate COM references in the Windows Registry to establish persistence and evade detection. The vulnerability requires network access and low privileges but no user interaction. While no known exploits are currently in the wild, successful exploitation could allow attackers to execute code with elevated privileges, impacting confidentiality and integrity. European organizations using affected Symantec Endpoint Protection versions should prioritize patching to mitigate risk. Countries with high adoption of Broadcom security products and critical infrastructure sectors are at greater risk. Mitigation includes applying vendor patches promptly, auditing COM registry entries, and implementing strict application whitelisting policies.

CVE-2025-13919 is a vulnerability classified under CWE-427 (Uncontrolled Search Path Element) found in Broadcom's Symantec Endpoint Protection Windows Client prior to specific patch versions (14.3 RU10 Patch 1, RU9 Patch 2, RU8 Patch 3). This vulnerability allows an attacker to perform COM hijacking by manipulating the Windows Registry entries that define COM object references. COM hijacking is a technique where malicious code is loaded instead of legitimate COM components due to improper or uncontrolled search paths. In this case, the attacker can establish persistence on the affected system and evade detection by security software, as the hijacked COM objects may be trusted or overlooked by endpoint protection mechanisms. The CVSS 3.1 base score is 5.4 (medium severity), with an attack vector of network (AV:N), low attack complexity (AC:L), requiring low privileges (PR:L), no user interaction (UI:N), and impacting confidentiality and integrity but not availability. The vulnerability does not currently have known exploits in the wild, but its exploitation could allow an attacker to execute arbitrary code with elevated privileges, potentially leading to data leakage or manipulation. The vulnerability affects a widely deployed endpoint protection product, which is critical for enterprise security, making this a significant concern for organizations relying on Symantec Endpoint Protection for defense.

Detailed information about CVE-2025-13919: CWE-427 Uncontrolled Search Path Element in Broadcom Symantec Endpoint Protection Windows Client affecting Broadcom S

CVE-2025-13919: CWE-427 Uncontrolled Search Path Element in Broadcom Symantec Endpoint Protection Windows Client - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-13919: CWE-427 Uncontrolled Search Path Element in Broadcom Symantec Endpoint Protection Windows Client

CVE-2025-13918 is an Elevation of Privilege vulnerability in Broadcom's Symantec Endpoint Protection Windows Client versions prior to 14. 3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3. The flaw arises from improper privilege management (CWE-269), allowing an attacker with limited privileges to escalate their access rights. The vulnerability has a CVSS v3. 1 score of 6. 7 (medium severity), indicating a significant impact on confidentiality, integrity, and availability, but requires local access with high privileges and no user interaction. No known exploits are currently reported in the wild. European organizations relying on affected Symantec Endpoint Protection versions may face risks of unauthorized privilege escalation, potentially undermining endpoint security controls. Mitigation involves promptly applying the vendor's patches once available and implementing strict access controls to limit local user privileges. Countries with high adoption of Broadcom Symantec Endpoint Protection, such as Germany, France, the UK, and the Netherlands, are more likely to be impacted due to the prevalence of enterprise deployments and critical infrastructure protection.

CVE-2025-13918 is a vulnerability classified under CWE-269 (Improper Privilege Management) affecting Broadcom's Symantec Endpoint Protection Windows Client prior to versions 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3. The vulnerability allows an attacker who already has some level of access on the affected system to escalate their privileges beyond what is intended by exploiting flaws in how the software manages permissions internally. Specifically, the issue could enable an attacker with limited local privileges to gain elevated rights, potentially allowing them to execute arbitrary code with higher privileges, access sensitive data, or disable security features. The CVSS v3.1 score of 6.7 reflects a medium severity, with attack vector being local (AV:L), requiring low attack complexity (AC:L), high privileges (PR:H), no user interaction (UI:N), and impacting confidentiality, integrity, and availability (C:H/I:H/A:H). The vulnerability does not require user interaction but does require the attacker to have already some elevated privileges, which limits the attack surface but still poses a serious risk if exploited. No public exploits or active exploitation have been reported to date. The vulnerability affects enterprise environments that deploy Symantec Endpoint Protection on Windows clients, which are widely used for endpoint security in corporate networks. The flaw could undermine endpoint protection effectiveness by allowing attackers to bypass security controls and gain administrative access on endpoints.

Detailed information about CVE-2025-13918: CWE-269 Improper Privilege Management in Broadcom Symantec Endpoint Protection Windows Client affecting Broadcom Syma

CVE-2025-13918: CWE-269 Improper Privilege Management in Broadcom Symantec Endpoint Protection Windows Client - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-13918: CWE-269 Improper Privilege Management in Broadcom Symantec Endpoint Protection Windows Client

A type validation flaw in the flow.dstack() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.

Detailed information about CVE-2025-65889: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-65889: n/a

CVE-2025-65889: n/a

Description

Technical Details

Community Reviews

Related Threats

CVE-2025-65890: n/a

CVE-2026-24685: CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') in opf openproject

CVE-2025-13919: CWE-427 Uncontrolled Search Path Element in Broadcom Symantec Endpoint Protection Windows Client

CVE-2025-13918: CWE-269 Improper Privilege Management in Broadcom Symantec Endpoint Protection Windows Client

CVE-2026-1520: Cross Site Scripting in rethinkdb

Actions

External Links

Need more coverage?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility