Our news and updates

In PyTorch version 2.6.0+cu124 a medium severity vulnerability CVE-2025-4287 was detected. This vulnerability affects the torch.cuda.nccl.reduce function in the torch/cuda/nccl.py file and may lead to denial of service. The issue can be exploited locally, and details of the exploit have been publicly disclosed. To address this issue, users must apply the patch. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4287.

In PyTorch version 2.5.1 and prior a critical severity vulnerability CVE-2025-32434 was detected. This vulnerability allows remote command execution (RCE) when loading a model. To address this issue users must upgrade to version 2.6.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-32434.

In MongoDB Server version 8.1.0 a high severity vulnerability CVE-2025-7259 was detected. This vulnerability allows authorized users to issue queries with duplicate id fields, leading to unexpected behavior and potentially causing the server to crash. This may result in a denial of service. To address this issue users must upgrade to a patched version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-7259.

In MongoDB Server versions prior to 6.0.23, 7.0.20, and 8.0.9 a medium severity vulnerability CVE-2025-6714 was detected. This vulnerability allows attackers to send malformed data that can make the MongoDB server stop responding to new connections. This vulnerability remains unresolved at this time. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6714.

In MongoDB Server versions prior to 8.0.7 (8.0 series), 7.0.20 (7.0 series), and 6.0.22 (6.0 series) a medium severity vulnerability CVE-2025-6713 was detected. This vulnerability allows unauthorized users to access data by exploiting improper handling of the $mergeCursors stage in aggregation pipelines. The flaw can lead to exposure of data without proper authorization. This vulnerability remains unresolved at this time. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6713.

In Next.js versions from 15.0.4-canary.51 to before 15.1.8 a medium severity vulnerability CVE-2025-49826 was detected. This vulnerability could lead to a Denial of Service condition due to a cache poisoning issue, where a 204 HTTP response may be incorrectly cached and served to all users accessing certain static pages. To fix this issue, users should upgrade to Next.js version 15.1.8. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-49826.

In Next.js App Router versions from 15.3.0 to before 15.3.3 and Vercel CLI from 41.4.1 to 42.2.0 a medium severity vulnerability CVE-2025-49005 was detected. This vulnerability allows attackers to trick the server into saving the wrong version of a page in the cache, so other users might see broken or incorrect content when they visit the site. To fix this issue, users should upgrade to Next.js version 15.3.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-49005.

In Zulip Server versions from 2.0.0-rc1 to 10.4 a medium severity vulnerability CVE-2025-52559 was detected. This vulnerability allows attackers to inject and execute malicious scripts in users’ browsers by exploiting unsanitized topic or channel names in the /digest/ preview, potentially leading to data theft or session hijacking. To fix this issue, users should upgrade to Zulip Server version 10.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-52559.

In the PayMaster for WooCommerce plugin for WordPress, all versions up to and including 0.4.31 a high severity vulnerability CVE-2025-6729 was detected. This vulnerability allows attackers to send unauthorized requests from the server to internal or external systems, potentially accessing or modifying sensitive information. Currently there is not fix for this vulnerability. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6729.