libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c. Rated low severity (CVSS 2.9), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.
A vulnerability was found in Keycloak. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A stack consumption issue in sqfs_size in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with deep symlink nesting. Rated low severity (CVSS 2.0), this vulnerability is no authentication required.
smartbanner.js is a customizable smart app banner for iOS and Android. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.