Skip to main content
CVE-2025-11731 LOW Monitor

A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT <func:result> elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This can cause unexpected memory reads and potential crashes. While difficult to exploit, the flaw could lead to application instability or denial of service.

Memory Corruption Denial Of Service
NVD VulDB
CVSS 3.1
3.1
EPSS
0.1%
CVE-2025-58903 LOW Monitor

Authenticated denial-of-service in Fortinet FortiOS allows a high-privileged user to crash the HTTP daemon via a specially crafted API request. The root cause is an unchecked return value (CWE-252) that triggers a null pointer dereference in the HTTP daemon, resulting in a temporary service disruption. EPSS exploitation probability is 0.06% (20th percentile), no KEV listing, and no public exploit identified at time of analysis, placing this as low operational priority despite network-reachable attack vector.

Fortinet Denial Of Service Fortios
NVD
CVSS 3.1
2.7
EPSS
0.1%
CVE-2025-31514 LOW Monitor

Sensitive 2FA-related information is written to FortiOS log files and exposed via diagnose commands, allowing a highly privileged attacker with at least read-only administrative access to recover two-factor authentication data. Affected versions span FortiOS 6.4 through 7.6.3 and FortiProxy across all versions per CPE data, representing a wide installed base. No public exploit code exists and no active exploitation has been confirmed; EPSS of 0.04% at the 13th percentile reflects minimal real-world exploitation pressure at this time.

Fortinet Information Disclosure
NVD VulDB
CVSS 3.1
2.7
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy