Skip to main content

Enterprise Linux

1150 CVEs product

Monthly

CVE-2026-58016 CRITICAL PATCH Act Now

Denial of service in GNOME GLib (versions before 2.88.1) arises when g_dbus_node_info_new_for_xml() parses malformed D-Bus introspection XML that nests a <node> element inside <method>, <signal>, <property>, or <arg>. This state-confusion bug triggers an unsigned integer underflow/overflow (CWE-191) and a subsequent out-of-bounds read, crashing any application or service that parses attacker-influenced introspection data. No public exploit identified at time of analysis, EPSS is low (0.34%), and CISA SSVC rates exploitation as none with only partial technical impact.

Integer Overflow Denial Of Service Buffer Overflow Glib Enterprise Linux
NVD VulDB
CVSS 3.1
9.1
EPSS
0.3%
CVE-2026-58015 HIGH PATCH This Week

Arbitrary file disclosure in GLib's GDBus client affects the DBUS_COOKIE_SHA1 SASL authentication mechanism, where the client fails to validate the server-supplied cookie_context parameter. A malicious or compromised D-Bus server can send a cookie_context containing path traversal sequences, forcing the client to read attacker-chosen files and leak their contents by confirming guessed values against the returned authentication hash. No public exploit has been identified and it is not in CISA KEV; EPSS is low at 0.30% (22th percentile), consistent with the SSVC assessment of no known exploitation.

Path Traversal Information Disclosure Glib Enterprise Linux
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-58014 HIGH PATCH This Week

Denial of service (and a 1-byte out-of-bounds read) in GNOME GLib before 2.88.1 arises from an off-by-one error in g_key_file_get_locale_string_list() in gkeyfile.c when a parsed key file contains an empty value. Any application built on GLib that loads attacker-influenced .desktop/.ini-style key files can be crashed if the over-read crosses a page boundary, with a minor information-disclosure component from the single out-of-bounds byte. Publicly available exploit code exists (SSVC 'poc'), but it is not on CISA KEV and EPSS is low (0.24%, 15th percentile), indicating no evidence of widespread active exploitation.

Denial Of Service Glib Enterprise Linux
NVD VulDB
CVSS 3.1
8.6
EPSS
0.2%
CVE-2026-58013 HIGH PATCH This Week

Buffer over-read in GLib's giochannel line-reading code (g_io_channel_read_line_backend) affects the GNOME GLib library prior to version 2.88.1, where an application that configures a multi-byte custom line terminator triggers memcmp to read past the end of the internal GString buffer. Depending on memory layout, this leaks up to 7 bytes of adjacent heap memory (minor information disclosure) or crashes the process when the over-read crosses an unmapped page boundary (denial of service). There is no public exploit identified at time of analysis, EPSS is low (0.27%), and CISA SSVC rates exploitation as none.

Denial Of Service Buffer Overflow Information Disclosure Glib Enterprise Linux
NVD VulDB
CVSS 3.1
8.2
EPSS
0.3%
CVE-2026-58012 HIGH PATCH This Week

Buffer over-read in GNOME GLib's g_regex_replace() lets remote attackers leak 1-5 adjacent bytes of process memory and crash applications when regex replacement is performed with the G_REGEX_RAW compile flag combined with case-change replacement escapes. The internal string_append helper applies UTF-8 aware routines to matched substrings even though G_REGEX_RAW treats the buffer as raw bytes, reading past the intended boundary. There is no public exploit identified at time of analysis and EPSS is low (0.26%, 18th percentile), but the flaw is broadly reachable because GLib underpins the GNOME stack and ships across Red Hat Enterprise Linux 6-10.

Denial Of Service Buffer Overflow Information Disclosure Glib Enterprise Linux
NVD VulDB
CVSS 3.1
8.2
EPSS
0.3%
CVE-2026-58011 HIGH PATCH This Week

Out-of-bounds read of two bytes in GLib's g_date_time_get_ymd() (glib/gdatetime.c) lets attackers corrupt date output and trigger logic errors that may cause denial of service when an application processes an invalid GDateTime produced by g_date_time_add_full(). It affects the GNOME GLib core utility library shipped across Red Hat Enterprise Linux 6 through 10, with fixes in GLib 2.88.1 and 2.86.5. There is publicly available exploit code exists per SSVC (proof-of-concept), no confirmed active exploitation, and EPSS is low at 0.27% (19th percentile).

Denial Of Service Buffer Overflow Information Disclosure Glib Enterprise Linux
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-58010 HIGH PATCH This Week

Out-of-bounds read in GNOME GLib's GVariant serialiser allows remote attackers to leak a single byte of adjacent memory and to crash applications that deserialise untrusted GVariant data. The flaw sits in gvs_tuple_is_normal() in glib/gvariant-serialiser.c, where an alignment-padding bounds check uses '>' instead of '>=', reading one byte past the buffer; when that byte falls across a page boundary the process faults, producing a denial of service. No public exploit identified at time of analysis, and EPSS is low (0.26%), but GLib's near-universal presence on Linux systems makes the exposure broad.

Denial Of Service Buffer Overflow Information Disclosure Glib Enterprise Linux
NVD VulDB
CVSS 3.1
8.2
EPSS
0.3%
CVE-2026-13601 MEDIUM This Month

Sandbox-escaping information disclosure in Yelp (the GNOME help viewer) lets a malicious Flatpak application read arbitrary user-readable files on the host. By using the OpenURI portal to open crafted help content that embeds an untrusted CSS stylesheet inside a structured SVG document, an attacker abuses an overly permissive Content Security Policy supplied by yelp-xsl to force Yelp to evaluate local XML inclusions and exfiltrate file contents via remote CSS resource requests, defeating Flatpak's intended isolation. The flaw was disclosed publicly (GNOME developer blog by Michael Catanzaro, May 2026) and tracked by Red Hat; no public exploit identified at time of analysis and it is not listed in CISA KEV.

Information Disclosure Enterprise Linux Yelp
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-53153 HIGH PATCH This Week

Kernel memory corruption in the Linux memory-management list_lru subsystem (memory cgroup reparenting path) allows a local user to corrupt linked-list pointers and destabilize or potentially escalate privileges on the system. The flaw is a race condition in memcg_reparent_list_lrus(), affecting kernels from 6.13 onward; it carries CVSS 7.8 (High) with full confidentiality, integrity and availability impact but a low EPSS of 0.17% (7th percentile). There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Linux Information Disclosure Enterprise Linux
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-53145 HIGH PATCH This Week

Local privilege escalation and memory corruption in the Linux kernel DRM/GEM subsystem stems from a race condition in the GEM change_handle ioctl when it runs concurrently with gem_close, where botched two-stage idr_replace handling against the wrong idr slot allows a concurrent close to steal the object's only inherited reference. The flaw affects systems using the DRM graphics stack (notably AMD GPU paths, per source tags) and an unprivileged local user with access to a DRM render/card device can trigger a use-after-free, with the upstream resolution disabling the change_handle ioctl entirely until the locking can be proven correct. No public exploit identified at time of analysis and EPSS is low (0.17%, 7th percentile), consistent with a local-only, hard-to-win race rather than mass exploitation.

Linux Amd Information Disclosure Enterprise Linux
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-2340 MEDIUM PATCH This Month

WORM protection bypass in Samba's vfs_worm VFS module allows authenticated share users to defeat data retention controls by renaming a newly created file over an existing WORM-protected file. Affected users are those operating Samba deployments that have explicitly enabled the vfs_worm module for write-once, read-many data protection - such as compliance, archival, or audit log shares. An attacker with low-privilege write access can silently overwrite files that should be immutable post-grace-period, with high integrity impact (CVSS I:H). No public exploit or CISA KEV listing is identified at time of analysis.

Information Disclosure Openshift Container Platform Samba Enterprise Linux
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-1933 MEDIUM PATCH This Month

Access control bypass in Samba allows authenticated SMB users who hold write permissions on the underlying filesystem to create or delete NTFS-style reparse point metadata on shares configured with 'read only = yes', defeating the read-only intent of the export. Because the necessary access checks are missing at the SMB layer, an attacker can change how files behave when accessed over SMB - for example, converting a regular file into a symbolic link or another reparse-point type - yielding an integrity and availability impact (CVSS 7.1). There is no public exploit identified at time of analysis, and CISA's SSVC framework rates exploitation as 'none', non-automatable, with partial technical impact.

Authentication Bypass Openshift Container Platform Samba Enterprise Linux
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-3012 MEDIUM PATCH This Month

Trust-store poisoning in Samba's certificate auto-enrollment lets an adjacent-network attacker install an attacker-controlled CA certificate when auto-enrollment is enabled. Because Samba retrieves the CA certificate over plaintext HTTP and adds it to the local trust store without verifying authenticity, a man-in-the-middle can have a rogue CA trusted system-wide, enabling interception or spoofing of otherwise trusted TLS communications. The issue carries CVSS 8.0 with high confidentiality and integrity impact and a changed scope; EPSS is 0.00% and no public exploit identified at time of analysis.

Information Disclosure Openshift Container Platform Samba Enterprise Linux
NVD VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-9149 MEDIUM PATCH This Month

Heap-based buffer overflow in libsolv's repo_add_solv() function enables a remote unauthenticated attacker to crash the parsing process by delivering a specially crafted .solv repository metadata file containing negative values in the maxsize or allsize header fields. The malformed values bypass allocation sizing logic, producing an undersized heap buffer that is subsequently written past its bounds, yielding a denial of service. No public exploit identified at time of analysis; however, an upstream fix has been submitted via openSUSE/libsolv GitHub PR #617, and Red Hat has acknowledged the issue via a dedicated security advisory.

Denial Of Service Buffer Overflow Heap Overflow Libsolv Hardened Images +4
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-9150 MEDIUM PATCH This Month

Stack-based buffer overflow in libsolv's Debian metadata parser allows remote, unauthenticated attackers to cause a denial of service by serving maliciously crafted Debian repository metadata containing SHA384 or SHA512 checksum tags. The root cause, confirmed by the GitHub PR #616 diff, is a statically allocated 65-byte stack buffer in `ext/repo_deb.c` sized only for SHA256 digests, which is overflowed by the larger SHA384 (96 hex chars) and SHA512 (128 hex chars) values. No active exploitation has been confirmed (not in CISA KEV) and no public exploit code has been identified at time of analysis; an upstream fix is available as an open pull request.

Debian Denial Of Service Stack Overflow Buffer Overflow Libsolv +5
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-9064 HIGH PATCH This Week

Denial of service in 389-ds-base LDAP server allows remote unauthenticated attackers to exhaust CPU and heap memory by sending a single LDAP request packed with hundreds of thousands of minimal controls. Because get_ldapmessage_controls_ext() does not cap the per-message control count, the 2 MB default BER message limit is the only ceiling, and concurrent abuse causes worker thread starvation or OOM termination. No public exploit identified at time of analysis, and the issue is not on CISA KEV.

Denial Of Service Directory Server 389 Directory Server Enterprise Linux
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-42009 HIGH PATCH This Week

Denial of service in GnuTLS affects the Datagram Transport Layer Security (DTLS) packet reordering logic, where the comparator function fails to correctly handle packets with duplicate sequence numbers. Remote unauthenticated attackers can send specially crafted DTLS packet sequences to trigger unstable ordering or undefined behavior, causing service disruption. No public exploit identified at time of analysis, and the issue is rated CVSS 7.5 (High) for availability impact only.

Denial Of Service Gnutls Hardened Images Openshift Container Platform Enterprise Linux +10
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-42010 CRITICAL PATCH Act Now

Authentication bypass in GnuTLS affects servers that enable the RSA-PSK key exchange, where the PSK identity comparison treats a username containing an embedded NUL byte as equal to a legitimate truncated username. Remote attackers can send a crafted username to circumvent pre-shared-key authentication and gain unauthorized access. There is no public exploit identified at time of analysis, the EPSS probability is low (0.15%), and CISA SSVC scores exploitation as none - indicating high theoretical severity but no observed real-world abuse.

Authentication Bypass Gnutls Hardened Images Openshift Container Platform Enterprise Linux
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-4897 MEDIUM PATCH This Month

Polkit's polkit-agent-helper-1 setuid binary fails to bound input length on stdin, allowing local authenticated users to trigger out-of-memory conditions and deny system availability. An attacker with local login privileges can supply excessively long input to exhaust memory resources, causing a system-wide denial of service. No public exploit code or active exploitation has been confirmed at the time of analysis.

Denial Of Service Polkit Openshift Container Platform Enterprise Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-4426 MEDIUM PATCH This Month

Libarchive fails to properly validate the pz_log2_bs field in ISO9660 Rock Ridge extensions during zisofs decompression, allowing remote attackers to supply a crafted ISO file that triggers undefined behavior and causes denial-of-service through incorrect memory allocation and application crashes. The vulnerability requires user interaction (ISO file opening) but no authentication, affects libarchive across multiple distributions, and carries a moderate EPSS score (0.11%, 30th percentile) suggesting low current exploitation probability despite the moderate CVSS severity.

Denial Of Service Libarchive Hardened Images Openshift Container Platform Enterprise Linux
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-3497 MEDIUM PATCH This Month

Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself.

SSH Information Disclosure Microsoft Ubuntu Linux Openssh +2
NVD VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-12801 MEDIUM PATCH This Month

A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. [CVSS 6.5 MEDIUM]

Privilege Escalation Openshift Container Platform Enterprise Linux Nfs Utils
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-26103 HIGH PATCH This Week

Improper authorization in the udisks D-Bus API allows local unprivileged users to manipulate LUKS encryption headers on block devices with root privileges, potentially destroying encryption keys and rendering volumes inaccessible. An attacker with local access can exploit this to cause permanent data loss through denial-of-service. No patch is currently available for this vulnerability.

Authentication Bypass Enterprise Linux Udisks
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-1709 PyPI CRITICAL PATCH GHSA Act Now

Authentication bypass in the Keylime registrar (versions 7.12.0 and later) lets unauthenticated network attackers perform administrative actions because the registrar fails to enforce client-side mutual TLS. Attackers connecting without a client certificate can list registered agents, read public TPM data, and delete agents - undermining the integrity of the remote-attestation trust chain. EPSS is low (0.04%, 11th percentile) and there is no public exploit identified at time of analysis, but the flaw is trivially reachable (CVSS 9.8) and patched across Red Hat and SUSE channels.

Authentication Bypass Enterprise Linux For Ibm Z Systems Enterprise Linux For Arm 64 Eus Keylime Enterprise Linux For Power Little Endian +5
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-0992 LOW Monitor

A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated <nextCatalog> elements pointing to the same downstream catalog. [CVSS 2.9 LOW]

Denial Of Service Hardened Images Jboss Core Services Openshift Container Platform Enterprise Linux +3
NVD VulDB
CVSS 3.1
2.9
EPSS
0.0%
CVE-2026-0990 MEDIUM PATCH This Month

libxml2's xmlCatalogXMLResolveURI function is vulnerable to uncontrolled recursion when processing self-referencing delegate URI entries in XML catalogs, allowing remote attackers to trigger stack exhaustion and crash applications. This configuration-dependent denial of service requires specially crafted XML input but no authentication, affecting any application using the vulnerable library to parse untrusted catalogs. No patch is currently available.

Denial Of Service Hardened Images Jboss Core Services Openshift Container Platform Enterprise Linux +3
NVD VulDB
CVSS 3.1
5.9
EPSS
0.1%
CVE-2026-0989 LOW Monitor

A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested <include> directives. [CVSS 3.7 LOW]

Denial Of Service Libxml2 Hardened Images Jboss Core Services Openshift Container Platform +3
NVD VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2025-14512 MEDIUM PATCH This Month

Integer overflow in GLib's GIO escape_byte_string() function enables heap buffer overflow and denial-of-service when processing malicious filesystem attribute values over the network. The vulnerability affects GLib across GNOME, Red Hat Enterprise Linux 7-10, and OpenShift 4.0+, requiring only unauthenticated network access and user interaction. EPSS score of 0.07% (percentile 22) indicates low exploitation probability despite CVSS 6.5, suggesting the attack requires specific file/attribute handling conditions; no public exploit or active exploitation (CISA KEV) confirmed at analysis time.

Integer Overflow Buffer Overflow Glib Openshift Enterprise Linux
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-14087 CRITICAL PATCH Act Now

Heap corruption in GLib (GNOME's core C utility library) lets remote attackers trigger a buffer-underflow in the GVariant parser by supplying maliciously crafted serialized/text input, resulting in denial of service and potentially arbitrary code execution. Any application linking GLib that deserializes untrusted GVariant data is exposed, which spans broad swaths of the Linux desktop and system stack across Red Hat Enterprise Linux 7-10 and SUSE. There is no public exploit identified at time of analysis, and EPSS exploitation probability is low (0.26%, 49th percentile) despite the 9.8 CVSS, indicating the headline severity is not yet matched by observed exploitation interest.

Denial Of Service RCE Integer Overflow Glib Enterprise Linux
NVD VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-62230 HIGH PATCH This Week

Use-after-free memory corruption in X.Org X server's Xkb extension allows local authenticated attackers to achieve high confidentiality impact, low integrity impact, and high availability impact (CVSS 7.3) through improper resource cleanup during client disconnection. The vulnerability affects Red Hat Enterprise Linux distributions with multiple security advisories released (RHSA-2025:19432 through RHSA-2025:22055). EPSS data not provided, but the local attack vector (AV:L) and low complexity (AC:L) indicate exploitation requires authenticated local access. No CISA KEV listing or public POC identified at time of analysis.

Memory Corruption Use After Free Buffer Overflow X Server Xwayland +9
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-62231 HIGH PATCH This Week

Local privilege escalation in X.Org X server's Xkb extension affects RHEL-family distributions, allowing authenticated users to corrupt memory or crash the X server via integer overflow in XkbSetCompatMap(). Attack requires local access with low-privilege credentials. EPSS data not available; no CISA KEV listing indicates targeted rather than widespread exploitation. Red Hat has released patches across multiple RHEL versions (RHSA-2025:19432 through RHSA-2025:22055).

Integer Overflow Buffer Overflow X Server Xwayland Vios +8
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-9784 Maven HIGH PATCH GHSA This Week

Undertow, a Java web server used across Red Hat's JBoss Enterprise Application Platform, Fuse, and other middleware products, contains a vulnerability that allows attackers to trigger server-side HTTP/2 stream resets without incrementing abuse counters. This 'MadeYouReset' attack enables remote unauthenticated attackers to cause denial of service by repeatedly forcing the server to abort streams and perform unnecessary cleanup work. With an EPSS score of 1.17% (78th percentile), exploitation probability is moderate but rising, and patches have been released across multiple Red Hat product lines as of early 2025.

Denial Of Service Jboss Enterprise Application Platform Expansion Pack Jboss Enterprise Application Platform Fuse Single Sign On +4
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2025-8283 Cargo LOW PATCH Monitor

DNS resolve confusion in netavark, the Rust-based network stack for Podman containers, causes container name lookups to be forwarded to unexpected external DNS servers due to a regression that removed the dns.podman search domain. Affected deployments on Red Hat Enterprise Linux 8/9/10 and OpenShift Container Platform 4.0 running netavark < 1.15.1 are subject to misdirected container DNS resolution when host resolv.conf search domains contain a record matching a running container's hostname. The impact is limited to information disclosure (CVSS 3.7, Low), with no confirmed active exploitation and no public exploit identified at time of analysis.

Information Disclosure Openshift Container Platform Enterprise Linux
NVD GitHub
CVSS 3.1
3.7
EPSS
0.1%
CVE-2025-7519 MEDIUM PATCH This Month

A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account is needed as it's required to place the malicious policy file properly.

RCE Buffer Overflow Memory Corruption Openshift Container Platform Enterprise Linux
NVD GitHub
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-7424 HIGH PATCH This Week

CVE-2025-7424 is a type confusion vulnerability in the libxslt library where the psvi (Post-Schema-Validation Infoset) memory field is reused for both stylesheet and input document processing, enabling memory corruption during XML transformations. This affects any application using vulnerable libxslt versions to process untrusted XML stylesheets or documents, allowing unauthenticated remote attackers to trigger denial of service or memory corruption without requiring user interaction. The vulnerability has a high CVSS score (7.5) with high availability impact, though real-world exploitation probability and active KEV status require confirmation from official sources.

Denial Of Service Memory Corruption Libxslt Openshift Container Platform Enterprise Linux
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-32990 HIGH PATCH This Week

A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.

Heap Overflow Buffer Overflow Gnutls Openshift Container Platform Enterprise Linux
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2025-32989 MEDIUM PATCH This Month

A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.

Information Disclosure Gnutls Openshift Container Platform Enterprise Linux
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-32988 HIGH PATCH This Week

Memory corruption and denial of service in GnuTLS arises from a double-free (CWE-415) in the code that exports X.509 Subject Alternative Name entries containing an otherName field. When the type-id OID inside such an entry is invalid or malformed, GnuTLS calls asn1_delete_structure() on an ASN.1 node it does not own, so the same structure is freed again by the calling function, corrupting allocator state. The flaw is reachable through public GnuTLS APIs - meaning any application that parses or re-exports an attacker-supplied certificate is exposed - and there is no public exploit identified at time of analysis (EPSS 0.04%, 12th percentile; not in CISA KEV).

Buffer Overflow Denial Of Service Gnutls Openshift Container Platform Enterprise Linux
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-5351 MEDIUM PATCH This Month

A security vulnerability in A flaw (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Information Disclosure Libssh Openshift Container Platform Enterprise Linux
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-5372 HIGH PATCH This Week

Cryptographic key derivation failure in libssh versions prior to 0.11.2 (when built against OpenSSL older than 3.0) can cause SSH sessions to proceed with uninitialized key material, allowing remote attackers to undermine session confidentiality and integrity. The flaw stems from inverted return-value semantics between OpenSSL and libssh in ssh_kdf(), so a silent KDF failure is treated as success. No public exploit identified at time of analysis and EPSS risk is low (0.07%), but the issue is widely shipped across Red Hat, Ubuntu, Debian and SUSE distributions and has vendor patches available.

OpenSSL Information Disclosure Libssh Openshift Container Platform Enterprise Linux
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-32463 CRITICAL POC KEV PATCH THREAT Act Now

Sudo before 1.9.17p1 contains a local root escalation vulnerability (CVE-2025-32463, CVSS 9.3) through the --chroot option, which loads /etc/nsswitch.conf from the user-controlled chroot directory instead of the host system. KEV-listed with EPSS 26.5% and public PoC, this vulnerability allows any user with sudo --chroot access to achieve root privileges by placing a malicious nsswitch configuration and library in their chroot.

Information Disclosure Ubuntu Debian Leap Linux Enterprise Desktop +8
NVD Exploit-DB
CVSS 3.1
9.3
EPSS
26.5%
Threat
5.7
CVE-2025-5318 HIGH PATCH This Week

CVE-2025-5318 is an out-of-bounds read vulnerability in libssh versions before 0.11.2 caused by an incorrect comparison check in the sftp_handle function that allows authenticated remote attackers to access memory beyond the valid handle list and retrieve invalid pointers for further processing. This vulnerability enables exposure of sensitive information or denial of service, with a CVSS score of 8.1 indicating high severity. The vulnerability requires authentication and network access but has high confidentiality and availability impact.

Buffer Overflow Enterprise Linux Openshift Container Platform Libssh Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-6170 LOW POC PATCH CISA Monitor

A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files.

Buffer Overflow Stack Overflow Jboss Core Services Openshift Container Platform Enterprise Linux +1
NVD GitHub VulDB
CVSS 3.1
2.5
EPSS
0.0%
Threat
4.0
CVE-2025-6021 HIGH POC PATCH CISA Act Now

Stack-based buffer overflow in libxml2's xmlBuildQName function allows remote unauthenticated attackers to crash affected systems via crafted XML input. The vulnerability affects libxml2 directly and downstream Red Hat products including OpenShift Container Platform 4.12-4.19, RHEL 7-10, and JBoss Core Services. With CVSS 7.5 (AV:N/AC:L/PR:N/UI:N), EPSS 0.75% (73rd percentile), and publicly available exploit code, this represents a moderate real-world risk focused on availability disruption rather than code execution or data compromise.

Buffer Overflow Denial Of Service Integer Overflow Libxml2 Jboss Core Services +18
NVD
CVSS 3.1
7.5
EPSS
0.8%
Threat
5.0
CVE-2025-5918 MEDIUM PATCH This Month

A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.

Buffer Overflow Information Disclosure Libarchive Openshift Container Platform Enterprise Linux
NVD GitHub
CVSS 3.1
6.6
EPSS
0.0%
CVE-2025-5917 MEDIUM PATCH This Month

A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.

Buffer Overflow Memory Corruption Libarchive Openshift Container Platform Enterprise Linux
NVD GitHub
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-5916 MEDIUM PATCH This Month

A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.

Buffer Overflow Integer Overflow Libarchive Openshift Container Platform Enterprise Linux
NVD GitHub
CVSS 3.1
5.6
EPSS
0.0%
CVE-2025-5915 MEDIUM PATCH This Month

A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.

Buffer Overflow Heap Overflow Denial Of Service Openshift Container Platform Enterprise Linux +1
NVD GitHub
CVSS 3.1
6.6
EPSS
0.0%
CVE-2025-5914 HIGH POC PATCH This Week

CVE-2025-5914 is an integer overflow vulnerability in libarchive's archive_read_format_rar_seek_data() function that leads to a double-free memory corruption condition. This affects all users of libarchive who process untrusted RAR archive files, potentially allowing arbitrary code execution or denial-of-service with user interaction (opening a malicious RAR file). While no KEV listing or confirmed public exploits are currently documented, the high CVSS score (7.8) and memory safety nature of the vulnerability indicate significant real-world risk if weaponized.

Buffer Overflow RCE Enterprise Linux Libarchive Openshift Container Platform +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-47711 MEDIUM PATCH This Month

CVE-2025-47711 is a security vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Information Disclosure Nbdkit Enterprise Linux Advanced Virtualization Enterprise Linux
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-4598 MEDIUM POC PATCH This Month

A vulnerability was found in systemd-coredump. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Information Disclosure Linux Systemd Openshift Container Platform Enterprise Linux +1
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2025-4478 MEDIUM PATCH This Month

A flaw was found in the FreeRDP used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Freerdp Enterprise Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2025-3891 HIGH PATCH This Week

A flaw was found in the mod_auth_openidc module for Apache httpd. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Denial Of Service Http Server Enterprise Linux Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2025-46400 MEDIUM POC PATCH This Month

In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via read_arcobject function. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Fig2Dev Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-46399 MEDIUM POC PATCH This Month

A flaw was found in fig2dev. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Fig2Dev Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-46398 MEDIUM POC PATCH This Month

In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation via read_objects function. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Fig2Dev Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-46397 HIGH POC PATCH This Week

A flaw was found in xfig. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Fig2Dev Enterprise Linux
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-3155 HIGH POC PATCH This Week

A flaw was found in Yelp. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Yelp Debian Linux Codeready Linux Builder Codeready Linux Builder For Arm64 +17
NVD GitHub
CVSS 3.1
7.4
EPSS
0.7%
CVE-2025-2784 MEDIUM POC PATCH This Month

A flaw was found in libsoup. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Libsoup Codeready Linux Builder Codeready Linux Builder For Arm64 +18
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2025-0678 HIGH PATCH This Week

A flaw was found in grub2. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow RCE Grub2 Openshift Container Platform +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-45782 HIGH PATCH This Week

A flaw was found in the HFS filesystem. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Memory Corruption Buffer Overflow Grub2 Openshift Container Platform +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-45778 MEDIUM PATCH This Month

A stack overflow flaw was found when reading a BFS file system. Rated medium severity (CVSS 4.1). No vendor patch available.

Integer Overflow Denial Of Service Grub2 Openshift Container Platform Enterprise Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-26601 HIGH PATCH This Week

A use-after-free flaw was found in X.Org and Xwayland. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Information Disclosure Tigervnc X Server +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-26600 HIGH PATCH This Week

A use-after-free flaw was found in X.Org and Xwayland. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Information Disclosure Tigervnc X Server +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-26599 HIGH PATCH This Week

An access to an uninitialized pointer flaw was found in X.Org and Xwayland. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Tigervnc X Server Xwayland +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-26598 HIGH PATCH This Week

An out-of-bounds write flaw was found in X.Org and Xwayland. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Tigervnc X Server Xwayland +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-26597 HIGH PATCH This Week

A buffer overflow flaw was found in X.Org and Xwayland. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Tigervnc X Server Xwayland Enterprise Linux
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-26596 HIGH PATCH This Week

A heap overflow flaw was found in X.Org and Xwayland. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Tigervnc X Server Xwayland +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-26595 HIGH PATCH This Week

A buffer overflow flaw was found in X.Org and Xwayland. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Tigervnc X Server Xwayland +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-26594 HIGH PATCH This Week

A use-after-free flaw was found in X.Org and Xwayland. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Information Disclosure Tigervnc X Server +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-45777 MEDIUM PATCH This Month

A flaw was found in grub2. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Grub2 Openshift Enterprise Linux
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-26465 MEDIUM PATCH This Month

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 60.0%.

Information Disclosure SSH Openssh Active Iq Unified Manager Ontap +3
NVD
CVSS 3.1
6.8
EPSS
60.0%
CVE-2024-12084 CRITICAL POC PATCH Act Now

A heap-based buffer overflow flaw was found in the rsync daemon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Rsync Almalinux Arch Linux +4
NVD GitHub
CVSS 3.1
9.8
EPSS
3.5%
CVE-2024-12088 HIGH PATCH This Week

Arbitrary file write outside the intended destination in rsync's client-side `--safe-links` handling allows a malicious or compromised rsync server to bypass the symlink safety check via a path-traversal flaw (CWE-22). The client fails to recursively verify whether a symbolic-link target supplied by the server itself contains a nested symlink, so a controlled server can place files anywhere the rsync process can write. A detailed advisory was published by Google's security-research team (GHSA-p5pg-x43v-mvqj) as part of the January 2025 rsync vulnerability cluster, but the issue is not in CISA KEV and no public exploit identified at time of analysis; EPSS is moderate at 2.89% (86th percentile).

Path Traversal Rsync Discovery Openshift Container Platform Enterprise Linux +15
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
2.9%
CVE-2024-12087 HIGH POC PATCH This Week

Server-to-client path traversal in rsync lets a malicious or compromised rsync server write files outside the client's intended destination directory by abusing the `--inc-recursive` incremental-recursion mode. Because the server can negotiate `--inc-recursive` even when the client does not request it, missing symlink validation combined with per-file-list deduplication allows arbitrary file placement on the connecting client. Publicly available exploit code exists, EPSS is 3.19% (87th percentile), and Red Hat has shipped fixes, but it is not currently listed in CISA KEV.

Path Traversal Rsync Almalinux Arch Linux Nixos +13
NVD GitHub
CVSS 3.1
7.5
EPSS
3.2%
CVE-2024-12086 MEDIUM POC PATCH This Month

A flaw was found in rsync. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Rsync Openshift Container Platform Enterprise Linux Almalinux +4
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.6%
CVE-2024-12085 HIGH POC PATCH THREAT Act Now

A flaw was found in rsync which could be triggered when rsync compares file checksums. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 19.1%.

Information Disclosure Rsync Openshift Openshift Container Platform Enterprise Linux +17
NVD GitHub
CVSS 3.1
7.5
EPSS
19.1%
CVE-2024-49395 MEDIUM This Month

In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mutt Neomutt Enterprise Linux
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-49394 MEDIUM This Month

In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Mutt Neomutt Enterprise Linux
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-49393 MEDIUM This Month

In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Jwt Attack Mutt Neomutt Enterprise Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-50074 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: parport: Proper fix for array out-of-bounds access The recent fix for array out-of-bounds accesses replaced sprintf() calls blindly. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Linux Kernel Enterprise Linux
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-8354 MEDIUM This Month

A flaw was found in QEMU. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Qemu Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-44070 HIGH PATCH This Week

An issue was discovered in FRRouting (FRR) through 10.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Frrouting Enterprise Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-7006 HIGH This Week

A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Libtiff Enterprise Linux Enterprise Linux For Arm 64 +2
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2024-3056 Go HIGH This Week

A flaw was found in Podman. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Podman Openshift Container Platform Enterprise Linux Fedora
NVD
CVSS 3.1
7.7
EPSS
0.5%
CVE-2024-6237 MEDIUM This Month

A flaw was found in the 389 Directory Server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Directory Server 389 Directory Server Enterprise Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-6505 MEDIUM This Month

A flaw was found in the virtio-net device in QEMU. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Qemu Enterprise Linux
NVD
CVSS 3.1
6.8
EPSS
0.7%
CVE-2024-6387 HIGH POC PATCH THREAT Act Now

Remote code execution in OpenSSH's sshd server (regression of CVE-2006-5051) allows unauthenticated remote attackers to exploit a signal handler race condition by failing to authenticate within the LoginGraceTime window, potentially yielding root-level code execution on glibc-based Linux systems. The flaw - widely known as 'regreSSHion' - affects numerous distributions and vendor appliances including Ubuntu 23.10/24.04, AlmaLinux 9, SonicWall SMA firmware, Arista EOS, NetApp ONTAP, and others. Publicly available exploit code exists and EPSS scores it at 48.06% (98th percentile), reflecting very high exploitation likelihood, though it is not currently listed in CISA KEV.

Information Disclosure SSH Sma 6200 Firmware Sma 7200 Firmware Eos +51
NVD GitHub Exploit-DB
CVSS 3.1
8.1
EPSS
48.1%
Threat
4.6
CVE-2024-5742 MEDIUM This Month

A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. Rated medium severity (CVSS 6.7). No vendor patch available.

Privilege Escalation Nano Enterprise Linux
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2024-3183 HIGH This Week

A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Enterprise Linux Enterprise Linux Aus Enterprise Linux Eus Enterprise Linux Tus +1
NVD
CVSS 3.1
8.1
EPSS
2.1%
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Denial of service in GNOME GLib (versions before 2.88.1) arises when g_dbus_node_info_new_for_xml() parses malformed D-Bus introspection XML that nests a <node> element inside <method>, <signal>, <property>, or <arg>. This state-confusion bug triggers an unsigned integer underflow/overflow (CWE-191) and a subsequent out-of-bounds read, crashing any application or service that parses attacker-influenced introspection data. No public exploit identified at time of analysis, EPSS is low (0.34%), and CISA SSVC rates exploitation as none with only partial technical impact.

Integer Overflow Denial Of Service Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Arbitrary file disclosure in GLib's GDBus client affects the DBUS_COOKIE_SHA1 SASL authentication mechanism, where the client fails to validate the server-supplied cookie_context parameter. A malicious or compromised D-Bus server can send a cookie_context containing path traversal sequences, forcing the client to read attacker-chosen files and leak their contents by confirming guessed values against the returned authentication hash. No public exploit has been identified and it is not in CISA KEV; EPSS is low at 0.30% (22th percentile), consistent with the SSVC assessment of no known exploitation.

Path Traversal Information Disclosure Glib +1
NVD VulDB
EPSS 0% CVSS 8.6
HIGH PATCH This Week

Denial of service (and a 1-byte out-of-bounds read) in GNOME GLib before 2.88.1 arises from an off-by-one error in g_key_file_get_locale_string_list() in gkeyfile.c when a parsed key file contains an empty value. Any application built on GLib that loads attacker-influenced .desktop/.ini-style key files can be crashed if the over-read crosses a page boundary, with a minor information-disclosure component from the single out-of-bounds byte. Publicly available exploit code exists (SSVC 'poc'), but it is not on CISA KEV and EPSS is low (0.24%, 15th percentile), indicating no evidence of widespread active exploitation.

Denial Of Service Glib Enterprise Linux
NVD VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Buffer over-read in GLib's giochannel line-reading code (g_io_channel_read_line_backend) affects the GNOME GLib library prior to version 2.88.1, where an application that configures a multi-byte custom line terminator triggers memcmp to read past the end of the internal GString buffer. Depending on memory layout, this leaks up to 7 bytes of adjacent heap memory (minor information disclosure) or crashes the process when the over-read crosses an unmapped page boundary (denial of service). There is no public exploit identified at time of analysis, EPSS is low (0.27%), and CISA SSVC rates exploitation as none.

Denial Of Service Buffer Overflow Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Buffer over-read in GNOME GLib's g_regex_replace() lets remote attackers leak 1-5 adjacent bytes of process memory and crash applications when regex replacement is performed with the G_REGEX_RAW compile flag combined with case-change replacement escapes. The internal string_append helper applies UTF-8 aware routines to matched substrings even though G_REGEX_RAW treats the buffer as raw bytes, reading past the intended boundary. There is no public exploit identified at time of analysis and EPSS is low (0.26%, 18th percentile), but the flaw is broadly reachable because GLib underpins the GNOME stack and ships across Red Hat Enterprise Linux 6-10.

Denial Of Service Buffer Overflow Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Out-of-bounds read of two bytes in GLib's g_date_time_get_ymd() (glib/gdatetime.c) lets attackers corrupt date output and trigger logic errors that may cause denial of service when an application processes an invalid GDateTime produced by g_date_time_add_full(). It affects the GNOME GLib core utility library shipped across Red Hat Enterprise Linux 6 through 10, with fixes in GLib 2.88.1 and 2.86.5. There is publicly available exploit code exists per SSVC (proof-of-concept), no confirmed active exploitation, and EPSS is low at 0.27% (19th percentile).

Denial Of Service Buffer Overflow Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Out-of-bounds read in GNOME GLib's GVariant serialiser allows remote attackers to leak a single byte of adjacent memory and to crash applications that deserialise untrusted GVariant data. The flaw sits in gvs_tuple_is_normal() in glib/gvariant-serialiser.c, where an alignment-padding bounds check uses '>' instead of '>=', reading one byte past the buffer; when that byte falls across a page boundary the process faults, producing a denial of service. No public exploit identified at time of analysis, and EPSS is low (0.26%), but GLib's near-universal presence on Linux systems makes the exposure broad.

Denial Of Service Buffer Overflow Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Sandbox-escaping information disclosure in Yelp (the GNOME help viewer) lets a malicious Flatpak application read arbitrary user-readable files on the host. By using the OpenURI portal to open crafted help content that embeds an untrusted CSS stylesheet inside a structured SVG document, an attacker abuses an overly permissive Content Security Policy supplied by yelp-xsl to force Yelp to evaluate local XML inclusions and exfiltrate file contents via remote CSS resource requests, defeating Flatpak's intended isolation. The flaw was disclosed publicly (GNOME developer blog by Michael Catanzaro, May 2026) and tracked by Red Hat; no public exploit identified at time of analysis and it is not listed in CISA KEV.

Information Disclosure Enterprise Linux Yelp
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Kernel memory corruption in the Linux memory-management list_lru subsystem (memory cgroup reparenting path) allows a local user to corrupt linked-list pointers and destabilize or potentially escalate privileges on the system. The flaw is a race condition in memcg_reparent_list_lrus(), affecting kernels from 6.13 onward; it carries CVSS 7.8 (High) with full confidentiality, integrity and availability impact but a low EPSS of 0.17% (7th percentile). There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Linux Information Disclosure Enterprise Linux
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation and memory corruption in the Linux kernel DRM/GEM subsystem stems from a race condition in the GEM change_handle ioctl when it runs concurrently with gem_close, where botched two-stage idr_replace handling against the wrong idr slot allows a concurrent close to steal the object's only inherited reference. The flaw affects systems using the DRM graphics stack (notably AMD GPU paths, per source tags) and an unprivileged local user with access to a DRM render/card device can trigger a use-after-free, with the upstream resolution disabling the change_handle ioctl entirely until the locking can be proven correct. No public exploit identified at time of analysis and EPSS is low (0.17%, 7th percentile), consistent with a local-only, hard-to-win race rather than mass exploitation.

Linux Amd Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

WORM protection bypass in Samba's vfs_worm VFS module allows authenticated share users to defeat data retention controls by renaming a newly created file over an existing WORM-protected file. Affected users are those operating Samba deployments that have explicitly enabled the vfs_worm module for write-once, read-many data protection - such as compliance, archival, or audit log shares. An attacker with low-privilege write access can silently overwrite files that should be immutable post-grace-period, with high integrity impact (CVSS I:H). No public exploit or CISA KEV listing is identified at time of analysis.

Information Disclosure Openshift Container Platform Samba +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Access control bypass in Samba allows authenticated SMB users who hold write permissions on the underlying filesystem to create or delete NTFS-style reparse point metadata on shares configured with 'read only = yes', defeating the read-only intent of the export. Because the necessary access checks are missing at the SMB layer, an attacker can change how files behave when accessed over SMB - for example, converting a regular file into a symbolic link or another reparse-point type - yielding an integrity and availability impact (CVSS 7.1). There is no public exploit identified at time of analysis, and CISA's SSVC framework rates exploitation as 'none', non-automatable, with partial technical impact.

Authentication Bypass Openshift Container Platform Samba +1
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Trust-store poisoning in Samba's certificate auto-enrollment lets an adjacent-network attacker install an attacker-controlled CA certificate when auto-enrollment is enabled. Because Samba retrieves the CA certificate over plaintext HTTP and adds it to the local trust store without verifying authenticity, a man-in-the-middle can have a rogue CA trusted system-wide, enabling interception or spoofing of otherwise trusted TLS communications. The issue carries CVSS 8.0 with high confidentiality and integrity impact and a changed scope; EPSS is 0.00% and no public exploit identified at time of analysis.

Information Disclosure Openshift Container Platform Samba +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Heap-based buffer overflow in libsolv's repo_add_solv() function enables a remote unauthenticated attacker to crash the parsing process by delivering a specially crafted .solv repository metadata file containing negative values in the maxsize or allsize header fields. The malformed values bypass allocation sizing logic, producing an undersized heap buffer that is subsequently written past its bounds, yielding a denial of service. No public exploit identified at time of analysis; however, an upstream fix has been submitted via openSUSE/libsolv GitHub PR #617, and Red Hat has acknowledged the issue via a dedicated security advisory.

Denial Of Service Buffer Overflow Heap Overflow +6
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Stack-based buffer overflow in libsolv's Debian metadata parser allows remote, unauthenticated attackers to cause a denial of service by serving maliciously crafted Debian repository metadata containing SHA384 or SHA512 checksum tags. The root cause, confirmed by the GitHub PR #616 diff, is a statically allocated 65-byte stack buffer in `ext/repo_deb.c` sized only for SHA256 digests, which is overflowed by the larger SHA384 (96 hex chars) and SHA512 (128 hex chars) values. No active exploitation has been confirmed (not in CISA KEV) and no public exploit code has been identified at time of analysis; an upstream fix is available as an open pull request.

Debian Denial Of Service Stack Overflow +7
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in 389-ds-base LDAP server allows remote unauthenticated attackers to exhaust CPU and heap memory by sending a single LDAP request packed with hundreds of thousands of minimal controls. Because get_ldapmessage_controls_ext() does not cap the per-message control count, the 2 MB default BER message limit is the only ceiling, and concurrent abuse causes worker thread starvation or OOM termination. No public exploit identified at time of analysis, and the issue is not on CISA KEV.

Denial Of Service Directory Server 389 Directory Server +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in GnuTLS affects the Datagram Transport Layer Security (DTLS) packet reordering logic, where the comparator function fails to correctly handle packets with duplicate sequence numbers. Remote unauthenticated attackers can send specially crafted DTLS packet sequences to trigger unstable ordering or undefined behavior, causing service disruption. No public exploit identified at time of analysis, and the issue is rated CVSS 7.5 (High) for availability impact only.

Denial Of Service Gnutls Hardened Images +12
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Authentication bypass in GnuTLS affects servers that enable the RSA-PSK key exchange, where the PSK identity comparison treats a username containing an embedded NUL byte as equal to a legitimate truncated username. Remote attackers can send a crafted username to circumvent pre-shared-key authentication and gain unauthorized access. There is no public exploit identified at time of analysis, the EPSS probability is low (0.15%), and CISA SSVC scores exploitation as none - indicating high theoretical severity but no observed real-world abuse.

Authentication Bypass Gnutls Hardened Images +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Polkit's polkit-agent-helper-1 setuid binary fails to bound input length on stdin, allowing local authenticated users to trigger out-of-memory conditions and deny system availability. An attacker with local login privileges can supply excessively long input to exhaust memory resources, causing a system-wide denial of service. No public exploit code or active exploitation has been confirmed at the time of analysis.

Denial Of Service Polkit Openshift Container Platform +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Libarchive fails to properly validate the pz_log2_bs field in ISO9660 Rock Ridge extensions during zisofs decompression, allowing remote attackers to supply a crafted ISO file that triggers undefined behavior and causes denial-of-service through incorrect memory allocation and application crashes. The vulnerability requires user interaction (ISO file opening) but no authentication, affects libarchive across multiple distributions, and carries a moderate EPSS score (0.11%, 30th percentile) suggesting low current exploitation probability despite the moderate CVSS severity.

Denial Of Service Libarchive Hardened Images +2
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself.

SSH Information Disclosure Microsoft +4
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. [CVSS 6.5 MEDIUM]

Privilege Escalation Openshift Container Platform Enterprise Linux +1
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Improper authorization in the udisks D-Bus API allows local unprivileged users to manipulate LUKS encryption headers on block devices with root privileges, potentially destroying encryption keys and rendering volumes inaccessible. An attacker with local access can exploit this to cause permanent data loss through denial-of-service. No patch is currently available for this vulnerability.

Authentication Bypass Enterprise Linux Udisks
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Authentication bypass in the Keylime registrar (versions 7.12.0 and later) lets unauthenticated network attackers perform administrative actions because the registrar fails to enforce client-side mutual TLS. Attackers connecting without a client certificate can list registered agents, read public TPM data, and delete agents - undermining the integrity of the remote-attestation trust chain. EPSS is low (0.04%, 11th percentile) and there is no public exploit identified at time of analysis, but the flaw is trivially reachable (CVSS 9.8) and patched across Red Hat and SUSE channels.

Authentication Bypass Enterprise Linux For Ibm Z Systems Enterprise Linux For Arm 64 Eus +7
NVD VulDB
EPSS 0% CVSS 2.9
LOW Monitor

A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated <nextCatalog> elements pointing to the same downstream catalog. [CVSS 2.9 LOW]

Denial Of Service Hardened Images Jboss Core Services +5
NVD VulDB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

libxml2's xmlCatalogXMLResolveURI function is vulnerable to uncontrolled recursion when processing self-referencing delegate URI entries in XML catalogs, allowing remote attackers to trigger stack exhaustion and crash applications. This configuration-dependent denial of service requires specially crafted XML input but no authentication, affecting any application using the vulnerable library to parse untrusted catalogs. No patch is currently available.

Denial Of Service Hardened Images Jboss Core Services +5
NVD VulDB
EPSS 0% CVSS 3.7
LOW Monitor

A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested <include> directives. [CVSS 3.7 LOW]

Denial Of Service Libxml2 Hardened Images +5
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Integer overflow in GLib's GIO escape_byte_string() function enables heap buffer overflow and denial-of-service when processing malicious filesystem attribute values over the network. The vulnerability affects GLib across GNOME, Red Hat Enterprise Linux 7-10, and OpenShift 4.0+, requiring only unauthenticated network access and user interaction. EPSS score of 0.07% (percentile 22) indicates low exploitation probability despite CVSS 6.5, suggesting the attack requires specific file/attribute handling conditions; no public exploit or active exploitation (CISA KEV) confirmed at analysis time.

Integer Overflow Buffer Overflow Glib +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Heap corruption in GLib (GNOME's core C utility library) lets remote attackers trigger a buffer-underflow in the GVariant parser by supplying maliciously crafted serialized/text input, resulting in denial of service and potentially arbitrary code execution. Any application linking GLib that deserializes untrusted GVariant data is exposed, which spans broad swaths of the Linux desktop and system stack across Red Hat Enterprise Linux 7-10 and SUSE. There is no public exploit identified at time of analysis, and EPSS exploitation probability is low (0.26%, 49th percentile) despite the 9.8 CVSS, indicating the headline severity is not yet matched by observed exploitation interest.

Denial Of Service RCE Integer Overflow +2
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Use-after-free memory corruption in X.Org X server's Xkb extension allows local authenticated attackers to achieve high confidentiality impact, low integrity impact, and high availability impact (CVSS 7.3) through improper resource cleanup during client disconnection. The vulnerability affects Red Hat Enterprise Linux distributions with multiple security advisories released (RHSA-2025:19432 through RHSA-2025:22055). EPSS data not provided, but the local attack vector (AV:L) and low complexity (AC:L) indicate exploitation requires authenticated local access. No CISA KEV listing or public POC identified at time of analysis.

Memory Corruption Use After Free Buffer Overflow +11
NVD
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Local privilege escalation in X.Org X server's Xkb extension affects RHEL-family distributions, allowing authenticated users to corrupt memory or crash the X server via integer overflow in XkbSetCompatMap(). Attack requires local access with low-privilege credentials. EPSS data not available; no CISA KEV listing indicates targeted rather than widespread exploitation. Red Hat has released patches across multiple RHEL versions (RHSA-2025:19432 through RHSA-2025:22055).

Integer Overflow Buffer Overflow X Server +10
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Undertow, a Java web server used across Red Hat's JBoss Enterprise Application Platform, Fuse, and other middleware products, contains a vulnerability that allows attackers to trigger server-side HTTP/2 stream resets without incrementing abuse counters. This 'MadeYouReset' attack enables remote unauthenticated attackers to cause denial of service by repeatedly forcing the server to abort streams and perform unnecessary cleanup work. With an EPSS score of 1.17% (78th percentile), exploitation probability is moderate but rising, and patches have been released across multiple Red Hat product lines as of early 2025.

Denial Of Service Jboss Enterprise Application Platform Expansion Pack Jboss Enterprise Application Platform +6
NVD GitHub
EPSS 0% CVSS 3.7
LOW PATCH Monitor

DNS resolve confusion in netavark, the Rust-based network stack for Podman containers, causes container name lookups to be forwarded to unexpected external DNS servers due to a regression that removed the dns.podman search domain. Affected deployments on Red Hat Enterprise Linux 8/9/10 and OpenShift Container Platform 4.0 running netavark < 1.15.1 are subject to misdirected container DNS resolution when host resolv.conf search domains contain a record matching a running container's hostname. The impact is limited to information disclosure (CVSS 3.7, Low), with no confirmed active exploitation and no public exploit identified at time of analysis.

Information Disclosure Openshift Container Platform Enterprise Linux
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account is needed as it's required to place the malicious policy file properly.

RCE Buffer Overflow Memory Corruption +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

CVE-2025-7424 is a type confusion vulnerability in the libxslt library where the psvi (Post-Schema-Validation Infoset) memory field is reused for both stylesheet and input document processing, enabling memory corruption during XML transformations. This affects any application using vulnerable libxslt versions to process untrusted XML stylesheets or documents, allowing unauthenticated remote attackers to trigger denial of service or memory corruption without requiring user interaction. The vulnerability has a high CVSS score (7.5) with high availability impact, though real-world exploitation probability and active KEV status require confirmation from official sources.

Denial Of Service Memory Corruption Libxslt +2
NVD
EPSS 0% CVSS 8.2
HIGH PATCH This Week

A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.

Heap Overflow Buffer Overflow Gnutls +2
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.

Information Disclosure Gnutls Openshift Container Platform +1
NVD
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Memory corruption and denial of service in GnuTLS arises from a double-free (CWE-415) in the code that exports X.509 Subject Alternative Name entries containing an otherName field. When the type-id OID inside such an entry is invalid or malformed, GnuTLS calls asn1_delete_structure() on an ASN.1 node it does not own, so the same structure is freed again by the calling function, corrupting allocator state. The flaw is reachable through public GnuTLS APIs - meaning any application that parses or re-exports an attacker-supplied certificate is exposed - and there is no public exploit identified at time of analysis (EPSS 0.04%, 12th percentile; not in CISA KEV).

Buffer Overflow Denial Of Service Gnutls +2
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A security vulnerability in A flaw (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Information Disclosure Libssh Openshift Container Platform +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Cryptographic key derivation failure in libssh versions prior to 0.11.2 (when built against OpenSSL older than 3.0) can cause SSH sessions to proceed with uninitialized key material, allowing remote attackers to undermine session confidentiality and integrity. The flaw stems from inverted return-value semantics between OpenSSL and libssh in ssh_kdf(), so a silent KDF failure is treated as success. No public exploit identified at time of analysis and EPSS risk is low (0.07%), but the issue is widely shipped across Red Hat, Ubuntu, Debian and SUSE distributions and has vendor patches available.

OpenSSL Information Disclosure Libssh +2
NVD
EPSS 27% 5.7 CVSS 9.3
CRITICAL POC KEV PATCH THREAT Act Now

Sudo before 1.9.17p1 contains a local root escalation vulnerability (CVE-2025-32463, CVSS 9.3) through the --chroot option, which loads /etc/nsswitch.conf from the user-controlled chroot directory instead of the host system. KEV-listed with EPSS 26.5% and public PoC, this vulnerability allows any user with sudo --chroot access to achieve root privileges by placing a malicious nsswitch configuration and library in their chroot.

Information Disclosure Ubuntu Debian +10
NVD Exploit-DB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

CVE-2025-5318 is an out-of-bounds read vulnerability in libssh versions before 0.11.2 caused by an incorrect comparison check in the sftp_handle function that allows authenticated remote attackers to access memory beyond the valid handle list and retrieve invalid pointers for further processing. This vulnerability enables exposure of sensitive information or denial of service, with a CVSS score of 8.1 indicating high severity. The vulnerability requires authentication and network access but has high confidentiality and availability impact.

Buffer Overflow Enterprise Linux Openshift Container Platform +2
NVD
EPSS 0% 4.0 CVSS 2.5
LOW POC PATCH Monitor

A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files.

Buffer Overflow Stack Overflow Jboss Core Services +3
NVD GitHub VulDB
EPSS 1% 5.0 CVSS 7.5
HIGH POC PATCH Act Now

Stack-based buffer overflow in libxml2's xmlBuildQName function allows remote unauthenticated attackers to crash affected systems via crafted XML input. The vulnerability affects libxml2 directly and downstream Red Hat products including OpenShift Container Platform 4.12-4.19, RHEL 7-10, and JBoss Core Services. With CVSS 7.5 (AV:N/AC:L/PR:N/UI:N), EPSS 0.75% (73rd percentile), and publicly available exploit code, this represents a moderate real-world risk focused on availability disruption rather than code execution or data compromise.

Buffer Overflow Denial Of Service Integer Overflow +20
NVD
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.

Buffer Overflow Information Disclosure Libarchive +2
NVD GitHub
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.

Buffer Overflow Memory Corruption Libarchive +2
NVD GitHub
EPSS 0% CVSS 5.6
MEDIUM PATCH This Month

A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.

Buffer Overflow Integer Overflow Libarchive +2
NVD GitHub
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.

Buffer Overflow Heap Overflow Denial Of Service +3
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

CVE-2025-5914 is an integer overflow vulnerability in libarchive's archive_read_format_rar_seek_data() function that leads to a double-free memory corruption condition. This affects all users of libarchive who process untrusted RAR archive files, potentially allowing arbitrary code execution or denial-of-service with user interaction (opening a malicious RAR file). While no KEV listing or confirmed public exploits are currently documented, the high CVSS score (7.8) and memory safety nature of the vulnerability indicate significant real-world risk if weaponized.

Buffer Overflow RCE Enterprise Linux +3
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

CVE-2025-47711 is a security vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Information Disclosure Nbdkit Enterprise Linux Advanced Virtualization +1
NVD
EPSS 0% CVSS 4.7
MEDIUM POC PATCH This Month

A vulnerability was found in systemd-coredump. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Information Disclosure Linux Systemd +3
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A flaw was found in the FreeRDP used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Freerdp +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A flaw was found in the mod_auth_openidc module for Apache httpd. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Denial Of Service Http Server +2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via read_arcobject function. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Fig2Dev +1
NVD
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

A flaw was found in fig2dev. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Fig2Dev +1
NVD
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation via read_objects function. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Fig2Dev +1
NVD
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

A flaw was found in xfig. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Fig2Dev +1
NVD
EPSS 1% CVSS 7.4
HIGH POC PATCH This Week

A flaw was found in Yelp. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Yelp Debian Linux +19
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM POC PATCH This Month

A flaw was found in libsoup. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Libsoup +20
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A flaw was found in grub2. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow RCE +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A flaw was found in the HFS filesystem. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Memory Corruption Buffer Overflow +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A stack overflow flaw was found when reading a BFS file system. Rated medium severity (CVSS 4.1). No vendor patch available.

Integer Overflow Denial Of Service Grub2 +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A use-after-free flaw was found in X.Org and Xwayland. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Information Disclosure +4
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A use-after-free flaw was found in X.Org and Xwayland. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Information Disclosure +4
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An access to an uninitialized pointer flaw was found in X.Org and Xwayland. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Tigervnc +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An out-of-bounds write flaw was found in X.Org and Xwayland. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Tigervnc +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A buffer overflow flaw was found in X.Org and Xwayland. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Tigervnc X Server +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A heap overflow flaw was found in X.Org and Xwayland. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Tigervnc +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A buffer overflow flaw was found in X.Org and Xwayland. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Tigervnc +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A use-after-free flaw was found in X.Org and Xwayland. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Information Disclosure +4
NVD VulDB
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

A flaw was found in grub2. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Grub2 +2
NVD
EPSS 60% CVSS 6.8
MEDIUM PATCH This Month

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 60.0%.

Information Disclosure SSH Openssh +5
NVD
EPSS 3% CVSS 9.8
CRITICAL POC PATCH Act Now

A heap-based buffer overflow flaw was found in the rsync daemon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Rsync +6
NVD GitHub
EPSS 3% CVSS 7.5
HIGH PATCH This Week

Arbitrary file write outside the intended destination in rsync's client-side `--safe-links` handling allows a malicious or compromised rsync server to bypass the symlink safety check via a path-traversal flaw (CWE-22). The client fails to recursively verify whether a symbolic-link target supplied by the server itself contains a nested symlink, so a controlled server can place files anywhere the rsync process can write. A detailed advisory was published by Google's security-research team (GHSA-p5pg-x43v-mvqj) as part of the January 2025 rsync vulnerability cluster, but the issue is not in CISA KEV and no public exploit identified at time of analysis; EPSS is moderate at 2.89% (86th percentile).

Path Traversal Rsync Discovery +17
NVD GitHub VulDB
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

Server-to-client path traversal in rsync lets a malicious or compromised rsync server write files outside the client's intended destination directory by abusing the `--inc-recursive` incremental-recursion mode. Because the server can negotiate `--inc-recursive` even when the client does not request it, missing symlink validation combined with per-file-list deduplication allows arbitrary file placement on the connecting client. Publicly available exploit code exists, EPSS is 3.19% (87th percentile), and Red Hat has shipped fixes, but it is not currently listed in CISA KEV.

Path Traversal Rsync Almalinux +15
NVD GitHub
EPSS 1% CVSS 6.8
MEDIUM POC PATCH This Month

A flaw was found in rsync. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Rsync Openshift Container Platform +6
NVD GitHub VulDB
EPSS 19% CVSS 7.5
HIGH POC PATCH THREAT Act Now

A flaw was found in rsync which could be triggered when rsync compares file checksums. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 19.1%.

Information Disclosure Rsync Openshift +19
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mutt Neomutt +1
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Mutt +2
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Jwt Attack Mutt +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: parport: Proper fix for array out-of-bounds access The recent fix for array out-of-bounds accesses replaced sprintf() calls blindly. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A flaw was found in QEMU. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Qemu Enterprise Linux
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in FRRouting (FRR) through 10.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Frrouting Enterprise Linux
NVD GitHub
EPSS 2% CVSS 7.5
HIGH This Week

A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Libtiff +4
NVD
EPSS 1% CVSS 7.7
HIGH This Week

A flaw was found in Podman. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Podman Openshift Container Platform +2
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A flaw was found in the 389 Directory Server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Directory Server 389 Directory Server +1
NVD GitHub
EPSS 1% CVSS 6.8
MEDIUM This Month

A flaw was found in the virtio-net device in QEMU. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Qemu +1
NVD
EPSS 48% 4.6 CVSS 8.1
HIGH POC PATCH THREAT Act Now

Remote code execution in OpenSSH's sshd server (regression of CVE-2006-5051) allows unauthenticated remote attackers to exploit a signal handler race condition by failing to authenticate within the LoginGraceTime window, potentially yielding root-level code execution on glibc-based Linux systems. The flaw - widely known as 'regreSSHion' - affects numerous distributions and vendor appliances including Ubuntu 23.10/24.04, AlmaLinux 9, SonicWall SMA firmware, Arista EOS, NetApp ONTAP, and others. Publicly available exploit code exists and EPSS scores it at 48.06% (98th percentile), reflecting very high exploitation likelihood, though it is not currently listed in CISA KEV.

Information Disclosure SSH Sma 6200 Firmware +53
NVD GitHub Exploit-DB
EPSS 0% CVSS 6.7
MEDIUM This Month

A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. Rated medium severity (CVSS 6.7). No vendor patch available.

Privilege Escalation Nano Enterprise Linux
NVD
EPSS 2% CVSS 8.1
HIGH This Week

A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Enterprise Linux Enterprise Linux Aus +3
NVD
Page 1 of 13 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy