Redhat

5108 CVEs vendor

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-13836 HIGH PATCH This Week

When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.

Denial Of Service Ubuntu Debian Python Redhat +1
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-64775 HIGH POC PATCH This Week

Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.0, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.

Denial Of Service Apache Ubuntu Debian Struts +1
NVD GitHub HeroDevs VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-27232 MEDIUM PATCH This Month

An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss.

SSRF Ubuntu Debian Frontend Redhat +1
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-66221 MEDIUM PATCH This Month

Werkzeug is a comprehensive WSGI web application library. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Microsoft Werkzeug Windows Redhat +1
NVD GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2025-61915 MEDIUM POC PATCH This Month

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Cups Redhat Suse
NVD GitHub
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-58436 MEDIUM POC PATCH This Month

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. Public exploit code available.

Denial Of Service Cups Redhat Suse
NVD GitHub
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-66034 MEDIUM POC PATCH This Month

fontTools is a library for manipulating fonts, written in Python. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required. Public exploit code available.

RCE Python Fonttools Redhat Suse
NVD GitHub
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-12183 HIGH PATCH This Week

Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Java Information Disclosure Redhat +1
NVD GitHub
CVSS 4.0
8.8
EPSS
0.1%
CVE-2025-12638 HIGH PATCH This Week

Keras version 3.11.3 is affected by a path traversal vulnerability in the keras.utils.get_file() function when extracting tar archives. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal RCE Python Redhat
NVD
CVSS 3.0
8.0
EPSS
0.0%
CVE-2025-66035 HIGH PATCH This Week

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Redhat
NVD GitHub
CVSS 4.0
7.7
EPSS
0.1%
CVE-2025-66031 HIGH PATCH This Week

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Forge Redhat
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-66030 MEDIUM PATCH This Month

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Forge Redhat
NVD GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2025-64344 HIGH PATCH This Week

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Stack Overflow Buffer Overflow Suricata Redhat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-64334 HIGH PATCH This Week

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Suricata Redhat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-64333 HIGH PATCH This Week

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Suricata Redhat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-64332 HIGH PATCH This Week

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Stack Overflow Buffer Overflow Suricata Redhat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-64331 HIGH PATCH This Week

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Suricata Redhat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-64330 HIGH PATCH This Week

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Heap Overflow Suricata Redhat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-62593 CRITICAL PATCH Act Now

Ray is an AI compute engine. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple RCE Code Injection Mozilla Firefox +2
NVD GitHub
CVSS 4.0
9.4
EPSS
0.0%
CVE-2025-13601 HIGH POC PATCH This Week

A heap-based buffer overflow vulnerability exists in the glib library's g_escape_uri_string() function due to an integer overflow in buffer size calculation when processing strings with a very large number of characters requiring URI escaping. This vulnerability affects multiple Red Hat Enterprise Linux 9.0 and 10.0 distributions across various architectures (x86_64, ARM64, IBM Z, Power). A proof-of-concept exploit is publicly available, though EPSS scoring indicates only 0.01% exploitation probability (1st percentile), suggesting limited active exploitation in the wild despite the availability of exploit code.

Buffer Overflow Enterprise Linux For Power Little Endian Eus Enterprise Linux Server For Power Little Endian Enterprise Linux Server For Power Little Endian Eus Discovery +27
NVD
CVSS 3.1
7.7
EPSS
0.0%
CVE-2025-13674 MEDIUM PATCH This Month

BPv7 dissector crash in Wireshark 4.6.0 allows denial of service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Wireshark Redhat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-59820 MEDIUM PATCH This Month

In KDE Krita before 5.2.13, loading a manipulated TGA file could result in a heap-based buffer overflow in plugins/impex/tga/kis_tga_import.cpp (aka KisTgaImport). Rated medium severity (CVSS 6.7), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Redhat Suse
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-66021 HIGH POC PATCH This Week

OWASP Java HTML Sanitizer is a configureable HTML Sanitizer written in Java, allowing inclusion of HTML authored by third-parties in web applications while protecting against XSS. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Java Java Html Sanitizer Redhat
NVD GitHub
CVSS 4.0
8.6
EPSS
0.0%
CVE-2025-66019 MEDIUM PATCH This Month

pypdf is a free and open-source pure-python PDF library. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Python Redhat Suse
NVD GitHub
CVSS 4.0
6.6
EPSS
0.1%
CVE-2025-12816 HIGH POC PATCH This Week

An interpretation-conflict (CWE-436) vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Forge Redhat Suse
NVD GitHub
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-13467 MEDIUM PATCH This Month

A flaw was found in the Keycloak LDAP User Federation provider. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Java Redhat
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-13502 HIGH PATCH This Week

A flaw was found in WebKitGTK and WPE WebKit. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure Safari Redhat +1
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-65018 HIGH POC PATCH This Week

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Libpng Redhat Suse
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-64720 HIGH POC PATCH This Week

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libpng Redhat Suse
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-64506 MEDIUM PATCH This Month

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Libpng Redhat Suse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-64505 MEDIUM PATCH This Month

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Libpng Redhat Suse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-13466 MEDIUM PATCH This Month

body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Redhat
NVD GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-13609 HIGH PATCH This Week

A critical authentication bypass vulnerability in Keylime allows attackers with high privileges to register malicious agents using different TPM devices while claiming existing agent UUIDs, effectively overwriting legitimate agent identities. This enables impersonation of trusted agents and potential bypass of security controls in the remote attestation system. With an EPSS score of 0.07% (21st percentile) and no known KEV listing, the vulnerability has a high CVSS score of 8.2 but relatively low real-world exploitation likelihood.

Authentication Bypass Redhat Suse
NVD GitHub
CVSS 3.1
8.2
EPSS
0.1%
CVE-2025-65106 HIGH PATCH This Month

LangChain is a framework for building agents and LLM-powered applications. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Python Ssti Langchain AI / ML +1
NVD GitHub
CVSS 4.0
8.3
EPSS
0.1%
CVE-2025-62609 MEDIUM POC PATCH This Month

MLX is an array framework for machine learning on Apple silicon. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Apple Mlx Redhat
NVD GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-62608 MEDIUM POC PATCH This Month

MLX is an array framework for machine learning on Apple silicon. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Apple Buffer Overflow Heap Overflow Mlx +1
NVD GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-13470 HIGH PATCH This Month

In RNP version 0.18.0 a refactoring regression causes the symmetric session key used for Public-Key Encrypted Session Key (PKESK) packets to be left uninitialized except for zeroing, resulting in it. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Redhat Suse
NVD GitHub
CVSS 4.0
7.7
EPSS
0.0%
CVE-2025-41115 CRITICAL PATCH This Week

SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in April to improve how organizations manage users and teams in Grafana by introducing automated user lifecycle management. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Grafana Privilege Escalation Redhat Suse
NVD
CVSS 3.1
10.0
EPSS
0.0%
CVE-2025-13499 HIGH PATCH This Month

Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows denial of service. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Wireshark Redhat Suse
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-62426 MEDIUM PATCH This Month

vLLM is an inference and serving engine for large language models (LLMs). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Vllm Redhat
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-62372 HIGH PATCH This Month

vLLM is an inference and serving engine for large language models (LLMs). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Vllm Redhat
NVD GitHub
CVSS 4.0
8.3
EPSS
0.1%
CVE-2025-62164 HIGH PATCH This Month

vLLM is an inference and serving engine for large language models (LLMs). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow RCE Vllm Pytorch AI / ML +1
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-13437 MEDIUM PATCH This Month

When zx is invoked with --prefer-local=<path>, the CLI creates a symlink named ./node_modules pointing to <path>/node_modules. Rated medium severity (CVSS 5.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Redhat
NVD GitHub
CVSS 4.0
5.6
EPSS
0.0%
CVE-2025-58181 MEDIUM PATCH This Month

SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Crypto Redhat Suse
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-47914 MEDIUM PATCH This Month

SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Crypto Redhat Suse
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-11230 HIGH PATCH This Month

Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Aloha Appliance Haproxy Haproxy Enterprise Kubernetes Ingress Controller +2
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-65015 CRITICAL POC PATCH Act Now

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standards. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Python Joserfc Redhat Suse
NVD GitHub
CVSS 4.0
9.2
EPSS
0.1%
CVE-2025-64324 HIGH POC PATCH This Week

KubeVirt is a virtual machine management add-on for Kubernetes. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Kubernetes Kubevirt Redhat Suse
NVD GitHub
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-61664 MEDIUM PATCH Monitor

A vulnerability in the GRUB2 bootloader has been identified in the normal module. Rated medium severity (CVSS 4.9), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Redhat Suse
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-61663 MEDIUM PATCH Monitor

A vulnerability has been identified in the GRUB2 bootloader's normal command that poses an immediate Denial of Service (DoS) risk. Rated medium severity (CVSS 4.9), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Redhat Suse
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-61661 MEDIUM PATCH Monitor

A vulnerability has been identified in the GRUB (Grand Unified Bootloader) component. Rated medium severity (CVSS 4.8), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Redhat Suse
NVD VulDB
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-54771 MEDIUM PATCH Monitor

A use-after-free vulnerability has been identified in the GNU GRUB (Grand Unified Bootloader). Rated medium severity (CVSS 4.9), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Redhat Suse
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-54770 MEDIUM PATCH Monitor

A vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service (DoS) risk. Rated medium severity (CVSS 4.9), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Redhat Suse
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-64076 HIGH POC PATCH This Month

Multiple vulnerabilities exist in cbor2 through version 5.7.0 in the decode_definite_long_string() function of the C extension decoder (source/decoder.c): (1) Integer Underflow Leading to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Integer Overflow Buffer Overflow Python Cbor2 +2
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-10158 MEDIUM PATCH Monitor

A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Redhat Suse
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-13230 HIGH This Month

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Information Disclosure Chrome Redhat
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-13229 HIGH This Month

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Information Disclosure Chrome Redhat
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-13228 HIGH This Month

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Information Disclosure Chrome Redhat
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-13227 HIGH This Month

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Information Disclosure Chrome Redhat
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-13226 HIGH This Month

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Information Disclosure Chrome Redhat
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-13224 HIGH PATCH This Month

Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Information Disclosure Chrome Redhat +1
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-13223 HIGH KEV PATCH THREAT Act Now

Google Chrome V8 contains a type confusion vulnerability in the JavaScript engine, the second V8 type confusion zero-day in 2025, exploited in targeted attacks.

Memory Corruption Google Information Disclosure Chrome Redhat +1
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2025-64756 HIGH POC PATCH This Month

Glob matches files using patterns the shell uses. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available.

Command Injection RCE Glob Redhat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-13193 MEDIUM PATCH This Month

A flaw was found in libvirt. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Privilege Escalation Redhat Suse
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-65073 HIGH PATCH This Month

OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Redhat
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-13033 HIGH PATCH This Month

A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Redhat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-13204 HIGH POC PATCH This Month

npm package `expr-eval` is vulnerable to Prototype Pollution. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Prototype Pollution RCE Javascript Expression Evaluator Redhat
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-9479 MEDIUM POC Monitor

Out of bounds read in V8 in Google Chrome prior to 133.0.6943.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Buffer Overflow Information Disclosure Chrome Redhat +1
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-13107 MEDIUM POC Monitor

Inappropriate implementation in Compositing in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Redhat
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-13097 MEDIUM POC This Month

Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google XSS Chrome Redhat
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-7017 HIGH POC This Month

Inappropriate implementation in DevTools in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Google Race Condition Information Disclosure Chrome Redhat
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-13178 MEDIUM POC Monitor

Inappropriate implementation in Fullscreen in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Redhat
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-47913 HIGH POC PATCH This Month

SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Ssh Redhat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-59840 HIGH PATCH This Month

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Redhat Suse
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-11538 MEDIUM PATCH This Month

A vulnerability exists in Keycloak's server distribution where enabling debug mode (--debug <port>) insecurely defaults to binding the Java Debug Wire Protocol (JDWP) port to all network interfaces. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required. No vendor patch available.

RCE Java Redhat
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-64718 MEDIUM PATCH This Month

js-yaml is a JavaScript YAML parser and dumper. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Prototype Pollution Information Disclosure Js Yaml Redhat Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-12818 MEDIUM POC PATCH This Month

Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Integer Overflow Buffer Overflow PostgreSQL Redhat Suse
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-64503 MEDIUM POC PATCH Monitor

cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Apple Buffer Overflow Cups Filters Libcupsfilters +3
NVD GitHub
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-64429 MEDIUM PATCH This Month

DuckDB is a SQL database management system. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure Duckdb Redhat
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-61667 HIGH This Month

The Datadog Agent collects events and metrics from hosts and sends them to Datadog. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

Python Microsoft Kubernetes Privilege Escalation Windows +1
NVD GitHub
CVSS 4.0
7.0
EPSS
0.0%
CVE-2024-47866 HIGH POC PATCH This Month

Ceph is a distributed object, block, and file storage platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ceph Redhat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-59089 MEDIUM PATCH This Month

If an attacker causes kdcproxy to connect to an attacker-controlled KDC server (e.g. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service SSRF Redhat Suse
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-59088 HIGH PATCH This Month

If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Redhat Suse
NVD GitHub
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-2843 HIGH PATCH This Month

A flaw was found in the Observability Operator. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Privilege Escalation Redhat
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-13042 HIGH PATCH This Month

Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.166 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Buffer Overflow Chrome Redhat +1
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-40164 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: usbnet: Fix using smp_processor_id() in preemptible code warnings Syzbot reported the following warning: BUG: using. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Redhat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-40149 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock(). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Information Disclosure Use After Free Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-37734 MEDIUM Monitor

Origin Validation Error in Kibana can lead to Server-Side Request Forgery via a forged Origin HTTP header processed by the Observability AI Assistant. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic SSRF Kibana Redhat
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-12748 MEDIUM PATCH This Month

A flaw was discovered in libvirt in the XML file processing. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Redhat Suse
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-13027 HIGH PATCH This Month

Memory safety bugs present in Firefox 144 and Thunderbird 144. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow RCE Mozilla Firefox Thunderbird +2
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-13836
EPSS 0% CVSS 7.5
HIGH PATCH This Week

When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.

Denial Of Service Ubuntu Debian +3
NVD GitHub
CVE-2025-64775
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.0, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.

Denial Of Service Apache Ubuntu +3
NVD GitHub HeroDevs VulDB
CVE-2025-27232
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss.

SSRF Ubuntu Debian +3
NVD
CVE-2025-66221
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Werkzeug is a comprehensive WSGI web application library. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Microsoft Werkzeug +3
NVD GitHub
CVE-2025-61915
EPSS 0% CVSS 6.0
MEDIUM POC PATCH This Month

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Cups Redhat +1
NVD GitHub
CVE-2025-58436
EPSS 0% CVSS 5.1
MEDIUM POC PATCH This Month

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. Public exploit code available.

Denial Of Service Cups Redhat +1
NVD GitHub
CVE-2025-66034
EPSS 0% CVSS 6.3
MEDIUM POC PATCH This Month

fontTools is a library for manipulating fonts, written in Python. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required. Public exploit code available.

RCE Python Fonttools +2
NVD GitHub
CVE-2025-12183
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Java +3
NVD GitHub
CVE-2025-12638
EPSS 0% CVSS 8.0
HIGH PATCH This Week

Keras version 3.11.3 is affected by a path traversal vulnerability in the keras.utils.get_file() function when extracting tar archives. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal RCE Python +1
NVD
CVE-2025-66035
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Redhat
NVD GitHub
CVE-2025-66031
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Forge Redhat
NVD GitHub
CVE-2025-66030
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Forge +1
NVD GitHub
CVE-2025-64344
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Stack Overflow Buffer Overflow Suricata +2
NVD GitHub
CVE-2025-64334
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Suricata Redhat +1
NVD GitHub
CVE-2025-64333
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Suricata +2
NVD GitHub
CVE-2025-64332
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Stack Overflow Buffer Overflow Suricata +2
NVD GitHub
CVE-2025-64331
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Suricata +2
NVD GitHub
CVE-2025-64330
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Heap Overflow Suricata +2
NVD GitHub
CVE-2025-62593
EPSS 0% CVSS 9.4
CRITICAL PATCH Act Now

Ray is an AI compute engine. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple RCE Code Injection +4
NVD GitHub
CVE-2025-13601
EPSS 0% CVSS 7.7
HIGH POC PATCH This Week

A heap-based buffer overflow vulnerability exists in the glib library's g_escape_uri_string() function due to an integer overflow in buffer size calculation when processing strings with a very large number of characters requiring URI escaping. This vulnerability affects multiple Red Hat Enterprise Linux 9.0 and 10.0 distributions across various architectures (x86_64, ARM64, IBM Z, Power). A proof-of-concept exploit is publicly available, though EPSS scoring indicates only 0.01% exploitation probability (1st percentile), suggesting limited active exploitation in the wild despite the availability of exploit code.

Buffer Overflow Enterprise Linux For Power Little Endian Eus Enterprise Linux Server For Power Little Endian +29
NVD
CVE-2025-13674
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

BPv7 dissector crash in Wireshark 4.6.0 allows denial of service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Wireshark +2
NVD
CVE-2025-59820
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

In KDE Krita before 5.2.13, loading a manipulated TGA file could result in a heap-based buffer overflow in plugins/impex/tga/kis_tga_import.cpp (aka KisTgaImport). Rated medium severity (CVSS 6.7), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Redhat Suse
NVD
CVE-2025-66021
EPSS 0% CVSS 8.6
HIGH POC PATCH This Week

OWASP Java HTML Sanitizer is a configureable HTML Sanitizer written in Java, allowing inclusion of HTML authored by third-parties in web applications while protecting against XSS. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Java Java Html Sanitizer +1
NVD GitHub
CVE-2025-66019
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

pypdf is a free and open-source pure-python PDF library. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Python Redhat +1
NVD GitHub
CVE-2025-12816
EPSS 0% CVSS 8.6
HIGH POC PATCH This Week

An interpretation-conflict (CWE-436) vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Forge Redhat +1
NVD GitHub
CVE-2025-13467
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in the Keycloak LDAP User Federation provider. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Java Redhat
NVD GitHub
CVE-2025-13502
EPSS 0% CVSS 7.5
HIGH PATCH This Week

A flaw was found in WebKitGTK and WPE WebKit. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Information Disclosure +3
NVD
CVE-2025-65018
EPSS 0% CVSS 7.1
HIGH POC PATCH This Week

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Libpng +2
NVD GitHub
CVE-2025-64720
EPSS 0% CVSS 7.1
HIGH POC PATCH This Week

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libpng +2
NVD GitHub
CVE-2025-64506
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Libpng +2
NVD GitHub
CVE-2025-64505
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Libpng +2
NVD GitHub
CVE-2025-13466
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Redhat
NVD GitHub
CVE-2025-13609
EPSS 0% CVSS 8.2
HIGH PATCH This Week

A critical authentication bypass vulnerability in Keylime allows attackers with high privileges to register malicious agents using different TPM devices while claiming existing agent UUIDs, effectively overwriting legitimate agent identities. This enables impersonation of trusted agents and potential bypass of security controls in the remote attestation system. With an EPSS score of 0.07% (21st percentile) and no known KEV listing, the vulnerability has a high CVSS score of 8.2 but relatively low real-world exploitation likelihood.

Authentication Bypass Redhat Suse
NVD GitHub
CVE-2025-65106
EPSS 0% CVSS 8.3
HIGH PATCH This Month

LangChain is a framework for building agents and LLM-powered applications. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Python Ssti +3
NVD GitHub
CVE-2025-62609
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

MLX is an array framework for machine learning on Apple silicon. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Apple +2
NVD GitHub
CVE-2025-62608
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

MLX is an array framework for machine learning on Apple silicon. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Apple Buffer Overflow +3
NVD GitHub
CVE-2025-13470
EPSS 0% CVSS 7.7
HIGH PATCH This Month

In RNP version 0.18.0 a refactoring regression causes the symmetric session key used for Public-Key Encrypted Session Key (PKESK) packets to be left uninitialized except for zeroing, resulting in it. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Redhat Suse
NVD GitHub
CVE-2025-41115
EPSS 0% CVSS 10.0
CRITICAL PATCH This Week

SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in April to improve how organizations manage users and teams in Grafana by introducing automated user lifecycle management. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Grafana Privilege Escalation Redhat +1
NVD
CVE-2025-13499
EPSS 0% CVSS 7.8
HIGH PATCH This Month

Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows denial of service. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Wireshark +2
NVD
CVE-2025-62426
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

vLLM is an inference and serving engine for large language models (LLMs). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Vllm Redhat
NVD GitHub
CVE-2025-62372
EPSS 0% CVSS 8.3
HIGH PATCH This Month

vLLM is an inference and serving engine for large language models (LLMs). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Vllm Redhat
NVD GitHub
CVE-2025-62164
EPSS 0% CVSS 8.8
HIGH PATCH This Month

vLLM is an inference and serving engine for large language models (LLMs). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow RCE Vllm +3
NVD GitHub
CVE-2025-13437
EPSS 0% CVSS 5.6
MEDIUM PATCH This Month

When zx is invoked with --prefer-local=<path>, the CLI creates a symlink named ./node_modules pointing to <path>/node_modules. Rated medium severity (CVSS 5.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Redhat
NVD GitHub
CVE-2025-58181
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Crypto Redhat +1
NVD
CVE-2025-47914
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Crypto +2
NVD
CVE-2025-11230
EPSS 0% CVSS 7.5
HIGH PATCH This Month

Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Aloha Appliance Haproxy +4
NVD
CVE-2025-65015
EPSS 0% CVSS 9.2
CRITICAL POC PATCH Act Now

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standards. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Python Joserfc +2
NVD GitHub
CVE-2025-64324
EPSS 0% CVSS 8.5
HIGH POC PATCH This Week

KubeVirt is a virtual machine management add-on for Kubernetes. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Kubernetes Kubevirt +2
NVD GitHub
CVE-2025-61664
EPSS 0% CVSS 4.9
MEDIUM PATCH Monitor

A vulnerability in the GRUB2 bootloader has been identified in the normal module. Rated medium severity (CVSS 4.9), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Redhat Suse
NVD VulDB
CVE-2025-61663
EPSS 0% CVSS 4.9
MEDIUM PATCH Monitor

A vulnerability has been identified in the GRUB2 bootloader's normal command that poses an immediate Denial of Service (DoS) risk. Rated medium severity (CVSS 4.9), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Redhat Suse
NVD VulDB
CVE-2025-61661
EPSS 0% CVSS 4.8
MEDIUM PATCH Monitor

A vulnerability has been identified in the GRUB (Grand Unified Bootloader) component. Rated medium severity (CVSS 4.8), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Redhat Suse
NVD VulDB
CVE-2025-54771
EPSS 0% CVSS 4.9
MEDIUM PATCH Monitor

A use-after-free vulnerability has been identified in the GNU GRUB (Grand Unified Bootloader). Rated medium severity (CVSS 4.9), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Redhat Suse
NVD VulDB
CVE-2025-54770
EPSS 0% CVSS 4.9
MEDIUM PATCH Monitor

A vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service (DoS) risk. Rated medium severity (CVSS 4.9), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Redhat Suse
NVD VulDB
CVE-2025-64076
EPSS 0% CVSS 7.5
HIGH POC PATCH This Month

Multiple vulnerabilities exist in cbor2 through version 5.7.0 in the decode_definite_long_string() function of the C extension decoder (source/decoder.c): (1) Integer Underflow Leading to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Integer Overflow Buffer Overflow +4
NVD GitHub
CVE-2025-10158
EPSS 0% CVSS 4.3
MEDIUM PATCH Monitor

A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Redhat Suse
NVD GitHub VulDB
CVE-2025-13230
EPSS 0% CVSS 8.8
HIGH This Month

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Information Disclosure +2
NVD
CVE-2025-13229
EPSS 0% CVSS 8.8
HIGH This Month

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Information Disclosure +2
NVD
CVE-2025-13228
EPSS 0% CVSS 8.8
HIGH This Month

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Information Disclosure +2
NVD
CVE-2025-13227
EPSS 0% CVSS 8.8
HIGH This Month

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Information Disclosure +2
NVD
CVE-2025-13226
EPSS 0% CVSS 8.8
HIGH This Month

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Information Disclosure +2
NVD
CVE-2025-13224
EPSS 0% CVSS 8.8
HIGH PATCH This Month

Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Information Disclosure +3
NVD
CVE-2025-13223
EPSS 3% CVSS 8.8
HIGH KEV PATCH THREAT Act Now

Google Chrome V8 contains a type confusion vulnerability in the JavaScript engine, the second V8 type confusion zero-day in 2025, exploited in targeted attacks.

Memory Corruption Google Information Disclosure +3
NVD
CVE-2025-64756
EPSS 0% CVSS 7.5
HIGH POC PATCH This Month

Glob matches files using patterns the shell uses. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available.

Command Injection RCE Glob +2
NVD GitHub
CVE-2025-13193
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in libvirt. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Privilege Escalation Redhat +1
NVD
CVE-2025-65073
EPSS 0% CVSS 7.5
HIGH PATCH This Month

OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Redhat
NVD
CVE-2025-13033
EPSS 0% CVSS 7.5
HIGH PATCH This Month

A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Redhat
NVD GitHub
CVE-2025-13204
EPSS 0% CVSS 7.3
HIGH POC PATCH This Month

npm package `expr-eval` is vulnerable to Prototype Pollution. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Prototype Pollution RCE +2
NVD GitHub
CVE-2025-9479
EPSS 0% CVSS 4.3
MEDIUM POC Monitor

Out of bounds read in V8 in Google Chrome prior to 133.0.6943.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Buffer Overflow Information Disclosure +3
NVD
CVE-2025-13107
EPSS 0% CVSS 4.3
MEDIUM POC Monitor

Inappropriate implementation in Compositing in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome +1
NVD
CVE-2025-13097
EPSS 0% CVSS 5.4
MEDIUM POC This Month

Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google XSS Chrome +1
NVD
CVE-2024-7017
EPSS 0% CVSS 7.5
HIGH POC This Month

Inappropriate implementation in DevTools in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Google Race Condition Information Disclosure +2
NVD
CVE-2024-13178
EPSS 0% CVSS 4.3
MEDIUM POC Monitor

Inappropriate implementation in Fullscreen in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome +1
NVD
CVE-2025-47913
EPSS 0% CVSS 7.5
HIGH POC PATCH This Month

SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Ssh Redhat +1
NVD GitHub
CVE-2025-59840
EPSS 0% CVSS 8.1
HIGH PATCH This Month

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Redhat +1
NVD GitHub
CVE-2025-11538
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

A vulnerability exists in Keycloak's server distribution where enabling debug mode (--debug <port>) insecurely defaults to binding the Java Debug Wire Protocol (JDWP) port to all network interfaces. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required. No vendor patch available.

RCE Java Redhat
NVD GitHub
CVE-2025-64718
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

js-yaml is a JavaScript YAML parser and dumper. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Prototype Pollution Information Disclosure Js Yaml +2
NVD GitHub
CVE-2025-12818
EPSS 0% CVSS 5.9
MEDIUM POC PATCH This Month

Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Integer Overflow Buffer Overflow PostgreSQL +2
NVD GitHub
CVE-2025-64503
EPSS 0% CVSS 4.0
MEDIUM POC PATCH Monitor

cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Apple Buffer Overflow +5
NVD GitHub
CVE-2025-64429
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

DuckDB is a SQL database management system. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure Duckdb +1
NVD GitHub
CVE-2025-61667
EPSS 0% CVSS 7.0
HIGH This Month

The Datadog Agent collects events and metrics from hosts and sends them to Datadog. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

Python Microsoft Kubernetes +3
NVD GitHub
CVE-2024-47866
EPSS 0% CVSS 7.5
HIGH POC PATCH This Month

Ceph is a distributed object, block, and file storage platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ceph Redhat +1
NVD GitHub
CVE-2025-59089
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

If an attacker causes kdcproxy to connect to an attacker-controlled KDC server (e.g. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service SSRF Redhat +1
NVD GitHub
CVE-2025-59088
EPSS 0% CVSS 8.6
HIGH PATCH This Month

If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Redhat Suse
NVD GitHub
CVE-2025-2843
EPSS 0% CVSS 8.8
HIGH PATCH This Month

A flaw was found in the Observability Operator. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Privilege Escalation Redhat
NVD
CVE-2025-13042
EPSS 0% CVSS 8.8
HIGH PATCH This Month

Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.166 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Buffer Overflow +3
NVD
CVE-2025-40164
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: usbnet: Fix using smp_processor_id() in preemptible code warnings Syzbot reported the following warning: BUG: using. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel +2
NVD
CVE-2025-40149
EPSS 0% CVSS 7.8
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock(). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Information Disclosure +4
NVD
CVE-2025-37734
EPSS 0% CVSS 4.3
MEDIUM Monitor

Origin Validation Error in Kibana can lead to Server-Side Request Forgery via a forged Origin HTTP header processed by the Observability AI Assistant. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic SSRF Kibana +1
NVD
CVE-2025-12748
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A flaw was discovered in libvirt in the XML file processing. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Redhat Suse
NVD
CVE-2025-13027
EPSS 0% CVSS 8.1
HIGH PATCH This Month

Memory safety bugs present in Firefox 144 and Thunderbird 144. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow RCE Mozilla +4
NVD
Prev Page 15 of 57 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy