Redhat
Monthly
Shared Access Signature token is not masked in the backup configuration response and is also exposed in the yb_backup logs. Rated medium severity (CVSS 6.8). No vendor patch available.
A vulnerability was determined in LibTIFF up to 4.5.1. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
YugabyteDB diagnostic information was transmitted over HTTP, which could expose sensitive data during transmission. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
YugabyteDB has been collecting diagnostics information from YugabyteDB servers, which may include sensitive gflag configurations. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btnxpuart: Resolve TX timeout error in power save stress test This fixes the tx timeout issue seen while running a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
A vulnerability, which was classified as problematic, was found in GNU libopts up to 27.6. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in libxml2 up to 2.14.5. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
skops is a Python library which helps users share and ship their scikit-learn based models. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
ruby-jwt v3.0.0.beta1 was discovered to contain weak encryption. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A null pointer dereference vulnerability exists in GStreamer's subparse plugin, specifically in the tmplayer_parse_line function when processing malformed subtitle files. This affects GStreamer through version 1.26.1 and can be triggered by an unauthenticated attacker over the network with moderate complexity, resulting in application crash (denial of service) and potential information disclosure. A public proof-of-concept exploit is available, but the EPSS score of 0.09% (25th percentile) indicates relatively low real-world exploitation probability despite POC availability.
A NULL pointer dereference vulnerability exists in GStreamer's subparse plugin, specifically in the subrip_unescape_formatting function, which can crash applications when processing maliciously crafted or malformed subtitle files. GStreamer versions through 1.26.1 are affected, and the vulnerability is exploitable through local attack vectors requiring user interaction to open a subtitle file. A public proof-of-concept is available, though the low EPSS score of 0.03% (7th percentile) suggests limited real-world exploitation likelihood despite the availability of exploit code.
GStreamer's subparse plugin contains a stack-based buffer overflow in the parse_subrip_time function that allows attackers to write data past buffer boundaries, resulting in application crashes and potential information disclosure. Affected versions through 1.26.1 are vulnerable when processing specially crafted subtitle files. A proof-of-concept exploit is publicly available, and while the EPSS score of 0.07% suggests low exploitation probability overall, the availability of working exploit code elevates practical risk for systems processing untrusted subtitle content.
A heap buffer over-read vulnerability exists in GStreamer's isomp4 plugin that allows reading past allocated memory boundaries when parsing specially crafted MP4 files. This affects GStreamer through version 1.26.1 and can lead to information disclosure of heap memory contents. A public proof-of-concept exploit is available, though the EPSS score of 0.09% suggests relatively low exploitation likelihood in the wild.
A heap buffer over-read vulnerability exists in GStreamer's isomp4 plugin (qtdemux_parse_tree function) when parsing MP4 files, affecting versions through 1.26.1. The vulnerability allows local attackers with user-level privileges who can trick a user into opening a malicious MP4 file to disclose sensitive heap memory contents and potentially cause application crashes. Publicly available proof-of-concept code exists, and while the EPSS score of 0.02% indicates low exploitation probability overall, the presence of public exploits and the information disclosure capability warrant prompt patching.
Operator-SDK before version 0.15.2 scaffolds operator container images with an insecure user_setup script that leaves the /etc/passwd file with group-writable permissions (mode 664) and root group ownership, enabling any non-root container user who is a member of the root group to modify /etc/passwd and add arbitrary users with UID 0, achieving full container root compromise. Developers who used affected versions to build operators may still be deploying vulnerable container images if the insecure script persists in their build pipelines. The vulnerability carries a CVSS score of 6.4 with high complexity and high privilege requirements (CVSS:3.1/AV:L/AC:H/PR:H), but an EPSS score of 0.01% indicates minimal real-world exploitation likelihood; no public exploit code or active exploitation has been confirmed.
Cancelling a query (e.g. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required.
openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers (ACRH) header whose value contains many commas. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability was found in Keycloak-services. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A Regular Expression Denial of Service (ReDoS) vulnerability exists in the Hugging Face Transformers library, specifically in the `convert_tf_weight_name_to_pt_weight_name()` function. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Vault and Vault Enterprise’s (“Vault”) ldap auth method may not have correctly enforced MFA if username_as_alias was set to true and a user had multiple CNs that are equal but with leading or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
OpenJPEG is an open-source JPEG 2000 codec. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
Russh is a Rust SSH client & server library. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
A flaw was found in the Ansible aap-gateway. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.
Grafana is an open-source platform for monitoring and observability. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In iperf before 3.19.1, net.c has a buffer overflow when --skip-rx-copy is used (for MSG_TRUNC in recv). Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required.
In iperf before 3.19.1, iperf_auth.c has an off-by-one error and resultant heap-based buffer overflow. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required.
Traefik is an HTTP reverse proxy and load balancer. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.
Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as [+trusted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Vault and Vault Enterprise’s (“Vault”) login MFA rate limits could be bypassed and TOTP tokens could be reused. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Vault and Vault Enterprise’s (“Vault”) TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity period. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Vault and Vault Enterprise’s (“Vault”) user lockout feature could be bypassed for Userpass and LDAP authentication methods. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A privileged Vault operator within the root namespace with write permission to {{sys/audit}} may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s token privileges to Vault’s root policy. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Squid is a caching proxy for the Web. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
jose v6.0.10 was discovered to contain weak encryption. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Out-of-bounds read in Apple Safari and system WebKit implementations allows local attackers to disclose internal application state by processing maliciously crafted web content, affecting Safari 18.5 and earlier, iOS 18.5 and earlier, iPadOS 18.5 and earlier, macOS Sequoia 15.5 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. The vulnerability requires local access and user interaction but poses information disclosure risk with CVSS 4.0 and EPSS 0.02% (very low exploitation probability); no public exploit code or active exploitation has been identified.
Safari and macOS contain a logic flaw that allows incorrect association of a download's origin, potentially disclosing information about file provenance to local attackers. The vulnerability affects Safari 18.6 and earlier, plus macOS Sequoia 15.6 and earlier, and requires local access (no authentication needed) to exploit. This is a low-exploitation-probability issue (EPSS 0.03%) with no confirmed active exploitation or public POC at time of analysis.
Address bar spoofing in Apple Safari, iOS, and iPadOS allows remote attackers to deceive users about the website they are visiting through malicious web content, exploiting a user interface flaw that fails to adequately distinguish legitimate from spoofed address bar information. The vulnerability affects Safari before version 18.6, iOS before 18.6, and iPadOS before 18.6, and requires user interaction to visit a malicious site. No public exploit code or active exploitation has been confirmed; the EPSS score of 0.04% reflects low real-world exploitation probability despite the network attack vector.
Information disclosure vulnerability in WebKit across Apple's ecosystem allows unauthenticated remote attackers to extract sensitive user information through maliciously crafted web content. The flaw affects Safari 18.x, iOS/iPadOS 18.x, macOS Sequoia 15.x, tvOS 18.x, visionOS 2.x, and watchOS 11.x, stemming from improper state management (CWE-359). Despite a CVSS score of 7.5, real-world exploitation risk remains relatively low with 0.13% EPSS probability and no public exploit identified at time of analysis. Vendor-released patches are available across all affected platforms.
Safari and Apple operating systems contain a use-after-free vulnerability in web content processing that causes unexpected application crashes when users visit maliciously crafted websites. The flaw affects Safari 18.5 and earlier, iOS 18.5 and earlier, iPadOS 18.5 and earlier (also iPadOS 17.7.8 and earlier), macOS Sequoia 15.5 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. Remote attackers can trigger a denial-of-service condition requiring only user interaction to visit a malicious page, with no elevated privileges required. Apple has released patches for all affected platforms; the EPSS score of 0.10% (28th percentile) indicates low real-world exploitation probability despite the accessibility of the attack vector.
Safari and related Apple platforms crash when processing maliciously crafted web content due to improper memory handling in a buffer overflow condition (CWE-119). The vulnerability affects Safari 18.5 and earlier, iOS 18.5 and earlier, iPadOS 18.5 and earlier, macOS Sequoia 15.5 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. An unauthenticated remote attacker can trigger denial of service by hosting or injecting malicious web content that causes an unexpected browser crash. No public exploit code or active exploitation has been confirmed at time of analysis, though the low EPSS score (0.15%) suggests minimal real-world exploitation likelihood despite the moderate CVSS 6.5 severity.
Safari and Apple platform web content processing crashes due to a buffer overflow vulnerability when handling maliciously crafted web content. Affects Safari 18.5 and earlier, iOS 18.5 and earlier, iPadOS 18.5 and earlier, macOS Sequoia 15.5 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. Unauthenticated remote attackers can trigger a denial of service by enticing users to visit a malicious webpage, resulting in application crash with no data theft or code execution capability. No public exploit identified at time of analysis; EPSS score of 0.12% indicates low real-world exploitation probability despite moderate CVSS rating.
Safari and related Apple platforms crash when processing maliciously crafted web content due to a memory handling vulnerability (buffer overflow). Affects Safari 18.5 and earlier, iOS 18.5 and earlier, iPadOS 18.5 and earlier, macOS Sequoia 15.5 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. An unauthenticated remote attacker can trigger a denial of service by hosting or injecting malicious web content, with user interaction required to visit the affected content. No public exploit code or active exploitation has been confirmed (EPSS 0.08% indicates minimal real-world exploitation activity to date).
Denial-of-service vulnerability in Apple's WebKit engine affects Safari, iOS, iPadOS, macOS, tvOS, visionOS, and watchOS through improper memory handling during web content processing. Local attackers without authentication can trigger this vulnerability via crafted web content to cause application crashes. Vendor-released patches are available across all affected platforms; EPSS score of 0.02% indicates minimal real-world exploitation likelihood despite the moderate CVSS 6.2 rating.
Memory corruption in Apple's WebKit browser engine across Safari 18.x, iOS/iPadOS 18.x, macOS Sequoia 15.x, and other Apple operating systems allows remote attackers to achieve arbitrary code execution via maliciously crafted web content requiring only user interaction (visiting a malicious webpage). With CVSS 8.8 (High), the vulnerability enables complete system compromise (high confidentiality, integrity, and availability impact) but carries relatively low real-world exploitation probability (EPSS 0.10%, 27th percentile). No public exploit identified at time of analysis, and vendor-released patches are available across all affected platforms as of July-August 2025.
WebKit memory corruption in Safari 18.6 and multiple Apple platforms allows remote code execution when processing maliciously crafted web content, exploited in the wild as a zero-day.
Memory corruption in WebKit browser engine allows remote code execution across Apple's ecosystem (Safari 18.6, iOS/iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6) when users interact with maliciously crafted web content. The vulnerability stems from improper memory handling (CWE-119 buffer overflow) and requires no authentication but user interaction to trigger. EPSS score of 0.10% (26th percentile) indicates low observed exploitation probability, and no public exploit identified at time of analysis, though the CVSS 8.8 rating reflects the potential for complete system compromise if successfully exploited.
A vulnerability in the Linux kernel's HID (Human Interface Device) core subsystem allows local attackers with low privileges to bypass input validation checks when interacting with HID devices. The flaw occurs because certain code paths directly call low-level transport driver functions instead of using the hid_hw_raw_request() function, which performs critical buffer and length validation. With an EPSS score of only 0.01% and no known exploitation in the wild, this represents a local privilege escalation risk primarily concerning systems with untrusted local users.
Linux kernel RAS (Reliability, Availability, Serviceability) header validation in the AMD GPU driver (amdgpu) lacks input sanitization, allowing a local authenticated attacker to trigger denial of service through excessive memory allocation when reading corrupted EEPROM data. The vulnerability affects all Linux kernel versions with the vulnerable amdgpu driver code path and requires local access with standard user privileges. No public exploit code has been identified; the EPSS score of 0.02% (5th percentile) indicates low real-world exploitation probability despite the moderate CVSS 5.5 rating.
A null pointer dereference vulnerability exists in the Linux kernel's interrupt simulation (genirq/irq_sim) subsystem where uninitialized pointers in the work context can be dereferenced, leading to kernel denial of service. The vulnerability affects Linux kernel versions including 6.16-rc1 and 6.16-rc2, and potentially earlier stable releases. A local attacker with unprivileged user privileges can trigger a kernel crash by invoking interrupt simulation functionality, causing system unavailability. Patches are available from the Linux kernel stable repositories, and exploitation probability is low (EPSS 0.02%, percentile 6%) despite the moderate CVSS score of 5.5.
A null pointer dereference vulnerability exists in the AMD display driver within the Linux kernel, where the dce_hwseq structure is accessed without proper null checking in the dce110_blank_stream function. The vulnerability affects Linux kernel versions up to 6.16-rc2 and could allow a local attacker with low privileges to cause a system crash or potentially execute arbitrary code with kernel privileges. With an EPSS score of only 0.02% and no known active exploitation, this represents a low real-world risk despite the high CVSS score.
Path traversal in Vim's zip.vim plugin prior to version 9.1.1551 allows local attackers to overwrite arbitrary files when a user opens a specially crafted zip archive, potentially enabling arbitrary command execution if sensitive files or privileged locations are targeted. The vulnerability requires direct user interaction (opening a malicious zip file in Vim) and has low real-world impact due to high attack complexity and local attack vector, though publicly available exploit code exists. EPSS exploitation probability is minimal at 0.03% (7th percentile), reflecting the friction imposed by user interaction requirements.
AIOHTTP versions prior to 3.12.14 contain a request smuggling vulnerability in the Python parser that fails to properly parse HTTP trailer sections, allowing attackers to bypass firewalls and proxy protections when the pure Python implementation is used. This vulnerability affects deployments running AIOHTTP without C extensions or with AIOHTTP_NO_EXTENSIONS enabled, enabling HTTP request smuggling attacks with high integrity impact. The vulnerability has a CVSS score of 7.5 (High) and is unauthenticated, network-accessible, and requires no user interaction.
A remote code execution vulnerability in versions (CVSS 7.4). Risk factors: public PoC available. Vendor patch is available.
CVE-2025-53015 is a denial-of-service vulnerability in ImageMagick versions prior to 7.1.2-0 that causes infinite loops during XMP file conversion operations. An unauthenticated attacker can trigger this vulnerability remotely by submitting a maliciously crafted XMP file, resulting in resource exhaustion and service unavailability. The vulnerability has a CVSS score of 7.5 (High) due to its network-exploitable nature and availability impact, though it does not affect confidentiality or integrity.
A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account is needed as it's required to place the malicious policy file properly.
Apache Jackrabbit versions prior to 2.23.2 contain blind XXE (XML External Entity) vulnerabilities in jackrabbit-spi-commons and jackrabbit-core components due to unsafe XML document parsing when loading privilege definitions. An authenticated attacker with low privileges can exploit this to achieve high-impact confidentiality, integrity, and availability compromise. The vulnerability requires user authentication (PR:L) but has no interaction requirement and affects all systems regardless of scope.
In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* pgsql and pdo_pgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid.
A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.
A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.
In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 when parsing XML data in SOAP extensions, overly large (>2Gb) XML namespace prefix may lead to null pointer dereference. This may lead to crashes and affect the availability of the target server.
CVE-2025-24294 is a Denial of Service vulnerability in DNS packet parsing libraries (specifically the resolv library) caused by insufficient validation of decompressed domain name lengths. An attacker can send a crafted DNS packet with a highly compressed domain name that, when decompressed, consumes excessive CPU resources without limit, causing the parsing thread to become unresponsive. The vulnerability affects any application using the vulnerable resolv library and has a CVSS score of 7.5 (high severity); real-world exploitation probability and active exploitation status cannot be confirmed without EPSS score and KEV data.
GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file's name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of "Member name contains '..'" that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain "x -> ../../../../../home/victim/.ssh" and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal. This can also affect software installation processes in which "tar xf" is run more than once (e.g., when installing a package can automatically install two dependencies that are set up as untrusted tarballs instead of official packages). NOTE: the official GNU Tar manual has an otherwise-empty directory for each "tar xf" in its Security Rules of Thumb; however, third-party advice leads users to run "tar xf" more than once into the same directory.
Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError could cause an application to stop. Users are recommended to upgrade to version 3.18.0, which fixes the issue.
A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically within the DonutProcessor class's `token2json()` method. This vulnerability affects versions 4.50.3 and earlier, and is fixed in version 4.52.1. The issue arises from the regex pattern `<s_(.*?)>` which can be exploited to cause excessive CPU consumption through crafted input strings due to catastrophic backtracking. This vulnerability can lead to service disruption, resource exhaustion, and potential API service vulnerabilities, impacting document processing tasks using the Donut model.
Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. NOTE: this is independent of the Gson 2.11.0 issue because the Connect2id product could have checked the JSON object nesting depth, regardless of what limits (if any) were imposed by Gson.
A remote code execution vulnerability (CVSS 7.5). High severity vulnerability requiring prompt remediation.
CVE-2025-52520 is an integer overflow vulnerability in Apache Tomcat's multipart upload handling that allows unauthenticated remote attackers to bypass size limits and trigger denial of service. The vulnerability affects Tomcat versions 11.0.0-M1 through 11.0.8, 10.1.0-M1 through 10.1.42, 9.0.0.M1 through 9.0.106, and EOL version 8.5.0 through 8.5.100, requiring only network access with no authentication. With a CVSS score of 7.5 (High severity) and an attack vector rated as Network/Low complexity, this represents a significant availability risk for unpatched deployments.
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Multiple secret-dependent branches have been identified in the reference implementation of the HQC key encapsulation mechanism when it is compiled with Clang for optimization levels above -O0 (-O1, -O2, etc). A proof-of-concept local attack exploits this secret-dependent information to recover the entire secret key. This vulnerability is fixed in 0.14.0.
Apache Tomcat contains a race condition vulnerability in the APR/Native connector that can be triggered during concurrent HTTP/2 connection handling, particularly when clients initiate connection closes. The vulnerability affects Tomcat 9.0.0.M1 through 9.0.106 (and EOL versions 8.5.0-8.5.100), allowing remote unauthenticated attackers to cause denial of service through improper synchronization of shared resources. With a CVSS score of 7.5 and network-accessible attack vector requiring no authentication, this represents a high-severity availability impact, though no active public exploitation has been confirmed.
CVE-2025-53020 is a late release of memory after effective lifetime vulnerability (use-after-free) in Apache HTTP Server versions 2.4.17 through 2.4.63 that allows unauthenticated remote attackers to cause denial of service with high availability impact. The vulnerability has a CVSS score of 7.5 (high severity) with network-accessible attack vector and low attack complexity, making it easily exploitable without authentication. Affected organizations running vulnerable Apache HTTP Server versions should prioritize upgrading to version 2.4.64 immediately.
CVE-2025-49812 is an HTTP request smuggling/desynchronization vulnerability in Apache HTTP Server's mod_ssl that allows man-in-the-middle attackers to hijack HTTPS sessions by exploiting improper handling of TLS upgrades. Only Apache HTTP Server versions through 2.4.63 with 'SSLEngine optional' configurations are affected, enabling session hijacking with high confidentiality and integrity impact. The vulnerability requires network-level access and careful timing but does not require user interaction or privileges; upgrade to 2.4.64 (which removes TLS upgrade support entirely) is the recommended mitigation.
CVE-2025-49630 is a denial of service vulnerability in Apache HTTP Server versions 2.4.26 through 2.4.63 that can be triggered by untrusted remote clients when a reverse proxy is configured with HTTP/2 backend support and ProxyPreserveHost enabled, causing an assertion failure that crashes the proxy process. The vulnerability has a CVSS score of 7.5 (High) with network-accessible attack vector and no authentication required, making it immediately exploitable by unauthenticated remote attackers.
CVE-2025-23048 is an authentication bypass vulnerability in Apache HTTP Server 2.4.35-2.4.63 affecting mod_ssl configurations with multiple virtual hosts using different client certificate restrictions. An attacker with valid client certificates trusted by one virtual host can exploit TLS 1.3 session resumption to access another restricted virtual host if SSLStrictSNIVHostCheck is not enabled, achieving unauthorized access to confidential information and potentially modifying data. This is a network-accessible vulnerability with no authentication required and high real-world impact.
CVE-2024-47252 is a security vulnerability (CVSS 7.5). High severity vulnerability requiring prompt remediation.
CVE-2024-43394 is a Server-Side Request Forgery (SSRF) vulnerability in Apache HTTP Server on Windows (versions 2.4.0-2.4.63) that allows unauthenticated remote attackers to leak NTLM credential hashes to malicious servers through unvalidated request input processed by mod_rewrite or Apache expressions. The vulnerability exploits Windows SMB/UNC path handling to trigger NTLM authentication, potentially compromising domain credentials. This is a high-severity issue affecting all default Windows installations without explicit UNC path filtering.
CVE-2024-43204 is a Server-Side Request Forgery (SSRF) vulnerability in Apache HTTP Server when mod_proxy is loaded, allowing unauthenticated attackers to initiate outbound proxy requests to attacker-controlled URLs. The vulnerability requires an uncommon configuration where mod_headers is used to modify Content-Type headers based on user-supplied HTTP request values. Apache recommends immediate upgrade to version 2.4.64 to remediate this high-integrity-impact issue.
HTTP response splitting vulnerability in Apache HTTP Server core allows network-based attackers without authentication to inject arbitrary HTTP headers and content into responses by manipulating Content-Type headers in proxied or hosted applications, potentially enabling cache poisoning, session hijacking, or XSS attacks. Affects Apache HTTP Server versions prior to 2.4.64, with a critical note that the initial patch in 2.4.59 was incomplete. This is a regression/incomplete fix of CVE-2023-38709, indicating patch evasion and suggesting active exploitation interest.
A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().
CVE-2025-7365 is an account takeover vulnerability in Keycloak affecting authenticated users during IdP-initiated account merging workflows. An attacker with valid authentication can manipulate the account merge process to change an email address to match a victim's email, triggering a verification email to the victim that lacks sender attribution-enabling phishing. Successful exploitation grants the attacker full account access to the victim's Keycloak account with high confidentiality, integrity, and availability impact (CVSS 7.1). No public POC or active KEV status has been confirmed at this time, but the attack requires low technical complexity and user interaction (clicking a verification link).
A remote code execution vulnerability in Git GUI (CVSS 8.5) that allows you. High severity vulnerability requiring prompt remediation.
CVE-2025-27614 is a command injection vulnerability in Gitk (Git's Tcl/Tk history browser) affecting versions 2.41.0 through 2.50.0 that allows arbitrary script execution with user privileges through specially crafted repository filenames. An attacker can exploit this via social engineering by tricking a user into invoking 'gitk filename' where the filename is maliciously structured to execute attacker-supplied scripts (shell, Perl, Python, etc.). With a CVSS score of 8.6 and no privilege requirement, this poses significant real-world risk for developers who clone untrusted repositories.
A vulnerability in the DocugamiReader class of the run-llama/llama_index repository, up to version 0.12.28, involves the use of MD5 hashing to generate IDs for document chunks. This approach leads to hash collisions when structurally distinct chunks contain identical text, resulting in one chunk overwriting another. This can cause loss of semantically or legally important document content, breakage of parent-child chunk hierarchies, and inaccurate or hallucinated responses in AI outputs. The issue is resolved in version 0.3.1.
CVE-2025-38348 is a buffer overflow vulnerability in the Linux kernel's p54 WiFi driver (wifi: p54) that allows a malicious or compromised USB device to trigger a memory overflow in the p54_rx_eeprom_readback() function by sending a crafted eeprom_readback message with an inflated length value. An attacker with local access and low privileges can cause denial of service or potentially execute code with kernel privileges; however, exploitation requires the device to first upload vendor firmware (proprietary and not widely distributed), which significantly limits real-world attack surface. The vulnerability is not currently tracked as actively exploited in CISA KEV catalog.
CVE-2025-38347 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.
CVE-2025-38346 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.
Shared Access Signature token is not masked in the backup configuration response and is also exposed in the yb_backup logs. Rated medium severity (CVSS 6.8). No vendor patch available.
A vulnerability was determined in LibTIFF up to 4.5.1. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
YugabyteDB diagnostic information was transmitted over HTTP, which could expose sensitive data during transmission. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
YugabyteDB has been collecting diagnostics information from YugabyteDB servers, which may include sensitive gflag configurations. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btnxpuart: Resolve TX timeout error in power save stress test This fixes the tx timeout issue seen while running a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
A vulnerability, which was classified as problematic, was found in GNU libopts up to 27.6. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in libxml2 up to 2.14.5. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
skops is a Python library which helps users share and ship their scikit-learn based models. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
ruby-jwt v3.0.0.beta1 was discovered to contain weak encryption. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A null pointer dereference vulnerability exists in GStreamer's subparse plugin, specifically in the tmplayer_parse_line function when processing malformed subtitle files. This affects GStreamer through version 1.26.1 and can be triggered by an unauthenticated attacker over the network with moderate complexity, resulting in application crash (denial of service) and potential information disclosure. A public proof-of-concept exploit is available, but the EPSS score of 0.09% (25th percentile) indicates relatively low real-world exploitation probability despite POC availability.
A NULL pointer dereference vulnerability exists in GStreamer's subparse plugin, specifically in the subrip_unescape_formatting function, which can crash applications when processing maliciously crafted or malformed subtitle files. GStreamer versions through 1.26.1 are affected, and the vulnerability is exploitable through local attack vectors requiring user interaction to open a subtitle file. A public proof-of-concept is available, though the low EPSS score of 0.03% (7th percentile) suggests limited real-world exploitation likelihood despite the availability of exploit code.
GStreamer's subparse plugin contains a stack-based buffer overflow in the parse_subrip_time function that allows attackers to write data past buffer boundaries, resulting in application crashes and potential information disclosure. Affected versions through 1.26.1 are vulnerable when processing specially crafted subtitle files. A proof-of-concept exploit is publicly available, and while the EPSS score of 0.07% suggests low exploitation probability overall, the availability of working exploit code elevates practical risk for systems processing untrusted subtitle content.
A heap buffer over-read vulnerability exists in GStreamer's isomp4 plugin that allows reading past allocated memory boundaries when parsing specially crafted MP4 files. This affects GStreamer through version 1.26.1 and can lead to information disclosure of heap memory contents. A public proof-of-concept exploit is available, though the EPSS score of 0.09% suggests relatively low exploitation likelihood in the wild.
A heap buffer over-read vulnerability exists in GStreamer's isomp4 plugin (qtdemux_parse_tree function) when parsing MP4 files, affecting versions through 1.26.1. The vulnerability allows local attackers with user-level privileges who can trick a user into opening a malicious MP4 file to disclose sensitive heap memory contents and potentially cause application crashes. Publicly available proof-of-concept code exists, and while the EPSS score of 0.02% indicates low exploitation probability overall, the presence of public exploits and the information disclosure capability warrant prompt patching.
Operator-SDK before version 0.15.2 scaffolds operator container images with an insecure user_setup script that leaves the /etc/passwd file with group-writable permissions (mode 664) and root group ownership, enabling any non-root container user who is a member of the root group to modify /etc/passwd and add arbitrary users with UID 0, achieving full container root compromise. Developers who used affected versions to build operators may still be deploying vulnerable container images if the insecure script persists in their build pipelines. The vulnerability carries a CVSS score of 6.4 with high complexity and high privilege requirements (CVSS:3.1/AV:L/AC:H/PR:H), but an EPSS score of 0.01% indicates minimal real-world exploitation likelihood; no public exploit code or active exploitation has been confirmed.
Cancelling a query (e.g. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required.
openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers (ACRH) header whose value contains many commas. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability was found in Keycloak-services. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A Regular Expression Denial of Service (ReDoS) vulnerability exists in the Hugging Face Transformers library, specifically in the `convert_tf_weight_name_to_pt_weight_name()` function. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Vault and Vault Enterprise’s (“Vault”) ldap auth method may not have correctly enforced MFA if username_as_alias was set to true and a user had multiple CNs that are equal but with leading or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
OpenJPEG is an open-source JPEG 2000 codec. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
Russh is a Rust SSH client & server library. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
A flaw was found in the Ansible aap-gateway. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.
Grafana is an open-source platform for monitoring and observability. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In iperf before 3.19.1, net.c has a buffer overflow when --skip-rx-copy is used (for MSG_TRUNC in recv). Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required.
In iperf before 3.19.1, iperf_auth.c has an off-by-one error and resultant heap-based buffer overflow. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required.
Traefik is an HTTP reverse proxy and load balancer. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.
Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as [+trusted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Vault and Vault Enterprise’s (“Vault”) login MFA rate limits could be bypassed and TOTP tokens could be reused. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Vault and Vault Enterprise’s (“Vault”) TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity period. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Vault and Vault Enterprise’s (“Vault”) user lockout feature could be bypassed for Userpass and LDAP authentication methods. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A privileged Vault operator within the root namespace with write permission to {{sys/audit}} may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s token privileges to Vault’s root policy. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Squid is a caching proxy for the Web. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
jose v6.0.10 was discovered to contain weak encryption. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Out-of-bounds read in Apple Safari and system WebKit implementations allows local attackers to disclose internal application state by processing maliciously crafted web content, affecting Safari 18.5 and earlier, iOS 18.5 and earlier, iPadOS 18.5 and earlier, macOS Sequoia 15.5 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. The vulnerability requires local access and user interaction but poses information disclosure risk with CVSS 4.0 and EPSS 0.02% (very low exploitation probability); no public exploit code or active exploitation has been identified.
Safari and macOS contain a logic flaw that allows incorrect association of a download's origin, potentially disclosing information about file provenance to local attackers. The vulnerability affects Safari 18.6 and earlier, plus macOS Sequoia 15.6 and earlier, and requires local access (no authentication needed) to exploit. This is a low-exploitation-probability issue (EPSS 0.03%) with no confirmed active exploitation or public POC at time of analysis.
Address bar spoofing in Apple Safari, iOS, and iPadOS allows remote attackers to deceive users about the website they are visiting through malicious web content, exploiting a user interface flaw that fails to adequately distinguish legitimate from spoofed address bar information. The vulnerability affects Safari before version 18.6, iOS before 18.6, and iPadOS before 18.6, and requires user interaction to visit a malicious site. No public exploit code or active exploitation has been confirmed; the EPSS score of 0.04% reflects low real-world exploitation probability despite the network attack vector.
Information disclosure vulnerability in WebKit across Apple's ecosystem allows unauthenticated remote attackers to extract sensitive user information through maliciously crafted web content. The flaw affects Safari 18.x, iOS/iPadOS 18.x, macOS Sequoia 15.x, tvOS 18.x, visionOS 2.x, and watchOS 11.x, stemming from improper state management (CWE-359). Despite a CVSS score of 7.5, real-world exploitation risk remains relatively low with 0.13% EPSS probability and no public exploit identified at time of analysis. Vendor-released patches are available across all affected platforms.
Safari and Apple operating systems contain a use-after-free vulnerability in web content processing that causes unexpected application crashes when users visit maliciously crafted websites. The flaw affects Safari 18.5 and earlier, iOS 18.5 and earlier, iPadOS 18.5 and earlier (also iPadOS 17.7.8 and earlier), macOS Sequoia 15.5 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. Remote attackers can trigger a denial-of-service condition requiring only user interaction to visit a malicious page, with no elevated privileges required. Apple has released patches for all affected platforms; the EPSS score of 0.10% (28th percentile) indicates low real-world exploitation probability despite the accessibility of the attack vector.
Safari and related Apple platforms crash when processing maliciously crafted web content due to improper memory handling in a buffer overflow condition (CWE-119). The vulnerability affects Safari 18.5 and earlier, iOS 18.5 and earlier, iPadOS 18.5 and earlier, macOS Sequoia 15.5 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. An unauthenticated remote attacker can trigger denial of service by hosting or injecting malicious web content that causes an unexpected browser crash. No public exploit code or active exploitation has been confirmed at time of analysis, though the low EPSS score (0.15%) suggests minimal real-world exploitation likelihood despite the moderate CVSS 6.5 severity.
Safari and Apple platform web content processing crashes due to a buffer overflow vulnerability when handling maliciously crafted web content. Affects Safari 18.5 and earlier, iOS 18.5 and earlier, iPadOS 18.5 and earlier, macOS Sequoia 15.5 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. Unauthenticated remote attackers can trigger a denial of service by enticing users to visit a malicious webpage, resulting in application crash with no data theft or code execution capability. No public exploit identified at time of analysis; EPSS score of 0.12% indicates low real-world exploitation probability despite moderate CVSS rating.
Safari and related Apple platforms crash when processing maliciously crafted web content due to a memory handling vulnerability (buffer overflow). Affects Safari 18.5 and earlier, iOS 18.5 and earlier, iPadOS 18.5 and earlier, macOS Sequoia 15.5 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. An unauthenticated remote attacker can trigger a denial of service by hosting or injecting malicious web content, with user interaction required to visit the affected content. No public exploit code or active exploitation has been confirmed (EPSS 0.08% indicates minimal real-world exploitation activity to date).
Denial-of-service vulnerability in Apple's WebKit engine affects Safari, iOS, iPadOS, macOS, tvOS, visionOS, and watchOS through improper memory handling during web content processing. Local attackers without authentication can trigger this vulnerability via crafted web content to cause application crashes. Vendor-released patches are available across all affected platforms; EPSS score of 0.02% indicates minimal real-world exploitation likelihood despite the moderate CVSS 6.2 rating.
Memory corruption in Apple's WebKit browser engine across Safari 18.x, iOS/iPadOS 18.x, macOS Sequoia 15.x, and other Apple operating systems allows remote attackers to achieve arbitrary code execution via maliciously crafted web content requiring only user interaction (visiting a malicious webpage). With CVSS 8.8 (High), the vulnerability enables complete system compromise (high confidentiality, integrity, and availability impact) but carries relatively low real-world exploitation probability (EPSS 0.10%, 27th percentile). No public exploit identified at time of analysis, and vendor-released patches are available across all affected platforms as of July-August 2025.
WebKit memory corruption in Safari 18.6 and multiple Apple platforms allows remote code execution when processing maliciously crafted web content, exploited in the wild as a zero-day.
Memory corruption in WebKit browser engine allows remote code execution across Apple's ecosystem (Safari 18.6, iOS/iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6) when users interact with maliciously crafted web content. The vulnerability stems from improper memory handling (CWE-119 buffer overflow) and requires no authentication but user interaction to trigger. EPSS score of 0.10% (26th percentile) indicates low observed exploitation probability, and no public exploit identified at time of analysis, though the CVSS 8.8 rating reflects the potential for complete system compromise if successfully exploited.
A vulnerability in the Linux kernel's HID (Human Interface Device) core subsystem allows local attackers with low privileges to bypass input validation checks when interacting with HID devices. The flaw occurs because certain code paths directly call low-level transport driver functions instead of using the hid_hw_raw_request() function, which performs critical buffer and length validation. With an EPSS score of only 0.01% and no known exploitation in the wild, this represents a local privilege escalation risk primarily concerning systems with untrusted local users.
Linux kernel RAS (Reliability, Availability, Serviceability) header validation in the AMD GPU driver (amdgpu) lacks input sanitization, allowing a local authenticated attacker to trigger denial of service through excessive memory allocation when reading corrupted EEPROM data. The vulnerability affects all Linux kernel versions with the vulnerable amdgpu driver code path and requires local access with standard user privileges. No public exploit code has been identified; the EPSS score of 0.02% (5th percentile) indicates low real-world exploitation probability despite the moderate CVSS 5.5 rating.
A null pointer dereference vulnerability exists in the Linux kernel's interrupt simulation (genirq/irq_sim) subsystem where uninitialized pointers in the work context can be dereferenced, leading to kernel denial of service. The vulnerability affects Linux kernel versions including 6.16-rc1 and 6.16-rc2, and potentially earlier stable releases. A local attacker with unprivileged user privileges can trigger a kernel crash by invoking interrupt simulation functionality, causing system unavailability. Patches are available from the Linux kernel stable repositories, and exploitation probability is low (EPSS 0.02%, percentile 6%) despite the moderate CVSS score of 5.5.
A null pointer dereference vulnerability exists in the AMD display driver within the Linux kernel, where the dce_hwseq structure is accessed without proper null checking in the dce110_blank_stream function. The vulnerability affects Linux kernel versions up to 6.16-rc2 and could allow a local attacker with low privileges to cause a system crash or potentially execute arbitrary code with kernel privileges. With an EPSS score of only 0.02% and no known active exploitation, this represents a low real-world risk despite the high CVSS score.
Path traversal in Vim's zip.vim plugin prior to version 9.1.1551 allows local attackers to overwrite arbitrary files when a user opens a specially crafted zip archive, potentially enabling arbitrary command execution if sensitive files or privileged locations are targeted. The vulnerability requires direct user interaction (opening a malicious zip file in Vim) and has low real-world impact due to high attack complexity and local attack vector, though publicly available exploit code exists. EPSS exploitation probability is minimal at 0.03% (7th percentile), reflecting the friction imposed by user interaction requirements.
AIOHTTP versions prior to 3.12.14 contain a request smuggling vulnerability in the Python parser that fails to properly parse HTTP trailer sections, allowing attackers to bypass firewalls and proxy protections when the pure Python implementation is used. This vulnerability affects deployments running AIOHTTP without C extensions or with AIOHTTP_NO_EXTENSIONS enabled, enabling HTTP request smuggling attacks with high integrity impact. The vulnerability has a CVSS score of 7.5 (High) and is unauthenticated, network-accessible, and requires no user interaction.
A remote code execution vulnerability in versions (CVSS 7.4). Risk factors: public PoC available. Vendor patch is available.
CVE-2025-53015 is a denial-of-service vulnerability in ImageMagick versions prior to 7.1.2-0 that causes infinite loops during XMP file conversion operations. An unauthenticated attacker can trigger this vulnerability remotely by submitting a maliciously crafted XMP file, resulting in resource exhaustion and service unavailability. The vulnerability has a CVSS score of 7.5 (High) due to its network-exploitable nature and availability impact, though it does not affect confidentiality or integrity.
A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account is needed as it's required to place the malicious policy file properly.
Apache Jackrabbit versions prior to 2.23.2 contain blind XXE (XML External Entity) vulnerabilities in jackrabbit-spi-commons and jackrabbit-core components due to unsafe XML document parsing when loading privilege definitions. An authenticated attacker with low privileges can exploit this to achieve high-impact confidentiality, integrity, and availability compromise. The vulnerability requires user authentication (PR:L) but has no interaction requirement and affects all systems regardless of scope.
In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* pgsql and pdo_pgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid.
A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.
A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.
In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 when parsing XML data in SOAP extensions, overly large (>2Gb) XML namespace prefix may lead to null pointer dereference. This may lead to crashes and affect the availability of the target server.
CVE-2025-24294 is a Denial of Service vulnerability in DNS packet parsing libraries (specifically the resolv library) caused by insufficient validation of decompressed domain name lengths. An attacker can send a crafted DNS packet with a highly compressed domain name that, when decompressed, consumes excessive CPU resources without limit, causing the parsing thread to become unresponsive. The vulnerability affects any application using the vulnerable resolv library and has a CVSS score of 7.5 (high severity); real-world exploitation probability and active exploitation status cannot be confirmed without EPSS score and KEV data.
GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file's name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of "Member name contains '..'" that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain "x -> ../../../../../home/victim/.ssh" and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal. This can also affect software installation processes in which "tar xf" is run more than once (e.g., when installing a package can automatically install two dependencies that are set up as untrusted tarballs instead of official packages). NOTE: the official GNU Tar manual has an otherwise-empty directory for each "tar xf" in its Security Rules of Thumb; however, third-party advice leads users to run "tar xf" more than once into the same directory.
Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError could cause an application to stop. Users are recommended to upgrade to version 3.18.0, which fixes the issue.
A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically within the DonutProcessor class's `token2json()` method. This vulnerability affects versions 4.50.3 and earlier, and is fixed in version 4.52.1. The issue arises from the regex pattern `<s_(.*?)>` which can be exploited to cause excessive CPU consumption through crafted input strings due to catastrophic backtracking. This vulnerability can lead to service disruption, resource exhaustion, and potential API service vulnerabilities, impacting document processing tasks using the Donut model.
Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. NOTE: this is independent of the Gson 2.11.0 issue because the Connect2id product could have checked the JSON object nesting depth, regardless of what limits (if any) were imposed by Gson.
A remote code execution vulnerability (CVSS 7.5). High severity vulnerability requiring prompt remediation.
CVE-2025-52520 is an integer overflow vulnerability in Apache Tomcat's multipart upload handling that allows unauthenticated remote attackers to bypass size limits and trigger denial of service. The vulnerability affects Tomcat versions 11.0.0-M1 through 11.0.8, 10.1.0-M1 through 10.1.42, 9.0.0.M1 through 9.0.106, and EOL version 8.5.0 through 8.5.100, requiring only network access with no authentication. With a CVSS score of 7.5 (High severity) and an attack vector rated as Network/Low complexity, this represents a significant availability risk for unpatched deployments.
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Multiple secret-dependent branches have been identified in the reference implementation of the HQC key encapsulation mechanism when it is compiled with Clang for optimization levels above -O0 (-O1, -O2, etc). A proof-of-concept local attack exploits this secret-dependent information to recover the entire secret key. This vulnerability is fixed in 0.14.0.
Apache Tomcat contains a race condition vulnerability in the APR/Native connector that can be triggered during concurrent HTTP/2 connection handling, particularly when clients initiate connection closes. The vulnerability affects Tomcat 9.0.0.M1 through 9.0.106 (and EOL versions 8.5.0-8.5.100), allowing remote unauthenticated attackers to cause denial of service through improper synchronization of shared resources. With a CVSS score of 7.5 and network-accessible attack vector requiring no authentication, this represents a high-severity availability impact, though no active public exploitation has been confirmed.
CVE-2025-53020 is a late release of memory after effective lifetime vulnerability (use-after-free) in Apache HTTP Server versions 2.4.17 through 2.4.63 that allows unauthenticated remote attackers to cause denial of service with high availability impact. The vulnerability has a CVSS score of 7.5 (high severity) with network-accessible attack vector and low attack complexity, making it easily exploitable without authentication. Affected organizations running vulnerable Apache HTTP Server versions should prioritize upgrading to version 2.4.64 immediately.
CVE-2025-49812 is an HTTP request smuggling/desynchronization vulnerability in Apache HTTP Server's mod_ssl that allows man-in-the-middle attackers to hijack HTTPS sessions by exploiting improper handling of TLS upgrades. Only Apache HTTP Server versions through 2.4.63 with 'SSLEngine optional' configurations are affected, enabling session hijacking with high confidentiality and integrity impact. The vulnerability requires network-level access and careful timing but does not require user interaction or privileges; upgrade to 2.4.64 (which removes TLS upgrade support entirely) is the recommended mitigation.
CVE-2025-49630 is a denial of service vulnerability in Apache HTTP Server versions 2.4.26 through 2.4.63 that can be triggered by untrusted remote clients when a reverse proxy is configured with HTTP/2 backend support and ProxyPreserveHost enabled, causing an assertion failure that crashes the proxy process. The vulnerability has a CVSS score of 7.5 (High) with network-accessible attack vector and no authentication required, making it immediately exploitable by unauthenticated remote attackers.
CVE-2025-23048 is an authentication bypass vulnerability in Apache HTTP Server 2.4.35-2.4.63 affecting mod_ssl configurations with multiple virtual hosts using different client certificate restrictions. An attacker with valid client certificates trusted by one virtual host can exploit TLS 1.3 session resumption to access another restricted virtual host if SSLStrictSNIVHostCheck is not enabled, achieving unauthorized access to confidential information and potentially modifying data. This is a network-accessible vulnerability with no authentication required and high real-world impact.
CVE-2024-47252 is a security vulnerability (CVSS 7.5). High severity vulnerability requiring prompt remediation.
CVE-2024-43394 is a Server-Side Request Forgery (SSRF) vulnerability in Apache HTTP Server on Windows (versions 2.4.0-2.4.63) that allows unauthenticated remote attackers to leak NTLM credential hashes to malicious servers through unvalidated request input processed by mod_rewrite or Apache expressions. The vulnerability exploits Windows SMB/UNC path handling to trigger NTLM authentication, potentially compromising domain credentials. This is a high-severity issue affecting all default Windows installations without explicit UNC path filtering.
CVE-2024-43204 is a Server-Side Request Forgery (SSRF) vulnerability in Apache HTTP Server when mod_proxy is loaded, allowing unauthenticated attackers to initiate outbound proxy requests to attacker-controlled URLs. The vulnerability requires an uncommon configuration where mod_headers is used to modify Content-Type headers based on user-supplied HTTP request values. Apache recommends immediate upgrade to version 2.4.64 to remediate this high-integrity-impact issue.
HTTP response splitting vulnerability in Apache HTTP Server core allows network-based attackers without authentication to inject arbitrary HTTP headers and content into responses by manipulating Content-Type headers in proxied or hosted applications, potentially enabling cache poisoning, session hijacking, or XSS attacks. Affects Apache HTTP Server versions prior to 2.4.64, with a critical note that the initial patch in 2.4.59 was incomplete. This is a regression/incomplete fix of CVE-2023-38709, indicating patch evasion and suggesting active exploitation interest.
A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().
CVE-2025-7365 is an account takeover vulnerability in Keycloak affecting authenticated users during IdP-initiated account merging workflows. An attacker with valid authentication can manipulate the account merge process to change an email address to match a victim's email, triggering a verification email to the victim that lacks sender attribution-enabling phishing. Successful exploitation grants the attacker full account access to the victim's Keycloak account with high confidentiality, integrity, and availability impact (CVSS 7.1). No public POC or active KEV status has been confirmed at this time, but the attack requires low technical complexity and user interaction (clicking a verification link).
A remote code execution vulnerability in Git GUI (CVSS 8.5) that allows you. High severity vulnerability requiring prompt remediation.
CVE-2025-27614 is a command injection vulnerability in Gitk (Git's Tcl/Tk history browser) affecting versions 2.41.0 through 2.50.0 that allows arbitrary script execution with user privileges through specially crafted repository filenames. An attacker can exploit this via social engineering by tricking a user into invoking 'gitk filename' where the filename is maliciously structured to execute attacker-supplied scripts (shell, Perl, Python, etc.). With a CVSS score of 8.6 and no privilege requirement, this poses significant real-world risk for developers who clone untrusted repositories.
A vulnerability in the DocugamiReader class of the run-llama/llama_index repository, up to version 0.12.28, involves the use of MD5 hashing to generate IDs for document chunks. This approach leads to hash collisions when structurally distinct chunks contain identical text, resulting in one chunk overwriting another. This can cause loss of semantically or legally important document content, breakage of parent-child chunk hierarchies, and inaccurate or hallucinated responses in AI outputs. The issue is resolved in version 0.3.1.
CVE-2025-38348 is a buffer overflow vulnerability in the Linux kernel's p54 WiFi driver (wifi: p54) that allows a malicious or compromised USB device to trigger a memory overflow in the p54_rx_eeprom_readback() function by sending a crafted eeprom_readback message with an inflated length value. An attacker with local access and low privileges can cause denial of service or potentially execute code with kernel privileges; however, exploitation requires the device to first upload vendor firmware (proprietary and not widely distributed), which significantly limits real-world attack surface. The vulnerability is not currently tracked as actively exploited in CISA KEV catalog.
CVE-2025-38347 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.
CVE-2025-38346 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.