Skip to main content

Red Hat

8625 CVEs vendor

Monthly

CVE-2025-71118 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ACPICA: Avoid walking the Namespace if start_node is NULL Although commit 0c9992315e73 ("ACPICA: Avoid walking the ACPI Namespace if it is not there") fixed the situation when both start_node and acpi_gbl_root_node are NULL, the Linux kernel mainline now still crashed on Honor Magicbook 14 Pro [1].

Linux Null Pointer Dereference Denial Of Service Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-71117 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: block: Remove queue freezing from several sysfs store callbacks Freezing the request queue from inside sysfs store callbacks may cause a deadlock in combination with the dm-multipath driver and the queue_if_no_path option.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71116 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: libceph: make decode_pool() more resilient against corrupted osdmaps If the osdmap is (maliciously) corrupted such that the encoded length of ceph_pg_pool envelope is less than what is expected for a particular encoding version, out-of-bounds reads may ensue because the only bounds check that is there is based on that length value.

Linux Buffer Overflow Information Disclosure Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-71115 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: um: init cpu_tasks[] earlier This is currently done in uml_finishsetup(), but e.g. with KCOV enabled we'll crash because some init code can call into e.g.

Linux Denial Of Service Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71111 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: hwmon: (w83791d) Convert macros to functions to avoid TOCTOU The macro FAN_FROM_REG evaluates its arguments multiple times.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
4.7
EPSS
0.1%
CVE-2025-71110 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: mm/slub: reset KASAN tag in defer_free() before accessing freed memory When CONFIG_SLUB_TINY is enabled, kfree_nolock() calls kasan_slab_free() before defer_free().

Linux Use After Free Information Disclosure Memory Corruption Linux Kernel +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-71109 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: MIPS: ftrace: Fix memory corruption when kernel is located beyond 32 bits Since commit e424054000878 ("MIPS: Tracing: Reduce the overhead of dynamic Function Tracer"), the macro UASM_i_LA_mostly has been used, and this macro can generate more than 2 instructions.

Linux Buffer Overflow Memory Corruption Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71108 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Handle incorrect num_connectors capability The UCSI spec states that the num_connectors field is 7 bits, and the 8th bit is reserved and should be set to zero.

Linux Lenovo Information Disclosure Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-71107 MEDIUM POC PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: f2fs: ensure node page reads complete before f2fs_put_super() finishes Xfstests generic/335, generic/336 sometimes crash with the following message: F2FS-fs (dm-0): detect filesystem reference count leak during umount, type: 9, count: 1 ------------[ cut here ]------------ kernel BUG at fs/f2fs/super.c:1939!

Linux Debian Denial Of Service Null Pointer Dereference Linux Kernel +2
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71106 MEDIUM POC PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: fs: PM: Fix reverse check in filesystems_freeze_callback() The freeze_all_ptr check in filesystems_freeze_callback() introduced by commit a3f8f8662771 ("power: always freeze efivarfs") is reverse which quite confusingly causes all file systems to be frozen when filesystem_freeze_enabled is false.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71105 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: f2fs: use global inline_xattr_slab instead of per-sb slab cache As Hong Yun reported in mailing list: loop7: detected capacity change from 0 to 131072 ------------[ cut here ]------------ kmem_cache of name 'f2fs_xattr_entry-7:7' already exists WARNING: CPU: 0 PID: 24426 at mm/slab_common.c:110 kmem_cache_sanity_check mm/slab_common.c:109 [inline] WARNING: CPU: 0 PID: 24426 at mm/slab_common.c:110 __kmem_cache_create_args+0xa6/0x320 mm/slab_common.c:307 CPU: 0 UID: 0 PID: 24426 Comm: syz.7.1370 Not tainted 6.17.0-rc4 #1 PREEMPT(full) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 RIP: 0010:kmem_cache_sanity_check mm/slab_common.c:109 [inline] RIP: 0010:__kmem_cache_create_args+0xa6/0x320 mm/slab_common.c:307 Call Trace:  __kmem_cache_create include/linux/slab.h:353 [inline]  f2fs_kmem_cache_create fs/f2fs/f2fs.h:2943 [inline]  f2fs_init_xattr_caches+0xa5/0xe0 fs/f2fs/xattr.c:843  f2fs_fill_super+0x1645/0x2620 fs/f2fs/super.c:4918  get_tree_bdev_flags+0x1fb/0x260 fs/super.c:1692  vfs_get_tree+0x43/0x140 fs/super.c:1815  do_new_mount+0x201/0x550 fs/namespace.c:3808  do_mount fs/namespace.c:4136 [inline]  __do_sys_mount fs/namespace.c:4347 [inline]  __se_sys_mount+0x298/0x2f0 fs/namespace.c:4324  do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]  do_syscall_64+0x8e/0x3a0 arch/x86/entry/syscall_64.c:94  entry_SYSCALL_64_after_hwframe+0x76/0x7e The bug can be reproduced w/ below scripts: - mount /dev/vdb /mnt1 - mount /dev/vdc /mnt2 - umount /mnt1 - mounnt /dev/vdb /mnt1 The reason is if we created two slab caches, named f2fs_xattr_entry-7:3 and f2fs_xattr_entry-7:7, and they have the same slab size.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-71103 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/msm: adreno: fix deferencing ifpc_reglist when not declared On plaforms with an a7xx GPU not supporting IFPC, the ifpc_reglist if still deferenced in a7xx_patch_pwrup_reglist() which causes a kernel crash: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 ...

Linux Null Pointer Dereference Denial Of Service Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71102 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: scs: fix a wrong parameter in __scs_magic __scs_magic() needs a 'void *' variable, but a 'struct task_struct *' is given.

Linux Denial Of Service Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-56226 MEDIUM POC PATCH This Month

Libsndfile <=1.2.2 contains a memory leak vulnerability in the mpeg_l3_encoder_init() function within the mpeg_l3_encode.c file. [CVSS 5.3 MEDIUM]

Denial Of Service Libsndfile Red Hat Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-66169 Maven MEDIUM PATCH This Month

Cypher Injection vulnerability in Apache Camel camel-neo4j component. This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0 Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0. [CVSS 5.3 MEDIUM]

Apache Camel Red Hat
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-0716 MEDIUM PATCH This Month

Libsoup WebSocket implementations with unset maximum payload size limits are vulnerable to out-of-bounds memory reads during frame processing, potentially exposing sensitive data or causing application crashes. This vulnerability affects applications using non-default WebSocket configurations and requires no user interaction or authentication to exploit. No patch is currently available.

Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
4.8
EPSS
0.1%
CVE-2026-0543 MEDIUM This Month

Kibana's Email Connector fails to properly validate email address parameters, allowing authenticated users with view-level privileges to trigger excessive resource allocation and crash the service. An attacker can exploit this input validation flaw by submitting a specially crafted email address to cause complete denial of service, requiring manual service restart to restore availability for all users. No patch is currently available.

Code Injection Kibana Red Hat
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-0531 MEDIUM This Month

Kibana Fleet is vulnerable to denial of service through uncontrolled resource allocation when processing specially crafted bulk retrieval requests, allowing authenticated users with viewer-level privileges to exhaust server memory and crash the application. An attacker can trigger redundant database operations that consume resources without limits, rendering the service unavailable to all users. No patch is currently available for this vulnerability.

Denial Of Service Kibana Red Hat
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-0530 MEDIUM This Month

Kibana Fleet fails to limit resource allocation when processing specially crafted requests, allowing authenticated attackers to trigger excessive CPU and memory consumption that degrades or completely disables the service. The vulnerability affects Kibana deployments where users have authentication access, and no patch is currently available to remediate the issue.

Denial Of Service Kibana Red Hat
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-22791 MEDIUM POC PATCH This Month

openCryptoki is a PKCS#11 library and tools for Linux and AIX. [CVSS 6.6 MEDIUM]

Linux Buffer Overflow Opencryptoki Red Hat Suse
NVD GitHub
CVSS 3.1
6.6
EPSS
0.0%
CVE-2025-71101 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing The hp_populate_*_elements_from_package() functions in the hp-bioscfg driver contain out-of-bounds array access vulnerabilities.

Linux HP Buffer Overflow Information Disclosure Linux Kernel +2
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-71100 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() TID getting from ieee80211_get_tid() might be out of range of array size of sta_entry->tids[], so check TID is less than MAX_TID_COUNT.

Linux Buffer Overflow Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-71099 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fix potential UAF in xe_oa_add_config_ioctl() In xe_oa_add_config_ioctl(), we accessed oa_config->id after dropping metrics_lock.

Linux Use After Free Information Disclosure Memory Corruption Linux Kernel +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-71096 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly The netlink response for RDMA_NL_LS_OP_IP_RESOLVE should always have a LS_NLA_TYPE_DGID attribute, it is invalid if it does not.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-71094 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: usb: asix: validate PHY address before use The ASIX driver reads the PHY address from the USB device via asix_read_phy_addr().

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-71093 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: e1000: fix OOB in e1000_tbi_should_accept() In e1000_tbi_should_accept() we read the last byte of the frame via 'data[length - 1]' to evaluate the TBI workaround.

Linux Information Disclosure Buffer Overflow Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-71092 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Fix OOB write in bnxt_re_copy_err_stats() Commit ef56081d1864 ("RDMA/bnxt_re: RoCE related hardware counters update") added three new counters and placed them after BNXT_RE_OUT_OF_SEQ_ERR.

Linux Buffer Overflow Memory Corruption Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-71091 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: team: fix check for port enabled in team_queue_override_port_prio_changed() There has been a syzkaller bug reported recently with the following trace: list_del corruption, ffff888058bea080->prev is LIST_POISON2 (dead000000000122) ------------[ cut here ]------------ kernel BUG at lib/list_debug.c:59!

Linux Debian Information Disclosure Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-71090 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix nfsd_file reference leak in nfsd4_add_rdaccess_to_wrdeleg() nfsd4_add_rdaccess_to_wrdeleg() unconditionally overwrites fp->fi_fds[O_RDONLY] with a newly acquired nfsd_file.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71089 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: iommu: disable SVA when CONFIG_X86 is set Patch series "Fix stale IOTLB entries for kernel address space", v7. This proposes a fix for a security vulnerability related to IOMMU Shared Virtual Addressing (SVA). [CVSS 7.8 HIGH]

Linux Privilege Escalation Red Hat Suse
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-71087 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: iavf: fix off-by-one issues in iavf_config_rss_reg() There are off-by-one bugs when configuring RSS hash key and lookup table, causing out-of-bounds reads to memory [1] and out-of-bounds writes to device registers.

Linux Debian Buffer Overflow Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-71084 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: RDMA/cm: Fix leaking the multicast GID table reference If the CM ID is destroyed while the CM event for multicast creating is still queued the cancel_work_sync() will prevent the work from running which also prevents destroying the ah_attr.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-71083 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Avoid NULL pointer deref for evicted BOs It is possible for a BO to exist that is not currently associated with a resource, e.g. because it has been evicted.

Linux Null Pointer Dereference Denial Of Service Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-71082 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: revert use of devm_kzalloc in btusb This reverts commit 98921dbd00c4e ("Bluetooth: Use devm_kzalloc in btusb.c file"). In btusb_probe(), we use devm_kzalloc() to allocate the btusb data.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-71081 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ASoC: stm32: sai: fix OF node leak on probe The reference taken to the sync provider OF node when probing the platform device is currently only dropped if the set_sync() callback fails during DAI probe.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71080 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT On PREEMPT_RT kernels, after rt6_get_pcpu_route() returns NULL, the current task can be preempted.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71078 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: powerpc/64s/slb: Fix SLB multihit issue during SLB preload On systems using the hash MMU, there is a software SLB preload cache that mirrors the entries loaded into the hardware SLB buffer.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-71077 MEDIUM PATCH This Month

CVE-2025-71077 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-71076 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Limit num_syncs to prevent oversized allocations The OA open parameters did not validate num_syncs, allowing userspace to pass arbitrarily large values, potentially leading to excessive allocations.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71074 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: functionfs: fix the open/removal races ffs_epfile_open() can race with removal, ending up with file->private_data pointing to freed object.

Linux Information Disclosure Race Condition Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-71073 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: Input: lkkbd - disable pending work before freeing device lkkbd_interrupt() schedules lk->tq via schedule_work(), and the work handler lkkbd_reinit() dereferences the lkkbd structure and its serio/input_dev fields.

Linux Use After Free Information Disclosure Memory Corruption Linux Kernel +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-71072 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: shmem: fix recovery on rename failures maple_tree insertions can fail if we are seriously short on memory; simple_offset_rename() does not recover well if it runs into that. The same goes for simple_offset_rename_exchange().

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71071 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: fix use-after-free on probe deferral The driver is dropping the references taken to the larb devices during probe after successful lookup as well as on errors.

Linux Use After Free Mediatek Memory Corruption Information Disclosure +3
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-71068 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: svcrdma: bound check rq_pages index in inline path svc_rdma_copy_inline_range indexed rqstp->rq_pages[rc_curpage] without verifying rc_curpage stays within the allocated page array.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-68817 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency Under high concurrency, A tree-connection object (tcon) is freed on a disconnect path while another path still holds a reference and later executes *_put()/write on it. [CVSS 7.8 HIGH]

Linux Use After Free Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-12548 CRITICAL POC PATCH Act Now

Eclipse Che che-machine-exec exposes an unauthenticated JSON-RPC/WebSocket API on port 3333 that allows remote command execution and secret exfiltration from other users' developer workspace containers.

SSH Authentication Bypass Red Hat
NVD
CVSS 3.1
9.0
EPSS
0.3%
CVE-2026-22801 MEDIUM PATCH This Month

Libpng versions 1.6.26 through 1.6.53 contain an integer truncation flaw in the simplified write API functions that triggers a heap buffer over-read when processing images with negative row strides or strides exceeding 65535 bytes. Local attackers can exploit this to read sensitive heap memory, potentially disclosing application data. No patch is currently available; users should avoid processing untrusted PNG images with these vulnerable libpng versions.

Buffer Overflow Libpng Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-22695 MEDIUM POC PATCH This Month

Libpng versions 1.6.51-1.6.53 contain a heap buffer over-read in the simplified API function png_image_finish_read when processing interlaced 16-bit PNG images with 8-bit output and non-minimal row stride, allowing local attackers to read out-of-bounds memory through a malicious image file. Public exploit code exists for this regression, which was introduced by a previous security fix. Upgrade to version 1.6.54 to remediate.

Buffer Overflow Libpng Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-22772 Go MEDIUM POC PATCH This Month

Fulcio versions prior to 1.8.5 allow unauthenticated attackers to bypass MetaIssuer URL validation through unanchored regex patterns, enabling blind SSRF attacks against internal services. Although the vulnerability is limited to read-only GET requests with no response exfiltration, attackers can probe internal networks to discover active services and infrastructure. Public exploit code exists for this medium-severity issue, and a patch is available in version 1.8.5.

SSRF Fulcio Red Hat Suse
NVD GitHub
CVSS 3.1
5.8
EPSS
0.0%
CVE-2026-22776 HIGH POC PATCH This Week

cpp-httplib versions prior to 0.30.1 are vulnerable to denial of service attacks due to insufficient validation of decompressed HTTP request body sizes. An unauthenticated remote attacker can send a malicious gzip or brotli-compressed request that decompresses to an arbitrarily large payload in memory, exhausting server resources. Public exploit code exists for this vulnerability, and a patch is available in version 0.30.1 and later.

Denial Of Service Cpp Httplib Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-68471 MEDIUM POC PATCH This Month

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending 2 unsolicited announcements with CNAME resource records 2 seconds apart. [CVSS 6.5 MEDIUM]

Denial Of Service Avahi Red Hat Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-68468 MEDIUM PATCH This Month

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending unsolicited announcements containing CNAME resource records pointing it to resource records with short TTLs. [CVSS 6.5 MEDIUM]

Denial Of Service Avahi Red Hat Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-68276 MEDIUM PATCH This Month

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, an unprivileged local users can crash avahi-daemon (with wide-area disabled) by creating record browsers with the AVAHI_LOOKUP_USE_WIDE_AREA flag set via D-Bus. [CVSS 5.5 MEDIUM]

Denial Of Service Avahi Red Hat Suse
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-22773 PyPI MEDIUM POC PATCH This Month

Vllm versions up to 0.12.0 is affected by allocation of resources without limits or throttling (CVSS 6.5).

Denial Of Service AI / ML Vllm Red Hat
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-22703 Go MEDIUM POC PATCH This Month

Cosign's bundle verification mechanism fails to properly validate that embedded Rekor entries reference the correct artifact digest, signature, and public key, allowing an attacker with a compromised signing identity to forge valid bundles and bypass transparency log verification. A malicious actor could exploit this to create counterfeit signatures that pass validation checks, affecting users relying on Cosign for container and binary code signing verification. Public exploit code exists for this vulnerability; patches are available in versions 2.6.2 and 3.0.4.

Authentication Bypass Cosign Red Hat Suse
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-22702 PyPI MEDIUM PATCH This Month

Virtualenv versions up to 20.36.1 is affected by improper link resolution before file access (CVSS 4.5).

Python Race Condition Virtualenv Red Hat Suse
NVD GitHub
CVSS 3.1
4.5
EPSS
0.0%
CVE-2026-22701 PyPI MEDIUM PATCH This Month

Python's filelock SoftFileLock implementation prior to version 3.20.3 contains a TOCTOU race condition that allows local attackers with symlink creation privileges to interfere with lock file operations between permission validation and file creation. An attacker can exploit this window to create a symlink at the target lock path, causing lock operations to fail or redirect to unintended files, resulting in denial of service or unexpected behavior. Upgrade to filelock version 3.20.3 or later to remediate this vulnerability.

Python Denial Of Service Race Condition Filelock Red Hat +1
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-22693 MEDIUM POC PATCH This Month

HarfBuzz text shaping engine versions prior to 12.3.0 crash when the SubtableUnicodesCache::create function attempts to dereference a null pointer returned by failed memory allocation, enabling denial of service in applications processing untrusted font data. Public exploit code exists for this vulnerability. A patch is available in version 12.3.0 and later.

Null Pointer Dereference Harfbuzz Red Hat Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-22691 PyPI MEDIUM PATCH This Month

pypdf versions prior to 6.6.0 are vulnerable to denial of service through CPU exhaustion when processing malformed PDF files with crafted startxref entries in non-strict reading mode. An attacker can create a specially crafted PDF containing excessive whitespace that causes the library to consume significant processing resources during cross-reference table reconstruction. A patch is available in version 6.6.0 and later.

Python Pypdf Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-22690 PyPI MEDIUM PATCH This Month

Denial of service via resource exhaustion in pypdf prior to version 6.6.0 allows remote attackers to trigger excessive processing times by submitting specially crafted PDF files with missing /Root objects and inflated /Size values. The vulnerability only affects non-strict parsing mode and causes the library to consume significant CPU resources when processing otherwise invalid documents. A patch is available in version 6.6.0 and later.

Python Pypdf Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-22030 npm MEDIUM PATCH This Month

React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. [CVSS 6.5 MEDIUM]

React CSRF React Router Red Hat Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-68470 npm MEDIUM PATCH This Month

React-Router versions up to 6.30.1 is affected by url redirection to untrusted site (open redirect) (CVSS 6.5).

React React Router Red Hat
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-46299 MEDIUM PATCH This Month

A memory initialization issue was addressed with improved memory handling. This issue is fixed in tvOS 26.2, Safari 26.2, watchOS 26.2, visionOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. [CVSS 4.3 MEDIUM]

Apple Authentication Bypass Red Hat Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-69195 HIGH PATCH This Week

A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. [CVSS 7.6 HIGH]

Buffer Overflow Stack Overflow Memory Corruption Denial Of Service Wget2 +2
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2025-69194 HIGH PATCH This Week

A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink <file name> elements. [CVSS 8.8 HIGH]

Path Traversal Wget2 Red Hat Suse
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-14505 npm MEDIUM This Month

The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of 'k' (as computed based on step 3.2 of RFC 6979 https://datatracker.ietf.org/doc/html/rfc6979 ) has leading zeros and is susceptible to cryptanalysis, which can lead to secret key exposure. [CVSS 5.6 MEDIUM]

Information Disclosure Red Hat
NVD GitHub HeroDevs
CVSS 3.1
5.6
EPSS
0.0%
CVE-2025-68158 PyPI MEDIUM POC PATCH This Month

Authlib is a Python library which builds OAuth and OpenID Connect servers. [CVSS 5.7 MEDIUM]

Python CSRF Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-68151 Go HIGH PATCH This Week

CoreDNS is a DNS server that chains plugins. Prior to version 1.14.0, multiple CoreDNS server implementations (gRPC, HTTPS, and HTTP/3) lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many concurrent connections, streams, or sending oversized request bodies. The issue is similar in nature to CVE-2025-47950 (QUIC DoS) but affects additional server types that do not enforce connection limits, stream limit...

DNS Denial Of Service Coredns Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-22028 npm MEDIUM POC PATCH This Month

HTML injection in Preact and React through unsafe JSON deserialization allows remote attackers to inject arbitrary scripts when applications pass unsanitized user-controlled data as component children, with public exploit code already available. The vulnerability stems from a regression in Preact 10.26.5 that weakened protections against constructing Virtual DOM elements from malicious JSON payloads. Affected applications are vulnerable if they consume unvalidated external data without sanitization and lack additional mitigations like Content Security Policy.

React Preact Red Hat Suse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-21895 Cargo MEDIUM PATCH This Month

The RSA crate versions prior to 0.9.10 crash when constructing private keys with invalid prime components (such as 1), allowing an attacker to trigger a denial of service by providing malformed key material. This affects applications using the vulnerable RSA library for cryptographic operations. A patch is available in version 0.9.10 and later.

Industrial Rsa Red Hat Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-14025 HIGH PATCH This Week

A flaw was found in Ansible Automation Platform (AAP). Read-only scoped OAuth2 API Tokens in AAP, are enforced at the Gateway level for Gateway-specific operations. [CVSS 8.5 HIGH]

Information Disclosure Red Hat
NVD
CVSS 3.1
8.5
EPSS
0.0%
CVE-2025-15079 MEDIUM POC PATCH This Month

When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file. [CVSS 5.3 MEDIUM]

SSH Information Disclosure Curl Suse Red Hat
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-14819 MEDIUM PATCH This Month

When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. [CVSS 5.3 MEDIUM]

TLS Curl Suse Red Hat
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-14524 MEDIUM POC PATCH This Month

When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host. [CVSS 5.3 MEDIUM]

LDAP Curl Suse Red Hat
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-14017 MEDIUM PATCH This Month

When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. [CVSS 6.3 MEDIUM]

TLS LDAP Curl Red Hat Suse
NVD VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-13034 MEDIUM PATCH This Month

When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey` with the curl tool,curl should check the public key of the server certificate to verify the peer. [CVSS 5.9 MEDIUM]

Authentication Bypass Curl Suse Red Hat
NVD VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-21883 PyPI MEDIUM POC PATCH This Month

Bokeh versions 3.8.1 and below allow attackers to bypass Origin validation in WebSocket connections by registering domains that suffix-match allowlisted domains (e.g., dashboard.corp.attacker.com for allowlist entry dashboard.corp), enabling unauthorized server interaction. Public exploit code exists for this vulnerability, which could allow attackers to access sensitive data or modify visualizations on behalf of victims. The issue is resolved in Bokeh 3.8.2.

Python Bokeh Red Hat Suse
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-21869 HIGH POC This Week

Llama.cpp server endpoints fail to validate the n_discard parameter from JSON input, allowing negative values that trigger out-of-bounds memory writes when the context buffer fills. This memory corruption vulnerability affects LLM inference operations and can be exploited remotely without authentication to crash the service or achieve code execution; public exploit code exists and no patch is currently available.

RCE Memory Corruption Denial Of Service AI / ML Llama.Cpp +2
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-13151 HIGH PATCH This Week

Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string. [CVSS 7.5 HIGH]

Buffer Overflow Stack Overflow Libtasn1 Red Hat Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-0669 HIGH POC PATCH This Week

The MediaWiki CSS extension in versions 1.39, 1.43, and 1.44 contains a path traversal vulnerability that allows unauthenticated remote attackers to read arbitrary files from the server. Public exploit code exists for this vulnerability, enabling attackers to access sensitive information outside the intended directory restrictions. A patch is available and should be applied immediately to affected installations.

Mediawiki Path Traversal Css Red Hat
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-0668 MEDIUM POC PATCH This Month

Visualdata versions up to - is affected by inefficient regular expression complexity (redos) (CVSS 5.3).

Mediawiki Visualdata Red Hat
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-66560 Maven MEDIUM PATCH This Month

Quarkus is a Cloud Native, (Linux) Container First framework for writing Java applications. Prior to versions 3.31.0, 3.27.2, and 3.20.5, a vulnerability exists in the HTTP layer of Quarkus REST related to response handling. When a response is being written, the framework waits for previously written response chunks to be fully transmitted before proceeding. If the client connection is dropped during this waiting period, the associated worker thread is never released and becomes permanently b...

Linux Java Quarkus Red Hat
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-15444 CRITICAL PATCH Act Now

Crypt::Sodium::XS for Perl bundles a vulnerable version of libsodium (<= 1.0.20) that has a signature verification flaw. In atypical use cases with custom cryptography, this can compromise data authenticity guarantees. Patch available.

Information Disclosure Red Hat Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-69230 PyPI MEDIUM PATCH This Month

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, reading multiple invalid cookies can lead to a logging storm. [CVSS 5.3 MEDIUM]

Python Aiohttp Red Hat Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-69229 PyPI MEDIUM PATCH This Month

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, handling of chunked messages can result in excessive blocking CPU usage when receiving a large number of chunks. [CVSS 5.3 MEDIUM]

Python Denial Of Service Aiohttp Red Hat Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-69228 PyPI HIGH PATCH This Week

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a request to be crafted in such a way that an AIOHTTP server's memory fills up uncontrollably during processing. [CVSS 7.5 HIGH]

Python Aiohttp Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-69227 PyPI HIGH PATCH This Week

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow for an infinite loop to occur when assert statements are bypassed, resulting in a DoS attack when processing a POST body. [CVSS 7.5 HIGH]

Python Denial Of Service Aiohttp Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-69225 PyPI MEDIUM PATCH This Month

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser logic which allows non-ASCII decimals to be present in the Range header. [CVSS 5.3 MEDIUM]

Python Aiohttp Red Hat Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-69226 PyPI MEDIUM PATCH This Month

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path traversal. [CVSS 5.3 MEDIUM]

Python Path Traversal Aiohttp Red Hat Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-69224 PyPI MEDIUM PATCH This Month

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below of the Python HTTP parser may allow a request smuggling attack with the presence of non-ASCII characters. [CVSS 6.5 MEDIUM]

Python Aiohttp Red Hat Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ACPICA: Avoid walking the Namespace if start_node is NULL Although commit 0c9992315e73 ("ACPICA: Avoid walking the ACPI Namespace if it is not there") fixed the situation when both start_node and acpi_gbl_root_node are NULL, the Linux kernel mainline now still crashed on Honor Magicbook 14 Pro [1].

Linux Null Pointer Dereference Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: block: Remove queue freezing from several sysfs store callbacks Freezing the request queue from inside sysfs store callbacks may cause a deadlock in combination with the dm-multipath driver and the queue_if_no_path option.

Linux Information Disclosure Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: libceph: make decode_pool() more resilient against corrupted osdmaps If the osdmap is (maliciously) corrupted such that the encoded length of ceph_pg_pool envelope is less than what is expected for a particular encoding version, out-of-bounds reads may ensue because the only bounds check that is there is based on that length value.

Linux Buffer Overflow Information Disclosure +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: um: init cpu_tasks[] earlier This is currently done in uml_finishsetup(), but e.g. with KCOV enabled we'll crash because some init code can call into e.g.

Linux Denial Of Service Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: hwmon: (w83791d) Convert macros to functions to avoid TOCTOU The macro FAN_FROM_REG evaluates its arguments multiple times.

Linux Information Disclosure Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: mm/slub: reset KASAN tag in defer_free() before accessing freed memory When CONFIG_SLUB_TINY is enabled, kfree_nolock() calls kasan_slab_free() before defer_free().

Linux Use After Free Information Disclosure +4
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: MIPS: ftrace: Fix memory corruption when kernel is located beyond 32 bits Since commit e424054000878 ("MIPS: Tracing: Reduce the overhead of dynamic Function Tracer"), the macro UASM_i_LA_mostly has been used, and this macro can generate more than 2 instructions.

Linux Buffer Overflow Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Handle incorrect num_connectors capability The UCSI spec states that the num_connectors field is 7 bits, and the 8th bit is reserved and should be set to zero.

Linux Lenovo Information Disclosure +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: f2fs: ensure node page reads complete before f2fs_put_super() finishes Xfstests generic/335, generic/336 sometimes crash with the following message: F2FS-fs (dm-0): detect filesystem reference count leak during umount, type: 9, count: 1 ------------[ cut here ]------------ kernel BUG at fs/f2fs/super.c:1939!

Linux Debian Denial Of Service +4
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: fs: PM: Fix reverse check in filesystems_freeze_callback() The freeze_all_ptr check in filesystems_freeze_callback() introduced by commit a3f8f8662771 ("power: always freeze efivarfs") is reverse which quite confusingly causes all file systems to be frozen when filesystem_freeze_enabled is false.

Linux Information Disclosure Linux Kernel +2
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: f2fs: use global inline_xattr_slab instead of per-sb slab cache As Hong Yun reported in mailing list: loop7: detected capacity change from 0 to 131072 ------------[ cut here ]------------ kmem_cache of name 'f2fs_xattr_entry-7:7' already exists WARNING: CPU: 0 PID: 24426 at mm/slab_common.c:110 kmem_cache_sanity_check mm/slab_common.c:109 [inline] WARNING: CPU: 0 PID: 24426 at mm/slab_common.c:110 __kmem_cache_create_args+0xa6/0x320 mm/slab_common.c:307 CPU: 0 UID: 0 PID: 24426 Comm: syz.7.1370 Not tainted 6.17.0-rc4 #1 PREEMPT(full) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 RIP: 0010:kmem_cache_sanity_check mm/slab_common.c:109 [inline] RIP: 0010:__kmem_cache_create_args+0xa6/0x320 mm/slab_common.c:307 Call Trace:  __kmem_cache_create include/linux/slab.h:353 [inline]  f2fs_kmem_cache_create fs/f2fs/f2fs.h:2943 [inline]  f2fs_init_xattr_caches+0xa5/0xe0 fs/f2fs/xattr.c:843  f2fs_fill_super+0x1645/0x2620 fs/f2fs/super.c:4918  get_tree_bdev_flags+0x1fb/0x260 fs/super.c:1692  vfs_get_tree+0x43/0x140 fs/super.c:1815  do_new_mount+0x201/0x550 fs/namespace.c:3808  do_mount fs/namespace.c:4136 [inline]  __do_sys_mount fs/namespace.c:4347 [inline]  __se_sys_mount+0x298/0x2f0 fs/namespace.c:4324  do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]  do_syscall_64+0x8e/0x3a0 arch/x86/entry/syscall_64.c:94  entry_SYSCALL_64_after_hwframe+0x76/0x7e The bug can be reproduced w/ below scripts: - mount /dev/vdb /mnt1 - mount /dev/vdc /mnt2 - umount /mnt1 - mounnt /dev/vdb /mnt1 The reason is if we created two slab caches, named f2fs_xattr_entry-7:3 and f2fs_xattr_entry-7:7, and they have the same slab size.

Linux Information Disclosure Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/msm: adreno: fix deferencing ifpc_reglist when not declared On plaforms with an a7xx GPU not supporting IFPC, the ifpc_reglist if still deferenced in a7xx_patch_pwrup_reglist() which causes a kernel crash: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 ...

Linux Null Pointer Dereference Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: scs: fix a wrong parameter in __scs_magic __scs_magic() needs a 'void *' variable, but a 'struct task_struct *' is given.

Linux Denial Of Service Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

Libsndfile <=1.2.2 contains a memory leak vulnerability in the mpeg_l3_encoder_init() function within the mpeg_l3_encode.c file. [CVSS 5.3 MEDIUM]

Denial Of Service Libsndfile Red Hat +1
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Cypher Injection vulnerability in Apache Camel camel-neo4j component. This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0 Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0. [CVSS 5.3 MEDIUM]

Apache Camel Red Hat
NVD
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Libsoup WebSocket implementations with unset maximum payload size limits are vulnerable to out-of-bounds memory reads during frame processing, potentially exposing sensitive data or causing application crashes. This vulnerability affects applications using non-default WebSocket configurations and requires no user interaction or authentication to exploit. No patch is currently available.

Denial Of Service Red Hat Suse
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Kibana's Email Connector fails to properly validate email address parameters, allowing authenticated users with view-level privileges to trigger excessive resource allocation and crash the service. An attacker can exploit this input validation flaw by submitting a specially crafted email address to cause complete denial of service, requiring manual service restart to restore availability for all users. No patch is currently available.

Code Injection Kibana Red Hat
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Kibana Fleet is vulnerable to denial of service through uncontrolled resource allocation when processing specially crafted bulk retrieval requests, allowing authenticated users with viewer-level privileges to exhaust server memory and crash the application. An attacker can trigger redundant database operations that consume resources without limits, rendering the service unavailable to all users. No patch is currently available for this vulnerability.

Denial Of Service Kibana Red Hat
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Kibana Fleet fails to limit resource allocation when processing specially crafted requests, allowing authenticated attackers to trigger excessive CPU and memory consumption that degrades or completely disables the service. The vulnerability affects Kibana deployments where users have authentication access, and no patch is currently available to remediate the issue.

Denial Of Service Kibana Red Hat
NVD
EPSS 0% CVSS 6.6
MEDIUM POC PATCH This Month

openCryptoki is a PKCS#11 library and tools for Linux and AIX. [CVSS 6.6 MEDIUM]

Linux Buffer Overflow Opencryptoki +2
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing The hp_populate_*_elements_from_package() functions in the hp-bioscfg driver contain out-of-bounds array access vulnerabilities.

Linux HP Buffer Overflow +4
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() TID getting from ieee80211_get_tid() might be out of range of array size of sta_entry->tids[], so check TID is less than MAX_TID_COUNT.

Linux Buffer Overflow Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fix potential UAF in xe_oa_add_config_ioctl() In xe_oa_add_config_ioctl(), we accessed oa_config->id after dropping metrics_lock.

Linux Use After Free Information Disclosure +4
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly The netlink response for RDMA_NL_LS_OP_IP_RESOLVE should always have a LS_NLA_TYPE_DGID attribute, it is invalid if it does not.

Linux Information Disclosure Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: usb: asix: validate PHY address before use The ASIX driver reads the PHY address from the USB device via asix_read_phy_addr().

Linux Information Disclosure Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: e1000: fix OOB in e1000_tbi_should_accept() In e1000_tbi_should_accept() we read the last byte of the frame via 'data[length - 1]' to evaluate the TBI workaround.

Linux Information Disclosure Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Fix OOB write in bnxt_re_copy_err_stats() Commit ef56081d1864 ("RDMA/bnxt_re: RoCE related hardware counters update") added three new counters and placed them after BNXT_RE_OUT_OF_SEQ_ERR.

Linux Buffer Overflow Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: team: fix check for port enabled in team_queue_override_port_prio_changed() There has been a syzkaller bug reported recently with the following trace: list_del corruption, ffff888058bea080->prev is LIST_POISON2 (dead000000000122) ------------[ cut here ]------------ kernel BUG at lib/list_debug.c:59!

Linux Debian Information Disclosure +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix nfsd_file reference leak in nfsd4_add_rdaccess_to_wrdeleg() nfsd4_add_rdaccess_to_wrdeleg() unconditionally overwrites fp->fi_fds[O_RDONLY] with a newly acquired nfsd_file.

Linux Information Disclosure Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: iommu: disable SVA when CONFIG_X86 is set Patch series "Fix stale IOTLB entries for kernel address space", v7. This proposes a fix for a security vulnerability related to IOMMU Shared Virtual Addressing (SVA). [CVSS 7.8 HIGH]

Linux Privilege Escalation Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: iavf: fix off-by-one issues in iavf_config_rss_reg() There are off-by-one bugs when configuring RSS hash key and lookup table, causing out-of-bounds reads to memory [1] and out-of-bounds writes to device registers.

Linux Debian Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: RDMA/cm: Fix leaking the multicast GID table reference If the CM ID is destroyed while the CM event for multicast creating is still queued the cancel_work_sync() will prevent the work from running which also prevents destroying the ah_attr.

Linux Information Disclosure Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Avoid NULL pointer deref for evicted BOs It is possible for a BO to exist that is not currently associated with a resource, e.g. because it has been evicted.

Linux Null Pointer Dereference Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: revert use of devm_kzalloc in btusb This reverts commit 98921dbd00c4e ("Bluetooth: Use devm_kzalloc in btusb.c file"). In btusb_probe(), we use devm_kzalloc() to allocate the btusb data.

Linux Information Disclosure Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ASoC: stm32: sai: fix OF node leak on probe The reference taken to the sync provider OF node when probing the platform device is currently only dropped if the set_sync() callback fails during DAI probe.

Linux Information Disclosure Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT On PREEMPT_RT kernels, after rt6_get_pcpu_route() returns NULL, the current task can be preempted.

Linux Information Disclosure Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: powerpc/64s/slb: Fix SLB multihit issue during SLB preload On systems using the hash MMU, there is a software SLB preload cache that mirrors the entries loaded into the hardware SLB buffer.

Linux Information Disclosure Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

CVE-2025-71077 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Linux Information Disclosure Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Limit num_syncs to prevent oversized allocations The OA open parameters did not validate num_syncs, allowing userspace to pass arbitrarily large values, potentially leading to excessive allocations.

Linux Information Disclosure Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: functionfs: fix the open/removal races ffs_epfile_open() can race with removal, ending up with file->private_data pointing to freed object.

Linux Information Disclosure Race Condition +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: Input: lkkbd - disable pending work before freeing device lkkbd_interrupt() schedules lk->tq via schedule_work(), and the work handler lkkbd_reinit() dereferences the lkkbd structure and its serio/input_dev fields.

Linux Use After Free Information Disclosure +4
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: shmem: fix recovery on rename failures maple_tree insertions can fail if we are seriously short on memory; simple_offset_rename() does not recover well if it runs into that. The same goes for simple_offset_rename_exchange().

Linux Information Disclosure Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: fix use-after-free on probe deferral The driver is dropping the references taken to the larb devices during probe after successful lookup as well as on errors.

Linux Use After Free Mediatek +5
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: svcrdma: bound check rq_pages index in inline path svc_rdma_copy_inline_range indexed rqstp->rq_pages[rc_curpage] without verifying rc_curpage stays within the allocated page array.

Linux Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency Under high concurrency, A tree-connection object (tcon) is freed on a disconnect path while another path still holds a reference and later executes *_put()/write on it. [CVSS 7.8 HIGH]

Linux Use After Free Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 9.0
CRITICAL POC PATCH Act Now

Eclipse Che che-machine-exec exposes an unauthenticated JSON-RPC/WebSocket API on port 3333 that allows remote command execution and secret exfiltration from other users' developer workspace containers.

SSH Authentication Bypass Red Hat
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Libpng versions 1.6.26 through 1.6.53 contain an integer truncation flaw in the simplified write API functions that triggers a heap buffer over-read when processing images with negative row strides or strides exceeding 65535 bytes. Local attackers can exploit this to read sensitive heap memory, potentially disclosing application data. No patch is currently available; users should avoid processing untrusted PNG images with these vulnerable libpng versions.

Buffer Overflow Libpng Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 6.1
MEDIUM POC PATCH This Month

Libpng versions 1.6.51-1.6.53 contain a heap buffer over-read in the simplified API function png_image_finish_read when processing interlaced 16-bit PNG images with 8-bit output and non-minimal row stride, allowing local attackers to read out-of-bounds memory through a malicious image file. Public exploit code exists for this regression, which was introduced by a previous security fix. Upgrade to version 1.6.54 to remediate.

Buffer Overflow Libpng Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 5.8
MEDIUM POC PATCH This Month

Fulcio versions prior to 1.8.5 allow unauthenticated attackers to bypass MetaIssuer URL validation through unanchored regex patterns, enabling blind SSRF attacks against internal services. Although the vulnerability is limited to read-only GET requests with no response exfiltration, attackers can probe internal networks to discover active services and infrastructure. Public exploit code exists for this medium-severity issue, and a patch is available in version 1.8.5.

SSRF Fulcio Red Hat +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

cpp-httplib versions prior to 0.30.1 are vulnerable to denial of service attacks due to insufficient validation of decompressed HTTP request body sizes. An unauthenticated remote attacker can send a malicious gzip or brotli-compressed request that decompresses to an arbitrarily large payload in memory, exhausting server resources. Public exploit code exists for this vulnerability, and a patch is available in version 0.30.1 and later.

Denial Of Service Cpp Httplib Red Hat +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending 2 unsolicited announcements with CNAME resource records 2 seconds apart. [CVSS 6.5 MEDIUM]

Denial Of Service Avahi Red Hat +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending unsolicited announcements containing CNAME resource records pointing it to resource records with short TTLs. [CVSS 6.5 MEDIUM]

Denial Of Service Avahi Red Hat +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, an unprivileged local users can crash avahi-daemon (with wide-area disabled) by creating record browsers with the AVAHI_LOOKUP_USE_WIDE_AREA flag set via D-Bus. [CVSS 5.5 MEDIUM]

Denial Of Service Avahi Red Hat +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

Vllm versions up to 0.12.0 is affected by allocation of resources without limits or throttling (CVSS 6.5).

Denial Of Service AI / ML Vllm +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

Cosign's bundle verification mechanism fails to properly validate that embedded Rekor entries reference the correct artifact digest, signature, and public key, allowing an attacker with a compromised signing identity to forge valid bundles and bypass transparency log verification. A malicious actor could exploit this to create counterfeit signatures that pass validation checks, affecting users relying on Cosign for container and binary code signing verification. Public exploit code exists for this vulnerability; patches are available in versions 2.6.2 and 3.0.4.

Authentication Bypass Cosign Red Hat +1
NVD GitHub
EPSS 0% CVSS 4.5
MEDIUM PATCH This Month

Virtualenv versions up to 20.36.1 is affected by improper link resolution before file access (CVSS 4.5).

Python Race Condition Virtualenv +2
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Python's filelock SoftFileLock implementation prior to version 3.20.3 contains a TOCTOU race condition that allows local attackers with symlink creation privileges to interfere with lock file operations between permission validation and file creation. An attacker can exploit this window to create a symlink at the target lock path, causing lock operations to fail or redirect to unintended files, resulting in denial of service or unexpected behavior. Upgrade to filelock version 3.20.3 or later to remediate this vulnerability.

Python Denial Of Service Race Condition +3
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

HarfBuzz text shaping engine versions prior to 12.3.0 crash when the SubtableUnicodesCache::create function attempts to dereference a null pointer returned by failed memory allocation, enabling denial of service in applications processing untrusted font data. Public exploit code exists for this vulnerability. A patch is available in version 12.3.0 and later.

Null Pointer Dereference Harfbuzz Red Hat +1
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

pypdf versions prior to 6.6.0 are vulnerable to denial of service through CPU exhaustion when processing malformed PDF files with crafted startxref entries in non-strict reading mode. An attacker can create a specially crafted PDF containing excessive whitespace that causes the library to consume significant processing resources during cross-reference table reconstruction. A patch is available in version 6.6.0 and later.

Python Pypdf Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Denial of service via resource exhaustion in pypdf prior to version 6.6.0 allows remote attackers to trigger excessive processing times by submitting specially crafted PDF files with missing /Root objects and inflated /Size values. The vulnerability only affects non-strict parsing mode and causes the library to consume significant CPU resources when processing otherwise invalid documents. A patch is available in version 6.6.0 and later.

Python Pypdf Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. [CVSS 6.5 MEDIUM]

React CSRF React Router +2
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

React-Router versions up to 6.30.1 is affected by url redirection to untrusted site (open redirect) (CVSS 6.5).

React React Router Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

A memory initialization issue was addressed with improved memory handling. This issue is fixed in tvOS 26.2, Safari 26.2, watchOS 26.2, visionOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. [CVSS 4.3 MEDIUM]

Apple Authentication Bypass Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.6
HIGH PATCH This Week

A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. [CVSS 7.6 HIGH]

Buffer Overflow Stack Overflow Memory Corruption +4
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink <file name> elements. [CVSS 8.8 HIGH]

Path Traversal Wget2 Red Hat +1
NVD
EPSS 0% CVSS 5.6
MEDIUM This Month

The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of 'k' (as computed based on step 3.2 of RFC 6979 https://datatracker.ietf.org/doc/html/rfc6979 ) has leading zeros and is susceptible to cryptanalysis, which can lead to secret key exposure. [CVSS 5.6 MEDIUM]

Information Disclosure Red Hat
NVD GitHub HeroDevs
EPSS 0% CVSS 5.7
MEDIUM POC PATCH This Month

Authlib is a Python library which builds OAuth and OpenID Connect servers. [CVSS 5.7 MEDIUM]

Python CSRF Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

CoreDNS is a DNS server that chains plugins. Prior to version 1.14.0, multiple CoreDNS server implementations (gRPC, HTTPS, and HTTP/3) lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many concurrent connections, streams, or sending oversized request bodies. The issue is similar in nature to CVE-2025-47950 (QUIC DoS) but affects additional server types that do not enforce connection limits, stream limit...

DNS Denial Of Service Coredns +2
NVD GitHub VulDB
EPSS 0% CVSS 6.1
MEDIUM POC PATCH This Month

HTML injection in Preact and React through unsafe JSON deserialization allows remote attackers to inject arbitrary scripts when applications pass unsanitized user-controlled data as component children, with public exploit code already available. The vulnerability stems from a regression in Preact 10.26.5 that weakened protections against constructing Virtual DOM elements from malicious JSON payloads. Affected applications are vulnerable if they consume unvalidated external data without sanitization and lack additional mitigations like Content Security Policy.

React Preact Red Hat +1
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

The RSA crate versions prior to 0.9.10 crash when constructing private keys with invalid prime components (such as 1), allowing an attacker to trigger a denial of service by providing malformed key material. This affects applications using the vulnerable RSA library for cryptographic operations. A patch is available in version 0.9.10 and later.

Industrial Rsa Red Hat +1
NVD GitHub
EPSS 0% CVSS 8.5
HIGH PATCH This Week

A flaw was found in Ansible Automation Platform (AAP). Read-only scoped OAuth2 API Tokens in AAP, are enforced at the Gateway level for Gateway-specific operations. [CVSS 8.5 HIGH]

Information Disclosure Red Hat
NVD
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file. [CVSS 5.3 MEDIUM]

SSH Information Disclosure Curl +2
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. [CVSS 5.3 MEDIUM]

TLS Curl Suse +1
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host. [CVSS 5.3 MEDIUM]

LDAP Curl Suse +1
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. [CVSS 6.3 MEDIUM]

TLS LDAP Curl +2
NVD VulDB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey` with the curl tool,curl should check the public key of the server certificate to verify the peer. [CVSS 5.9 MEDIUM]

Authentication Bypass Curl Suse +1
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

Bokeh versions 3.8.1 and below allow attackers to bypass Origin validation in WebSocket connections by registering domains that suffix-match allowlisted domains (e.g., dashboard.corp.attacker.com for allowlist entry dashboard.corp), enabling unauthorized server interaction. Public exploit code exists for this vulnerability, which could allow attackers to access sensitive data or modify visualizations on behalf of victims. The issue is resolved in Bokeh 3.8.2.

Python Bokeh Red Hat +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

Llama.cpp server endpoints fail to validate the n_discard parameter from JSON input, allowing negative values that trigger out-of-bounds memory writes when the context buffer fills. This memory corruption vulnerability affects LLM inference operations and can be exploited remotely without authentication to crash the service or achieve code execution; public exploit code exists and no patch is currently available.

RCE Memory Corruption Denial Of Service +4
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string. [CVSS 7.5 HIGH]

Buffer Overflow Stack Overflow Libtasn1 +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

The MediaWiki CSS extension in versions 1.39, 1.43, and 1.44 contains a path traversal vulnerability that allows unauthenticated remote attackers to read arbitrary files from the server. Public exploit code exists for this vulnerability, enabling attackers to access sensitive information outside the intended directory restrictions. A patch is available and should be applied immediately to affected installations.

Mediawiki Path Traversal Css +1
NVD
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

Visualdata versions up to - is affected by inefficient regular expression complexity (redos) (CVSS 5.3).

Mediawiki Visualdata Red Hat
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Quarkus is a Cloud Native, (Linux) Container First framework for writing Java applications. Prior to versions 3.31.0, 3.27.2, and 3.20.5, a vulnerability exists in the HTTP layer of Quarkus REST related to response handling. When a response is being written, the framework waits for previously written response chunks to be fully transmitted before proceeding. If the client connection is dropped during this waiting period, the associated worker thread is never released and becomes permanently b...

Linux Java Quarkus +1
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Crypt::Sodium::XS for Perl bundles a vulnerable version of libsodium (<= 1.0.20) that has a signature verification flaw. In atypical use cases with custom cryptography, this can compromise data authenticity guarantees. Patch available.

Information Disclosure Red Hat Suse
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, reading multiple invalid cookies can lead to a logging storm. [CVSS 5.3 MEDIUM]

Python Aiohttp Red Hat +1
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, handling of chunked messages can result in excessive blocking CPU usage when receiving a large number of chunks. [CVSS 5.3 MEDIUM]

Python Denial Of Service Aiohttp +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a request to be crafted in such a way that an AIOHTTP server's memory fills up uncontrollably during processing. [CVSS 7.5 HIGH]

Python Aiohttp Red Hat +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow for an infinite loop to occur when assert statements are bypassed, resulting in a DoS attack when processing a POST body. [CVSS 7.5 HIGH]

Python Denial Of Service Aiohttp +2
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser logic which allows non-ASCII decimals to be present in the Range header. [CVSS 5.3 MEDIUM]

Python Aiohttp Red Hat +1
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path traversal. [CVSS 5.3 MEDIUM]

Python Path Traversal Aiohttp +2
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below of the Python HTTP parser may allow a request smuggling attack with the presence of non-ASCII characters. [CVSS 6.5 MEDIUM]

Python Aiohttp Red Hat +1
NVD GitHub
Prev Page 37 of 96 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy