Skip to main content

Red Hat

8623 CVEs vendor

Monthly

CVE-2025-66648 npm HIGH POC PATCH This Week

vega-functions provides function implementations for the Vega expression language. Prior to version 6.1.1, for sites that allow users to supply untrusted user input, malicious use of an internal function (not part of the public API) could be used to run unintentional javascript (XSS). [CVSS 7.2 HIGH]

XSS Vega Functions Red Hat
NVD GitHub
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-65110 npm HIGH POC PATCH This Week

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to versions 6.1.2 and 5.6.3, applications meeting two conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used. [CVSS 8.1 HIGH]

RCE XSS Vega Red Hat
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-21444 MEDIUM POC PATCH This Month

Improper IV handling in libtpms 0.10.0 and 0.10.1 causes the library to return initial instead of final initialization vectors during symmetric cipher operations with OpenSSL 3.x, potentially weakening cryptographic security for local users who can interact with the TPM emulation. Public exploit code exists for this vulnerability affecting confidentiality of encrypted data. Update to libtpms 0.10.2 to remediate.

OpenSSL TLS Libtpms Red Hat Suse
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-21428 HIGH POC PATCH This Week

Cpp-Httplib versions up to 0.30.0 contains a vulnerability that allows attackers to add extra headers, modify request body unexpectedly & trigger an SSRF attack (CVSS 7.5).

Python SSRF Cpp Httplib Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-69413 Go MEDIUM PATCH This Month

In Gitea before 1.25.2, /api/v1/user has different responses for failed authentication depending on whether a username exists. [CVSS 5.3 MEDIUM]

Information Disclosure Gitea Red Hat Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-68696 Ruby HIGH POC PATCH This Week

Server-Side Request Forgery (SSRF) in HTTParty 0.23.2 and earlier enables remote unauthenticated attackers to force the application to make arbitrary HTTP requests to internal network resources and third-party services, potentially leaking API keys and credentials embedded in outbound requests or accessing internal-only endpoints. Publicly available exploit code exists (GitHub Security Advisory GHSA-hm5p-x4rq-38w4), and the CVSS E:P modifier confirms proof-of-concept exploitation. Vendor-released patch is available via commit 0529bcd, though a tagged release version is not confirmed from provided data. EPSS data not provided, but SSRF vulnerabilities targeting API libraries typically see exploitation within weeks of public disclosure due to their prevalence in cloud-native environments.

SSRF Httparty Red Hat
NVD GitHub
CVSS 4.0
7.8
EPSS
0.1%
CVE-2025-11419 Maven HIGH PATCH GHSA This Week

TLS renegotiation exhaustion in Keycloak allows unauthenticated remote denial of service via repeated client-initiated TLS 1.2 renegotiation requests that drain CPU resources. Affects Red Hat Single Sign-On deployments using TLS 1.2 with client renegotiation enabled. EPSS exploitation probability and KEV status not available at analysis time; CVSS 7.5 (High) reflects network-accessible attack with low complexity but availability impact only. Red Hat has issued multiple security advisories (RHSA-2025:18254, 18255, 18889, 18890) addressing this flaw.

Denial Of Service Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-68340 MEDIUM PATCH This Month

Type confusion in the Linux kernel's team network driver (team_port_add) allows a local user with CAP_NET_ADMIN to corrupt a team device's header_ops state, leading to a kernel hang or BUG(). When an already-UP GRE device is added as a team port, the operation fails but not before team_dev_type_check_change irreversibly replaces eth_header with ipgre_header on the team device; subsequent packet transmission causes ipgre_header() to dereference struct team private data as struct ip_tunnel, triggering a local denial-of-service. No active exploitation has been confirmed (not in CISA KEV), though a syzbot reproducer demonstrates the issue reliably.

Linux Information Disclosure Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-68429 npm HIGH PATCH This Week

Information disclosure in Storybook for Node.js versions 7.0.0 through 10.1.9 exposes environment variables from `.env` files when using `storybook build` command. Unpatched projects building Storybook in directories containing `.env` files risk bundling sensitive credentials into publicly viewable artifacts. Unauthenticated attackers accessing published Storybook bundles can extract secrets from source code. Runtime dev mode, CI builds using platform environment variables, and co-located applications remain unaffected. No public exploit identified at time of analysis.

Information Disclosure Storybook Red Hat
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-43536 MEDIUM PATCH This Month

Use-after-free memory corruption in Apple's WebKit rendering engine allows remote attackers to crash Safari and iOS/iPadOS applications by processing maliciously crafted web content, requiring only user interaction (page visit) and no authentication. The vulnerability affects Safari 26.2, iOS 18.7.3 and iOS 26.2, iPadOS 18.7.3 and iPadOS 26.2, and macOS Tahoe 26.2 and earlier versions. With an EPSS score of 0.06% and no public exploit confirmed, this represents a low real-world exploitation priority despite the moderate CVSS 4.3 severity rating, with impact limited to denial of service through process termination.

Apple Safari iOS macOS Use After Free +5
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-43529 HIGH KEV PATCH THREAT Act Now

WebKit arbitrary code execution via use-after-free memory corruption affects Safari 26.2, iOS/iPadOS 18.7.3 through 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, and watchOS 26.2, allowing remote attackers to execute arbitrary code by convincing users to visit malicious websites. This vulnerability is confirmed actively exploited (CISA KEV) in extremely sophisticated targeted attacks against specific individuals on iOS versions prior to iOS 26, per Apple's security bulletin. EPSS score of 0.12% (32nd percentile) significantly understates real-world risk given confirmed exploitation. Related vulnerability CVE-2025-14174 was issued for the same exploitation campaign, suggesting a complex attack chain targeting Apple ecosystem users.

Apple Use After Free RCE Memory Corruption Red Hat +1
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-68263 CRITICAL PATCH Act Now

Use-after-free in Linux ksmbd IPC handler allows remote unauthenticated attackers to trigger memory corruption via race condition in generic netlink reply processing. The flaw (CVSS 9.8 critical, network-reachable) affects ksmbd's ipc_msg_send_request() function where concurrent access to response buffers occurs without proper locking. EPSS data not provided; no CISA KEV listing identified at time of analysis. Multiple upstream kernel commits available across stable branches indicate vendor-released patches exist.

Linux Linux Kernel Use After Free Red Hat Suse
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-14777 MEDIUM PATCH This Month

Keycloak's admin API endpoints for authorization resource management contain an IDOR vulnerability allowing authenticated administrators with fine-grained permissions for one client to delete or modify resources belonging to other clients within the same realm. The flaw exists in ResourceSetService and PermissionTicketService where authorization checks validate the resourceServer (client) ID from the API request, but backend database operations use only the resourceId, creating a permission bypass. Affected administrators can exploit this with standard HTTP requests to cross-client resource boundaries; no public exploit code identified at time of analysis.

Privilege Escalation Authentication Bypass Red Hat
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-11393 Go HIGH PATCH This Week

Privilege escalation in Red Hat's runtimes-inventory-rhel8-operator lets a standard cluster user act with full cluster-administrator authority on the Red Hat management platform. A misconfigured internal proxy attaches the cluster's main administrative credentials to every command it relays - not just the report traffic it should handle - so any authenticated user can issue admin-level instructions and alter cluster configuration or status. There is no public exploit identified at time of analysis, EPSS is low (0.21%, 12th percentile), and the issue is not in CISA KEV, but the impact is a classic confused-deputy authentication bypass and Red Hat has shipped a fix.

Authentication Bypass Red Hat Suse
NVD
CVSS 3.1
8.7
EPSS
0.2%
CVE-2025-67499 Go MEDIUM PATCH This Month

The CNI portmap plugin versions 1.6.0 through 1.8.0 contain a traffic interception vulnerability when configured with the nftables backend, allowing containers to receive and intercept all traffic destined for their configured HostPort regardless of destination IP address. This affects Linux Foundation's CNI Network Plugins, and an attacker with local privileges and control over a container can intercept traffic intended for other containers or services on the same node. The vulnerability has a published patch available in version 1.9.0, an extremely low EPSS score of 0.02% indicates minimal real-world exploitation likelihood, and there is no indication of active exploitation in the wild.

Information Disclosure Cni Network Plugins Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.6
EPSS
0.0%
CVE-2025-14333 HIGH PATCH This Week

Multiple memory corruption flaws in Firefox and Thunderbird enable remote code execution via network-accessible attack vectors. Mozilla Firefox ESR 140.5, Firefox 145, Thunderbird ESR 140.5, and Thunderbird 145 contain memory safety bugs with evidence of corruption that Mozilla presumes exploitable for arbitrary code execution. Authentication requirements not confirmed from available data (CVSS vector shows PR:N). Vendor-released patches available: Firefox 146, Firefox ESR 140.6, Thunderbird 146, Thunderbird 140.6. EPSS probability is low (0.09%, 25th percentile), and no public exploit identified at time of analysis.

Memory Corruption Mozilla RCE Buffer Overflow Thunderbird +2
NVD VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-14332 HIGH PATCH This Week

Memory corruption vulnerabilities in Mozilla Firefox 145 and Thunderbird 145 enable remote code execution via multiple memory safety bugs. Unauthenticated remote attackers can exploit these flaws (CWE-787 buffer overflow) through network-based attack vectors with low complexity, requiring no user interaction. Mozilla has released patches in Firefox 146 and Thunderbird 146. EPSS score of 0.07% (21st percentile) suggests low observed exploitation probability, and no public exploit identified at time of analysis, though the vendor's assessment indicates memory corruption with exploitable potential.

Memory Corruption Mozilla RCE Buffer Overflow Thunderbird +2
NVD VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-14331 MEDIUM PATCH This Month

Same-origin policy bypass in Firefox and Thunderbird request handling allows unauthenticated remote attackers to access sensitive information from cross-origin resources with low attack complexity and no user interaction required. The vulnerability affects Firefox versions below 146, Firefox ESR below 115.31 and 140.6, Thunderbird below 146, and Thunderbird ESR below 140.6. No public exploit code has been identified at time of analysis, and the EPSS score of 0.04% indicates low real-world exploitation probability despite the moderate CVSS rating.

Mozilla Authentication Bypass Thunderbird Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-14330 CRITICAL PATCH Act Now

Just-In-Time (JIT) compilation flaws in Mozilla's JavaScript engine allow unauthenticated remote attackers to achieve arbitrary code execution with high integrity and availability impact across Firefox and Thunderbird. Affects Firefox <146, Firefox ESR <140.6, Thunderbird <146, and Thunderbird ESR <140.6. Despite a critical CVSS 9.8 score, EPSS probability remains low at 0.09% (25th percentile), and no public exploit or active exploitation (CISA KEV) has been identified at time of analysis. Vendor-released patches are available across all affected product lines.

Mozilla Buffer Overflow Thunderbird Red Hat Suse
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-14329 HIGH PATCH This Week

Privilege escalation in Mozilla Firefox and Thunderbird Netmonitor component allows remote attackers to execute arbitrary code with elevated privileges when users interact with malicious content. Affects Firefox versions prior to 146, Firefox ESR prior to 140.6, Thunderbird prior to 146, and Thunderbird ESR prior to 140.6. Mozilla released patches in January 2025 across all product lines. EPSS score of 0.07% (22nd percentile) indicates low current exploitation probability, with no confirmed active exploitation (not in CISA KEV) and no public exploit code identified at time of analysis. CVSS 8.8 reflects the high impact potential despite requiring user interaction.

Mozilla Privilege Escalation Thunderbird Red Hat Suse
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-14328 HIGH PATCH This Week

Privilege escalation in Mozilla Firefox and Thunderbird's Netmonitor component allows unauthenticated remote attackers to gain elevated privileges via user interaction. Affects Firefox <146, Firefox ESR <140.6, Thunderbird <146, and Thunderbird ESR <140.6. With an 8.8 CVSS score but only 0.07% EPSS (22nd percentile), no public exploit identified at time of analysis, and vendor-released patches available. Not listed in CISA KEV, indicating no confirmed active exploitation.

Mozilla Privilege Escalation Thunderbird Red Hat Suse
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-14327 HIGH PATCH This Week

Downloads Panel in Mozilla Firefox and Thunderbird allows remote spoofing attacks enabling integrity compromise without authentication. Affects Firefox <146, Thunderbird <146, Firefox ESR <140.7, and Thunderbird ESR <140.7. The authentication bypass flaw (CWE-290) permits network-based attackers to manipulate download information displayed to users with low attack complexity and no user interaction required. Despite CVSS 7.5 (High), EPSS score of 0.02% (3rd percentile) indicates minimal real-world exploitation likelihood. No active exploitation confirmed (not in CISA KEV), and no public exploit identified at time of analysis.

Mozilla Authentication Bypass Thunderbird Red Hat Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-14326 CRITICAL PATCH Act Now

Remote code execution in Mozilla Firefox and Thunderbird (pre-146) allows unauthenticated network attackers to execute arbitrary code via a use-after-free flaw in the GMP (Gecko Media Plugin) audio/video component. Despite a critical CVSS 9.8 rating, EPSS probability remains low (0.08%, 23rd percentile), and no public exploit identified at time of analysis. Mozilla patched both products in version 146, with vendor advisories and technical details available via Bugzilla.

Memory Corruption Mozilla Use After Free Information Disclosure Thunderbird +2
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-14325 HIGH PATCH This Week

JIT compiler miscompilation in Mozilla Firefox and Thunderbird's JavaScript engine enables remote attackers to achieve limited confidentiality, integrity, and availability impact without authentication or user interaction. Affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird ESR < 140.6. Vendor-released patches available in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6. No public exploit identified at time of analysis, with EPSS score of 0.11% (30th percentile) indicating low predicted exploitation probability.

Memory Corruption Mozilla Information Disclosure Thunderbird Red Hat +1
NVD VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-14324 CRITICAL PATCH Act Now

JIT compiler miscompilation in Mozilla's JavaScript engine allows remote code execution without authentication in Firefox (versions <146, <115.31 ESR, <140.6 ESR) and Thunderbird (versions <146, <140.6 ESR). The CVSS 9.8 critical score reflects network-based exploitation requiring no user interaction. EPSS score of 0.10% (27th percentile) suggests low predicted exploitation probability despite severity. No public exploit identified at time of analysis, and vendor-released patches are available across all affected product lines per Mozilla security advisories MFSA2025-92 through MFSA2025-96.

Mozilla RCE Code Injection Thunderbird Red Hat +1
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-14323 HIGH PATCH This Week

Privilege escalation in Mozilla Firefox and Thunderbird's DOM Notifications component enables unauthenticated remote attackers to achieve high-severity impacts (confidentiality, integrity, availability) via user interaction. Affects Firefox <146, Firefox ESR <115.31 and <140.6, Thunderbird <146 and <140.6. EPSS exploitation probability is low (0.08%, 23rd percentile), and no public exploit or active exploitation (CISA KEV) has been identified at time of analysis. Vendor-released patches are available across all affected product lines.

Mozilla Privilege Escalation Thunderbird Red Hat Suse
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-14322 HIGH PATCH This Week

Sandbox escape in Mozilla Firefox and Thunderbird's CanvasWebGL component allows remote attackers to bypass security boundaries via crafted web content with user interaction. Affects Firefox <146, Firefox ESR <115.31 and <140.6, Thunderbird <146 and Thunderbird ESR <140.6. EPSS probability is low (0.06%, 20th percentile), and no public exploit identified at time of analysis. The CVSS score of 8.0 reflects high confidentiality and integrity impact with scope change, though attack complexity is high and requires user interaction.

Mozilla Information Disclosure Thunderbird Red Hat Suse
NVD VulDB
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-14321 CRITICAL PATCH Act Now

Remote code execution via use-after-free in Mozilla Firefox and Thunderbird WebRTC signaling allows unauthenticated network attackers to execute arbitrary code without user interaction. Affects Firefox <146, Firefox ESR <140.6, Thunderbird <146, and Thunderbird ESR <140.6. Vendor-released patches available (Firefox 146, Firefox ESR 140.6, Thunderbird 146, Thunderbird 140.6). CVSS 9.8 (critical) reflects maximum technical severity, though EPSS 0.09% (25th percentile) and absence from CISA KEV suggest limited real-world exploitation at time of analysis. No public exploit identified at time of analysis.

Memory Corruption Mozilla Use After Free Information Disclosure Thunderbird +2
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-62408 MEDIUM PATCH This Month

c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using read_answer() and process_answer(), which can cause a Denial of Service. This issue is fixed in version 1.34.6.

Use After Free Memory Corruption Denial Of Service C Ares Red Hat +1
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-66623 Maven HIGH PATCH This Week

Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. From 0.47.0 and prior to 0.49.1, in some situations, Strimzi creates an incorrect Kubernetes Role which grants the Apache Kafka Connect and Apache Kafka MirrorMaker 2 operands the GET access to all Kubernetes Secrets that exist in the given Kubernetes namespace. The issue is fixed in Strimzi 0.49.1.

Information Disclosure Kubernetes Apache Strimzi Red Hat
NVD GitHub
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-66566 Maven HIGH PATCH This Week

yawkat LZ4 Java provides LZ4 compression for Java. Insufficient clearing of the output buffer in Java-based decompressor implementations in lz4-java 1.10.0 and earlier allows remote attackers to read previous buffer contents via crafted compressed input. In applications where the output buffer is reused without being cleared, this may lead to disclosure of sensitive data. JNI-based implementations are not affected. This vulnerability is fixed in 1.10.1.

Information Disclosure Java Ubuntu Debian Red Hat +1
NVD GitHub
CVSS 4.0
8.2
EPSS
0.1%
CVE-2025-66471 PyPI HIGH PATCH This Week

A security vulnerability in version 1.0 and (CVSS 7.5). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Information Disclosure Python Ubuntu Debian Urllib3 +2
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-66418 PyPI HIGH PATCH This Week

urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory allocation for the decompressed data. This vulnerability is fixed in 2.6.0.

Python Denial Of Service Ubuntu Debian Urllib3 +2
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-58098 HIGH POC PATCH This Week

CVE-2025-58098 is a security vulnerability (CVSS 8.3). High severity vulnerability requiring prompt remediation.

Information Disclosure Apache Ubuntu Debian Http Server +3
NVD GitHub
CVSS 3.1
8.3
EPSS
0.0%
CVE-2025-6966 MEDIUM POC PATCH This Month

NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service (process crash) via a crafted deb822 file with a malformed non-UTF-8 key.

Null Pointer Dereference Python Denial Of Service Ubuntu Debian +3
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-13654 HIGH POC PATCH This Week

A stack buffer overflow vulnerability exists in the buffer_get function of duc, a disk management tool, where a condition can evaluate to true due to underflow, allowing an out-of-bounds read.

Buffer Overflow Memory Corruption Ubuntu Debian Duc +2
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-66200 MEDIUM POC PATCH This Month

A security vulnerability in Apache HTTP Server (CVSS 5.4). Remediation should follow standard vulnerability management procedures.

Authentication Bypass Apache Ubuntu Debian Http Server +3
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-65082 MEDIUM PATCH This Month

A security vulnerability in Apache HTTP Server (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Information Disclosure Apache Ubuntu Debian Http Server +3
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-59775 HIGH POC PATCH This Week

Server-Side Request Forgery (SSRF) vulnerability  in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off  allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.66, which fixes the issue.

Microsoft Apache SSRF Ubuntu Debian +5
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-55753 HIGH POC PATCH This Week

An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures (~30 days in default configurations), to the backoff timer becoming 0. Attempts to renew the certificate then are repeated without delays until it succeeds. This issue affects Apache HTTP Server: from 2.4.30 before 2.4.66. Users are recommended to upgrade to version 2.4.66, which fixes the issue.

Buffer Overflow Integer Overflow Apache Ubuntu Debian +4
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-32901 MEDIUM PATCH This Month

In KDE Connect before 1.33.0 on Android, malicious device IDs (sent via broadcast UDP) could cause an application crash.

Google Denial Of Service Ubuntu Android Red Hat +1
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-32899 MEDIUM PATCH This Month

A security vulnerability in KDE Connect (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure Google Ubuntu Android Red Hat +1
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-66564 Go HIGH PATCH This Week

Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps.

Information Disclosure Sigstore Timestamp Authority Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-66506 Go HIGH PATCH This Week

A security vulnerability in Fulcio (CVSS 7.5). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Information Disclosure Ubuntu Debian Fulcio Red Hat +1
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-65945 npm HIGH PATCH This Week

auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature verification vulnerability when using the HS256 algorithm under specific conditions. Applications are affected when they use the jws.createVerify() function for HMAC algorithms and use user-provided data from the JSON Web Signature protected header or payload in HMAC secret lookup routines, which can allow attackers to bypass signature verification. This issue has been patched in versions 3.2.3 and 4.0.1.

Authentication Bypass Node.js Node Jws Red Hat Auth0
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-65637 Go HIGH POC PATCH This Week

A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer() to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving Writer() unusable and causing application unavailability (DoS). This affects versions < 1.8.3, 1.9.0, and 1.9.2. The issue is fixed in 1.8.3, 1.9.1, and 1.9.3+, where the input is chunked and the writer continues to function even if an error is logged.

Denial Of Service Ubuntu Debian Logrus Red Hat +1
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-66516 Maven HIGH POC PATCH This Week

Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same vulnerability as in CVE-2025-54988. However, this CVE expands the scope of affected packages in two ways. First, while the entrypoint for the vulnerability was the tika-parser-pdf-module as reported in CVE-2025-54988, the vulnerability and its fix were in tika-core. Users who upgraded the tika-parser-pdf-module but did not upgrade tika-core to >= 3.2.2 would still be vulnerable. Second, the original report failed to mention that in the 1.x Tika releases, the PDFParser was in the "org.apache.tika:tika-parsers" module.

XXE Apache Ubuntu Debian Tika +1
NVD GitHub
CVSS 3.1
8.4
EPSS
1.5%
CVE-2025-41080 MEDIUM This Month

A stored Cross-Site Scripting (XSS) vulnerability has been found in Seafile v12.0.10. This vulnerability allows an attacker to execute arbitrary code in the victim's browser by storing malicious payloads with POST parámetro 'p' in '/api/v2.1/repos/{repo_id}/file/'.

XSS RCE Debian Seafile Red Hat
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-41079 MEDIUM This Month

A stored Cross-Site Scripting (XSS) vulnerability has been found in Seafile v12.0.10. This vulnerability allows an attacker to execute arbitrary code in the victim's browser by storing malicious payloads with PUT parámetro 'name' in '/api/v2.1/user/'.

XSS RCE Debian Seafile Red Hat
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-66293 HIGH POC PATCH This Week

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later.

Buffer Overflow Information Disclosure Ubuntu Debian Libpng +2
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-66406 Go MEDIUM PATCH This Month

A security vulnerability in Step CA (CVSS 5.0). Remediation should follow standard vulnerability management procedures.

Authentication Bypass Red Hat Suse
NVD GitHub
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-61727 Go MEDIUM PATCH This Month

An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.

Information Disclosure Ubuntu Debian Go Red Hat +1
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-13086 HIGH PATCH This Week

Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.6.15 and 2.7_alpha1 through 2.7_rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client

Denial Of Service Ubuntu Debian Openvpn Red Hat +1
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-66220 Go MEDIUM POC PATCH This Month

Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy’s mTLS certificate matcher for match_typed_subject_alt_names may incorrectly treat certificates containing an embedded null byte (\0) inside an OTHERNAME SAN value as valid matches.

Information Disclosure Debian Envoy Red Hat
NVD GitHub
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-13992 MEDIUM PATCH This Month

Side-channel information leakage in Navigation and Loading in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Google Ubuntu Debian Chrome +2
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-12084 MEDIUM PATCH This Month

CVE-2025-12084 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Information Disclosure Ubuntu Debian Python Red Hat +1
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-64527 Go MEDIUM POC PATCH This Month

Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy crashes when JWT authentication is configured with the remote JWKS fetching, allow_missing_or_failed is enabled, multiple JWT tokens are present in the request headers and the JWKS fetch fails. This is caused by a re-entry bug in the JwksFetcherImpl. When the first token's JWKS fetch fails, onJwksError() callback triggers processing of the second token, which calls fetch() again on the same fetcher object. The original callback's reset() then clears the second fetch's state (receiver_ and request_) which causes a crash when the async HTTP response arrives.

Null Pointer Dereference Denial Of Service Debian Envoy Red Hat
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-13751 MEDIUM PATCH This Month

Interactive service agent in OpenVPN version 2.5.0 through 2.6.16 and 2.7_alpha1 through 2.7_rc2 on Windows allows a local authenticated user to connect to the service and trigger an error causing a local denial of service.

Microsoft Denial Of Service Debian Openvpn Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-55182 npm CRITICAL POC KEV EUVD KEV PATCH THREAT Act Now

React Server Components in React 19.x contain a critical pre-authentication remote code execution vulnerability (CVE-2025-55182, CVSS 10.0) through unsafe deserialization of HTTP request payloads. With EPSS 71.1% and KEV listing, this vulnerability affects any application using React Server Components with react-server-dom-webpack, react-server-dom-turbopack, or react-server-dom-parcel — enabling complete server compromise through a single HTTP request.

Deserialization RCE React Next.Js Red Hat +1
NVD GitHub Exploit-DB VulDB
CVSS 3.1
10.0
EPSS
71.1%
Threat
9.1
CVE-2025-12744 HIGH POC PATCH This Week

A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them directly into a shell command (docker inspect %s) without proper validation. An unprivileged local user can craft a payload that injects shell metacharacters, causing the root-running ABRT process to execute attacker-controlled commands and ultimately gain full root privileges.

Docker Command Injection Red Hat Suse
NVD Exploit-DB VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-13946 MEDIUM POC PATCH This Month

MEGACO dissector infinite loop in Wireshark 4.6.0 to 4.6.1 and 4.4.0 to 4.4.11 allows denial of service

Denial Of Service Ubuntu Debian Wireshark Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-13945 MEDIUM POC PATCH This Month

HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of service

Denial Of Service Ubuntu Debian Wireshark Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-66476 HIGH PATCH This Week

Vim is an open source, command line text editor. Prior to version 9.1.1947, an uncontrolled search path vulnerability on Windows allows Vim to execute malicious executables placed in the current working directory for the current edited file. On Windows, when using cmd.exe as a shell, Vim resolves external commands by searching the current working directory before system paths. When Vim invokes tools such as findstr for :grep, external commands or filters via :!, or compiler/:make commands, it may inadvertently run a malicious executable present in the same directory as the file being edited. The issue affects Vim for Windows prior to version 9.1.1947.

Information Disclosure Microsoft Ubuntu Debian Vim +2
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-66416 PyPI HIGH POC PATCH GHSA This Week

CVE-2025-66416 is a security vulnerability (CVSS 8.1) that allows dns rebinding protection. High severity vulnerability requiring prompt remediation. Vendor patch is available.

Authentication Bypass Python Mcp Python Sdk Red Hat
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-61729 Go HIGH PATCH This Week

Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.

Information Disclosure Ubuntu Debian Go Red Hat +1
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-57850 MEDIUM This Month

A container privilege escalation flaw was found in certain CodeReady Workspaces images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.

Privilege Escalation Red Hat
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-13721 HIGH PATCH This Week

Race in v8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Google Information Disclosure Race Condition Ubuntu Debian +3
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-13720 HIGH PATCH This Week

Bad cast in Loader in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Google Information Disclosure Ubuntu Debian Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-13639 HIGH PATCH This Week

Inappropriate implementation in WebRTC in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Low)

Google XSS Ubuntu Debian Chrome +2
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-13638 HIGH PATCH This Week

Use after free in Media Stream in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)

Google Denial Of Service Memory Corruption Use After Free Ubuntu +4
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-13637 MEDIUM PATCH This Month

A security vulnerability in Downloads in Google Chrome (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Google Authentication Bypass Ubuntu Debian Chrome +2
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-13636 MEDIUM PATCH This Month

Inappropriate implementation in Split View in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted domain name. (Chromium security severity: Low)

Google Authentication Bypass Ubuntu Debian Chrome +2
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-13635 MEDIUM PATCH This Month

Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a local attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Google Authentication Bypass Ubuntu Debian Chrome +2
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-13633 HIGH PATCH This Week

Use after free in Digital Credentials in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Google Denial Of Service Memory Corruption Use After Free Ubuntu +4
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-13632 MEDIUM PATCH This Month

A security vulnerability in DevTools in Google Chrome (CVSS 5.4). Remediation should follow standard vulnerability management procedures.

Google Information Disclosure Ubuntu Debian Chrome +2
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-13630 HIGH PATCH This Week

Type Confusion in V8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Google Information Disclosure Memory Corruption Ubuntu Debian +3
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-65105 Go MEDIUM PATCH This Month

A remote code execution vulnerability in Apptainer (CVSS 4.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Information Disclosure Debian Red Hat Ubuntu Apptainer +1
NVD GitHub
CVSS 3.1
4.5
EPSS
0.0%
CVE-2025-64460 PyPI HIGH PATCH This Week

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in `django.core.serializers.xml_serializer.getInnerText()` allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML input processed by the XML `Deserializer`. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Seokchan Yoon for reporting this issue.

Information Disclosure Python Ubuntu Debian Django +2
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-13372 PyPI MEDIUM PATCH This Month

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. `FilteredRelation` is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the `**kwargs` passed to `QuerySet.annotate()` or `QuerySet.alias()` on PostgreSQL. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Stackered for reporting this issue.

SQLi PostgreSQL Python Ubuntu Debian +3
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-10543 Go MEDIUM PATCH This Month

A security vulnerability in Eclipse Paho Go MQTT (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure Paho Mqtt Red Hat Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-66448 PyPI HIGH PATCH GHSA This Week

vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.11.1, vllm has a critical remote code execution vector in a config class named Nemotron_Nano_VL_Config. When vllm loads a model config that contains an auto_map entry, the config class resolves that mapping with get_class_from_dynamic_module(...) and immediately instantiates the returned class. This fetches and executes Python from the remote repository referenced in the auto_map string. Crucially, this happens even when the caller explicitly sets trust_remote_code=False in vllm.transformers_utils.config.get_config. In practice, an attacker can publish a benign-looking frontend repo whose config.json points via auto_map to a separate malicious backend repo; loading the frontend will silently run the backend’s code on the victim host. This vulnerability is fixed in 0.11.1.

RCE Python Code Injection Debian Vllm +1
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-66415 npm MEDIUM PATCH This Month

A security vulnerability in to forward the current HTTP request to another server. (CVSS 5.4). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Information Disclosure Reply From Red Hat
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-66400 npm MEDIUM PATCH This Month

mdast-util-to-hast is an mdast utility to transform to hast. From 13.0.0 to before 13.2.1, multiple (unprefixed) classnames could be added in markdown source by using character references. This could make rendered user supplied markdown code elements appear like the rest of the page. This vulnerability is fixed in 13.2.1.

Information Disclosure Mdast Util To Hast Red Hat Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-13837 MEDIUM PATCH This Month

When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues

Denial Of Service Ubuntu Debian Python Red Hat +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-64775 Maven HIGH POC PATCH This Week

Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.0, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.

Denial Of Service Apache Ubuntu Debian Struts +1
NVD GitHub HeroDevs VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-27232 MEDIUM PATCH This Month

An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss.

SSRF Ubuntu Debian Frontend Red Hat +1
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-66221 PyPI MEDIUM PATCH This Month

Werkzeug is a comprehensive WSGI web application library. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Microsoft Werkzeug Windows Red Hat +1
NVD GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2025-61915 MEDIUM POC PATCH This Month

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Cups Red Hat Suse
NVD GitHub
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-58436 MEDIUM POC PATCH This Month

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. Public exploit code available.

Denial Of Service Cups Red Hat Suse
NVD GitHub
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-66034 PyPI MEDIUM POC PATCH This Month

fontTools is a library for manipulating fonts, written in Python. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required. Public exploit code available.

RCE Python Fonttools Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
EPSS 0% CVSS 7.2
HIGH POC PATCH This Week

vega-functions provides function implementations for the Vega expression language. Prior to version 6.1.1, for sites that allow users to supply untrusted user input, malicious use of an internal function (not part of the public API) could be used to run unintentional javascript (XSS). [CVSS 7.2 HIGH]

XSS Vega Functions Red Hat
NVD GitHub
EPSS 0% CVSS 8.1
HIGH POC PATCH This Week

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to versions 6.1.2 and 5.6.3, applications meeting two conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used. [CVSS 8.1 HIGH]

RCE XSS Vega +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

Improper IV handling in libtpms 0.10.0 and 0.10.1 causes the library to return initial instead of final initialization vectors during symmetric cipher operations with OpenSSL 3.x, potentially weakening cryptographic security for local users who can interact with the TPM emulation. Public exploit code exists for this vulnerability affecting confidentiality of encrypted data. Update to libtpms 0.10.2 to remediate.

OpenSSL TLS Libtpms +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Cpp-Httplib versions up to 0.30.0 contains a vulnerability that allows attackers to add extra headers, modify request body unexpectedly & trigger an SSRF attack (CVSS 7.5).

Python SSRF Cpp Httplib +2
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

In Gitea before 1.25.2, /api/v1/user has different responses for failed authentication depending on whether a username exists. [CVSS 5.3 MEDIUM]

Information Disclosure Gitea Red Hat +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

Server-Side Request Forgery (SSRF) in HTTParty 0.23.2 and earlier enables remote unauthenticated attackers to force the application to make arbitrary HTTP requests to internal network resources and third-party services, potentially leaking API keys and credentials embedded in outbound requests or accessing internal-only endpoints. Publicly available exploit code exists (GitHub Security Advisory GHSA-hm5p-x4rq-38w4), and the CVSS E:P modifier confirms proof-of-concept exploitation. Vendor-released patch is available via commit 0529bcd, though a tagged release version is not confirmed from provided data. EPSS data not provided, but SSRF vulnerabilities targeting API libraries typically see exploitation within weeks of public disclosure due to their prevalence in cloud-native environments.

SSRF Httparty Red Hat
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

TLS renegotiation exhaustion in Keycloak allows unauthenticated remote denial of service via repeated client-initiated TLS 1.2 renegotiation requests that drain CPU resources. Affects Red Hat Single Sign-On deployments using TLS 1.2 with client renegotiation enabled. EPSS exploitation probability and KEV status not available at analysis time; CVSS 7.5 (High) reflects network-accessible attack with low complexity but availability impact only. Red Hat has issued multiple security advisories (RHSA-2025:18254, 18255, 18889, 18890) addressing this flaw.

Denial Of Service Red Hat
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Type confusion in the Linux kernel's team network driver (team_port_add) allows a local user with CAP_NET_ADMIN to corrupt a team device's header_ops state, leading to a kernel hang or BUG(). When an already-UP GRE device is added as a team port, the operation fails but not before team_dev_type_check_change irreversibly replaces eth_header with ipgre_header on the team device; subsequent packet transmission causes ipgre_header() to dereference struct team private data as struct ip_tunnel, triggering a local denial-of-service. No active exploitation has been confirmed (not in CISA KEV), though a syzbot reproducer demonstrates the issue reliably.

Linux Information Disclosure Red Hat +1
NVD
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Information disclosure in Storybook for Node.js versions 7.0.0 through 10.1.9 exposes environment variables from `.env` files when using `storybook build` command. Unpatched projects building Storybook in directories containing `.env` files risk bundling sensitive credentials into publicly viewable artifacts. Unauthenticated attackers accessing published Storybook bundles can extract secrets from source code. Runtime dev mode, CI builds using platform environment variables, and co-located applications remain unaffected. No public exploit identified at time of analysis.

Information Disclosure Storybook Red Hat
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Use-after-free memory corruption in Apple's WebKit rendering engine allows remote attackers to crash Safari and iOS/iPadOS applications by processing maliciously crafted web content, requiring only user interaction (page visit) and no authentication. The vulnerability affects Safari 26.2, iOS 18.7.3 and iOS 26.2, iPadOS 18.7.3 and iPadOS 26.2, and macOS Tahoe 26.2 and earlier versions. With an EPSS score of 0.06% and no public exploit confirmed, this represents a low real-world exploitation priority despite the moderate CVSS 4.3 severity rating, with impact limited to denial of service through process termination.

Apple Safari iOS +7
NVD
EPSS 0% CVSS 8.8
HIGH KEV PATCH THREAT Act Now

WebKit arbitrary code execution via use-after-free memory corruption affects Safari 26.2, iOS/iPadOS 18.7.3 through 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, and watchOS 26.2, allowing remote attackers to execute arbitrary code by convincing users to visit malicious websites. This vulnerability is confirmed actively exploited (CISA KEV) in extremely sophisticated targeted attacks against specific individuals on iOS versions prior to iOS 26, per Apple's security bulletin. EPSS score of 0.12% (32nd percentile) significantly understates real-world risk given confirmed exploitation. Related vulnerability CVE-2025-14174 was issued for the same exploitation campaign, suggesting a complex attack chain targeting Apple ecosystem users.

Apple Use After Free RCE +3
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Use-after-free in Linux ksmbd IPC handler allows remote unauthenticated attackers to trigger memory corruption via race condition in generic netlink reply processing. The flaw (CVSS 9.8 critical, network-reachable) affects ksmbd's ipc_msg_send_request() function where concurrent access to response buffers occurs without proper locking. EPSS data not provided; no CISA KEV listing identified at time of analysis. Multiple upstream kernel commits available across stable branches indicate vendor-released patches exist.

Linux Linux Kernel Use After Free +2
NVD
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

Keycloak's admin API endpoints for authorization resource management contain an IDOR vulnerability allowing authenticated administrators with fine-grained permissions for one client to delete or modify resources belonging to other clients within the same realm. The flaw exists in ResourceSetService and PermissionTicketService where authorization checks validate the resourceServer (client) ID from the API request, but backend database operations use only the resourceId, creating a permission bypass. Affected administrators can exploit this with standard HTTP requests to cross-client resource boundaries; no public exploit code identified at time of analysis.

Privilege Escalation Authentication Bypass Red Hat
NVD
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Privilege escalation in Red Hat's runtimes-inventory-rhel8-operator lets a standard cluster user act with full cluster-administrator authority on the Red Hat management platform. A misconfigured internal proxy attaches the cluster's main administrative credentials to every command it relays - not just the report traffic it should handle - so any authenticated user can issue admin-level instructions and alter cluster configuration or status. There is no public exploit identified at time of analysis, EPSS is low (0.21%, 12th percentile), and the issue is not in CISA KEV, but the impact is a classic confused-deputy authentication bypass and Red Hat has shipped a fix.

Authentication Bypass Red Hat Suse
NVD
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

The CNI portmap plugin versions 1.6.0 through 1.8.0 contain a traffic interception vulnerability when configured with the nftables backend, allowing containers to receive and intercept all traffic destined for their configured HostPort regardless of destination IP address. This affects Linux Foundation's CNI Network Plugins, and an attacker with local privileges and control over a container can intercept traffic intended for other containers or services on the same node. The vulnerability has a published patch available in version 1.9.0, an extremely low EPSS score of 0.02% indicates minimal real-world exploitation likelihood, and there is no indication of active exploitation in the wild.

Information Disclosure Cni Network Plugins Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Multiple memory corruption flaws in Firefox and Thunderbird enable remote code execution via network-accessible attack vectors. Mozilla Firefox ESR 140.5, Firefox 145, Thunderbird ESR 140.5, and Thunderbird 145 contain memory safety bugs with evidence of corruption that Mozilla presumes exploitable for arbitrary code execution. Authentication requirements not confirmed from available data (CVSS vector shows PR:N). Vendor-released patches available: Firefox 146, Firefox ESR 140.6, Thunderbird 146, Thunderbird 140.6. EPSS probability is low (0.09%, 25th percentile), and no public exploit identified at time of analysis.

Memory Corruption Mozilla RCE +4
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Memory corruption vulnerabilities in Mozilla Firefox 145 and Thunderbird 145 enable remote code execution via multiple memory safety bugs. Unauthenticated remote attackers can exploit these flaws (CWE-787 buffer overflow) through network-based attack vectors with low complexity, requiring no user interaction. Mozilla has released patches in Firefox 146 and Thunderbird 146. EPSS score of 0.07% (21st percentile) suggests low observed exploitation probability, and no public exploit identified at time of analysis, though the vendor's assessment indicates memory corruption with exploitable potential.

Memory Corruption Mozilla RCE +4
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Same-origin policy bypass in Firefox and Thunderbird request handling allows unauthenticated remote attackers to access sensitive information from cross-origin resources with low attack complexity and no user interaction required. The vulnerability affects Firefox versions below 146, Firefox ESR below 115.31 and 140.6, Thunderbird below 146, and Thunderbird ESR below 140.6. No public exploit code has been identified at time of analysis, and the EPSS score of 0.04% indicates low real-world exploitation probability despite the moderate CVSS rating.

Mozilla Authentication Bypass Thunderbird +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Just-In-Time (JIT) compilation flaws in Mozilla's JavaScript engine allow unauthenticated remote attackers to achieve arbitrary code execution with high integrity and availability impact across Firefox and Thunderbird. Affects Firefox <146, Firefox ESR <140.6, Thunderbird <146, and Thunderbird ESR <140.6. Despite a critical CVSS 9.8 score, EPSS probability remains low at 0.09% (25th percentile), and no public exploit or active exploitation (CISA KEV) has been identified at time of analysis. Vendor-released patches are available across all affected product lines.

Mozilla Buffer Overflow Thunderbird +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Privilege escalation in Mozilla Firefox and Thunderbird Netmonitor component allows remote attackers to execute arbitrary code with elevated privileges when users interact with malicious content. Affects Firefox versions prior to 146, Firefox ESR prior to 140.6, Thunderbird prior to 146, and Thunderbird ESR prior to 140.6. Mozilla released patches in January 2025 across all product lines. EPSS score of 0.07% (22nd percentile) indicates low current exploitation probability, with no confirmed active exploitation (not in CISA KEV) and no public exploit code identified at time of analysis. CVSS 8.8 reflects the high impact potential despite requiring user interaction.

Mozilla Privilege Escalation Thunderbird +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Privilege escalation in Mozilla Firefox and Thunderbird's Netmonitor component allows unauthenticated remote attackers to gain elevated privileges via user interaction. Affects Firefox <146, Firefox ESR <140.6, Thunderbird <146, and Thunderbird ESR <140.6. With an 8.8 CVSS score but only 0.07% EPSS (22nd percentile), no public exploit identified at time of analysis, and vendor-released patches available. Not listed in CISA KEV, indicating no confirmed active exploitation.

Mozilla Privilege Escalation Thunderbird +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Downloads Panel in Mozilla Firefox and Thunderbird allows remote spoofing attacks enabling integrity compromise without authentication. Affects Firefox <146, Thunderbird <146, Firefox ESR <140.7, and Thunderbird ESR <140.7. The authentication bypass flaw (CWE-290) permits network-based attackers to manipulate download information displayed to users with low attack complexity and no user interaction required. Despite CVSS 7.5 (High), EPSS score of 0.02% (3rd percentile) indicates minimal real-world exploitation likelihood. No active exploitation confirmed (not in CISA KEV), and no public exploit identified at time of analysis.

Mozilla Authentication Bypass Thunderbird +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Remote code execution in Mozilla Firefox and Thunderbird (pre-146) allows unauthenticated network attackers to execute arbitrary code via a use-after-free flaw in the GMP (Gecko Media Plugin) audio/video component. Despite a critical CVSS 9.8 rating, EPSS probability remains low (0.08%, 23rd percentile), and no public exploit identified at time of analysis. Mozilla patched both products in version 146, with vendor advisories and technical details available via Bugzilla.

Memory Corruption Mozilla Use After Free +4
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

JIT compiler miscompilation in Mozilla Firefox and Thunderbird's JavaScript engine enables remote attackers to achieve limited confidentiality, integrity, and availability impact without authentication or user interaction. Affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird ESR < 140.6. Vendor-released patches available in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6. No public exploit identified at time of analysis, with EPSS score of 0.11% (30th percentile) indicating low predicted exploitation probability.

Memory Corruption Mozilla Information Disclosure +3
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

JIT compiler miscompilation in Mozilla's JavaScript engine allows remote code execution without authentication in Firefox (versions <146, <115.31 ESR, <140.6 ESR) and Thunderbird (versions <146, <140.6 ESR). The CVSS 9.8 critical score reflects network-based exploitation requiring no user interaction. EPSS score of 0.10% (27th percentile) suggests low predicted exploitation probability despite severity. No public exploit identified at time of analysis, and vendor-released patches are available across all affected product lines per Mozilla security advisories MFSA2025-92 through MFSA2025-96.

Mozilla RCE Code Injection +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Privilege escalation in Mozilla Firefox and Thunderbird's DOM Notifications component enables unauthenticated remote attackers to achieve high-severity impacts (confidentiality, integrity, availability) via user interaction. Affects Firefox <146, Firefox ESR <115.31 and <140.6, Thunderbird <146 and <140.6. EPSS exploitation probability is low (0.08%, 23rd percentile), and no public exploit or active exploitation (CISA KEV) has been identified at time of analysis. Vendor-released patches are available across all affected product lines.

Mozilla Privilege Escalation Thunderbird +2
NVD VulDB
EPSS 0% CVSS 8.0
HIGH PATCH This Week

Sandbox escape in Mozilla Firefox and Thunderbird's CanvasWebGL component allows remote attackers to bypass security boundaries via crafted web content with user interaction. Affects Firefox <146, Firefox ESR <115.31 and <140.6, Thunderbird <146 and Thunderbird ESR <140.6. EPSS probability is low (0.06%, 20th percentile), and no public exploit identified at time of analysis. The CVSS score of 8.0 reflects high confidentiality and integrity impact with scope change, though attack complexity is high and requires user interaction.

Mozilla Information Disclosure Thunderbird +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Remote code execution via use-after-free in Mozilla Firefox and Thunderbird WebRTC signaling allows unauthenticated network attackers to execute arbitrary code without user interaction. Affects Firefox <146, Firefox ESR <140.6, Thunderbird <146, and Thunderbird ESR <140.6. Vendor-released patches available (Firefox 146, Firefox ESR 140.6, Thunderbird 146, Thunderbird 140.6). CVSS 9.8 (critical) reflects maximum technical severity, though EPSS 0.09% (25th percentile) and absence from CISA KEV suggest limited real-world exploitation at time of analysis. No public exploit identified at time of analysis.

Memory Corruption Mozilla Use After Free +4
NVD VulDB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using read_answer() and process_answer(), which can cause a Denial of Service. This issue is fixed in version 1.34.6.

Use After Free Memory Corruption Denial Of Service +3
NVD GitHub
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. From 0.47.0 and prior to 0.49.1, in some situations, Strimzi creates an incorrect Kubernetes Role which grants the Apache Kafka Connect and Apache Kafka MirrorMaker 2 operands the GET access to all Kubernetes Secrets that exist in the given Kubernetes namespace. The issue is fixed in Strimzi 0.49.1.

Information Disclosure Kubernetes Apache +2
NVD GitHub
EPSS 0% CVSS 8.2
HIGH PATCH This Week

yawkat LZ4 Java provides LZ4 compression for Java. Insufficient clearing of the output buffer in Java-based decompressor implementations in lz4-java 1.10.0 and earlier allows remote attackers to read previous buffer contents via crafted compressed input. In applications where the output buffer is reused without being cleared, this may lead to disclosure of sensitive data. JNI-based implementations are not affected. This vulnerability is fixed in 1.10.1.

Information Disclosure Java Ubuntu +3
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

A security vulnerability in version 1.0 and (CVSS 7.5). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Information Disclosure Python Ubuntu +4
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory allocation for the decompressed data. This vulnerability is fixed in 2.6.0.

Python Denial Of Service Ubuntu +4
NVD GitHub
EPSS 0% CVSS 8.3
HIGH POC PATCH This Week

CVE-2025-58098 is a security vulnerability (CVSS 8.3). High severity vulnerability requiring prompt remediation.

Information Disclosure Apache Ubuntu +5
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service (process crash) via a crafted deb822 file with a malformed non-UTF-8 key.

Null Pointer Dereference Python Denial Of Service +5
NVD
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

A stack buffer overflow vulnerability exists in the buffer_get function of duc, a disk management tool, where a condition can evaluate to true due to underflow, allowing an out-of-bounds read.

Buffer Overflow Memory Corruption Ubuntu +4
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

A security vulnerability in Apache HTTP Server (CVSS 5.4). Remediation should follow standard vulnerability management procedures.

Authentication Bypass Apache Ubuntu +5
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A security vulnerability in Apache HTTP Server (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Information Disclosure Apache Ubuntu +5
NVD
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Server-Side Request Forgery (SSRF) vulnerability  in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off  allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.66, which fixes the issue.

Microsoft Apache SSRF +7
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures (~30 days in default configurations), to the backoff timer becoming 0. Attempts to renew the certificate then are repeated without delays until it succeeds. This issue affects Apache HTTP Server: from 2.4.30 before 2.4.66. Users are recommended to upgrade to version 2.4.66, which fixes the issue.

Buffer Overflow Integer Overflow Apache +6
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

In KDE Connect before 1.33.0 on Android, malicious device IDs (sent via broadcast UDP) could cause an application crash.

Google Denial Of Service Ubuntu +3
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

A security vulnerability in KDE Connect (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure Google Ubuntu +3
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps.

Information Disclosure Sigstore Timestamp Authority Red Hat +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

A security vulnerability in Fulcio (CVSS 7.5). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Information Disclosure Ubuntu Debian +3
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature verification vulnerability when using the HS256 algorithm under specific conditions. Applications are affected when they use the jws.createVerify() function for HMAC algorithms and use user-provided data from the JSON Web Signature protected header or payload in HMAC secret lookup routines, which can allow attackers to bypass signature verification. This issue has been patched in versions 3.2.3 and 4.0.1.

Authentication Bypass Node.js Node Jws +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer() to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving Writer() unusable and causing application unavailability (DoS). This affects versions < 1.8.3, 1.9.0, and 1.9.2. The issue is fixed in 1.8.3, 1.9.1, and 1.9.3+, where the input is chunked and the writer continues to function even if an error is logged.

Denial Of Service Ubuntu Debian +3
NVD GitHub
EPSS 1% CVSS 8.4
HIGH POC PATCH This Week

Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same vulnerability as in CVE-2025-54988. However, this CVE expands the scope of affected packages in two ways. First, while the entrypoint for the vulnerability was the tika-parser-pdf-module as reported in CVE-2025-54988, the vulnerability and its fix were in tika-core. Users who upgraded the tika-parser-pdf-module but did not upgrade tika-core to >= 3.2.2 would still be vulnerable. Second, the original report failed to mention that in the 1.x Tika releases, the PDFParser was in the "org.apache.tika:tika-parsers" module.

XXE Apache Ubuntu +3
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

A stored Cross-Site Scripting (XSS) vulnerability has been found in Seafile v12.0.10. This vulnerability allows an attacker to execute arbitrary code in the victim's browser by storing malicious payloads with POST parámetro 'p' in '/api/v2.1/repos/{repo_id}/file/'.

XSS RCE Debian +2
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A stored Cross-Site Scripting (XSS) vulnerability has been found in Seafile v12.0.10. This vulnerability allows an attacker to execute arbitrary code in the victim's browser by storing malicious payloads with PUT parámetro 'name' in '/api/v2.1/user/'.

XSS RCE Debian +2
NVD
EPSS 0% CVSS 7.1
HIGH POC PATCH This Week

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later.

Buffer Overflow Information Disclosure Ubuntu +4
NVD GitHub
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

A security vulnerability in Step CA (CVSS 5.0). Remediation should follow standard vulnerability management procedures.

Authentication Bypass Red Hat Suse
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.

Information Disclosure Ubuntu Debian +3
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.6.15 and 2.7_alpha1 through 2.7_rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client

Denial Of Service Ubuntu Debian +3
NVD
EPSS 0% CVSS 5.0
MEDIUM POC PATCH This Month

Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy’s mTLS certificate matcher for match_typed_subject_alt_names may incorrectly treat certificates containing an embedded null byte (\0) inside an OTHERNAME SAN value as valid matches.

Information Disclosure Debian Envoy +1
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Side-channel information leakage in Navigation and Loading in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Google Ubuntu +4
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

CVE-2025-12084 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Information Disclosure Ubuntu Debian +3
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy crashes when JWT authentication is configured with the remote JWKS fetching, allow_missing_or_failed is enabled, multiple JWT tokens are present in the request headers and the JWKS fetch fails. This is caused by a re-entry bug in the JwksFetcherImpl. When the first token's JWKS fetch fails, onJwksError() callback triggers processing of the second token, which calls fetch() again on the same fetcher object. The original callback's reset() then clears the second fetch's state (receiver_ and request_) which causes a crash when the async HTTP response arrives.

Null Pointer Dereference Denial Of Service Debian +2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Interactive service agent in OpenVPN version 2.5.0 through 2.6.16 and 2.7_alpha1 through 2.7_rc2 on Windows allows a local authenticated user to connect to the service and trigger an error causing a local denial of service.

Microsoft Denial Of Service Debian +3
NVD
EPSS 71% 9.1 CVSS 10.0
CRITICAL POC KEV EUVD KEV PATCH THREAT Act Now

React Server Components in React 19.x contain a critical pre-authentication remote code execution vulnerability (CVE-2025-55182, CVSS 10.0) through unsafe deserialization of HTTP request payloads. With EPSS 71.1% and KEV listing, this vulnerability affects any application using React Server Components with react-server-dom-webpack, react-server-dom-turbopack, or react-server-dom-parcel — enabling complete server compromise through a single HTTP request.

Deserialization RCE React +3
NVD GitHub Exploit-DB VulDB
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them directly into a shell command (docker inspect %s) without proper validation. An unprivileged local user can craft a payload that injects shell metacharacters, causing the root-running ABRT process to execute attacker-controlled commands and ultimately gain full root privileges.

Docker Command Injection Red Hat +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

MEGACO dissector infinite loop in Wireshark 4.6.0 to 4.6.1 and 4.4.0 to 4.4.11 allows denial of service

Denial Of Service Ubuntu Debian +3
NVD
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of service

Denial Of Service Ubuntu Debian +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Vim is an open source, command line text editor. Prior to version 9.1.1947, an uncontrolled search path vulnerability on Windows allows Vim to execute malicious executables placed in the current working directory for the current edited file. On Windows, when using cmd.exe as a shell, Vim resolves external commands by searching the current working directory before system paths. When Vim invokes tools such as findstr for :grep, external commands or filters via :!, or compiler/:make commands, it may inadvertently run a malicious executable present in the same directory as the file being edited. The issue affects Vim for Windows prior to version 9.1.1947.

Information Disclosure Microsoft Ubuntu +4
NVD GitHub
EPSS 0% CVSS 8.1
HIGH POC PATCH This Week

CVE-2025-66416 is a security vulnerability (CVSS 8.1) that allows dns rebinding protection. High severity vulnerability requiring prompt remediation. Vendor patch is available.

Authentication Bypass Python Mcp Python Sdk +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.

Information Disclosure Ubuntu Debian +3
NVD VulDB
EPSS 0% CVSS 6.4
MEDIUM This Month

A container privilege escalation flaw was found in certain CodeReady Workspaces images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.

Privilege Escalation Red Hat
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Race in v8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Google Information Disclosure Race Condition +5
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Bad cast in Loader in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Google Information Disclosure Ubuntu +4
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Inappropriate implementation in WebRTC in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Low)

Google XSS Ubuntu +4
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Media Stream in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)

Google Denial Of Service Memory Corruption +6
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

A security vulnerability in Downloads in Google Chrome (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Google Authentication Bypass Ubuntu +4
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Inappropriate implementation in Split View in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted domain name. (Chromium security severity: Low)

Google Authentication Bypass Ubuntu +4
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a local attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Google Authentication Bypass Ubuntu +4
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Digital Credentials in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Google Denial Of Service Memory Corruption +6
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

A security vulnerability in DevTools in Google Chrome (CVSS 5.4). Remediation should follow standard vulnerability management procedures.

Google Information Disclosure Ubuntu +4
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Type Confusion in V8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Google Information Disclosure Memory Corruption +5
NVD
EPSS 0% CVSS 4.5
MEDIUM PATCH This Month

A remote code execution vulnerability in Apptainer (CVSS 4.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Information Disclosure Debian Red Hat +3
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in `django.core.serializers.xml_serializer.getInnerText()` allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML input processed by the XML `Deserializer`. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Seokchan Yoon for reporting this issue.

Information Disclosure Python Ubuntu +4
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. `FilteredRelation` is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the `**kwargs` passed to `QuerySet.annotate()` or `QuerySet.alias()` on PostgreSQL. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Stackered for reporting this issue.

SQLi PostgreSQL Python +5
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

A security vulnerability in Eclipse Paho Go MQTT (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure Paho Mqtt Red Hat +1
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.11.1, vllm has a critical remote code execution vector in a config class named Nemotron_Nano_VL_Config. When vllm loads a model config that contains an auto_map entry, the config class resolves that mapping with get_class_from_dynamic_module(...) and immediately instantiates the returned class. This fetches and executes Python from the remote repository referenced in the auto_map string. Crucially, this happens even when the caller explicitly sets trust_remote_code=False in vllm.transformers_utils.config.get_config. In practice, an attacker can publish a benign-looking frontend repo whose config.json points via auto_map to a separate malicious backend repo; loading the frontend will silently run the backend’s code on the victim host. This vulnerability is fixed in 0.11.1.

RCE Python Code Injection +3
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

A security vulnerability in to forward the current HTTP request to another server. (CVSS 5.4). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Information Disclosure Reply From Red Hat
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

mdast-util-to-hast is an mdast utility to transform to hast. From 13.0.0 to before 13.2.1, multiple (unprefixed) classnames could be added in markdown source by using character references. This could make rendered user supplied markdown code elements appear like the rest of the page. This vulnerability is fixed in 13.2.1.

Information Disclosure Mdast Util To Hast Red Hat +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues

Denial Of Service Ubuntu Debian +3
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.0, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.

Denial Of Service Apache Ubuntu +3
NVD GitHub HeroDevs VulDB
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss.

SSRF Ubuntu Debian +3
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Werkzeug is a comprehensive WSGI web application library. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Microsoft Werkzeug +3
NVD GitHub
EPSS 0% CVSS 6.0
MEDIUM POC PATCH This Month

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Cups Red Hat +1
NVD GitHub
EPSS 0% CVSS 5.1
MEDIUM POC PATCH This Month

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. Public exploit code available.

Denial Of Service Cups Red Hat +1
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM POC PATCH This Month

fontTools is a library for manipulating fonts, written in Python. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required. Public exploit code available.

RCE Python Fonttools +2
NVD GitHub VulDB
Prev Page 38 of 96 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy