CVE-2026-47205

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.36.0 until 1.36.9, 1.37.5, and 1.38.3, a Use-After-Free UAF vulnerability leading to a sudden segmentation fault exists in Envoy's extauthz HTTP filter when processing per-route authorization overrides...

A Large-Scale Empirical Study on the Generalizability of Disclosed Java Library Vulnerability Exploits

Open-source software supply chain security relies heavily on assessing affected versions of library vulnerabilities. While prior studies have leveraged exploits for verifying vulnerability affected versions, they point out a key limitation that exploits are version-specific and cannot be directly...

CVE-2026-23868

A flaw was found in giflib. This double-free vulnerability, caused by a shallow copy in GifMakeSavedImage and incorrect error handling, may allow an attacker to corrupt memory. While difficult to trigger, successful exploitation could potentially lead to arbitrary code execution or a denial of...

CVE-2026-28691

A flaw was found in ImageMagick. This vulnerability, an uninitialized pointer dereference, exists in the JBIG decoder due to a missing check. A remote attacker could exploit this by providing a specially crafted image file, leading to a denial of service. This could make the ImageMagick applicati...

CVE-2026-27139

A path traversal flaw has been discovered in the golang os module. On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to...

CVE-2025-69651

A flaw was found in binutils. An attacker could exploit this vulnerability by providing a crafted Executable and Linkable Format ELF binary with malformed relocation or symbol data. Processing this malicious binary leads to an invalid pointer free, which triggers memory corruption checks and caus...

CVE-2026-27950

A flaw was found in FreeRDP. An incomplete fix for a heap-use-after-free vulnerability CVE-2026-24680 in the SDL2 implementation allows a remote attacker to trigger a denial of service. The pointer is not nulled after being freed, which can lead to memory corruption. This issue means that...

CVE-2025-61144

A denial of service flaw has been found in libtiff. This stack-based buffer overflow occurs in tiffcrop part of libtiff within the function readSeparateStripsIntoBuffer. When processing a malformed TIFF directory e.g., improper tags/order, missing StripByteCounts, the function overflows a...

CVE-2025-61143

A flaw was found in libtiff. This vulnerability, a NULL pointer dereference, occurs in the tifopen.c component. An attacker could exploit this by providing specially crafted input, leading to a Denial of Service DoS due to an application crash. Mitigation Mitigation for this issue is either not...

CVE-2026-0797

A flaw was found in GIMP. This vulnerability, a heap-based buffer overflow, occurs during the parsing of ICO files. A remote attacker can exploit this by convincing a user to open a malicious file or visit a malicious web page, leading to arbitrary code execution. The issue is due to a lack of...

CVE-2025-69725

A flaw was found in go-chi/chi, a Go programming language HTTP router. This open redirect vulnerability, specifically within the RedirectSlashes function, allows a remote attacker to redirect users to malicious websites. This occurs by manipulating the legitimate website's domain, potentially...

CVE-2026-23901

Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from 1., 2. before 2.0.7. Users are recommended to upgrade to version 2.0.7 or later, which fixes the issue. Prior to Shiro 2.0.7, code paths for non-existent vs. existing users are different enough, tha...

CVE-2026-24683

A heap buffer use after free has been discovered in FreeRDP. ainputsendinputevent caches channelcallback in a local variable and later uses it without synchronization; a concurrent channel close can free or reinitialize the callback, leading to a use after free. Mitigation Mitigation for this iss...

CVE-2020-37121

CODE::BLOCKS 16.01 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler with crafted Unicode characters. Attackers can create a malicious M3U playlist file with 536 bytes of buffer and shellcode to trigger remote code...

CVE-2026-25536

A data leak by way of a race condition has been discovered in the @modelcontextprotocol/sdk npm library. The cross-client response data leak exists when a single McpServer/Server and transport instance is reused across multiple client connections, most commonly in stateless...

CVE-2026-24054

A flaw was found in Kata Containers. When a container image is malformed or lacks layers, the system incorrectly processes the container's root filesystem as a block device. This misidentification can lead to the host's underlying storage device being hotplugged into the virtual machine, causing...

CVE-2026-24047

Backstage is an open framework for building developer portals, and @backstage/cli-common provides config loading functionality used by the backend and command line interface of Backstage. Prior to version 0.1.17, the resolveSafeChildPath utility function in @backstage/backend-plugin-api, which is...

CVE-2025-59465

A denial of service flaw has been discovered in NodeJS. A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of...

CVE-2025-66491

Traefik is an HTTP reverse proxy and load balancer. Versions 3.5.0 through 3.6.2 have inverted TLS verification logic in the nginx.ingress.kubernetes.io/proxy-ssl-verify annotation. Setting the annotation to "on" intending to enable backend TLS certificate verification actually disables...

CVE-2025-52099

No description is available for this CVE. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability...