EUVD-2026-30410

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed integer overflow in QueryRGBBufferSizeInternal in DPXColorConverter.cpp leads to a heap-based out-of-bounds write when...

CVE-2025-47908

A flaw was found in github.com/rs/cors. The middleware exhibits excessive heap memory allocation when handling preflight requests containing a lengthy, comma-separated value in the Access-Control-Request-Headers ACRH header. This vulnerability allows an attacker to send a specially crafted HTTP...

CVE-2025-54410

A firewall state management issue was found in the Moby project. When firewalld reloads, Docker fails to recreate iptables rules that isolate bridge networks, allowing any container to access all ports on any other container across different bridge networks on the same host. This issue breaks...

CVE-2025-38439

In the Linux kernel, the following vulnerability has been resolved: bnxten: Set DMA unmap len correctly for XDPREDIRECT When transmitting an XDPREDIRECT packet, call dmaunmaplenset with the proper length instead of 0. This bug triggers this warning on a system with IOMMU enabled: WARNING: CPU: 36...

CVE-2025-54352

A flaw was found in WordPress, which allows remote attackers to enumerate private and draft post titles by sending pingback requests via XML-RPC. This information disclosure occurs because the system does not adequately protect these post titles from external access. An attacker can achieve this...

CVE-2025-54310

A local file access flaw has been discovered in qBittorrent. This flaw may allow access to local files when a web page should be expected. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising...

CVE-2025-23267

A flaw was found in nvidia-container-toolkit. The update-ldcache hook contains a vulnerability allowing an attacker to trigger link following via a specially crafted container image. This issue allows a local attacker to potentially cause data corruption. The root cause is the improper handling o...

CVE-2025-48795

A log processing flaw was found in Apache CXF. Large stream-based messages are stored as temporary files on the local file system, read into memory, and then logged. This flaw allows an attacker to cause a denial of service attack by triggering an out-of-memory exception. Additionally, it is...

CVE-2024-25178

An out-of-bounds read was found in LuaJIT. This issue was uncovered through fuzzing, and no real-world exploit has been demonstrated. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease o...

CVE-2025-6817

A flaw was found in hdf5. The H5Cloadentry function in HDF5 1.14.6 contains an issue that results in resource consumption when processing a specially crafted file. This flaw allows a local attacker to trigger this condition by providing the vulnerable file to the application. This manipulation ca...

CVE-2025-48387

A flaw was found in tar-fs. This vulnerability allows files to be written outside the intended extraction directory via specially crafted tar archives. The issue arises from insufficient path validation during tarball extraction, potentially enabling path traversal attacks that can overwrite...

CVE-2025-40908

A flaw was found in yaml-libyaml. The component uses a two-argument open function when parsing YAML files, which allows an attacker to modify existing files on the system. This flaw allows a local attacker to provide a crafted YAML file as input. This issue can result in unauthorized modification...

CVE-2025-46570

A timing discrepancy flaw was found in vLLM, where a prefix match on a user prompt can reveal other user prompts. An attacker must have user-level access to the vLLM instance to exploit this vulnerabi Mitigation Mitigation for this issue is either not available or the currently available options ...

CVE-2025-46560

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.8.0 and prior to 0.8.5 are affected by a critical performance vulnerability in the input preprocessing logic of the multimodal tokenizer. The code dynamically replaces placeholder tokens...

CVE-2025-1125

When reading data from a hfs filesystem, grub's hfs filesystem module uses user-controlled parameters from the filesystem metadata to calculate the internal buffers size, however it misses to properly check for integer overflows. A maliciouly crafted filesystem may lead some of those buffer size...

Fedora 36 : containerd (2022-6f630b1ba7)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-6f630b1ba7 advisory. Automatic update for containerd-1.5.9-1.fc36. Changelog Mon Jan 31 2022 Maxwell G - 1.5.9-1 - Update to 1.5.9. Fixes FTBFS. Closes rhbz2045277. -...

CVE-2024-20963

...

Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection and accept HID keyboard reports potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.

...