CVE-2026-27588

A flaw was found in Caddy's HTTP host request matcher. When Caddy is configured with a large list of host entries, its host matching becomes unexpectedly case-sensitive instead of case-insensitive as documented. A remote attacker can exploit this by altering the casing of the Host header in HTTP...

CVE-2022-50356

In the Linux kernel, the following vulnerability has been resolved: net: sched: sfb: fix null pointer access issue when sfbinit fails When the default qdisc is sfb, if the qdisc of devqueue fails to be inited during mqprioinit, sfbreset is invoked to clear resources. In this case, the q-qdisc is...

CVE-2025-47908

A flaw was found in github.com/rs/cors. The middleware exhibits excessive heap memory allocation when handling preflight requests containing a lengthy, comma-separated value in the Access-Control-Request-Headers ACRH header. This vulnerability allows an attacker to send a specially crafted HTTP...

CVE-2025-48965

A flaw was found in mbedtls. The mbedtlsasn1storenameddata function experiences a NULL pointer dereference when val.p is NULL while val.len is greater than zero, leading to a potential crash. This flaw allows a network-based attacker to trigger this condition, resulting in a denial of service...

CVE-2025-4656

A key handling flaw has been discovered in Vault. The rekey and recovery key operations may lead to a denial of service in the vault application due to uncontrolled cancellations of these operations. Mitigation Mitigation for this issue is either not available or the currently available options d...

CVE-2025-5646

A flaw was found in the radiff2 component of Radare2. This vulnerability allows memory corruption via manipulation of the experimental -T argument in the rconsrainbowfree function. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red...

CVE-2025-5601

A buffer overflow vulnerability was found in Wireshark. This vulnerability is triggered when a user views a specifically malformed packet or a pcap file with such a malformed packet. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Re...

CVE-2025-48944

A denial of service flaw was found in vLLM. This flaw allows a remote attacker with access to /v1/chat/completions OpenAPI endpoint to submit malformed data in the "pattern" and "type" fields to crash the vLLM instance. Mitigation Mitigation for this issue is either not available or the currently...

CVE-2025-3277

A flaw was found in SQLite’s concatws function, where an integer overflow can be triggered. The resulting truncated integer can allocate a buffer. When SQLite writes the resulting string to the buffer, it uses the original, untruncated size, and a wild heap buffer overflow size of around 4GB can...

CVE-2024-13939

A flaw was found in String::Compare::ConstantTime for Perl through 0.321, which is vulnerable to timing attacks. This vulnerability allows an attacker to guess the length of a secret string. As stated in the documentation: "If the lengths of the strings are different because equals returns false...

CVE-2025-2720

A vulnerability was found in GNOME libgsf, affecting the gsfbase64encodesimple function. The attack needs to be approached locally, and manipulation of the size argument can lead to use of an uninitialized variable. Mitigation Mitigation for this issue is either not available or the currently...

CVE-2025-0313

A flaw was found in Ollama. This vulnerability allows a malicious user to cause a denial of service DoS attack via improper validation of array index bounds in the GGUF model handling code, which can be exploited remotely over a network. Mitigation Mitigation for this issue is either not availabl...

CVE-2025-2574

A flaw was found in Xpdf. This vulnerability may allow out-of-bounds array write caused by incorrect integer overflow checking in the PostScript function interpreter code. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Produ...