CVE-2026-30931

A flaw was found in ImageMagick, a software used for editing and manipulating digital images. A local attacker can exploit a heap-based buffer overflow vulnerability within the UHDR encoder. This vulnerability arises from the truncation of a value, enabling an out-of-bounds write. Successful...

CVE-2026-27727

A flaw was found in mchange-commons-java, a Java utility library. An attacker can exploit this vulnerability by providing a maliciously crafted javax.naming.Reference or serialized object to an application using the library. This can provoke the application to download and execute arbitrary...

CVE-2025-48073

A NULL pointer dereference flaw was found in OpenEXR. When reading a deep scanline image with a large sample count in reduceMemory mode, it is possible to crash a target application with a NULL pointer dereference in a write operation. Mitigation Mitigation for this issue is either not available ...

CVE-2025-38399

In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix NULL pointer dereference in corescsi3decodespeciport The function corescsi3decodespeciport, in its error code path, unconditionally calls corescsi3lunaclundependitem passing the destsedeve pointer, which may be...

CVE-2025-53644

A heap buffer write flaw was found in OpenCV. This vulnerability could result in arbitrary memory overwrites and code execution within the context of a program using OpenCV. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat...

CVE-2025-53629

A memory exhaustion flaw has been discovered in cpp-httplib. cpp-httplib allows incoming requests using Transfer-Encoding: chunked in the header to allocate memory arbitrarily in the server, potentially leading to its exhaustion. Mitigation Mitigation for this issue is either not available or the...

CVE-2025-53630

An integer overflow flaw was found in llama.cpp. This flaw exists in the ggufinitfromfileimpl function in ggml/src/gguf.cpp and can lead to heap out-of-bounds read/write. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Produc...

CVE-2025-53547

A chart processing flaw was found in helm. This flaw allows an attacker to execute code locally if they can input a crafted Chart.yaml file along with a specially linked Chart.lock file. It is also possible that dependencies are updated during this code execution. Mitigation Mitigation for this...

CVE-2025-48384

A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return CR are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read,...

CVE-2025-3046

A vulnerability in the ObsidianReader class of the run-llama/llamaindex repository, versions 0.12.23 to 0.12.28, allows for arbitrary file read through symbolic links. The ObsidianReader fails to resolve symlinks to their real paths and does not validate whether the resolved paths lie within the...

CVE-2025-6750

A flaw was found in hdf5. The H5Omtimenewencode function in src/H5Omtime.c contains a heap-based buffer overflow vulnerability that can be triggered by crafted input. A local attacker can exploit this condition by providing a specially constructed file. This manipulation may result in a denial of...

CVE-2025-6547

A flaw was found in the npm pbkdf2 library, allowing signature spoofing. Under specific use cases, pbkdf2 may return static keys. This issue only occurs when running the library on Node.js...

CVE-2025-22241

A path traversal flaw was found in the salt project. Unvalidated input could be provided by a minion, which could overwrite or create files in the "pki directory". Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product...

CVE-2025-40909

A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations. Mitigation Mitigation for this issue is either not available or the currently...

CVE-2025-46393

A flaw was found the inImageMagick package. In multispectral MIFF image processing in ImageMagick, packetsize is mishandled. This issue is related to the rendering of all channels in an arbitrary order. Mitigation Mitigation for this issue is either not available or the currently available option...

CVE-2025-1686

A flaw was found in Pebble Templates. This vulnerability allows high-privileged attackers to access sensitive local files via the include tag, enabling arbitrary file inclusion. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat...

CVE-2024-30105

A vulnerability was found in .NET. This issue can cause a denial of service in the System.Text.Json deserialization. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and...

CVE-2023-45233

The Network Package in EDK2 is vulnerable to an infinite loop exploit when parsing a PadN option within the Destination Options header of IPv6. This flaw allows an unauthorized attacker to gain access and potentially result in a loss of system availability. Mitigation Mitigation for this issue is...