OSV-2025-955 Use-of-uninitialized-value in decoder_context::construct_reference_picture_lists

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=464323256 Crash type: Use-of-uninitialized-value Crash state: decodercontext::constructreferencepicturelists decodercontext::processslicesegmentheader decodercontext::readsliceNAL...

Retro 跨站脚本漏洞

Retro is an online platform for displaying vintage style items by the individual developer Lakshmi Pavananjali. A cross-site scripting vulnerability exists in Retro versions prior to 2.4.7, which stems from the input processing component being susceptible to cross-site scripting attacks...

CVE-2025-66382

A flaw was found in libexpat. This vulnerability allows a denial of service DoS by processing a crafted file with an approximate size of 2 MiB, leading to dozens of seconds of processing time...

CVE-2025-66382

In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time...

AZL-71054 CVE-2025-66382 affecting package expat 2.6.4-4

In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time...

UBUNTU-CVE-2025-66382

In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time...

CVE-2025-66382

In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time...

CVE-2025-66382

In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time...

libexpat 安全漏洞

libexpat is a streaming XML parser written in C by the libexpat team. A security vulnerability exists in libexpat 2.7.3 and earlier versions, which stems from specially crafted files that may result in excessive processing times...

PT-2025-48315

Name of the Vulnerable Software and Affected Versions libexpat versions through 2.7.3 Description A specially crafted file, approximately 2 MiB in size, can cause significant processing delays, potentially lasting for dozens of seconds. Recommendations Update to a version later than 2.7.3...

CVE-2025-66382

CVE-2025-66382 affects libexpat up to version 2.7.3. A crafted input file of about 2 MiB can cause the parser to spend dozens of seconds processing, yielding a potential denial of service (availability impact). Documented impact ranges from low to high in sources: CVSS data indicate local access ...

CVE-2025-7449

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user with specific permissions to cause a denial of service condition through HTTP response processing...

CVE-2025-33194

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause improper processing of input data. A successful exploit of this vulnerability might lead to information disclosure or denial of service...

CVE-2025-64720

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in pngimagereadcomposite when processing palette images with PNGFLAGOPTIMIZEALP...

PT-2025-51688

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the libceph component, specifically in the handle auth session key function. This issue could lead to potential out-of-bounds writes due to...

CVE-2025-64333

CVE-2025-64333 : Suricata before 7.0.13 and 8.0.2 can stack overflow when logging a large HTTP content type; patched in 7.0.13/8.0.2. Workarounds include limiting stream.reassembly.depth to less than half the stack size; increasing process stack size reduces trigger likelihood.

CVE-2025-7449

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user with specific permissions to cause a denial of service condition through HTTP response processing...

CVE-2025-7449 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user with specific permissions to cause a denial of service condition through HTTP response processing...

CVE-2025-7449

GitLab CVE-2025-7449 affects GitLab CE/EE versions 8.3 through before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1. The vulnerability enables an authenticated user with specific permissions to cause a Denial of Service via HTTP response processing. The issue has been remediated through patc...

CVE-2025-7449 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user with specific permissions to cause a denial of service condition through HTTP response processing...