CVE-2025-54350

A flaw was found in iperf3. A malformed Base64-encoded authentication string triggers an assertion failure within the iperfauth.c file, leading to application termination. This vulnerability allows a network attacker to induce this failure by sending a crafted authentication attempt, resulting in...

CVE-2025-45768

A flaw was found in pyjwt. The library uses weak encryption, allowing an attacker to potentially decrypt sensitive data. A network-based attacker can exploit this vulnerability without authentication, possibly resulting in a denial of service or data exposure. This weakness stems from the use of...

CVE-2025-53906

A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive. Mitigation Mitigation for this issue is either not available or the currentl...

CVE-2025-50092

A denial of service flaw was found in MySQL. This flaw allows a privileged attacker with network access via multiple protocols to cause a crash in the MySQL server...

CVE-2025-6547

A flaw was found in the npm pbkdf2 library, allowing signature spoofing. Under specific use cases, pbkdf2 may return static keys. This issue only occurs when running the library on Node.js...

CVE-2025-22241

A path traversal flaw was found in the salt project. Unvalidated input could be provided by a minion, which could overwrite or create files in the "pki directory". Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product...

CVE-2025-22240

Arbitrary directory creation or file deletion. In the findfile method of the GitFS class, a path is created using os.path.join using unvalidated input from the “tgtenv” variable. This can be exploited by an attacker to delete any file on the Master's process has permissions to. Mitigation...

CVE-2024-38822

Multiple methods in the salt master skip minion token validation. Therefore a misbehaving minion can impersonate another minion. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use...

CVE-2025-41234

A mishandling of non-ASCII characters in headers flaw was found in the Spring framework. This flaw allows an attacker to tamper with a file download under specific conditions when content names are user-supplied, and the victim then downloads unintended content. Mitigation Mitigation for this iss...

CVE-2025-5991

A use-after-free vulnerability has been discovered in Qt's QHttp2ProtocolHandler function. This vulnerability only affects HTTP/2 handling and is the result of a race condition between HTTP body and error response handling. Mitigation Mitigation for this issue is either not available or the...

CVE-2025-30399

A remote code execution vulnerability in .NET 8.0 and 9.0. An attacker who can place malicious files in specific locations may trigger unintended code execution when the .NET runtime loads these files. Mitigation Mitigation for this issue is either not available or the currently available options...

CVE-2025-40909

A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations. Mitigation Mitigation for this issue is either not available or the currently...

CVE-2025-41232

A flaw was found in Spring Security Aspects. Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to improperly locating method security annotations on private methods. An attacker could invoke the target method without proper authorization by...

CVE-2025-2866

A flaw was found in LibreOffice related to cryptographic signature verification in PDFs. This vulnerability allows attackers to spoof digital signatures, possibly leading to misleading or falsified documents and potentially affecting trust in digitally signed PDFs. Mitigation Users should apply...

CVE-2025-27830

A flaw was found in Artifex Ghostscript. A buffer overflow occurs during serialization of DollarBlend in a font, in base/writet1.c and psi/zfapi.c. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria...

CVE-2025-27837

A flaw was found in Artifex Ghostscript. This vulnerability allows potential access to arbitrary files through a truncated path when invalid UTF-8 characters are used. The affected code areas are within base/gpmswin.c and base/winrtsup.cpp. system. Mitigation Mitigation for this issue is either n...

CVE-2024-6844

A flaw was found in Flask-CORS. This vulnerability allows unauthorized cross-origin access or improper request blocking via incorrect handling of the '+' character in URL paths, leading to an inconsistent CORS policy application. Mitigation Mitigation for this issue is either not available or the...

CVE-2025-29770

A flaw was found in vLLM. This vulnerability can allow Denial of Service via filesystem exhaustion. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicabilit...

CVE-2025-29768

A flaw was found in Vim's zip.vim plugin. This vulnerability allows potential data loss via specially crafted zip files when a user views the archive in Vim and presses 'x' on an unusual filename. Mitigation Mitigation for this issue is either not available or the currently available options do n...

CVE-2025-27591

A flaw was found in the Below service. This vulnerability allows local, unprivileged users to escalate to root privileges via symlink attacks exploiting a world-writable directory at /var/log/below. Mitigation Mitigation for this issue is either not available or the currently available options do...