9 matches found
CVE-2026-30851
A flaw was found in the Caddy server platform, specifically within its reverse proxy module. The 'forwardauth copyheaders' functionality fails to properly strip client-supplied headers. This oversight allows a remote attacker to inject malicious headers, leading to identity injection and...
CVE-2026-2492
A flaw was found in TensorFlow. This vulnerability allows a local attacker to escalate privileges and execute arbitrary code. The flaw exists within the HDF5 library's handling of plugins, which are loaded from an unsecured location. An attacker with low-privileged code execution can exploit this...
CVE-2025-60360
radare2 v5.9.8 and before contains a memory leak in the function r2rsubprocessinit. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread...
CVE-2025-8879
A flaw was found in chromium-browser. A heap buffer overflow exists within the libaom library, allowing a remote attacker to potentially trigger heap corruption through a crafted sequence of gestures. This vulnerability allows an attacker to manipulate memory via a specially designed input. The...
CVE-2025-8881
A flaw was found in chromium-browser. A coding error within the file picker component allows a remote attacker to trigger a cross-origin data leak by manipulating user interface gestures through a specially crafted HTML page. This manipulation allows the attacker to access data from other origins...
CVE-2025-8864
Shared Access Signature token is not masked in the backup configuration response and is also exposed in the ybbackup logs Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and...
CVE-2025-3264
A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library. This vulnerability may allow an attacker to induce a denial of service in the application using the Transformers library. Mitigation Mitigation for this issue is either not availabl...
CVE-2025-50182
A flaw was found in urllib3. The library fails to properly validate redirect URLs, allowing an attacker to manipulate redirect chains when used in environments like Pyodide utilizing the JavaScript Fetch API. This lack of validation can enable a remote attacker to control the redirect destination...
CVE-2025-43929
A flaw was found in kitty. This vulnerability allows arbitrary code execution via execution of a locally linked executable without user confirmation. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria...