CVE-2025-9288

A vulnerability was found in sha.js, where the hashing implementation does not perform sufficient input type validation. The .update function accepts arbitrary objects, including those with crafted length properties, which can alter the internal state machine of the hashing process. This flaw may...

CVE-2025-54880

A Cross-site scripting XSS flaw was found in the Mermaid JavaScript diagramming and charting tool. In the default configuration of Mermaid, user-supplied input for architecture diagram icons is passed to the d3.html method, creating a sink for Cross-site scripting. Mitigation Mitigation for this...

CVE-2025-55285

A flaw has been discovered in the @backstage/plugin-scaffolder-backend npm package that can lead to an information leak. The fetch:template action in the Scaffolder improperly duplicates logging of input values, which can bypass the intended redaction of secrets. This means that an attacker with...

CVE-2025-24975

A flaw has been discovered in the Firebird SQL project that can lead to an access bypass. If connections stored in the ExtConnPool are not properly verified for the CryptCallback interface upon creation, it could cause a server process segmentation fault. This vulnerability could allow an...

CVE-2025-55154

An integer overflow flaw has been discovered in ImageMagick. The magnified size calculations in ReadOneMNGIMage in coders/png.c are unsafe and can overflow, leading to memory corruption. Mitigation Mitigation for this issue is either not available or the currently available options do not meet th...

CVE-2025-8864

Shared Access Signature token is not masked in the backup configuration response and is also exposed in the ybbackup logs Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and...