22107 matches found
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
...
Gvariant offset table entry size is not checked in is_normal()
...
A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for CVE-2023-32665. This bug does not affect any released version of GLib, but does affect GLib distributors who followed the guidance of GLib developers to backport the initial fix for CVE-2023-32665.
...
URL parser allowed square brackets in domain names
...
A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.
...
path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x
...
GNU Binutils ld libbfd.c bfd_putl64 memory corruption
...
NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted container image could gain access to the host file system. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
...
Openssh: machine-in-the-middle attack if verifyhostkeydns is enabled
...
Chromium: CVE-2025-1426 Heap buffer overflow in GPU
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2025-1006 Use after free in Network
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2025-0999 Heap buffer overflow in V8
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
RFC7250 handshakes with unauthenticated servers don't abort as expected
...
Emacs: shell injection vulnerability in gnu emacs via custom "man" uri scheme
...
PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation
...
DNS-over-HTTPS implementation suffers from multiple issues under heavy query load
...
Information disclosure in JUnit4
...
Many records in the additional section cause CPU exhaustion
...
Microsoft Power Pages Elevation of Privilege Vulnerability
An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control. This vulnerability has already been mitigated in the service and all affected customers have been notified. This update...
Microsoft Bing Remote Code Execution Vulnerability
Missing Authentication for Critical Function in Microsoft Bing allows an unauthorized attacker to execute code over a network...
GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec heap-based overflow
...
Xorg-x11-server: selinux unlabeled glx pbuffer
...
giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c.
...
GNU Binutils ld elflink.c bfd_elf_reloc_symbol_deleted_p memory corruption
...
GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec memory corruption
...
TLS Session Resumption Vulnerability
...
GNU Binutils objdump.c disassemble_bytes stack-based overflow
...
Avahi: avahi wide-area dns predictable transaction ids
...
There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.
...
Chromium: CVE -2025-0995 Use after free in V8
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE -2025-0998 Out of bounds memory access in V8
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE -2025-0997 Use after free in Navigation
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE -2025-0996 Inappropriate implementation in Browser UI
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
gzip integer overflow
...
twisted.web has disordered HTTP pipeline response
...
A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports. Exploiting this flaw can violate network import security, posing a risk to developers and servers.
...
A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions. This vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x.
...
Undici Uses Insufficiently Random Values
...
Sensitive headers incorrectly sent after cross-domain redirect in net/http
...
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
...
Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509
...
Internet Connection Sharing (ICS) Denial of Service Vulnerability
...
Microsoft Surface Security Feature Bypass Vulnerability
...
Microsoft Digest Authentication Remote Code Execution Vulnerability
...
Microsoft SharePoint Server Remote Code Execution Vulnerability
...
Microsoft Excel Remote Code Execution Vulnerability
...
NTLM Hash Disclosure Spoofing Vulnerability
...
Windows Telephony Service Remote Code Execution Vulnerability
...
Windows Core Messaging Elevation of Privileges Vulnerability
...
Windows Kerberos Denial of Service Vulnerability
...