- EPSS 96.27%
- Veröffentlicht 22.04.2026 08:15:10
- Zuletzt bearbeitet 01.07.2026 17:30:58
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-pl...
CVE-2026-1709
- EPSS 5.43%
- Veröffentlicht 06.02.2026 19:13:27
- Zuletzt bearbeitet 27.06.2026 05:16:42
A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perfo...
CVE-2025-62230
- EPSS 0.27%
- Veröffentlicht 30.10.2025 05:19:40
- Zuletzt bearbeitet 01.07.2026 15:13:56
A flaw was discovered in the X.Org X server’s X Keyboard (Xkb) extension when handling client resource cleanup. The software frees certain data structures without properly detaching related resources, leading to a use-after-free condition. This can c...
CVE-2025-62231
- EPSS 0.28%
- Veröffentlicht 30.10.2025 05:15:39
- Zuletzt bearbeitet 01.07.2026 15:17:04
A flaw was identified in the X.Org X server’s X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation m...
CVE-2025-31277
- EPSS 1.48%
- Veröffentlicht 29.07.2025 23:29:31
- Zuletzt bearbeitet 01.07.2026 14:46:04
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption.
CVE-2025-6021
- EPSS 1.07%
- Veröffentlicht 12.06.2025 12:49:16
- Zuletzt bearbeitet 30.06.2026 11:16:27
A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.
CVE-2025-3155
- EPSS 12.59%
- Veröffentlicht 03.04.2025 14:15:46
- Zuletzt bearbeitet 29.06.2026 21:16:36
A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.
CVE-2025-2784
- EPSS 0.79%
- Veröffentlicht 03.04.2025 03:15:18
- Zuletzt bearbeitet 30.06.2026 01:16:24
A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP serv...
CVE-2025-1756
- EPSS 0.14%
- Veröffentlicht 27.02.2025 16:15:39
- Zuletzt bearbeitet 09.04.2025 14:07:26
mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\node_modules\. This issue affects mongosh prio...
CVE-2024-12085
- EPSS 9.35%
- Veröffentlicht 14.01.2025 18:15:25
- Zuletzt bearbeitet 29.06.2026 21:16:30
A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of un...