- EPSS 4.24%
- Veröffentlicht 11.03.2025 18:15:30
- Zuletzt bearbeitet 03.04.2026 11:45:20
An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in Safari 18.3.1, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.2 and iPadOS 18.3.2, iPadOS 17.7.6, macOS Se...
CVE-2025-27363
- EPSS 26.05%
- Veröffentlicht 11.03.2025 13:28:31
- Zuletzt bearbeitet 20.04.2026 13:15:39
An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed...
CVE-2025-24813
- EPSS 99.95%
- Veröffentlicht 10.03.2025 16:44:03
- Zuletzt bearbeitet 23.10.2025 14:49:29
Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 1...
CVE-2025-26699
- EPSS 0.77%
- Veröffentlicht 06.03.2025 19:15:27
- Zuletzt bearbeitet 03.10.2025 00:32:38
An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap() method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings.
CVE-2024-58054
- EPSS 0.19%
- Veröffentlicht 06.03.2025 16:15:51
- Zuletzt bearbeitet 22.01.2026 20:55:53
In the Linux kernel, the following vulnerability has been resolved: staging: media: max96712: fix kernel oops when removing module The following kernel oops is thrown when trying to remove the max96712 module: Unable to handle kernel paging reques...
CVE-2025-27516
- EPSS 0.48%
- Veröffentlicht 05.03.2025 21:15:20
- Zuletzt bearbeitet 03.11.2025 20:18:02
Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the ...
CVE-2025-1080
- EPSS 0.29%
- Veröffentlicht 04.03.2025 20:15:36
- Zuletzt bearbeitet 10.12.2025 18:26:24
LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a brow...
CVE-2025-26466
- EPSS 38.47%
- Veröffentlicht 28.02.2025 22:15:40
- Zuletzt bearbeitet 30.06.2026 01:16:23
A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious cli...
CVE-2024-55581
- EPSS 0.27%
- Veröffentlicht 26.02.2025 22:15:14
- Zuletzt bearbeitet 07.04.2025 18:39:22
When AdaCore Ada Web Server 25.0.0 is linked with GnuTLS, the default behaviour of AWS.Client is vulnerable to a man-in-the-middle attack because of lack of verification of an HTTPS server's certificate (unless the using program specifies a TLS confi...
CVE-2022-49063
- EPSS 0.26%
- Veröffentlicht 26.02.2025 07:00:43
- Zuletzt bearbeitet 18.11.2025 15:08:43
In the Linux kernel, the following vulnerability has been resolved: ice: arfs: fix use-after-free when freeing @rx_cpu_rmap The CI testing bots triggered the following splat: [ 718.203054] BUG: KASAN: use-after-free in free_irq_cpu_rmap+0x53/0x80...