Export limit exceeded: 360965 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (360965 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-7425 | 1 Redhat | 18 Cert Manager, Discovery, Enterprise Linux and 15 more | 2026-06-25 | 7.8 High |
| A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption. | ||||
| CVE-2025-7424 | 2 Redhat, Xmlsoft | 6 Enterprise Linux, Hummingbird, Openshift and 3 more | 2026-06-25 | 7.5 High |
| A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior. | ||||
| CVE-2025-49796 | 1 Redhat | 17 Cert Manager, Discovery, Enterprise Linux and 14 more | 2026-06-25 | 9.1 Critical |
| A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory. | ||||
| CVE-2025-49795 | 1 Redhat | 4 Enterprise Linux, Hummingbird, Jboss Core Services and 1 more | 2026-06-25 | 7.5 High |
| A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service. | ||||
| CVE-2025-49794 | 1 Redhat | 16 Cert Manager, Enterprise Linux, Hummingbird and 13 more | 2026-06-25 | 9.1 Critical |
| A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors. | ||||
| CVE-2025-49180 | 1 Redhat | 8 Enterprise Linux, Rhel Aus, Rhel E4s and 5 more | 2026-06-25 | 7.8 High |
| A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate. | ||||
| CVE-2025-49179 | 1 Redhat | 8 Enterprise Linux, Rhel Aus, Rhel E4s and 5 more | 2026-06-25 | 7.3 High |
| A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients function does not check for an integer overflow when computing request length, which allows a client to bypass length checks. | ||||
| CVE-2025-49177 | 1 Redhat | 3 Enterprise Linux, Rhel Eus, Rhivos | 2026-06-25 | 6.1 Medium |
| A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests. | ||||
| CVE-2025-49176 | 1 Redhat | 8 Enterprise Linux, Rhel Aus, Rhel E4s and 5 more | 2026-06-25 | 7.3 High |
| A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check. | ||||
| CVE-2025-49175 | 1 Redhat | 8 Enterprise Linux, Rhel Aus, Rhel E4s and 5 more | 2026-06-25 | 6.1 Medium |
| A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash. | ||||
| CVE-2025-48798 | 1 Redhat | 7 Enterprise Linux, Rhel Aus, Rhel E4s and 4 more | 2026-06-25 | 7.3 High |
| A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues. | ||||
| CVE-2025-48797 | 1 Redhat | 7 Enterprise Linux, Rhel Aus, Rhel E4s and 4 more | 2026-06-25 | 7.3 High |
| A flaw was found in GIMP when processing certain TGA image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing a heap buffer overflow. | ||||
| CVE-2025-48796 | 1 Redhat | 2 Enterprise Linux, Rhivos | 2026-06-25 | 7.3 High |
| A flaw was found in GIMP. The GIMP ani_load_image() function is vulnerable to a stack-based overflow. If a user opens.ANI files, GIMP may be used to store more information than the capacity allows. This flaw allows a malicious ANI file to trigger arbitrary code execution. | ||||
| CVE-2025-4948 | 1 Redhat | 7 Enterprise Linux, Rhel Aus, Rhel E4s and 4 more | 2026-06-25 | 7.5 High |
| A flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart messages. Due to improper validation, an internal calculation can go wrong, leading to an integer underflow. This can cause the program to access invalid memory and crash. As a result, any application or server using libsoup could be forced to exit unexpectedly, creating a denial-of-service (DoS) risk. | ||||
| CVE-2025-4404 | 1 Redhat | 7 Enterprise Linux, Rhel Aus, Rhel E4s and 4 more | 2026-06-25 | 9.1 Critical |
| A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the `krbCanonicalName` for the admin account by default, allowing users to create services with the same canonical name as the REALM admin. When a successful attack happens, the user can retrieve a Kerberos ticket in the name of this service, containing the admin@REALM credential. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration. | ||||
| CVE-2026-52914 | 1 Linux | 1 Linux Kernel | 2026-06-25 | N/A |
| In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix fragment reassembly length accounting batman-adv keeps a running payload length for queued fragments and uses it to validate a fragment chain before reassembly. That accounting currently allows the accumulated fragment length to be truncated during updates. As a result, malformed fragment chains can bypass the intended validation and drive reassembly with inconsistent length state, leading to a local denial of service. Fix the accounting by storing the accumulated length in a length-typed field and rejecting update overflows before the existing validation logic runs. The fix was verified against the original reproducer and against valid fragment reassembly paths. | ||||
| CVE-2026-52920 | 1 Linux | 1 Linux Kernel | 2026-06-25 | 7.0 High |
| In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_policy: fix strict mode inbound policy matching match_policy_in() walks sec_path entries from the last transform to the first one, but strict policy matching needs to consume info->pol[] in the same forward order as the rule layout. Derive the strict-match policy position from the number of transforms already consumed so that multi-element inbound rules are matched consistently. | ||||
| CVE-2025-26601 | 3 Redhat, Tigervnc, X.org | 10 Enterprise Linux, Rhel Aus, Rhel E4s and 7 more | 2026-06-25 | 7.8 High |
| A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers. | ||||
| CVE-2025-26600 | 3 Redhat, Tigervnc, X.org | 10 Enterprise Linux, Rhel Aus, Rhel E4s and 7 more | 2026-06-25 | 7.8 High |
| A use-after-free flaw was found in X.Org and Xwayland. When a device is removed while still frozen, the events queued for that device remain while the device is freed. Replaying the events will cause a use-after-free. | ||||
| CVE-2025-26599 | 3 Redhat, Tigervnc, X.org | 10 Enterprise Linux, Rhel Aus, Rhel E4s and 7 more | 2026-06-25 | 7.8 High |
| An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validating the window tree marked just before, which leaves the validated data partly initialized and the use of an uninitialized pointer later. | ||||