Repo Status -
Overall Status
Page updated: 2026-02-27 00:03
| 2375005 | NEW | medium | CVE-2025-6442 rubygem-webrick: Ruby WEBrick Request Smuggling Vulnerability [epel-10] |
| 2375129 | NEW | low | CVE-2025-6750 hdf5: HDF5 Heap Buffer Overflow [epel-10] |
| 2375487 | NEW | low | CVE-2025-6858 hdf5: HDF5 Null Pointer Dereference [epel-10] |
| 2375491 | NEW | low | CVE-2025-6857 hdf5: HDF5 Stack Buffer Overflow [epel-10] |
| 2375493 | NEW | low | CVE-2025-6856 hdf5: HDF5 Use-After-Free Vulnerability [epel-10] |
| 2375495 | NEW | low | CVE-2025-6818 hdf5: HDF5 Heap Overflow [epel-10] |
| 2375501 | NEW | low | CVE-2025-6817 hdf5: HDF5 Resource Consumption Vulnerability [epel-10] |
| 2375505 | NEW | low | CVE-2025-6816 hdf5: HDF5 Heap Buffer Overflow [epel-10] |
| 2375950 | NEW | medium | CVE-2025-52891 mod_security: ModSecurity segmentation fault [epel-10] |
| 2376248 | NEW | high | CVE-2025-53367 djvulibre: DjVuLibre out of bounds write [epel-10] |
| 2376968 | NEW | low | CVE-2024-25178 luajit: Out of bounds read in LuaJIT [epel-10] |
| 2376975 | NEW | low | CVE-2024-25177 luajit: Out of bounds read in LuaJIT [epel-10] |
| 2376984 | NEW | low | CVE-2024-25176 luajit: From CVEorg collector [epel-10] |
| 2378816 | NEW | high | CVE-2025-48384 cgit: Git arbitrary code execution [epel-10] |
| 2378820 | NEW | medium | CVE-2025-48386 cgit: Git buffer overflow [epel-10] |
| 2378824 | NEW | high | CVE-2025-48385 cgit: Git arbitrary file writes [epel-10] |
| 2379615 | NEW | low | CVE-2025-48924 pdftk-java: Uncontrolled Recursion vulnerability in Apache Commons Lang [epel-10] |
| 2379636 | NEW | low | CVE-2025-48924 libphonenumber: Uncontrolled Recursion vulnerability in Apache Commons Lang [epel-10] |
| 2379820 | ASSIGNED | medium | CVE-2025-7545 radare2: Binutils: Heap Buffer Overflow [epel-10] |
| 2379821 | ASSIGNED | medium | CVE-2025-7545 rizin: Binutils: Heap Buffer Overflow [epel-10] |
| 2379824 | ASSIGNED | medium | CVE-2025-7546 radare2: Binutils: Out-of-bounds Write Vulnerability [epel-10] |
| 2379826 | ASSIGNED | medium | CVE-2025-7546 rizin: Binutils: Out-of-bounds Write Vulnerability [epel-10] |
| 2379953 | POST | medium | CVE-2025-51591 pandoc: Server-Side Request Forgery in Pandoc [epel-10] |
| 2379979 | NEW | low | CVE-2025-53014 ImageMagick: ImageMagick Heap Buffer Overflow [epel-10] |
| 2379980 | NEW | medium | CVE-2025-53101 ImageMagick: ImageMagick Stack Buffer Overflow [epel-10] |
| 2379981 | NEW | medium | CVE-2025-53015 ImageMagick: ImageMagick unbounded loop [epel-10] |
| 2379982 | NEW | low | CVE-2025-53019 ImageMagick: ImageMagick Memory Leak [epel-10] |
| 2381578 | NEW | medium | CVE-2025-7700 ffmpeg: NULL Pointer Dereference in FFmpeg ALS Decoder (libavcodec/alsdec.c) [epel-10] |
| 2382273 | NEW | low | CVE-2025-54352 wordpress: WordPress Pingback Title Disclosure Vulnerability [epel-10] |
| 2383360 | NEW | medium | CVE-2025-46805 screen: Race Conditions when Sending Signals [epel-all] |
| 2384000 | NEW | medium | CVE-2025-8263 yarnpkg: prettier parseNestedCSS ReDoS [epel-10] |
| 2384060 | NEW | medium | CVE-2025-8194 asahi-installer: Cpython infinite loop when parsing a tarfile [epel-10] |
| 2385904 | NEW | medium | CVE-2025-45768 python-jwt: pyjwt Weak Encryption Vulnerability [epel-10] |
| 2386811 | NEW | medium | CVE-2025-54571 mod_security: ModSecurity Content-Type Override Vulnerability [epel-10] |
| 2387011 | NEW | low | CVE-2025-54798 yarnpkg: tmp Symbolic Link Write Vulnerability [epel-10] |
| 2388023 | NEW | medium | CVE-2025-8885 pdftk-java: Bouncy Castle denial of service parsing ASN.1 Object Identifiers [epel-10] |
| 2388277 | NEW | medium | CVE-2025-8916 pdftk-java: BouncyCastle denial of service [epel-10] |
| 2388308 | NEW | medium | CVE-2025-55160 ImageMagick: ImageMagick: Undefined Behavior [epel-10] |
| 2388309 | NEW | low | CVE-2025-55005 ImageMagick: ImageMagick: heap-buffer overflow [epel-10] |
| 2388311 | NEW | high | CVE-2025-55154 ImageMagick: ImageMagick: integer overflows in MNG magnification [epel-10] |
| 2388312 | NEW | high | CVE-2025-55004 ImageMagick: ImageMagick: heap-buffer overflow [epel-10] |
| 2389223 | NEW | low | CVE-2025-9092 pdftk-java: Bouncycastle Resource Exhaustion [epel-10] |
| 2389960 | NEW | high | CVE-2025-9287 yarnpkg: Cipher-base hash manipulation [epel-10] |
| 2389999 | NEW | high | CVE-2025-9288 yarnpkg: Missing type checks leading to hash rewind and passing on crafted data [epel-10] |
| 2390167 | NEW | low | CVE-2025-9308 yarnpkg: yarnpkg regular expression denial of service [epel-10] |
| 2391120 | NEW | high | CVE-2025-55298 ImageMagick: ImageMagick Format String Bug in InterpretImageFilename leads to arbitrary code execution [epel-all] |
| 2391123 | NEW | low | CVE-2025-55212 ImageMagick: ImageMagick crash on crafted input [epel-10] |
| 2391976 | NEW | low | CVE-2025-58160 vaultwarden: Tracing log pollution [epel-10] |
| 2392351 | NEW | medium | CVE-2025-9732 dcmtk: DCMTK dcm2img diybrpxt.h memory corruption [epel-10] |
| 2392573 | NEW | medium | CVE-2025-9810 keydb: TOCTOU race in Linenoise enables arbitrary file overwrite and permission changes [epel-10] |
| 2392632 | NEW | high | CVE-2025-49794 qt6-qtwebengine: Heap use after free (UAF) leads to Denial of service (DoS) [epel-all] |
| 2392637 | NEW | high | CVE-2025-49796 qt6-qtwebengine: Type confusion leads to Denial of service (DoS) [epel-all] |
| 2392665 | NEW | medium | CVE-2025-9375 python-xmltodict: xmltodict XML Injection [epel-10] |
| 2392771 | NEW | high | CVE-2025-57803 ImageMagick: ImageMagick (WriteBMPImage): 32-bit integer overflow when writing BMP scanline stride → heap buffer overflow [epel-10] |
| 2392945 | NEW | high | CVE-2025-57052 cjson: out-of-bounds access in decode_array_index_from_pointer() in cJSON_Utils.c via crafted JSON pointer strings [epel-all] |
| 2393598 | NEW | medium | CVE-2025-57807 ImageMagick: ImageMagick BlobStream Forward-Seek Under-Allocation [epel-10] |
| 2394111 | NEW | medium | CVE-2025-9951 ffmpeg: heap-based buffer overflow in jpeg2000dec [epel-all] |
| 2394114 | NEW | medium | CVE-2025-9951 qt6-qtwebengine: heap-based buffer overflow in jpeg2000dec [epel-all] |
| 2394496 | NEW | medium | CVE-2025-10256 ffmpeg: NULL pointer dereference in Firequalizer filter (libavfilter/af_firequalizer.c) [epel-all] |
| 2394499 | NEW | medium | CVE-2025-10256 qt6-qtwebengine: NULL pointer dereference in Firequalizer filter (libavfilter/af_firequalizer.c) [epel-all] |
| 2394877 | NEW | medium | CVE-2025-9086 davix: Curl out of bounds read for cookie path [epel-10] |
| 2395149 | NEW | high | CVE-2025-10201 qt6-qtwebengine: Inappropriate implementation in Mojo [epel-all] |
| 2397728 | NEW | medium | CVE-2025-58246 wordpress: WordPress Sensitive Data Exposure [epel-10] |
| 2397729 | NEW | medium | CVE-2025-58674 wordpress: WordPress Cross Site Scripting (XSS) [epel-10] |
| 2397967 | NEW | high | CVE-2025-59343 yarnpkg: tar-fs symlink validation bypass [epel-10] |
| 2398124 | NEW | medium | CVE-2025-10911 qt6-qtwebengine: use-after-free with key data stored cross-RVT [epel-all] |
| 2398284 | NEW | medium | CVE-2025-47910 chezmoi: CrossOriginProtection bypass in net/http [epel-10] |
| 2398285 | NEW | medium | CVE-2025-47910 fluent-bit: CrossOriginProtection bypass in net/http [epel-10] |
| 2398286 | NEW | medium | CVE-2025-47910 forgejo: CrossOriginProtection bypass in net/http [epel-10] |
| 2398289 | NEW | medium | CVE-2025-47910 git-credential-oauth: CrossOriginProtection bypass in net/http [epel-10] |
| 2398290 | ASSIGNED | medium | CVE-2025-47910 glow: CrossOriginProtection bypass in net/http [epel-10] |
| 2398291 | NEW | medium | CVE-2025-47910 golang-etcd-bbolt: CrossOriginProtection bypass in net/http [epel-10] |
| 2398293 | NEW | medium | CVE-2025-47910 golang-github-google-pprof: CrossOriginProtection bypass in net/http [epel-10] |
| 2398294 | NEW | medium | CVE-2025-47910 golang-github-googleapis-gnostic: CrossOriginProtection bypass in net/http [epel-10] |
| 2398295 | NEW | medium | CVE-2025-47910 golang-github-jmespath: CrossOriginProtection bypass in net/http [epel-10] |
| 2398296 | NEW | medium | CVE-2025-47910 golang-github-mailru-easyjson: CrossOriginProtection bypass in net/http [epel-10] |
| 2398297 | NEW | medium | CVE-2025-47910 golang-github-pelletier-toml: CrossOriginProtection bypass in net/http [epel-10] |
| 2398300 | NEW | medium | CVE-2025-47910 kitty: CrossOriginProtection bypass in net/http [epel-10] |
| 2398303 | NEW | medium | CVE-2025-47910 matterbridge: CrossOriginProtection bypass in net/http [epel-10] |
| 2398312 | NEW | medium | CVE-2025-47910 snapd: CrossOriginProtection bypass in net/http [epel-10] |
| 2398313 | NEW | medium | CVE-2025-47910 syncthing: CrossOriginProtection bypass in net/http [epel-10] |
| 2398315 | NEW | medium | CVE-2025-47910 xq: CrossOriginProtection bypass in net/http [epel-10] |
| 2398316 | NEW | medium | CVE-2025-47910 yq: CrossOriginProtection bypass in net/http [epel-10] |
| 2398915 | NEW | medium | CVE-2025-47906 chezmoi: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398916 | NEW | medium | CVE-2025-47906 fluent-bit: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398917 | NEW | medium | CVE-2025-47906 forgejo: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398918 | NEW | medium | CVE-2025-47906 fzf: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398921 | NEW | medium | CVE-2025-47906 git-credential-oauth: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398922 | ASSIGNED | medium | CVE-2025-47906 glow: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398923 | NEW | medium | CVE-2025-47906 gocryptfs: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398924 | NEW | medium | CVE-2025-47906 golang-github-burntsushi-toml: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398925 | NEW | medium | CVE-2025-47906 golang-github-gogo-protobuf: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398926 | NEW | medium | CVE-2025-47906 golang-github-google-pprof: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398927 | NEW | medium | CVE-2025-47906 golang-github-googleapis-gnostic: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398928 | NEW | medium | CVE-2025-47906 golang-github-jmespath: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398929 | NEW | medium | CVE-2025-47906 golang-github-joho-godotenv: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398930 | NEW | medium | CVE-2025-47906 golang-github-mailru-easyjson: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398931 | NEW | medium | CVE-2025-47906 golang-github-posener-complete: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398932 | NEW | medium | CVE-2025-47906 golang-google-protobuf: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398933 | ASSIGNED | medium | CVE-2025-47906 gum: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398936 | NEW | medium | CVE-2025-47906 kitty: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398939 | NEW | medium | CVE-2025-47906 matterbridge: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398945 | ASSIGNED | medium | CVE-2025-47906 qpid-proton: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398950 | NEW | medium | CVE-2025-47906 smtprelay: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398951 | NEW | medium | CVE-2025-47906 snapd: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398952 | NEW | medium | CVE-2025-47906 syncthing: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398953 | NEW | medium | CVE-2025-47906 xq: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398954 | NEW | medium | CVE-2025-47906 yq: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2399686 | NEW | medium | CVE-2025-11065 glow: Go-viper's mapstructure May Leak Sensitive Information in Logs in github.com/go-viper/mapstructure [epel-10] |
| 2399688 | NEW | medium | CVE-2025-11065 opentofu: Go-viper's mapstructure May Leak Sensitive Information in Logs in github.com/go-viper/mapstructure [epel-10] |
| 2399822 | NEW | medium | CVE-2025-57347 forgejo: dagre-d3-es prototype pollution [epel-10] |
| 2399824 | NEW | medium | CVE-2025-57347 jupyterlab: dagre-d3-es prototype pollution [epel-10] |
| 2400261 | NEW | medium | CVE-2025-11083 cross-binutils: GNU Binutils Linker heap-based overflow [epel-10] |
| 2400262 | NEW | medium | CVE-2025-11082 cross-binutils: GNU Binutils Linker heap-based overflow [epel-10] |
| 2400263 | NEW | medium | CVE-2025-11083 golang-github-google-pprof: GNU Binutils Linker heap-based overflow [epel-10] |
| 2400264 | NEW | medium | CVE-2025-11081 cross-binutils: GNU Binutils out-of-bounds read [epel-10] |
| 2400265 | ASSIGNED | medium | CVE-2025-11083 radare2: GNU Binutils Linker heap-based overflow [epel-10] |
| 2400266 | NEW | medium | CVE-2025-11081 golang-github-google-pprof: GNU Binutils out-of-bounds read [epel-10] |
| 2400267 | NEW | medium | CVE-2025-11082 golang-github-google-pprof: GNU Binutils Linker heap-based overflow [epel-10] |
| 2400268 | ASSIGNED | medium | CVE-2025-11083 rizin: GNU Binutils Linker heap-based overflow [epel-10] |
| 2400269 | ASSIGNED | medium | CVE-2025-11081 radare2: GNU Binutils out-of-bounds read [epel-10] |
| 2400271 | ASSIGNED | medium | CVE-2025-11082 radare2: GNU Binutils Linker heap-based overflow [epel-10] |
| 2400272 | ASSIGNED | medium | CVE-2025-11081 rizin: GNU Binutils out-of-bounds read [epel-10] |
| 2400273 | ASSIGNED | medium | CVE-2025-11082 rizin: GNU Binutils Linker heap-based overflow [epel-10] |
| 2400658 | ASSIGNED | medium | CVE-2025-9230 sslscan: Out-of-bounds read & write in RFC 3211 KEK Unwrap [epel-10] |
| 2400667 | ASSIGNED | low | CVE-2025-9232 sslscan: Out-of-bounds read in HTTP client no_proxy handling [epel-10] |
| 2401812 | NEW | high | CVE-2025-59728 ffmpeg: Heap-buffer-overflow write in FFmpeg MDASH resolve_content_path [epel-10] |
| 2401821 | NEW | medium | CVE-2025-59730 ffmpeg: Heap-buffer-overflow write in FFmpeg SANM decoding due to lack of bounds-checking in old_codec48 [epel-10] |
| 2401823 | NEW | medium | CVE-2025-59729 ffmpeg: Heap-buffer-overflow read in FFmpeg DHAV get_duration [epel-10] |
| 2401825 | NEW | medium | CVE-2025-59731 ffmpeg: Heap-buffer-overflow write in FFmpeg EXR dwa_uncompress [epel-10] |
| 2401827 | NEW | high | CVE-2025-59733 ffmpeg: Heap-buffer-overflow write in FFmpeg EXR dwa_uncompress [epel-10] |
| 2401828 | NEW | high | CVE-2025-59732 ffmpeg: Heap-buffer-overflow write in FFmpeg EXR dwa_uncompress [epel-10] |
| 2401833 | NEW | high | CVE-2025-59734 ffmpeg: Heap-buffer-overflow write in FFmpeg SANM process_ftch [epel-10] |
| 2401925 | NEW | medium | CVE-2025-11277 assimp: Open Asset Import Library Assimp Q3DLoader.cpp InternReadFile heap-based overflow [epel-all] |
| 2401928 | NEW | medium | CVE-2025-11275 assimp: Open Asset Import Library Assimp OpenDDLParserUtils.h getNextSeparator heap-based overflow [epel-all] |
| 2401931 | NEW | medium | CVE-2025-11274 assimp: Open Asset Import Library Assimp Q3DLoader.cpp InternReadFile allocation of resources [epel-all] |
| 2402060 | NEW | high | CVE-2025-10502 qt6-qtwebengine: Heap buffer overflow in ANGLE [epel-all] |
| 2402067 | NEW | high | CVE-2025-10500 qt6-qtwebengine: Use after free in Dawn [epel-all] |
| 2402104 | NEW | high | CVE-2025-10200 qt6-qtwebengine: Use after free in Serviceworker. [epel-all] |
| 2402116 | NEW | high | CVE-2025-10890 qt6-qtwebengine: Side-channel information leakage in V8 [epel-all] |
| 2402125 | NEW | high | CVE-2025-10891 qt6-qtwebengine: Integer overflow in V8 [epel-all] |
| 2402132 | NEW | high | CVE-2025-10892 qt6-qtwebengine: Integer overflow in V8 [epel-all] |
| 2402816 | ASSIGNED | low | CVE-2025-11495 radare2: GNU Binutils Linker heap-based overflow [epel-10] |
| 2402817 | ASSIGNED | low | CVE-2025-11495 rizin: GNU Binutils Linker heap-based overflow [epel-10] |
| 2402818 | ASSIGNED | low | CVE-2025-11494 radare2: GNU Binutils Linker out-of-bounds read [epel-10] |
| 2402820 | ASSIGNED | low | CVE-2025-11494 rizin: GNU Binutils Linker out-of-bounds read [epel-10] |
| 2402857 | NEW | medium | CVE-2025-8291 asahi-installer: Python zipfile End of Central Directory (EOCD) Locator record offset not checked [epel-10] |
| 2402984 | NEW | high | CVE-2025-59830 rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters [epel-10] |
| 2403133 | NEW | medium | CVE-2025-11579 chezmoi: RarDecode Out Of Memory Crash [epel-10] |
| 2403134 | NEW | medium | CVE-2025-11579 forgejo: RarDecode Out Of Memory Crash [epel-10] |
| 2403521 | NEW | high | CVE-2025-61919 rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion [epel-10] |
| 2403526 | NEW | medium | CVE-2025-61780 rubygem-rack: Improper handling of headers in `Rack::Sendfile` may allow proxy bypass [epel-10] |
| 2403977 | NEW | high | CVE-2025-61927 forgejo: Happy-DOM VM Context Escape [epel-10] |
| 2404264 | NEW | urgent | CVE-2025-62410 forgejo: --disallow-code-generation-from-strings is not sufficient for isolating untrusted JavaScript in happy-dom [epel-10] |
| 2404313 | NEW | medium | CVE-2025-59288 forgejo: Playwright Spoofing Vulnerability [epel-10] |
| 2404492 | ASSIGNED | low | CVE-2025-11839 radare2: GNU Binutils prdbg.c tg_tag_type return value [epel-10] |
| 2404493 | ASSIGNED | low | CVE-2025-11839 rizin: GNU Binutils prdbg.c tg_tag_type return value [epel-10] |
| 2404536 | ASSIGNED | low | CVE-2025-11840 radare2: GNU Binutils out-of-bounds read [epel-10] |
| 2404537 | ASSIGNED | low | CVE-2025-11840 rizin: GNU Binutils out-of-bounds read [epel-10] |
| 2404754 | ASSIGNED | low | CVE-2025-60358 radare2: From CVEorg collector [epel-10] |
| 2404755 | ASSIGNED | low | CVE-2025-60359 radare2: From CVEorg collector [epel-10] |
| 2404756 | ASSIGNED | low | CVE-2025-60361 radare2: From CVEorg collector [epel-10] |
| 2404825 | ASSIGNED | low | CVE-2025-60360 radare2: radare2 memory leak [epel-10] |
| 2404847 | NEW | medium | CVE-2025-62171 ImageMagick: ImageMagick vulnerable to denial of service via integer overflow in BMP decoder on 32-bit systems [epel-all] |
| 2405365 | NEW | medium | CVE-2025-59438 mbedtls: MbedTLS Padding oracle through timing of cipher error reporting [epel-10] |
| 2405671 | NEW | medium | CVE-2022-4981 dcmtk: DCMTK dcmqrscp dcmqrcnf.cc readPeerList null pointer dereference [epel-10] |
| 2405672 | NEW | medium | CVE-2020-36855 dcmtk: DCMTK dcmqrscp parseQuota stack-based overflow [epel-10] |
| 2406226 | NEW | medium | CVE-2025-50950 audiofile: NULL pointer dereference in the ModuleState::setup function [epel-all] |
| 2406535 | NEW | medium | CVE-2025-12343 ffmpeg: Double-Free Vulnerability in FFmpeg TensorFlow DNN Backend [epel-10] |
| 2407466 | NEW | medium | CVE-2025-58189 chezmoi: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407467 | NEW | medium | CVE-2025-58189 dnscrypt-proxy: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407468 | NEW | medium | CVE-2025-58189 fluent-bit: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407469 | NEW | medium | CVE-2025-58189 forgejo: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407472 | NEW | medium | CVE-2025-58189 git-credential-oauth: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407473 | NEW | medium | CVE-2025-58189 glow: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407474 | NEW | medium | CVE-2025-58189 golang-etcd-bbolt: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407476 | NEW | medium | CVE-2025-58189 golang-github-facebook-time: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407477 | NEW | medium | CVE-2025-58189 golang-github-google-pprof: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407478 | NEW | medium | CVE-2025-58189 golang-github-googleapis-gnostic: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407479 | NEW | medium | CVE-2025-58189 golang-github-jmespath: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407480 | NEW | medium | CVE-2025-58189 golang-github-mailru-easyjson: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407481 | NEW | medium | CVE-2025-58189 golang-github-pelletier-toml: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407482 | NEW | medium | CVE-2025-58189 grpc: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407485 | NEW | medium | CVE-2025-58189 kitty: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407487 | ASSIGNED | medium | CVE-2025-58189 libarrow: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407488 | NEW | medium | CVE-2025-58189 matterbridge: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407491 | NEW | medium | CVE-2025-58189 opentofu: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407497 | NEW | medium | CVE-2025-58189 smtprelay: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407498 | NEW | medium | CVE-2025-58189 snapd: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407499 | NEW | medium | CVE-2025-58189 syncthing: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407500 | NEW | medium | CVE-2025-58189 thrift: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407501 | NEW | medium | CVE-2025-58189 xq: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2407502 | NEW | medium | CVE-2025-58189 yq: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-10] |
| 2408524 | NEW | medium | CVE-2025-61725 chezmoi: Excessive CPU consumption in ParseAddress in net/mail [epel-10] |
| 2408525 | NEW | medium | CVE-2025-61725 forgejo: Excessive CPU consumption in ParseAddress in net/mail [epel-10] |
| 2408529 | NEW | medium | CVE-2025-61725 matterbridge: Excessive CPU consumption in ParseAddress in net/mail [epel-10] |
| 2408531 | NEW | medium | CVE-2025-61725 opentofu: Excessive CPU consumption in ParseAddress in net/mail [epel-10] |
| 2408537 | NEW | medium | CVE-2025-61725 smtprelay: Excessive CPU consumption in ParseAddress in net/mail [epel-10] |
| 2408538 | NEW | medium | CVE-2025-61725 snapd: Excessive CPU consumption in ParseAddress in net/mail [epel-10] |
| 2408911 | NEW | medium | CVE-2025-61723 chezmoi: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408912 | NEW | medium | CVE-2025-61723 dnscrypt-proxy: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408913 | NEW | medium | CVE-2025-61723 fluent-bit: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408914 | NEW | medium | CVE-2025-61723 forgejo: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408920 | NEW | medium | CVE-2025-61723 git-credential-oauth: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408922 | NEW | medium | CVE-2025-61723 glow: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408924 | NEW | medium | CVE-2025-61723 golang-etcd-bbolt: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408928 | NEW | medium | CVE-2025-61723 golang-github-facebook-time: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408929 | NEW | medium | CVE-2025-61723 golang-github-google-pprof: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408930 | NEW | medium | CVE-2025-61723 golang-github-googleapis-gnostic: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408931 | NEW | medium | CVE-2025-61723 golang-github-jmespath: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408932 | NEW | medium | CVE-2025-61723 golang-github-mailru-easyjson: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408933 | NEW | medium | CVE-2025-61723 golang-github-pelletier-toml: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408934 | NEW | medium | CVE-2025-61723 grpc: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408937 | NEW | medium | CVE-2025-61723 kitty: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408939 | ASSIGNED | medium | CVE-2025-61723 libarrow: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408940 | NEW | medium | CVE-2025-61723 matterbridge: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408943 | NEW | medium | CVE-2025-61723 opentofu: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408949 | NEW | medium | CVE-2025-61723 smtprelay: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408950 | NEW | medium | CVE-2025-61723 snapd: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408951 | NEW | medium | CVE-2025-61723 syncthing: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408952 | NEW | medium | CVE-2025-61723 thrift: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408953 | NEW | medium | CVE-2025-61723 xq: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2408954 | NEW | medium | CVE-2025-61723 yq: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-10] |
| 2409856 | NEW | medium | CVE-2025-58185 chezmoi: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409857 | NEW | medium | CVE-2025-58185 dnscrypt-proxy: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409858 | NEW | medium | CVE-2025-58185 fluent-bit: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409859 | NEW | medium | CVE-2025-58185 forgejo: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409862 | NEW | medium | CVE-2025-58185 git-credential-oauth: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409863 | NEW | medium | CVE-2025-58185 glow: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409864 | NEW | medium | CVE-2025-58185 golang-etcd-bbolt: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409866 | NEW | medium | CVE-2025-58185 golang-github-facebook-time: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409867 | NEW | medium | CVE-2025-58185 golang-github-gogo-protobuf: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409868 | NEW | medium | CVE-2025-58185 golang-github-google-pprof: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409869 | NEW | medium | CVE-2025-58185 golang-github-googleapis-gnostic: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409870 | NEW | medium | CVE-2025-58185 golang-github-jmespath: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409871 | NEW | medium | CVE-2025-58185 golang-github-mailru-easyjson: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409872 | NEW | medium | CVE-2025-58185 golang-github-oklog-ulid: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409873 | NEW | medium | CVE-2025-58185 golang-github-pelletier-toml: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409874 | NEW | medium | CVE-2025-58185 golang-google-protobuf: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409875 | NEW | medium | CVE-2025-58185 grpc: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409878 | NEW | medium | CVE-2025-58185 kitty: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409880 | ASSIGNED | medium | CVE-2025-58185 libarrow: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409881 | NEW | medium | CVE-2025-58185 matterbridge: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409885 | NEW | medium | CVE-2025-58185 opentofu: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409891 | NEW | medium | CVE-2025-58185 smtprelay: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409892 | NEW | medium | CVE-2025-58185 snapd: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409893 | NEW | medium | CVE-2025-58185 syncthing: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409894 | NEW | medium | CVE-2025-58185 thrift: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409895 | NEW | medium | CVE-2025-58185 xq: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2409896 | NEW | medium | CVE-2025-58185 yq: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-10] |
| 2410800 | NEW | medium | CVE-2025-58188 chezmoi: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410801 | NEW | medium | CVE-2025-58188 dnscrypt-proxy: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410802 | NEW | medium | CVE-2025-58188 fluent-bit: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410803 | NEW | medium | CVE-2025-58188 forgejo: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410806 | NEW | medium | CVE-2025-58188 git-credential-oauth: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410807 | NEW | medium | CVE-2025-58188 glow: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410808 | NEW | medium | CVE-2025-58188 golang-etcd-bbolt: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410810 | NEW | medium | CVE-2025-58188 golang-github-facebook-time: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410811 | NEW | medium | CVE-2025-58188 golang-github-google-pprof: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410812 | NEW | medium | CVE-2025-58188 golang-github-googleapis-gnostic: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410813 | NEW | medium | CVE-2025-58188 golang-github-jmespath: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410814 | NEW | medium | CVE-2025-58188 golang-github-mailru-easyjson: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410815 | NEW | medium | CVE-2025-58188 golang-github-pelletier-toml: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410816 | NEW | medium | CVE-2025-58188 grpc: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410819 | NEW | medium | CVE-2025-58188 kitty: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410821 | ASSIGNED | medium | CVE-2025-58188 libarrow: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410822 | NEW | medium | CVE-2025-58188 matterbridge: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410825 | NEW | medium | CVE-2025-58188 opentofu: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410831 | NEW | medium | CVE-2025-58188 smtprelay: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410832 | NEW | medium | CVE-2025-58188 snapd: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410833 | NEW | medium | CVE-2025-58188 syncthing: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410834 | NEW | medium | CVE-2025-58188 thrift: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410835 | NEW | medium | CVE-2025-58188 xq: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2410836 | NEW | medium | CVE-2025-58188 yq: Panic when validating certificates with DSA public keys in crypto/x509 [epel-10] |
| 2412478 | NEW | medium | CVE-2025-58183 chezmoi: Unbounded allocation when parsing GNU sparse map [epel-all] |
| 2412479 | NEW | medium | CVE-2025-58183 forgejo: Unbounded allocation when parsing GNU sparse map [epel-all] |
| 2412482 | NEW | medium | CVE-2025-58183 golang-github-vbatts-tar-split: Unbounded allocation when parsing GNU sparse map [epel-all] |
| 2412487 | NEW | medium | CVE-2025-58183 kitty: Unbounded allocation when parsing GNU sparse map [epel-all] |
| 2412488 | NEW | medium | CVE-2025-58183 matterbridge: Unbounded allocation when parsing GNU sparse map [epel-all] |
| 2412489 | ON_QA | medium | CVE-2025-58183 openbao: Unbounded allocation when parsing GNU sparse map [epel-all] |
| 2412490 | NEW | medium | CVE-2025-58183 opentofu: Unbounded allocation when parsing GNU sparse map [epel-all] |
| 2412497 | NEW | medium | CVE-2025-58183 snapd: Unbounded allocation when parsing GNU sparse map [epel-all] |
| 2412498 | NEW | medium | CVE-2025-58183 syncthing: Unbounded allocation when parsing GNU sparse map [epel-all] |
| 2412499 | NEW | medium | CVE-2025-58183 trivy: Unbounded allocation when parsing GNU sparse map [epel-all] |
| 2412973 | ON_QA | medium | CVE-2025-46705 lasso: Denial of service in Entr'ouvert Lasso [epel-10] |
| 2413014 | ON_QA | urgent | CVE-2025-47151 lasso: Type confusion in Entr'ouvert Lasso [epel-10] |
| 2413049 | NEW | low | CVE-2025-6075 asahi-installer: Quadratic complexity in os.path.expandvars() with user-controlled template [epel-10] |
| 2414296 | NEW | low | CVE-2025-23050 qt5: Qt missing length check [epel-10] |
| 2415000 | NEW | high | CVE-2025-59840 jupyterlab: Cross-Site Scripting (XSS) via expressions abusing toString calls in environments using the VEGA_DEBUG global variable [epel-10] |
| 2415347 | ASSIGNED | medium | CVE-2025-63745 radare2: NULL Pointer Dereference in info() (bin_ne.c) Leads to Denial of Service [epel-10] |
| 2415353 | ASSIGNED | medium | CVE-2025-63744 radare2: NULL Pointer Dereference in load() (bin_dyldcache.c) Leads to Denial of Service [epel-10] |
| 2417401 | NEW | high | CVE-2025-64720 java-latest-openjdk: LIBPNG buffer overflow [epel-10] |
| 2417402 | NEW | high | CVE-2025-64720 java-latest-openjdk-portable: LIBPNG buffer overflow [epel-10] |
| 2417407 | NEW | high | CVE-2025-65018 java-latest-openjdk: LIBPNG heap buffer overflow [epel-10] |
| 2417409 | NEW | high | CVE-2025-65018 java-latest-openjdk-portable: LIBPNG heap buffer overflow [epel-10] |
| 2417422 | NEW | medium | CVE-2025-64506 java-latest-openjdk: LIBPNG heap buffer over-read [epel-10] |
| 2417425 | NEW | medium | CVE-2025-64506 java-latest-openjdk-portable: LIBPNG heap buffer over-read [epel-10] |
| 2417679 | NEW | low | CVE-2025-55174 skanpage: Skanpage: Partial file overwrite vulnerability due to incorrect I/O device usage [epel-10] |
| 2418231 | NEW | unspecified | CVE-2025-45311 fail2ban: From CVEorg collector [epel-10] |
| 2418394 | NEW | medium | CVE-2025-64505 java-latest-openjdk: LIBPNG heap buffer overflow via malformed palette index [epel-10] |
| 2418395 | NEW | medium | CVE-2025-64505 java-latest-openjdk-portable: LIBPNG heap buffer overflow via malformed palette index [epel-10] |
| 2418486 | MODIFIED | high | CVE-2025-65896 python-asyncmy: Asyncmy SQL injection [epel-10] |
| 2418530 | NEW | high | CVE-2025-64756 forgejo: glob CLI: Command injection via -c/--cmd executes matches with shell:true [epel-10] |
| 2418551 | NEW | medium | CVE-2025-65955 ImageMagick: ImageMagick use-after-free/double-free [epel-10] |
| 2418723 | NEW | high | CVE-2025-66293 java-latest-openjdk: LIBPNG out-of-bounds read in png_image_read_composite [epel-10] |
| 2418724 | NEW | high | CVE-2025-66293 java-latest-openjdk-portable: LIBPNG out-of-bounds read in png_image_read_composite [epel-10] |
| 2418776 | NEW | medium | CVE-2025-14010 ansible-collection-community-general: Sensitive Credential Exposure in community.general.keycloak_user Module During Verbose Execution [epel-10] |
| 2419513 | NEW | high | CVE-2025-12819 pgbouncer: Untrusted search path in auth_query connection in PgBouncer [epel-10] |
| 2419553 | NEW | medium | CVE-2025-66035 syncthing: Angular HTTP Client Has XSRF Token Leakage via Protocol-Relative URLs [epel-10] |
| 2419587 | NEW | high | CVE-2025-66412 syncthing: Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes [epel-10] |
| 2420555 | NEW | high | CVE-2025-47913 chezmoi: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS [epel-10] |
| 2420556 | NEW | high | CVE-2025-47913 forgejo: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS [epel-10] |
| 2421162 | NEW | high | CVE-2025-66628 ImageMagick: ImageMagick Integer Overflow leading to out of bounds read (32-bit only) [epel-10] |
| 2421877 | NEW | high | CVE-2025-66506 podman-tui: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token [epel-10] |
| 2421878 | NEW | high | CVE-2025-66506 prometheus-podman-exporter: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token [epel-10] |
| 2422162 | NEW | medium | CVE-2025-65637 golang-github-facebook-time: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload [epel-10] |
| 2422163 | NEW | medium | CVE-2025-65637 matterbridge: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload [epel-10] |
| 2422295 | NEW | medium | CVE-2025-66004 usbmuxd: usbmuxd: Path Traversal vulnerability allows local privilege escalation [epel-10] |
| 2422455 | NEW | medium | CVE-2025-64718 forgejo: js-yaml prototype pollution in merge [epel-10] |
| 2422456 | NEW | medium | CVE-2025-64718 kf6-breeze-icons: js-yaml prototype pollution in merge [epel-10] |
| 2422458 | NEW | medium | CVE-2025-64718 workrave: js-yaml prototype pollution in merge [epel-10] |
| 2422459 | NEW | medium | CVE-2025-64718 yarnpkg: js-yaml prototype pollution in merge [epel-10] |
| 2422996 | NEW | medium | CVE-2025-10543 zabbix7.0: paho.mqtt.golang: Integer Overflow in UTF-8 String Encoding [epel-10] |
| 2423023 | NEW | low | CVE-2025-67899 uriparser: uriparser: Unbounded recursion and stack consumption via large input [epel-10] |
| 2423033 | NEW | medium | CVE-2025-14607 dcmtk: OFFIS DCMTK: Remote memory corruption vulnerability [epel-10] |
| 2423046 | NEW | medium | CVE-2025-32901 kde-connect: KDE Connect: Application crash via malicious device IDs [epel-10] |
| 2423052 | NEW | medium | CVE-2025-32899 kde-connect: KDE Connect: Unpairing of devices via invalid broadcast UDP packet [epel-10] |
| 2423094 | NEW | medium | CVE-2025-64702 dnscrypt-proxy: quic-go HTTP/3 QPACK Header Expansion DoS [epel-10] |
| 2423984 | NEW | high | [Minor Incident] CVE-2025-52881 golang-github-opencontainers-selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects [epel-10] |
| 2425321 | NEW | medium | CVE-2018-25153 barcode: memory leak via specially crafted file [epel-10] |
| 2425326 | NEW | medium | CVE-2018-25154 barcode: out-of-bounds read via specially crafted file [epel-10] |
| 2425448 | NEW | medium | CVE-2025-68937 forgejo: Forgejo: Server shell access via symlink mishandling in template repositories [epel-10] |
| 2425774 | NEW | high | CVE-2025-69195 wget2: GNU Wget2: Memory corruption and crash via filename sanitization logic with attacker-controlled URLs [epel-10] |
| 2425779 | NEW | high | CVE-2025-69194 wget2: Arbitrary File Write via Metalink Path Traversal in GNU Wget2 [epel-10] |
| 2425812 | NEW | high | CVE-2025-60458 uxplay: double free via specially crafted RTSP TEARDOWN request [epel-10] |
| 2426446 | NEW | medium | CVE-2025-68431 libheif: libheif has Potential Heap Buffer Over-Read [epel-10] |
| 2426476 | NEW | high | CVE-2025-15284 python-torch: qs: Denial of Service via improper input validation in array parsing [epel-10] |
| 2426619 | NEW | low | CVE-2025-69412 messagelib: messagelib: Spoofing of threat data due to ignored SSL errors [epel-10] |
| 2426632 | NEW | medium | CVE-2025-68618 ImageMagick: ImageMagick: Denial of Service via malicious SVG file [epel-10] |
| 2426634 | NEW | medium | CVE-2025-69204 ImageMagick: ImageMagick: Denial of Service via integer overflow in SVG image processing [epel-10] |
| 2426635 | NEW | medium | CVE-2025-68950 ImageMagick: ImageMagick: Denial of Service via circular references in MVG files [epel-10] |
| 2427341 | NEW | high | CVE-2025-66648 jupyterlab: vega-functions: Cross-Site Scripting via untrusted user input [epel-10] |
| 2427343 | NEW | high | CVE-2025-65110 jupyterlab: Vega: Arbitrary code execution through malicious visualization definitions [epel-10] |
| 2427793 | NEW | high | CVE-2026-22184 BackupPC-XS: zlib: Arbitrary code execution via buffer overflow in untgz utility [epel-10] |
| 2427794 | NEW | high | CVE-2026-22184 btrfs-efi: zlib: Arbitrary code execution via buffer overflow in untgz utility [epel-10] |
| 2427795 | NEW | high | CVE-2026-22184 java-latest-openjdk: zlib: Arbitrary code execution via buffer overflow in untgz utility [epel-10] |
| 2427796 | NEW | high | CVE-2026-22184 java-latest-openjdk-portable: zlib: Arbitrary code execution via buffer overflow in untgz utility [epel-10] |
| 2428356 | NEW | medium | CVE-2025-14505 yarnpkg: Key handling flaws in Elliptic [epel-10] |
| 2428529 | ASSIGNED | high | CVE-2026-0821 radare2: quickjs-ng: Heap-based buffer overflow in js_typed_array_constructor function [epel-10] |
| 2428530 | ASSIGNED | high | CVE-2026-0822 radare2: quickjs-ng: Heap-based buffer overflow in js_typed_array_sort function [epel-10] |
| 2428656 | NEW | low | CVE-2025-15506 OpenColorIO: OpenColorIO: Local denial of service due to out-of-bounds read [epel-10] |
| 2428865 | NEW | medium | CVE-2025-11266 gdcm: Grassroots DICOM (GDCM): Denial of Service via malformed DICOM file parsing [epel-10] |
| 2428927 | NEW | medium | CVE-2025-13836 asahi-installer: Excessive read buffering DoS in http.client [epel-10] |
| 2428988 | NEW | high | CVE-2026-22610 syncthing: Angular has XSS Vulnerability via Unsanitized SVG Script Attributes [epel-10] |
| 2429270 | NEW | medium | CVE-2026-22693 ghc-gi-harfbuzz: Null Pointer Dereference in harfbuzz [epel-10] |
| 2429271 | NEW | medium | CVE-2026-22693 java-latest-openjdk: Null Pointer Dereference in harfbuzz [epel-10] |
| 2429272 | NEW | medium | CVE-2026-22693 java-latest-openjdk-portable: Null Pointer Dereference in harfbuzz [epel-10] |
| 2429315 | NEW | medium | CVE-2026-22701 python-filelock: filelock Time-of-Check-Time-of-Use (TOCTOU) in SoftFileLock [epel-10] |
| 2429778 | NEW | medium | CVE-2026-22857 freerdp2: FreeRDP heap-use-after-free [epel-10] |
| 2429780 | NEW | medium | CVE-2026-22852 freerdp2: FreeRDP heap-buffer-overflow [epel-10] |
| 2429782 | NEW | medium | CVE-2026-22859 freerdp2: FreeRDP heap-buffer-overflow [epel-10] |
| 2429786 | NEW | medium | CVE-2026-22856 freerdp2: FreeRDP heap-use-after-free [epel-10] |
| 2429791 | NEW | medium | CVE-2026-22851 freerdp2: FreeRDP RDPGFX ResetGraphics race [epel-10] |
| 2429792 | NEW | medium | CVE-2026-22855 freerdp2: FreeRDP heap-buffer-overflow [epel-10] |
| 2429796 | NEW | medium | CVE-2026-22854 freerdp2: FreeRDP heap-buffer-overflow [epel-10] |
| 2429801 | NEW | medium | CVE-2026-22858 freerdp2: FreeRDP global-buffer-overflow [epel-10] |
| 2429948 | NEW | medium | CVE-2025-27614 cgit: git script execution flaw [epel-10] |
| 2430433 | NEW | high | CVE-2025-62291 strongswan: From CVEorg collector [epel-10] |
| 2430799 | ASSIGNED | high | CVE-2026-1144 radare2: quickjs-ng: Use-after-free vulnerability in Atomics Ops Handler [epel-10] |
| 2430800 | ASSIGNED | high | CVE-2026-1145 radare2: quickjs-ng quickjs: Heap-based buffer overflow leading to information disclosure or denial of service [epel-10] |
| 2430894 | NEW | high | CVE-2026-23532 freerdp2: FreeRDP: Denial of Service and potential code execution via client-side heap buffer overflow [epel-10] |
| 2430899 | NEW | high | CVE-2026-23534 freerdp2: FreeRDP: Arbitrary code execution and denial of service via client-side heap buffer overflow [epel-10] |
| 2430904 | NEW | high | CVE-2026-23531 freerdp2: FreeRDP: Heap buffer overflow via crafted RDPGFX surface updates leads to denial of service and potential code execution. [epel-10] |
| 2430910 | NEW | high | CVE-2026-23533 freerdp2: FreeRDP: Heap buffer overflow leads to denial of service and potential code execution [epel-10] |
| 2430915 | NEW | high | CVE-2026-23530 freerdp2: FreeRDP: Heap buffer overflow leading to denial of service and potential code execution from a malicious server. [epel-10] |
| 2430920 | NEW | high | CVE-2026-23883 freerdp2: FreeRDP: Arbitrary code execution and denial of service via malicious server [epel-10] |
| 2430929 | NEW | high | CVE-2026-23884 freerdp2: FreeRDP: Denial of Service and potential code execution via use-after-free vulnerability [epel-10] |
| 2431047 | NEW | medium | CVE-2026-22770 ImageMagick: ImageMagick: Denial of Service due to improper pointer initialization [epel-10] |
| 2431048 | NEW | medium | CVE-2026-23874 ImageMagick: ImageMagick: Denial of Service via infinite recursion in MSL |
| 2431056 | NEW | high | CVE-2026-23876 ImageMagick: ImageMagick: Arbitrary code execution via a crafted XBM image file [epel-10] |
| 2431061 | NEW | high | CVE-2026-23949 python-jaraco-context: jaraco.context: Path traversal via malicious tar archives [epel-10] |
| 2431062 | NEW | medium | CVE-2025-64118 kf6-breeze-icons: node-tar: Information disclosure via reading a truncated tar file [epel-10] |
| 2431086 | NEW | high | CVE-2026-23745 CVE-2026-23950 kf6-breeze-icons: various flaws [epel-10] |
| 2431610 | NEW | medium | CVE-2025-15366 asahi-installer: IMAP command injection in user-controlled commands [epel-10] |
| 2431634 | NEW | medium | CVE-2025-15367 asahi-installer: POP3 command injection in user-controlled commands [epel-10] |
| 2431746 | NEW | medium | CVE-2025-11468 asahi-installer: Missing character filtering in Python [epel-10] |
| 2431749 | NEW | medium | CVE-2026-0672 asahi-installer: Header injection in http.cookies.Morsel in Python [epel-10] |
| 2431754 | NEW | medium | CVE-2026-0865 asahi-installer: wsgiref.headers.Headers allows header newline injection in Python [epel-10] |
| 2431759 | NEW | medium | CVE-2025-15282 asahi-installer: Header injection via newlines in data URL mediatype in Python [epel-10] |
| 2431944 | NEW | high | CVE-2026-23957 forgejo: Seroval: Denial of Service via large encoded array lengths [epel-10] |
| 2431945 | NEW | high | CVE-2026-23737 forgejo: seroval: Arbitrary Code Execution via Improper JSON Deserialization [epel-10] |
| 2431946 | NEW | high | CVE-2026-23956 forgejo: Seroval: Denial of Service via malicious regular expressions during deserialization [epel-10] |
| 2431947 | NEW | high | CVE-2026-23736 forgejo: seroval: Prototype pollution via improper input validation during JSON deserialization [epel-10] |
| 2431955 | NEW | high | CVE-2026-24006 forgejo: Seroval: Denial of Service due to excessive recursion during object serialization [epel-10] |
| 2431965 | NEW | medium | CVE-2026-23952 ImageMagick: ImageMagick: Denial of Service via processing of MSL comment tags [epel-10] |
| 2432189 | ON_QA | medium | CVE-2026-23831 gh: Rekor denial of service [epel-10] |
| 2432850 | NEW | medium | CVE-2025-67125 docopt-cpp: integer overflow can lead to logic/policy bypass [epel-10] |
| 2432924 | NEW | high | CVE-2025-13465 forgejo: prototype pollution in _.unset and _.omit functions [epel-10] |
| 2432925 | NEW | high | CVE-2025-13465 jupyterlab: prototype pollution in _.unset and _.omit functions [epel-10] |
| 2432926 | NEW | high | CVE-2025-13465 kf6-breeze-icons: prototype pollution in _.unset and _.omit functions [epel-10] |
| 2432927 | ON_QA | high | CVE-2025-13465 nextcloud: prototype pollution in _.unset and _.omit functions [epel-10] |
| 2432929 | NEW | high | CVE-2025-13465 python-ipyparallel: prototype pollution in _.unset and _.omit functions [epel-10] |
| 2432932 | NEW | high | CVE-2025-13465 python-torch: prototype pollution in _.unset and _.omit functions [epel-10] |
| 2432933 | NEW | high | CVE-2025-13465 qt5-qtbase: prototype pollution in _.unset and _.omit functions [epel-10] |
| 2433098 | ON_QA | medium | CVE-2026-23991 gh: go-tuf client DoS via malformed server response [epel-10] |
| 2433100 | ON_QA | medium | CVE-2026-23992 gh: go-tuf improperly validates the configured threshold for delegations [epel-10] |
| 2433376 | ASSIGNED | high | [Minor Incident] CVE-2025-15467 sslscan: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing [epel-10] |
| 2433494 | NEW | high | CVE-2026-22258 suricata: Suricata DCERPC: unbounded fragment buffering leads to memory exhaustion [epel-10] |
| 2433499 | NEW | high | CVE-2026-22259 suricata: Suricata dnp3: unbounded transaction growth [epel-10] |
| 2433505 | NEW | high | CVE-2026-22264 suricata: Suricata detect/alert: heap-use-after-free on alert queue expansion [epel-10] |
| 2433509 | NEW | high | CVE-2026-22260 suricata: Suricata http1: infinite recursion in decompression [epel-10] |
| 2433529 | ON_QA | medium | CVE-2026-24117 gh: Rekor Server-Side Request Forgery (SSRF) [epel-10] |
| 2433566 | ON_QA | medium | CVE-2026-24137 gh: sigstore legacy TUF client allows for arbitrary file writes with target cache path traversal [epel-10] |
| 2433652 | NEW | low | CVE-2026-22261 suricata: Suricata: Denial of Service due to XFF handling inefficiencies [epel-all] |
| 2433655 | NEW | medium | CVE-2026-22262 suricata: Suricata: Denial of service due to stack overflow when saving large datasets [epel-all] |
| 2433657 | NEW | medium | CVE-2026-22263 suricata: Suricata: Denial of Service via inefficient HTTP/1 header parsing [epel-all] |
| 2433683 | NEW | medium | CVE-2025-28164 java-latest-openjdk: libpng: Denial of Service via buffer overflow in png_create_read_struct() function [epel-10] |
| 2433684 | NEW | medium | CVE-2025-28164 java-latest-openjdk-portable: libpng: Denial of Service via buffer overflow in png_create_read_struct() function [epel-10] |
| 2433773 | NEW | high | CVE-2026-24747 python-torch: PyTorch Vulnerable to Remote Code Execution via Untrusted Checkpoint Files [epel-10] |
| 2433810 | NEW | medium | CVE-2026-1299 asahi-installer: email header injection due to unquoted newlines [epel-10] |
| 2433930 | NEW | urgent | CVE-2026-24799 dlib: heap-based buffer overflow in inflate() in zlib module (CVE-2022-37434) [epel-10] |
| 2434243 | ON_QA | medium | CVE-2026-24686 gh: go-tuf Path Traversal in TAP 4 Multirepo Client Allows Arbitrary File Write via Malicious Repository Names [epel-10] |
| 2434709 | NEW | high | CVE-2026-24842 kf6-breeze-icons: node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal [epel-10] |
| 2436290 | ASSIGNED | medium | CVE-2026-22780 rizin: Rizin: Heap overflow allows arbitrary code execution via malicious mach0 file [epel-10] |
| 2437225 | NEW | medium | CVE-2026-22801 java-latest-openjdk: libpng: Information disclosure and denial of service via integer truncation in simplified write API [epel-10] |
| 2437226 | NEW | medium | CVE-2026-22801 java-latest-openjdk-portable: libpng: Information disclosure and denial of service via integer truncation in simplified write API [epel-10] |
| 2437330 | NEW | low | CVE-2025-68458 forgejo: webpack buildHttp: allowedUris allow-list bypass via URL userinfo (@) leading to build-time SSRF behavior [epel-10] |
| 2437331 | NEW | low | CVE-2025-68458 golang-github-evanw-esbuild: webpack buildHttp: allowedUris allow-list bypass via URL userinfo (@) leading to build-time SSRF behavior [epel-10] |
| 2437333 | NEW | low | CVE-2025-68458 yarnpkg: webpack buildHttp: allowedUris allow-list bypass via URL userinfo (@) leading to build-time SSRF behavior [epel-10] |
| 2437336 | NEW | low | CVE-2025-68157 forgejo: webpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirects [epel-10] |
| 2437338 | NEW | low | CVE-2025-68157 golang-github-evanw-esbuild: webpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirects [epel-10] |
| 2437342 | NEW | low | CVE-2025-68157 yarnpkg: webpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirects [epel-10] |
| 2437462 | NEW | medium | CVE-2026-25537 vaultwarden: jsonwebtoken has Type Confusion that leads to potential authorization bypass [epel-10] |
| 2438006 | NEW | medium | CVE-2026-25916 roundcubemail: SVG feImage bypasses image blocking to track email opens [epel-10] |
| 2438031 | NEW | medium | CVE-2026-25727 fapolicy-analyzer: time affected by a stack exhaustion denial of service attack [epel-10] |
| 2438034 | ASSIGNED | medium | CVE-2026-25727 rizin: time affected by a stack exhaustion denial of service attack [epel-10] |
| 2438035 | NEW | medium | CVE-2026-25727 suricata: time affected by a stack exhaustion denial of service attack [epel-10] |
| 2438037 | NEW | medium | CVE-2026-25727 vaultwarden: time affected by a stack exhaustion denial of service attack [epel-10] |
| 2438250 | NEW | medium | CVE-2026-24682 freerdp2: FreeRDP has a Heap-buffer-overflow in audio_formats_free [epel-10] |
| 2438251 | NEW | medium | CVE-2026-24683 freerdp2: FreeRDP has a heap-use-after-free in ainput_send_input_event [epel-10] |
| 2438252 | NEW | medium | CVE-2026-24675 freerdp2: FreeRDP has a Heap-use-after-free in urb_select_interface [epel-10] |
| 2438253 | NEW | medium | CVE-2026-24679 freerdp2: FreeRDP has a heap-buffer-overflow in urb_select_interface [epel-10] |
| 2438254 | NEW | medium | CVE-2026-24681 freerdp2: FreeRDP has a heap-use-after-free in urb_bulk_transfer_cb [epel-10] |
| 2438255 | NEW | medium | CVE-2026-24677 freerdp2: FreeRDP has a heap-buffer-overflow in ecam_encoder_compress_h264 [epel-10] |
| 2438256 | NEW | medium | CVE-2026-24491 freerdp2: FreeRDP has a heap-use-after-free in video_timer [epel-10] |
| 2438258 | NEW | medium | CVE-2026-23948 freerdp2: FreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2() [epel-10] |
| 2438261 | NEW | medium | CVE-2026-24684 freerdp2: FreeRDP has a Heap-use-after-free in play_thread [epel-10] |
| 2438306 | NEW | medium | CVE-2026-24680 freerdp2: FreeRDP has a heap-use-after-free in update_pointer_new(SDL) [epel-10] |
| 2438320 | NEW | medium | CVE-2026-24676 freerdp2: FreeRDP: Denial of Service via use-after-free in AUDIN format renegotiation [epel-10] |
| 2438653 | NEW | high | CVE-2026-25646 java-latest-openjdk: LIBPNG has a heap buffer overflow in png_set_quantize [epel-10] |
| 2438654 | NEW | high | CVE-2026-25646 java-latest-openjdk-portable: LIBPNG has a heap buffer overflow in png_set_quantize [epel-10] |
| 2439004 | ON_QA | high | CVE-2026-25639 nextcloud: Axios affected by Denial of Service via __proto__ Key in mergeConfig [epel-10] |
| 2439044 | NEW | high | CVE-2026-26157 busybox: BusyBox: Arbitrary file overwrite and potential code execution via incomplete path sanitization [epel-10] |
| 2439190 | NEW | high | CVE-2026-25990 python-pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image [epel-10] |
| 2439258 | NEW | medium | CVE-2026-26012 vaultwarden: Vaultwarden: Information disclosure due to bypassed collection permissions [epel-10] |
| 2439262 | NEW | medium | CVE-2026-26012 vaultwarden: Vaultwarden: Information disclosure due to bypassed collection permissions [epel-10] |
| 2439285 | NEW | high | CVE-2020-37182 redir: Denial of Service due to stack overflow in doproxyconnect() function [epel-all] |
| 2439338 | NEW | medium | CVE-2026-2327 forgejo: markdown-it: Denial of Service via Regular Expression Denial of Service in linkify function [epel-10] |
| 2439357 | NEW | high | CVE-2025-69873 forgejo: ReDoS via $data reference [epel-10] |
| 2439358 | NEW | high | CVE-2025-69873 jupyterlab: ReDoS via $data reference [epel-10] |
| 2439360 | NEW | high | CVE-2025-69873 python-ipyparallel: ReDoS via $data reference [epel-10] |
| 2439362 | NEW | high | CVE-2025-69873 yarnpkg: ReDoS via $data reference [epel-10] |
| 2439538 | NEW | medium | CVE-2026-2391 nextcloud: qs's arrayLimit bypass in comma parsing allows denial of service [epel-10] |
| 2439540 | NEW | medium | CVE-2026-2391 python-torch: qs's arrayLimit bypass in comma parsing allows denial of service [epel-10] |
| 2439541 | NEW | medium | CVE-2026-2391 yarnpkg: qs's arrayLimit bypass in comma parsing allows denial of service [epel-10] |
| 2439600 | NEW | medium | CVE-2026-26076 ntpd-rs: ntpd-rs: Denial of Service via malformed NTS packets requesting excessive cookies [epel-10] |
| 2440819 | NEW | high | CVE-2025-14009 python-nltk: Zip Slip Vulnerability in nltk Leading to Code Execution [epel-all] |
| 2440946 | NEW | high | CVE-2019-25355 gsoap: information disclosure via directory traversal vulnerability [epel-all] |
| 2441149 | NEW | medium | CVE-2025-69725 caddy: Go-chi/chi: Open Redirect vulnerability allows redirection to malicious websites [epel-all] |
| 2441150 | NEW | medium | CVE-2025-69725 forgejo: Go-chi/chi: Open Redirect vulnerability allows redirection to malicious websites [epel-all] |
| 2441152 | NEW | medium | CVE-2025-69725 rclone: Go-chi/chi: Open Redirect vulnerability allows redirection to malicious websites [epel-all] |
| 2441153 | NEW | medium | CVE-2025-69725 singularity-ce: Go-chi/chi: Open Redirect vulnerability allows redirection to malicious websites [epel-all] |
| 2441201 | NEW | high | CVE-2026-26200 hdf5: HDF5: Denial of Service due to heap buffer overflow when parsing a crafted h5 file [epel-all] |
| 2441337 | NEW | medium | CVE-2026-26960 kf6-breeze-icons: node-tar: Arbitrary file read/write via malicious archive hardlink creation [epel-all] |
| 2441340 | NEW | medium | CVE-2026-26960 yarnpkg: node-tar: Arbitrary file read/write via malicious archive hardlink creation [epel-all] |
| 2442149 | NEW | medium | CVE-2026-25795 ImageMagick: ImageMagick: Denial of Service due to NULL pointer dereference during temporary file creation failure [epel-all] |
| 2442153 | NEW | medium | CVE-2026-25797 ImageMagick: ImageMagick: Arbitrary code execution via crafted PostScript files [epel-all] |
| 2442157 | NEW | medium | CVE-2026-25637 ImageMagick: ImageMagick: Denial of Service via crafted image due to memory leak [epel-all] |
| 2442158 | NEW | medium | CVE-2026-25799 ImageMagick: ImageMagick: Denial of Service via YUV sampling factor validation error [epel-all] |
| 2442160 | NEW | medium | CVE-2026-25796 ImageMagick: ImageMagick: Denial of Service Vulnerability [epel-all] |
| 2442162 | NEW | medium | CVE-2026-25798 ImageMagick: ImageMagick: Denial of Service via crafted image file [epel-all] |
| 2442163 | NEW | medium | CVE-2026-25576 ImageMagick: ImageMagick: Information disclosure due to heap buffer over-read when processing malformed images [epel-all] |
| 2442164 | NEW | medium | CVE-2026-24484 ImageMagick: ImageMagick: Denial of Service vulnerability via multi-layer nested MVG to SVG conversion [epel-all] |
| 2442165 | NEW | medium | CVE-2026-25796 ImageMagick: ImageMagick: Denial of Service Vulnerability [epel-all] |
| 2442166 | NEW | medium | CVE-2026-25798 ImageMagick: ImageMagick: Denial of Service via crafted image file [epel-all] |
| 2442167 | NEW | medium | CVE-2026-25576 ImageMagick: ImageMagick: Information disclosure due to heap buffer over-read when processing malformed images [epel-all] |
| 2442168 | NEW | medium | CVE-2026-24484 ImageMagick: ImageMagick: Denial of Service vulnerability via multi-layer nested MVG to SVG conversion [epel-all] |
| 2442169 | NEW | medium | CVE-2026-25966 ImageMagick: ImageMagick: Policy bypass allows unauthorized access to standard streams via fd: |
| 2442172 | NEW | medium | CVE-2026-25967 ImageMagick: ImageMagick: Denial of Service via crafted FTXT file [epel-all] |
| 2442175 | NEW | medium | CVE-2026-25968 ImageMagick: ImageMagick: Memory corruption via stack buffer overflow when processing an attribute [epel-all] |
| 2442176 | NEW | medium | CVE-2026-25971 ImageMagick: ImageMagick: Denial of Service via circular references in MSL files [epel-all] |
| 2442177 | NEW | medium | CVE-2026-25970 ImageMagick: ImageMagick: Memory corruption and denial of service via signed integer overflow in SIXEL decoder. [epel-all] |
| 2442179 | NEW | medium | CVE-2026-25897 ImageMagick: ImageMagick: Out-of-bounds heap write via integer overflow in sun decoder [epel-all] |
| 2442180 | NEW | medium | CVE-2026-25969 ImageMagick: ImageMagick: Memory leak leading to denial of service via image processing [epel-all] |
| 2442181 | NEW | medium | CVE-2026-25898 ImageMagick: ImageMagick: Information disclosure or denial of service via crafted image with invalid pixel index [epel-all] |
| 2442190 | NEW | medium | CVE-2026-25988 ImageMagick: ImageMagick: Denial of Service due to memory leak in image processing [epel-all] |
| 2442191 | NEW | medium | CVE-2026-25987 ImageMagick: ImageMagick: Memory disclosure and denial of service via crafted MAP files [epel-all] |
| 2442193 | NEW | medium | CVE-2026-25986 ImageMagick: ImageMagick: Denial of Service via malicious YUV image processing [epel-all] |
| 2442194 | NEW | medium | CVE-2026-25983 ImageMagick: ImageMagick: Denial of service via crafted MSL script [epel-all] |
| 2442195 | NEW | medium | CVE-2026-25989 ImageMagick: ImageMagick: Denial of Service via crafted SVG file [epel-all] |
| 2442197 | NEW | medium | CVE-2026-25982 ImageMagick: ImageMagick: Denial of Service or Information Disclosure via heap out-of-bounds read in DICOM file processing [epel-all] |
| 2442203 | NEW | medium | CVE-2026-24485 ImageMagick: ImageMagick: Denial of Service via malformed PCD file processing [epel-all] |
| 2442204 | NEW | medium | CVE-2026-25638 ImageMagick: ImageMagick: Denial of Service due to memory leak in image processing [epel-all] |
| 2442208 | NEW | medium | CVE-2026-26983 ImageMagick: ImageMagick: Denial of Service via invalid MSL map element processing [epel-all] |
| 2442209 | NEW | medium | CVE-2026-26284 ImageMagick: ImageMagick: Out-of-bounds read via crafted Photo CD (PCD) files [epel-all] |
| 2442210 | NEW | medium | CVE-2026-26066 ImageMagick: ImageMagick: Denial of Service via crafted IPTC data [epel-all] |
| 2442211 | NEW | medium | CVE-2026-26283 ImageMagick: ImageMagick: Denial of Service via crafted image leading to an infinite loop [epel-all] |
| 2442215 | NEW | high | CVE-2026-25965 ImageMagick: ImageMagick: Local File Disclosure via Path Traversal [epel-all] |
| 2442218 | NEW | high | CVE-2026-25794 ImageMagick: ImageMagick: Denial of service and potential arbitrary code execution via integer overflow in image processing [epel-all] |
| 2442228 | NEW | high | CVE-2026-3061 CVE-2026-3062 CVE-2026-3063 chromium: various flaws [epel-all] |
| 2442239 | NEW | high | CVE-2026-25985 ImageMagick: Memory allocation with excessive without limits in the internal SVG decoder [epel-all] |
| 2442422 | NEW | high | CVE-2026-27587 caddy: Caddy: Access control bypass due to improper handling of percent-escape sequences in HTTP path matcher [epel-all] |
| 2442424 | NEW | high | CVE-2026-27590 caddy: Caddy: Remote Code Execution via FastCGI path confusion [epel-all] |
| 2442428 | NEW | medium | CVE-2026-27589 caddy: Caddy: Unauthorized configuration modification via cross-origin requests to the admin API [epel-all] |
| 2442430 | NEW | high | CVE-2026-27586 caddy: Caddy: Authentication bypass via mTLS client certificate validation failure [epel-all] |
| 2442435 | NEW | high | CVE-2026-27588 caddy: Caddy: Access control bypass due to case-sensitive host matching [epel-all] |
| 2442472 | NEW | medium | CVE-2026-27585 caddy: Caddy: Path security bypass due to unsanitized backslashes [epel-all] |
| 2442659 | MODIFIED | high | CVE-2026-27624 coturn: IPv4-mapped IPv6 bypasses denied-peer-ip ACL [epel-all] |
| 2442800 | NEW | medium | CVE-2026-27951 freerdp2: FreeRDP: Denial of Service via endless blocking loop in Stream_EnsureCapacity [epel-all] |
| 2442802 | NEW | medium | CVE-2026-26986 freerdp2: FreeRDP: Denial of Service via double free vulnerability during disconnect [epel-all] |
| 2442804 | NEW | medium | CVE-2026-27950 freerdp2: FreeRDP: Denial of service due to incomplete fix for heap-use-after-free vulnerability [epel-all] |
| 2442807 | NEW | medium | CVE-2026-25952 freerdp2: FreeRDP: Denial of service due to use-after-free vulnerability [epel-all] |
| 2442809 | NEW | medium | CVE-2026-25959 freerdp2: FreeRDP: Denial of Service via heap use-after-free in clipboard handling [epel-all] |
| 2442811 | NEW | medium | CVE-2026-25941 freerdp2: FreeRDP: Information disclosure or client crash via out-of-bounds read in RDPGFX channel [epel-all] |
| 2442820 | NEW | medium | CVE-2026-25942 freerdp2: FreeRDP: Denial of Service via out-of-bounds read from malicious server input [epel-all] |
| 2442822 | NEW | medium | CVE-2026-25953 freerdp2: FreeRDP: Denial of Service due to use-after-free vulnerability in window handling [epel-all] |
| 2442823 | NEW | medium | CVE-2026-25954 freerdp2: FreeRDP: Use-after-free vulnerability leading to denial of service [epel-all] |
| 2442828 | NEW | medium | CVE-2026-25997 freerdp2: FreeRDP: Denial of service via heap use-after-free during auto-reconnect [epel-all] |
| 2442830 | NEW | medium | CVE-2026-26271 freerdp2: FreeRDP: Denial of Service via crafted RDP Window Icon data [epel-all] |
| 2442847 | NEW | medium | CVE-2026-27015 freerdp2: FreeRDP: Denial of Service via missing bounds check in smartcard redirection [epel-all] |
| 2442853 | NEW | medium | CVE-2026-25955 freerdp2: FreeRDP: Denial of Service via use-after-free in xf_AppUpdateWindowFromSurface [epel-all] |
| 2442949 | NEW | medium | CVE-2026-27798 ImageMagick: ImageMagick: Information disclosure via heap buffer over-read when processing images [epel-all] |
| 2442950 | NEW | medium | CVE-2026-27799 ImageMagick: ImageMagick: Denial of Service and data corruption due to crafted DJVU image processing [epel-all] |
| 2442971 | NEW | high | CVE-2026-26965 freerdp2: FreeRDP: Arbitrary code execution via heap out-of-bounds write in RLE planar decode path [epel-all] |
| 2443072 | NEW | high | CVE-2026-27970 syncthing: Angular: Cross-site scripting via compromised translation files [epel-all] |
| 2443073 | NEW | high | CVE-2026-27970 yarnpkg: Angular: Cross-site scripting via compromised translation files [epel-all] |
| 2443144 | NEW | high | CVE-2026-26955 freerdp2: FreeRDP: Arbitrary code execution via heap buffer overflow in GDI surface pipeline [epel-10] |