Repo Status -
Overall Status
Page updated: 2025-10-13 13:58
| 2375005 | NEW | medium | CVE-2025-6442 rubygem-webrick: Ruby WEBrick Request Smuggling Vulnerability [epel-10] |
| 2375129 | NEW | low | CVE-2025-6750 hdf5: HDF5 Heap Buffer Overflow [epel-10] |
| 2375487 | NEW | low | CVE-2025-6858 hdf5: HDF5 Null Pointer Dereference [epel-10] |
| 2375491 | NEW | low | CVE-2025-6857 hdf5: HDF5 Stack Buffer Overflow [epel-10] |
| 2375493 | NEW | low | CVE-2025-6856 hdf5: HDF5 Use-After-Free Vulnerability [epel-10] |
| 2375495 | NEW | low | CVE-2025-6818 hdf5: HDF5 Heap Overflow [epel-10] |
| 2375501 | NEW | low | CVE-2025-6817 hdf5: HDF5 Resource Consumption Vulnerability [epel-10] |
| 2375505 | NEW | low | CVE-2025-6816 hdf5: HDF5 Heap Buffer Overflow [epel-10] |
| 2375950 | NEW | medium | CVE-2025-52891 mod_security: ModSecurity segmentation fault [epel-10] |
| 2376248 | NEW | high | CVE-2025-53367 djvulibre: DjVuLibre out of bounds write [epel-10] |
| 2376968 | NEW | low | CVE-2024-25178 luajit: Out of bounds read in LuaJIT [epel-10] |
| 2376975 | NEW | low | CVE-2024-25177 luajit: Out of bounds read in LuaJIT [epel-10] |
| 2376984 | NEW | low | CVE-2024-25176 luajit: From CVEorg collector [epel-10] |
| 2378816 | NEW | high | CVE-2025-48384 cgit: Git arbitrary code execution [epel-10] |
| 2378820 | NEW | medium | CVE-2025-48386 cgit: Git buffer overflow [epel-10] |
| 2378824 | NEW | high | CVE-2025-48385 cgit: Git arbitrary file writes [epel-10] |
| 2379615 | NEW | low | CVE-2025-48924 pdftk-java: Uncontrolled Recursion vulnerability in Apache Commons Lang [epel-10] |
| 2379636 | NEW | low | CVE-2025-48924 libphonenumber: Uncontrolled Recursion vulnerability in Apache Commons Lang [epel-10] |
| 2379820 | NEW | medium | CVE-2025-7545 radare2: Binutils: Heap Buffer Overflow [epel-10] |
| 2379821 | NEW | medium | CVE-2025-7545 rizin: Binutils: Heap Buffer Overflow [epel-10] |
| 2379824 | NEW | medium | CVE-2025-7546 radare2: Binutils: Out-of-bounds Write Vulnerability [epel-10] |
| 2379826 | NEW | medium | CVE-2025-7546 rizin: Binutils: Out-of-bounds Write Vulnerability [epel-10] |
| 2379953 | POST | medium | CVE-2025-51591 pandoc: Server-Side Request Forgery in Pandoc [epel-10] |
| 2379979 | NEW | low | CVE-2025-53014 ImageMagick: ImageMagick Heap Buffer Overflow [epel-10] |
| 2379980 | NEW | medium | CVE-2025-53101 ImageMagick: ImageMagick Stack Buffer Overflow [epel-10] |
| 2379981 | NEW | medium | CVE-2025-53015 ImageMagick: ImageMagick unbounded loop [epel-10] |
| 2379982 | NEW | low | CVE-2025-53019 ImageMagick: ImageMagick Memory Leak [epel-10] |
| 2380008 | NEW | low | CVE-2025-53643 python-aiohttp: AIOHTTP HTTP Request/Response Smuggling [epel-10] |
| 2381578 | NEW | medium | CVE-2025-7700 ffmpeg: NULL Pointer Dereference in FFmpeg ALS Decoder (libavcodec/alsdec.c) [epel-10] |
| 2381811 | NEW | high | CVE-2025-53644 opencv: OpenCV use after free [epel-10] |
| 2381822 | NEW | medium | CVE-2025-53817 7zip: 7-Zip Null pointer array write [epel-10] |
| 2381825 | NEW | medium | CVE-2025-53816 7zip: 7-Zip heap buffer overflow [epel-10] |
| 2382273 | NEW | low | CVE-2025-54352 wordpress: WordPress Pingback Title Disclosure Vulnerability [epel-10] |
| 2383360 | NEW | medium | CVE-2025-46805 screen: Race Conditions when Sending Signals [epel-all] |
| 2384000 | NEW | medium | CVE-2025-8263 yarnpkg: prettier parseNestedCSS ReDoS [epel-10] |
| 2384060 | NEW | medium | CVE-2025-8194 asahi-installer: Cpython infinite loop when parsing a tarfile [epel-10] |
| 2385904 | NEW | medium | CVE-2025-45768 python-jwt: pyjwt Weak Encryption Vulnerability [epel-10] |
| 2386811 | NEW | medium | CVE-2025-54571 mod_security: ModSecurity Content-Type Override Vulnerability [epel-10] |
| 2387011 | NEW | low | CVE-2025-54798 yarnpkg: tmp Symbolic Link Write Vulnerability [epel-10] |
| 2387643 | NEW | low | CVE-2025-55188 7zip: 7-Zip Symbolic Link Extraction Vulnerability [epel-10] |
| 2388023 | NEW | medium | CVE-2025-8885 pdftk-java: Bouncy Castle denial of service parsing ASN.1 Object Identifiers [epel-10] |
| 2388277 | NEW | medium | CVE-2025-8916 pdftk-java: BouncyCastle denial of service [epel-10] |
| 2388308 | NEW | medium | CVE-2025-55160 ImageMagick: ImageMagick: Undefined Behavior [epel-10] |
| 2388309 | NEW | low | CVE-2025-55005 ImageMagick: ImageMagick: heap-buffer overflow [epel-10] |
| 2388311 | NEW | high | CVE-2025-55154 ImageMagick: ImageMagick: integer overflows in MNG magnification [epel-10] |
| 2388312 | NEW | high | CVE-2025-55004 ImageMagick: ImageMagick: heap-buffer overflow [epel-10] |
| 2388882 | NEW | high | CVE-2025-8959 opentofu: HashiCorp go-getter Arbitrary File Read [epel-10] |
| 2389223 | NEW | low | CVE-2025-9092 pdftk-java: Bouncycastle Resource Exhaustion [epel-10] |
| 2389960 | NEW | high | CVE-2025-9287 yarnpkg: Cipher-base hash manipulation [epel-10] |
| 2389999 | NEW | high | CVE-2025-9288 yarnpkg: Missing type checks leading to hash rewind and passing on crafted data [epel-10] |
| 2390167 | NEW | low | CVE-2025-9308 yarnpkg: yarnpkg regular expression denial of service [epel-10] |
| 2391120 | NEW | high | CVE-2025-55298 ImageMagick: ImageMagick Format String Bug in InterpretImageFilename leads to arbitrary code execution [epel-all] |
| 2391123 | NEW | low | CVE-2025-55212 ImageMagick: ImageMagick crash on crafted input [epel-10] |
| 2391603 | NEW | medium | CVE-2025-58058 image-builder: github.com/ulikunitz/xz leaks memory [epel-10] |
| 2391604 | NEW | medium | CVE-2025-58058 opentofu: github.com/ulikunitz/xz leaks memory [epel-10] |
| 2391976 | NEW | low | CVE-2025-58160 vaultwarden: Tracing log pollution [epel-10] |
| 2392351 | NEW | medium | CVE-2025-9732 dcmtk: DCMTK dcm2img diybrpxt.h memory corruption [epel-10] |
| 2392573 | NEW | medium | CVE-2025-9810 keydb: TOCTOU race in Linenoise enables arbitrary file overwrite and permission changes [epel-10] |
| 2392632 | NEW | high | CVE-2025-49794 qt6-qtwebengine: Heap use after free (UAF) leads to Denial of service (DoS) [epel-all] |
| 2392637 | NEW | high | CVE-2025-49796 qt6-qtwebengine: Type confusion leads to Denial of service (DoS) [epel-all] |
| 2392665 | NEW | medium | CVE-2025-9375 python-xmltodict: xmltodict XML Injection [epel-10] |
| 2392771 | NEW | high | CVE-2025-57803 ImageMagick: ImageMagick (WriteBMPImage): 32-bit integer overflow when writing BMP scanline stride → heap buffer overflow [epel-10] |
| 2392945 | NEW | high | CVE-2025-57052 cjson: out-of-bounds access in decode_array_index_from_pointer() in cJSON_Utils.c via crafted JSON pointer strings [epel-all] |
| 2393598 | NEW | medium | CVE-2025-57807 ImageMagick: ImageMagick BlobStream Forward-Seek Under-Allocation [epel-10] |
| 2394111 | NEW | medium | CVE-2025-9951 ffmpeg: heap-based buffer overflow in jpeg2000dec [epel-all] |
| 2394114 | NEW | medium | CVE-2025-9951 qt6-qtwebengine: heap-based buffer overflow in jpeg2000dec [epel-all] |
| 2394496 | NEW | medium | CVE-2025-10256 ffmpeg: NULL pointer dereference in Firequalizer filter (libavfilter/af_firequalizer.c) [epel-all] |
| 2394499 | NEW | medium | CVE-2025-10256 qt6-qtwebengine: NULL pointer dereference in Firequalizer filter (libavfilter/af_firequalizer.c) [epel-all] |
| 2394877 | NEW | medium | CVE-2025-9086 davix: Curl out of bounds read for cookie path [epel-10] |
| 2395149 | NEW | high | CVE-2025-10201 qt6-qtwebengine: Inappropriate implementation in Mojo [epel-all] |
| 2397728 | NEW | medium | CVE-2025-58246 wordpress: WordPress Sensitive Data Exposure [epel-10] |
| 2397729 | NEW | medium | CVE-2025-58674 wordpress: WordPress Cross Site Scripting (XSS) [epel-10] |
| 2397967 | NEW | high | CVE-2025-59343 yarnpkg: tar-fs symlink validation bypass [epel-10] |
| 2398124 | NEW | medium | CVE-2025-10911 qt6-qtwebengine: use-after-free with key data stored cross-RVT [epel-all] |
| 2398269 | NEW | medium | CVE-2025-56648 golang-github-evanw-esbuild: Parcel Origin Validation Error [epel-10] |
| 2398284 | NEW | medium | CVE-2025-47910 chezmoi: CrossOriginProtection bypass in net/http [epel-10] |
| 2398285 | NEW | medium | CVE-2025-47910 fluent-bit: CrossOriginProtection bypass in net/http [epel-10] |
| 2398286 | NEW | medium | CVE-2025-47910 forgejo: CrossOriginProtection bypass in net/http [epel-10] |
| 2398287 | NEW | medium | CVE-2025-47910 gdu: CrossOriginProtection bypass in net/http [epel-10] |
| 2398288 | NEW | medium | CVE-2025-47910 gh: CrossOriginProtection bypass in net/http [epel-10] |
| 2398289 | NEW | medium | CVE-2025-47910 git-credential-oauth: CrossOriginProtection bypass in net/http [epel-10] |
| 2398290 | NEW | medium | CVE-2025-47910 glow: CrossOriginProtection bypass in net/http [epel-10] |
| 2398291 | NEW | medium | CVE-2025-47910 golang-etcd-bbolt: CrossOriginProtection bypass in net/http [epel-10] |
| 2398292 | NEW | medium | CVE-2025-47910 golang-github-evanw-esbuild: CrossOriginProtection bypass in net/http [epel-10] |
| 2398293 | NEW | medium | CVE-2025-47910 golang-github-google-pprof: CrossOriginProtection bypass in net/http [epel-10] |
| 2398294 | NEW | medium | CVE-2025-47910 golang-github-googleapis-gnostic: CrossOriginProtection bypass in net/http [epel-10] |
| 2398295 | NEW | medium | CVE-2025-47910 golang-github-jmespath: CrossOriginProtection bypass in net/http [epel-10] |
| 2398296 | NEW | medium | CVE-2025-47910 golang-github-mailru-easyjson: CrossOriginProtection bypass in net/http [epel-10] |
| 2398297 | NEW | medium | CVE-2025-47910 golang-github-pelletier-toml: CrossOriginProtection bypass in net/http [epel-10] |
| 2398298 | NEW | medium | CVE-2025-47910 helm: CrossOriginProtection bypass in net/http [epel-10] |
| 2398299 | NEW | medium | CVE-2025-47910 image-builder: CrossOriginProtection bypass in net/http [epel-10] |
| 2398300 | NEW | medium | CVE-2025-47910 kitty: CrossOriginProtection bypass in net/http [epel-10] |
| 2398301 | NEW | medium | CVE-2025-47910 kustomize: CrossOriginProtection bypass in net/http [epel-10] |
| 2398303 | NEW | medium | CVE-2025-47910 matterbridge: CrossOriginProtection bypass in net/http [epel-10] |
| 2398304 | NEW | medium | CVE-2025-47910 node-exporter: CrossOriginProtection bypass in net/http [epel-10] |
| 2398306 | NEW | medium | CVE-2025-47910 opentofu: CrossOriginProtection bypass in net/http [epel-10] |
| 2398307 | NEW | medium | CVE-2025-47910 podman-tui: CrossOriginProtection bypass in net/http [epel-10] |
| 2398308 | NEW | medium | CVE-2025-47910 prometheus-podman-exporter: CrossOriginProtection bypass in net/http [epel-10] |
| 2398309 | NEW | medium | CVE-2025-47910 rclone: CrossOriginProtection bypass in net/http [epel-10] |
| 2398310 | NEW | medium | CVE-2025-47910 restic: CrossOriginProtection bypass in net/http [epel-10] |
| 2398312 | NEW | medium | CVE-2025-47910 snapd: CrossOriginProtection bypass in net/http [epel-10] |
| 2398313 | NEW | medium | CVE-2025-47910 syncthing: CrossOriginProtection bypass in net/http [epel-10] |
| 2398315 | NEW | medium | CVE-2025-47910 xq: CrossOriginProtection bypass in net/http [epel-10] |
| 2398316 | NEW | medium | CVE-2025-47910 yq: CrossOriginProtection bypass in net/http [epel-10] |
| 2398913 | NEW | medium | CVE-2025-47906 age: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398915 | NEW | medium | CVE-2025-47906 chezmoi: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398916 | NEW | medium | CVE-2025-47906 fluent-bit: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398917 | NEW | medium | CVE-2025-47906 forgejo: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398918 | NEW | medium | CVE-2025-47906 fzf: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398919 | NEW | medium | CVE-2025-47906 gdu: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398920 | NEW | medium | CVE-2025-47906 gh: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398921 | NEW | medium | CVE-2025-47906 git-credential-oauth: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398922 | NEW | medium | CVE-2025-47906 glow: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398923 | NEW | medium | CVE-2025-47906 gocryptfs: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398924 | NEW | medium | CVE-2025-47906 golang-github-burntsushi-toml: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398925 | NEW | medium | CVE-2025-47906 golang-github-gogo-protobuf: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398926 | NEW | medium | CVE-2025-47906 golang-github-google-pprof: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398927 | NEW | medium | CVE-2025-47906 golang-github-googleapis-gnostic: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398928 | NEW | medium | CVE-2025-47906 golang-github-jmespath: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398929 | NEW | medium | CVE-2025-47906 golang-github-joho-godotenv: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398930 | NEW | medium | CVE-2025-47906 golang-github-mailru-easyjson: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398931 | NEW | medium | CVE-2025-47906 golang-github-posener-complete: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398932 | NEW | medium | CVE-2025-47906 golang-google-protobuf: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398933 | NEW | medium | CVE-2025-47906 gum: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398934 | NEW | medium | CVE-2025-47906 helm: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398935 | NEW | medium | CVE-2025-47906 image-builder: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398936 | NEW | medium | CVE-2025-47906 kitty: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398937 | NEW | medium | CVE-2025-47906 kustomize: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398939 | NEW | medium | CVE-2025-47906 matterbridge: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398940 | NEW | medium | CVE-2025-47906 node-exporter: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398942 | NEW | medium | CVE-2025-47906 opentofu: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398943 | NEW | medium | CVE-2025-47906 podman-tui: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398944 | NEW | medium | CVE-2025-47906 prometheus-podman-exporter: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398945 | ASSIGNED | medium | CVE-2025-47906 qpid-proton: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398947 | NEW | medium | CVE-2025-47906 rclone: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398948 | NEW | medium | CVE-2025-47906 restic: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398950 | NEW | medium | CVE-2025-47906 smtprelay: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398951 | NEW | medium | CVE-2025-47906 snapd: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398952 | NEW | medium | CVE-2025-47906 syncthing: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398953 | NEW | medium | CVE-2025-47906 xq: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2398954 | NEW | medium | CVE-2025-47906 yq: Unexpected paths returned from LookPath in os/exec [epel-10] |
| 2399686 | NEW | medium | CVE-2025-11065 glow: Go-viper's mapstructure May Leak Sensitive Information in Logs in github.com/go-viper/mapstructure [epel-10] |
| 2399687 | NEW | medium | CVE-2025-11065 kustomize: Go-viper's mapstructure May Leak Sensitive Information in Logs in github.com/go-viper/mapstructure [epel-10] |
| 2399688 | NEW | medium | CVE-2025-11065 opentofu: Go-viper's mapstructure May Leak Sensitive Information in Logs in github.com/go-viper/mapstructure [epel-10] |
| 2399822 | NEW | medium | CVE-2025-57347 forgejo: dagre-d3-es prototype pollution [epel-10] |
| 2399824 | NEW | medium | CVE-2025-57347 jupyterlab: dagre-d3-es prototype pollution [epel-10] |
| 2400257 | NEW | medium | CVE-2025-11083 arm-none-eabi-binutils-cs: GNU Binutils Linker heap-based overflow [epel-10] |
| 2400259 | NEW | medium | CVE-2025-11082 arm-none-eabi-binutils-cs: GNU Binutils Linker heap-based overflow [epel-10] |
| 2400260 | NEW | medium | CVE-2025-11081 arm-none-eabi-binutils-cs: GNU Binutils out-of-bounds read [epel-10] |
| 2400261 | NEW | medium | CVE-2025-11083 cross-binutils: GNU Binutils Linker heap-based overflow [epel-10] |
| 2400262 | NEW | medium | CVE-2025-11082 cross-binutils: GNU Binutils Linker heap-based overflow [epel-10] |
| 2400263 | NEW | medium | CVE-2025-11083 golang-github-google-pprof: GNU Binutils Linker heap-based overflow [epel-10] |
| 2400264 | NEW | medium | CVE-2025-11081 cross-binutils: GNU Binutils out-of-bounds read [epel-10] |
| 2400265 | NEW | medium | CVE-2025-11083 radare2: GNU Binutils Linker heap-based overflow [epel-10] |
| 2400266 | NEW | medium | CVE-2025-11081 golang-github-google-pprof: GNU Binutils out-of-bounds read [epel-10] |
| 2400267 | NEW | medium | CVE-2025-11082 golang-github-google-pprof: GNU Binutils Linker heap-based overflow [epel-10] |
| 2400268 | NEW | medium | CVE-2025-11083 rizin: GNU Binutils Linker heap-based overflow [epel-10] |
| 2400269 | NEW | medium | CVE-2025-11081 radare2: GNU Binutils out-of-bounds read [epel-10] |
| 2400271 | NEW | medium | CVE-2025-11082 radare2: GNU Binutils Linker heap-based overflow [epel-10] |
| 2400272 | NEW | medium | CVE-2025-11081 rizin: GNU Binutils out-of-bounds read [epel-10] |
| 2400273 | NEW | medium | CVE-2025-11082 rizin: GNU Binutils Linker heap-based overflow [epel-10] |
| 2400658 | NEW | medium | CVE-2025-9230 sslscan: Out-of-bounds read & write in RFC 3211 KEK Unwrap [epel-10] |
| 2400667 | NEW | low | CVE-2025-9232 sslscan: Out-of-bounds read in HTTP client no_proxy handling [epel-10] |
| 2401812 | NEW | high | CVE-2025-59728 ffmpeg: Heap-buffer-overflow write in FFmpeg MDASH resolve_content_path [epel-10] |
| 2401821 | NEW | medium | CVE-2025-59730 ffmpeg: Heap-buffer-overflow write in FFmpeg SANM decoding due to lack of bounds-checking in old_codec48 [epel-10] |
| 2401823 | NEW | medium | CVE-2025-59729 ffmpeg: Heap-buffer-overflow read in FFmpeg DHAV get_duration [epel-10] |
| 2401825 | NEW | medium | CVE-2025-59731 ffmpeg: Heap-buffer-overflow write in FFmpeg EXR dwa_uncompress [epel-10] |
| 2401827 | NEW | high | CVE-2025-59733 ffmpeg: Heap-buffer-overflow write in FFmpeg EXR dwa_uncompress [epel-10] |
| 2401828 | NEW | high | CVE-2025-59732 ffmpeg: Heap-buffer-overflow write in FFmpeg EXR dwa_uncompress [epel-10] |
| 2401833 | NEW | high | CVE-2025-59734 ffmpeg: Heap-buffer-overflow write in FFmpeg SANM process_ftch [epel-10] |
| 2402060 | NEW | high | CVE-2025-10502 qt6-qtwebengine: Heap buffer overflow in ANGLE [epel-all] |
| 2402067 | NEW | high | CVE-2025-10500 qt6-qtwebengine: Use after free in Dawn [epel-all] |
| 2402104 | NEW | high | CVE-2025-10200 qt6-qtwebengine: Use after free in Serviceworker. [epel-all] |
| 2402116 | NEW | high | CVE-2025-10890 qt6-qtwebengine: Side-channel information leakage in V8 [epel-all] |
| 2402125 | NEW | high | CVE-2025-10891 qt6-qtwebengine: Integer overflow in V8 [epel-all] |
| 2402132 | NEW | high | CVE-2025-10892 qt6-qtwebengine: Integer overflow in V8 [epel-all] |
| 2402371 | ON_QA | high | CVE-2025-10729 qt5-qtsvg: Use-after-free vulnerability in Qt SVG [epel-10] |
| 2402816 | NEW | low | CVE-2025-11495 radare2: GNU Binutils Linker heap-based overflow [epel-10] |
| 2402817 | NEW | low | CVE-2025-11495 rizin: GNU Binutils Linker heap-based overflow [epel-10] |
| 2402818 | NEW | low | CVE-2025-11494 radare2: GNU Binutils Linker out-of-bounds read [epel-10] |
| 2402820 | NEW | low | CVE-2025-11494 rizin: GNU Binutils Linker out-of-bounds read [epel-10] |
| 2402857 | NEW | medium | CVE-2025-8291 asahi-installer: Python zipfile End of Central Directory (EOCD) Locator record offset not checked [epel-10] |
| 2402858 | NEW | medium | CVE-2025-8291 python3.13: Python zipfile End of Central Directory (EOCD) Locator record offset not checked [epel-10] |
| 2402984 | NEW | high | CVE-2025-59830 rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters [epel-10] |
| 2403133 | NEW | medium | CVE-2025-11579 chezmoi: RarDecode Out Of Memory Crash [epel-10] |
| 2403134 | NEW | medium | CVE-2025-11579 forgejo: RarDecode Out Of Memory Crash [epel-10] |
| 2403521 | NEW | high | CVE-2025-61919 rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion [epel-10] |
| 2403526 | NEW | medium | CVE-2025-61780 rubygem-rack: Improper handling of headers in `Rack::Sendfile` may allow proxy bypass [epel-10] |
| 2403537 | NEW | medium | CVE-2025-11687 gi-docgen: Reflected DOM XSS in gi-docgen [epel-10] |