Export limit exceeded: 361150 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361150 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-2251 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jbosseapxp | 2026-06-25 | 6.2 Medium |
| A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication. | ||||
| CVE-2025-2487 | 1 Redhat | 5 Directory Server, Directory Server Eus, Enterprise Linux and 2 more | 2026-06-25 | 4.9 Medium |
| A flaw was found in the 389-ds-base LDAP Server. This issue occurs when issuing a Modify DN LDAP operation through the ldap protocol, when the function return value is not tested and a NULL pointer is dereferenced. If a privileged user performs a ldap MODDN operation after a failed operation, it could lead to a Denial of Service (DoS) or system crash. | ||||
| CVE-2025-31179 | 2 Gnuplot, Redhat | 2 Gnuplot, Enterprise Linux | 2026-06-25 | 6.2 Medium |
| A flaw was found in gnuplot. The xstrftime() function may lead to a segmentation fault, causing a system crash. | ||||
| CVE-2025-31178 | 2 Gnuplot, Redhat | 2 Gnuplot, Enterprise Linux | 2026-06-25 | 6.2 Medium |
| A flaw was found in gnuplot. The GetAnnotateString() function may lead to a segmentation fault and cause a system crash. | ||||
| CVE-2025-32051 | 1 Redhat | 2 Enterprise Linux, Rhivos | 2026-06-25 | 5.9 Medium |
| A flaw was found in libsoup. The libsoup soup_uri_decode_data_uri() function may crash when processing malformed data URI. This flaw allows an attacker to cause a denial of service (DoS). | ||||
| CVE-2025-32909 | 1 Redhat | 2 Enterprise Linux, Rhivos | 2026-06-25 | 5.3 Medium |
| A flaw was found in libsoup. SoupContentSniffer may be vulnerable to a NULL pointer dereference in the sniff_mp4 function. The HTTP server may cause the libsoup client to crash. | ||||
| CVE-2025-32910 | 1 Redhat | 2 Enterprise Linux, Rhivos | 2026-06-25 | 6.5 Medium |
| A flaw was found in libsoup, where soup_auth_digest_authenticate() is vulnerable to a NULL pointer dereference. This issue may cause the libsoup client to crash. | ||||
| CVE-2025-32050 | 1 Redhat | 3 Enterprise Linux, Rhel Eus, Rhivos | 2026-06-25 | 5.9 Medium |
| A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read. | ||||
| CVE-2025-32912 | 1 Redhat | 2 Enterprise Linux, Rhivos | 2026-06-25 | 6.5 Medium |
| A flaw was found in libsoup, where SoupAuthDigest is vulnerable to a NULL pointer dereference. The HTTP server may cause the libsoup client to crash. | ||||
| CVE-2025-32049 | 1 Redhat | 7 Enterprise Linux, Rhel Aus, Rhel E4s and 4 more | 2026-06-25 | 7.5 High |
| A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS). | ||||
| CVE-2025-32053 | 1 Redhat | 3 Enterprise Linux, Rhel Eus, Rhivos | 2026-06-25 | 6.5 Medium |
| A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read. | ||||
| CVE-2025-31177 | 2 Gnuplot, Redhat | 2 Gnuplot, Enterprise Linux | 2026-06-25 | 5.5 Medium |
| gnuplot is affected by a heap buffer overflow at function utf8_copy_one. | ||||
| CVE-2025-31180 | 2 Gnuplot, Redhat | 2 Gnuplot, Enterprise Linux | 2026-06-25 | 6.2 Medium |
| A flaw was found in gnuplot. The CANVAS_text() function may lead to a segmentation fault and cause a system crash. | ||||
| CVE-2025-32907 | 1 Redhat | 4 Enterprise Linux, Rhel E4s, Rhel Eus and 1 more | 2026-06-25 | 5.3 Medium |
| A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a full denial of service. | ||||
| CVE-2025-31176 | 2 Gnuplot, Redhat | 2 Gnuplot, Enterprise Linux | 2026-06-25 | 6.2 Medium |
| A flaw was found in gnuplot. The plot3d_points() function may lead to a segmentation fault and cause a system crash. | ||||
| CVE-2025-4035 | 1 Redhat | 2 Enterprise Linux, Rhivos | 2026-06-25 | 4.3 Medium |
| A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the domain contains at least two components and includes an uppercase character. This bypasses public suffix protections and could allow a malicious website to set cookies for domains it does not own, potentially leading to integrity issues such as session fixation. | ||||
| CVE-2025-4432 | 1 Redhat | 6 Enterprise Linux, Openshift, Rhivos and 3 more | 2026-06-25 | 5.3 Medium |
| A flaw was found in Rust's Ring package. A panic may be triggered when overflow checking is enabled. In the QUIC protocol, this flaw allows an attacker to induce this panic by sending a specially crafted packet. It will likely occur unintentionally in 1 out of every 2**32 packets sent or received. | ||||
| CVE-2025-47711 | 2 Nbdkit Project, Redhat | 5 Nbdkit, Advanced Virtualization, Enterprise Linux and 2 more | 2026-06-25 | 6.5 Medium |
| There's a flaw in the nbdkit server when handling responses from its plugins regarding the status of data blocks. If a client makes a specific request for a very large data range, and a plugin responds with an even larger single block, the nbdkit server can encounter a critical internal error, leading to a denial-of-service. | ||||
| CVE-2025-1244 | 1 Redhat | 8 Enterprise Linux, Openshift Builds, Rhel Aus and 5 more | 2026-06-25 | 8.8 High |
| A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect. | ||||
| CVE-2026-38640 | 2026-06-25 | N/A | ||
| A reachable unwrap in the __assert_fail function (/assert/mod.rs) of relibc commit 61f42d allows attackers to cause a Denial of Service (DoS) via a crafted string. | ||||