CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2025-8277
Low

A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory, leading to crashes on the client side, particularly when using libgcrypt.

CVE-2025-7039
Low

W glib znaleziono lukę, która prowadzi do przepełnienia całkowitego podczas tworzenia plików tymczasowych. To zjawisko skutkuje dostępem do pamięci poza przydzielonym obszarem, co umożliwia atakującemu potencjalne wykonanie ataku typu path traversal lub dostęp do prywatnych treści plików tymczasowych poprzez tworzenie dowiązań symbolicznych.

CVE-2025-8732
Low

A vulnerability was found in libxml2 up to version 2.14.5, involving uncontrolled recursion in the xmlParseSGMLCatalog function of the xmlcatalog component. The attack requires local access and can be triggered with untrusted SGML catalogs.

CVE-2023-32251
Low

A vulnerability in the Linux kernel's ksmbd component (SMB/CIFS server) allows bypassing a security control that introduces a 5-second delay during session setup to prevent dictionary attacks. This bypass can be achieved through the use of asynchronous requests.

CVE-2025-8283
Low

In the netavark package, a network stack for containers used with Podman, the dns.podman search domain was removed. As a result, a container may use the host's resolv.conf, and if one of the search domains contains a hostname matching the container's name, DNS queries may be forwarded to external servers.

CVE-2025-4878
Low

A vulnerability was found in libssh involving an uninitialized variable in the privatekey_from_file() function. It is triggered when the specified file does not exist, potentially leading to signing failures or heap corruption.

CVE-2025-6199
Low

A logic flaw was found in the GIF parser of GdkPixbuf's LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported output size to the full buffer length instead of the actual number of written bytes. This causes uninitialized buffer sections to be included in the output, potentially leaking arbitrary memory contents in the processed image.

CVE-2025-6141
Low

Wykryto podatność w GNU ncurses do wersji 6.5-20250322, klasyfikowaną jako problematyczną. Dotyczy ona funkcji postprocess_termcap w pliku tinfo/parse_entry.c i prowadzi do przepełnienia bufora na stosie.

CVE-2025-6170
Low

A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.

CVE-2025-6052
Low

W GLib występuje błąd w zarządzaniu pamięcią przez GString podczas dodawania danych do ciągów. Przy dużych ciągach, połączenie ich z dodatkowymi danymi może spowodować ukryty przepełnienie w obliczeniach rozmiaru, co prowadzi do pisania danych poza przydzieloną pamięcią.

CVE-2025-5918
Low

A vulnerability has been identified in the libarchive library, triggered when file streams are piped into bsdtar, causing an out-of-bounds read. This can lead to unpredictable program behavior, memory corruption, or denial of service.

CVE-2025-5917
Low

An off-by-one vulnerability has been identified in the libarchive library when handling file name prefixes and suffixes. This flaw causes a 1-byte write overflow, potentially corrupting adjacent memory and leading to unpredictable program behavior or crashes.

CVE-2025-5916
Low

An integer overflow vulnerability has been identified in the libarchive library when processing WARC files claiming more than INT64_MAX - 4 content bytes. An attacker can craft a malicious WARC archive to trigger this overflow, leading to unpredictable behavior, memory corruption, or denial of service. This affects libarchive versions prior to 3.8.0.

CVE-2025-4945
Low

A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior, allowing an attacker to bypass cookie expiration logic, causing persistent or unintended cookie behavior.

CVE-2025-46394
Low

W BusyBox w wersji do 1.37.0, w narzędziu tar, archiwum TAR może ukrywać nazwy plików w liście za pomocą sekwencji ucieczki terminala. To może prowadzić do nieświadomego ujawnienia danych lub manipulacji plikami.

CVE-2025-3416
Low

A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.

CVE-2024-32122
Low

In Fortinet FortiOS versions 7.4.0 to 7.4.8, 7.2, 7.0, and 6.4, passwords are stored in a recoverable format. This allows an attacker to disclose information by modifying the LDAP server IP to point to a malicious server.

CVE-2025-3360
Low

A flaw was found in GLib where an integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.

CVE-2025-1376
Low

W bibliotece GNU elfutils 0.192 zidentyfikowano podatność w funkcji elf_strptr, która może prowadzić do odmowy usługi. Atak można przeprowadzić na lokalnym hoście, jednak jego złożoność jest dość wysoka, co utrudnia wykorzystanie podatności.

CVE-2024-52963
Low

An out-of-bounds write in Fortinet FortiOS versions 7.6.0, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, and 6.4.0 through 6.4.15 allows an attacker to trigger a denial of service via specially crafted packets.

PreviousPage 21 of 60Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS