Total
304525 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-6226 | 1 Mattermost | 1 Mattermost | 2025-08-07 | 6.5 Medium |
| Mattermost versions 10.5.x <= 10.5.7, 10.8.x <= 10.8.1, 10.7.x <= 10.7.3, 9.11.x <= 9.11.16 fail to verify authorization when retrieving cached posts by PendingPostID which allows an authenticated user to read posts in private channels they don't have access to via guessing the PendingPostID of recently created posts. | ||||
| CVE-2025-7425 | 1 Redhat | 9 Discovery, Enterprise Linux, Insights Proxy and 6 more | 2025-08-07 | 7.8 High |
| A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption. | ||||
| CVE-2025-6021 | 1 Redhat | 11 Discovery, Enterprise Linux, Insights Proxy and 8 more | 2025-08-07 | 7.5 High |
| A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input. | ||||
| CVE-2025-4373 | 1 Redhat | 5 Enterprise Linux, Insights Proxy, Openshift Distributed Tracing and 2 more | 2025-08-07 | 4.8 Medium |
| A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite. | ||||
| CVE-2025-49796 | 1 Redhat | 10 Discovery, Enterprise Linux, Insights Proxy and 7 more | 2025-08-07 | 9.1 Critical |
| A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory. | ||||
| CVE-2025-49794 | 1 Redhat | 9 Enterprise Linux, Insights Proxy, Jboss Core Services and 6 more | 2025-08-07 | 9.1 Critical |
| A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors. | ||||
| CVE-2025-40918 | 2025-08-07 | 6.5 Medium | ||
| Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce (client nonce) is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. According to RFC 2831, The cnonce-value is an opaque quoted string value provided by the client and used by both client and server to avoid chosen plaintext attacks, and to provide mutual authentication. The security of the implementation depends on a good choice. It is RECOMMENDED that it contain at least 64 bits of entropy. | ||||
| CVE-2025-54641 | 1 Huawei | 2 Emui, Harmonyos | 2025-08-07 | 6.7 Medium |
| Issue of buffer overflow caused by insufficient data verification in the kernel acceleration module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-54651 | 1 Huawei | 1 Harmonyos | 2025-08-07 | 4.8 Medium |
| Race condition vulnerability in the kernel hufs module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-54639 | 1 Huawei | 1 Harmonyos | 2025-08-07 | 5.5 Medium |
| ParcelMismatch vulnerability in attribute deserialization. Impact: Successful exploitation of this vulnerability may cause playback control screen display exceptions. | ||||
| CVE-2025-54612 | 1 Huawei | 1 Harmonyos | 2025-08-07 | 5.9 Medium |
| Iterator failure vulnerability in the card management module. Impact: Successful exploitation of this vulnerability may affect function stability. | ||||
| CVE-2025-54635 | 1 Huawei | 1 Harmonyos | 2025-08-07 | 5.9 Medium |
| Vulnerability of returning released pointers in the distributed notification service. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-54618 | 1 Huawei | 1 Harmonyos | 2025-08-07 | 5.7 Medium |
| Permission control vulnerability in the distributed clipboard module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-54633 | 1 Huawei | 1 Harmonyos | 2025-08-07 | 6.7 Medium |
| Out-of-bounds read vulnerability in the register configuration of the DMA module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-54623 | 1 Huawei | 1 Harmonyos | 2025-08-07 | 6.3 Medium |
| Out-of-bounds read vulnerability in the devicemanager module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-54653 | 1 Huawei | 1 Harmonyos | 2025-08-07 | 8.4 High |
| Path traversal vulnerability in the virtualization file module. Successful exploitation of this vulnerability may affect the confidentiality of the virtualization file module. | ||||
| CVE-2025-54617 | 1 Huawei | 1 Harmonyos | 2025-08-07 | 6.8 Medium |
| Stack-based buffer overflow vulnerability in the dms_fwk module. Impact: Successful exploitation of this vulnerability can cause RCE. | ||||
| CVE-2025-54621 | 1 Huawei | 1 Harmonyos | 2025-08-07 | 5.3 Medium |
| Iterator failure issue in the WantAgent module. Impact: Successful exploitation of this vulnerability may cause memory release failures. | ||||
| CVE-2025-54614 | 1 Huawei | 1 Harmonyos | 2025-08-07 | 6.2 Medium |
| Input verification vulnerability in the home screen module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-54622 | 1 Huawei | 1 Harmonyos | 2025-08-07 | 8.3 High |
| Binding authentication bypass vulnerability in the devicemanager module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||