CVSS: 8.5EPSS: %CPEs: 4EXPL: 0CVE-2025-8067 – Udisks: out-of-bounds read in udisks daemon
https://notcve.org/view.php?id=CVE-2025-8067
28 Aug 2025 — A flaw was found in the Udisks daemon, where it allows unprivileged users to create loop devices using the D-BUS system. This is achieved via the loop device handler, which handles requests sent through the D-BUS interface. As two of the parameters of this handle, it receives the file descriptor list and index specifying the file where the loop device should be backed. The function itself validates the index value to ensure it isn't bigger than the maximum value allowed. However, it fails to validate the lo... • https://access.redhat.com/security/cve/CVE-2025-8067 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-29365
https://notcve.org/view.php?id=CVE-2025-29365
22 Aug 2025 — spimsimulator spim v9.1.24 and before is vulnerable to Buffer Overflow in READ_STRING_SYSCALL. • https://github.com/Giles-one/spimsimulatorEscape?tab=readme-ov-file#bug1-out-of-bounds-write-in-read_input-function • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read CWE-274: Improper Handling of Insufficient Privileges CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-29366
https://notcve.org/view.php?id=CVE-2025-29366
22 Aug 2025 — In mupen64plus v2.6.0 there is an array overflow vulnerability in the write_rdram_regs and write_rdram_regs functions, which enables executing arbitrary commands on the host machine. • https://github.com/mupen64plus/mupen64plus-core/blob/2.6.0/src/device/rdram/rdram.c#L159 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7969 – Markdown-it 14.1.0 - Cross-site scripting (XSS)
https://notcve.org/view.php?id=CVE-2025-7969
21 Aug 2025 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in markdown-it allows Cross-Site Scripting (XSS). This vulnerability is associated with program files lib/renderer.mjs. This issue affects markdown-it: 14.1.0. • https://fluidattacks.com/advisories/fito • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 1CVE-2025-9301 – cmake cmForEachCommand.cxx ReplayItems assertion
https://notcve.org/view.php?id=CVE-2025-9301
21 Aug 2025 — A vulnerability was determined in cmake 4.1.20250725-gb5cce23. This affects the function cmForEachFunctionBlocker::ReplayItems of the file cmForEachCommand.cxx. This manipulation causes reachable assertion. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. • https://vuldb.com/?id.320906 • CWE-617: Reachable Assertion •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-52194
https://notcve.org/view.php?id=CVE-2025-52194
21 Aug 2025 — A buffer overflow vulnerability exists in libsndfile version 1.2.2 and potentially earlier versions when processing malformed IRCAM audio files. The vulnerability occurs in the ircam_read_header function at src/ircam.c:164 during sample rate processing, leading to memory corruption and potential code execution. • https://github.com/libsndfile/libsndfile/issues/1082 • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-9288 – Missing type checks leading to hash rewind and passing on crafted data
https://notcve.org/view.php?id=CVE-2025-9288
20 Aug 2025 — Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11. A vulnerability was found in sha.js, where the hashing implementation does not perform sufficient input type validation. The .update() function accepts arbitrary objects, including those with crafted length properties, which can alter the internal state machine of the hashing process. This flaw may result in unexpected behavior such as rewinding the hash state, producing inconsistent d... • https://github.com/browserify/sha.js/security/advisories/GHSA-95m3-7q98-8xr5 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-9287 – Missing type checks leading to hash rewind and passing on crafted data
https://notcve.org/view.php?id=CVE-2025-9287
20 Aug 2025 — Improper Input Validation vulnerability in cipher-base allows Input Data Manipulation.This issue affects cipher-base: through 1.0.4. These are all security issues fixed in the jupyter-bqplot-jupyterlab-0.5.46-12.1 package on the GA media of openSUSE Tumbleweed. • https://github.com/browserify/cipher-base/security/advisories/GHSA-cpq7-6gpm-g9rc • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-54363
https://notcve.org/view.php?id=CVE-2025-54363
20 Aug 2025 — Microsoft Knack 0.12.0 allows Regular expression Denial of Service (ReDoS) in the knack.introspection module. extract_full_summary_from_signature employs an inefficient regular expression pattern: "\s(:param)\s+(.+?)\s:(.*)" that is susceptible to catastrophic backtracking when processing crafted docstrings containing a large volume of whitespace without a terminating colon. An attacker who can control or inject docstring content into affected applications can trigger excessive CPU consumption. This softwar... • https://github.com/microsoft/knack • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-54364
https://notcve.org/view.php?id=CVE-2025-54364
20 Aug 2025 — Microsoft Knack 0.12.0 allows Regular expression Denial of Service (ReDoS) in the knack.introspection module. option_descriptions employs an inefficient regular expression pattern: "\s(:param)\s+(.+?)\s:(.*)" that is susceptible to catastrophic backtracking when processing crafted docstrings containing a large volume of whitespace without a terminating colon. An attacker who can control or inject docstring content into affected applications can trigger excessive CPU consumption. This software is used by Azu... • https://github.com/microsoft/knack • CWE-1333: Inefficient Regular Expression Complexity •