CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-2586 – Ols: unauthenticated metrics flooding in openshift lightspeed service leading to resource exhaustion
https://notcve.org/view.php?id=CVE-2025-2586
31 Mar 2025 — A flaw was found in the OpenShift Lightspeed Service, which is vulnerable to unauthenticated API request flooding. Repeated queries to non-existent endpoints inflate metrics storage and processing, consuming excessive resources. This issue can lead to monitoring system degradation, increased disk usage, and potential service unavailability. Since the issue does not require authentication, an external attacker can exhaust CPU, RAM, and disk space, impacting both application and cluster stability. • https://access.redhat.com/security/cve/CVE-2025-2586 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-6875 – Infinispan: infinispan: rest compare api has buffer leak
https://notcve.org/view.php?id=CVE-2024-6875
28 Mar 2025 — A vulnerability was found in the Infinispan component in Red Hat Data Grid. The REST compare API may have a buffer leak and an out of memory error can occur when sending continual requests with large POST data to the REST API. • https://access.redhat.com/security/cve/CVE-2024-6875 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-2901 – Org.jboss.hal-hal-parent: stored cross-site scripting (xss) in jboss eap management console
https://notcve.org/view.php?id=CVE-2025-2901
28 Mar 2025 — A flaw was found in the JBoss EAP Management Console, where a stored Cross-site scripting vulnerability occurs when an application improperly sanitizes user input before storing it in a data store. When this stored data is later included in web pages without adequate sanitization, malicious scripts can execute in the context of users who view these pages, leading to potential data theft, session hijacking, or other malicious activities. • https://access.redhat.com/security/cve/CVE-2025-2901 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2877 – Event-driven-ansible: exposure inventory passwords in plain text when starting a rulebook activation with verbosity set to debug in eda
https://notcve.org/view.php?id=CVE-2025-2877
28 Mar 2025 — A flaw was found in the Ansible Automation Platform's Event-Driven Ansible. In configurations where verbosity is set to "debug", inventory passwords are exposed in plain text when starting a rulebook activation. This issue exists for any "debug" action in a rulebook and also affects Event Streams. • https://access.redhat.com/security/cve/CVE-2025-2877 • CWE-1295: Debug Messages Revealing Unnecessary Information •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2025-31181 – Gnuplot: gnuplot segmentation fault on x11_graphics
https://notcve.org/view.php?id=CVE-2025-31181
27 Mar 2025 — A flaw was found in gnuplot. The X11_graphics() function may lead to a segmentation fault and cause a system crash. • https://access.redhat.com/security/cve/CVE-2025-31181 • CWE-476: NULL Pointer Dereference •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2025-31180 – Gnuplot: gnuplot segmentation fault on canvas_text
https://notcve.org/view.php?id=CVE-2025-31180
27 Mar 2025 — A flaw was found in gnuplot. The CANVAS_text() function may lead to a segmentation fault and cause a system crash. • https://access.redhat.com/security/cve/CVE-2025-31180 • CWE-476: NULL Pointer Dereference •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2025-31179 – Gnuplot: gnuplot segmentation fault on xstrftime
https://notcve.org/view.php?id=CVE-2025-31179
27 Mar 2025 — A flaw was found in gnuplot. The xstrftime() function may lead to a segmentation fault, causing a system crash. • https://access.redhat.com/security/cve/CVE-2025-31179 • CWE-476: NULL Pointer Dereference •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2025-31178 – Gnuplot: gnuplot segmentation fault on getannotatestring
https://notcve.org/view.php?id=CVE-2025-31178
27 Mar 2025 — A flaw was found in gnuplot. The GetAnnotateString() function may lead to a segmentation fault and cause a system crash. • https://access.redhat.com/security/cve/CVE-2025-31178 • CWE-476: NULL Pointer Dereference •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2025-31176 – Gnuplot: gnuplot segmentation fault on plot3d_points
https://notcve.org/view.php?id=CVE-2025-31176
27 Mar 2025 — A flaw was found in gnuplot. The plot3d_points() function may lead to a segmentation fault and cause a system crash. • https://access.redhat.com/security/cve/CVE-2025-31176 • CWE-476: NULL Pointer Dereference •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-2559 – Org.keycloak/keycloak-services: jwt token cache exhaustion leading to denial of service (dos) in keycloak
https://notcve.org/view.php?id=CVE-2025-2559
25 Mar 2025 — A flaw was found in Keycloak. When the configuration uses JWT tokens for authentication, the tokens are cached until expiration. If a client uses JWT tokens with an excessively long expiration time, for example, 24 or 48 hours, the cache can grow indefinitely, leading to an OutOfMemoryError. This issue could result in a denial of service condition, preventing legitimate users from accessing the system. • https://access.redhat.com/security/cve/CVE-2025-2559 • CWE-770: Allocation of Resources Without Limits or Throttling •