CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-9162 – Org.keycloak/keycloak-model-storage-service: variable injection into environment variables
https://notcve.org/view.php?id=CVE-2025-9162
21 Aug 2025 — A flaw was found in org.keycloak/keycloak-model-storage-service. The KeycloakRealmImport custom resource substitutes placeholders within imported realm documents, potentially referencing environment variables. This substitution process allows for injection attacks when crafted realm documents are processed. An attacker can leverage this to inject malicious content during the realm import procedure. This can lead to unintended consequences within the Keycloak environment. • https://access.redhat.com/security/cve/CVE-2025-9162 • CWE-526: Cleartext Storage of Sensitive Information in an Environment Variable •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-52194
https://notcve.org/view.php?id=CVE-2025-52194
21 Aug 2025 — A buffer overflow vulnerability exists in libsndfile version 1.2.2 and potentially earlier versions when processing malformed IRCAM audio files. The vulnerability occurs in the ircam_read_header function at src/ircam.c:164 during sample rate processing, leading to memory corruption and potential code execution. • https://github.com/libsndfile/libsndfile/issues/1082 • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-9288 – Missing type checks leading to hash rewind and passing on crafted data
https://notcve.org/view.php?id=CVE-2025-9288
20 Aug 2025 — Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11. • https://github.com/browserify/sha.js/security/advisories/GHSA-95m3-7q98-8xr5 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-9287 – Missing type checks leading to hash rewind and passing on crafted data
https://notcve.org/view.php?id=CVE-2025-9287
20 Aug 2025 — Improper Input Validation vulnerability in cipher-base allows Input Data Manipulation.This issue affects cipher-base: through 1.0.4. • https://github.com/browserify/cipher-base/security/advisories/GHSA-cpq7-6gpm-g9rc • CWE-20: Improper Input Validation •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-8415 – Cryostat: authentication bypass if network policies are disabled
https://notcve.org/view.php?id=CVE-2025-8415
20 Aug 2025 — A vulnerability was found in the Cryostat HTTP API. Cryostat's HTTP API binds to all network interfaces, allowing possible external visibility and access to the API port if Network Policies are disabled, allowing an unauthenticated, malicious attacker to jeopardize the environment. • https://access.redhat.com/security/cve/CVE-2025-8415 • CWE-289: Authentication Bypass by Alternate Name •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-4437 – Cri-o: large /etc/passwd file may lead to denial of service
https://notcve.org/view.php?id=CVE-2025-4437
20 Aug 2025 — There's a vulnerability in the CRI-O application where when container is launched with securityContext.runAsUser specifying a non-existent user, CRI-O attempts to create the user, reading the container's entire /etc/passwd file into memory. If this file is excessively large, it can cause the a high memory consumption leading applications to be killed due to out-of-memory. As a result a denial-of-service can be achieved, possibly disrupting other pods and services running in the same host. • https://access.redhat.com/security/cve/CVE-2025-4437 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-7777 – Mirror-registry: host header injection in mirror-registry
https://notcve.org/view.php?id=CVE-2025-7777
20 Aug 2025 — The mirror-registry doesn't properly sanitize the host header HTTP header in HTTP request received, allowing an attacker to perform malicious redirects to attacker-controlled domains or phishing campaigns. • https://access.redhat.com/security/cve/CVE-2025-7777 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.1EPSS: 0%CPEs: 9EXPL: 0CVE-2025-9185 – thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142
https://notcve.org/view.php?id=CVE-2025-9185
19 Aug 2025 — Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2. A flaw was f... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1970154%2C1976782%2C1977166 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2025-9181 – thunderbird: firefox: Uninitialized memory in the JavaScript Engine component
https://notcve.org/view.php?id=CVE-2025-9181
19 Aug 2025 — Uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox < 142, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2. A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Uninitialized memory in the JavaScript Engine component. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1977130 • CWE-457: Use of Uninitialized Variable CWE-665: Improper Initialization •
CVSS: 9.4EPSS: 0%CPEs: 9EXPL: 0CVE-2025-9180 – thunderbird: firefox: Same-origin policy bypass in the Graphics: Canvas2D component
https://notcve.org/view.php?id=CVE-2025-9180
19 Aug 2025 — 'Same-origin policy bypass in the Graphics: Canvas2D component.' This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2. A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Graphics: Canvas2D component. Multiple security issues have been found in the Mozilla Firefox web browser, which could pot... • https://bugzilla.mozilla.org/show_bug.cgi?id=1979782 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-346: Origin Validation Error •