CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53285 – WordPress Add & Replace Affiliate Links for Amazon plugin <= 1.0.6 - Cross Site Scripting (XSS) Vulnerability
https://notcve.org/view.php?id=CVE-2025-53285
27 Jun 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Website Flip Add & Replace Affiliate Links for Amazon allows Stored XSS. This issue affects Add & Replace Affiliate Links for Amazon: from n/a through 1.0.6. The Add & Replace Affiliate Links for Amazon plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible fo... • https://patchstack.com/database/wordpress/plugin/add-replace-affiliate-links-for-amazon/vulnerability/wordpress-add-replace-affiliate-links-for-amazon-plugin-1-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.3EPSS: 0%CPEs: 13EXPL: 0CVE-2025-6199 – Gdk-pixbuf: uninitialized memory disclosure in gdkpixbuf gif lzw decoder
https://notcve.org/view.php?id=CVE-2025-6199
17 Jun 2025 — A flaw was found in the GIF parser of GdkPixbuf’s LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported output size to the full buffer length rather than the actual number of written bytes. This logic error results in uninitialized sections of the buffer being included in the output, potentially leaking arbitrary memory contents in the processed image. It was discovered that GDK-Pixbuf incorrectly handled certain GIF files. An attacker could possibly use this... • https://access.redhat.com/security/cve/CVE-2025-6199 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-6196 – Libgepub: integer overflow in libgepub's epub archive handling
https://notcve.org/view.php?id=CVE-2025-6196
17 Jun 2025 — A flaw was found in libgepub, a library used to read EPUB files. The software mishandles file size calculations when opening specially crafted EPUB files, leading to incorrect memory allocations. This issue causes the application to crash. Known affected usage includes desktop services like Tumbler, which may process malicious files automatically when browsing directories. While no direct remote attack vectors are confirmed, any application using libgepub to parse user-supplied EPUB content could be vulnera... • https://access.redhat.com/security/cve/CVE-2025-6196 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.1EPSS: 0%CPEs: 18EXPL: 0CVE-2025-4404 – Freeipa: idm: privilege escalation from host to domain admin in freeipa
https://notcve.org/view.php?id=CVE-2025-4404
17 Jun 2025 — A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the `krbCanonicalName` for the admin account by default, allowing users to create services with the same canonical name as the REALM admin. When a successful attack happens, the user can retrieve a Kerberos ticket in the name of this service, containing the admin@REALM credential. This flaw allows an attacker to perform administrative tasks over the REALM, leadin... • https://access.redhat.com/errata/RHSA-2025:9184 • CWE-1220: Insufficient Granularity of Access Control •
CVSS: 9.4EPSS: 0%CPEs: 39EXPL: 0CVE-2025-49794 – Libxml: heap use after free (uaf) leads to denial of service (dos)
https://notcve.org/view.php?id=CVE-2025-49794
16 Jun 2025 — A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the
CVSS: 9.4EPSS: 0%CPEs: 39EXPL: 0CVE-2025-49796 – Libxml: type confusion leads to denial of service (dos)
https://notcve.org/view.php?id=CVE-2025-49796
16 Jun 2025 — A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory. Ahmed Lekssays discovered that libxml2 did not properly perform certain mathematical operations, leading to an integer overflow. An attacker could possibly use... • https://access.redhat.com/security/cve/CVE-2025-49796 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2025-6052 – Glib: integer overflow in g_string_maybe_expand() leading to potential buffer overflow in glib gstring
https://notcve.org/view.php?id=CVE-2025-6052
13 Jun 2025 — A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption. These are all security issues fixed in the gio-branding-upstream-2.84.3-1.1 package on the GA media of openSUSE Tumbleweed. • https://access.redhat.com/security/cve/CVE-2025-6052 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2025-6035 – Gimp: gimp integer overflow
https://notcve.org/view.php?id=CVE-2025-6035
13 Jun 2025 — A flaw was found in GIMP. An integer overflow vulnerability exists in the GIMP "Despeckle" plug-in. The issue occurs due to unchecked multiplication of image dimensions, such as width, height, and bytes-per-pixel (img_bpp), which can result in allocating insufficient memory and subsequently performing out-of-bounds writes. This issue could lead to heap corruption, a potential denial of service (DoS), or arbitrary code execution in certain scenarios. • https://access.redhat.com/security/cve/CVE-2025-6035 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6031 – Insecure device pairing in end of life Amazon Cloud Cam
https://notcve.org/view.php?id=CVE-2025-6031
12 Jun 2025 — Amazon Cloud Cam is a home security camera that was deprecated on December 2, 2022, is end of life, and is no longer actively supported. When a user powers on the Amazon Cloud Cam, the device attempts to connect to a remote service infrastructure that has been deprecated due to end-of-life status. The device defaults to a pairing status in which an arbitrary user can bypass SSL pinning to associate the device to an arbitrary network, allowing for network traffic interception and modification. We recommend c... • https://aws.amazon.com/security/security-bulletins/AWS-2025-013 • CWE-672: Operation on a Resource after Expiration or Release •
CVSS: 7.8EPSS: 0%CPEs: 42EXPL: 0CVE-2025-6021 – Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2
https://notcve.org/view.php?id=CVE-2025-6021
12 Jun 2025 — A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input. Ahmed Lekssays discovered that libxml2 did not properly perform certain mathematical operations, leading to an integer overflow. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. Ahmed L... • https://access.redhat.com/security/cve/CVE-2025-6021 • CWE-121: Stack-based Buffer Overflow •