
CVE-2025-32053 – Libsoup: heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space()
https://notcve.org/view.php?id=CVE-2025-32053
03 Apr 2025 — A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read. This update for libsoup fixes the following issues. Fixed heap buffer over-read in 'skip_insignificant_space' when sniffing conten. Fixed integer overflow in append_param_quoted. • https://access.redhat.com/errata/RHSA-2025:4440 • CWE-126: Buffer Over-read •

CVE-2025-32052 – Libsoup: heap buffer overflow in sniff_unknown()
https://notcve.org/view.php?id=CVE-2025-32052
03 Apr 2025 — A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read. This update for libsoup fixes the following issues. Fixed heap buffer over-read in 'skip_insignificant_space' when sniffing conten. Fixed integer overflow in append_param_quoted. • https://access.redhat.com/errata/RHSA-2025:4440 • CWE-126: Buffer Over-read •

CVE-2025-32050 – Libsoup: integer overflow in append_param_quoted
https://notcve.org/view.php?id=CVE-2025-32050
03 Apr 2025 — A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read. This update for libsoup fixes the following issues. Fixed heap buffer over-read in 'skip_insignificant_space' when sniffing conten. Fixed integer overflow in append_param_quoted. • https://access.redhat.com/errata/RHSA-2025:4440 • CWE-127: Buffer Under-read •

CVE-2025-2784 – Libsoup: heap buffer over-read in `skip_insignificant_space` when sniffing content
https://notcve.org/view.php?id=CVE-2025-2784
03 Apr 2025 — A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server. This update for libsoup fixes the following issues. Fixed heap buffer over-read in 'skip_insignificant_space' when sniffing conten. • https://access.redhat.com/security/cve/CVE-2025-2784 • CWE-125: Out-of-bounds Read •

CVE-2025-24213 – Apple Security Advisory 04-01-2025-1
https://notcve.org/view.php?id=CVE-2025-24213
31 Mar 2025 — This issue was addressed with improved handling of floats. This issue is fixed in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A type confusion issue could lead to memory corruption. This issue was addressed with improved handling of floats. This issue is fixed in tvOS 18.5, Safari 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, watchOS 11.5, visionOS 2.5. • https://support.apple.com/en-us/122371 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVE-2024-8176 – Libexpat: expat: improper restriction of xml entity expansion depth in libexpat
https://notcve.org/view.php?id=CVE-2024-8176
14 Mar 2025 — A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage. It was discovered that Expat could crash due to stack overflow when p... • https://github.com/uthrasri/Expat_2.6.2_CVE-2024-8176 • CWE-674: Uncontrolled Recursion •

CVE-2025-24201 – Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2025-24201
11 Mar 2025 — An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in visionOS 2.3.2, iOS 18.3.2 and iPadOS 18.3.2, macOS Sequoia 15.3.2, Safari 18.3.1. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions o... • https://packetstorm.news/files/id/200957 • CWE-787: Out-of-bounds Write •

CVE-2025-26601 – Xorg: xwayland: use-after-free in syncinittrigger()
https://notcve.org/view.php?id=CVE-2025-26601
25 Feb 2025 — A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server... • https://access.redhat.com/security/cve/CVE-2025-26601 • CWE-416: Use After Free •

CVE-2025-26600 – Xorg: xwayland: use-after-free in playreleasedevents()
https://notcve.org/view.php?id=CVE-2025-26600
25 Feb 2025 — A use-after-free flaw was found in X.Org and Xwayland. When a device is removed while still frozen, the events queued for that device remain while the device is freed. Replaying the events will cause a use-after-free. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of devi... • https://access.redhat.com/security/cve/CVE-2025-26600 • CWE-416: Use After Free •

CVE-2025-26599 – Xorg: xwayland: use of uninitialized pointer in compredirectwindow()
https://notcve.org/view.php?id=CVE-2025-26599
25 Feb 2025 — An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validating the window tree marked just before, which leaves the validated data partly initialized and the use of an uninitialized pointer later. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obta... • https://access.redhat.com/security/cve/CVE-2025-26599 • CWE-824: Access of Uninitialized Pointer •