CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-12105 – Libsoup: heap use-after-free in libsoup message queue handling during http/2 read completion
https://notcve.org/view.php?id=CVE-2025-12105
23 Oct 2025 — A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missing state synchronization. This leads to a use-after-free memory access, potentially crashing the affected application. Attackers could exploit this behavior remotely by triggering specific HTTP/2 read and cancel sequ... • https://access.redhat.com/security/cve/CVE-2025-12105 • CWE-416: Use After Free •
CVSS: 4.4EPSS: 0%CPEs: 6EXPL: 0CVE-2025-11568 – Luksmeta: data corruption when handling luks1 partitions with luksmeta
https://notcve.org/view.php?id=CVE-2025-11568
15 Oct 2025 — A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the necessary permissions can exploit this flaw by writing a large amount of metadata to an encrypted device. The utility fails to correctly validate the available space, causing the metadata to overwrite and corrupt the user's encrypted data. This action leads to a permanent loss of the stored information. Devices using the LUKS formats other than LUKS1 are not affec... • https://access.redhat.com/security/cve/CVE-2025-11568 • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 4.3EPSS: 0%CPEs: 24EXPL: 0CVE-2025-9640 – Samba: vfs_streams_xattr uninitialized memory write possible
https://notcve.org/view.php?id=CVE-2025-9640
15 Oct 2025 — A flaw was found in Samba, in the vfs_streams_xattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure vulnerability. USN-7826-1 fixed vulnerabilities in Samba. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Andrew Walker discovered that Samba incorrectly initi... • https://access.redhat.com/security/cve/CVE-2025-9640 • CWE-908: Use of Uninitialized Resource •
CVSS: 10.0EPSS: 0%CPEs: 22EXPL: 0CVE-2025-10230 – Samba: command injection in wins server hook script
https://notcve.org/view.php?id=CVE-2025-10230
15 Oct 2025 — A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active Directory Domain Controller’s wins hook, allowing an unauthenticated network attacker to achieve remote command execution as the Samba process. USN-7826-1 fixed vulnerabilities in Samba. This update provides the corresp... • https://access.redhat.com/security/cve/CVE-2025-10230 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 37EXPL: 0CVE-2025-11561 – Sssd: sssd default kerberos configuration allows privilege escalation on ad-joined linux systems
https://notcve.org/view.php?id=CVE-2025-11561
09 Oct 2025 — A flaw was found in the integration of Active Directory and the System Security Services Daemon (SSSD) on Linux systems. In default configurations, SSSD does not enable the Kerberos local authentication plugin (sssd_krb5_localauth_plugin), allowing an attacker with permission to modify certain AD attributes (such as userPrincipalName or samAccountName) to impersonate privileged users. This can result in unauthorized access or privilege escalation on domain-joined Linux hosts. A flaw was found in the integra... • https://access.redhat.com/security/cve/CVE-2025-11561 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-10990 – rexml: incomplete fix for CVE-2024-49761
https://notcve.org/view.php?id=CVE-2025-10990
09 Oct 2025 — No description is available for this CVE. rexml: incomplete fix for CVE-2024-49761 Updated Satellite Client packages that fix several bugs are now available for Red Hat Satellite. • https://access.redhat.com/security/cve/CVE-2025-10990 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 5.2EPSS: 0%CPEs: 3EXPL: 0CVE-2025-58712 – Amq: privilege escalation via excessive /etc/passwd permissions
https://notcve.org/view.php?id=CVE-2025-58712
09 Oct 2025 — A container privilege escalation flaw was found in certain AMQ Broker images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the... • https://access.redhat.com/errata/RHSA-2025:17562 • CWE-276: Incorrect Default Permissions •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-6242 – Vllm: server side request forgery (ssrf) in mediaconnector
https://notcve.org/view.php?id=CVE-2025-6242
07 Oct 2025 — A Server-Side Request Forgery (SSRF) vulnerability exists in the MediaConnector class within the vLLM project's multimodal feature set. The load_from_url and load_from_url_async methods fetch and process media from user-provided URLs without adequate restrictions on the target hosts. This allows an attacker to coerce the vLLM server into making arbitrary requests to internal network resources. • https://access.redhat.com/security/cve/CVE-2025-6242 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2025-11234 – Qemu-kvm: vnc websocket handshake use-after-free
https://notcve.org/view.php?id=CVE-2025-11234
03 Oct 2025 — A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network access to the VNC WebSocket port to cause a denial of service during the WebSocket handshake prior to the VNC client authentication. • https://access.redhat.com/security/cve/CVE-2025-11234 • CWE-416: Use After Free •
CVSS: 9.9EPSS: 0%CPEs: 3EXPL: 0CVE-2025-10725 – Openshift-ai: overly permissive clusterrole allows authenticated users to escalate privileges to cluster admin
https://notcve.org/view.php?id=CVE-2025-10725
30 Sep 2025 — A flaw was found in Red Hat Openshift AI Service. A low-privileged attacker with access to an authenticated account, for example as a data scientist using a standard Jupyter notebook, can escalate their privileges to a full cluster administrator. This allows for the complete compromise of the cluster's confidentiality, integrity, and availability. The attacker can steal sensitive data, disrupt all services, and take control of the underlying infrastructure, leading to a total breach of the platform and all ... • https://access.redhat.com/errata/RHSA-2025:16981 • CWE-266: Incorrect Privilege Assignment •