CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-14025 – Ansible-automation-platform/aap-gateway: aap-gateway: read-only personal access token (pat) bypasses write restrictions
https://notcve.org/view.php?id=CVE-2025-14025
08 Jan 2026 — A flaw was found in Ansible Automation Platform (AAP). Read-only scoped OAuth2 API Tokens in AAP, are enforced at the Gateway level for Gateway-specific operations. However, this vulnerability allows read-only tokens to perform write operations on backend services (e.g., Controller, Hub, EDA). If this flaw were exploited, an attacker‘s capabilities would only be limited by role based access controls (RBAC). An update is now available for Red Hat Ansible Automation Platform 2.5. • https://access.redhat.com/articles/7136004 • CWE-279: Incorrect Execution-Assigned Permissions •
CVSS: 9.0EPSS: 0%CPEs: 34EXPL: 0CVE-2026-0719 – Libsoup: signed to unsigned conversion error leading to stack-based buffer overflow in libsoup ntlm authentication
https://notcve.org/view.php?id=CVE-2026-0719
08 Jan 2026 — A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk. An update for spice-client-win is now availab... • https://access.redhat.com/security/cve/CVE-2026-0719 • CWE-121: Stack-based Buffer Overflow •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2026-0707 – Keycloak: keycloak authorization header parsing leading to potential security control bypass
https://notcve.org/view.php?id=CVE-2026-0707
08 Jan 2026 — A flaw was found in Keycloak. The Keycloak Authorization header parser is overly permissive regarding the formatting of the "Bearer" authentication scheme. It accepts non-standard characters (such as tabs) as separators and tolerates case variations that deviate from RFC 6750 specifications. • https://access.redhat.com/security/cve/CVE-2026-0707 • CWE-551: Incorrect Behavior Order: Authorization Before Parsing and Canonicalization •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-67268 – Ubuntu Security Notice USN-7948-1
https://notcve.org/view.php?id=CVE-2025-67268
02 Jan 2026 — gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/driver_nmea2000.c file. The hnd_129540 function, which handles NMEA2000 PGN 129540 (GNSS Satellites in View) packets, fails to validate the user-supplied satellite count against the size of the skyview array (184 elements). This allows an attacker to write beyond the bounds of the array by providing a satellite count up to 255, leading to memory corruption, Denial of Service (DoS), and potentially arbitrary cod... • https://github.com/Jaenact/gspd_cve/blob/main/CVE-2025-67268/README.md • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-67269 – Ubuntu Security Notice USN-7948-1
https://notcve.org/view.php?id=CVE-2025-67269
02 Jan 2026 — An integer underflow vulnerability exists in the `nextstate()` function in `gpsd/packet.c` of gpsd versions prior to commit `ffa1d6f40bca0b035fc7f5e563160ebb67199da7`. When parsing a NAVCOM packet, the payload length is calculated using `lexer->length = (size_t)c - 4` without checking if the input byte `c` is less than 4. This results in an unsigned integer underflow, setting `lexer->length` to a very large value (near `SIZE_MAX`). The parser then enters a loop attempting to consume this massive number of b... • https://github.com/Jaenact/gspd_cve/blob/main/CVE-2025-67269/README.md • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-66864
https://notcve.org/view.php?id=CVE-2025-66864
29 Dec 2025 — An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file. • https://github.com/caozhzh/CRGF-Vul/blob/main/cxxfilt/crash5.md • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-66866
https://notcve.org/view.php?id=CVE-2025-66866
29 Dec 2025 — An issue was discovered in function d_abi_tags in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file. • https://github.com/caozhzh/CRGF-Vul/blob/main/cxxfilt/crash6.md • CWE-20: Improper Input Validation •
CVSS: 6.3EPSS: 0%CPEs: 5EXPL: 0CVE-2025-68161 – Apache Log4j Core: Missing TLS hostname verification in Socket appender
https://notcve.org/view.php?id=CVE-2025-68161
18 Dec 2025 — The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.html#SslConfiguration-attr-verifyHostName configuration attribute or the log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.html#log4j2.sslVerifyHostName system property is set to true. This issue may allow a man-in-the-middle attacker to inte... • https://github.com/apache/logging-log4j2/pull/4002 • CWE-297: Improper Validation of Certificate with Host Mismatch •
CVSS: 3.3EPSS: 0%CPEs: 8EXPL: 0CVE-2025-9615 – Networkmanager: networkmanager file access
https://notcve.org/view.php?id=CVE-2025-9615
17 Dec 2025 — A flaw was found in NetworkManager. The NetworkManager package allows access to files that may belong to other users. NetworkManager allows non-root users to configure the system's network. The daemon runs with root privileges and can access files owned by users different from the one who added the connection. These are all security issues fixed in the NetworkManager-applet-l2tp-1.52.0-1.1 package on the GA media of openSUSE Tumbleweed. • https://access.redhat.com/security/cve/CVE-2025-9615 • CWE-281: Improper Preservation of Permissions •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-13888 – Openshift-gitops-operator: openshift gitops: namespace admin cluster takeover via privileged jobs
https://notcve.org/view.php?id=CVE-2025-13888
15 Dec 2025 — A flaw was found in OpenShift GitOps. Namespace admins can create ArgoCD Custom Resources (CRs) that trick the system into granting them elevated permissions in other namespaces, including privileged namespaces. An authenticated attacker can then use these elevated permissions to create privileged workloads that run on master nodes, effectively giving them root access to the entire cluster. Important: Red Hat OpenShift GitOps v1.18.3 security update. Issues addressed include a denial of service vulnerabilit... • https://access.redhat.com/errata/RHSA-2025:23203 • CWE-266: Incorrect Privilege Assignment •