CVSS: 7.0EPSS: 1%CPEs: 51EXPL: 0CVE-2025-2784 – Libsoup: heap buffer over-read in `skip_insignificant_space` when sniffing content
https://notcve.org/view.php?id=CVE-2025-2784
03 Apr 2025 — A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server. This update for libsoup fixes the following issues. Fixed heap buffer over-read in 'skip_insignificant_space' when sniffing conten. • https://access.redhat.com/security/cve/CVE-2025-2784 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 27EXPL: 0CVE-2025-24213 – webkitgtk: A type confusion issue could lead to memory corruption
https://notcve.org/view.php?id=CVE-2025-24213
31 Mar 2025 — This issue was addressed with improved handling of floats. This issue is fixed in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A type confusion issue could lead to memory corruption. This issue was addressed with improved handling of floats. This issue is fixed in tvOS 18.5, Safari 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, watchOS 11.5, visionOS 2.5. • https://support.apple.com/en-us/122371 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.2EPSS: 0%CPEs: 10EXPL: 0CVE-2025-31181 – Gnuplot: gnuplot segmentation fault on x11_graphics
https://notcve.org/view.php?id=CVE-2025-31181
27 Mar 2025 — A flaw was found in gnuplot. The X11_graphics() function may lead to a segmentation fault and cause a system crash. This update for gnuplot fixes the following issues. Invalid read leads to segmentation fault on plot3d_points. Improper bounds check leads to heap-buffer overflow on utf8_copy_one. • https://access.redhat.com/security/cve/CVE-2025-31181 • CWE-476: NULL Pointer Dereference •
CVSS: 6.2EPSS: 0%CPEs: 9EXPL: 0CVE-2025-31180 – Gnuplot: gnuplot segmentation fault on canvas_text
https://notcve.org/view.php?id=CVE-2025-31180
27 Mar 2025 — A flaw was found in gnuplot. The CANVAS_text() function may lead to a segmentation fault and cause a system crash. This update for gnuplot fixes the following issues. Invalid read leads to segmentation fault on plot3d_points. Improper bounds check leads to heap-buffer overflow on utf8_copy_one. • https://access.redhat.com/security/cve/CVE-2025-31180 • CWE-476: NULL Pointer Dereference •
CVSS: 6.2EPSS: 0%CPEs: 10EXPL: 0CVE-2025-31179 – Gnuplot: gnuplot segmentation fault on xstrftime
https://notcve.org/view.php?id=CVE-2025-31179
27 Mar 2025 — A flaw was found in gnuplot. The xstrftime() function may lead to a segmentation fault, causing a system crash. This update for gnuplot fixes the following issues. Invalid read leads to segmentation fault on plot3d_points. Improper bounds check leads to heap-buffer overflow on utf8_copy_one. • https://access.redhat.com/security/cve/CVE-2025-31179 • CWE-476: NULL Pointer Dereference •
CVSS: 6.2EPSS: 0%CPEs: 10EXPL: 0CVE-2025-31178 – Gnuplot: gnuplot segmentation fault on getannotatestring
https://notcve.org/view.php?id=CVE-2025-31178
27 Mar 2025 — A flaw was found in gnuplot. The GetAnnotateString() function may lead to a segmentation fault and cause a system crash. This update for gnuplot fixes the following issues. Invalid read leads to segmentation fault on plot3d_points. Improper bounds check leads to heap-buffer overflow on utf8_copy_one. • https://access.redhat.com/security/cve/CVE-2025-31178 • CWE-476: NULL Pointer Dereference •
CVSS: 6.2EPSS: 0%CPEs: 9EXPL: 0CVE-2025-31176 – Gnuplot: gnuplot segmentation fault on plot3d_points
https://notcve.org/view.php?id=CVE-2025-31176
27 Mar 2025 — A flaw was found in gnuplot. The plot3d_points() function may lead to a segmentation fault and cause a system crash. This update for gnuplot fixes the following issues. Invalid read leads to segmentation fault on plot3d_points. Improper bounds check leads to heap-buffer overflow on utf8_copy_one. • https://access.redhat.com/security/cve/CVE-2025-31176 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 42EXPL: 1CVE-2024-8176 – Libexpat: expat: improper restriction of xml entity expansion depth in libexpat
https://notcve.org/view.php?id=CVE-2024-8176
14 Mar 2025 — A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage. It was discovered that Expat could crash due to stack overflow when p... • https://github.com/uthrasri/Expat_2.6.2_CVE-2024-8176 • CWE-674: Uncontrolled Recursion •
CVSS: 10.0EPSS: 0%CPEs: 40EXPL: 2CVE-2025-24201 – Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2025-24201
11 Mar 2025 — An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in visionOS 2.3.2, iOS 18.3.2 and iPadOS 18.3.2, macOS Sequoia 15.3.2, Safari 18.3.1. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions o... • https://packetstorm.news/files/id/200957 • CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 10EXPL: 0CVE-2025-26695 – Gentoo Linux Security Advisory 202505-03
https://notcve.org/view.php?id=CVE-2025-26695
10 Mar 2025 — When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length of the requested email address. This vulnerability affects Thunderbird < 136 and Thunderbird < 128.8. Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. Versions greater than or equal to 128.9.0 are affected. • https://bugzilla.mozilla.org/show_bug.cgi?id=1883039 •