CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 0CVE-2025-32907 – Libsoup: denial of service in server when client requests a large amount of overlapping ranges with range header
https://notcve.org/view.php?id=CVE-2025-32907
14 Apr 2025 — A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. • https://access.redhat.com/security/cve/CVE-2025-32907 • CWE-1050: Excessive Platform Resource Consumption within a Loop •
CVSS: 8.5EPSS: 1%CPEs: 32EXPL: 0CVE-2025-32906 – Libsoup: out of bounds reads in soup_headers_parse_request()
https://notcve.org/view.php?id=CVE-2025-32906
14 Apr 2025 — A flaw was found in libsoup, where the soup_headers_parse_request() function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server. This update for libsoup fixes the following issues. Fixed heap buffer over-read in 'skip_insignificant_space' when sniffing conten. Fixed integer overflow in append_param_quoted. • https://access.redhat.com/security/cve/CVE-2025-32906 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 32EXPL: 0CVE-2025-32913 – Libsoup: null pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in content-disposition header
https://notcve.org/view.php?id=CVE-2025-32913
14 Apr 2025 — A flaw was found in libsoup, where the soup_message_headers_get_content_disposition() function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function. This update for libsoup fixes the following issues. Fixed heap buffer over-read in 'skip_insignificant_space' when sniffing conten. Fixed integer overflow in append_param_quoted. • https://access.redhat.com/security/cve/CVE-2025-32913 • CWE-476: NULL Pointer Dereference •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3469 – i18n XSS vulnerability in HTMLMultiSelectField when sections are used
https://notcve.org/view.php?id=CVE-2025-3469
10 Apr 2025 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLMultiSelectField.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1. Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in information disclosure, cross-site scripting or restriction bypass. • https://phabricator.wikimedia.org/T358689 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-32460 – Debian Security Advisory 5905-1
https://notcve.org/view.php?id=CVE-2025-32460
09 Apr 2025 — GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders/jxl.c, related to an ImportViewPixelArea call. Two vulnerabilities have been discovered in GraphicsMagick, a set of command-line applications to manipulate image files, which may result in denial of service or the execution of arbitrary code if malformed image files are processed. • https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/8e56520435df50f618a03f2721a39a70a515f1cb • CWE-125: Out-of-bounds Read •
CVSS: 3.7EPSS: 0%CPEs: 10EXPL: 0CVE-2025-3416 – Openssl: rust-openssl use-after-free in `md::fetch` and `cipher::fetch`
https://notcve.org/view.php?id=CVE-2025-3416
08 Apr 2025 — A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string. This update for python-maturin fixes the following issues. openssl: use-after-free in 'Md::fetch' and 'Cipher::fetch' when 'Some' value passed as 'properties' argument to either function. crossbeam-channel: double-free leading to possible... • https://access.redhat.com/security/cve/CVE-2025-3416 • CWE-416: Use After Free •
CVSS: 3.7EPSS: 0%CPEs: 3EXPL: 0CVE-2025-3360 – Glibc: glib prior to 2.82.5 is vulnerable to integer overflow and buffer under-read when parsing a very long invalid iso 8601 timestamp with g_date_time_new_from_iso8601().
https://notcve.org/view.php?id=CVE-2025-3360
07 Apr 2025 — A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function. This update for glib2 fixes the following issues. Fixed integer overflow and buffer underread when parsing a very long and invalid ISO 8601 timestamp with g_date_time_new_from_iso8601. • https://access.redhat.com/security/cve/CVE-2025-3360 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2025-3359 – Gnuplot: segmentation fault via io_str_init_static_internal function
https://notcve.org/view.php?id=CVE-2025-3359
07 Apr 2025 — A flaw was found in GNUPlot. A segmentation fault via IO_str_init_static_internal may jeopardize the environment. This update for gnuplot fixes the following issues. Invalid read leads to segmentation fault on plot3d_points. Improper bounds check leads to heap-buffer overflow on utf8_copy_one. • https://access.redhat.com/security/cve/CVE-2025-3359 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 6.5EPSS: 0%CPEs: 25EXPL: 0CVE-2025-32053 – Libsoup: heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space()
https://notcve.org/view.php?id=CVE-2025-32053
03 Apr 2025 — A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read. This update for libsoup fixes the following issues. Fixed heap buffer over-read in 'skip_insignificant_space' when sniffing conten. Fixed integer overflow in append_param_quoted. • https://access.redhat.com/errata/RHSA-2025:4440 • CWE-126: Buffer Over-read •
CVSS: 6.5EPSS: 0%CPEs: 25EXPL: 0CVE-2025-32052 – Libsoup: heap buffer overflow in sniff_unknown()
https://notcve.org/view.php?id=CVE-2025-32052
03 Apr 2025 — A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read. This update for libsoup fixes the following issues. Fixed heap buffer over-read in 'skip_insignificant_space' when sniffing conten. Fixed integer overflow in append_param_quoted. • https://access.redhat.com/errata/RHSA-2025:4440 • CWE-126: Buffer Over-read •