CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-13158 – apidoc-core - prototype pollution in api_group.js, api_param_title.js, api_use.js, and api_permission.js worker
https://notcve.org/view.php?id=CVE-2025-13158
26 Dec 2025 — Prototype pollution vulnerability in apidoc-core versions 0.2.0 and all subsequent versions allows remote attackers to modify JavaScript object prototypes via malformed data structures, including the “define” property processed by the application, potentially leading to denial of service or unintended behavior in applications relying on the integrity of prototype chains. • https://www.sonatype.com/security-advisories/cve-2025-13158 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-25341
https://notcve.org/view.php?id=CVE-2025-25341
26 Dec 2025 — Accessing the internal _ref property on entity_ref and entity_decl nodes causes a segmentation fault, potentially leading to a denial-of-service (DoS). • https://github.com/libxmljs/libxmljs/issues/667 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-66379
https://notcve.org/view.php?id=CVE-2025-66379
25 Dec 2025 — Pexip Infinity before 39.0 has Improper Input Validation in the media implementation, allowing a remote attacker to trigger a software abort via a crafted media stream, resulting in a denial of service. • https://docs.pexip.com/admin/security_bulletins.htm • CWE-617: Reachable Assertion •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-66443
https://notcve.org/view.php?id=CVE-2025-66443
25 Dec 2025 — Pexip Infinity 35.0 through 38.1 before 39.0, in non-default configurations that use Direct Media for WebRTC, has Improper Input Validation in signalling that allows an attacker to trigger a software abort, resulting in a temporary denial of service. • https://docs.pexip.com/admin/security_bulletins.htm • CWE-617: Reachable Assertion •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32095
https://notcve.org/view.php?id=CVE-2025-32095
25 Dec 2025 — Pexip Infinity before 37.0 has improper input validation in signalling that allows a remote attacker to trigger a software abort via a crafted signalling message, resulting in a denial of service. • https://docs.pexip.com/admin/security_bulletins.htm • CWE-617: Reachable Assertion •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32096
https://notcve.org/view.php?id=CVE-2025-32096
25 Dec 2025 — Pexip Infinity 33.0 through 37.0 before 37.1 has improper input validation in signaling that allows an attacker to trigger a software abort, resulting in a denial of service. • https://docs.pexip.com/admin/security_bulletins.htm • CWE-617: Reachable Assertion •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48704
https://notcve.org/view.php?id=CVE-2025-48704
25 Dec 2025 — Pexip Infinity 35.0 through 37.2 before 38.0 has Improper Input Validation in signalling that allows an attacker to trigger a software abort, resulting in a denial of service. • https://docs.pexip.com/admin/security_bulletins.htm • CWE-617: Reachable Assertion •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49088
https://notcve.org/view.php?id=CVE-2025-49088
25 Dec 2025 — Pexip Infinity 32.0 through 37.1 before 37.2, in certain configurations of OTJ (One Touch Join) for Teams SIP Guest Join, has Improper Input Validation in the OTJ service, allowing a remote attacker to trigger a software abort via a crafted calendar invite, leading to a denial of service. • https://docs.pexip.com/admin/security_bulletins.htm • CWE-617: Reachable Assertion •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-59683
https://notcve.org/view.php?id=CVE-2025-59683
25 Dec 2025 — This allows a remote attacker to read potentially sensitive data and excessively consume resources, leading to a denial of service. • https://docs.pexip.com/admin/security_bulletins.htm • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-25153 – GNU Barcode 0.99 Memory Leak Vulnerability in Command Line Processing
https://notcve.org/view.php?id=CVE-2018-25153
24 Dec 2025 — Attackers can exploit this vulnerability by providing specially crafted input that causes unfreed memory allocations, potentially leading to denial of service conditions. • https://directory.fsf.org/wiki/Barcode • CWE-401: Missing Release of Memory after Effective Lifetime •