CVSS: 9.0EPSS: 1%CPEs: 31EXPL: 0CVE-2026-1761 – Libsoup: stack-based buffer overflow in libsoup multipart response parsingmultipart http response
https://notcve.org/view.php?id=CVE-2026-1761
02 Feb 2026 — A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption. This issue may result in application crashes or arbitrary code execution in applications that process untrusted server responses, and it does not require authentication or user interaction. This update for libsoup2... • https://access.redhat.com/security/cve/CVE-2026-1761 • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 34EXPL: 0CVE-2026-0719 – Libsoup: signed to unsigned conversion error leading to stack-based buffer overflow in libsoup ntlm authentication
https://notcve.org/view.php?id=CVE-2026-0719
08 Jan 2026 — A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk. An update for spice-client-win is now availab... • https://access.redhat.com/security/cve/CVE-2026-0719 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.7EPSS: 0%CPEs: 64EXPL: 0CVE-2025-13601 – Glib: integer overflow in in g_escape_uri_string()
https://notcve.org/view.php?id=CVE-2025-13601
26 Nov 2025 — A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string. It was discovered that GLib incorrectly handled escaping URI strings. An attacker could use this issue to cause GLib to c... • https://access.redhat.com/security/cve/CVE-2025-13601 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.0EPSS: 0%CPEs: 37EXPL: 0CVE-2025-11561 – Sssd: sssd default kerberos configuration allows privilege escalation on ad-joined linux systems
https://notcve.org/view.php?id=CVE-2025-11561
09 Oct 2025 — A flaw was found in the integration of Active Directory and the System Security Services Daemon (SSSD) on Linux systems. In default configurations, SSSD does not enable the Kerberos local authentication plugin (sssd_krb5_localauth_plugin), allowing an attacker with permission to modify certain AD attributes (such as userPrincipalName or samAccountName) to impersonate privileged users. This can result in unauthorized access or privilege escalation on domain-joined Linux hosts. A flaw was found in the integra... • https://access.redhat.com/security/cve/CVE-2025-11561 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 42EXPL: 0CVE-2025-41244 – Broadcom VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions Vulnerability
https://notcve.org/view.php?id=CVE-2025-41244
29 Sep 2025 — VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM. A flaw was found in VMWare open-vm-tools. A malicious actor with non-administrative privileges on a guest Virtual Machine (VM) could exploit this vulnerability to gain root privileges ... • http://support.broadcom.com/group/ecx/support-content-view/-/support-content/Security%20Advisories/VMSA-2025-0015--VMware-Aria-Operations-and-VMware-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41244-CVE-2025-41245--CVE-2025-41246-/36149 • CWE-267: Privilege Defined With Unsafe Actions CWE-280: Improper Handling of Insufficient Permissions or Privileges •
CVSS: 7.8EPSS: 0%CPEs: 32EXPL: 0CVE-2025-11021 – Libsoup: out-of-bounds read in cookie date handling of libsoup http library
https://notcve.org/view.php?id=CVE-2025-11021
26 Sep 2025 — A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds memory read. This flaw could result in unintended disclosure of memory contents, potentially exposing sensitive information from the process using libsoup. This update for libsoup fixes the following issues. Fixed out-of-bounds read in Cookie Date Handling of... • https://access.redhat.com/security/cve/CVE-2025-11021 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 38EXPL: 0CVE-2025-9900 – Libtiff: libtiff write-what-where
https://notcve.org/view.php?id=CVE-2025-9900
23 Sep 2025 — A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user. Xudong... • https://access.redhat.com/security/cve/CVE-2025-9900 • CWE-123: Write-what-where Condition •
CVSS: 8.5EPSS: 0%CPEs: 36EXPL: 0CVE-2025-32988 – Gnutls: vulnerability in gnutls othername san export
https://notcve.org/view.php?id=CVE-2025-32988
09 Jul 2025 — A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure. This vulnerability can be triggered using only public GnuTLS APIs and may result in ... • https://access.redhat.com/errata/RHSA-2025:16115 • CWE-415: Double Free •
CVSS: 6.5EPSS: 0%CPEs: 33EXPL: 0CVE-2025-6395 – Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite()
https://notcve.org/view.php?id=CVE-2025-6395
09 Jul 2025 — A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite(). When it reads certain settings from a template file, it can allow an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial of service (DoS) that could crash the system. A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite(). It was discovered that GnuTLS incorrectly handled exporting Subject Alternative Na... • https://access.redhat.com/security/cve/CVE-2025-6395 • CWE-476: NULL Pointer Dereference •
CVSS: 8.5EPSS: 0%CPEs: 34EXPL: 0CVE-2025-32990 – Gnutls: vulnerability in gnutls certtool template parsing
https://notcve.org/view.php?id=CVE-2025-32990
09 Jul 2025 — A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system. It was discovered that GnuTLS incorrectly handled exporting Subject Alternative Name entries containing an otherName. A remote attacker could use this... • https://access.redhat.com/security/cve/CVE-2025-32990 • CWE-122: Heap-based Buffer Overflow •