CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2025-4207 – PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation
https://notcve.org/view.php?id=CVE-2025-4207
08 May 2025 — Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected. • https://www.postgresql.org/support/security/CVE-2025-4207 • CWE-126: Buffer Over-read •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2443
https://notcve.org/view.php?id=CVE-2025-2443
24 Apr 2025 — The vulnerability exists due to insufficient sanitization of user-supplied data in Maven Dependency Proxy. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website. •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1763
https://notcve.org/view.php?id=CVE-2025-1763
24 Apr 2025 — The vulnerability exists due to insufficient sanitization of user-supplied data in Maven Dependency Proxy. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website. •
CVSS: 7.8EPSS: 0%CPEs: 35EXPL: 1CVE-2024-8176 – Libexpat: expat: improper restriction of xml entity expansion depth in libexpat
https://notcve.org/view.php?id=CVE-2024-8176
14 Mar 2025 — A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage. It was discovered that Expat could crash due to stack overflow when p... • https://github.com/uthrasri/Expat_2.6.2_CVE-2024-8176 • CWE-674: Uncontrolled Recursion •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27625
https://notcve.org/view.php?id=CVE-2025-27625
05 Mar 2025 — In Jenkins 2.499 and earlier, LTS 2.492.1 and earlier, redirects starting with backslash (`\`) characters are considered safe, allowing attackers to perform phishing attacks by having users go to a Jenkins URL that will forward them to a different site, because browsers interpret these characters as part of scheme-relative redirects. • https://www.jenkins.io/security/advisory/2025-03-05/#SECURITY-3501 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27624
https://notcve.org/view.php?id=CVE-2025-27624
05 Mar 2025 — A cross-site request forgery (CSRF) vulnerability in Jenkins 2.499 and earlier, LTS 2.492.1 and earlier allows attackers to have users toggle their collapsed/expanded status of sidepanel widgets (e.g., Build Queue and Build Executor Status widgets). • https://www.jenkins.io/security/advisory/2025-03-05/#SECURITY-3498 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27623
https://notcve.org/view.php?id=CVE-2025-27623
05 Mar 2025 — Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of views via REST API or CLI, allowing attackers with View/Read permission to view encrypted values of secrets. • https://www.jenkins.io/security/advisory/2025-03-05/#SECURITY-3496 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27622
https://notcve.org/view.php?id=CVE-2025-27622
05 Mar 2025 — Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets. • https://www.jenkins.io/security/advisory/2025-03-05/#SECURITY-3495 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 8.2EPSS: 0%CPEs: 5EXPL: 0CVE-2025-1943 – Gentoo Linux Security Advisory 202505-02
https://notcve.org/view.php?id=CVE-2025-1943
04 Mar 2025 — Memory safety bugs present in Firefox 135 and Thunderbird 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136. Memory safety bugs present in Firefox 135 and Thunderbird 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1869650%2C1938451%2C1940326%2C1944052%2C1944063%2C1947281 • CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 34EXPL: 0CVE-2025-1938 – firefox: thunderbird: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8
https://notcve.org/view.php?id=CVE-2025-1938
04 Mar 2025 — Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136 and Firefox ESR < 128.8. Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with eno... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1922889%2C1935004%2C1943586%2C1943912%2C1948111 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •