
CVE-2024-6875 – Infinispan: infinispan: rest compare api has buffer leak
https://notcve.org/view.php?id=CVE-2024-6875
28 Mar 2025 — A vulnerability was found in the Infinispan component in Red Hat Data Grid. The REST compare API may have a buffer leak and an out of memory error can occur when sending continual requests with large POST data to the REST API. • https://access.redhat.com/security/cve/CVE-2024-6875 • CWE-401: Missing Release of Memory after Effective Lifetime •

CVE-2025-2901 – Org.jboss.hal-hal-parent: stored cross-site scripting (xss) in jboss eap management console
https://notcve.org/view.php?id=CVE-2025-2901
28 Mar 2025 — A flaw was found in the JBoss EAP Management Console, where a stored Cross-site scripting vulnerability occurs when an application improperly sanitizes user input before storing it in a data store. When this stored data is later included in web pages without adequate sanitization, malicious scripts can execute in the context of users who view these pages, leading to potential data theft, session hijacking, or other malicious activities. • https://access.redhat.com/security/cve/CVE-2025-2901 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2025-2877 – Event-driven-ansible: exposure inventory passwords in plain text when starting a rulebook activation with verbosity set to debug in eda
https://notcve.org/view.php?id=CVE-2025-2877
28 Mar 2025 — A flaw was found in the Ansible Automation Platform's Event-Driven Ansible. In configurations where verbosity is set to "debug", inventory passwords are exposed in plain text when starting a rulebook activation. This issue exists for any "debug" action in a rulebook and also affects Event Streams. • https://access.redhat.com/security/cve/CVE-2025-2877 • CWE-1295: Debug Messages Revealing Unnecessary Information •

CVE-2025-31181 – Gnuplot: gnuplot segmentation fault on x11_graphics
https://notcve.org/view.php?id=CVE-2025-31181
27 Mar 2025 — A flaw was found in gnuplot. The X11_graphics() function may lead to a segmentation fault and cause a system crash. • https://access.redhat.com/security/cve/CVE-2025-31181 • CWE-476: NULL Pointer Dereference •

CVE-2025-31180 – Gnuplot: gnuplot segmentation fault on canvas_text
https://notcve.org/view.php?id=CVE-2025-31180
27 Mar 2025 — A flaw was found in gnuplot. The CANVAS_text() function may lead to a segmentation fault and cause a system crash. • https://access.redhat.com/security/cve/CVE-2025-31180 • CWE-476: NULL Pointer Dereference •

CVE-2025-31179 – Gnuplot: gnuplot segmentation fault on xstrftime
https://notcve.org/view.php?id=CVE-2025-31179
27 Mar 2025 — A flaw was found in gnuplot. The xstrftime() function may lead to a segmentation fault, causing a system crash. • https://access.redhat.com/security/cve/CVE-2025-31179 • CWE-476: NULL Pointer Dereference •

CVE-2025-31178 – Gnuplot: gnuplot segmentation fault on getannotatestring
https://notcve.org/view.php?id=CVE-2025-31178
27 Mar 2025 — A flaw was found in gnuplot. The GetAnnotateString() function may lead to a segmentation fault and cause a system crash. • https://access.redhat.com/security/cve/CVE-2025-31178 • CWE-476: NULL Pointer Dereference •

CVE-2025-31176 – Gnuplot: gnuplot segmentation fault on plot3d_points
https://notcve.org/view.php?id=CVE-2025-31176
27 Mar 2025 — A flaw was found in gnuplot. The plot3d_points() function may lead to a segmentation fault and cause a system crash. • https://access.redhat.com/security/cve/CVE-2025-31176 • CWE-476: NULL Pointer Dereference •

CVE-2025-2559 – Org.keycloak/keycloak-services: jwt token cache exhaustion leading to denial of service (dos) in keycloak
https://notcve.org/view.php?id=CVE-2025-2559
25 Mar 2025 — A flaw was found in Keycloak. When the configuration uses JWT tokens for authentication, the tokens are cached until expiration. If a client uses JWT tokens with an excessively long expiration time, for example, 24 or 48 hours, the cache can grow indefinitely, leading to an OutOfMemoryError. This issue could result in a denial of service condition, preventing legitimate users from accessing the system. • https://access.redhat.com/security/cve/CVE-2025-2559 • CWE-770: Allocation of Resources Without Limits or Throttling •

CVE-2024-7631 – Openshift-console: openshift console: path traversal
https://notcve.org/view.php?id=CVE-2024-7631
19 Mar 2025 — A flaw was found in the OpenShift Console, an endpoint for plugins to serve resources in multiple languages: /locales/resources.json. This endpoint's lng and ns parameters are used to construct a filepath in pkg/plugins/handlers unsafely.go#L112 Because of this unsafe filepath construction, an authenticated user can manipulate the path to retrieve any JSON files on the console's pod by using sequences of ../ and valid directory paths. • https://access.redhat.com/security/cve/CVE-2024-7631 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •