CVSS: 7.8EPSS: %CPEs: 25EXPL: 0CVE-2024-3884 – Undertow: outofmemory when parsing form data encoding with application/x-www-form-urlencoded
https://notcve.org/view.php?id=CVE-2024-3884
03 Dec 2025 — A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParse(StreamSourceChannel) method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows unauthorized users to cause a remote denial of service (DoS) attack. • https://access.redhat.com/security/cve/CVE-2024-3884 • CWE-20: Improper Input Validation •
CVSS: 5.2EPSS: 0%CPEs: 3EXPL: 0CVE-2025-57850 – Codeready-ws: privilege escalation via excessive /etc/passwd permissions
https://notcve.org/view.php?id=CVE-2025-57850
02 Dec 2025 — A container privilege escalation flaw was found in certain CodeReady Workspaces images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges ... • https://access.redhat.com/security/cve/CVE-2025-57850 • CWE-276: Incorrect Default Permissions •
CVSS: 7.7EPSS: 0%CPEs: 8EXPL: 0CVE-2025-13601 – Glib: integer overflow in in g_escape_uri_string()
https://notcve.org/view.php?id=CVE-2025-13601
26 Nov 2025 — A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string. • https://access.redhat.com/security/cve/CVE-2025-13601 • CWE-190: Integer Overflow or Wraparound •
CVSS: 4.9EPSS: 0%CPEs: 6EXPL: 0CVE-2025-54770 – Grub2: use-after-free in net_set_vlan
https://notcve.org/view.php?id=CVE-2025-54770
18 Nov 2025 — A vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because the net_set_vlan command is not properly unregistered when the network module is unloaded from memory. An attacker who can execute this command can force the system to access memory locations that are no longer valid. Successful exploitation leads directly to system instability, which can result in a complete crash and halt sys... • https://access.redhat.com/security/cve/CVE-2025-54770 • CWE-825: Expired Pointer Dereference •
CVSS: 4.9EPSS: 0%CPEs: 5EXPL: 0CVE-2025-61664 – Grub2: missing unregister call for normal_exit command may lead to use-after-free
https://notcve.org/view.php?id=CVE-2025-61664
18 Nov 2025 — A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory Use After Free issue, occurs because the normal_exit command is not properly unregistered when its related module is unloaded. An attacker can exploit this condition by invoking the command after the module has been removed, causing the system to improperly access a previously freed memory location. This leads to a system crash or possible impacts in data confidentiality and integrity. This update for grub2... • https://access.redhat.com/security/cve/CVE-2025-61664 • CWE-825: Expired Pointer Dereference •
CVSS: 4.9EPSS: 0%CPEs: 5EXPL: 0CVE-2025-61663 – Grub2: missing unregister call for normal commands may lead to use-after-free
https://notcve.org/view.php?id=CVE-2025-61663
18 Nov 2025 — A vulnerability has been identified in the GRUB2 bootloader's normal command that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because the normal command is not properly unregistered when the module is unloaded. An attacker who can execute this command can force the system to access memory locations that are no longer valid. Successful exploitation leads directly to system instability, which can result in a complete crash and halt system availability. Impact o... • https://access.redhat.com/security/cve/CVE-2025-61663 • CWE-825: Expired Pointer Dereference •
CVSS: 4.9EPSS: 0%CPEs: 5EXPL: 0CVE-2025-61662 – Grub2: missing unregister call for gettext command may lead to use-after-free
https://notcve.org/view.php?id=CVE-2025-61662
18 Nov 2025 — A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the application to access a memory location that is no longer valid. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is n... • https://access.redhat.com/security/cve/CVE-2025-61662 • CWE-416: Use After Free •
CVSS: 4.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-61661 – Grub2: grub2: out-of-bounds write via malicious usb device
https://notcve.org/view.php?id=CVE-2025-61661
18 Nov 2025 — A vulnerability has been identified in the GRUB (Grand Unified Bootloader) component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device, allowing an attacker to exploit inconsistent length values. A local attacker can connect a maliciously configured USB device during the boot sequence to trigger this issue. A successful exploitation may lead GRUB to crash, leading to a Denial of Service. Data corruption may be also possible, although given the c... • https://access.redhat.com/security/cve/CVE-2025-61661 • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 4.9EPSS: 0%CPEs: 6EXPL: 0CVE-2025-54771 – Grub2: use-after-free in grub_file_close()
https://notcve.org/view.php?id=CVE-2025-54771
18 Nov 2025 — A use-after-free vulnerability has been identified in the GNU GRUB (Grand Unified Bootloader). The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded. This update for grub2 fixes the following issues. • https://access.redhat.com/security/cve/CVE-2025-54771 • CWE-825: Expired Pointer Dereference •
CVSS: 6.2EPSS: 0%CPEs: 6EXPL: 0CVE-2025-12464 – Qemu-kvm: stack buffer overflow in e1000 device via short frames in loopback mode
https://notcve.org/view.php?id=CVE-2025-12464
31 Oct 2025 — A stack-based buffer overflow was found in the QEMU e1000 network device. The code for padding short frames was dropped from individual network devices and moved to the net core code. The issue stems from the device's receive code still being able to process a short frame in loopback mode. This could lead to a buffer overrun in the e1000_receive_iov() function via the loopback code path. A malicious guest user could use this vulnerability to crash the QEMU process on the host, resulting in a denial of servi... • https://access.redhat.com/security/cve/CVE-2025-12464 • CWE-121: Stack-based Buffer Overflow •