NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix

Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite()

LZ4 through 1.10.0 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact when the application processes untrusted LZ4 frames. For example, LZ4F_createCDict_advanced in lib/lz4frame.c mishandles NULL checks.

HDF5 H5FSsection.c H5FS__sect_find_node heap-based overflow

HDF5 H5Cimage.c H5C__reconstruct_cache_entry heap-based overflow

astral-tokio-tar Vulnerable to PAX Header Desynchronization

Squid vulnerable to information disclosure via authentication credential leakage in error handling

Gdk-pixbuf: uninitialized memory disclosure in gdkpixbuf gif lzw decoder

ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.

ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.)

Chromium: CVE-2025-6192 Use after free in Profiler

Chromium: CVE-2025-6191 Integer overflow in V8

Libxml2: stack buffer overflow in xmllint interactive shell command handling

GNU ncurses parse_entry.c postprocess_termcap stack-based overflow

spdlog pattern_formatter-inl.h scoped_padder resource consumption

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

HTMLParser quadratic complexity when processing malformed inputs

Glib: integer overflow in g_string_maybe_expand() leading to potential buffer overflow in glib gstring

Podman: podman missing tls verification