Werkzeug safe_join() allows Windows special device names

Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo

node-forge ASN.1 Unbounded Recursion

node-forge ASN.1 OID Integer Truncation

A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer() to log a single-line payload larger than 64KB without newline characters.

Chromium: CVE-2025-6558 Incorrect validation of untrusted input in ANGLE and GPU

Chromium: CVE-2025-6557 Insufficient data validation in DevTools

Chromium: CVE-2025-6556 Insufficient policy enforcement in Loader

Chromium: CVE-2025-6555 Use after free in Animation

Chromium: CVE-2025-6554 Type Confusion in V8

HDF5 H5Fint.c H5F_addr_decode_len heap-based overflow

Apache HTTP Server: CGI environment variable override

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Microsoft Partner Center Elevation of Privilege Vulnerability

Azure Container Apps Remote Code Execution Vulnerability

LIBPNG is vulnerable to a heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read`

HTACG tidy-html5 alloc.c defaultAlloc memory leak

HTACG tidy-html5 parser.c prvTidyParseNamespace assertion

NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix

LIBPNG is vulnerable to a buffer overflow in `png_image_read_composite` via incorrect palette premultiplication