c-ares has a use-after-free in read_answers()

The giflib open-source component has a buffer overflow vulnerability

Gnuplot: gnuplot segmentation fault on x11_graphics

Gnuplot: gnuplot segmentation fault on xstrftime

Gnuplot: gnuplot segmentation fault on plot3d_points

atop through 2.11.0 allows local users to cause a denial of service (e.g., assertion failure and application exit) or possibly have unspecified other impact by running certain types of unprivileged processes while a different user runs atop.

runc container escape via "masked path" abuse due to mount race conditions

XZ has a heap-use-after-free bug in threaded .xz decoder

Chromium: CVE-2025-3074 Inappropriate implementation in Downloads

Chromium: CVE-2025-3073 Inappropriate implementation in Autofill

Chromium: CVE-2025-3072 Inappropriate implementation in Custom Tabs

Vulnerability in the MySQL Server product of Oracle MySQL

Chromium: CVE-2025-3071 Inappropriate implementation in Navigations

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

Chromium: CVE-2025-3070 Insufficient validation of untrusted input in Extensions

Vulnerability in the MySQL Server product of Oracle MySQL

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

Chromium: CVE-2025-3069 Inappropriate implementation in Extensions

Vulnerability in the MySQL Server product of Oracle MySQL