Windows Client-Side Caching Elevation of Privilege Vulnerability

Windows Kerberos Elevation of Privilege Vulnerability

Windows Remote Desktop Services Elevation of Privilege Vulnerability

HTMLParser quadratic complexity when processing malformed inputs

Glib: integer overflow in g_string_maybe_expand() leading to potential buffer overflow in glib gstring

Podman: podman missing tls verification

Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2

Linux-pam: linux-pam directory traversal

Glib-networking: uninitialized memory dereferences on glib-networking through glib-networking/tls/openssl/gtlsbio.c via g_tls_bio_new_from_iostream() and g_tls_bio_new_from_datagram_based()

Glib-networking: out of bound reads on glib-networking through tls/openssl/gtlscertificate-openssl.c via "g_tls_certificate_openssl_get_property()"

Cache poisoning via the ECS-enabled Rebirthday Attack

Libssh: invalid return code for chacha20 poly1305 with openssl backend

astral-tokio-tar has a path traversal in tar extraction

NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service (DoS) condition.

Apache HTTP Server: NTLM Leakage on Windows through UNC SSRF

Chromium: CVE-2025-5959 Type Confusion in V8

Chromium: CVE-2025-5958 Use after free in Media

quic-go has Client Crash Due to Premature HANDSHAKE_DONE Frame

simple protocol server ignores accepts unlimited connections and logs failures without limit

Windows Storage VSP Driver Elevation of Privilege Vulnerability