CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2025-6199
Low

A logic flaw was found in the GIF parser of GdkPixbuf's LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported output size to the full buffer length instead of the actual number of written bytes. This causes uninitialized buffer sections to be included in the output, potentially leaking arbitrary memory contents in the processed image.

CVE-2025-6141
Low

Wykryto podatność w GNU ncurses do wersji 6.5-20250322, klasyfikowaną jako problematyczną. Dotyczy ona funkcji postprocess_termcap w pliku tinfo/parse_entry.c i prowadzi do przepełnienia bufora na stosie.

CVE-2025-6170
Low

A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.

CVE-2025-6052
Low

W GLib występuje błąd w zarządzaniu pamięcią przez GString podczas dodawania danych do ciągów. Przy dużych ciągach, połączenie ich z dodatkowymi danymi może spowodować ukryty przepełnienie w obliczeniach rozmiaru, co prowadzi do pisania danych poza przydzieloną pamięcią.

CVE-2025-5918
Low

A vulnerability has been identified in the libarchive library, triggered when file streams are piped into bsdtar, causing an out-of-bounds read. This can lead to unpredictable program behavior, memory corruption, or denial of service.

CVE-2025-5917
Low

An off-by-one vulnerability has been identified in the libarchive library when handling file name prefixes and suffixes. This flaw causes a 1-byte write overflow, potentially corrupting adjacent memory and leading to unpredictable program behavior or crashes.

CVE-2025-5916
Low

An integer overflow vulnerability has been identified in the libarchive library when processing WARC files claiming more than INT64_MAX - 4 content bytes. An attacker can craft a malicious WARC archive to trigger this overflow, leading to unpredictable behavior, memory corruption, or denial of service. This affects libarchive versions prior to 3.8.0.

CVE-2025-4945
Low

A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior, allowing an attacker to bypass cookie expiration logic, causing persistent or unintended cookie behavior.

CVE-2025-46394
Low

W BusyBox w wersji do 1.37.0, w narzędziu tar, archiwum TAR może ukrywać nazwy plików w liście za pomocą sekwencji ucieczki terminala. To może prowadzić do nieświadomego ujawnienia danych lub manipulacji plikami.

CVE-2025-3416
Low

A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.

CVE-2024-32122
Low

In Fortinet FortiOS versions 7.4.0 to 7.4.8, 7.2, 7.0, and 6.4, passwords are stored in a recoverable format. This allows an attacker to disclose information by modifying the LDAP server IP to point to a malicious server.

CVE-2025-3360
Low

A flaw was found in GLib where an integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.

CVE-2025-1376
Low

W bibliotece GNU elfutils 0.192 zidentyfikowano podatność w funkcji elf_strptr, która może prowadzić do odmowy usługi. Atak można przeprowadzić na lokalnym hoście, jednak jego złożoność jest dość wysoka, co utrudnia wykorzystanie podatności.

CVE-2024-52963
Low

An out-of-bounds write in Fortinet FortiOS versions 7.6.0, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, and 6.4.0 through 6.4.15 allows an attacker to trigger a denial of service via specially crafted packets.

CVE-2024-12970
Low

W podatności CVE-2024-12970 występuje niewłaściwa neutralizacja specjalnych elementów używanych w poleceniach systemu operacyjnego, co pozwala na wstrzyknięcie poleceń systemowych w aplikacji My Computer w systemie Pardus OS. Problem dotyczy wersji przed 0.7.2.

CVE-2024-46383
Low

The Hathway Skyworth CM5100-511 router version 4.1.1.24 stores sensitive information about USB and Wi-Fi connected devices in plaintext. This means anyone with access to the router's storage can read this data.

CVE-2024-44575
Low

The vulnerability in RELY-PCIe versions v22.2.1 to v23.1.0 fails to set the Secure attribute for sensitive cookies in HTTPS sessions. This could cause the user agent to send those cookies in cleartext over an unencrypted HTTP session.

CVE-2024-8443
Low

A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to APDUs during card enrollment using pkcs15-init may lead to out-of-bounds access, potentially allowing arbitrary code execution.

CVE-2024-45620
Low

A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs, leading to incorrect access to initialized parts of the buffer when buffers are partially filled with data.

CVE-2024-45618
Low

A vulnerability was found in pkcs15-init in OpenSC due to insufficient or missing checking of return values of functions. An attacker could use a crafted USB device or smart card presenting specially crafted APDU responses, leading to the use of uninitialized variables.

PreviousPage 23 of 63Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS