Report Name: Linux Patch Wednesday December 2025
Generated: 2025-12-18 23:21:39

Product Name	Prevalence	U	C	H	M	L	A	Comment
Apache HTTP Server	0.9			1	4		5	Apache HTTP Server is a free and open-source web server that delivers web content through the internet
Django	0.9				4		4	Django is a high-level Python web framework that encourages rapid development and clean, pragmatic design. It provides built-in tools for database models, authentication, URL routing, templates, and security features, making it one of the most widely used frameworks for building scalable and maintainable web applications.
Linux Kernel	0.9				155	244	399	The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
nftables	0.9				1		1	nftables is a subsystem of the Linux kernel providing filtering and classification of network packets/datagrams/frames
APT	0.8				1		1	A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CUPS	0.8			3			3	CUPS is a modular printing system for Unix-like computer operating systems which allows a computer to act as a print server
Chromium	0.8			3	17	1	21	Chromium is a free and open-source web browser project, mainly developed and maintained by Google
GLPI	0.8			1			1	GLPI is an open source IT Asset Management, issue tracking system and service desk system
Mozilla Firefox	0.8			2	8		10	Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
Netty	0.8			1			1	Netty is a non-blocking I/O client-server framework for the development of Java network applications such as protocol servers and clients
OpenSSL	0.8				8		8	A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
Secure Boot	0.8				1		1	Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM)
The Qt Company Qt	0.8			1			1	Qt is a cross-platform application development framework used to build graphical user interfaces and applications for desktop, mobile, and embedded systems. It provides a comprehensive set of libraries, tools, and APIs, including Qt Quick for declarative UI development using QML. The vulnerability affects the Qt Quick Text component, where improper validation of width and height attributes in the tag can lead to excessive resource allocation and application unresponsiveness.
Zabbix	0.8				1		1	Zabbix is an open-source software tool to monitor IT infrastructure such as networks, servers, virtual machines, and cloud services
Apple iOS	0.7				3		3	iOS is an operating system developed and marketed by Apple Inc
Moodle	0.7				1	1	2	Moodle is a free and open-source learning management system written in PHP and distributed under the GNU General Public License
Oracle VM VirtualBox	0.7			2	7		9	Oracle VM VirtualBox is a hosted hypervisor for x86 virtualization developed by Oracle Corporation
SQLite	0.7			1			1	SQLite is a database engine written in the C programming language
cpp-httplib	0.7		1	1			2	cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library
Checkmk	0.6				1		1	Checkmk is a software system developed in Python and C++ for IT Infrastructure monitoring
Exim	0.6				1		1	Exim is a mail transfer agent (MTA) used on Unix-like operating systems
ImageMagick	0.6				2		2	ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
Libsoup	0.6				1		1	libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop to integrate well with GNOME applications and also has a synchronous API for use in CLI tools.
MongoDB	0.6				1	1	2	MongoDB is a source-available, cross-platform, document-oriented database program
Nextcloud	0.6					1	1	Nextcloud server is a self hosted personal cloud system
Python	0.6				5	2	7	Python is a high-level, general-purpose programming language
Redis	0.6			1			1	Redis is an open-source in-memory storage, used as a distributed, in-memory key–value database, cache and message broker, with optional durability
Vault	0.6			1	1		2	Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets critical in modern computing
Wireshark	0.6			2	2		4	Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
fontTools	0.6		1				1	fontTools is an open source Python library for manipulating and analyzing font files, widely used in font engineering workflows for building, converting, and inspecting fonts.
Alinto SOGo	0.5			1	1		2	SOGo is an open source groupware and webmail server developed by Alinto, providing email, calendar, and contact management through a web-based interface and standard protocols.
Bitcoin Core	0.5				3		3	Product detected by a:bitcoin:bitcoin_core (exists in CPE dict)
Cacti	0.5			1			1	Cacti is an open source operational monitoring and fault management framework
Cassandra	0.5				1	1	2	Product detected by a:apache:cassandra (exists in CPE dict)
DCMTK	0.5				1		1	DCMTK (DICOM Toolkit) is an open-source collection of libraries and applications implementing large parts of the DICOM standard, including image processing, storage, and network services for medical imaging.
Docker	0.5				1		1	Docker
Elasticsearch	0.5				2		2	Product detected by a:elastic:elasticsearch (exists in CPE dict)
Groupware	0.5				1		1	Product detected by a:horde:groupware (exists in CPE dict)
Guacamole	0.5					1	1	Product detected by a:apache:guacamole (exists in CPE dict)
HotelDruid	0.5			1			1	Product detected by a:digitaldruid:hoteldruid (exists in CPE dict)
Mongoose	0.5			1			1	Product detected by a:cesanta:mongoose (exists in CPE dict)
Portable Runtime	0.5				1		1	Product detected by a:apache:portable_runtime (exists in CPE dict)
Radare2	0.5				3		3	Radare2 is an open-source reverse engineering framework that includes tools for binary analysis, disassembly, debugging, and forensics.
Safari	0.5				10	2	12	Product detected by a:apple:safari (exists in CPE dict)
Trytond	0.5			2		1	3	Product detected by a:tryton:trytond (exists in CPE dict)
Werkzeug	0.5					1	1	Werkzeug is a comprehensive WSGI web application library
duc	0.5			1			1	Product detected by a:zevv:duc (does NOT exist in CPE dict)
forge	0.5				2		2	Product detected by a:digitalbazaar:forge (exists in CPE dict)
gokey	0.5				1		1	Product detected by a:cloudflare:gokey (does NOT exist in CPE dict)
libcoap	0.5				2		2	Product detected by a:libcoap:libcoap (exists in CPE dict)
libpng	0.5			5			5	Product detected by a:libpng:libpng (exists in CPE dict)
openbao	0.5					2	2	Product detected by a:openbao:openbao (does NOT exist in CPE dict)
pgbouncer	0.5				1		1	Product detected by a:pgbouncer:pgbouncer (exists in CPE dict)
plack-middleware-session	0.5					1	1	Product detected by a:plack:plack-middleware-session (does NOT exist in CPE dict)
urllib3	0.5				1	1	2	Product detected by a:python:urllib3 (exists in CPE dict)
wolfSSL	0.5				4		4	wolfSSL is a small, portable, embedded SSL/TLS library targeted for use by embedded systems developers
wolfssl	0.5				5		5	Product detected by a:wolfssl:wolfssl (exists in CPE dict)
Apache Tika	0.4			1			1	Apache Tika is an open source content analysis toolkit that detects and extracts metadata and structured text content from a wide range of file formats such as PDF, Microsoft Office, and multimedia files.
Gunicorn	0.4			1			1	The Gunicorn "Green Unicorn" is a Python Web Server Gateway Interface (WSGI) HTTP server
JupyterLab Extension Template	0.4		1				1	The JupyterLab Extension Template is a Copier-based project template used by developers to scaffold JupyterLab extensions, providing preconfigured project structure, tooling, tests, and GitHub Actions workflows.
Keras	0.4				1		1	High-level neural networks API, running on top of TensorFlow, allowing model building and training
phpPgAdmin	0.3			4			4	phpPgAdmin is a web-based administration tool for PostgreSQL databases, providing a browser-accessible interface for managing databases, users, schemas, and executing SQL queries.
GitHub	0.2				1		1	GitHub, Inc. is an Internet hosting service for software development and version control using Git
Unknown Product	0				36	46	82	Unknown Product

Vulnerability Type	Criticality	U	C	H	M	L	A
Remote Code Execution	1.0		2	4	10		16
Authentication Bypass	0.98		1	5	17		23
Code Injection	0.97			4	1		5
Command Injection	0.97			2	1		3
XXE Injection	0.97			1			1
Security Feature Bypass	0.9			1	19		20
Elevation of Privilege	0.85			1	2		3
Information Disclosure	0.83			1	10		11
Cross Site Scripting	0.8			3	8		11
Open Redirect	0.75			1	1		2
Denial of Service	0.7			8	45	2	55
Path Traversal	0.7				1	1	2
Incorrect Calculation	0.5				7	2	9
Memory Corruption	0.5			6	159	6	171
Spoofing	0.4			1	2		3
Unknown Vulnerability Type	0				20	295	315

Source	U	C	H	M	L	A
almalinux			2	23	4	29
altlinux		1	8	14	5	28
debian		2	28	260	292	582
oraclelinux			2	23	8	33
redhat			2	23	4	29
redos			8	17	8	33
ubuntu		1	7	34	6	48

Urgent (0)

Critical (3)

1. Remote Code Execution - JupyterLab Extension Template (CVE-2024-39700) - Critical [673]

Description: JupyterLab extension template is a `copier` template for JupyterLab extensions. Repositories created using this template with `test` option include `update-integration-tests.yml` workflow which has an RCE vulnerability. Extension authors hosting their code on GitHub are urged to upgrade the template to the latest version. Users who made changes to `update-integration-tests.yml`, accept overwriting of this file and re-apply your changes later. Users may wish to temporarily disable GitHub Actions while working on the upgrade. We recommend rebasing all open pull requests from untrusted users as actions may run using the version from the `main` branch at the time when the pull request was created. Users who are upgrading from template version prior to 4.3.0 may wish to leave out proposed changes to the release workflow for now as it requires additional configuration.

altlinux: CVE-2024-39700 was patched at 2025-12-08

2. Remote Code Execution - fontTools (CVE-2025-66034) - Critical [647]

Description: fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib (or python3 -m fontTools.varLib) script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The vulnerability affects the main() code path of fontTools.varLib, used by the fonttools varLib CLI and any code that invokes fontTools.varLib.main(). This issue has been patched in version 4.60.2.

debian: CVE-2025-66034 was patched at 2025-12-17

ubuntu: CVE-2025-66034 was patched at 2025-12-09

3. Authentication Bypass - cpp-httplib (CVE-2025-66570) - Critical [625]

Description: cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can inject headers named REMOTE_ADDR, REMOTE_PORT, LOCAL_ADDR, LOCAL_PORT that are parsed into the request header multimap via read_headers() in httplib.h (headers.emplace), then the server later appends its own internal metadata using the same header names in Server::process_request without erasing duplicates. Because Request::get_header_value returns the first entry for a header key (id == 0) and the client-supplied headers are parsed before server-inserted headers, downstream code that uses these header names may inadvertently use attacker-controlled values. Affected files/locations: cpp-httplib/httplib.h (read_headers, Server::process_request, Request::get_header_value, get_header_value_u64) and cpp-httplib/docker/main.cc (get_client_ip, nginx_access_logger, nginx_error_logger). Attack surface: attacker-controlled HTTP headers in incoming requests flow into the Request.headers multimap and into logging code that reads forwarded headers, enabling IP spoofing, log poisoning, and authorization bypass via header shadowing. This vulnerability is fixed in 0.27.0.

debian: CVE-2025-66570 was patched at 2025-12-17

High (38)

4. Remote Code Execution - Cacti (CVE-2025-66399) - High [595]

Description: Cacti is an open source performance and fault management framework. Prior to 1.2.29, there is an input-validation flaw in the SNMP device configuration functionality. An authenticated Cacti user can supply crafted SNMP community strings containing control characters (including newlines) that are accepted, stored verbatim in the database, and later embedded into backend SNMP operations. In environments where downstream SNMP tooling or wrappers interpret newline-separated tokens as command boundaries, this can lead to unintended command execution with the privileges of the Cacti process. This vulnerability is fixed in 1.2.29.

debian: CVE-2025-66399 was patched at 2025-12-17

5. Remote Code Execution - CUPS (CVE-2025-64524) - High [585]

Description: cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. In versions 2.0.1 and prior, a heap-buffer-overflow vulnerability in the rastertopclx filter causes the program to crash with a segmentation fault when processing maliciously crafted input data. This issue can be exploited to trigger memory corruption, potentially leading to arbitrary code execution. This issue has been patched via commit 956283c.

debian: CVE-2025-64524 was patched at 2025-12-17

ubuntu: CVE-2025-64524 was patched at 2025-11-20, 2025-11-24

6. XXE Injection - Apache Tika (CVE-2025-66516) - High [585]

Description: Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same vulnerability as in CVE-2025-54988. However, this CVE expands the scope of affected packages in two ways. First, while the entrypoint for the vulnerability was the tika-parser-pdf-module as reported in CVE-2025-54988, the vulnerability and its fix were in tika-core. Users who upgraded the tika-parser-pdf-module but did not upgrade tika-core to >= 3.2.2 would still be vulnerable. Second, the original report failed to mention that in the 1.x Tika releases, the PDFParser was in the "org.apache.tika:tika-parsers" module.

debian: CVE-2025-66516 was patched at 2025-12-17

7. Open Redirect - Chromium (CVE-2024-13983) - High [564]

Description: Inappropriate implementation in Lens in Google Chrome on iOS prior to 136.0.7103.59 allowed a remote attacker to perform UI spoofing via a crafted QR code. (Chromium security severity: Low)

redos: CVE-2024-13983 was patched at 2025-12-03

8. Denial of Service - Vault (CVE-2025-12044) - High [558]

Description: Vault and Vault Enterprise (“Vault”) are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for [+HCSEC-2025-24+|https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads/76393] which allowed for processing JSON payloads before applying rate limits. This vulnerability, CVE-2025-12044, is fixed in Vault Community Edition 1.21.0 and Vault Enterprise 1.16.27, 1.19.11, 1.20.5, and 1.21.0.

redos: CVE-2025-12044 was patched at 2025-11-28

9. Authentication Bypass - Trytond (CVE-2025-66423) - High [555]

Description: Tryton trytond 6.0 before 7.6.11 does not enforce access rights for the route of the HTML editor. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.

debian: CVE-2025-66423 was patched at 2025-11-27, 2025-12-17

10. Denial of Service - CUPS (CVE-2025-58436) - High [532]

Description: OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a client that connects to cupsd but sends slow messages, e.g. only one byte per second, delays cupsd as a whole, such that it becomes unusable by other clients. This issue has been patched in version 2.4.15.

debian: CVE-2025-58436 was patched at 2025-12-17

ubuntu: CVE-2025-58436 was patched at 2025-12-04

11. Denial of Service - Mongoose (CVE-2025-51495) - High [529]

Description: An integer overflow vulnerability exists in the WebSocket component of Mongoose 7.5 thru 7.17. By sending a specially crafted WebSocket request, an attacker can cause the application to crash. If downstream vendors integrate this component improperly, the issue may lead to a buffer overflow.

altlinux: CVE-2025-51495 was patched at 2025-11-21

12. Code Injection - phpPgAdmin (CVE-2025-60797) - High [520]

Description: phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in dataexport.php at line 118. The application directly executes user-supplied SQL queries from the $_REQUEST['query'] parameter without any sanitization or parameterization via $data->conn->Execute($_REQUEST['query']). An authenticated attacker can exploit this vulnerability to execute arbitrary SQL commands, potentially leading to complete database compromise, data theft, or privilege escalation.

debian: CVE-2025-60797 was patched at 2025-12-17

13. Code Injection - phpPgAdmin (CVE-2025-60798) - High [520]

Description: phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in display.php at line 396. The application passes user-controlled input from $_REQUEST['query'] directly to the browseQuery function without proper sanitization. An authenticated attacker can exploit this vulnerability to execute arbitrary SQL commands through malicious query manipulation, potentially leading to complete database compromise.

debian: CVE-2025-60798 was patched at 2025-12-17

14. Cross Site Scripting - HotelDruid (CVE-2025-55816) - High [511]

Description: HotelDruid v3.0.7 and before is vulnerable to Cross Site Scripting (XSS) in the /modifica_app.php file.

debian: CVE-2025-55816 was patched at 2025-12-17

15. Authentication Bypass - phpPgAdmin (CVE-2025-60799) - High [510]

Description: phpPgAdmin 7.13.0 and earlier contains an incorrect access control vulnerability in sql.php at lines 68-76. The application allows unauthorized manipulation of session variables by accepting user-controlled parameters ('subject', 'server', 'database', 'queryid') without proper validation or access control checks. Attackers can exploit this to store arbitrary SQL queries in $_SESSION['sqlquery'] by manipulating these parameters, potentially leading to session poisoning, stored cross-site scripting, or unauthorized access to sensitive session data.

debian: CVE-2025-60799 was patched at 2025-12-17

16. Memory Corruption - CUPS (CVE-2025-61915) - High [508]

Description: OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse the new config and cause an out-of-bound write. This issue has been patched in version 2.4.15.

debian: CVE-2025-61915 was patched at 2025-12-17

ubuntu: CVE-2025-61915 was patched at 2025-11-27

17. Authentication Bypass - Oracle VM VirtualBox (CVE-2025-61760) - High [500]

Description: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H).

redos: CVE-2025-61760 was patched at 2025-12-16

18. Cross Site Scripting - Alinto SOGo (CVE-2025-63499) - High [500]

Description: Alinto Sogo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the theme parameter.

debian: CVE-2025-63499 was patched at 2025-12-17

19. Denial of Service - Wireshark (CVE-2025-13945) - High [498]

Description: HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of service

debian: CVE-2025-13945 was patched at 2025-12-17

20. Denial of Service - Wireshark (CVE-2025-13946) - High [498]

Description: MEGACO dissector infinite loop in Wireshark 4.6.0 to 4.6.1 and 4.4.0 to 4.4.11 allows denial of service

altlinux: CVE-2025-13946 was patched at 2025-12-11

debian: CVE-2025-13946 was patched at 2025-12-17

21. Memory Corruption - duc (CVE-2025-13654) - High [494]

Description: A stack buffer overflow vulnerability exists in the buffer_get function of duc, a disk management tool, where a condition can evaluate to true due to underflow, allowing an out-of-bounds read.

debian: CVE-2025-13654 was patched at 2025-12-17

22. Information Disclosure - Trytond (CVE-2025-66422) - High [493]

Description: Tryton trytond before 7.6.11 allows remote attackers to obtain sensitive trace-back (server setup) information. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.

debian: CVE-2025-66422 was patched at 2025-11-27, 2025-12-17

23. Denial of Service - libpng (CVE-2025-64505) - High [482]

Description: LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access. This issue has been patched in version 1.6.51.

altlinux: CVE-2025-64505 was patched at 2025-11-27, 2025-12-11

debian: CVE-2025-64505 was patched at 2025-12-07, 2025-12-10, 2025-12-17

ubuntu: CVE-2025-64505 was patched at 2025-12-11

24. Cross Site Scripting - phpPgAdmin (CVE-2025-60796) - High [478]

Description: phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting (XSS) vulnerabilities across various components. User-supplied input from $_REQUEST parameters is reflected in HTML output without proper encoding or sanitization in multiple locations including sequences.php, indexes.php, admin.php, and other unspecified files. An attacker can exploit these vulnerabilities to execute arbitrary JavaScript in victims' browsers, potentially leading to session hijacking, credential theft, or other malicious actions.

debian: CVE-2025-60796 was patched at 2025-12-17

25. Memory Corruption - libpng (CVE-2025-64720) - High [470]

Description: LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha × 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.

altlinux: CVE-2025-64720 was patched at 2025-11-27, 2025-12-11

debian: CVE-2025-64720 was patched at 2025-12-10, 2025-12-17

ubuntu: CVE-2025-64720 was patched at 2025-12-11

26. Memory Corruption - libpng (CVE-2025-66293) - High [470]

Description: LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later.

altlinux: CVE-2025-66293 was patched at 2025-12-08, 2025-12-11

debian: CVE-2025-66293 was patched at 2025-12-10, 2025-12-17

27. Authentication Bypass - Oracle VM VirtualBox (CVE-2025-62592) - High [464]

Description: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

redos: CVE-2025-62592 was patched at 2025-12-16

28. Spoofing - cpp-httplib (CVE-2025-66577) - High [461]

Description: cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can supply X-Forwarded-For or X-Real-IP headers which get accepted unconditionally by get_client_ip() in docker/main.cc, causing access and error logs (nginx_access_logger / nginx_error_logger) to record spoofed client IPs (log poisoning / audit evasion). This vulnerability is fixed in 0.27.0.

debian: CVE-2025-66577 was patched at 2025-12-17

29. Memory Corruption - libpng (CVE-2025-65018) - High [458]

Description: LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.

altlinux: CVE-2025-65018 was patched at 2025-11-27, 2025-12-11

debian: CVE-2025-65018 was patched at 2025-12-10, 2025-12-17

ubuntu: CVE-2025-65018 was patched at 2025-12-11

30. Command Injection - Apache HTTP Server (CVE-2025-59775) - High [454]

Description: Server-Side Request Forgery (SSRF) vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.66, which fixes the issue.

altlinux: CVE-2025-59775 was patched at 2025-12-10, 2025-12-11

31. Code Injection - Mozilla Firefox (CVE-2025-14324) - High [449]

Description: JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.

almalinux: CVE-2025-14324 was patched at 2025-12-10, 2025-12-11

debian: CVE-2025-14324 was patched at 2025-12-10, 2025-12-14, 2025-12-17

oraclelinux: CVE-2025-14324 was patched at 2025-12-10, 2025-12-11

redhat: CVE-2025-14324 was patched at 2025-12-10, 2025-12-11

32. Memory Corruption - libpng (CVE-2025-64506) - High [446]

Description: LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_write_image_8bit function when processing 8-bit images through the simplified write API with convert_to_8bit enabled. The vulnerability affects 8-bit grayscale+alpha, RGB/RGBA, and images with incomplete row data. A conditional guard incorrectly allows 8-bit input to enter code expecting 16-bit input, causing reads up to 2 bytes beyond allocated buffer boundaries. This issue has been patched in version 1.6.51.

altlinux: CVE-2025-64506 was patched at 2025-11-27, 2025-12-11

debian: CVE-2025-64506 was patched at 2025-12-10, 2025-12-17

ubuntu: CVE-2025-64506 was patched at 2025-12-11

33. Denial of Service - SQLite (CVE-2025-52099) - High [444]

Description: A vulnerability in the setupLookaside() function of the SQLite database management system is related to an integer overflow. Exploitation of this vulnerability could allow a remote attacker to cause a denial of service.

redos: CVE-2025-52099 was patched at 2025-12-03

34. Authentication Bypass - Gunicorn (CVE-2024-7923) - High [432]

Description: An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) which are using Pulpcore version 3.0+ and could potentially enable unauthorized users to gain administrative access.

redos: CVE-2024-7923 was patched at 2025-12-03

35. Remote Code Execution - Mozilla Firefox (CVE-2025-14333) - High [430]

Description: Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5, Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.

almalinux: CVE-2025-14333 was patched at 2025-12-10, 2025-12-11

debian: CVE-2025-14333 was patched at 2025-12-10, 2025-12-14, 2025-12-17

oraclelinux: CVE-2025-14333 was patched at 2025-12-10, 2025-12-11

redhat: CVE-2025-14333 was patched at 2025-12-10, 2025-12-11

36. Code Injection - GLPI (CVE-2025-32786) - High [425]

Description: The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Versions 1.5.0 and below are vulnerable to SQL Injection. This issue is fixed in version 1.5.1.

redos: CVE-2025-32786 was patched at 2025-12-03

37. Remote Code Execution - Redis (CVE-2025-62507) - High [421]

Description: Redis is an open source, in-memory database that persists on disk. In versions 8.2.0 and above, a user can run the XACKDEL command with multiple ID's and trigger a stack buffer overflow, which may potentially lead to remote code execution. This issue is fixed in version 8.2.3. To workaround this issue without patching the redis-server executable is to prevent users from executing XACKDEL operation. This can be done using ACL to restrict XACKDEL command.

redos: CVE-2025-62507 was patched at 2025-11-25

38. Elevation of Privilege - Chromium (CVE-2025-13631) - High [416]

Description: Inappropriate implementation in Google Updater in Google Chrome on Mac prior to 143.0.7499.41 allowed a remote attacker to perform privilege escalation via a crafted file. (Chromium security severity: High)

debian: CVE-2025-13631 was patched at 2025-12-04, 2025-12-17

39. Command Injection - Netty (CVE-2025-67735) - High [401]

Description: Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the `io.netty.handler.codec.http.HttpRequestEncoder` has a CRLF injection with the request URI when constructing a request. This leads to request smuggling when `HttpRequestEncoder` is used without proper sanitization of the URI. Any application / framework using `HttpRequestEncoder` can be subject to be abused to perform request smuggling using CRLF injection. Versions 4.1.129.Final and 4.2.8.Final fix the issue.

debian: CVE-2025-67735 was patched at 2025-12-17

40. Denial of Service - The Qt Company Qt (CVE-2025-12385) - High [401]

Description: Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text component in Qt Quick. Missing validation of the width and height in the <img> tag could cause an application to become unresponsive. This issue affects Qt: from 5.0.0 through 6.5.10, from 6.6.0 through 6.8.5, from 6.9.0 through 6.10.0.

Component	Value	Weight	Comment
Exploited in the Wild	0	18	Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists	0	17	The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type	0.7	15	Denial of Service
Vulnerable Product is Common	0.8	14	Qt is a cross-platform application development framework used to build graphical user interfaces and applications for desktop, mobile, and embedded systems. It provides a comprehensive set of libraries, tools, and APIs, including Qt Quick for declarative UI development using QML. The vulnerability affects the Qt Quick Text component, where improper validation of width and height attributes in the tag can lead to excessive resource allocation and application unresponsiveness.
CVSS Base Score	0.9	10	CVSS Base Score is 8.7. According to Vulners data source
EPSS Percentile	0.3	10	EPSS Probability is 0.0012, EPSS Percentile is 0.31821

debian: CVE-2025-12385 was patched at 2025-12-17

41. Security Feature Bypass - Chromium (CVE-2025-13639) - High [401]

Description: Inappropriate implementation in WebRTC in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Low)

debian: CVE-2025-13639 was patched at 2025-12-04, 2025-12-17

Medium (303)

42. Authentication Bypass - Oracle VM VirtualBox (CVE-2025-62587) - Medium [398]

Description: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

redos: CVE-2025-62587 was patched at 2025-12-16

43. Authentication Bypass - Oracle VM VirtualBox (CVE-2025-62588) - Medium [398]

Description: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

redos: CVE-2025-62588 was patched at 2025-12-16

44. Authentication Bypass - Oracle VM VirtualBox (CVE-2025-62589) - Medium [398]

Description: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

redos: CVE-2025-62589 was patched at 2025-12-16

45. Authentication Bypass - Oracle VM VirtualBox (CVE-2025-62590) - Medium [398]

Description: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

redos: CVE-2025-62590 was patched at 2025-12-16

46. Authentication Bypass - Oracle VM VirtualBox (CVE-2025-62641) - Medium [398]

Description: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

redos: CVE-2025-62641 was patched at 2025-12-16

47. Authentication Bypass - Django (CVE-2025-65431) - Medium [396]

Description: An issue was discovered in allauth-django before 65.13.0. Both Okta and NetIQ were using preferred_username as the identifier for third-party provider accounts. That value may be mutable and should therefore be avoided for authorization decisions. The providers are now using sub instead.

debian: CVE-2025-65431 was patched at 2025-12-17

48. Authentication Bypass - Vault (CVE-2025-11621) - Medium [394]

Description: Vault and Vault Enterprise’s (“Vault”) AWS Auth method may be susceptible to authentication bypass if the role of the configured bound_principal_iam is the same across AWS accounts, or uses a wildcard. This vulnerability, CVE-2025-11621, is fixed in Vault Community Edition 1.21.0 and Vault Enterprise 1.21.0, 1.20.5, 1.19.11, and 1.16.27

redos: CVE-2025-11621 was patched at 2025-11-25, 2025-11-28

49. Denial of Service - Django (CVE-2025-64460) - Medium [394]

Description: An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in `django.core.serializers.xml_serializer.getInnerText()` allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML input processed by the XML `Deserializer`. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Seokchan Yoon for reporting this issue.

debian: CVE-2025-64460 was patched at 2025-12-17

ubuntu: CVE-2025-64460 was patched at 2025-12-02

50. Denial of Service - Python (CVE-2025-67725) - Medium [391]

Description: Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation when the same header name is repeated, causing a Denial of Service (DoS). Due to Python string immutability, each concatenation copies the entire string, resulting in O(n²) time complexity. The severity can vary from high if max_header_size has been increased from its default, to low if it has its default value of 64KB. This issue is fixed in version 6.5.3.

debian: CVE-2025-67725 was patched at 2025-12-17

51. Denial of Service - OpenSSL (CVE-2025-65493) - Medium [389]

Description: NULL pointer dereference in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS/TLS connection that triggers BIO_get_data() to return NULL.

debian: CVE-2025-65493 was patched at 2025-12-17

52. Denial of Service - OpenSSL (CVE-2025-65494) - Medium [389]

Description: NULL pointer dereference in get_san_or_cn_from_cert() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted X.509 certificate that causes sk_GENERAL_NAME_value() to return NULL.

debian: CVE-2025-65494 was patched at 2025-12-17

53. Denial of Service - OpenSSL (CVE-2025-65495) - Medium [389]

Description: Integer signedness error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted TLS certificate that causes i2d_X509() to return -1 and be misused as a malloc() size parameter.

debian: CVE-2025-65495 was patched at 2025-12-17

54. Security Feature Bypass - Mozilla Firefox (CVE-2025-14331) - Medium [389]

Description: Same-origin policy bypass in the Request Handling component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.

almalinux: CVE-2025-14331 was patched at 2025-12-10, 2025-12-11

debian: CVE-2025-14331 was patched at 2025-12-10, 2025-12-14, 2025-12-17

oraclelinux: CVE-2025-14331 was patched at 2025-12-10, 2025-12-11

redhat: CVE-2025-14331 was patched at 2025-12-10, 2025-12-11

55. Denial of Service - Bitcoin Core (CVE-2019-25220) - Medium [386]

Description: Bitcoin Core before 24.0.1 allows remote attackers to cause a denial of service (daemon crash) via a flood of low-difficulty header chains (aka a "Chain Width Expansion" attack) because a node does not first verify that a presented chain has enough work before committing to store it.

altlinux: CVE-2019-25220 was patched at 2025-12-01

56. Denial of Service - Elasticsearch (CVE-2024-43709) - Medium [386]

Description: An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception resulting in a crash via a specially crafted query using an SQL function.

redos: CVE-2024-43709 was patched at 2025-12-15

57. Information Disclosure - nftables (CVE-2025-67499) - Medium [381]

Description: The CNI portmap plugin allows containers to emulate opening a host port, forwarding that traffic to the container. Versions 1.6.0 through 1.8.0 inadvertently forward all traffic with the same destination port as the host port when the portmap plugin is configured with the nftables backend, thus ignoring the destination IP. This includes traffic not intended for the node itself, i.e. traffic to containers hosted on the node. Containers that request HostPort forwarding can intercept all traffic destined for that port. This requires that the portmap plugin be explicitly configured to use the nftables backend. This issue is fixed in version 1.9.0. To workaround, configure the portmap plugin to use the iptables backend. It does not have this vulnerability.

altlinux: CVE-2025-67499 was patched at 2025-12-15

58. Authentication Bypass - Chromium (CVE-2025-13636) - Medium [379]

Description: Inappropriate implementation in Split View in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted domain name. (Chromium security severity: Low)

debian: CVE-2025-13636 was patched at 2025-12-04, 2025-12-17

59. Security Feature Bypass - Chromium (CVE-2025-14372) - Medium [377]

Description: Use after free in Password Manager in Google Chrome prior to 143.0.7499.110 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

debian: CVE-2025-14372 was patched at 2025-12-12, 2025-12-17

60. Security Feature Bypass - Safari (CVE-2025-43427) - Medium [377]

Description: This issue was addressed through improved state management. This issue is fixed in iOS 26.1 and iPadOS 26.1, tvOS 26.1, Safari 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.

almalinux: CVE-2025-43427 was patched at 2025-12-08

debian: CVE-2025-43427 was patched at 2025-12-04, 2025-12-17

oraclelinux: CVE-2025-43427 was patched at 2025-12-08

redhat: CVE-2025-43427 was patched at 2025-12-08, 2025-12-11, 2025-12-17

ubuntu: CVE-2025-43427 was patched at 2025-12-08

61. Security Feature Bypass - Safari (CVE-2025-43430) - Medium [377]

Description: This issue was addressed through improved state management. This issue is fixed in Safari 26.1, visionOS 26.1, watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.

almalinux: CVE-2025-43430 was patched at 2025-12-08

debian: CVE-2025-43430 was patched at 2025-12-04, 2025-12-17

oraclelinux: CVE-2025-43430 was patched at 2025-12-08

redhat: CVE-2025-43430 was patched at 2025-12-08, 2025-12-11, 2025-12-17

ubuntu: CVE-2025-43430 was patched at 2025-12-08

62. Authentication Bypass - Oracle VM VirtualBox (CVE-2025-61759) - Medium [375]

Description: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).

redos: CVE-2025-61759 was patched at 2025-12-16

63. Cross Site Scripting - Safari (CVE-2025-43440) - Medium [371]

Description: This issue was addressed with improved checks This issue is fixed in Safari 26.1, visionOS 26.1, watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.

almalinux: CVE-2025-43440 was patched at 2025-12-08

debian: CVE-2025-43440 was patched at 2025-12-04, 2025-12-17

oraclelinux: CVE-2025-43440 was patched at 2025-12-08

redhat: CVE-2025-43440 was patched at 2025-12-08, 2025-12-11, 2025-12-17

ubuntu: CVE-2025-43440 was patched at 2025-12-08

64. Code Injection - Django (CVE-2025-13372) - Medium [370]

Description: An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. `FilteredRelation` is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the `**kwargs` passed to `QuerySet.annotate()` or `QuerySet.alias()` on PostgreSQL. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Stackered for reporting this issue.

debian: CVE-2025-13372 was patched at 2025-12-17

ubuntu: CVE-2025-13372 was patched at 2025-12-02

65. Incorrect Calculation - Apache HTTP Server (CVE-2025-55753) - Medium [370]

Description: An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures (~30 days in default configurations), to the backoff timer becoming 0. Attempts to renew the certificate then are repeated without delays until it succeeds. This issue affects Apache HTTP Server: from 2.4.30 before 2.4.66. Users are recommended to upgrade to version 2.4.66, which fixes the issue.

altlinux: CVE-2025-55753 was patched at 2025-12-10, 2025-12-11

debian: CVE-2025-55753 was patched at 2025-12-17

66. Information Disclosure - Checkmk (CVE-2025-39665) - Medium [367]

Description: User enumeration in Nagvis' Checkmk MultisiteAuth before version 1.9.48 allows an unauthenticated attacker to enumerate Checkmk usernames.

debian: CVE-2025-39665 was patched at 2025-12-17

67. Security Feature Bypass - Libsoup (CVE-2025-14523) - Medium [367]

Description: A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the backend interprets it as destined for another host. This discrepancy enables request-smuggling style attacks, cache poisoning, or bypassing host-based access controls when an attacker supplies duplicate Host headers.

debian: CVE-2025-14523 was patched at 2025-12-17

68. Memory Corruption - Chromium (CVE-2025-13633) - Medium [365]

Description: Use after free in Digital Credentials in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

debian: CVE-2025-13633 was patched at 2025-12-04, 2025-12-17

69. Memory Corruption - Chromium (CVE-2025-13638) - Medium [365]

Description: Use after free in Media Stream in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)

debian: CVE-2025-13638 was patched at 2025-12-04, 2025-12-17

70. Memory Corruption - Mozilla Firefox (CVE-2025-14321) - Medium [365]

Description: Use-after-free in the WebRTC: Signaling component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.

almalinux: CVE-2025-14321 was patched at 2025-12-10, 2025-12-11

debian: CVE-2025-14321 was patched at 2025-12-10, 2025-12-14, 2025-12-17

oraclelinux: CVE-2025-14321 was patched at 2025-12-10, 2025-12-11

redhat: CVE-2025-14321 was patched at 2025-12-10, 2025-12-11

71. Memory Corruption - Mozilla Firefox (CVE-2025-14330) - Medium [365]

Description: JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.

almalinux: CVE-2025-14330 was patched at 2025-12-10, 2025-12-11

debian: CVE-2025-14330 was patched at 2025-12-10, 2025-12-14, 2025-12-17

oraclelinux: CVE-2025-14330 was patched at 2025-12-10, 2025-12-11

redhat: CVE-2025-14330 was patched at 2025-12-10, 2025-12-11

72. Authentication Bypass - Oracle VM VirtualBox (CVE-2025-62591) - Medium [363]

Description: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

redos: CVE-2025-62591 was patched at 2025-12-16

73. Security Feature Bypass - pgbouncer (CVE-2025-12819) - Medium [363]

Description: Untrusted search path in auth_query connection handler in PgBouncer before 1.25.1 allows an unauthenticated attacker to execute arbitrary SQL during authentication via a malicious search_path parameter in the StartupMessage.

altlinux: CVE-2025-12819 was patched at 2025-12-05, 2025-12-08

debian: CVE-2025-12819 was patched at 2025-12-17

74. Security Feature Bypass - wolfSSL (CVE-2025-11933) - Medium [363]

Description: Improper Input Validation in the TLS 1.3 CKS extension parsing in wolfSSL 5.8.2 and earlier on multiple platforms allows a remote unauthenticated attacker to potentially cause a denial-of-service via a crafted ClientHello message with duplicate CKS extensions.

debian: CVE-2025-11933 was patched at 2025-12-17

75. Information Disclosure - Moodle (CVE-2025-62400) - Medium [360]

Description: Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information.

redos: CVE-2025-62400 was patched at 2025-11-25

76. Authentication Bypass - Chromium (CVE-2025-13634) - Medium [355]

Description: Inappropriate implementation in Downloads in Google Chrome on Windows prior to 143.0.7499.41 allowed a local attacker to bypass mark of the web via a crafted HTML page. (Chromium security severity: Medium)

debian: CVE-2025-13634 was patched at 2025-12-04, 2025-12-17

77. Authentication Bypass - Chromium (CVE-2025-13635) - Medium [355]

Description: Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a local attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

debian: CVE-2025-13635 was patched at 2025-12-04, 2025-12-17

78. Memory Corruption - Chromium (CVE-2025-13630) - Medium [353]

Description: Type Confusion in V8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

debian: CVE-2025-13630 was patched at 2025-12-04, 2025-12-17

79. Memory Corruption - Chromium (CVE-2025-13720) - Medium [353]

Description: Bad cast in Loader in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

debian: CVE-2025-13720 was patched at 2025-12-04, 2025-12-17

80. Security Feature Bypass - Chromium (CVE-2025-12905) - Medium [353]

Description: Inappropriate implementation in Downloads in Google Chrome on Windows prior to 140.0.7339.80 allowed a remote attacker to bypass Mark of the Web via a crafted HTML page. (Chromium security severity: Low)

redos: CVE-2025-12905 was patched at 2025-12-02

81. Security Feature Bypass - Chromium (CVE-2025-13632) - Medium [353]

Description: Inappropriate implementation in DevTools in Google Chrome prior to 143.0.7499.41 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. (Chromium security severity: High)

debian: CVE-2025-13632 was patched at 2025-12-04, 2025-12-17

82. Remote Code Execution - Keras (CVE-2025-12638) - Medium [352]

Description: Keras version 3.11.3 is affected by a path traversal vulnerability in the keras.utils.get_file() function when extracting tar archives. The vulnerability arises because the function uses Python's tarfile.extractall() method without the security-critical filter='data' parameter. Although Keras attempts to filter unsafe paths using filter_safe_paths(), this filtering occurs before extraction, and a PATH_MAX symlink resolution bug triggers during extraction. This bug causes symlink resolution to fail due to path length limits, resulting in a security bypass that allows files to be written outside the intended extraction directory. This can lead to arbitrary file writes outside the cache directory, enabling potential system compromise or malicious code execution. The vulnerability affects Keras installations that process tar archives with get_file() and does not affect versions where this extraction method is secured with the appropriate filter parameter.

debian: CVE-2025-12638 was patched at 2025-12-17

83. Authentication Bypass - Apple iOS (CVE-2025-66270) - Medium [351]

Description: The KDE Connect protocol 8 before 2025-11-28 does not correlate device IDs across two packets. This affects KDE Connect before 25.12 on desktop, KDE Connect before 0.5.4 on iOS, KDE Connect before 1.34.4 on Android, GSConnect before 68, and Valent before 1.0.0.alpha.49.

debian: CVE-2025-66270 was patched at 2025-11-26, 2025-11-30, 2025-12-17

ubuntu: CVE-2025-66270 was patched at 2025-12-03

84. Denial of Service - Elasticsearch (CVE-2024-52981) - Medium [351]

Description: An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow.

redos: CVE-2024-52981 was patched at 2025-12-15

85. Incorrect Calculation - Portable Runtime (CVE-2022-28331) - Medium [351]

Description: On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow.

altlinux: CVE-2022-28331 was patched at 2025-12-10

86. Denial of Service - Linux Kernel (CVE-2025-38558) - Medium [346]

Description: In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: Initialize frame-based format color matching descriptor Fix NULL pointer crash in uvcg_framebased_make due to uninitialized color matching descriptor for frame-based format which was added in commit f5e7bdd34aca ("usb: gadget: uvc: Allow creating new color matching descriptors") that added handling for uncompressed and mjpeg format. Crash is seen when userspace configuration (via configfs) does not explicitly define the color matching descriptor. If color_matching is not found, config_group_find_item() returns NULL. The code then jumps to out_put_cm, where it calls config_item_put(color_matching);. If color_matching is NULL, this will dereference a null pointer, leading to a crash. [ 2.746440] Unable to handle kernel NULL pointer dereference at virtual address 000000000000008c [ 2.756273] Mem abort info: [ 2.760080] ESR = 0x0000000096000005 [ 2.764872] EC = 0x25: DABT (current EL), IL = 32 bits [ 2.771068] SET = 0, FnV = 0 [ 2.771069] EA = 0, S1PTW = 0 [ 2.771070] FSC = 0x05: level 1 translation fault [ 2.771071] Data abort info: [ 2.771072] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000 [ 2.771073] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 2.771074] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 2.771075] user pgtable: 4k pages, 39-bit VAs, pgdp=00000000a3e59000 [ 2.771077] [000000000000008c] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000 [ 2.771081] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP [ 2.771084] Dumping ftrace buffer: [ 2.771085] (ftrace buffer empty) [ 2.771138] CPU: 7 PID: 486 Comm: ln Tainted: G W E 6.6.58-android15 [ 2.771139] Hardware name: Qualcomm Technologies, Inc. SunP QRD HDK (DT) [ 2.771140] pstate: 61400005 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 2.771141] pc : __uvcg_fill_strm+0x198/0x2cc [ 2.771145] lr : __uvcg_iter_strm_cls+0xc8/0x17c [ 2.771146] sp : ffffffc08140bbb0 [ 2.771146] x29: ffffffc08140bbb0 x28: ffffff803bc81380 x27: ffffff8023bbd250 [ 2.771147] x26: ffffff8023bbd250 x25: ffffff803c361348 x24: ffffff803d8e6768 [ 2.771148] x23: 0000000000000004 x22: 0000000000000003 x21: ffffffc08140bc48 [ 2.771149] x20: 0000000000000000 x19: ffffffc08140bc48 x18: ffffffe9f8cf4a00 [ 2.771150] x17: 000000001bf64ec3 x16: 000000001bf64ec3 x15: ffffff8023bbd250 [ 2.771151] x14: 000000000000000f x13: 004c4b40000f4240 x12: 000a2c2a00051615 [ 2.771152] x11: 000000000000004f x10: ffffffe9f76b40ec x9 : ffffffe9f7e389d0 [ 2.771153] x8 : ffffff803d0d31ce x7 : 000f4240000a2c2a x6 : 0005161500028b0a [ 2.771154] x5 : ffffff803d0d31ce x4 : 0000000000000003 x3 : 0000000000000000 [ 2.771155] x2 : ffffffc08140bc50 x1 : ffffffc08140bc48 x0 : 0000000000000000 [ 2.771156] Call trace: [ 2.771157] __uvcg_fill_strm+0x198/0x2cc [ 2.771157] __uvcg_iter_strm_cls+0xc8/0x17c [ 2.771158] uvcg_streaming_class_allow_link+0x240/0x290 [ 2.771159] configfs_symlink+0x1f8/0x630 [ 2.771161] vfs_symlink+0x114/0x1a0 [ 2.771163] do_symlinkat+0x94/0x28c [ 2.771164] __arm64_sys_symlinkat+0x54/0x70 [ 2.771164] invoke_syscall+0x58/0x114 [ 2.771166] el0_svc_common+0x80/0xe0 [ 2.771168] do_el0_svc+0x1c/0x28 [ 2.771169] el0_svc+0x3c/0x70 [ 2.771172] el0t_64_sync_handler+0x68/0xbc [ 2.771173] el0t_64_sync+0x1a8/0x1ac Initialize color matching descriptor for frame-based format to prevent NULL pointer crash by mirroring the handling done for uncompressed and mjpeg formats.

ubuntu: CVE-2025-38558 was patched at 2025-11-21, 2025-11-26, 2025-12-04, 2025-12-15

87. Denial of Service - Linux Kernel (CVE-2025-38642) - Medium [346]

Description: In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix WARN_ON for monitor mode on some devices On devices without WANT_MONITOR_VIF (and probably without channel context support) we get a WARN_ON for changing the per-link setting of a monitor interface. Since we already skip AP_VLAN interfaces and MONITOR with WANT_MONITOR_VIF and/or NO_VIRTUAL_MONITOR should update the settings, catch this in the link change code instead of the warning.

ubuntu: CVE-2025-38642 was patched at 2025-11-21, 2025-11-26, 2025-12-04, 2025-12-15

88. Denial of Service - Linux Kernel (CVE-2025-38649) - Medium [346]

Description: In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: qcs615: fix a crash issue caused by infinite loop for Coresight An infinite loop has been created by the Coresight devices. When only a source device is enabled, the coresight_find_activated_sysfs_sink function is recursively invoked in an attempt to locate an active sink device, ultimately leading to a stack overflow and system crash. Therefore, disable the replicator1 to break the infinite loop and prevent a potential stack overflow. replicator1_out -> funnel_swao_in6 -> tmc_etf_swao_in -> tmc_etf_swao_out | | replicator1_in replicator_swao_in | | replicator0_out1 replicator_swao_out0 | | replicator0_in funnel_in1_in3 | | tmc_etf_out <- tmc_etf_in <- funnel_merg_out <- funnel_merg_in1 <- funnel_in1_out [call trace] dump_backtrace+0x9c/0x128 show_stack+0x20/0x38 dump_stack_lvl+0x48/0x60 dump_stack+0x18/0x28 panic+0x340/0x3b0 nmi_panic+0x94/0xa0 panic_bad_stack+0x114/0x138 handle_bad_stack+0x34/0xb8 __bad_stack+0x78/0x80 coresight_find_activated_sysfs_sink+0x28/0xa0 [coresight] coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight] coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight] coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight] coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight] ... coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight] coresight_enable_sysfs+0x80/0x2a0 [coresight] side effect after the change: Only trace data originating from AOSS can reach the ETF_SWAO and EUD sinks.

ubuntu: CVE-2025-38649 was patched at 2025-11-21, 2025-11-26, 2025-12-04, 2025-12-15

89. Authentication Bypass - Chromium (CVE-2025-13640) - Medium [344]

Description: Inappropriate implementation in Passwords in Google Chrome prior to 143.0.7499.41 allowed a local attacker to bypass authentication via physical access to the device. (Chromium security severity: Low)

debian: CVE-2025-13640 was patched at 2025-12-04, 2025-12-17

90. Denial of Service - Python (CVE-2025-67726) - Medium [344]

Description: Tornado is a Python web framework and asynchronous networking library. Versions 6.5.2 and below use an inefficient algorithm when parsing parameters for HTTP header values, potentially causing a DoS. The _parseparam function in httputil.py is used to parse specific HTTP header values, such as those in multipart/form-data and repeatedly calls string.count() within a nested loop while processing quoted semicolons. If an attacker sends a request with a large number of maliciously crafted parameters in a Content-Disposition header, the server's CPU usage increases quadratically (O(n²)) during parsing. Due to Tornado's single event loop architecture, a single malicious request can cause the entire server to become unresponsive for an extended period. This issue is fixed in version 6.5.3.

debian: CVE-2025-67726 was patched at 2025-12-17

91. Authentication Bypass - Cassandra (CVE-2024-27137) - Medium [341]

Description: In Apache Cassandra it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and perform unauthorized operations. This is same vulnerability that CVE-2020-13946 was issued for, but the Java option was changed in JDK10. This issue affects Apache Cassandra from 4.0.2 through 5.0.2 running Java 11. Operators are recommended to upgrade to a release equal to or later than 4.0.15, 4.1.8, or 5.0.3 which fixes the issue.

redos: CVE-2024-27137 was patched at 2025-12-03

92. Denial of Service - APT (CVE-2025-6966) - Medium [341]

Description: NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service (process crash) via a crafted deb822 file with a malformed non-UTF-8 key.

debian: CVE-2025-6966 was patched at 2025-12-16, 2025-12-17

ubuntu: CVE-2025-6966 was patched at 2025-12-09

93. Denial of Service - OpenSSL (CVE-2025-65496) - Medium [341]

Description: NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.

debian: CVE-2025-65496 was patched at 2025-12-17

94. Denial of Service - OpenSSL (CVE-2025-65497) - Medium [341]

Description: NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.

debian: CVE-2025-65497 was patched at 2025-12-17

95. Denial of Service - OpenSSL (CVE-2025-65498) - Medium [341]

Description: NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.

debian: CVE-2025-65498 was patched at 2025-12-17

96. Denial of Service - OpenSSL (CVE-2025-65499) - Medium [341]

Description: Array index error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_ex_data_X509_STORE_CTX_idx() to return -1.

debian: CVE-2025-65499 was patched at 2025-12-17

97. Denial of Service - OpenSSL (CVE-2025-65500) - Medium [341]

Description: NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.

debian: CVE-2025-65500 was patched at 2025-12-17

98. Memory Corruption - Chromium (CVE-2025-13721) - Medium [341]