Report Name: Linux Patch Wednesday September 2025
Generated: 2025-09-29 17:09:05

Product Name	Prevalence	U	C	H	M	L	A	Comment
Django	0.9		1				1	Django is a high-level Python web framework that encourages rapid development and clean, pragmatic design. It provides built-in tools for database models, authentication, URL routing, templates, and security features, making it one of the most widely used frameworks for building scalable and maintainable web applications.
Linux Kernel	0.9				200	352	552	The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CUPS	0.8		1	1			2	CUPS is a modular printing system for Unix-like computer operating systems which allows a computer to act as a print server
Chromium	0.8	1		2	8		11	Chromium is a free and open-source web browser project, mainly developed and maintained by Google
Mozilla Firefox	0.8		1	7	17		25	Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
Netty	0.8		1	1			2	Netty is a non-blocking I/O client-server framework for the development of Java network applications such as protocol servers and clients
Zabbix	0.8			2	2		4	Zabbix is an open-source software tool to monitor IT infrastructure such as networks, servers, virtual machines, and cloud services
Asterisk	0.7		1		2		3	Asterisk is a free and open source framework for building communications applications and is sponsored by Sangoma
BIND	0.7				1		1	BIND is a suite of software for interacting with the Domain Name System
Curl	0.7			1	1	1	3	Curl is a command-line tool for transferring data specified with URL syntax
FFmpeg	0.7			1			1	FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
Kubernetes	0.7				1	2	3	Kubernetes is an open-source container orchestration system for automating software deployment, scaling, and management
Moodle	0.7					1	1	Moodle is a free and open-source learning management system written in PHP and distributed under the GNU General Public License
Oracle MySQL	0.7				1		1	MySQL is an open-source relational database management system
vim	0.7			1			1	Vim is a free and open-source, screen-based text editor program
GNU Screen	0.6			1	1		2	GNU Screen is a terminal multiplexer that allows multiple virtual terminal sessions to be accessed and controlled from a single physical terminal. It supports session detaching/reattaching, multiple windows, logging, and scripting — and historically is distributed as part of the GNU Project for use on Unix-like systems. When run with setuid-root privileges (as in CVE-2025-23395), Screen may perform privileged file operations on user-supplied paths without dropping elevated privileges, enabling unprivileged users to create root-owned files and potentially escalate to root.
ImageMagick	0.6		1	3			4	ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
Jetty	0.6				1		1	Jetty is a Java based web server and servlet engine
Libsoup	0.6					1	1	libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop to integrate well with GNOME applications and also has a synchronous API for use in CLI tools.
Perl	0.6				3		3	Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
Python	0.6			1	1		2	Python is a high-level, general-purpose programming language
UDisks	0.6			1			1	UDisks is a system service daemon that provides interfaces to enumerate, query, and manage storage devices such as hard drives, SSDs, removable media, and loop devices. It exposes functionality over the D-Bus system bus, allowing unprivileged applications to perform safe disk operations while privileged actions are mediated by PolicyKit.
Vault	0.6				6	3	9	Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets critical in modern computing
Wireshark	0.6				1		1	Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
libxml2	0.6				1		1	libxml2 is an XML toolkit implemented in C, originally developed for the GNOME Project
Axios	0.5			1			1	Product detected by a:axios:axios (exists in CPE dict)
Cacti	0.5			1			1	Cacti is an open source operational monitoring and fault management framework
CivetWeb	0.5		1				1	Product detected by a:civetweb_project:civetweb (exists in CPE dict)
DCMTK	0.5				1		1	Product detected by a:offis:dcmtk (exists in CPE dict)
Jackrabbit	0.5			1			1	Product detected by a:apache:jackrabbit (exists in CPE dict)
Node.js pbkdf2	0.5			1			1	The crypto.pbkdf2(), also known as Password-Based Key Derivation function, provides an asynchronous implementation of the derivative function. A key is derived by using the Hmac digest of a specified algorithm from password, salt and iterations.
OAuth2 Proxy	0.5		1				1	Product detected by a:oauth2_proxy_project:oauth2_proxy (exists in CPE dict)
Pcre2	0.5			1			1	Product detected by a:pcre:pcre2 (exists in CPE dict)
Rexml	0.5				1		1	Product detected by a:ruby-lang:rexml (exists in CPE dict)
Tika	0.5				1		1	Product detected by a:apache:tika (exists in CPE dict)
Yarn	0.5			1			1	Product detected by a:yarnpkg:yarn (exists in CPE dict)
adminer	0.5			1			1	Product detected by a:adminer:adminer (exists in CPE dict)
cipher-base	0.5			1			1	Product detected by a:browserify:cipher-base (does NOT exist in CPE dict)
cjson	0.5			1			1	Product detected by a:davegamble:cjson (does NOT exist in CPE dict)
eventlet	0.5				1		1	Product detected by a:eventlet:eventlet (exists in CPE dict)
exiv2	0.5			1	1		2	Product detected by a:exiv2:exiv2 (exists in CPE dict)
keycloak	0.5				2		2	Product detected by a:redhat:keycloak (exists in CPE dict)
libbiosig	0.5		23	1			24	Product detected by a:libbiosig_project:libbiosig (does NOT exist in CPE dict)
libsixel	0.5			1			1	Product detected by a:libsixel_project:libsixel (exists in CPE dict)
libsndfile	0.5			1			1	Product detected by a:libsndfile_project:libsndfile (exists in CPE dict)
log4cxx	0.5				2		2	Product detected by a:apache:log4cxx (exists in CPE dict)
lrzip	0.5			1			1	Product detected by a:ckolivas:lrzip (does NOT exist in CPE dict)
moby	0.5					1	1	Product detected by a:mobyproject:moby (exists in CPE dict)
openbao	0.5			1	4	2	7	Product detected by a:openbao:openbao (does NOT exist in CPE dict)
openshift_container_platform	0.5					1	1	Product detected by a:redhat:openshift_container_platform (exists in CPE dict)
sail	0.5		8				8	Product detected by a:sail:sail (does NOT exist in CPE dict)
sha.js	0.5			1			1	Product detected by a:browserify:sha.js (does NOT exist in CPE dict)
spim	0.5			1			1	Product detected by a:spimsimulator:spim (does NOT exist in CPE dict)
xen	0.5				5		5	Product detected by o:xen:xen (exists in CPE dict)
Azure	0.4				2		2	Azure
Spring Framework	0.4					1	1	SThe Spring Framework is an application framework and inversion of control container for the Java platform
libretro-common	0.4				1		1	libretro-common is a collection of reusable coding blocks and utilities (primarily written in C) used by libretro cores and frontends to simplify common tasks such as filesystem handling, CDFS parsing, and platform portability. It is widely used across the libretro ecosystem (RetroArch and cores) for shared functionality.
jqlang jq	0.3			1			1	jq is a lightweight and flexible command-line JSON processor, allowing powerful querying and manipulation of JSON data streams.
GitHub	0.2				1	1	2	GitHub, Inc. is an Internet hosting service for software development and version control using Git
Unknown Product	0				21	12	33	Unknown Product

Vulnerability Type	Criticality	U	C	H	M	L	A
Remote Code Execution	1.0		34	10	2		46
Authentication Bypass	0.98		2	1	7		10
Code Injection	0.97		1	1	1		3
Command Injection	0.97		1	1	5		7
XXE Injection	0.97				1		1
Security Feature Bypass	0.9			9	7		16
Elevation of Privilege	0.85			2			2
Information Disclosure	0.83			1	7		8
Cross Site Scripting	0.8				4		4
Open Redirect	0.75				3		3
Denial of Service	0.7		1	6	27	1	35
Path Traversal	0.7				1		1
Incorrect Calculation	0.5			1	3	3	7
Memory Corruption	0.5	1		7	207	3	218
Spoofing	0.4			1	4		5
Unknown Vulnerability Type	0				11	371	382

Source	U	C	H	M	L	A
almalinux		1		3		4
altlinux		4	11	24	3	42
debian	1	36	31	259	367	694
oraclelinux		1	4	11	4	20
redhat		1	5	9	1	16
redos		1	6	14	9	30
ubuntu		2	5	4	2	13

Urgent (1)

1. Memory Corruption - Chromium (CVE-2025-10585) - Urgent [853]

Description: Type confusion in V8 in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

debian: CVE-2025-10585 was patched at 2025-09-16, 2025-09-19

Critical (39)

2. Remote Code Execution - CivetWeb (CVE-2025-55763) - Critical [666]

Description: Buffer Overflow in the URI parser of CivetWeb 1.14 through 1.16 (latest) allows a remote attacker to achieve remote code execution via a crafted HTTP request. This vulnerability is triggered during request processing and may allow an attacker to corrupt heap memory, potentially leading to denial of service or arbitrary code execution.

debian: CVE-2025-55763 was patched at 2025-08-31

3. Remote Code Execution - ImageMagick (CVE-2025-55298) - Critical [659]

Description: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and 7.1.2-2, a format string bug vulnerability exists in InterpretImageFilename function where user input is directly passed to FormatLocaleString without proper sanitization. An attacker can overwrite arbitrary memory regions, enabling a wide range of attacks from heap overflow to remote code execution. This issue has been patched in versions 6.9.13-28 and 7.1.2-2.

altlinux: CVE-2025-55298 was patched at 2025-09-09

debian: CVE-2025-55298 was patched at 2025-08-31, 2025-09-12

4. Authentication Bypass - OAuth2 Proxy (CVE-2025-54576) - Critical [639]

Description: OAuth2-Proxy is an open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing reverse proxy or load balancer setups. In versions 7.10.0 and below, oauth2-proxy deployments are vulnerable when using the skip_auth_routes configuration option with regex patterns. Attackers can bypass authentication by crafting URLs with query parameters that satisfy configured regex patterns, allowing unauthorized access to protected resources. The issue stems from skip_auth_routes matching against the full request URI. Deployments using skip_auth_routes with regex patterns containing wildcards or broad matching patterns are most at risk. This issue is fixed in version 7.11.0. Workarounds include: auditing all skip_auth_routes configurations for overly permissive patterns, replacing wildcard patterns with exact path matches where possible, ensuring regex patterns are properly anchored (starting with ^ and ending with $), or implementing custom validation that strips query parameters before regex matching.

altlinux: CVE-2025-54576 was patched at 2025-09-12

5. Remote Code Execution - Asterisk (CVE-2025-49832) - Critical [628]

Description: Asterisk is an open source private branch exchange and telephony toolkit. In versions up to and including 18.26.2, between 20.00.0 and 20.15.0, 20.7-cert6, 21.00.0, 22.00.0 through 22.5.0, there is a remote DoS and possible RCE condition in `asterisk/res/res_stir_shaken /verification.c` that can be exploited when an attacker can set an arbitrary Identity header, or STIR/SHAKEN is enabled, with verification set in the SIP profile associated with the endpoint to be attacked. This is fixed in versions 18.26.3, 20.7-cert6, 20.15.1, 21.10.1 and 22.5.1.

altlinux: CVE-2025-49832 was patched at 2025-09-05

6. Remote Code Execution - libbiosig (CVE-2025-46411) - Critical [619]

Description: A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

debian: CVE-2025-46411 was patched at 2025-08-31

7. Remote Code Execution - libbiosig (CVE-2025-48005) - Critical [619]

Description: A heap-based buffer overflow vulnerability exists in the RHS2000 parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted RHS2000 file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

debian: CVE-2025-48005 was patched at 2025-08-31

8. Remote Code Execution - libbiosig (CVE-2025-52581) - Critical [619]

Description: An integer overflow vulnerability exists in the GDF parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted GDF file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

debian: CVE-2025-52581 was patched at 2025-08-31

9. Remote Code Execution - libbiosig (CVE-2025-53511) - Critical [619]

Description: A heap-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

debian: CVE-2025-53511 was patched at 2025-08-31

10. Remote Code Execution - libbiosig (CVE-2025-53518) - Critical [619]

Description: An integer overflow vulnerability exists in the ABF parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted ABF file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

debian: CVE-2025-53518 was patched at 2025-08-31

11. Remote Code Execution - libbiosig (CVE-2025-53557) - Critical [619]

Description: A heap-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

debian: CVE-2025-53557 was patched at 2025-08-31

12. Remote Code Execution - libbiosig (CVE-2025-53853) - Critical [619]

Description: A heap-based buffer overflow vulnerability exists in the ISHNE parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted ISHNE ECG annotations file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

debian: CVE-2025-53853 was patched at 2025-08-31

13. Remote Code Execution - libbiosig (CVE-2025-54462) - Critical [619]

Description: A heap-based buffer overflow vulnerability exists in the Nex parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted .nex file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

debian: CVE-2025-54462 was patched at 2025-08-31

14. Remote Code Execution - libbiosig (CVE-2025-54480) - Critical [619]

Description: A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8719 of biosig.c on the current master branch (35a819fa), when the Tag is 0: if (tag==0) { if (len!=1) fprintf(stderr,"Warning MFER tag0 incorrect length %i!=1\n",len); curPos += ifread(buf,1,len,hdr); }

debian: CVE-2025-54480 was patched at 2025-08-31

15. Remote Code Execution - libbiosig (CVE-2025-54481) - Critical [619]

Description: A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8744 of biosig.c on the current master branch (35a819fa), when the Tag is 3: else if (tag==3) { // character code char v[17]; // [1] if (len>16) fprintf(stderr,"Warning MFER tag2 incorrect length %i>16\n",len); curPos += ifread(&v,1,len,hdr); v[len] = 0; In this case, the overflowed buffer is the newly-declared `v` \[1\] instead of `buf`. Since `v` is only 17 bytes large, much smaller values of `len` (even those encoded using a single octet) can trigger an overflow in this code path.

debian: CVE-2025-54481 was patched at 2025-08-31

16. Remote Code Execution - libbiosig (CVE-2025-54482) - Critical [619]

Description: A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8751 of biosig.c on the current master branch (35a819fa), when the Tag is 4: else if (tag==4) { // SPR if (len>4) fprintf(stderr,"Warning MFER tag4 incorrect length %i>4\n",len); curPos += ifread(buf,1,len,hdr);

debian: CVE-2025-54482 was patched at 2025-08-31

17. Remote Code Execution - libbiosig (CVE-2025-54483) - Critical [619]

Description: A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8759 of biosig.c on the current master branch (35a819fa), when the Tag is 5: else if (tag==5) //0x05: number of channels { uint16_t oldNS=hdr->NS; if (len>4) fprintf(stderr,"Warning MFER tag5 incorrect length %i>4\n",len); curPos += ifread(buf,1,len,hdr);

debian: CVE-2025-54483 was patched at 2025-08-31

18. Remote Code Execution - libbiosig (CVE-2025-54484) - Critical [619]

Description: A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8779 of biosig.c on the current master branch (35a819fa), when the Tag is 6: else if (tag==6) // 0x06 "number of sequences" { // NRec if (len>4) fprintf(stderr,"Warning MFER tag6 incorrect length %i>4\n",len); curPos += ifread(buf,1,len,hdr);

debian: CVE-2025-54484 was patched at 2025-08-31

19. Remote Code Execution - libbiosig (CVE-2025-54485) - Critical [619]

Description: A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8785 of biosig.c on the current master branch (35a819fa), when the Tag is 8: else if (tag==8) { if (len>2) fprintf(stderr,"Warning MFER tag8 incorrect length %i>2\n",len); curPos += ifread(buf,1,len,hdr);

debian: CVE-2025-54485 was patched at 2025-08-31

20. Remote Code Execution - libbiosig (CVE-2025-54486) - Critical [619]

Description: A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8824 of biosig.c on the current master branch (35a819fa), when the Tag is 11: else if (tag==11) //0x0B { // Fs if (len>6) fprintf(stderr,"Warning MFER tag11 incorrect length %i>6\n",len); double fval; curPos += ifread(buf,1,len,hdr);

debian: CVE-2025-54486 was patched at 2025-08-31

21. Remote Code Execution - libbiosig (CVE-2025-54487) - Critical [619]

Description: A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8842 of biosig.c on the current master branch (35a819fa), when the Tag is 12: else if (tag==12) //0x0C { // sampling resolution if (len>6) fprintf(stderr,"Warning MFER tag12 incorrect length %i>6\n",len); val32 = 0; int8_t v8; curPos += ifread(&UnitCode,1,1,hdr); curPos += ifread(&v8,1,1,hdr); curPos += ifread(buf,1,len-2,hdr); In addition to values of `len` greater than 130 triggering a buffer overflow, a value of `len` smaller than 2 will also trigger a buffer overflow due to an integer underflow when computing `len-2` in this code path.

debian: CVE-2025-54487 was patched at 2025-08-31

22. Remote Code Execution - libbiosig (CVE-2025-54488) - Critical [619]

Description: A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8850 of biosig.c on the current master branch (35a819fa), when the Tag is 13: else if (tag==13) { if (len>8) fprintf(stderr,"Warning MFER tag13 incorrect length %i>8\n",len); curPos += ifread(&buf,1,len,hdr);

debian: CVE-2025-54488 was patched at 2025-08-31

23. Remote Code Execution - libbiosig (CVE-2025-54489) - Critical [619]

Description: A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8970 of biosig.c on the current master branch (35a819fa), when the Tag is 63: else if (tag==63) { uint8_t tag2=255, len2=255; count = 0; while ((count<len) && !(FlagInfiniteLength && len2==0 && tag2==0)){ curPos += ifread(&tag2,1,1,hdr); curPos += ifread(&len2,1,1,hdr); if (VERBOSE_LEVEL==9) fprintf(stdout,"MFER: tag=%3i chan=%2i len=%-4i tag2=%3i len2=%3i curPos=%i %li count=%4i\n",tag,chan,len,tag2,len2,curPos,iftell(hdr),(int)count); if (FlagInfiniteLength && len2==0 && tag2==0) break; count += (2+len2); curPos += ifread(&buf,1,len2,hdr); Here, the number of bytes read is not the Data Length decoded from the current frame in the file (`len`) but rather is a new length contained in a single octet read from the same input file (`len2`). Despite this, a stack-based buffer overflow condition can still occur, as the destination buffer is still `buf`, which has a size of only 128 bytes, while `len2` can be as large as 255.

debian: CVE-2025-54489 was patched at 2025-08-31

24. Remote Code Execution - libbiosig (CVE-2025-54490) - Critical [619]

Description: A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 9090 of biosig.c on the current master branch (35a819fa), when the Tag is 64: else if (tag==64) //0x40 { // preamble char tmp[256]; // [1] curPos += ifread(tmp,1,len,hdr); In this case, the overflowed buffer is the newly-declared `tmp` \[1\] instead of `buf`. While `tmp` is larger than `buf`, having a size of 256 bytes, a stack overflow can still occur in cases where `len` is encoded using multiple octets and is greater than 256.

debian: CVE-2025-54490 was patched at 2025-08-31

25. Remote Code Execution - libbiosig (CVE-2025-54491) - Critical [619]

Description: A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 9191 of biosig.c on the current master branch (35a819fa), when the Tag is 65: else if (tag==65) //0x41: patient event { // event table curPos += ifread(buf,1,len,hdr);

debian: CVE-2025-54491 was patched at 2025-08-31

26. Remote Code Execution - libbiosig (CVE-2025-54492) - Critical [619]

Description: A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 9141 of biosig.c on the current master branch (35a819fa), when the Tag is 67: else if (tag==67) //0x43: Sample skew { int skew=0; // [1] curPos += ifread(&skew, 1, len,hdr); In this case, the address of the newly-defined integer `skew` \[1\] is overflowed instead of `buf`. This means a stack overflow can occur using much smaller values of `len` in this code path.

debian: CVE-2025-54492 was patched at 2025-08-31

27. Remote Code Execution - libbiosig (CVE-2025-54493) - Critical [619]

Description: A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 9184 of biosig.c on the current master branch (35a819fa), when the Tag is 131: else if (tag==131) //0x83 { // Patient Age if (len!=7) fprintf(stderr,"Warning MFER tag131 incorrect length %i!=7\n",len); curPos += ifread(buf,1,len,hdr);

debian: CVE-2025-54493 was patched at 2025-08-31

28. Remote Code Execution - libbiosig (CVE-2025-54494) - Critical [619]

Description: A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 9205 of biosig.c on the current master branch (35a819fa), when the Tag is 133: else if (tag==133) //0x85 { curPos += ifread(buf,1,len,hdr);

debian: CVE-2025-54494 was patched at 2025-08-31

29. Remote Code Execution - sail (CVE-2025-32468) - Critical [619]

Description: A memory corruption vulnerability exists in the BMPv3 Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, an integer overflow can be made to occur when calculating the stride for decoding. Afterwards, this will cause a heap-based buffer to overflow when decoding the image which can lead to remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.

debian: CVE-2025-32468 was patched at 2025-08-31

30. Remote Code Execution - sail (CVE-2025-35984) - Critical [619]

Description: A memory corruption vulnerability exists in the PCX Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decoding the image data from a specially crafted .pcx file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.

debian: CVE-2025-35984 was patched at 2025-08-31

31. Remote Code Execution - sail (CVE-2025-46407) - Critical [619]

Description: A memory corruption vulnerability exists in the BMPv3 Palette Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, an integer overflow can be made to occur which will cause a heap-based buffer to overflow when reading the palette from the image. These conditions can allow for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.

debian: CVE-2025-46407 was patched at 2025-08-31

32. Remote Code Execution - sail (CVE-2025-50129) - Critical [619]

Description: A memory corruption vulnerability exists in the PCX Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decoding the image data from a specially crafted .tga file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.

debian: CVE-2025-50129 was patched at 2025-08-31

33. Remote Code Execution - sail (CVE-2025-52456) - Critical [619]

Description: A memory corruption vulnerability exists in the WebP Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .webp animation an integer overflow can be made to occur when calculating the stride for decoding. Afterwards, this will cause a heap-based buffer to overflow when decoding the image which can lead to remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.

debian: CVE-2025-52456 was patched at 2025-08-31

34. Remote Code Execution - sail (CVE-2025-52930) - Critical [619]

Description: A memory corruption vulnerability exists in the BMPv3 RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decompressing the image data from a specially crafted .bmp file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.

debian: CVE-2025-52930 was patched at 2025-08-31

35. Remote Code Execution - sail (CVE-2025-53085) - Critical [619]

Description: A memory corruption vulnerability exists in the PSD RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decompressing the image data from a specially crafted .psd file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.

debian: CVE-2025-53085 was patched at 2025-08-31

36. Remote Code Execution - sail (CVE-2025-53510) - Critical [619]

Description: A memory corruption vulnerability exists in the PSD Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .psd file, an integer overflow can be made to occur when calculating the stride for decoding. Afterwards, this will cause a heap-based buffer to overflow when decoding the image which can lead to remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.

debian: CVE-2025-53510 was patched at 2025-08-31

37. Command Injection - Netty (CVE-2025-58056) - Critical [616]

Description: Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions 4.1.124.Final, and 4.2.0.Alpha3 through 4.2.4.Final, Netty incorrectly accepts standalone newline characters (LF) as a chunk-size line terminator, regardless of a preceding carriage return (CR), instead of requiring CRLF per HTTP/1.1 standards. When combined with reverse proxies that parse LF differently (treating it as part of the chunk extension), attackers can craft requests that the proxy sees as one request but Netty processes as two, enabling request smuggling attacks. This is fixed in versions 4.1.125.Final and 4.2.5.Final.

debian: CVE-2025-58056 was patched at 2025-09-16

38. Denial of Service - Mozilla Firefox (CVE-2024-10004) - Critical [615]

Description: Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This vulnerability affects Firefox for iOS < 131.2.

altlinux: CVE-2024-10004 was patched at 2025-09-11

39. Code Injection - Django (CVE-2025-57833) - Critical [608]

Description: An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed QuerySet.annotate() or QuerySet.alias().

debian: CVE-2025-57833 was patched at 2025-09-15, 2025-09-16

redos: CVE-2025-57833 was patched at 2025-09-24

ubuntu: CVE-2025-57833 was patched at 2025-09-03

40. Authentication Bypass - CUPS (CVE-2025-58060) - Critical [605]

Description: OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the `AuthType` is set to anything but `Basic`, if the request contains an `Authorization: Basic ...` header, the password is not checked. This results in authentication bypass. Any configuration that allows an `AuthType` that is not `Basic` is affected. Version 2.4.13 fixes the issue.

almalinux: CVE-2025-58060 was patched at 2025-09-11

debian: CVE-2025-58060 was patched at 2025-09-11, 2025-09-16

oraclelinux: CVE-2025-58060 was patched at 2025-09-11, 2025-09-12

redhat: CVE-2025-58060 was patched at 2025-09-11, 2025-09-24

ubuntu: CVE-2025-58060 was patched at 2025-09-11

High (40)

41. Remote Code Execution - libsndfile (CVE-2025-52194) - High [595]

Description: A buffer overflow vulnerability exists in libsndfile version 1.2.2 and potentially earlier versions when processing malformed IRCAM audio files. The vulnerability occurs in the ircam_read_header function at src/ircam.c:164 during sample rate processing, leading to memory corruption and potential code execution.

debian: CVE-2025-52194 was patched at 2025-08-31

42. Security Feature Bypass - CUPS (CVE-2025-58364) - High [591]

Description: OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, an unsafe deserialization and validation of printer attributes causes null dereference in the libcups library. This is a remote DoS vulnerability available in local subnet in default configurations. It can cause the cups & cups-browsed to crash, on all the machines in local network who are listening for printers (so by default for all regular linux machines). On systems where the vulnerability CVE-2024-47176 (cups-filters 1.x/cups-browsed 2.x vulnerability) was not fixed, and the firewall on the machine does not reject incoming communication to IPP port, and the machine is set to be available to public internet, attack vector "Network" is possible. The current versions of CUPS and cups-browsed projects have the attack vector "Adjacent" in their default configurations. Version 2.4.13 contains a patch for CVE-2025-58364.

debian: CVE-2025-58364 was patched at 2025-09-11, 2025-09-16

oraclelinux: CVE-2025-58364 was patched at 2025-09-11, 2025-09-12

redhat: CVE-2025-58364 was patched at 2025-09-11, 2025-09-24

ubuntu: CVE-2025-58364 was patched at 2025-09-11

43. Security Feature Bypass - Node.js pbkdf2 (CVE-2025-6547) - High [589]

Description: Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation.This issue affects pbkdf2: <=3.1.2.

redos: CVE-2025-6547 was patched at 2025-08-27

44. Security Feature Bypass - adminer (CVE-2025-43960) - High [589]

Description: Adminer 4.8.1, when using Monolog for logging, allows a Denial of Service (memory consumption) via a crafted serialized payload (e.g., using s:1000000000), leading to a PHP Object Injection issue. Remote, unauthenticated attackers can trigger this by sending a malicious serialized object, which forces excessive memory usage, rendering Adminer’s interface unresponsive and causing a server-level DoS. While the server may recover after several minutes, multiple simultaneous requests can cause a complete crash requiring manual intervention.

debian: CVE-2025-43960 was patched at 2025-08-31

45. Security Feature Bypass - cipher-base (CVE-2025-9287) - High [589]

Description: Improper Input Validation vulnerability in cipher-base allows Input Data Manipulation.This issue affects cipher-base: through 1.0.4.

debian: CVE-2025-9287 was patched at 2025-08-26, 2025-08-31

ubuntu: CVE-2025-9287 was patched at 2025-09-11

46. Security Feature Bypass - sha.js (CVE-2025-9288) - High [589]

Description: Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11.

debian: CVE-2025-9288 was patched at 2025-08-31, 2025-09-16

47. Denial of Service - ImageMagick (CVE-2025-55212) - High [558]

Description: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2, passing a geometry string containing only a colon (":") to montage -geometry leads GetGeometry() to set width/height to 0. Later, ThumbnailImage() divides by these zero dimensions, triggering a crash (SIGFPE/abort), resulting in a denial of service. This issue has been patched in versions 6.9.13-28 and 7.1.2-2.

altlinux: CVE-2025-55212 was patched at 2025-09-09

debian: CVE-2025-55212 was patched at 2025-08-31, 2025-09-12

ubuntu: CVE-2025-55212 was patched at 2025-09-18

48. Denial of Service - Netty (CVE-2025-58057) - High [555]

Description: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with specially crafted input, BrotliDecoder and certain other decompression decoders will allocate a large number of reachable byte buffers, which can lead to denial of service. BrotliDecoder.decompress has no limit in how often it calls pull, decompressing data 64K bytes at a time. The buffers are saved in the output list, and remain reachable until OOM is hit. This is fixed in versions 4.1.125.Final of netty-codec and 4.2.5.Final of netty-codec-compression.

debian: CVE-2025-58057 was patched at 2025-09-16

49. Information Disclosure - Pcre2 (CVE-2025-58050) - High [552]

Description: The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerability exists in the PCRE2 regular expression matching engine, specifically within the handling of the (*scs:...) (Scan SubString) verb when combined with (*ACCEPT) in src/pcre2_match.c. This vulnerability may potentially lead to information disclosure if the out-of-bounds data read during the memcmp affects the final match result in a way observable by the attacker. This issue has been resolved in version 10.46.

altlinux: CVE-2025-58050 was patched at 2025-09-06

debian: CVE-2025-58050 was patched at 2025-08-31

50. Spoofing - Mozilla Firefox (CVE-2025-8043) - High [550]

Description: Focus incorrectly truncated URLs towards the beginning instead of around the origin. This vulnerability affects Firefox < 141 and Thunderbird < 141.

altlinux: CVE-2025-8043 was patched at 2025-09-03, 2025-09-24

51. Elevation of Privilege - GNU Screen (CVE-2025-23395) - High [549]

Description: Screen 5.0.0 when it runs with setuid-root privileges does not drop privileges while operating on a user supplied path. This allows unprivileged users to create files in arbitrary locations with `root` ownership, the invoking user's (real) group ownership and file mode 0644. All data written to the Screen PTY will be logged into this file, allowing to escalate to root privileges

redos: CVE-2025-23395 was patched at 2025-09-10

52. Elevation of Privilege - UDisks (CVE-2025-8067) - High [549]

Description: A flaw was found in the Udisks daemon, where it allows unprivileged users to create loop devices using the D-BUS system. This is achieved via the loop device handler, which handles requests sent through the D-BUS interface. As two of the parameters of this handle, it receives the file descriptor list and index specifying the file where the loop device should be backed. The function itself validates the index value to ensure it isn't bigger than the maximum value allowed. However, it fails to validate the lower bound, allowing the index parameter to be a negative value. Under these circumstances, an attacker can cause the UDisks daemon to crash or perform a local privilege escalation by gaining access to files owned by privileged users.

debian: CVE-2025-8067 was patched at 2025-08-28, 2025-08-31

oraclelinux: CVE-2025-8067 was patched at 2025-09-02, 2025-09-03

redhat: CVE-2025-8067 was patched at 2025-09-02, 2025-09-16, 2025-09-17, 2025-09-18

ubuntu: CVE-2025-8067 was patched at 2025-08-28

53. Memory Corruption - cjson (CVE-2025-57052) - High [529]

Description: cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters.

debian: CVE-2025-57052 was patched at 2025-09-14, 2025-09-16

54. Incorrect Calculation - ImageMagick (CVE-2025-57803) - High [522]

Description: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2 for ImageMagick's 32-bit build, a 32-bit integer overflow in the BMP encoder’s scanline-stride computation collapses bytes_per_line (stride) to a tiny value while the per-row writer still emits 3 × width bytes for 24-bpp images. The row base pointer advances using the (overflowed) stride, so the first row immediately writes past its slot and into adjacent heap memory with attacker-controlled bytes. This is a classic, powerful primitive for heap corruption in common auto-convert pipelines. This issue has been patched in versions 6.9.13-28 and 7.1.2-2.

altlinux: CVE-2025-57803 was patched at 2025-09-09

debian: CVE-2025-57803 was patched at 2025-08-31, 2025-09-12

redhat: CVE-2025-57803 was patched at 2025-09-22

redos: CVE-2025-57803 was patched at 2025-09-05

55. Memory Corruption - ImageMagick (CVE-2025-57807) - High [522]

Description: ImageMagick is free and open-source software used for editing and manipulating digital images. ImageMagick versions lower than 14.8.2 include insecure functions: SeekBlob(), which permits advancing the stream offset beyond the current end without increasing capacity, and WriteBlob(), which then expands by quantum + length (amortized) instead of offset + length, and copies to data + offset. When offset ≫ extent, the copy targets memory beyond the allocation, producing a deterministic heap write on 64-bit builds. No 2⁶⁴ arithmetic wrap, external delegates, or policy settings are required. This is fixed in version 14.8.2.

debian: CVE-2025-57807 was patched at 2025-09-12, 2025-09-16

ubuntu: CVE-2025-57807 was patched at 2025-09-18

56. Denial of Service - Axios (CVE-2025-58754) - High [505]

Description: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to version 1.11.0 runs on Node.js and is given a URL with the `data:` scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory (`Buffer`/`Blob`) and returns a synthetic 200 response. This path ignores `maxContentLength` / `maxBodyLength` (which only protect HTTP responses), so an attacker can supply a very large `data:` URI and cause the process to allocate unbounded memory and crash (DoS), even if the caller requested `responseType: 'stream'`. Version 1.11.0 contains a patch for the issue.

debian: CVE-2025-58754 was patched at 2025-09-16

57. Memory Corruption - libbiosig (CVE-2025-52461) - High [505]

Description: An out-of-bounds read vulnerability exists in the Nex parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted .nex file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.

debian: CVE-2025-52461 was patched at 2025-08-31

58. Memory Corruption - vim (CVE-2025-9390) - High [491]

Description: A security flaw has been discovered in vim up to 9.1.1615. Affected by this vulnerability is the function main of the file src/xxd/xxd.c of the component xxd. The manipulation results in buffer overflow. The attack requires a local approach. The exploit has been released to the public and may be exploited. Upgrading to version 9.1.1616 addresses this issue. The patch is identified as eeef7c77436a78cd27047b0f5fa6925d56de3cb0. It is recommended to upgrade the affected component.

debian: CVE-2025-9390 was patched at 2025-08-31

59. Security Feature Bypass - Curl (CVE-2025-31489) - High [491]

Description: MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. The signature component of the authorization may be invalid, which would mean that as a client you can use any arbitrary secret to upload objects given the user already has prior WRITE permissions on the bucket. Prior knowledge of access-key, and bucket name this user might have access to - and an access-key with a WRITE permissions is necessary. However with relevant information in place, uploading random objects to buckets is trivial and easy via curl. This issue is fixed in RELEASE.2025-04-03T14-56-28Z.

altlinux: CVE-2025-31489 was patched at 2025-09-08, 2025-09-12

redos: CVE-2025-31489 was patched at 2025-09-22

60. Denial of Service - Yarn (CVE-2025-9308) - High [482]

Description: A vulnerability has been found in yarnpkg Yarn up to 1.22.22. This impacts the function setOptions of the file src/util/request-manager.js. Such manipulation leads to inefficient regular expression complexity. Local access is required to approach this attack. This vulnerability only affects products that are no longer supported by the maintainer.

debian: CVE-2025-9308 was patched at 2025-08-31

61. Denial of Service - exiv2 (CVE-2025-55304) - High [482]

Description: Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A denial-of-service was found in Exiv2 version 0.28.5: a quadratic algorithm in the ICC profile parsing code in jpegBase::readMetadata() can cause Exiv2 to run for a long time. The denial-of-service is triggered when Exiv2 is used to read the metadata of a crafted jpg image file. The bug is fixed in version 0.28.6.

altlinux: CVE-2025-55304 was patched at 2025-09-18

debian: CVE-2025-55304 was patched at 2025-08-31

62. Memory Corruption - libsixel (CVE-2025-9300) - High [482]

Description: A vulnerability was found in saitoha libsixel up to 1.10.3. Affected by this issue is the function sixel_debug_print_palette of the file src/encoder.c of the component img2sixel. The manipulation results in stack-based buffer overflow. The attack must be initiated from a local position. The exploit has been made public and could be used. The patch is identified as 316c086e79d66b62c0c4bc66229ee894e4fdb7d1. Applying a patch is advised to resolve this issue.

debian: CVE-2025-9300 was patched at 2025-08-31

63. Remote Code Execution - Python (CVE-2025-58438) - High [480]

Description: internetarchive is a Python and Command-Line Interface to Archive.org In versions 5.5.0 and below, there is a directory traversal (path traversal) vulnerability in the File.download() method of the internetarchive library. The file.download() method does not properly sanitize user-supplied filenames or validate the final download path. A maliciously crafted filename could contain path traversal sequences (e.g., ../../../../windows/system32/file.txt) or illegal characters that, when processed, would cause the file to be written outside of the intended target directory. An attacker could potentially overwrite critical system files or application configuration files, leading to a denial of service, privilege escalation, or remote code execution, depending on the context in which the library is used. The vulnerability is particularly critical for users on Windows systems, but all operating systems are affected. This issue is fixed in version 5.5.1.

debian: CVE-2025-58438 was patched at 2025-09-16

64. Memory Corruption - spim (CVE-2025-29364) - High [470]

Description: spimsimulator spim v9.1.24 and before is vulnerable to Buffer Overflow in the READ_SYSCALL and WRITE_SYSCALL system calls. The application verifies the legitimacy of the starting and ending addresses for memory read/write operations. By configuring the starting and ending addresses for memory read/write to point to distinct memory segments within the virtual machine, it is possible to circumvent these checks.

debian: CVE-2025-29364 was patched at 2025-08-31

65. Denial of Service - jqlang jq (CVE-2025-9403) - High [460]

Description: A vulnerability was determined in jqlang jq up to 1.6. Impacted is the function run_jq_tests of the file jq_test.c of the component JSON Parser. Executing manipulation can lead to reachable assertion. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Other versions might be affected as well.

debian: CVE-2025-9403 was patched at 2025-08-31

66. Memory Corruption - lrzip (CVE-2025-9396) - High [458]

Description: A security flaw has been discovered in ckolivas lrzip up to 0.651. This impacts the function __GI_____strtol_l_internal of the file strtol_l.c. Performing manipulation results in null pointer dereference. The attack is only possible with local access. The exploit has been released to the public and may be exploited.

debian: CVE-2025-9396 was patched at 2025-09-16

67. Remote Code Execution - Mozilla Firefox (CVE-2025-8044) - High [454]

Description: Memory safety bugs present in Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 141 and Thunderbird < 141.

altlinux: CVE-2025-8044 was patched at 2025-09-03, 2025-09-24

68. Command Injection - Cacti (CVE-2005-10004) - High [447]

Description: Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graph_view.php script. An authenticated user can inject arbitrary shell commands via the graph_start GET parameter, which is improperly handled during graph rendering. This flaw allows attackers to execute commands on the underlying operating system with the privileges of the web server process, potentially compromising system integrity.

debian: CVE-2005-10004 was patched at 2025-08-31

69. Remote Code Execution - Mozilla Firefox (CVE-2025-8040) - High [442]

Description: Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.

altlinux: CVE-2025-8040 was patched at 2025-09-03, 2025-09-24

70. Remote Code Execution - FFmpeg (CVE-2025-9951) - High [438]

Description: A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which allows an attacker to potentially gain remote code execution or cause denial of service via the channel definition cdef atom of JPEG2000.

debian: CVE-2025-9951 was patched at 2025-09-16

71. Remote Code Execution - Mozilla Firefox (CVE-2025-10537) - High [430]

Description: Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.

debian: CVE-2025-10537 was patched at 2025-09-16, 2025-09-18

oraclelinux: CVE-2025-10537 was patched at 2025-09-18, 2025-09-23

redhat: CVE-2025-10537 was patched at 2025-09-17, 2025-09-18, 2025-09-22, 2025-09-24

72. Remote Code Execution - Mozilla Firefox (CVE-2025-9184) - High [430]

Description: Memory safety bugs present in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 142, Firefox ESR < 140.2, Thunderbird < 142, and Thunderbird < 140.2.

altlinux: CVE-2025-9184 was patched at 2025-09-11

73. Remote Code Execution - Zabbix (CVE-2025-27234) - High [430]

Description: Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. In Zabbix 5.0 this allows for remote code execution.

debian: CVE-2025-27234 was patched at 2025-09-16

74. Code Injection - Zabbix (CVE-2025-27240) - High [425]

Description: A Zabbix adminitrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the 'Visible name' field.

debian: CVE-2025-27240 was patched at 2025-09-16

redos: CVE-2025-27240 was patched at 2025-09-23

75. Security Feature Bypass - Mozilla Firefox (CVE-2025-8038) - High [425]

Description: Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.

altlinux: CVE-2025-8038 was patched at 2025-09-03, 2025-09-24

76. Authentication Bypass - Chromium (CVE-2025-10201) - High [415]

Description: Inappropriate implementation in Mojo in Google Chrome on Android, Linux, ChromeOS prior to 140.0.7339.127 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: High)

debian: CVE-2025-10201 was patched at 2025-09-10, 2025-09-16

77. Security Feature Bypass - Chromium (CVE-2025-9866) - High [413]

Description: Inappropriate implementation in Extensions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)

altlinux: CVE-2025-9866 was patched at 2025-09-19

debian: CVE-2025-9866 was patched at 2025-09-05, 2025-09-16

78. Remote Code Execution - Jackrabbit (CVE-2025-58782) - High [404]

Description: Deserialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1. Deployments that accept JNDI URIs for JCR lookup from untrusted users allows them to inject malicious JNDI references, potentially leading to arbitrary code execution through deserialization of untrusted data. Users are recommended to upgrade to version 2.22.2. JCR lookup through JNDI has been disabled by default in 2.22.2. Users of this feature need to enable it explicitly and are adviced to review their use of JNDI URI for JCR lookup.

debian: CVE-2025-58782 was patched at 2025-09-16

79. Remote Code Execution - openbao (CVE-2025-54997) - High [404]

Description: OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, some OpenBao deployments intentionally limit privileged API operators from executing system code or making network connections. However, these operators can bypass both restrictions through the audit subsystem by manipulating log prefixes. This allows unauthorized code execution and network access that violates the intended security model. This issue is fixed in version 2.3.2. To workaround, users can block access to sys/audit/* endpoints using explicit deny policies, but root operators cannot be restricted this way.

redos: CVE-2025-54997 was patched at 2025-09-12

80. Security Feature Bypass - Mozilla Firefox (CVE-2025-10528) - High [401]

Description: This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.

debian: CVE-2025-10528 was patched at 2025-09-16, 2025-09-18

oraclelinux: CVE-2025-10528 was patched at 2025-09-18, 2025-09-23

redhat: CVE-2025-10528 was patched at 2025-09-17, 2025-09-18, 2025-09-22, 2025-09-24

Medium (290)

81. XXE Injection - Tika (CVE-2025-54988) - Medium [399]

Description: Critical XXE in Apache Tika (tika-parser-pdf-module) in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to internal resources or third-party servers. Note that the tika-parser-pdf-module is used as a dependency in several Tika packages including at least: tika-parsers-standard-modules, tika-parsers-standard-package, tika-app, tika-grpc and tika-server-standard. Users are recommended to upgrade to version 3.2.2, which fixes this issue.

debian: CVE-2025-54988 was patched at 2025-08-31

82. Remote Code Execution - Vault (CVE-2025-6000) - Medium [397]

Description: A privileged Vault operator within the root namespace with write permission to {{sys/audit}} may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.

redos: CVE-2025-6000 was patched at 2025-09-05

83. Command Injection - Python (CVE-2025-57804) - Medium [392]

Description: h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without properly validating header names/values, enabling attackers to manipulate request boundaries and bypass security controls. This issue has been patched in version 4.3.0.

debian: CVE-2025-57804 was patched at 2025-08-31, 2025-09-02

84. Command Injection - Zabbix (CVE-2025-27233) - Medium [389]

Description: Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. This can be used to leak the NTLMv2 hash from a Windows system.

debian: CVE-2025-27233 was patched at 2025-09-16

85. Information Disclosure - Mozilla Firefox (CVE-2025-8039) - Medium [388]

Description: In some cases search terms persisted in the URL bar even after navigating away from the search page. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.

altlinux: CVE-2025-8039 was patched at 2025-09-03, 2025-09-24

86. Open Redirect - Mozilla Firefox (CVE-2024-8897) - Medium [386]

Description: Under certain conditions, an attacker with the ability to redirect users to a malicious site via an open redirect on a trusted site, may be able to spoof the address bar contents. This can lead to a malicious site to appear to have the same URL as the trusted site. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 130.0.1.

altlinux: CVE-2024-8897 was patched at 2025-09-11

87. Denial of Service - Asterisk (CVE-2025-54995) - Medium [384]

Description: Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in leaks and resource exhaustion. This issue has been patched in versions 18.26.4 and 18.9-cert17.

debian: CVE-2025-54995 was patched at 2025-08-31

88. Denial of Service - Mozilla Firefox (CVE-2025-9182) - Medium [377]

Description: 'Denial-of-service due to out-of-memory in the Graphics: WebRender component.' This vulnerability affects Firefox < 142, Firefox ESR < 140.2, Thunderbird < 142, and Thunderbird < 140.2.

almalinux: CVE-2025-9182 was patched at 2025-08-25, 2025-08-26, 2025-08-27

altlinux: CVE-2025-9182 was patched at 2025-09-11

oraclelinux: CVE-2025-9182 was patched at 2025-08-25, 2025-08-26, 2025-08-27, 2025-08-28, 2025-09-22

redhat: CVE-2025-9182 was patched at 2025-08-25, 2025-08-26, 2025-08-27, 2025-09-08, 2025-09-09

89. Remote Code Execution - libretro-common (CVE-2025-9809) - Medium [376]

Description: Out-of-bounds write in cdfs_open_cue_track in libretro libretro-common latest on all platforms allows remote attackers to execute arbitrary code via a crafted .cue file with a file path exceeding PATH_MAX_LENGTH that is copied using memcpy into a fixed-size buffer.

debian: CVE-2025-9809 was patched at 2025-09-16

90. Authentication Bypass - Mozilla Firefox (CVE-2025-27425) - Medium [367]

Description: Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert first This vulnerability affects Firefox for iOS < 136.

altlinux: CVE-2025-27425 was patched at 2025-09-11, 2025-09-24

91. Memory Corruption - Chromium (CVE-2025-10200) - Medium [365]

Description: Use after free in Serviceworker in Google Chrome on Desktop prior to 140.0.7339.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

debian: CVE-2025-10200 was patched at 2025-09-10, 2025-09-16

92. Memory Corruption - Chromium (CVE-2025-10500) - Medium [365]

Description: Use after free in Dawn in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

debian: CVE-2025-10500 was patched at 2025-09-16, 2025-09-19

93. Memory Corruption - Chromium (CVE-2025-10501) - Medium [365]

Description: Use after free in WebRTC in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

debian: CVE-2025-10501 was patched at 2025-09-16, 2025-09-19

94. Memory Corruption - Chromium (CVE-2025-9864) - Medium [365]

Description: Use after free in V8 in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

altlinux: CVE-2025-9864 was patched at 2025-09-19

debian: CVE-2025-9864 was patched at 2025-09-05, 2025-09-16

95. Security Feature Bypass - eventlet (CVE-2025-58068) - Medium [363]

Description: Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to, bypass front-end security controls, launch targeted attacks against active site users, and poison web caches. This problem has been patched in Eventlet 0.40.3 by dropping trailers which is a breaking change if a backend behind eventlet.wsgi proxy requires trailers. A workaround involves not using eventlet.wsgi facing untrusted clients.

debian: CVE-2025-58068 was patched at 2025-08-31, 2025-09-02

ubuntu: CVE-2025-58068 was patched at 2025-09-24

96. Cross Site Scripting - Perl (CVE-2025-40927) - Medium [361]

Description: CGI::Simple versions before 1.282 for Perl has a HTTP response splitting flaw This vulnerability is a confirmed HTTP response splitting flaw in CGI::Simple that allows HTTP response header injection, which can be used for reflected XSS or open redirect under certain conditions. Although some validation exists, it can be bypassed using URL-encoded values, allowing an attacker to inject untrusted content into the response via query parameters. As a result, an attacker can inject a line break (e.g. %0A) into the parameter value, causing the server to split the HTTP response and inject arbitrary headers or even an HTML/JavaScript body, leading to reflected cross-site scripting (XSS), open redirect or other attacks. The issue documented in CVE-2010-4410 https://www.cve.org/CVERecord?id=CVE-2010-4410 is related but the fix was incomplete. Impact By injecting %0A (newline) into a query string parameter, an attacker can: * Break the current HTTP header * Inject a new header or entire body * Deliver a script payload that is reflected in the server’s response That can lead to the following attacks: * reflected XSS * open redirect * cache poisoning * header manipulation

debian: CVE-2025-40927 was patched at 2025-08-31

97. Incorrect Calculation - Mozilla Firefox (CVE-2025-10533) - Medium [353]

Description: This vulnerability affects Firefox < 143, Firefox ESR < 115.28, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.

debian: CVE-2025-10533 was patched at 2025-09-16, 2025-09-18

oraclelinux: CVE-2025-10533 was patched at 2025-09-18, 2025-09-23

redhat: CVE-2025-10533 was patched at 2025-09-17, 2025-09-18, 2025-09-22, 2025-09-24

98. Memory Corruption - Chromium (CVE-2025-10502) - Medium [353]

Description: Heap buffer overflow in ANGLE in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: High)