Common Vulnerabilities and Exposures (CVE)

CVE-2025-61664

Jun 25, 2026 05:07:09 UTC

A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory Use After Free issue, occurs because the normal_exit command is not properly unregistered when its related module is unloaded. An attacker...

CVE-2025-61663

Jun 25, 2026 05:07:06 UTC

A vulnerability has been identified in the GRUB2 bootloader's normal command that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because the normal command is not properly unregistered when the ...

CVE-2025-61662

Jun 25, 2026 05:07:06 UTC

A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this conditio...

CVE-2025-61661

Jun 25, 2026 05:07:01 UTC

A vulnerability has been identified in the GRUB (Grand Unified Bootloader) component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device, allowing an attacker to exploit inconsist...

CVE-2025-59089

Jun 25, 2026 05:06:17 UTC

If an attacker causes kdcproxy to connect to an attacker-controlled KDC server (e.g. through server-side request forgery), they can exploit the fact that kdcproxy does not enforce bounds on TCP response length to conduct a denial-of-service...

CVE-2025-54771

Jun 25, 2026 05:05:38 UTC

A use-after-free vulnerability has been identified in the GNU GRUB (Grand Unified Bootloader). The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure. A...

CVE-2025-54770

Jun 25, 2026 05:05:36 UTC

A vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because the net_set_vlan command is not properly unregistered whe...

CVE-2025-6395

Jun 25, 2026 05:04:21 UTC

A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().

CVE-2025-6035

Jun 25, 2026 05:04:11 UTC

A flaw was found in GIMP. An integer overflow vulnerability exists in the GIMP "Despeckle" plug-in. The issue occurs due to unchecked multiplication of image dimensions, such as width, height, and bytes-per-pixel (img_bpp), which can resul...

CVE-2025-6021

Jun 25, 2026 05:04:10 UTC

A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted i...

CVE-2025-5987

Jun 25, 2026 05:04:05 UTC

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occur...

CVE-2025-5962

Jun 25, 2026 05:04:03 UTC

A flaw was found in the Lightspeed history service. Insufficient access controls allow a local, unprivileged user to access and manipulate the chat history of another user on the same system. By abusing inter-process communication calls to...

CVE-2026-10086

Jun 25, 2026 05:03:58 UTC

GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with developer-role permissions t...

CVE-2025-5449

Jun 25, 2026 05:03:54 UTC

A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to failed m...

CVE-2025-5351

Jun 25, 2026 05:03:48 UTC

A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared,...