CVE-2025-54545 - On affected platforms, a restricted user could break out of the CLI sandbox to the system shell and elevate their privileges.
CVE ID : CVE-2025-54545
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : On affected platforms, a restricted user could break out of the CLI sandbox to the system shell and elevate their privileges.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54545
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : On affected platforms, a restricted user could break out of the CLI sandbox to the system shell and elevate their privileges.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54546 - On affected platforms, restricted users could use SSH port forwarding to access host-internal services
CVE ID : CVE-2025-54546
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : On affected platforms, restricted users could use SSH port forwarding to access host-internal services
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54546
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : On affected platforms, restricted users could use SSH port forwarding to access host-internal services
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54547 - On affected platforms, if SSH session multiplexing was configured on the client side, SSH sessions (e.g, scp, sftp) multiplexed onto the same channel could perform file-system operations after a configured session timeout expired
CVE ID : CVE-2025-54547
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : On affected platforms, if SSH session multiplexing was configured on the client side, SSH sessions (e.g, scp, sftp) multiplexed onto the same channel could perform file-system operations after a configured session timeout expired
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54547
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : On affected platforms, if SSH session multiplexing was configured on the client side, SSH sessions (e.g, scp, sftp) multiplexed onto the same channel could perform file-system operations after a configured session timeout expired
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54548 - On affected platforms, restricted users could view sensitive portions of the config database via a debug API (e.g., user password hashes)
CVE ID : CVE-2025-54548
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : On affected platforms, restricted users could view sensitive portions of the config database via a debug API (e.g., user password hashes)
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54548
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : On affected platforms, restricted users could view sensitive portions of the config database via a debug API (e.g., user password hashes)
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54549 - Cryptographic validation of upgrade images could be circumventing by dropping a specifically crafted file into the upgrade ISO
CVE ID : CVE-2025-54549
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : Cryptographic validation of upgrade images could be circumventing by dropping a specifically crafted file into the upgrade ISO
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54549
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : Cryptographic validation of upgrade images could be circumventing by dropping a specifically crafted file into the upgrade ISO
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58183 - Unbounded allocation when parsing GNU sparse map in archive/tar
CVE ID : CVE-2025-58183
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58183
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58185 - Parsing DER payload can cause memory exhaustion in encoding/asn1
CVE ID : CVE-2025-58185
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58185
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58186 - Lack of limit when parsing cookies can cause memory exhaustion in net/http
CVE ID : CVE-2025-58186
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58186
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58187 - Quadratic complexity when checking name constraints in crypto/x509
CVE ID : CVE-2025-58187
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : Due to the design of the name constraint checking algorithm, the processing time of some inputs scals non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58187
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : Due to the design of the name constraint checking algorithm, the processing time of some inputs scals non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58188 - Panic when validating certificates with DSA public keys in crypto/x509
CVE ID : CVE-2025-58188
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58188
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58189 - ALPN negotiation error contains attacker controlled information in crypto/tls
CVE ID : CVE-2025-58189
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58189
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61723 - Quadratic complexity when parsing some invalid inputs in encoding/pem
CVE ID : CVE-2025-61723
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61723
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61724 - Excessive CPU consumption in Reader.ReadResponse in net/textproto
CVE ID : CVE-2025-61724
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61724
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61725 - Excessive CPU consumption in ParseAddress in net/mail
CVE ID : CVE-2025-61725
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : The ParseAddress function constructeds domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61725
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : The ParseAddress function constructeds domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10926 - JSON Field - Critical - Cross Site Scripting - SA-CONTRIB-2025-106
CVE ID : CVE-2025-10926
Published : Oct. 30, 2025, 12:15 a.m. | 2 hours, 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal JSON Field allows Cross-Site Scripting (XSS).This issue affects JSON Field: from 0.0.0 before 1.5.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10926
Published : Oct. 30, 2025, 12:15 a.m. | 2 hours, 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal JSON Field allows Cross-Site Scripting (XSS).This issue affects JSON Field: from 0.0.0 before 1.5.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10927 - Plausible tracking - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-107
CVE ID : CVE-2025-10927
Published : Oct. 30, 2025, 12:15 a.m. | 2 hours, 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Plausible tracking allows Cross-Site Scripting (XSS).This issue affects Plausible tracking: from 0.0.0 before 1.0.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10927
Published : Oct. 30, 2025, 12:15 a.m. | 2 hours, 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Plausible tracking allows Cross-Site Scripting (XSS).This issue affects Plausible tracking: from 0.0.0 before 1.0.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10928 - Access code - Moderately critical - Access bypass - SA-CONTRIB-2025-108
CVE ID : CVE-2025-10928
Published : Oct. 30, 2025, 12:15 a.m. | 2 hours, 44 minutes ago
Description : Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Access code allows Brute Force.This issue affects Access code: from 0.0.0 before 2.0.5.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10928
Published : Oct. 30, 2025, 12:15 a.m. | 2 hours, 44 minutes ago
Description : Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Access code allows Brute Force.This issue affects Access code: from 0.0.0 before 2.0.5.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10929 - Reverse Proxy Header - Less critical - Access bypass - SA-CONTRIB-2025-111
CVE ID : CVE-2025-10929
Published : Oct. 30, 2025, 12:15 a.m. | 2 hours, 44 minutes ago
Description : Improper Validation of Consistency within Input vulnerability in Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables.This issue affects Reverse Proxy Header: from 0.0.0 before 1.1.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10929
Published : Oct. 30, 2025, 12:15 a.m. | 2 hours, 44 minutes ago
Description : Improper Validation of Consistency within Input vulnerability in Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables.This issue affects Reverse Proxy Header: from 0.0.0 before 1.1.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10930 - Currency - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-110
CVE ID : CVE-2025-10930
Published : Oct. 30, 2025, 12:15 a.m. | 2 hours, 44 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Drupal Currency allows Cross Site Request Forgery.This issue affects Currency: from 0.0.0 before 3.5.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10930
Published : Oct. 30, 2025, 12:15 a.m. | 2 hours, 44 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Drupal Currency allows Cross Site Request Forgery.This issue affects Currency: from 0.0.0 before 3.5.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10931 - Umami Analytics - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-109
CVE ID : CVE-2025-10931
Published : Oct. 30, 2025, 12:15 a.m. | 2 hours, 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Umami Analytics allows Cross-Site Scripting (XSS).This issue affects Umami Analytics: from 0.0.0 before 1.0.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10931
Published : Oct. 30, 2025, 12:15 a.m. | 2 hours, 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Umami Analytics allows Cross-Site Scripting (XSS).This issue affects Umami Analytics: from 0.0.0 before 1.0.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12082 - CivicTheme Design System - Moderately critical - Information disclosure - SA-CONTRIB-2025-112
CVE ID : CVE-2025-12082
Published : Oct. 30, 2025, 12:15 a.m. | 2 hours, 44 minutes ago
Description : Incorrect Authorization vulnerability in Drupal CivicTheme Design System allows Forceful Browsing.This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12082
Published : Oct. 30, 2025, 12:15 a.m. | 2 hours, 44 minutes ago
Description : Incorrect Authorization vulnerability in Drupal CivicTheme Design System allows Forceful Browsing.This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...