4.3
CVE-2025-43536 - webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
4.3
CVE-2025-43535 - webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
3.1
CVE-2025-43531 - webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
A race condition was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
8.8
CVE-2025-14766 - chromium-browser: Google Chrome V8: Out-of-bounds read and write leads to heap corruption
Out of bounds read and write in V8 in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
8.8
CVE-2025-14765 - chromium-browser: Chromium: Use after free in WebGPU allows remote attacker to exploit heap corruptโฆ
Use after free in WebGPU in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
8.6
CVE-2025-34288 - Nagios XI Privilege Escalation via Writable PHP Include Executed with Sudo
Nagios XI versions prior to 2026R1.1 areย vulnerable to local privilege escalation due to an unsafe interaction between sudo permissions and application file permissions. A userโaccessible maintenance script may be executed as root via sudo and includes an application file that is writable by a loweโฆ
8.7
CVE-2025-68274 - SIPGO library has response DoS vulnerability via nil pointer dereference
SIPGO is a library for writing SIP services in the GO language. Starting in version 0.3.0 and prior to version 1.0.0-alpha-1, a nil pointer dereference vulnerability is in the SIPGO library's `NewResponseFromRequest` function that affects all normal SIP operations. The vulnerability allows remote aโฆ
6.5
CVE-2025-64520 - GLPI vulnerable to unauthorized access to restricted Knowledge Base items through the API
GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.21, an unauthorized user with an API access can read all knowledge base entries. Users should upgrade to 10.0.21 to receive a patch.
7.4
CVE-2025-53619 -
An out-of-bounds read vulnerability exists in the JPEGBITSCodec::InternalCode functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.The function `null_convert` is called based ofโฆ
7.4
CVE-2025-53618 -
An out-of-bounds read vulnerability exists in the JPEGBITSCodec::InternalCode functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.The function `grayscale_convert` is called basโฆ