4.8
CVE-2025-0577 - Glibc: vdso getrandom acceleration may return predictable randomness
An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a call to any of these functions.
6.9
CVE-2025-0693 - Issue with AWS Sign-in IAM User Login Flow - Possible Username Enumeration
Variable response times in the AWS Sign-in IAM user login flow allowed for the use of brute force enumeration techniques to identify valid IAM usernames in an arbitrary AWS account.
8.7
CVE-2025-23012 - Fedora Repository fedoraIntCallUser default credentials
Fedora Repository 3.8.x includes a service account (fedoraIntCallUser) with default credentials and privileges to read read local files by manipulating datastreams. Fedora Repository 3.8.1 was released on 2015-06-11 and is no longer maintained. Migrate to a currently supported version (6.5.1 as of β¦
8.7
CVE-2025-23011 - Fedora Repository archive extraction path traversal
Fedora Repository 3.8.1 allows path traversal when extracting uploaded archives ("Zip Slip"). A remote, authenticated attacker can upload a specially crafted archive that will extract an arbitrary JSP file to a location that can be executed by an unauthenticated GET request. Fedora Repository 3.8.1β¦
5
CVE-2025-24353 - Directus privilege escalation vulnerability using Share feature
Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.2.0, when sharing an item, a typical user can specify an arbitrary role. It allows the user to use a higher-privileged role to see fields that otherwise the user should not be able to see. Instancesβ¦
7.5
CVE-2025-24033 - @fastify/multipart vulnerable to unlimited consumption of resources
@fastify/multipart is a Fastify plugin for parsing the multipart content-type. Prior to versions 8.3.1 and 9.0.3, the `saveRequestFiles` function does not delete the uploaded temporary files when user cancels the request. The issue is fixed in versions 8.3.1 and 9.0.3. As a workaround, do not use `β¦
3.2
CVE-2025-24034 - Himmelblau leaks credentials in the debug log
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Starting in version 0.7.0 and prior to versions 0.7.15 and 0.8.3, Himmelblau is vulnerable to leaking credentials in debug logs. When debug logging is enabled, user access tokens are inadvertently logged, potentially eβ¦
6.7
CVE-2024-55930 - Weak default folder permissions
Xerox Workplace Suite has weak default folder permissions that allow unauthorized users to access, modify, or delete files
7.9
CVE-2025-22153 - try/except* clauses could allow bypass RestrictedPython via type confusion bug in the CPython interβ¦
RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Via a type confusion bug in versions of the CPython interpreter starting in 3.11 and prior to 3.13.2 when using `try/except*`, RestrictedPython startinβ¦
6
CVE-2024-45672 - IBM Security Verify Bridge data manipulation
IBM Security Verify Bridge 1.0.0 through 1.0.15 could allow a local privileged user to overwrite files due to excessive privileges granted to the agent. which could also cause a denial of service.