Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

The GNOME Project

BOS ID

-
BOSS-VENDOR-78661

Tags

-
N/A

Related Bos

-
GIMP
libxml2 (XMLSoft)

Note

-

https://www.gnome.org/ https://en.wikipedia.org/wiki/GNOME_Project https://foundation.gnome.org/ https://www.gnome.org/privacy-policy

Mapped CVEsMapped VendorsRelated AssignersReports
366Vulnerabilities found

CVE-2026-58016
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.37% / 29.60%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 13:02
Updated-01 Jul, 2026 | 17:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Glib: integer underflow in gio/gdbusintrospection.c via "g_dbus_node_info_new_for_xml"

A flaw was found in GLib. A state confusion issue exists in g_dbus_node_info_new_for_xml() in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a <node> element nested within other elements like <method>, <signal>, <property> or <arg>. This issue can cause an unsigned integer overflow and lead to an out-of-bounds read, resulting in a denial of service.

Action-Not Available
Vendor-The GNOME ProjectRed Hat, Inc.
Product-enterprise_linuxglibRed Hat Enterprise Linux 7Red Hat Hardened ImagesRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8GLibRed Hat Enterprise Linux 6
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2026-58015
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.42% / 33.91%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 13:02
Updated-02 Jul, 2026 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Glib: path traversal in glib/gio/gdbusauthmechanismsha1.c via keyring_lookup_entry and mechanism_client_data_receive

A flaw was found in GLib. The D-Bus client-side implementation of the DBUS_COOKIE_SHA1 SASL authentication mechanism does not validate the cookie_context parameter received from the server. A malicious D-Bus server can supply a cookie_context containing path traversal sequences, causing the client to read an arbitrary file and exfiltrate sensitive data by verifying guessed file contents against a generated hash.

Action-Not Available
Vendor-The GNOME ProjectRed Hat, Inc.
Product-enterprise_linuxglibRed Hat Enterprise Linux 9Red Hat Enterprise Linux 7GLibRed Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat Hardened Images
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-58014
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.3||HIGH
EPSS-0.29% / 21.20%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 12:57
Updated-01 Jul, 2026 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Glib: off-by-one error in glib/gkeyfile.c via "g_key_file_get_locale_string_list"

A flaw was found in GLib. An off-by-one error can occur in the g_key_file_get_locale_string_list function in the gkeyfile.c file when loading a key file with an empty value. This flaw can cause an out-of-bounds access of 1 byte or a denial of service when the out-of-bounds access crosses a page boundary.

Action-Not Available
Vendor-The GNOME ProjectRed Hat, Inc.
Product-enterprise_linuxglibRed Hat Enterprise Linux 7Red Hat Hardened ImagesRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8GLibRed Hat Enterprise Linux 6
CWE ID-CWE-193
Off-by-one Error
CVE-2026-58013
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.33% / 25.07%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 12:57
Updated-02 Jul, 2026 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Glib: buffer over-read in glib/giochannel.c via "g_io_channel_read_line_backend"

A flaw was found in GLib. A buffer over-read can occur in g_io_channel_read_line_backend() in the giochannel.c file when a custom line terminator with a length greater than one is set, causing memcmp to read past the GString buffer. This vulnerability can cause a minor information disclosure of 7 bytes or a denial of service when the buffer over-read crosses a page boundary.

Action-Not Available
Vendor-The GNOME ProjectRed Hat, Inc.
Product-enterprise_linuxglibRed Hat Enterprise Linux 7Red Hat Hardened ImagesRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8GLibRed Hat Enterprise Linux 6
CWE ID-CWE-126
Buffer Over-read
CVE-2026-58012
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.32% / 24.35%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 12:57
Updated-02 Jul, 2026 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Glib: buffer over-read in g_regex_replace() via glib/gregex.c:string_append() and g_utf8_next_char()

A flaw was found in GLib. A buffer over-read can occur in the g_regex_replace function when used with the `G_REGEX_RAW` compile flag and case-change replacement escapes because the string_append function processes matched substrings using UTF-8 functions that assume valid UTF-8 input, even when the string is treated as raw bytes. This vulnerability can cause a minor information disclosure of 1-5 bytes and a denial of service when the buffer over-read crosses a page boundary.

Action-Not Available
Vendor-The GNOME ProjectRed Hat, Inc.
Product-enterprise_linuxglibRed Hat Enterprise Linux 7Red Hat Hardened ImagesRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8GLibRed Hat Enterprise Linux 6
CWE ID-CWE-126
Buffer Over-read
CVE-2026-58011
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.34% / 26.61%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 12:57
Updated-02 Jul, 2026 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Glib: out-of-bounds read in glib/gdatetime.c:g_date_time_get_ymd via invalid gdatetime

A flaw was found in GLib. An out-of-bounds read of only 2 bytes can occur in the g_date_time_get_ymd function in the glib/gdatetime.c file when an invalid GDateTime object produced by the g_date_time_add_full function is processed. This flaw can corrupt the date output and potentially cause logic errors that may lead to a denial of service.

Action-Not Available
Vendor-The GNOME ProjectRed Hat, Inc.
Product-enterprise_linuxglibRed Hat Enterprise Linux 7Red Hat Hardened ImagesRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8GLibRed Hat Enterprise Linux 6
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-58010
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.32% / 24.35%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 12:57
Updated-02 Jul, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Glib: buffer over-read in glib/gvariant-serialiser.c via gvs_tuple_is_normal()

A flaw was found in GLib. An off-by-one error can occur in the gvs_tuple_is_normal function in the glib/gvariant-serialiser.c file when doing an alignment padding check because the bounds check uses > instead of >=, causing an out-of-bounds read of only 1 byte. This issue can cause a minor information disclosure of 1 byte and a denial of service when the out-of-bounds read crosses a page boundary.

Action-Not Available
Vendor-The GNOME ProjectRed Hat, Inc.
Product-enterprise_linuxglibRed Hat Enterprise Linux 7Red Hat Hardened ImagesRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8GLibRed Hat Enterprise Linux 6
CWE ID-CWE-126
Buffer Over-read
CVE-2026-13601
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.1||HIGH
EPSS-0.12% / 2.18%
||
7 Day CHG~0.00%
Published-29 Jun, 2026 | 09:20
Updated-15 Jul, 2026 | 02:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Yelp: yelp-xsl: overly permissive content security policy in yelp allows host file disclosure from flatpak applications

A flaw was found in Yelp due to an overly permissive Content Security Policy (CSP) implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document, attacker-controlled content can bypass Flatpak's intended sandbox isolation, allowing Yelp to evaluate local XML inclusions and disclose arbitrary user-readable host files through remote CSS resource requests. This may result in the unauthorized disclosure of sensitive information.

Action-Not Available
Vendor-Red Hat, Inc.The GNOME Project
Product-yelpenterprise_linuxRed Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2026-12549
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.33% / 24.59%
||
7 Day CHG~0.00%
Published-22 Jun, 2026 | 13:55
Updated-08 Jul, 2026 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libsoup: incomplete fix for cve-2026-2443: range suffix overflow in libsoup soupserver

The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sends a Range request with a suffix length exceeding the content size, the resulting negative start value is not properly clamped, leading to malformed HTTP 206 responses and log flooding.

Action-Not Available
Vendor-The GNOME ProjectRed Hat, Inc.
Product-enterprise_linuxlibsoupRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6
CWE ID-CWE-805
Buffer Access with Incorrect Length Value
CVE-2026-6653
Assigner-Canonical Ltd.
ShareView Details
Assigner-Canonical Ltd.
CVSS Score-7||HIGH
EPSS-0.35% / 27.09%
||
7 Day CHG+0.06%
Published-22 Jun, 2026 | 12:40
Updated-14 Jul, 2026 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
libxml2: Use after free in xmlParseInternalSubset via improper entity resolution handling

Use After Free in libxml2's xmlParseInternalSubset from GNOME libxml2 version 2.9.11 to 2.11.0 allows a remote attacker to cause a denial-of-service via maliciously crafted XML input with improper entity resolution handling.

Action-Not Available
Vendor-The GNOME Projectlibxml2 (XMLSoft)
Product-libxml2libxml2
CWE ID-CWE-416
Use After Free
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2026-2604
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-5.6||MEDIUM
EPSS-0.19% / 8.74%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 21:35
Updated-17 Jun, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Evolution-data-server: evolution data server: arbitrary file deletion via inconsistent uri handling

A flaw was found in evolution-data-server. Inconsistent comparison logic in the addressbook file backend allows a Flatpak application with D-Bus access to craft a malicious URI containing directory traversal sequences. This URI is stored without proper validation during contact creation or modification. Later, during contact deletion, the URI is processed with a less strict check, leading to the deletion of arbitrary files on the host filesystem. This could potentially include critical Flatpak override files.

Action-Not Available
Vendor-The GNOME ProjectRed Hat, Inc.
Product-Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Evolution Data ServerRed Hat Enterprise Linux 6
CWE ID-CWE-73
External Control of File Name or Path
CVE-2026-1764
Assigner-Fedora Project
ShareView Details
Assigner-Fedora Project
CVSS Score-5.6||MEDIUM
EPSS-0.21% / 11.07%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 00:32
Updated-18 Jun, 2026 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Localsearch: tracker-miners: gnome localsearch mp3 extractor: heap buffer overflow leads to denial of service or information disclosure when parsing mp3 files

A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor. When processing specially crafted MP3 files containing ID3v2.4 tags, a missing bounds check in the `extract_performers_tags` function can lead to a heap buffer overflow. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by triggering a read of unmapped memory. In some cases, it could also lead to information disclosure by reading visible heap data.

Action-Not Available
Vendor-The GNOME ProjectRed Hat, Inc.
Product-enterprise_linuxlocalsearchRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-44931
Assigner-SUSE
ShareView Details
Assigner-SUSE
CVSS Score-5.1||MEDIUM
EPSS-0.15% / 4.62%
||
7 Day CHG~0.00%
Published-13 May, 2026 | 08:30
Updated-13 May, 2026 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
malcontent: Disk Space Exhaustion via Globally Accessible D-Bus API

The newly introduced RecordUsage D-Bus method https://gitlab.freedesktop.org/pwithnall/malcontent/-/blob/0.14.0/libmalcontent-timer/child-timer-service.c in malcontent-timerd allows arbitrary users in the system to slowly fill up disk space in /var/lib/malcontent-timerd

Action-Not Available
Vendor-The GNOME Project
Product-malcontent
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-2708
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-3.7||LOW
EPSS-0.32% / 24.23%
||
7 Day CHG~0.00%
Published-23 Apr, 2026 | 21:51
Updated-04 May, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libsoup: libsoup: http request smuggling via duplicate content-length headers

A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soup_message_headers_append_common() function in libsoup/soup-message-headers.c unconditionally appends each header value without validating for duplicate or conflicting Content-Length fields. This allows an attacker to send HTTP requests containing multiple Content-Length headers with differing values.

Action-Not Available
Vendor-The GNOME ProjectRed Hat, Inc.
Product-libsoupenterprise_linuxRed Hat Enterprise Linux 10Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9
CWE ID-CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVE-2026-5201
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.07% / 61.06%
||
7 Day CHG~0.00%
Published-31 Mar, 2026 | 08:32
Updated-15 Jul, 2026 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gdk-pixbuf: gdk-pixbuf: denial of service via heap-based buffer overflow when processing a specially crafted jpeg image

A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for example, via thumbnail generation. Successful exploitation leads to application crashes and denial of service (DoS) conditions.

Action-Not Available
Vendor-The GNOME ProjectRed Hat, Inc.
Product-enterprise_linux_server_ausenterprise_linuxenterprise_linux_server_tusgdk-pixbufRed Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat Enterprise Linux 6Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat AI Inference Server 3.3Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 9Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8Red Hat AI Inference Server 3.2Red Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat Enterprise Linux 6Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat AI Inference Server 3.3Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 9Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8Red Hat AI Inference Server 3.2Red Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 10.0 Extended Update Support
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-5119
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.25% / 16.83%
||
7 Day CHG~0.00%
Published-30 Mar, 2026 | 05:35
Updated-09 Jun, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libsoup: libsoup: information disclosure via cleartext transmission of cookies during https tunnel establishment

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential session hijacking or user impersonation.

Action-Not Available
Vendor-Red Hat, Inc.The GNOME Project
Product-enterprise_linuxlibsoupRed Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 8Red Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 10Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 9Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2026-2436
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.45% / 36.19%
||
7 Day CHG~0.00%
Published-26 Mar, 2026 | 19:31
Updated-21 Apr, 2026 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libsoup: libsoup: denial of service via use-after-free in soupserver during tls handshake

A flaw was found in libsoup's SoupServer. A remote attacker could exploit a use-after-free vulnerability where the `soup_server_disconnect()` function frees connection objects prematurely, even if a TLS handshake is still pending. If the handshake completes after the connection object has been freed, a dangling pointer is accessed, leading to a server crash and a Denial of Service.

Action-Not Available
Vendor-The GNOME ProjectRed Hat, Inc.
Product-libsoupenterprise_linuxRed Hat Enterprise Linux 10Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9
CWE ID-CWE-825
Expired Pointer Dereference
CVE-2026-2369
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.42% / 34.08%
||
7 Day CHG~0.00%
Published-19 Mar, 2026 | 14:20
Updated-28 Apr, 2026 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libsoup: libsoup: buffer overread due to integer underflow when handling zero-length resources

A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a buffer overread. This can allow an attacker to potentially access sensitive information or cause an application level denial of service.

Action-Not Available
Vendor-The GNOME ProjectRed Hat, Inc.
Product-libsoupRed Hat Enterprise Linux 10Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2026-4271
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.83% / 53.44%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 11:14
Updated-19 May, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libsoup: libsoup: denial of service via use-after-free in http/2 server

A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the application attempting to access memory that has already been freed, potentially causing application instability or crashes, resulting in a Denial of Service (DoS).

Action-Not Available
Vendor-Red Hat, Inc.The GNOME Project
Product-enterprise_linuxlibsoupRed Hat Enterprise Linux 8Red Hat Enterprise Linux 7Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Enterprise Linux 10Red Hat Enterprise Linux 6Red Hat Enterprise Linux 9
CWE ID-CWE-416
Use After Free
CVE-2026-3633
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-3.9||LOW
EPSS-0.22% / 12.93%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 09:44
Updated-19 Mar, 2026 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libsoup: libsoup: header and http request injection via crlf injection

A flaw was found in libsoup. A remote attacker, by controlling the method parameter of the `soup_message_new()` function, could inject arbitrary headers and additional request data. This vulnerability, known as CRLF (Carriage Return Line Feed) injection, occurs because the method value is not properly escaped during request line construction, potentially leading to HTTP request injection.

Action-Not Available
Vendor-The GNOME ProjectRed Hat, Inc.
Product-enterprise_linuxlibsoupRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6
CWE ID-CWE-93
Improper Neutralization of CRLF Sequences ('CRLF Injection')
CVE-2026-3632
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-3.9||LOW
EPSS-0.21% / 10.86%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 09:44
Updated-19 Mar, 2026 | 20:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libsoup: libsoup: http smuggling and server-side request forgery via malformed hostnames

A flaw was found in libsoup, a library used by applications to send network requests. This vulnerability occurs because libsoup does not properly validate hostnames, allowing special characters to be injected into HTTP headers. A remote attacker could exploit this to perform HTTP smuggling, where they can send hidden, malicious requests alongside legitimate ones. In certain situations, this could lead to Server-Side Request Forgery (SSRF), enabling an attacker to force the server to make unauthorized requests to other internal or external systems. The impact is low, as SoupServer is not actually used in internet infrastructure.

Action-Not Available
Vendor-The GNOME ProjectRed Hat, Inc.
Product-enterprise_linuxlibsoupRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6
CWE ID-CWE-1286
Improper Validation of Syntactic Correctness of Input
CVE-2026-3634
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-3.9||LOW
EPSS-0.18% / 8.16%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 09:44
Updated-19 Mar, 2026 | 20:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libsoup: libsoup: http header injection and response splitting via crlf injection in content-type header

A flaw was found in libsoup. An attacker controlling the value used to set the Content-Type header can inject a Carriage Return Line Feed (CRLF) sequence due to improper input sanitization in the `soup_message_headers_set_content_type()` function. This vulnerability allows for the injection of arbitrary header-value pairs, potentially leading to HTTP header injection and response splitting attacks.

Action-Not Available
Vendor-The GNOME ProjectRed Hat, Inc.
Product-enterprise_linuxlibsoupRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6
CWE ID-CWE-93
Improper Neutralization of CRLF Sequences ('CRLF Injection')
CVE-2026-3099
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.36% / 27.77%
||
7 Day CHG~0.00%
Published-12 Mar, 2026 | 13:53
Updated-01 May, 2026 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libsoup: libsoup: authentication bypass via digest authentication replay attack

A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count (nc) attribute. This vulnerability allows a remote attacker to capture a single valid authentication header and replay it repeatedly. Consequently, the attacker can bypass authentication and gain unauthorized access to protected resources, impersonating the legitimate user.

Action-Not Available
Vendor-The GNOME ProjectRed Hat, Inc.
Product-enterprise_linuxlibsoupRed Hat Enterprise Linux 10Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9
CWE ID-CWE-323
Reusing a Nonce, Key Pair in Encryption
CVE-2026-2443
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.43% / 34.84%
||
7 Day CHG~0.00%
Published-13 Feb, 2026 | 11:58
Updated-23 Mar, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libsoup: out-of-bounds read in libsoup handle_partial_get() leading to heap information disclosure

A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations, this could allow a remote attacker to access portions of server memory beyond the intended response. Exploitation requires a vulnerable configuration and access to a server using the embedded SoupServer component.

Action-Not Available
Vendor-The GNOME ProjectRed Hat, Inc.
Product-enterprise_linuxlibsoupRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-1801
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.38% / 29.91%
||
7 Day CHG~0.00%
Published-03 Feb, 2026 | 20:12
Updated-26 Mar, 2026 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libsoup: libsoup: http request smuggling via malformed chunk headers

A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in the soup_filter_input_stream_read_line() logic, where libsoup accepts malformed chunk headers, such as lone line feed (LF) characters instead of the required carriage return and line feed (CRLF). A remote attacker can exploit this without authentication or user interaction by sending specially crafted chunked requests. This allows libsoup to parse and process multiple HTTP requests from a single network message, potentially leading to information disclosure.

Action-Not Available
Vendor-The GNOME ProjectRed Hat, Inc.
Product-enterprise_linuxlibsoupRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6
CWE ID-CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVE-2020-37011
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-8.4||HIGH
EPSS-0.41% / 33.27%
||
7 Day CHG~0.00%
Published-29 Jan, 2026 | 14:28
Updated-26 May, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gnome Fonts Viewer 3.34.0 Heap Corruption

Gnome Fonts Viewer 3.34.0 contains a heap corruption vulnerability that allows attackers to trigger an out-of-bounds write by crafting a malicious TTF font file. Attackers can generate a specially crafted TTF file with an oversized pattern to exhaust memory through repeated malloc() calls and potentially crash the gnome-font-viewer process.

Action-Not Available
Vendor-The GNOME Project
Product-Fonts Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-1539
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.24% / 14.66%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 15:15
Updated-25 Mar, 2026 | 14:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libsoup: libsoup: credential leakage via http redirects

A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different host. As a result, sensitive proxy credentials may be leaked to third-party servers. Applications using libsoup for HTTP communication may unintentionally expose proxy authentication data.

Action-Not Available
Vendor-The GNOME ProjectRed Hat, Inc.
Product-enterprise_linuxlibsoupRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6
CWE ID-CWE-201
Insertion of Sensitive Information Into Sent Data
CVE-2026-1536
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.30% / 21.71%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 15:15
Updated-25 Mar, 2026 | 14:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libsoup: libsoup: http header injection or response splitting via crlf injection in content-disposition header

A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF (Carriage Return Line Feed) sequences into the header value. These sequences are then interpreted verbatim when the HTTP request or response is constructed, allowing arbitrary HTTP headers to be injected. This vulnerability can lead to HTTP header injection or HTTP response splitting without requiring authentication or user interaction.

Action-Not Available
Vendor-The GNOME ProjectRed Hat, Inc.
Product-enterprise_linuxlibsoupRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6
CWE ID-CWE-93
Improper Neutralization of CRLF Sequences ('CRLF Injection')
CVE-2026-1467
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.31% / 23.30%
||
7 Day CHG~0.00%
Published-27 Jan, 2026 | 09:17
Updated-25 Mar, 2026 | 14:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libsoup: libsoup: http header injection via specially crafted urls when an http proxy is configured

A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF (Carriage Return Line Feed) Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can exploit this by providing a specially crafted URL containing CRLF sequences, allowing them to inject additional HTTP headers or complete HTTP request bodies. This can lead to unintended or unauthorized HTTP requests being forwarded by the proxy, potentially impacting downstream services.

Action-Not Available
Vendor-The GNOME ProjectRed Hat, Inc.
Product-enterprise_linuxlibsoupRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6
CWE ID-CWE-93
Improper Neutralization of CRLF Sequences ('CRLF Injection')
CVE-2025-14512
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.52% / 40.94%
||
7 Day CHG~0.00%
Published-11 Dec, 2025 | 07:11
Updated-13 Jul, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Glib: integer overflow in glib gio attribute escaping causes heap buffer overflow

A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.

Action-Not Available
Vendor-The GNOME ProjectRed Hat, Inc.
Product-openshiftenterprise_linuxglibRed Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat Enterprise Linux 7glibRed Hat Enterprise Linux 6Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 10Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 9Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8Red Hat AI Inference Server 3.2Red Hat Insights proxy 1.5Red Hat Update Infrastructure 5Red Hat Discovery 2Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-14087
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-5.6||MEDIUM
EPSS-0.77% / 51.43%
||
7 Day CHG~0.00%
Published-10 Dec, 2025 | 09:01
Updated-13 Jul, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Glib: glib: buffer underflow in gvariant parser leads to heap corruption

A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.

Action-Not Available
Vendor-The GNOME ProjectRed Hat, Inc.
Product-enterprise_linuxglibRed Hat Enterprise Linux 8.6 Update Services for SAP SolutionsglibRed Hat Enterprise Linux 6Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 10Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 9Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8Red Hat AI Inference Server 3.2Red Hat Insights proxy 1.5Red Hat Update Infrastructure 5Red Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Discovery 2Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-13601
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.7||HIGH
EPSS-0.31% / 23.33%
||
7 Day CHG+0.01%
Published-26 Nov, 2025 | 14:44
Updated-30 Jun, 2026 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Glib: integer overflow in in g_escape_uri_string()

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.

Action-Not Available
Vendor-The GNOME ProjectRed Hat, Inc.Siemens AG
Product-enterprise_linux_for_ibm_z_systemscodeready_linux_builder_for_ibm_z_systemsenterprise_linux_for_power_little_endian_eusenterprise_linux_for_arm_64_eusenterprise_linux_server_for_power_little_endian_euscodeready_linux_builder_for_power_little_endian_eusopenshift_container_platform_for_arm64codeready_linux_builder_for_power_little_endianenterprise_linux_for_x86_64_eusopenshift_container_platform_for_powerenterprise_linux_for_x86_64codeready_linux_builder_for_arm64codeready_linux_builder_for_arm64_eusenterprise_linux_server_for_power_little_endianenterprise_linux_for_arm_64glibcodeready_linux_builder_for_x86_64_eusdiscoveryenterprise_linux_for_power_little_endianopenshift_container_platform_for_linuxonecodeready_linux_buildercodeready_linux_builder_for_x86_64enterprise_linux_server_ausenterprise_linux_server_tusceph_storageopenshift_container_platformcodeready_linux_builder_for_ibm_z_systems_eusenterprise_linux_for_ibm_z_systems_eusopenshift_container_platform_for_ibm_zRed Hat Hardened ImagesRed Hat Enterprise Linux 10Red Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 6Red Hat OpenShift Container Platform 4.12Red Hat OpenShift Container Platform 4.14Red Hat Update Infrastructure 5Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Ceph Storage 8Red Hat OpenShift Container Platform 4.17Red Hat OpenShift Container Platform 4.13Red Hat Insights proxy 1.5Red Hat OpenShift Container Platform 4.19Red Hat OpenShift Container Platform 4.18Red Hat OpenShift Container Platform 4.16Red Hat Discovery 2Red Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 10.0 Extended Update SupportRed Hat OpenShift Container Platform 4.15Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRUGGEDCOM RST2428P
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-12105
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.42% / 33.76%
||
7 Day CHG~0.00%
Published-23 Oct, 2025 | 09:14
Updated-30 Jun, 2026 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libsoup: heap use-after-free in libsoup message queue handling during http/2 read completion

A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missing state synchronization. This leads to a use-after-free memory access, potentially crashing the affected application. Attackers could exploit this behavior remotely by triggering specific HTTP/2 read and cancel sequences, resulting in a denial-of-service condition.

Action-Not Available
Vendor-The GNOME ProjectRed Hat, Inc.
Product-libsoupRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Enterprise Linux 6
CWE ID-CWE-416
Use After Free
CVE-2025-4056
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.44% / 35.33%
||
7 Day CHG~0.00%
Published-28 Jul, 2025 | 12:40
Updated-30 Jun, 2026 | 11:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Glib: glib crash after long command line

A flaw was found in GLib. A denial of service on Windows platforms may occur if an application attempts to spawn a program using long command lines.

Action-Not Available
Vendor-Red Hat, Inc.The GNOME ProjectMicrosoft Corporation
Product-glibwindowsRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-7424
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.20% / 64.71%
||
7 Day CHG~0.00%
Published-10 Jul, 2025 | 14:05
Updated-29 Jun, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes

A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior.

Action-Not Available
Vendor-Red Hat, Inc.The GNOME Projectlibxml2 (XMLSoft)
Product-libxsltenterprise_linuxopenshift_container_platformRed Hat OpenShift Container Platform 4libxsltRed Hat Enterprise Linux 7Red Hat Hardened ImagesRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2025-7425
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.34% / 26.06%
||
7 Day CHG~0.00%
Published-10 Jul, 2025 | 13:53
Updated-19 Jul, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.

Action-Not Available
Vendor-The GNOME ProjectSiemens AGRed Hat, Inc.
Product-Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat OpenShift Container Platform 4.15Red Hat Enterprise Linux 9.2 Update Services for SAP Solutionscert-manager operator for Red Hat OpenShift 1.16Compliance Operator 1OpenShift Compliance Operator 1Red Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat OpenShift Container Platform 4.12Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat OpenShift Container Platform 4.13Red Hat Discovery 2libxml2Red Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat Web Terminal 1.11 on RHEL 9Red Hat Enterprise Linux 6Red Hat Enterprise Linux 9.4 Extended Update SupportRed Hat OpenShift Container Platform 4.17Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat OpenShift Container Platform 4.18Red Hat Enterprise Linux 10Red Hat Web Terminal 1.12 on RHEL 9Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat OpenShift Container Platform 4.19Red Hat OpenShift Container Platform 4.14Red Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Insights proxy 1.5RHOSS-1.36-RHEL-8Red Hat OpenShift distributed tracing 3.5.1Red Hat OpenShift Container Platform 4.16Red Hat Hardened ImagesRUGGEDCOM ROX RX1500SIMATIC S7-1500 CPU 1518F-4 PN/DP MFPSIMATIC S7-1500 TM MFP - GNU/Linux subsystemSIMATIC CN 4100RUGGEDCOM ROX RX1511RUGGEDCOM ROX RX1524RUGGEDCOM ROX MX5000RUGGEDCOM ROX RX1512RUGGEDCOM ROX RX1510RUGGEDCOM ROX RX1501SIPLUS S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-1500 CPU 1518-4 PN/DP MFPRUGGEDCOM ROX RX5000RUGGEDCOM ROX MX5000RERUGGEDCOM ROX RX1400RUGGEDCOM ROX RX1536
CWE ID-CWE-416
Use After Free
CVE-2025-6199
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-0.15% / 4.58%
||
7 Day CHG~0.00%
Published-17 Jun, 2025 | 14:30
Updated-30 Jun, 2026 | 11:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gdk-pixbuf: uninitialized memory disclosure in gdkpixbuf gif lzw decoder

A flaw was found in the GIF parser of GdkPixbuf’s LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported output size to the full buffer length rather than the actual number of written bytes. This logic error results in uninitialized sections of the buffer being included in the output, potentially leaking arbitrary memory contents in the processed image.

Action-Not Available
Vendor-The GNOME ProjectRed Hat, Inc.
Product-enterprise_linuxgdkpixbufRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-6196
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.19% / 8.96%
||
7 Day CHG~0.00%
Published-17 Jun, 2025 | 14:29
Updated-06 Nov, 2025 | 23:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libgepub: integer overflow in libgepub's epub archive handling

A flaw was found in libgepub, a library used to read EPUB files. The software mishandles file size calculations when opening specially crafted EPUB files, leading to incorrect memory allocations. This issue causes the application to crash. Known affected usage includes desktop services like Tumbler, which may process malicious files automatically when browsing directories. While no direct remote attack vectors are confirmed, any application using libgepub to parse user-supplied EPUB content could be vulnerable to a denial of service.

Action-Not Available
Vendor-Red Hat, Inc.The GNOME Project
Product-enterprise_linuxlibgepubRed Hat Enterprise Linux 7
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-49795
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.47% / 38.02%
||
7 Day CHG~0.00%
Published-16 Jun, 2025 | 15:19
Updated-07 Jul, 2026 | 13:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libxml: null pointer dereference leads to denial of service (dos)

A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service.

Action-Not Available
Vendor-The GNOME ProjectRed Hat, Inc.Siemens AG
Product-Red Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat JBoss Core Services 2.4.62.SP2Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10libxml2Red Hat Hardened ImagesRUGGEDCOM RST2428P
CWE ID-CWE-825
Expired Pointer Dereference
CVE-2025-6052
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-3.7||LOW
EPSS-0.42% / 33.99%
||
7 Day CHG~0.00%
Published-13 Jun, 2025 | 15:40
Updated-02 Jun, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Glib: integer overflow in g_string_maybe_expand() leading to potential buffer overflow in glib gstring

A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.

Action-Not Available
Vendor-Siemens AGRed Hat, Inc.The GNOME Project
Product-glibRed Hat Enterprise Linux 8Red Hat Enterprise Linux 7Red Hat Enterprise Linux 10Red Hat Enterprise Linux 6Red Hat Enterprise Linux 9SIMATIC CN 4100RUGGEDCOM RST2428P
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-5616
Assigner-Canonical Ltd.
ShareView Details
Assigner-Canonical Ltd.
CVSS Score-4.9||MEDIUM
EPSS-0.22% / 12.78%
||
7 Day CHG+0.02%
Published-15 Apr, 2025 | 18:29
Updated-26 Aug, 2025 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user.

Action-Not Available
Vendor-Canonical Ltd.The GNOME Project
Product-control_centerubuntu_linuxUbuntu's gnome-control-center
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2025-3155
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.4||HIGH
EPSS-12.59% / 95.80%
||
7 Day CHG~0.00%
Published-03 Apr, 2025 | 13:34
Updated-29 Jun, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Yelp: arbitrary file read

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.

Action-Not Available
Vendor-The GNOME ProjectDebian GNU/LinuxRed Hat, Inc.
Product-enterprise_linux_for_ibm_z_systemscodeready_linux_builder_for_ibm_z_systemsenterprise_linux_for_power_little_endian_eusenterprise_linux_for_arm_64_euscodeready_linux_builder_for_power_little_endian_eusyelpcodeready_linux_builder_for_power_little_endiancodeready_linux_builder_for_eusenterprise_linux_update_services_for_sap_solutionscodeready_linux_builder_for_arm64enterprise_linux_for_arm_64debian_linuxenterprise_linuxenterprise_linux_for_power_little_endiancodeready_linux_builderenterprise_linux_eusenterprise_linux_server_ausenterprise_linux_server_tuscodeready_linux_builder_for_ibm_z_systems_euscodeready_linux_builder_for_arm64_eusenterprise_linux_for_ibm_z_systems_eusRed Hat Enterprise Linux 8.4 Telecommunications Update ServiceRed Hat Enterprise Linux 8.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 8.8 Extended Update SupportRed Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 6Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Update Services for SAP Solutions
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2025-2784
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7||HIGH
EPSS-0.79% / 52.01%
||
7 Day CHG~0.00%
Published-03 Apr, 2025 | 01:40
Updated-30 Jun, 2026 | 03:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libsoup: heap buffer over-read in `skip_insignificant_space` when sniffing content

A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.

Action-Not Available
Vendor-The GNOME ProjectRed Hat, Inc.
Product-enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsenterprise_linux_for_ibm_z_systemscodeready_linux_builder_for_ibm_z_systemsenterprise_linux_for_power_little_endian_euslibsoupenterprise_linux_for_arm_64_euscodeready_linux_builder_for_power_little_endian_euscodeready_linux_builder_for_power_little_endianenterprise_linux_update_services_for_sap_solutionsenterprise_linux_servercodeready_linux_builder_for_arm64enterprise_linux_for_arm_64enterprise_linuxenterprise_linux_for_power_little_endiancodeready_linux_builderenterprise_linux_eusenterprise_linux_server_ausenterprise_linux_server_tuscodeready_linux_builder_for_ibm_z_systems_euscodeready_linux_builder_for_arm64_eusenterprise_linux_for_ibm_z_systems_eusRed Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 8.8 Extended Update SupportRed Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 6
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-1736
Assigner-Canonical Ltd.
ShareView Details
Assigner-Canonical Ltd.
CVSS Score-9.8||CRITICAL
EPSS-0.73% / 49.95%
||
7 Day CHG~0.00%
Published-31 Jan, 2025 | 01:35
Updated-26 Aug, 2025 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ubuntu's configuration of gnome-control-center allowed Remote Desktop Sharing to be enabled by default.

Action-Not Available
Vendor-Canonical Ltd.The GNOME Project
Product-gnome-remote-desktopubuntu_linuxUbuntu's gnome-control-center
CVE-2023-43091
Assigner-Fedora Project
ShareView Details
Assigner-Fedora Project
CVSS Score-9.8||CRITICAL
EPSS-0.84% / 53.86%
||
7 Day CHG~0.00%
Published-17 Nov, 2024 | 12:25
Updated-06 Aug, 2025 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gnome-maps: gnome maps is vulnerable to a code injection attack (similar to xss) via its service.json

A flaw was found in GNOME Maps, which is vulnerable to a code injection attack via its service.json configuration file. If the configuration file is malicious, it may execute arbitrary code.

Action-Not Available
Vendor-gnome_mapsThe GNOME Project
Product-gnome-mapsgnome_maps
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-52533
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.26% / 66.39%
||
7 Day CHG~0.00%
Published-11 Nov, 2024 | 00:00
Updated-17 Jun, 2025 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.

Action-Not Available
Vendor-n/aDebian GNU/LinuxThe GNOME ProjectNetApp, Inc.
Product-glibontap_toolsactive_iq_unified_managerdebian_linuxn/aglib
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-52530
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.79% / 52.26%
||
7 Day CHG~0.00%
Published-11 Nov, 2024 | 00:00
Updated-03 Nov, 2025 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header.

Action-Not Available
Vendor-n/aThe GNOME Project
Product-libsoupn/alibsoup
CWE ID-CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVE-2024-52532
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.93% / 56.73%
||
7 Day CHG~0.00%
Published-11 Nov, 2024 | 00:00
Updated-03 Nov, 2025 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients.

Action-Not Available
Vendor-n/aThe GNOME Project
Product-libsoupn/alibsoup
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2024-52531
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.68% / 48.26%
||
7 Day CHG~0.00%
Published-11 Nov, 2024 | 00:00
Updated-03 Nov, 2025 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. There is a plausible way to reach this remotely via soup_message_headers_get_content_type (e.g., an application may want to retrieve the content type of a request or response).

Action-Not Available
Vendor-The GNOME Project
Product-libsouplibsoup
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-42415
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-8.4||HIGH
EPSS-0.46% / 36.90%
||
7 Day CHG~0.00%
Published-03 Oct, 2024 | 15:24
Updated-03 Nov, 2025 | 22:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library (libgsf). A specially crafted file can result in an integer overflow that allows for a heap-based buffer overflow when processing the sector allocation table. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-The GNOME Project
Product-libgsfG Structured File Library (libgsf)libgsf
CWE ID-CWE-190
Integer Overflow or Wraparound
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 7
  • 8
  • Next