Rosa virtualization

This hub aggregates every CVE we track for Rosa virtualization, a product in the operating systems space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Rosa virtualization.

• CVE-2025-66293LIBPNG has an out-of-bounds read in png_image_read_composite7.1Dec 3, 2025
• CVE-2025-65018LIBPNG is vulnerable to a heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read`7.1Nov 24, 2025
• CVE-2025-40778Cache poisoning attacks with unsolicited RRs8.6Oct 22, 2025
• CVE-2025-9086Out of bounds read for cookie path7.5Sep 12, 2025
• CVE-2025-58364cups: Remote DoS via null dereference6.5Sep 11, 2025
• CVE-2025-58060cups has Authentication bypass with AuthType Negotiate8.0Sep 11, 2025
• CVE-2025-5994Cache poisoning via the ECS-enabled Rebirthday Attack7.5Jul 16, 2025
• CVE-2025-53906Vim has path traversal issue with zip.vim and special crafted zip archives4.1Jul 15, 2025
• CVE-2025-53905Vim has path traversial issue with tar.vim and special crafted tar files4.1Jul 15, 2025
• CVE-2025-6965Integer Truncation on SQLite9.8Jul 15, 2025
• CVE-2025-6395Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite()6.5Jul 10, 2025
• CVE-2025-32990Gnutls: vulnerability in gnutls certtool template parsing6.5Jul 10, 2025
• CVE-2025-32988Gnutls: vulnerability in gnutls othername san export6.5Jul 10, 2025
• CVE-2025-7345Gdk‑pixbuf: heap‑buffer‑overflow in gdk‑pixbuf7.5Jul 8, 2025
• CVE-2025-5372Libssh: incorrect return code handling in ssh_kdf() in libssh5.0Jul 4, 2025