Advisories the vendor has revised
Unbounded GraphQL query depth allows authenticated denial of service. Red Hat rates this important (CVSS 7.7). Weakness: CWE-400. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Arbitrary Code Execution via Untrusted JAR File Loading. Red Hat rates this important (CVSS 7.8). Weakness: CWE-347. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
account for fraggap on the paged allocation path. Red Hat rates this important (CVSS 7). Weakness: CWE-131. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Require in-GHCB scratch area if GHCB v2+ is in use. Red Hat rates this important (CVSS 7). Weakness: CWE-787. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Fix shadow paging use-after-free due to unexpected role. Red Hat rates this important (CVSS 7). Weakness: CWE-825. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Arbitrary code execution via deserialization vulnerability. Red Hat rates this important (CVSS 8.8). Weakness: CWE-502. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Arbitrary file read and code execution via path traversal. Red Hat rates this important (CVSS 7.5). Weakness: CWE-22. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Denial of Service in TLS 1.3 session ticket handling. Red Hat rates this important (CVSS 7.5). Weakness: CWE-130. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Denial of Service via unvalidated endpoint URL length. Red Hat rates this important (CVSS 7.5). Weakness: CWE-1284. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Denial of Service via uncontrolled resource consumption in JSON parsing. Red Hat rates this important (CVSS 7.5). Weakness: CWE-770. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Remote code execution via JNDI injection. Red Hat rates this important (CVSS 7.5). Weakness: CWE-502. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
SQL Injection vulnerability. Red Hat rates this important (CVSS 7.3). Weakness: CWE-89. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Security bypass via Container Device Interface (CDI) annotation smuggling during checkpoint restoration.. Red Hat rates this important (CVSS 8.2). Weakness: CWE-807. Affected package(s): syft-main, trivy-main. Resolved in Red Hat advisory RHSA-2026:15862 — update the affected packages (`sudo dnf update`).
Privilege escalation via incorrect user ID handling. Red Hat rates this important (CVSS 7.8). Weakness: CWE-681. Affected package(s): trivy-main. Resolved in Red Hat advisory RHSA-2026:35111 — update the affected packages (`sudo dnf update`).
Denial of Service via excessive HTTP headers. Red Hat rates this important (CVSS 7.5). Weakness: CWE-770. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Denial of Service via crafted ALZ file. Red Hat rates this important (CVSS 7.5). Weakness: CWE-120. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Denial of Service via crafted DMG file. Red Hat rates this important (CVSS 7.5). Weakness: CWE-190. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Denial of Service via crafted 7z file. Red Hat rates this important (CVSS 7.5). Weakness: CWE-120. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Denial of Service via crafted PESpin file. Red Hat rates this important (CVSS 7.5). Weakness: CWE-120. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Denial of Service via crafted InstallShield file. Red Hat rates this important (CVSS 7.5). Weakness: CWE-770. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Denial of Service via crafted Portable Executable (PE) files. Red Hat rates this important (CVSS 7.5). Weakness: CWE-787. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Denial of Service via crafted FSG file parsing. Red Hat rates this important (CVSS 7.5). Weakness: CWE-787. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Privilege escalation to administrator-level access via usergroup role assignment manipulation. Red Hat rates this important (CVSS 8.8). Weakness: CWE-266. Affected package(s): foreman. Resolved in Red Hat advisory RHSA-2026:34366 — update the affected packages (`sudo dnf update`).
Authentication bypass via predictable session IDs. Red Hat rates this important (CVSS 7.4). Weakness: CWE-331. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Host-root command execution via unvalidated image config labels in CRI plugin. Red Hat rates this important (CVSS 8.8). Weakness: CWE-78. Affected package(s): trivy-main. Resolved in Red Hat advisory RHSA-2026:35111 — update the affected packages (`sudo dnf update`).
Remote code execution via deserialization vulnerability. Red Hat rates this important (CVSS 7.5). Weakness: CWE-502. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Arbitrary code execution through AppImage library loading vulnerability. Red Hat rates this important (CVSS 7.3). Weakness: CWE-427. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Discuss the latest advisories, swap patch-day notes with other infra teams, and get support — straight from the people who run VulniPulse.
Join the communityIf you want to support server/domain costs, please donate below — much love ❤️
Donate