VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
1548 advisories across 32 monitored vendors.
Denial of Service via crafted input. Red Hat rates this important (CVSS 7.5). Weakness: CWE-1050. Red Hat lists fixing advisory RHSA-2026:37577 with package dotnet8-0-main-8.0.128-1.1.hum1.
Information disclosure via path traversal vulnerability. Red Hat rates this important (CVSS 7.5). Weakness: CWE-22.
@anthropic-ai/claude-code: Claude Code: Arbitrary code execution through git directory confusion. Red Hat rates this important (CVSS 7.1). Weakness: CWE-59.
Security policy bypass due to improper Unicode hostname canonicalization. Red Hat rates this important (CVSS 7.5). Weakness: CWE-551.
Symlink traversal privilege escalation via libacl functions. Red Hat rates this important (CVSS 7.1). Weakness: CWE-59. Red Hat lists fixing advisory RHSA-2026:34351 with package acl-main-2.4.0-0.1.hum1.
Command Injection vulnerability in the JavaDoc hover provider of the vscode-java extension. Red Hat rates this important (CVSS 8.8). Weakness: CWE-88. Red Hat lists fixing advisory RHSA-2026:36820 with package devspaces/pluginregistry-rhel9:1782989367.
Remote code injection vulnerability. Red Hat rates this important (CVSS 7.3). Weakness: CWE-94.
Memory corruption via crafted Photo CD (PCD) file. Red Hat rates this important (CVSS 8.1). Weakness: CWE-787.
Heap buffer overflow via integer overflow in publickey attribute allocation. Red Hat rates this moderate (CVSS 7). Weakness: CWE-787.
Memory corruption via crafted RASC video stream. Red Hat rates this important (CVSS 7.6). Weakness: CWE-787.
Denial of Service via missing host header in specific logging configurations. Red Hat rates this important (CVSS 7.5). Weakness: CWE-476.
Request desynchronization allows security policy bypass via HTTP/3 to HTTP/1 translation. Red Hat rates this important (CVSS 7.5). Weakness: CWE-444.
Denial of Service via specially crafted zstd payload. Red Hat rates this important (CVSS 7.5). Weakness: CWE-770.
Denial of Service via deeply nested JSON objects. Red Hat rates this important (CVSS 7.5). Weakness: CWE-776.
Arbitrary file write and information disclosure via symlink validation bypass. Red Hat rates this important (CVSS 8.1). Weakness: CWE-22.
Information disclosure via malicious container image environment variables. Red Hat rates this important (CVSS 7.5). Weakness: CWE-914. Red Hat lists fixing advisory RHSA-2026:37123 with package podman-7:5.8.2-4.el10_2, podman-6:5.8.2-4.el9_8, podman-main-6.0.0-1.hum1, container-tools:rhel8-8100020260709093628.afee755d. Affected products named by the advisory: Red Hat Enterprise Linux 1; Red Hat Enterprise Linux 9.
Unsafe URI and Path Handling in HTML Backend. Red Hat rates this important (CVSS 7.1). Weakness: CWE-22.
Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence. This vulnerability is rated Important due to the potential for remote exploitation without authentication. Red Hat severity: Important — CVSS 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Weakness: CWE-825. Red Hat lists Migration Toolkit for Applications 8; Red Hat Ansible Automation Platform 2; Red Hat build of Debezium 3; Red Hat OpenShift AI (RHOAI); Red Hat Trusted Profile Analyzer as not affected.
Kerberos pre-authentication bypass via unrecognized PA-DATA. Red Hat rates this important (CVSS 7.3). Weakness: CWE-358.
A flaw was found in KubeVirt's migration proxy. When spec.configuration.migrations.disableTLS is set to true on the KubeVirt custom resource, the target virt-handler binds a plain TCP listener on all interfaces (0.0.0.0/::) on a random port with no authentication, peer allow-list, or handshake token. This listener proxies directly into the target virt-launcher's virtqemud control socket. An attacker with a running pod on the cluster network can connect to this listener and issue unfiltered libvirt RPC commands against another tenant's virtual machine, including reading VM memory and configuration, modifying VM state via QMP, or destroying the VM. The bind address is unconditionally 0.0.0.0 — configuring a dedicated migration network via migrations.network only changes the advertised migration IP, not the listener bind address, so the port remains reachable on the pod network even when a dedicated migration network is configured. The API documentation describes disableTLS as removing "the additional layer of live migration encryption" without disclosing that it also removes all mutual authentication. Red Hat rates this flaw as Moderate impact for OpenShift Virtualization. The disableTLS setting is off by default, can only be enabled by a cluster-admin on the KubeVirt custom resource, and cannot be enabled by tenants through the MigrationPolicy API.