VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
Advisories the vendor has revised
GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to modify group-level settings beyond their intended permissions due to improper authorization controls.
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to create a repository where the content displayed in the web interface differed from the content available for download, due to improper handling of Git reference name resolution.
Auditor-level users can modify compliance records via improper authorization in GraphQL. Red Hat rates this low (CVSS 2.7). Weakness: CWE-639.
Magick.NET-Q16-HDRI-x64: Magick.NET-Q16-HDRI-x86: Magick.NET-Q16-OpenMP-arm64: Magick.NET-Q16-OpenMP-x64: Magick.NET-Q16-OpenMP-x86: Magick.NET-Q16-arm64: Magick.NET-Q16-x64: Magick.NET-Q16-x86: Magick.NET-Q8-AnyCPU: Magick.NET-Q8-OpenMP-arm64: Magick.NET-Q8-OpenMP-x64: Magick.NET-Q8-arm64: Magick.NET-Q8-x64: Magick.NET-Q8-x86: ImageMagick: Information disclosure via heap-buffer-overflow read. Red Hat rates this low (CVSS 3.3). Weakness: CWE-125.
Denial of Service and Information Disclosure via heap buffer overflow in FTXT encoder. Red Hat rates this low (CVSS 3.3). Weakness: CWE-125.
A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The issue occurs during the parsing of a PAX extended header containing a malformed SUN.holesdata sparse-file attribute. Successful exploitation could lead to a denial of service, making the system unavailable, or potentially allow for arbitrary code execution, giving the attacker control over the affected system. Red Hat severity: Low — CVSS 3.9 (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L). Affected Red Hat products: Red Hat Hardened Images; Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9. Under investigation: Red Hat OpenShift Container Platform 4. Will not fix / out of support: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Red Hat fixing advisory: RHSA-2026:38279.
Non-constant-time comparison in PBKDF2-SHA256 password verification. Red Hat rates this low (CVSS 3.7). Weakness: CWE-208.
Heap overflow when preparsing SQL statements with excessive placeholders. Red Hat rates this important (CVSS 8.1). Weakness: CWE-131.
DBI for Perl: Out-of-bounds read in SQL comment processing. Red Hat rates this moderate (CVSS 5). Weakness: CWE-125.
Heap buffer overflow via server-supplied filename leads to memory corruption. Red Hat rates this moderate (CVSS 5.9). Weakness: CWE-122.
Static initialization vector in AES-CBC/3DES-CBC attribute encryption. Red Hat rates this moderate (CVSS 4.4). Weakness: CWE-329.
Information disclosure via heap buffer over-read in GDALRaster. Red Hat rates this low (CVSS 4.8). Weakness: CWE-126.
heap-buffer-overflow in DN normalization via quoted multivalued RDN. Red Hat rates this moderate (CVSS 5.3). Weakness: CWE-122.
webrtcbin accepts remote SDP without a=fingerprint due to inverted presence check. Red Hat rates this low (CVSS 3.7). Weakness: CWE-670.
Information disclosure due to improper caching of Set-Cookie responses. Red Hat rates this low (CVSS 3.1). Weakness: CWE-524.
HTTP header injection via DomainNameValidator accepting newlines. Red Hat rates this low (CVSS 3.7). Weakness: CWE-113.