VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
Critical/high still unreviewed, or CISA KEV listed
Use after free in WebGL. Red Hat rates this critical (CVSS 9.6). Weakness: CWE-825.
Remote Code Execution via unauthenticated requests when `rcd --rc-serve` is enabled. Red Hat rates this important (CVSS 9.8). Weakness: CWE-78.
Information disclosure via XML External Entity (XXE) vulnerability. Red Hat rates this important (CVSS 9.4). Weakness: CWE-611.
Arbitrary code execution via heap-based buffer overflow in HDR file parsing. Red Hat rates this important (CVSS 7.8). Weakness: CWE-131. Red Hat lists fixing advisory RHSA-2026:38485 with package gegl04-0:0.4.62-1.el9_8.1, gegl-0:0.2.0-40.el8_10. Affected products named by the advisory: Red Hat Enterprise Linux 9; Red Hat Enterprise Linux 8.
Arbitrary JavaScript execution due to Strict Contextual Escaping (SCE) bypass. Red Hat rates this important (CVSS 7.6). Weakness: CWE-79.
Arbitrary file write via crafted symbolic links during archive extraction. Red Hat rates this important (CVSS 8). Weakness: CWE-22.
Use after free in Web Authentication. Red Hat rates this important (CVSS 7.5). Weakness: CWE-825.
Use after free in Blink. Red Hat rates this important (CVSS 8.8). Weakness: CWE-825.
Insufficient validation of untrusted input in DevTools. Red Hat rates this important (CVSS 8.3). Weakness: CWE-368.
Use after free in Digital Credentials. Red Hat rates this important (CVSS 8.8). Weakness: CWE-825.
Use after free in FileSystem. Red Hat rates this important (CVSS 8.8). Weakness: CWE-825.
Use after free in Autofill. Red Hat rates this critical (CVSS 8.8). Weakness: CWE-825.
Out of bounds read in Blink>InterestGroups. Red Hat rates this critical (CVSS 8.8). Weakness: CWE-125.
Remote code execution via Zip Slip vulnerability in model download. Red Hat rates this important (CVSS 8.3). Weakness: CWE-22.
Remote code execution via malicious HTML in Playwright-based rendering. Red Hat rates this important (CVSS 8.2). Weakness: CWE-918.
Denial of Service via crafted Markdown input. Red Hat rates this important (CVSS 7.5). Weakness: CWE-1333.
Denial of Service via crafted nested query strings. Red Hat rates this important (CVSS 7.5). Weakness: CWE-770.
Remote Code Execution via Unsafe Deserialization in gRPC Registry Server. Red Hat rates this important (CVSS 8.8). Weakness: CWE-502.
Arbitrary code execution outside sandbox. Red Hat rates this important (CVSS 8.5). Weakness: CWE-917.
A flaw was found in Jenkins Script Security Plugin. This vulnerability allows attackers who can provide sandboxed Groovy scripts to bypass security sandbox protections. By exploiting a failure to properly intercept implicit type casts in typed for-each loops, an attacker can invoke arbitrary constructors, potentially leading to arbitrary code execution within the Jenkins environment. The scope is unchanged (S:U) because the sandbox and the Jenkins controller share the same security authority — a sandbox escape executes code in the same context rather than crossing a trust boundary to a separate system. Red Hat severity: Important — CVSS 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Weakness: CWE-1287: Improper Validation of Specified Type of Input. Affected product named by the advisory: OpenShift Developer Tools and Services.