VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
634 advisories across 32 monitored vendors.
Denial of Service via crafted IPv6 response. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-125.
Denial of service or information disclosure via malformed SSH publickey response. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-824.
Nx is a monorepo solution for TypeScript and polyglot codebases. From 17.0.4 until 22.7.2 and 23.0.0-beta.2, the local HTTP server started by nx graph sent Access-Control-Allow-Origin: * on every response, letting any website a developer visited read the server's responses cross-origin — including the full project graph and the output of the /help endpoint, which runs a target's configured help command. The practical impact is typically cross-origin information disclosure, but can be arbitrary command injection in rare cases. A flaw was found in Nx, a monorepo solution for managing multiple projects. This misconfiguration allows a remote attacker to read sensitive project information, such as the full project graph, from a developer's system when they visit a malicious website. Red Hat severity: Moderate — CVSS 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N). Weakness: CWE-346. Affected Red Hat products: Red Hat Ansible Automation Platform 2; Red Hat Enterprise Linux 10. Red Hat does not currently list a fixing RHSA for this CVE.
OAuth2 filter late async token completion after stream teardown (UAF / crash risk). Red Hat rates this moderate (CVSS 5.9). Weakness: CWE-416.
ext_authz Use-After-Free during Stream Teardown with Per-Route Overrides. Red Hat rates this moderate (CVSS 5.9). Weakness: CWE-416.
PROXY Protocol v2 header generator emits "skipped" TLVs, causing 65 KB attacker-controlled spillover into the upstream application stream. Red Hat rates this moderate (CVSS 4.8). Weakness: CWE-130.
Envoy Heap Buffer Overflow in TcpStatsdSink. Red Hat rates this moderate (CVSS 5.9). Weakness: CWE-787.
Denial of Service via Connect protocol request. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-476.
Null pointer deref in internal redirects. Red Hat rates this moderate (CVSS 5.9). Weakness: CWE-476.
Information disclosure via malicious certificate with NUL byte in DNS Subject Alternative Name (SAN). Red Hat rates this moderate (CVSS 4.4). Weakness: CWE-170.
Host filesystem modification via malicious container image WORKDIR symlink. Red Hat rates this moderate (CVSS 5.8). Weakness: CWE-59. Red Hat lists fixing advisory RHSA-2026:29954 with package podman-main-6.0.0-1.hum1.
Denial of Service via crafted document archives. Red Hat rates this moderate (CVSS 5.5). Weakness: CWE-611.
Denial of Service via deeply nested ASN.1 structure. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-776.
A vulnerability in jupyter/nbconvert versions <= 7.17.0 allows for Cross-site Scripting (XSS) via unsanitized `text/vnd.mermaid` output in HTML exports. The `data_mermaid` block in `share/templates/lab/base.html.j2` renders `text/vnd.mermaid` cell output directly into HTML without escaping, enabling attackers to inject arbitrary HTML/JavaScript by breaking out of the `<pre>` tag. This vulnerability impacts any server using nbconvert to render notebooks as HTML, allowing attackers to execute arbitrary JavaScript in the context of users viewing the HTML export. A flaw was found in nbconvert. This vulnerability allows a remote attacker to perform Cross-site Scripting (XSS) by injecting arbitrary HTML or JavaScript code. The vulnerability arises from improper sanitization of `text/vnd.mermaid` output during HTML export, enabling injection of malicious code when a user views an exported notebook from an untrusted source. This impacts Red Hat OpenShift AI, Migration Toolkit for Applications, and Red Hat Satellite, where `nbconvert` is utilized for notebook rendering. Red Hat severity: Moderate — CVSS 5.4 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). Weakness: CWE-79. Red Hat does not currently list a fixing RHSA for this CVE. Affected products named by the advisory: Migration Toolkit for Applications 8; Red Hat OpenShift AI (RHOAI); Red Hat Satellite 6.
Silent authority rebinding due to embedded-nul hostnames in TLS handling. Red Hat rates this moderate (CVSS 5.6). Weakness: CWE-170. Red Hat lists fixing advisory RHSA-2026:35272 with package nodejs20-main-20.20.2-1.hum1, nodejs:24-9080020260626074955.rhel9, nodejs:22-9080020260626075442.rhel9, nodejs25-main-25.9.0-1.1.hum1. Affected product named by the advisory: Red Hat Enterprise Linux 1.
Denial of Service via unlimited HTTP/2 ORIGIN frames. Red Hat rates this moderate (CVSS 5.3). Weakness: CWE-770. Red Hat lists fixing advisory RHSA-2026:35272 with package nodejs20-main-20.20.2-1.hum1, nodejs:24-9080020260626074955.rhel9, nodejs:22-9080020260626075442.rhel9, nodejs25-main-25.9.0-1.1.hum1. Affected product named by the advisory: Red Hat Enterprise Linux 1.
Certification validation bypass in TLS host verification. Red Hat rates this moderate (CVSS 4.3). Weakness: CWE-295. Red Hat lists fixing advisory RHSA-2026:35272 with package nodejs20-main-20.20.2-1.hum1, nodejs:24-9080020260626074955.rhel9, nodejs:22-9080020260626075442.rhel9, nodejs25-main-25.9.0-1.1.hum1. Affected product named by the advisory: Red Hat Enterprise Linux 1.
Trust-policy bypass due to hostname matching inconsistency. Red Hat rates this moderate (CVSS 4.2). Weakness: CWE-289. Red Hat lists fixing advisory RHSA-2026:35272 with package nodejs20-main-20.20.2-1.hum1, nodejs:24-9080020260626074955.rhel9, nodejs:22-9080020260626075442.rhel9, nodejs25-main-25.9.0-1.1.hum1. Affected product named by the advisory: Red Hat Enterprise Linux 1.
Information disclosure of proxy credentials via proxy tunnel error handling. Red Hat rates this moderate (CVSS 5.9). Weakness: CWE-209. Red Hat lists fixing advisory RHSA-2026:35892 with package nodejs20-main-20.20.2-1.hum1, nodejs22-main-22.23.1-1.hum1, nodejs24-main-24.18.0-0.1.hum1, nodejs26-main-26.4.0-1.2.hum1. Affected product named by the advisory: Red Hat Enterprise Linux 1.
A flaw was found in KubeVirt's network annotation generator. When a tenant creates a VirtualMachineInstance with a Multus network configuration, the supplied networkName value is written verbatim into the launcher pod's v1.multus-cni.io/default-network annotation without format validation or sanitization. The only admission check rejects empty strings; no DNS-1123 format validation, JSON detection, or special character rejection is performed. When the ExternalNetResourceInjection Beta feature gate is enabled (off by default, cluster-admin only), the NAD lookup that would otherwise catch malformed names is skipped by design. A tenant with kubevirt.io:edit permissions can inject a JSON-formatted NetworkSelectionElement array specifying an arbitrary namespace, NAD name, static IP address, and MAC address. Multus on the node parses this JSON and attaches the launcher pod to the specified network attachment in any namespace, enabling cross-namespace network access and IP/MAC impersonation on network segments normally segregated from tenant workloads. The ExternalNetResourceInjection feature gate was introduced in KubeVirt v1.8.0 (first shipped in OpenShift Virtualization 4.21). Red Hat has assessed this flaw as Moderate impact for OpenShift Virtualization.