VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
304 advisories across 32 monitored vendors.
Heap buffer overflow in WebML. Red Hat rates this critical (CVSS 9.6). No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
TechDocs Mkdocs configuration key enables arbitrary code execution. Red Hat rates this important (CVSS 9.1). Weakness: CWE-791. Affected package(s): rhdh/rhdh-hub-rhel9:1777903262, rhdh/rhdh-hub-rhel9:1776784286. Resolved in Red Hat advisory RHSA-2026:13826 — update the affected packages (`sudo dnf update`).
Signature verification bypass via malicious JWT allows unauthorized access. Red Hat rates this important (CVSS 9.1). Weakness: CWE-347. Affected package(s): ansible-automation-platform, quay/quay-rhel8:1773771962, quay/quay-rhel9:1779204086, quay/quay-rhel8:1773971077, quay/quay-rhel8:1773936323, quay/quay-rhel8:1775169219. Resolved in Red Hat advisory RHSA-2026:6309 — update the affected packages (`sudo dnf update`).
Denial of Service via malformed RTP payload processing. Red Hat rates this important (CVSS 9.8). Weakness: CWE-120. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
org.apache.artemis:artemis-server: org.apache.activemq:artemis-server: Apache Artemis, Apache ActiveMQ Artemis: Message injection and exfiltration due to missing authentication. Red Hat rates this important (CVSS 9.1). Weakness: CWE-306. Affected package(s): eap8-activemq-artemis, artemis-server. Resolved in Red Hat advisory RHSA-2026:3955 — update the affected packages (`sudo dnf update`).
Remote Code Execution via Path Traversal Vulnerability. Red Hat rates this important (CVSS 9.1). Weakness: CWE-22. Affected package(s): rhdh/rhdh-hub-rhel9:1774545605, automation-gateway, ansible-automation-platform, devspaces/traefik-rhel9:1776718585, automation-platform-ui, quay/quay-rhel8:1773971077. Resolved in Red Hat advisory RHSA-2026:5649 — update the affected packages (`sudo dnf update`).
Arbitrary code execution in guest virtual machine via file system modification. Red Hat rates this important (CVSS 9.3). Weakness: CWE-281. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
PDF injection in AcroForm module allows arbitrary JavaScript execution (RadioButton children). Red Hat rates this important (CVSS 9.6). Weakness: CWE-116. Affected package(s): advanced-cluster-security/rhacs-main-rhel8:1775594119, advanced-cluster-security/rhacs-main-rhel8:1775594284. Resolved in Red Hat advisory RHSA-2026:7110 — update the affected packages (`sudo dnf update`).
PDF object injection via unsanitized input in addJS method. Red Hat rates this important (CVSS 9.6). Weakness: CWE-94. Affected package(s): advanced-cluster-security/rhacs-main-rhel8:1775594119, advanced-cluster-security/rhacs-main-rhel8:1775594284. Resolved in Red Hat advisory RHSA-2026:7110 — update the affected packages (`sudo dnf update`).
Arbitrary Code Execution via unsafe JSON Path expression evaluation. Red Hat rates this important (CVSS 9.8). Weakness: CWE-94. Affected package(s): ansible-automation-platform, rhdh/rhdh-hub-rhel9:1775140647. Resolved in Red Hat advisory RHSA-2026:6309 — update the affected packages (`sudo dnf update`).
Authentication bypass allows unauthorized administrative operations due to missing client-side TLS authentication. Red Hat rates this critical (CVSS 9.4). Weakness: CWE-322. Affected package(s): keylime. Resolved in Red Hat advisory RHSA-2026:2225 — update the affected packages (`sudo dnf update`).
Locutus is vulnerable to Prototype Pollution. Red Hat rates this critical (CVSS 9.3). Weakness: CWE-915. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Remote code execution via invalid image processing in the multimodal endpoint.. Red Hat rates this critical (CVSS 9.8). Weakness: CWE-209. Affected package(s): rhaiis/vllm-rocm-rhel9:1782353093, rhaiis/vllm-spyre-rhel9:1782352919, rhaiis/vllm-cuda-rhel9:1782352847, rhoai/odh-vllm-gaudi-rhel9:1772093278, rhoai/odh-vllm-rocm-rhel9:1772093237, rhoai/odh-vllm-cpu-rhel9:1772093436. Resolved in Red Hat advisory RHSA-2026:19712 — update the affected packages (`sudo dnf update`).
Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing. Red Hat rates this important (CVSS 9.8). Weakness: CWE-120. Affected package(s): service-interconnect/skupper-operator-bundle:1.8.8, devspaces/dashboard-rhel9:1770764461, devspaces/pluginregistry-rhel9:1770918006, service-interconnect/skupper-controller-podman-container-rhel9:1.8.8, rhui5/rhua-rhel9:1773670137, openssl. Resolved in Red Hat advisory RHSA-2026:3228 — update the affected packages (`sudo dnf update`).
QGIS GitHub Actions workflow: Remote Code Execution and repository compromise via insecure `pull_request_target` configuration. Red Hat rates this important (CVSS 9.9). Weakness: CWE-863. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Cross-Repository Authorization Bypass via Release Attachment Linking Leads to Private Attachment Disclosure. Red Hat rates this critical (CVSS 9.1). Weakness: CWE-283. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Gitea Git LFS Lock Deletion Broken Access Control (Cross-Repo IDOR). Red Hat rates this critical (CVSS 9.1). Weakness: CWE-639. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Gitea Organization Projects Cross-Organization Authorization Bypass via Project ID (IDOR). Red Hat rates this critical (CVSS 9.1). Weakness: CWE-284. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
possible symlink path traversal in scaffolder actions. Red Hat rates this important (CVSS 9.1). Weakness: CWE-59. Affected package(s): rhdh/rhdh-hub-rhel9:1774545605, rhdh/rhdh-hub-rhel9:1775140647. Resolved in Red Hat advisory RHSA-2026:6174 — update the affected packages (`sudo dnf update`).
OpenStack keystonemiddleware: Privilege escalation and user impersonation via forged authentication headers. Red Hat rates this important (CVSS 9.9). Weakness: CWE-290. Affected package(s): openshift4/ose-ironic-rhel9:1772029626, openshift4/ose-ironic-rhel9:1774266098, openshift4/ose-ironic-rhel9:1773138063, openshift4/ose-ironic-rhel9:1772477045, openshift4/ose-ironic-rhel9:1772176749. Resolved in Red Hat advisory RHSA-2026:3402 — update the affected packages (`sudo dnf update`).