VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
683 advisories across 32 monitored vendors.
DTLS certificate Subject DN stack buffer overflow in openssl_verify_callback. Red Hat rates this important (CVSS 7.5). Weakness: CWE-121.
Heap overflow when preparsing SQL statements with excessive placeholders. Red Hat rates this important (CVSS 8.1). Weakness: CWE-131.
Heap buffer overflow in sasl_io_recv() via padded SASL UNBIND. Red Hat rates this important (CVSS 8.8). Weakness: CWE-122. Red Hat lists fixing advisory RHSA-2026:36209 with package redhat-ds:11-8060020260702180044.0ca98e7e, 389-ds:1.4-8060020260626130540.824efc52, redhat-ds:12-9040020260703055735.1674d574, redhat-ds:11-8100020260702145313.37ed7c03. Affected products named by the advisory: Red Hat Enterprise Linux 9; Red Hat Enterprise Linux 1; Red Hat Enterprise Linux 7.
A flaw was found in SSSD's LDAP sudo provider. When the ldap_sudo_search_base option is not explicitly configured, SSSD searches the entire LDAP directory tree for sudoRole objects. An authenticated attacker with write access to any subtree can inject a sudoRole object granting root-level sudo privileges on all SSSD-enrolled hosts. Red Hat has rated this as Important because the attack requires only low-privilege delegated LDAP write access to any subtree, which is a common delegation pattern in enterprise environments. The default ldap_sudo_search_base configuration searches the entire directory tree, allowing sudo rule injection from outside the intended sudoers container. Red Hat severity: Important — CVSS 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Weakness: CWE-1188. Affected Red Hat products: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9; Red Hat OpenShift Container Platform 4. Will not fix / out of support: Red Hat Enterprise Linux 6. Red Hat does not currently list a fixing RHSA for this CVE.
GPO cache path traversal via unsanitized gPCFileSysPath allows Kerberos authentication bypass. Red Hat rates this moderate (CVSS 8). Weakness: CWE-23.
A flaw was found in c-ares. A use-after-free / double-free vulnerability exists in the query-completion handling path, where a query callback is invoked while the query is still linked in internal lookup structures. A remote attacker can exploit this via ares_getaddrinfo() over TCP by sending crafted DNS responses that force an EDNS-downgrade retry followed by a connection reset, causing the internal completion handler to access freed memory. This leads to memory corruption and a crash (denial of service), with potential for further impact depending on the allocator and build configuration. An attacker can force the client onto TCP by setting the truncation (TC) bit in a UDP response. This is a broader fix for the pattern previously addressed in CVE-2025-31498. All versions of c-ares prior to 1.34.7 are affected. Red Hat severity: Important — CVSS 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-416. Affected Red Hat products: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9; Red Hat Hardened Images; Red Hat OpenShift Container Platform 4. Will not fix / out of support: Red Hat Enterprise Linux 6. Red Hat does not currently list a fixing RHSA for this CVE.
Denial of Service via adversarial regular expression in structured outputs API. Red Hat rates this important (CVSS 7.5). Weakness: CWE-1333.
Denial of Service via malformed speculative decoding workload. Red Hat rates this important (CVSS 7.5). Weakness: CWE-125.
Denial of Service via crafted BDF font file. Red Hat rates this important (CVSS 7.5). Weakness: CWE-770.
Denial of Service via crafted GD 2.x image file. Red Hat rates this important (CVSS 7.5). Weakness: CWE-1285.
Denial of Service via excessive memory allocation when processing font files. Red Hat rates this important (CVSS 7.5). Weakness: CWE-1050.
Denial of Service via crafted PCF font data. Red Hat rates this important (CVSS 7.5). Weakness: CWE-409.
Untrusted Java Deserialization in Apache OpenNLP SvmDoccatModel Versions Affected: before 3.0.0-M4 (libsvm document categorization module; introduced in OPENNLP-1808 and only present on the 3.x line) Description: SvmDoccatModel.deserialize(InputStream) reads an attacker-controlled stream with java.io.ObjectInputStream and calls readObject() without an ObjectInputFilter installed. ObjectInputStream materialises every class referenced in the stream before the resulting object is cast to SvmDoccatModel, so the cast that follows readObject() executes only after the foreign object graph has already been deserialised in full. If a Java deserialization gadget chain is available on the consumer's classpath, a crafted payload supplied to deserialize() executes arbitrary code in the JVM that loads it. Apache OpenNLP itself does not ship a known gadget chain, so the realistic risk is to downstream applications that embed the libsvm module alongside vulnerable transitive dependencies. The method is public and static, so any caller can pass an untrusted stream to it directly. The practical impact is remote code execution against processes that load SvmDoccatModel instances from untrusted or semi-trusted origins. Mitigation: 3.x users should upgrade to 3.0.0-M4.
Remote code execution via untrusted Java deserialization. Red Hat rates this moderate (CVSS 7.3). Weakness: CWE-502.
Path traversal in configDependencies env lockfile allows symlink creation outside node_modules/.pnpm-config. Red Hat rates this important (CVSS 8.2).
patch-remove could delete project-selected files outside the patches directory. Red Hat rates this important (CVSS 7.1). Weakness: CWE-22.
Apache Airflow's Google provider operators `GCSToSFTPOperator` and `GCSTimeSpanFileTransformOperator` joined GCS object names returned by the bucket listing API directly to a destination filesystem path without normalisation or containment check. A user with write access to the source GCS bucket (typically a different trust principal than the DAG author — partner uploads, ingest-only service accounts, public-data buckets) could create an object whose name contains `..` segments and cause the DAG run to write the downloaded blob outside the configured destination (the SFTP `destination_path` for `GCSToSFTPOperator`; the worker-local temp directory for `GCSTimeSpanFileTransformOperator`), enabling overwrite of arbitrary files on the SFTP server or the worker host. Affects deployments that ingest from buckets writable by less-trusted principals. Users are advised to upgrade to `apache-airflow-providers-google` 22.2.1 or later.
Improper Input Validation vulnerability in Apache Camel. This issue affects Apache Camel: from 4.8.0 through 4.18.2, from 4.19.0 through 4.20.0. Users are recommended to upgrade to version 4.18.3, 4.21.0, which fixes the issue.
Improper Input Validation vulnerability in Apache Camel. This issue affects Apache Camel: through 4.14.7, from 4.15.0 through 4.18.2, from 4.19.0 through 4.20.0. Users are recommended to upgrade to version 4.14.8, 4.18.3, 4.21.0, which fixes the issue.
Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery (SSRF) vulnerability in Apache Camel in Iggy component. The camel-iggy consumer mapped the user-headers of inbound Iggy messages into the Camel Exchange header map without applying any HeaderFilterStrategy (IggyFetchRecords copied the message user-headers straight into the Exchange). Because nothing blocked the Camel header namespace, an actor able to publish to the consumed Iggy stream/topic could set Camel-internal control headers - including CamelHttpUri (Exchange.HTTP_URI) - simply by supplying them as message user-headers. In a route where the Iggy consumer feeds a downstream HTTP producer, the injected CamelHttpUri redirects the server-side HTTP request to an attacker-chosen destination (server-side request forgery - for example to an internal service or a cloud metadata endpoint). In addition, the HTTP producer resolves Camel property placeholders on the resulting (attacker-controlled) URI, so placeholders embedded in the injected value - such as an environment-variable reference, an application property, or a vault reference - are resolved to their real values and sent to the attacker, disclosing environment variables, application properties and vault secrets. This issue affects Apache Camel: from 4.17.0 before 4.18.3, from 4.19.0 before 4.21.0.