VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
3969 advisories across 32 monitored vendors.
Information disclosure via truncated RDPGFX planar payload. Red Hat rates this moderate (CVSS 5.4). Weakness: CWE-125.
Server-Side Request Forgery via FTP PASV response IP address validation bypass. Red Hat rates this moderate (CVSS 5.9). Weakness: CWE-918.
Arbitrary file overwrite via CLI command. Red Hat rates this moderate (CVSS 6). Weakness: CWE-22.
Use-after-free vulnerability in PDB decoder allows denial of service or limited data corruption. Red Hat rates this moderate (CVSS 5.9). Weakness: CWE-825.
Improper Privilege Management, Improper Access Control vulnerability in Apache IoTDB. Authenticated users can escalate to full tree-path access by renaming themselves to __internal_auditor. This issue affects Apache IoTDB: from 2.0.8 before 2.0.10. Users are recommended to upgrade to version 2.0.10, which fixes the issue.
All supported versions of FreeBSD are susceptible to a vulnerability which when successfully exploited could allow an attacker with the ability to debug a process to produce misleading audit trails. Successful exploitation of this vulnerability could lead to addition or modification of data. NetApp states there is no workaround available at this time.
Apache Log4j versions 2.21.0 through 2.25.3 and 3.0.0-alpha1 through 3.0.0-beta3 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data. Successful exploitation of this vulnerability could lead to addition or modification of data. Affected products: Data Infrastructure Insights and Data Secure Storage Workload Security Agent. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
All supported versions of FreeBSD are susceptible to a vulnerability which when successfully exploited could allow an attacker to delete files outside the intended directory tree. Successful exploitation of this vulnerability could lead to addition or modification of data. NetApp states there is no workaround available at this time.
FreeBSD 14.3, 14.4 and 15.0 are susceptible to a vulnerability which when successfully exploited could allow an unprivileged user to observe a small amount of uninitialized kernel stack data. Successful exploitation of this vulnerability could lead to disclosure of sensitive information. NetApp states there is no workaround available at this time.
Apache Log4cxx versions prior to 1.7.0 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data. Successful exploitation of this vulnerability could lead to addition or modification of data. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
Information disclosure via HTTP redirect following with credential resending. Red Hat rates this low (CVSS 3.1). Weakness: CWE-201.
Denial of Service via memory leak in APP1JPEG image processing. Red Hat rates this low (CVSS 3.3). Weakness: CWE-772.
In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: preserve shared-frag marker in iptfs_consume_frags() iptfs_consume_frags() transfers paged fragments from one socket buffer to another but fails to propagate the SKBFL_SHARED_FRAG flag. This is the same class of bug that was fixed in skb_try_coalesce() for CVE-2026-46300: when fragments backed by read-only page-cache pages are merged, the marker indicating their shared nature must be preserved so that ESP can decide correctly whether in-place encryption is safe. Apply the same two-line fix used in skb_try_coalesce() to iptfs_consume_frags(). A flaw was found in the Linux kernel's `iptfs` component, part of the IPSec framework. This can cause the Encapsulating Security Payload (ESP) to make incorrect security decisions regarding in-place encryption, potentially impacting the integrity or confidentiality of network traffic. Red Hat severity: not rated. Weakness: CWE-821. Red Hat lists Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9 as not affected.
The blobs.yml path key traversal vulnerability in the BOSH CLI tool allows an attacker to write arbitrary files and exfiltrate sensitive information. Affected versions: BOSH CLI tool versions prior to v7.10.4.
An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause license exhaustion. Due to an incorrect initialization, a process which should only be able to communicate internally within the device, can be reached over the network via an open port. This leads to unauthorized access to the license management. This issue affects all Junos OS Evolved versions before 23.2R2-EVO.
An Improper Validation of Syntactic Correctness of Input vulnerability in the SIP plugin of Juniper Networks Junos OS on MX Series with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).If the SIP ALG is enabled on an affected device, the processing of a malformed SIP invite packet will cause a flow processing daemon (flowd) crash and restart. This leads to a complete service outage until the system has automatically recovered. This issue affects Junos OS on MX Series with SPC3 and SRX Series: * all versions before 23.2R2-S7, * 23.4 versions before 23.4R2-S8, * 24.2 versions before 24.2R2-S5, * 24.4 versions before 24.4R2-S4, * 25.2 versions before 25.2R2, * 25.4 versions before 25.4R1-S2. Affected products named by the advisory: MX. Affected products named by the advisory: MX.
An Improper Validation of Specified Quantity in Input vulnerability in the TCP proxy plugin of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated, network-based attacker to cause a complete Denial of Service (DoS). When TCP proxy is engaged in a flow session, to support ALGs, Advanced Anti-Malware, ICAP or UTM, a TCP packet with specifically malformed TCP header will cause flow processing daemon (flowd) to crash and restart. This causes a complete service outage until the system has automatically recovered. This issue affects Junos OS on MX with SPC3, and SRX Series: * 23.4 versions before 23.4R2-S7, * 24.2 versions before 24.2R2-S4, * 24.4 versions before 24.4R2-S3, * 25.2 versions before 25.2R2. This issue does not affect releases before 23.4R1. Affected products named by the advisory: MX. Affected products named by the advisory: MX.
CPU Denial of Service in HTML parser via repeated unterminated markup declarations. Red Hat rates this important (CVSS 7.5). Weakness: CWE-835. Red Hat lists fixing advisory RHSA-2026:37535 with package python3-12-main-3.12.13-3.5.hum1, python3-11-main-3.11.15-5.2.hum1, python3-14-main-3.14.6-1.3.hum1, python3-13-main-3.13.14-1.3.hum1.
Command Injection via GPS device subtype allows arbitrary code execution. Red Hat rates this important (CVSS 7.8). Weakness: CWE-78.
Local privilege escalation via symlink attack in guest-ssh-add-authorized-keys. Red Hat rates this important (CVSS 7.3). Weakness: CWE-61.