VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
1699 advisories across 32 monitored vendors.
PROXY Protocol v2 header generator emits "skipped" TLVs, causing 65 KB attacker-controlled spillover into the upstream application stream. Red Hat rates this moderate (CVSS 4.8). Weakness: CWE-130.
Envoy Heap Buffer Overflow in TcpStatsdSink. Red Hat rates this moderate (CVSS 5.9). Weakness: CWE-787.
Denial of Service via Connect protocol request. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-476.
Null pointer deref in internal redirects. Red Hat rates this moderate (CVSS 5.9). Weakness: CWE-476.
Information disclosure via malicious certificate with NUL byte in DNS Subject Alternative Name (SAN). Red Hat rates this moderate (CVSS 4.4). Weakness: CWE-170.
Host filesystem modification via malicious container image WORKDIR symlink. Red Hat rates this moderate (CVSS 5.8). Weakness: CWE-59. Red Hat lists fixing advisory RHSA-2026:29954 with package podman-main-6.0.0-1.hum1.
Denial of Service via crafted document archives. Red Hat rates this moderate (CVSS 5.5). Weakness: CWE-611.
Denial of Service via deeply nested ASN.1 structure. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-776.
A vulnerability in jupyter/nbconvert versions <= 7.17.0 allows for Cross-site Scripting (XSS) via unsanitized `text/vnd.mermaid` output in HTML exports. The `data_mermaid` block in `share/templates/lab/base.html.j2` renders `text/vnd.mermaid` cell output directly into HTML without escaping, enabling attackers to inject arbitrary HTML/JavaScript by breaking out of the `<pre>` tag. This vulnerability impacts any server using nbconvert to render notebooks as HTML, allowing attackers to execute arbitrary JavaScript in the context of users viewing the HTML export. A flaw was found in nbconvert. This vulnerability allows a remote attacker to perform Cross-site Scripting (XSS) by injecting arbitrary HTML or JavaScript code. The vulnerability arises from improper sanitization of `text/vnd.mermaid` output during HTML export, enabling injection of malicious code when a user views an exported notebook from an untrusted source. This impacts Red Hat OpenShift AI, Migration Toolkit for Applications, and Red Hat Satellite, where `nbconvert` is utilized for notebook rendering. Red Hat severity: Moderate — CVSS 5.4 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). Weakness: CWE-79. Red Hat does not currently list a fixing RHSA for this CVE. Affected products named by the advisory: Migration Toolkit for Applications 8; Red Hat OpenShift AI (RHOAI); Red Hat Satellite 6.
Silent authority rebinding due to embedded-nul hostnames in TLS handling. Red Hat rates this moderate (CVSS 5.6). Weakness: CWE-170. Red Hat lists fixing advisory RHSA-2026:35272 with package nodejs20-main-20.20.2-1.hum1, nodejs:24-9080020260626074955.rhel9, nodejs:22-9080020260626075442.rhel9, nodejs25-main-25.9.0-1.1.hum1. Affected product named by the advisory: Red Hat Enterprise Linux 1.
Denial of Service via unlimited HTTP/2 ORIGIN frames. Red Hat rates this moderate (CVSS 5.3). Weakness: CWE-770. Red Hat lists fixing advisory RHSA-2026:35272 with package nodejs20-main-20.20.2-1.hum1, nodejs:24-9080020260626074955.rhel9, nodejs:22-9080020260626075442.rhel9, nodejs25-main-25.9.0-1.1.hum1. Affected product named by the advisory: Red Hat Enterprise Linux 1.
Certification validation bypass in TLS host verification. Red Hat rates this moderate (CVSS 4.3). Weakness: CWE-295. Red Hat lists fixing advisory RHSA-2026:35272 with package nodejs20-main-20.20.2-1.hum1, nodejs:24-9080020260626074955.rhel9, nodejs:22-9080020260626075442.rhel9, nodejs25-main-25.9.0-1.1.hum1. Affected product named by the advisory: Red Hat Enterprise Linux 1.
Trust-policy bypass due to hostname matching inconsistency. Red Hat rates this moderate (CVSS 4.2). Weakness: CWE-289. Red Hat lists fixing advisory RHSA-2026:35272 with package nodejs20-main-20.20.2-1.hum1, nodejs:24-9080020260626074955.rhel9, nodejs:22-9080020260626075442.rhel9, nodejs25-main-25.9.0-1.1.hum1. Affected product named by the advisory: Red Hat Enterprise Linux 1.
Information disclosure of proxy credentials via proxy tunnel error handling. Red Hat rates this moderate (CVSS 5.9). Weakness: CWE-209. Red Hat lists fixing advisory RHSA-2026:35892 with package nodejs20-main-20.20.2-1.hum1, nodejs22-main-22.23.1-1.hum1, nodejs24-main-24.18.0-0.1.hum1, nodejs26-main-26.4.0-1.2.hum1. Affected product named by the advisory: Red Hat Enterprise Linux 1.
A flaw was found in KubeVirt's network annotation generator. When a tenant creates a VirtualMachineInstance with a Multus network configuration, the supplied networkName value is written verbatim into the launcher pod's v1.multus-cni.io/default-network annotation without format validation or sanitization. The only admission check rejects empty strings; no DNS-1123 format validation, JSON detection, or special character rejection is performed. When the ExternalNetResourceInjection Beta feature gate is enabled (off by default, cluster-admin only), the NAD lookup that would otherwise catch malformed names is skipped by design. A tenant with kubevirt.io:edit permissions can inject a JSON-formatted NetworkSelectionElement array specifying an arbitrary namespace, NAD name, static IP address, and MAC address. Multus on the node parses this JSON and attaches the launcher pod to the specified network attachment in any namespace, enabling cross-namespace network access and IP/MAC impersonation on network segments normally segregated from tenant workloads. The ExternalNetResourceInjection feature gate was introduced in KubeVirt v1.8.0 (first shipped in OpenShift Virtualization 4.21). Red Hat has assessed this flaw as Moderate impact for OpenShift Virtualization.
In the Linux kernel, the following vulnerability has been resolved: net: dsa: remove redundant netdev_lock_ops() from conduit ethtool ops DSA replaces the conduit (master) device's ethtool_ops with its own wrappers that aggregate stats from both the conduit and DSA switch ports. Taking the lock again inside the DSA wrappers causes a deadlock. Stumbled upon this when booting qemu with fbnic and CONFIG_NET_DSA_LOOP=y (which looks like some kind of testing device that auto-populates the ports of eth0). `ethtool -i` is enough to deadlock. This means we have basically zero coverage for DSA stuff with real ops locked devs. A flaw was found in the Linux kernel's Distributed Switch Architecture (DSA) subsystem. A local attacker can exploit this by using the `ethtool -i` command, causing the system to become unresponsive and resulting in a denial of service. Red Hat severity: Moderate — CVSS 5.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-764. Red Hat lists Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9 as not affected.
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix AMDGPU_INFO_READ_MMR_REG There were multiple issues in that code. First of all the order between the reset semaphore and the mm_lock was wrong (e.g. copy_to_user) was called while holding the lock. Then we allocated memory while holding the reset semaphore which is also a pretty big bug and can deadlock. Then we used down_read_trylock() instead of waiting for the reset to finish. (cherry picked from commit 361b6e6b303d4b691f6c5974d3eaab67ca6dd90e) A flaw was found in the Linux kernel's AMDGPU graphics driver. Multiple issues exist within the `AMDGPU_INFO_READ_MMR_REG` function, including an incorrect order of operations between the reset semaphore and the memory management lock, and memory allocation while holding the reset semaphore. These issues can lead to a system deadlock, resulting in a Denial of Service (DoS) for affected systems. Red Hat severity: Moderate — CVSS 5.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-833. Red Hat lists Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9 as not affected.
In the Linux kernel, the following vulnerability has been resolved: drm/amd/ras: Fix NULL deref in ras_core_get_utc_second_timestamp() ras_core_get_utc_second_timestamp() retrieves the current UTC timestamp (in seconds since the Unix epoch) through a platform-specific RAS system callback and is used for timestamping RAS error events. The function checks ras_core in the conditional statement before calling the sys_fn callback. However, when the condition fails, the function prints an error message using ras_core->dev. If ras_core is NULL, this can lead to a potential NULL pointer dereference when accessing ras_core->dev. Add an early NULL check for ras_core at the beginning of the function and return 0 when the pointer is not valid. This prevents the dereference and makes the control flow clearer. Red Hat severity: Low — CVSS 5.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Red Hat lists Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9 as not affected.
In the Linux kernel, the following vulnerability has been resolved: arm_mpam: Check whether the config array is allocated before destroying it __destroy_component_cfg() is called to free the configuration array. It uses the embedded 'garbage' structure, which means the array has to be allocated. If __destroy_component_cfg() is called from mpam_disable() before the configuration was ever allocated, then a NULL pointer is dereferenced. Check for this case and return early if the configuration is not allocated. __destroy_component_cfg() also frees the mbwu_state as this is allocated by __allocate_component_cfg(). As the mbwu_state is allocated after comp->cfg is set, and is also under mpam_list_lock, only the first pointer needs checking. This can lead to a null pointer dereference, potentially causing a system crash and resulting in a Denial of Service (DoS). Red Hat severity: Low — CVSS 5.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-909. Affected Red Hat products: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 9. Red Hat does not currently list a fixing RHSA for this CVE.
In the Linux kernel, the following vulnerability has been resolved: usb: typec: ps883x: Fix Oops at unbind When trying to unbind a device in order to bind to it vfio-platform as: echo bc0000.geniqup > /sys/bus/platform/devices/bc0000.geniqup/driver/unbind I get the following Oops: [ 436.478639] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020 [ 436.487762] Mem abort info: [ 436.490716] ESR = 0x0000000096000004 [ 436.494595] EC = 0x25: DABT (current EL), IL = 32 bits [ 436.500071] SET = 0, FnV = 0 [ 436.503250] EA = 0, S1PTW = 0 [ 436.506505] FSC = 0x04: level 0 translation fault [ 436.511533] Data abort info: [ 436.514558] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 436.520215] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 436.525436] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 436.530918] user pgtable: 4k pages, 48-bit VAs, pgdp=00000008861a9000 [ 436.537554] [0000000000000020] pgd=0000000000000000, p4d=0000000000000000 [ 436.544548] Internal error: Oops: 0000000096000004 [#1] SMP [ 436.550374] Modules linked in: [ 436.553542] CPU: 2 UID: 0 PID: 671 Comm: bash Tainted: G W 7.0.0-rc3-g56fcdd0911a5-dirty #2 PREEMPT [ 436.564440] Tainted: [W]=WARN [ 436.567515] Hardware name: LENOVO 91B6CTO1WW/3796, BIOS O6NKT3BA 05/02/2025 [ 436.574675] pstate: 21400005 (nzCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 436.581841] pc : ps883x_retimer_remove+0x…