VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
1673 advisories across 32 monitored vendors.
All supported versions of FreeBSD are susceptible to a vulnerability which when successfully exploited could allow an unprivileged local user to escalate their privilege. Successful exploitation of this vulnerability could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS). NetApp states there is no workaround available at this time.
Linux kernel versions 2.6.36-rc1 through 6.1.176, 6.13-rc1 through 6.18.37, 6.19-rc1 through 7.1.2, 6.2-rc1 through 6.6.143 and 6.7-rc1 through 6.12.94 are susceptible to a vulnerability referred to as Januscape which when successfully exploited could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS). NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
All supported versions of FreeBSD are susceptible to a vulnerability which when successfully exploited could allow an unprivileged local user to modify the address space of a SUID binary before its credentials are elevated, potentially gaining full control of the affected system. Successful exploitation of this vulnerability could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS). NetApp states there is no workaround available at this time.
Improper encoding of non-finite floating-point values during MapMessage JSON serialization in Apache Log4j API produces output that is not valid JSON. This issue affects Apache Log4j API versions 2.13.1 through 2.25.4 and version 2.26.0. The fix for CVE-2026-34481 did not cover all code paths: when a MapMessage contains a non-finite IEEE 754 value (NaN, Infinity, or -Infinity), MapMessage.asJson() emits the corresponding bare token. RFC 8259 does not permit these tokens, so a conformant parser rejects the resulting document. The defect is reachable only when both of the following conditions hold: * The application uses the message resolver https://logging.apache.org/log4j/2.x/manual/json-template-layout.html#event-template-resolver-message of JsonTemplateLayout or any other layout that relies on MapMessage.asJson() or MapMessage.getFormattedMessage(new String[]{"JSON"}). * The application logs a MapMessage that contains an attacker-controlled floating-point value. An attacker who can supply a non-finite value can cause the affected layout to emit malformed JSON, which may corrupt the enclosing log record or disrupt downstream log ingestion and parsing. Users are advised to upgrade to Apache Log4j API 2.25.5 or 2.26.1, both of which emit RFC 8259-compliant JSON for non-finite values.
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Prior to 3.0.16, the multipart/form-data request body parser in libmodsecurity silently removes embedded line breaks from non-file form-field values before exporting them to ARGS and ARGS_POST because src/request_body_processor/multipart.cc overwrites reserved bytes in m_reserve instead of appending the current buffer. This creates a parser differential between ModSecurity and backend applications that preserve line breaks in form fields, allowing rules that inspect ARGS or ARGS_POST to miss payloads whose dangerous syntax depends on a line break. This issue is fixed in version 3.0.16. This bypass could lead to the execution of dangerous payloads that rely on line breaks, potentially resulting in a security compromise. This issue is classified as Moderate severity primarily because: Conditions for Exploitation: Successful exploitation requires a specific scenario where the backend application preserves line breaks and is inherently vulnerable to a payload that utilizes those line breaks. Additionally, the ModSecurity configuration must rely on rules inspecting the affected ARGS or ARGS_POST variables to allow the bypass to occur.
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. From 3.0.0 through 3.0.15, the t:utf8toUnicode transformation in src/actions/transformations/utf8_to_unicode.cc produces wrong output on i386 architecture because snprintf uses sizeof on a char pointer rather than the length of the unicode buffer, allowing rules that use this transformation to be bypassed on i386 architecture. This issue is fixed in version 3.0.16. The `t:utf8toUnicode` transformation function, responsible for converting UTF-8 encoded characters to Unicode, generates incorrect output on i386 architectures. This vulnerability allows an attacker to bypass WAF rules, potentially enabling malicious requests to reach the protected application. The consequence is a moderate integrity loss due to the circumvention of security controls. Conditions for Exploitation: Exploitation is strictly limited to 32-bit (i386) architectures, which reduces the likelihood of exploitation in typical deployments. Furthermore, it requires the ModSecurity configuration to actively use rules that rely on the affected transformation function. Impact Limitations: The vulnerability functions solely as a WAF rule bypass and does not directly cause privilege escalation, data corruption, or arbitrary code execution on the host system.
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0, FreeRDP server implementations with the MS-RDPECAM camera device enumerator channel enabled scan attacker-supplied DeviceName and VirtualChannelName fields for a NUL terminator in channels/rdpecam/server/camera_device_enumerator_main.c and then dereference once past the scan bound, allowing a malicious RDP client to trigger a 1- to 2-byte out-of-bounds heap read. This issue is fixed in version 3.28.0. A malicious RDP client can exploit this by manipulating the DeviceName and VirtualChannelName fields, which can lead to information disclosure and denial of service. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L). Weakness: CWE-125. Affected Red Hat products: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9. Will not fix / out of support: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Red Hat does not currently list a fixing RHSA for this CVE.
FreeRDP is a free implementation of the Remote Desktop Protocol. From 3.21.0 before 3.28.0, FreeRDP clients using the GFX pipeline contain an incomplete fix for CVE-2026-23530 in planar_decompress_plane_rle_only in libfreerdp/codec/planar.c, allowing a malicious RDP server to send a truncated RDPGFX_CMDID_WIRETOSURFACE_1 planar payload that reads one byte past the input buffer. This issue is fixed in version 3.28.0. FreeRDP clients using the Graphics (GFX) pipeline are vulnerable to an out-of-bounds read. A malicious RDP server can exploit this by sending a specially crafted, truncated RDPGFX_CMDID_WIRETOSURFACE_1 planar payload. This can lead to reading one byte beyond the intended buffer, potentially disclosing sensitive information or causing a denial of service. Red Hat severity: Moderate — CVSS 5.4 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L). Weakness: CWE-125. Affected Red Hat products: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9. Will not fix / out of support: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Red Hat does not currently list a fixing RHSA for this CVE.
Server-Side Request Forgery via FTP PASV response IP address validation bypass. Red Hat rates this moderate (CVSS 5.9). Weakness: CWE-918.
Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, the psd print sessions dump CLI command in coturn takes a filename argument and directly passes it to fopen with no path validation. An authenticated admin with CLI access can overwrite arbitrary files writable by the coturn process because the command string is used as-is after stripping the psd prefix and leading spaces, allowing truncation and overwrite with session dump data. This issue is fixed in version 4.13.0. An authenticated administrator with command-line interface (CLI) access could exploit a vulnerability in the `psd print sessions dump` command. This flaw allows the administrator to overwrite arbitrary files on the system that are writable by the Coturn process, potentially leading to data corruption or denial of service. This flaw affects the community-maintained coturn TURN/STUN server as shipped in Fedora and EPEL. Red Hat does not ship coturn in any core Red Hat product. Fedora and EPEL currently ship coturn 4.14.0, which already includes the fix released in 4.13.0, so the shipped builds are not vulnerable to this arbitrary file overwrite via the CLI psd command. Red Hat severity: Moderate — CVSS 6 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H). Weakness: CWE-22.
Use-after-free vulnerability in PDB decoder allows denial of service or limited data corruption. Red Hat rates this moderate (CVSS 5.9). Weakness: CWE-825.
Improper Privilege Management, Improper Access Control vulnerability in Apache IoTDB. Authenticated users can escalate to full tree-path access by renaming themselves to __internal_auditor. This issue affects Apache IoTDB: from 2.0.8 before 2.0.10. Users are recommended to upgrade to version 2.0.10, which fixes the issue.
All supported versions of FreeBSD are susceptible to a vulnerability which when successfully exploited could allow an attacker with the ability to debug a process to produce misleading audit trails. Successful exploitation of this vulnerability could lead to addition or modification of data. NetApp states there is no workaround available at this time.
Apache Log4j versions 2.21.0 through 2.25.3 and 3.0.0-alpha1 through 3.0.0-beta3 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data. Successful exploitation of this vulnerability could lead to addition or modification of data. Affected products: Data Infrastructure Insights and Data Secure Storage Workload Security Agent. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
All supported versions of FreeBSD are susceptible to a vulnerability which when successfully exploited could allow an attacker to delete files outside the intended directory tree. Successful exploitation of this vulnerability could lead to addition or modification of data. NetApp states there is no workaround available at this time.
FreeBSD 14.3, 14.4 and 15.0 are susceptible to a vulnerability which when successfully exploited could allow an unprivileged user to observe a small amount of uninitialized kernel stack data. Successful exploitation of this vulnerability could lead to disclosure of sensitive information. NetApp states there is no workaround available at this time.
Apache Log4cxx versions prior to 1.7.0 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data. Successful exploitation of this vulnerability could lead to addition or modification of data. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. Prior to 1.11.0, Apprise HTTP-based notification plugins and HTTP attachment and config loaders in apprise/attachment/http.py and apprise/config/http.py follow HTTP redirects by default and resend user-configured auth headers and query parameters on the redirected request, allowing a compromised trusted destination or on-path attacker to receive secrets such as Authorization headers, bearer tokens, custom headers, and service keys. This issue is fixed in version 1.11.0. A flaw was found in Apprise, an open-source library for sending notifications. This flaw affects the community-maintained python-apprise package as shipped in Fedora and EPEL. Red Hat does not ship Apprise in any core Red Hat product. Red Hat severity: Low — CVSS 3.1 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). Weakness: CWE-201.
Denial of Service via memory leak in APP1JPEG image processing. Red Hat rates this low (CVSS 3.3). Weakness: CWE-772.
In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: preserve shared-frag marker in iptfs_consume_frags() iptfs_consume_frags() transfers paged fragments from one socket buffer to another but fails to propagate the SKBFL_SHARED_FRAG flag. This is the same class of bug that was fixed in skb_try_coalesce() for CVE-2026-46300: when fragments backed by read-only page-cache pages are merged, the marker indicating their shared nature must be preserved so that ESP can decide correctly whether in-place encryption is safe. Apply the same two-line fix used in skb_try_coalesce() to iptfs_consume_frags(). A flaw was found in the Linux kernel's `iptfs` component, part of the IPSec framework. This can cause the Encapsulating Security Payload (ESP) to make incorrect security decisions regarding in-place encryption, potentially impacting the integrity or confidentiality of network traffic. Red Hat severity: not rated. Weakness: CWE-821. Red Hat lists Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9 as not affected.