VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
Critical/high still unreviewed, or CISA KEV listed
Denial of Service via invalid binary POST requests. Red Hat rates this important (CVSS 7.5). Weakness: CWE-772. Red Hat lists fixing advisory RHSA-2026:37577 with package dotnet8-0-main-8.0.128-1.1.hum1. Affected products named by the advisory: Red Hat Hardened Images; Red Hat Enterprise Linux AI (RHEL AI) 3.
Denial of Service via crafted WebTransport session ID. Red Hat rates this important (CVSS 7.5). Weakness: CWE-843. Affected products named by the advisory: Red Hat Enterprise Linux AI (RHEL AI) 3; Red Hat Hardened Images.
Denial of Service via malformed tar archive header. Red Hat rates this important (CVSS 7.5). Weakness: CWE-606. Affected products named by the advisory: Confidential Compute Attestation; Cryostat 4; Exploit Intelligence; Migration Toolkit for Containers; and 28 more.
Denial of Service via crafted gzip bomb. Red Hat rates this important (CVSS 7.5). Weakness: CWE-770. Affected products named by the advisory: Confidential Compute Attestation; Cryostat 4; Exploit Intelligence; Migration Toolkit for Containers; and 28 more.
Denial of Service via quadratic CPU time parsing with merge keys. Red Hat rates this important (CVSS 7.5). Weakness: CWE-1333. Red Hat lists fixing advisory RHSA-2026:34975 with package nodejs20-main-20.20.2-1.hum1, rust-main-1.96.1-1.hum1. Affected products named by the advisory: Red Hat Hardened Images; Cryostat 4; Gatekeeper 3; Migration Toolkit for Applications 8; and 48 more.
Denial of Service via crafted YAML ordered-map document. Red Hat rates this important (CVSS 7.5). Weakness: CWE-770. Red Hat lists fixing advisory RHSA-2026:34975 with package nodejs20-main-20.20.2-1.hum1, rust-main-1.96.1-1.hum1. Affected products named by the advisory: Cryostat 4; Gatekeeper 3; Migration Toolkit for Applications 8; Migration Toolkit for Containers; and 48 more.
Prevent rehoming resources to nodes with different owner. Red Hat rates this important (CVSS 8.7). Weakness: CWE-1220. Affected products named by the advisory: Red Hat Enterprise Linux; Red Hat OpenShift Container Platform 4; Red Hat OpenStack Platform 16.2; Red Hat OpenStack Platform 17.1; and 1 more.
Use-after-free vulnerability during host key re-exchange on the client side. Red Hat rates this important (CVSS 7.7). Weakness: CWE-825. Red Hat lists fixing advisory RHSA-2026:37382 with package openssh-main-10.4p1-1.hum1. Affected products named by the advisory: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; and 3 more.
glamor Font Atlas Heap Buffer Overflow. Red Hat rates this important (CVSS 7.5). Weakness: CWE-805. Red Hat lists fixing advisory RHSA-2026:38486 with package xorg-x11-server-0:1.20.11-34.el9_8.3, xorg-x11-server-Xwayland-0:21.1.3-20.el8_10.3, xorg-x11-server-Xwayland-0:24.1.9-4.el9_8.3, xorg-x11-server-0:1.20.11-28.el8_10.3. Affected products named by the advisory: Red Hat Enterprise Linux 9; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 1. Affected products named by the advisory: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7.
BitmapScaleBitmaps Integer Overflow Heap Buffer Overflow. Red Hat rates this important (CVSS 7.3). Affected products named by the advisory: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9.
PCF Font Parsing Heap Buffer Overflow. Red Hat rates this important (CVSS 7.3). Weakness: CWE-787. Affected product named by the advisory: Red Hat Enterprise Linux.
rfbsrc/librfb Hextile heap out-of-bounds write with 16bpp framebuffer. Red Hat rates this important (CVSS 7.1). Weakness: CWE-787. Affected products named by the advisory: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; and 1 more.
DTLS certificate Subject DN stack buffer overflow in openssl_verify_callback. Red Hat rates this important (CVSS 7.5). Weakness: CWE-121. Affected products named by the advisory: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; and 1 more.
Heap overflow when preparsing SQL statements with excessive placeholders. Red Hat rates this important (CVSS 8.1). Weakness: CWE-131. Affected products named by the advisory: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; and 1 more.
A heap buffer overflow flaw was found in the SASL I/O layer of 389 Directory Server (389-ds-base). After a successful SASL bind with integrity protection (SSF > 0), an authenticated attacker can send a specially crafted oversized LDAP UNBIND packet that is copied into a 512-byte heap receive buffer without a bounds check in sasl_io_recv() in sasl_io.c. This allows up to approximately 2 megabytes of attacker-controlled data to overflow the buffer, causing a denial of service (server crash). In FreeIPA and Red Hat Identity Management deployments, any domain user with a valid Kerberos ticket, any enrolled host, or any service account can trigger this vulnerability over the network after authenticating via GSSAPI. Red Hat rates this issue as Important impact. Exploitation requires a valid SASL-authenticated LDAP session, not Directory Manager access. Any user who can bind with SASL mechanisms such as GSSAPI/Kerberos or DIGEST-MD5 can trigger the denial of service. In deployments where domain users, enrolled hosts, and service accounts routinely authenticate to the directory over Kerberos, the attack surface includes any such principal with network access to LDAP. This flaw is independent of CVE-2025-14905, which patched a separate heap overflow in schema.c and did not modify sasl_io.c. Red Hat severity: Important — CVSS 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
sudo LDAP provider searches entire directory tree for sudoRole objects by default, enabling privilege escalation. Red Hat rates this important (CVSS 8.8). Weakness: CWE-1188. Affected products named by the advisory: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9; and 1 more.
A path traversal flaw was found in SSSD's AD GPO provider. The ad_gpo_extract_smb_components() function does not sanitize .. sequences in the gPCFileSysPath LDAP attribute, allowing an attacker with AD GPO management access to write files outside the GPO cache directory as root. On default RHEL configurations with SELinux enforcing, this can be used to inject Kerberos configuration leading to authentication bypass. SELinux blocks writes to most security-critical paths such as /etc/cron.d/. Red Hat severity: Moderate — CVSS 8 (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). Weakness: CWE-23. Affected Red Hat products: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9; Red Hat OpenShift Container Platform 4. Will not fix / out of support: Red Hat Enterprise Linux 6. Red Hat does not currently list a fixing RHSA for this CVE.
Use-after-free / double-free in query-completion handling. Red Hat rates this important (CVSS 7.5). Weakness: CWE-416. Affected products named by the advisory: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9; and 2 more.
Privilege escalation via improper authorization in XML API. Red Hat rates this critical (CVSS 9.9). Weakness: CWE-15. Affected products named by the advisory: Red Hat Enterprise Linux; Red Hat OpenShift Dev Spaces.
Denial of Service via adversarial regular expression in structured outputs API. Red Hat rates this important (CVSS 7.5). Weakness: CWE-1333. Affected products named by the advisory: Red Hat AI Inference Server; Red Hat Enterprise Linux AI (RHEL AI) 3; Red Hat OpenShift AI (RHOAI).