VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
1136 advisories across 32 monitored vendors.
Fix broken error propagation in agp_amd64_probe(). Red Hat rates this low (CVSS 5.5). Weakness: CWE-476.
Misleading security logs due to incorrect control flow. Red Hat rates this low (CVSS 2.3). Weakness: CWE-778. Red Hat lists fixing advisory RHSA-2026:29203 with package tomcat11-main-11.0.23-0.1.hum1, tomcat10-main-10.1.56-1.hum1.
Error condition not handled when configuring CRLs. Red Hat rates this low (CVSS 3.7). Weakness: CWE-390. Red Hat lists fixing advisory RHSA-2026:29203 with package tomcat11-main-11.0.23-0.1.hum1, tomcat10-main-10.1.56-1.hum1.
Denial of service via heap-based buffer overflow in Bitcode File Handler. Red Hat rates this low (CVSS 3.3). Weakness: CWE-805. Red Hat lists fixing advisory RHSA-2026:7634 with package llvm21-main-21.1.8-6.hum1, llvm-main-21.1.8-1.1.hum1.
Denial of Service via stack-based buffer overflow in StringMap::insert. Red Hat rates this low (CVSS 3.3). Weakness: CWE-120. Red Hat lists fixing advisory RHSA-2026:7634 with package llvm21-main-21.1.8-6.hum1, llvm-main-21.1.8-1.1.hum1.
Remote code injection vulnerability. Red Hat rates this important (CVSS 7.3). Weakness: CWE-94.
Memory corruption via crafted Photo CD (PCD) file. Red Hat rates this important (CVSS 8.1). Weakness: CWE-787.
libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response and uses it in the allocation num_attrs * sizeof(libssh2_publickey_attribute) without bounds checking, so on 32-bit platforms the multiplication overflows to an undersized buffer. A malicious SSH server can then drive the attribute-parsing loop to write past the allocation, causing a heap buffer overflow in a connecting libssh2 client. A flaw in libssh2 allows a malicious SSH server to trigger a memory overflow by sending a manipulated attribute count. This can cause the connecting client to crash or allow unauthorized code execution. By manipulating the publickey-subsystem response, an attacker could cause an integer overflow, potentially leading to denial of service or arbitrary code execution on Red Hat systems using libssh2 to establish SSH connections. Note: Red Hat Enterprise Linux (RHEL) 8 and newer are not affected by this flaw, as they do not ship the libssh2 package. Red Hat severity: Moderate — CVSS 7 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H). Weakness: CWE-787. Affected Red Hat products: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Hardened Images. Will not fix / out of support: Red Hat Enterprise Linux 6. Red Hat does not currently list a fixing RHSA for this CVE.
Memory corruption via crafted RASC video stream. Red Hat rates this important (CVSS 7.6). Weakness: CWE-787.
A vulnerability was detected in antlr ANTLR4 up to 4.13.2. Affected by this issue is the function getImportedVocabFile of the file tool/src/org/antlr/v4/parse/TokenVocabParser.java of the component tokenVocab Grammar Option Handler. The manipulation results in path traversal. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. This could allow unauthorized access to sensitive files and directories on the system. Successful exploitation requires a specific scenario where an application using ANTLR4 is configured to accept and parse untrusted, attacker-supplied grammar files containing a manipulated tokenVocab option. Red Hat severity: Moderate — CVSS 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Weakness: CWE-22. Affected Red Hat products: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9. Will not fix / out of support: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Red Hat does not currently list a fixing RHSA for this CVE.
Unauthorized access and data manipulation via missing API authorization. Red Hat rates this moderate (CVSS 5). Weakness: CWE-639.
Nmap through 7.99 does not keep the IPv6 extension-header walk within the captured packet in ipv6_get_data_primitive (libnetutil/netutil.cc), so the pointer advances past the buffer and the remaining-length computation underflows to a large value. A scanned target or on-path attacker returning a crafted IPv6 response with a truncated extension header can trigger out-of-bounds reads and a crash during raw IPv6 scans. A flaw was found in Nmap. This can lead to an integer underflow, causing out-of-bounds reads and a denial of service (DoS) due to a crash during raw IPv6 scans. Red Hat rates this flaw as Moderate rather than the AI-assigned Important severity. The Aegis AI-Bot rated UI:N (no user interaction), but nmap is a command-line scanning tool that an operator must manually invoke — initiating a scan is user interaction per the CVSS definition of UI:R. Correcting UI:N to UI:R reduces the CVSS from 7.5 to 6.5, aligning with the upstream CVEORG assessment. Weakness: CWE-125. Affected Red Hat products: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9; Red Hat OpenShift Container Platform 4. Red Hat does not currently list a fixing RHSA for this CVE.
libssh2 through 1.11.1 grows its publickey list with SSH2_REALLOC but does not zero-initialize new entries before parsing populates them, so a parse failure reaching the cleanup path leaves libssh2_publickey_list_free operating on an uninitialized entry. A malicious SSH server offering the publickey subsystem can use a malformed response to make cleanup free an uninitialized, attacker-influenceable attrs pointer in a connecting libssh2 client. A flaw in libssh2 allows a malicious SSH server to send a malformed public key response, triggering an invalid memory cleanup. This can cause the connecting client application to crash or leak information. Moderate: This flaw in libssh2 can lead to a denial of service or information disclosure in client applications when connecting to a malicious SSH server. The vulnerability arises from improper handling of uninitialized memory during public key list processing, which an attacker can trigger with a specially crafted response. Exploitation requires active interaction with a compromised or malicious server, limiting the attack surface to untrusted connections. Note: Red Hat Enterprise Linux (RHEL) 8 and newer are not affected by this flaw, as they do not ship the libssh2 package. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H). Weakness: CWE-824.
Denial of Service via missing host header in specific logging configurations. Red Hat rates this important (CVSS 7.5). Weakness: CWE-476.
Request desynchronization allows security policy bypass via HTTP/3 to HTTP/1 translation. Red Hat rates this important (CVSS 7.5). Weakness: CWE-444.
Denial of Service via specially crafted zstd payload. Red Hat rates this important (CVSS 7.5). Weakness: CWE-770.
Denial of Service via deeply nested JSON objects. Red Hat rates this important (CVSS 7.5). Weakness: CWE-776.
Arbitrary file write and information disclosure via symlink validation bypass. Red Hat rates this important (CVSS 8.1). Weakness: CWE-22.
Information disclosure via malicious container image environment variables. Red Hat rates this important (CVSS 7.5). Weakness: CWE-914. Red Hat lists fixing advisory RHSA-2026:37123 with package podman-7:5.8.2-4.el10_2, podman-6:5.8.2-4.el9_8, podman-main-6.0.0-1.hum1, container-tools:rhel8-8100020260709093628.afee755d. Affected products named by the advisory: Red Hat Enterprise Linux 1; Red Hat Enterprise Linux 9.
Unsafe URI and Path Handling in HTML Backend. Red Hat rates this important (CVSS 7.1). Weakness: CWE-22.