VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
1136 advisories across 32 monitored vendors.
Information disclosure vulnerability in model quantization engine. Red Hat rates this important (CVSS 7.5). Weakness: CWE-825.
Kerberos pre-authentication bypass via unrecognized PA-DATA. Red Hat rates this important (CVSS 7.3). Weakness: CWE-358.
DisableTLS migration setting removes authentication, exposing unauthenticated virtqemud proxy on all interfaces. Red Hat rates this moderate (CVSS 8.5). Weakness: CWE-306.
Authentication bypass due to TLS hostname handling and unicode dot separator mismatch. Red Hat rates this important (CVSS 7.7). Weakness: CWE-289. Red Hat lists fixing advisory RHSA-2026:39246 with package nodejs20-main-20.20.2-1.hum1, nodejs22-main-22.23.1-1.hum1, nodejs24-main-24.18.0-0.1.hum1, nodejs26-main-26.4.0-1.2.hum1. Affected product named by the advisory: Red Hat Enterprise Linux 1.
Denial of Service via large input to subtle.encrypt(). Red Hat rates this important (CVSS 7.5). Weakness: CWE-770. Red Hat lists fixing advisory RHSA-2026:39246 with package nodejs20-main-20.20.2-1.hum1, nodejs22-main-22.23.1-1.hum1, nodejs24-main-24.18.0-0.1.hum1, nodejs26-main-26.4.0-1.2.hum1. Affected product named by the advisory: Red Hat Enterprise Linux 1.
Avoid NULL pointer dereference or refcount corruption. Red Hat rates this important (CVSS 7).
Clean up DMABUFs before disabling function. Red Hat rates this important (CVSS 7). Weakness: CWE-826.
Fix drm_dev_put called before stream disable in close. Red Hat rates this moderate (CVSS 7). Weakness: CWE-825.
fix off-by-one in dlm_match_regions() region comparison. Red Hat rates this important (CVSS 7.1). Weakness: CWE-125.
@sigstore/core: Signature bypass due to incorrect encoding in preAuthEncoding. Red Hat rates this moderate (CVSS 5.4). Weakness: CWE-347.
`nx graph` dev server permissive CORS policy. Red Hat rates this moderate (CVSS 5.9). Weakness: CWE-346.
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, the HTTP OAuth2 filter (envoy.filters.http.oauth2) can leave an in-flight async token exchange attached to a downstream stream that has already been torn down. A late AsyncClient completion can still invoke OAuth2Filter methods that use StreamDecoderFilterCallbacks after that object’s lifetime has ended, causing undefined behavior, worker crashes (availability loss), and use-after-free / invalid-vptr failures under AddressSanitizer. This is a memory-safety / lifetime issue in the data plane, not a trivial config bug. Remote code execution is not claimed here; the primary demonstrated impact is DoS via crash and UB; any further impact would be deployment- and allocator-dependent. This vulnerability is fixed in 1.37.5 and 1.38.3. Red Hat products ship Envoy versions prior to 1.37.0, which do not contain the vulnerable OAuth2 filter async token exchange code introduced in 1.37.0. Red Hat products are therefore not affected by this vulnerability. Red Hat severity: Moderate — CVSS 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-416. Red Hat lists OpenShift Service Mesh 2; OpenShift Service Mesh 3 as not affected.
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.36.0 until 1.36.9, 1.37.5, and 1.38.3, a Use-After-Free (UAF) vulnerability leading to a sudden segmentation fault exists in Envoy's ext_authz HTTP filter when processing per-route authorization overrides concurrently with rapid downstream client disconnects. During standard request lifecycles, Envoy instantiates the ext_authz filter with a foundational authorization client object (client_). If a matched route dictates a dynamic per-route HTTP or gRPC authorization service override, the filter generates a localized client. In the vulnerable implementation, this transient client aggressively overwrote the default client_ unique pointer by executing client_ = std::move(per_route_client). When a client rapidly establishes and subsequently tears down a stream (such as rapidly refreshing a protected WebSocket endpoint), the downstream triggers the ConnectionManagerImpl::doDeferredStreamDestroy() -> ActiveStream::onResetStream() lifecycle. Envoy immediately sequences Filter::onDestroy() in an attempt to securely abort dispatched asynchronous authorization check transactions via client_->cancel(). By destructing the default client abruptly during initiateCall, a memory lifecycle misalignment occurs within the async client manager.
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, PROXY Protocol v2 header generator emits TLVs beyond the maximum length of 65535 bytes, causing a mismatch between bytes written and the length field in the header. This can result in smuggled bytes on the upstream request. This vulnerability is fixed in 1.35.13, 1.36.9, 1.37.5, and 1.38.3. A flaw was found in Envoy. An attacker on an adjacent network could exploit this to smuggle bytes into upstream requests. This could potentially bypass security mechanisms or lead to unexpected behavior in how requests are processed. This flaw allows for up to 65 KB of attacker-controlled data to be smuggled into the upstream request, potentially bypassing security controls or corrupting data. This primarily affects deployments where Envoy is configured to use PROXY Protocol v2. Red Hat severity: Moderate — CVSS 4.8 (CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L). Weakness: CWE-130. Affected Red Hat products: OpenShift Service Mesh 2; OpenShift Service Mesh 3. Red Hat does not currently list a fixing RHSA for this CVE.
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, a vulnerability exists in Envoy's TCP StatsD sink (TcpStatsdSink), where the thread-local flusher buffer can be overflowed by exceptionally long statistic names (e.g., >16KiB). During formatting, TcpStatsdSink reserves a single contiguous memory slice of 16KiB (FLUSH_SLICE_SIZE_BYTES). If formatting a single metric exceeds the remaining capacity, the flusher initiates a buffer rotation but incorrectly continues to allocate another fixed 16KiB slice. If an attacker can trigger a statistic name longer than 16KiB—for example, by sending an HTTP or gRPC request with an extremely long request path (:path) that is recorded by the grpc_stats filter configured with stats_for_all_methods: true—the flusher will attempt to copy the metric name using memcpy operations beyond the allocated heap buffer boundaries. This leads to a heap write overflow, which can cause immediate denial-of-service (process crash) or potential remote code execution (RCE). This vulnerability is fixed in 1.35.13, 1.36.9, 1.37.5, and 1.38.3. An attacker can exploit a heap write overflow vulnerability in Envoy's TCP StatsD sink by sending exceptionally long statistic names, such as those found in HTTP or gRPC request paths.
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.26.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the envoy.filters.http.grpc_stats filter crashes (null pointer dereference / segfault) when a Connect protocol request (Content-Type: application/connect+proto or application/connect+json) hits a direct_response route. This vulnerability is fixed in 1.35.13, 1.36.9, 1.37.5, and 1.38.3. A remote attacker can exploit this vulnerability by sending a specially crafted Connect protocol request to a direct response route. This action causes the `envoy.filters.http.grpc_stats` filter to crash, leading to a denial of service (DoS) for the Envoy process. This can disrupt services relying on the proxy. This vulnerability affects Red Hat OpenShift Service Mesh and cloud.redhat.com services that utilize Envoy, potentially disrupting service availability. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-476. Affected Red Hat products: OpenShift Service Mesh 2; OpenShift Service Mesh 3. Will not fix / out of support: OpenShift Service Mesh 2. Red Hat does not currently list a fixing RHSA for this CVE.
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.18.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the router filter contains a null pointer dereference vulnerability when handling HTTP 303 (See Other) internal redirects for body-less non-GET/HEAD requests. When a POST, PUT, DELETE, or PATCH request without a body is sent to a route configured with internal redirect policy that includes 303 in redirect_response_codes, and the upstream responds with HTTP 303, the redirect handling code attempts to drain a request body buffer that was never allocated. This results in a segmentation fault that crashes the entire Envoy process. When route configured with internal_redirect_policy including 303 in redirect_response_codes and upstream must return HTTP 303 response, an unauthenticated attacker can exploit this to cause complete denial of service, terminating all active connections. This vulnerability is fixed in 1.35.13, 1.36.9, 1.37.5, and 1.38.3. A flaw was found in Envoy. Red Hat severity: Moderate — CVSS 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-476. Affected Red Hat products: OpenShift Service Mesh 2; OpenShift Service Mesh 3. Will not fix / out of support: OpenShift Service Mesh 2. Red Hat does not currently list a fixing RHSA for this CVE.
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a structural flaw was identified in DefaultCertValidator::verifySubjectAltName where the extracted DNS SAN string is cast to a C-style string using .c_str() before being passed to the Utility::dnsNameMatch() algorithm. If the attacker serves a certificate with a dNSName SAN containing an embedded NUL byte, the helper Utility::generalNameAsString captures the complete string including the NUL. However, when .c_str() evaluates it, implicit conversion to absl::string_view inside dnsNameMatch relies on strlen(), prematurely truncating the evaluation context. Envoy evaluates trucated string against the exact required config_san match and returns true, thereby successfully validating the string with the Nul byte for an upstream routing. This vulnerability is fixed in 1.35.11, 1.36.7, 1.37.3, and 1.38.1. A remote attacker could exploit a structural flaw in the DefaultCertValidator::verifySubjectAltName function by presenting a specially crafted certificate. This certificate would contain a NUL byte within its DNS Subject Alternative Name (SAN) field. Due to incorrect string handling, Envoy would prematurely truncate the DNS SAN string during validation, allowing the malicious certificate to be accepted for upstream routing.
Podman is a tool for managing OCI containers and pods. From 3.0.0 until 5.7.1, running a malicious container image where the WORKDIR path contains a symlink can create a directory or modify ownership on the host filesystem. Modified ownership is less likely to happen as that requires help from an untrusted/malicious process that mutates the host filesystem tree during dereferencing of the WORKDIR path, to trigger a race condition. This vulnerability is fixed in 5.7.1. A flaw was found in Podman. This can lead to the creation of a directory or modification of ownership on the host filesystem, potentially impacting system integrity. Exploitation requires the user to pull and run a specifically crafted malicious container image. Red Hat rates this as Moderate impact, consistent with the upstream assessment, because the attack requires a malicious image and the most severe outcome (ownership modification) requires additional help from an underprivileged user namespace. Red Hat severity: Moderate — CVSS 5.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N). Weakness: CWE-59. Affected Red Hat products: Red Hat Hardened Images; Red Hat Ansible Automation Platform 2; Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9; Red Hat OpenShift Container Platform 4; Red Hat OpenShift Virtualization 4; Red Hat Quay 3. Red Hat fixing advisory: RHSA-2026:29954.
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.45.0 until 2.91.0, the METS-GBS backend's XML parsing and the input document format detection lacked security controls. An attacker could craft malicious METS-GBS archives that, when processed, could read sensitive files, exhaust system resources, or cause application crashes. This vulnerability is fixed in 2.91.0. A flaw was found in Docling, a tool for document processing. This allowed an attacker to create specially crafted METS-GBS archives. When these archives were processed, they could lead to the exhaustion of system resources or cause the application to crash, resulting in a Denial of Service (DoS). Additionally, this vulnerability could also enable the disclosure of sensitive files. The vulnerability in Docling, rated Moderate, allows for sensitive file disclosure and denial of service within Red Hat OpenShift AI when processing untrusted METS-GBS archives. Red Hat severity: Moderate — CVSS 5.5 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Weakness: CWE-611. Affected Red Hat products: Red Hat OpenShift AI (RHOAI). Red Hat does not currently list a fixing RHSA for this CVE.