VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
4019 advisories across 32 monitored vendors.
GitLab has remediated an issue in GitLab EE affecting all versions from 9.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to obtain another user's stored credentials due to improper authorization controls. A flaw was found in GitLab EE. This vulnerability allows the user to obtain other users' stored credentials, leading to unauthorized information disclosure. Red Hat severity: Moderate — CVSS 4.9 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). Weakness: CWE-266. Affected Red Hat products: OpenShift Pipelines; Red Hat OpenShift Container Platform 4. Red Hat does not currently list a fixing RHSA for this CVE.
Denial of Service via crafted .7z archives due to inefficient algorithmic complexity. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-606.
Denial of Service via decompression bomb in 7zip archive extraction. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-409.
Overwrite host files via insufficient permission checks in wasmtime-wasi. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-280. Red Hat lists fixing advisory RHSA-2026:38187 with package rust-main-1.97.0-1.1.hum1.
Denial of Service due to incorrect MQTT-over-WebSocket request routing. Red Hat rates this moderate (CVSS 6.8). Weakness: CWE-824.
Denial of Service via arithmetic overflow in connection monitoring pagination. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-190.
Information disclosure via access control bypass in wildcard and queue subscriptions. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-551.
Information disclosure due to bypass of subject deny rules via queue subscriptions. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-551.
pypdf is a free and open-source pure-python PDF library. Prior to 6.14.1, an attacker can craft a PDF with a page content stream containing a not terminated inline image, causing an infinite loop during inline image end marker detection such as when extracting page text. This issue is fixed in version 6.14.1. When a user processes this crafted PDF, such as during text extraction, the vulnerability causes an infinite loop, leading to a Denial of Service (DoS) condition. This issue impacts the availability of the pypdf application. This Moderate-impact flaw in the pypdf library can lead to a denial of service. A remote attacker could provide a specially crafted PDF document containing an unterminated inline image, causing an infinite loop when the document is processed, such as during text extraction. This issue primarily affects the availability of applications that handle untrusted PDF content. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Weakness: CWE-835. Affected Red Hat products: Exploit Intelligence; OpenShift Lightspeed; Red Hat Ansible Automation Platform 2; Red Hat Enterprise Linux AI (RHEL AI) 3; Red Hat OpenShift AI (RHOAI); Red Hat Quay 3. Red Hat does not currently list a fixing RHSA for this CVE.
Denial of Service via crafted PDF with unterminated inline image. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-606.
Information disclosure via local file read in test connection endpoint. Red Hat rates this moderate (CVSS 4.9). Weakness: CWE-22.
Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. From 1.9.0 before 1.22.0, onnx.version_converter.convert_version() can dereference a null pointer in Upsample_6_7::adapt_upsample_6_7() in onnx/version_converter/adapters/upsample_6_7.h when processing an untrusted model with an Upsample node that has zero inputs, causing an unrecoverable denial of service. This issue is fixed in version 1.22.0. This vulnerability allows a remote attacker to cause an unrecoverable denial of service (DoS) by providing a specially crafted untrusted model. The flaw occurs when the onnx.version_converter.convert_version() function attempts to process an Upsample node with zero inputs, leading to a null pointer dereference and a system crash. This Moderate impact denial of service flaw in Open Neural Network Exchange (ONNX) can be triggered when processing a specially crafted untrusted model. A remote attacker could exploit this by providing a malicious model with an Upsample node having zero inputs, leading to a null pointer dereference and an unrecoverable system crash. This requires user interaction to process the untrusted model. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Weakness: CWE-476. Affected Red Hat products: Red Hat OpenShift AI (RHOAI). Red Hat does not currently list a fixing RHSA for this CVE.
A flaw was found in `guardrails-detectors`, a component of Red Hat OpenShift AI. This vulnerability, known as Regular Expression Denial of Service (ReDoS), allows a remote attacker to provide specially crafted regular expressions to the public detection API. This can cause catastrophic backtracking, leading to a worker process consuming 100% CPU indefinitely and resulting in a denial of service for the entire guardrails-mediated LLM pipeline. Exploitation requires network adjacency, as end-users do not directly interact with the vulnerable API. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-1333. Affected Red Hat products: Red Hat OpenShift AI (RHOAI). Red Hat does not currently list a fixing RHSA for this CVE.
pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with repeated malformed cross-reference streams that cause pypdf to spend long runtimes recovering broken cross-reference table entries. This issue is fixed in version 6.14.0. A remote attacker could exploit this vulnerability by crafting a malicious PDF file containing repeated malformed cross-reference streams. This could cause the pypdf library to spend excessive time recovering broken cross-reference table entries, leading to a denial of service (DoS) condition for applications processing such files. An attacker could exploit this by providing a specially crafted PDF with malformed cross-reference streams, causing significantly extended processing time. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Weakness: CWE-1050. Affected Red Hat products: Exploit Intelligence; OpenShift Lightspeed; Red Hat Ansible Automation Platform 2; Red Hat Enterprise Linux AI (RHEL AI) 3; Red Hat OpenShift AI (RHOAI); Red Hat Quay 3. Red Hat does not currently list a fixing RHSA for this CVE.
Possible large memory usage for wrong image dimensions. Red Hat rates this moderate (CVSS 5.3). Weakness: CWE-770.
Denial of Service via unbounded recursion in Markdown include directive. Red Hat rates this moderate (CVSS 5.3). Weakness: CWE-835.
Denial of Service via crafted Markdown document with reference-link definitions. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-606.
Cross-site scripting via incomplete URL scheme filtering. Red Hat rates this moderate (CVSS 6.1). Weakness: CWE-79.
HTTP request smuggling via bare line-feed sequences in HTTP headers. Red Hat rates this moderate (CVSS 5.3). Weakness: CWE-444.
Denial of Service via crafted Markdown input. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-1333.