VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
Critical/high still unreviewed, or CISA KEV listed
Package Import Signature Validation Bypass Allows Self-Signed Packages. Red Hat rates this important (CVSS 8.8). Weakness: CWE-347.
Integer overflow in Mojo. Red Hat rates this important (CVSS 8.7). Weakness: CWE-190.
Denial of Service due to unbounded gzip decompression in Alpine APK parsing. Red Hat rates this important (CVSS 7.5). Weakness: CWE-770. Red Hat lists fixing advisory RHSA-2026:25138 with package cosign-main-3.1.1-0.1.hum1.
Remote Code Execution via NTLM Authentication Stack Buffer Overflow. Red Hat rates this important (CVSS 7.5). Weakness: CWE-120.
Supply chain compromise from unverified dependencies. Red Hat rates this important (CVSS 7.5). Weakness: CWE-494.
Arbitrary code execution due to path traversal in dependency aliases. Red Hat rates this important (CVSS 8). Weakness: CWE-22.
Arbitrary file write/delete due to lack of path validation in patch files. Red Hat rates this important (CVSS 7.3). Weakness: CWE-22.
Integrity bypass allows installation of altered packages via modified lockfile. Red Hat rates this important (CVSS 7.5). Weakness: CWE-494.
Unauthorized file modification via crafted package manifest. Red Hat rates this important (CVSS 7.1). Weakness: CWE-22.
Arbitrary code execution via malicious package-manager lockfile. Red Hat rates this important (CVSS 8.8). Weakness: CWE-502.
Arbitrary code execution via improper handling of config dependencies. Red Hat rates this important (CVSS 7.5). Weakness: CWE-349.
Supply chain compromise via manipulated package source strings. Red Hat rates this important (CVSS 7.5). Weakness: CWE-140.
Group-Admin Escalation to Realm-Admin. Red Hat rates this important (CVSS 7.7). Weakness: CWE-639. Red Hat lists fixing advisory RHSA-2026:30049 with package rhbk/keycloak-operator-bundle:26.4.13-1, rhbk/keycloak-rhel9-operator:26.4-19, rhbk/keycloak-rhel9, rhbk/keycloak-rhel9:26.6-8.
Cross-site scripting (XSS) via case-insensitive URI validation bypass. Red Hat rates this important (CVSS 7.3). Weakness: CWE-79. Red Hat lists fixing advisory RHSA-2026:30049 with package rhbk/keycloak-operator-bundle:26.4.13-1, rhbk/keycloak-rhel9-operator:26.4-19, rhbk/keycloak-rhel9, rhbk/keycloak-rhel9:26.6-8.
Out-of-bounds Write in Spell File Word Count. Red Hat rates this moderate (CVSS 7.3).
Arbitrary code execution via Vimscript code injection in netrw plugin. Red Hat rates this important (CVSS 7.8). Weakness: CWE-94.
Arbitrary code execution via malicious docstrings in Python omni-completion. Red Hat rates this important (CVSS 7.8). Weakness: CWE-94. Red Hat lists fixing advisory RHSA-2026:35387 with package vim-main-9.2.780-1.hum1.
GitLab has remediated an issue in GitLab EE affecting all versions from 19.1 before 19.1.1 that under certain conditions could have allowed a user to access sensitive information that had already been committed to a project, due to insufficient output filtering in Duo Workflows.
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an unauthenticated user to execute arbitrary JavaScript in a user's browser session due to improper path validation under certain conditions.
GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with developer-role permissions to execute arbitrary client-side code in the context of another user's session, due to improper sanitization of user-supplied input.