VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
1121 advisories across 32 monitored vendors.
In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers. A flaw was found in libexpat, a library used for parsing XML data. An attacker could exploit a heap-based buffer overflow, a type of memory error, by providing specially crafted XML input. This vulnerability occurs when the library mishandles memory reallocation while processing XML, particularly when multiple parsers share data. Successful exploitation could allow the attacker to execute arbitrary code, access sensitive information, or cause the application to crash, leading to a denial of service. Red Hat severity: Moderate — CVSS 6.9 (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L). Weakness: CWE-131. Fixed by RHSA-2026:30647 — update the affected packages (`sudo dnf update`). Affected Red Hat products: Red Hat Hardened Images. Will not fix / out of support: Red Hat Enterprise Linux 6.
libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftp_symlink() function in src/sftp.c that allows a malicious SSH server or man-in-the-middle attacker to disclose heap memory contents or cause a crash by sending a crafted SSH_FXP_NAME response. Attackers can supply a link_len value larger than the actual packet data in SSH_FXP_NAME responses for SFTP READLINK and REALPATH operations, triggering a heap buffer over-read of up to target_len minus one bytes due to the missing validation of available packet buffer size before the memcpy operation. A flaw in libssh2's sftp_symlink() function allows a malicious SSH server or man-in-the-middle attacker to trigger an out-of-bounds heap read via a crafted SSH_FXP_NAME response. This can disclose heap memory contents or crash the application, causing a denial of service (DoS). This Moderate-impact out-of-bounds heap read flaw in libssh2 allows a malicious SSH server or man-in-the-middle attacker to crash the application (DoS) or disclose heap memory by sending a crafted SFTP response. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H). Weakness: CWE-125. Fixed by RHSA-2026:30132 — update the affected packages (`sudo dnf update`). Affected Red Hat products: Red Hat Hardened Images. Will not fix / out of support: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7.
joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standards. In versions 1.3.4 through 1.6.5, joserfc accepts oversized RFC7797 b64=false JWS payloads without applying JWSRegistry.max_payload_length, which can lead to resource exhaustion. The normal JWS compact and flattened JSON paths reject payloads above the configured payload-size limit with ExceededSizeError. The RFC7797 unencoded payload paths do not make the same check. A valid b64=false compact or flattened JSON JWS can therefore deserialize successfully with a payload larger than JWSRegistry.max_payload_length. Applications that accept lower-trust JWS values and rely on joserfc to reject oversized token content during verification have a moderate availability risk. This issue has been fixed in version 1.6.7. A flaw was found in joserfc, a Python library for JSON Object Signing and Encryption (JOSE). This vulnerability allows a remote attacker to cause resource exhaustion, leading to a Denial of Service (DoS), by sending oversized JSON Web Signature (JWS) payloads. The library fails to apply size limits, specifically JWSRegistry.max_payload_length, when processing RFC7797 b64=false JWS payloads. Red Hat severity: Moderate — CVSS 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Weakness: CWE-770. Fixed by RHSA-2026:25039 — update the affected packages (`sudo dnf update`). Affected Red Hat products: Red Hat Hardened Images.
libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSH_MSG_EXT_INFO handler in src/packet.c that allows a malicious SSH server to cause a client CPU exhaustion loop by sending a crafted extension count value. A malicious server can set nr_extensions to 0xFFFFFFFF during key exchange, causing the client to spin in a tight CPU loop for over 60 seconds because return values from _libssh2_get_string() are unchecked and the session timeout does not apply to CPU-bound loops. A vulnerability in libssh2 allows a malicious SSH server to freeze connected clients during the handshake process. By sending a malformed packet, the server triggers a loop that exhausts the client's CPU, resulting in a denial of service. A Moderate-rated denial of service vulnerability in the libssh2 client allows a malicious SSH server to freeze the connecting application. By triggering an infinite CPU loop during the initial connection handshake, the server can render the client unresponsive. Note: Red Hat Enterprise Linux (RHEL) 8 and newer are not affected by this flaw, as they do not ship the libssh2 package. Red Hat severity: Moderate — CVSS 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-606. Fixed by RHSA-2026:29950 — update the affected packages (`sudo dnf update`). Affected Red Hat products: Red Hat Hardened Images. Will not fix / out of support: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7.
Undici's cache interceptor incorrectly classifies some responses as cacheable when the upstream Cache-Control header uses whitespace-padded qualified private or no-cache field names such as private=" authorization" or no-cache="\tauthorization". The parser preserves the surrounding whitespace, so later comparisons against the literal authorization field name fail and the response is stored. In shared-cache mode, this allows a response containing one user's authenticated data to be served from cache to a subsequent caller, including an unauthenticated caller, when both requests resolve to the same cache key. Affected applications are those that explicitly enable the cache interceptor (interceptors.cache()) in shared mode, forward Authorization headers upstream, and receive cacheable responses with non-canonical qualified private or no-cache directives. Patches: Upgrade to undici v7.28.0 or v8.5.0. Workarounds: If upgrade is not immediately possible, disable shared-cache mode for traffic that includes Authorization headers, avoid caching responses to authenticated requests, or add Vary: Authorization upstream. A flaw was found in Undici. The cache interceptor in shared-cache mode incorrectly classifies certain responses as cacheable due to improper handling of whitespace-padded Cache-Control header field names. This vulnerability allows an unauthenticated attacker to access authenticated user data from the cache, leading to information disclosure. This occurs when both authenticated and unauthenticated requests resolve to the same cache key. This Moderate information disclosure flaw in Undici's cache interceptor, when configured in shared-cache mode, allows an unauthenticated attacker to retrieve sensitive authenticated user data. This is due to incorrect parsing of Cache-Control headers containing whitespace-padded field names, leading to cached responses being served improperly. Red Hat products are affected if they explicitly enable shared-cache mode, forward Authorization headers, and process non-canonical Cache-Control directives. Red Hat severity: Moderate — CVSS 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). Weakness: CWE-1286. Fixed by RHSA-2026:35841, RHSA-2026:35842, RHSA-2026:22380, RHSA-2026:7378 — update the affected packages (`sudo dnf update`). Affected Red Hat products: Red Hat Enterprise Linux 10; Red Hat Hardened Images.
The undici WebSocket client enforces maxPayloadSize per-frame but does not enforce the cumulative size of fragmented uncompressed messages. A malicious WebSocket server can stream many small fragments that each pass per-frame validation but collectively exceed the configured limit, causing unbounded memory growth in the client process. The result is memory exhaustion and a denial of service. Affected applications are those using the undici WebSocket client (new WebSocket(...)) that can be induced to connect to an attacker-controlled or compromised WebSocket endpoint. This is a regression specific to undici 8.1.0. The 6.25.0 line shipped the equivalent cumulative check from the start and is unaffected. The 7.x line never had the maxPayloadSize feature and is also unaffected. Patches: Upgrade to undici >= 8.5.0. Workarounds: No workaround is available. The fix must be applied through an upgrade. A flaw was found in undici. A malicious WebSocket server could exploit this vulnerability by sending fragmented messages that individually meet size limits but collectively exceed them. This can lead to unbounded memory growth in the client process, resulting in memory exhaustion and a denial of service (DoS). This is rated Moderate by Red Hat (CVSS 5.9) because successful exploitation requires the undici WebSocket client to connect to an attacker-controlled server (AC:H), which is unlikely in typical Red Hat product deployments where WebSocket endpoints are trusted internal services. No Red Hat product is affected — all streams shipping undici bundle versions 5.x through 7.x, which are outside the vulnerable range of 8.0.0 to 8.4.x. The vulnerable code path (unbounded WebSocket frame accumulation) was introduced in undici 8.0.0 and is not present in earlier major versions. Red Hat severity: Moderate — CVSS 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-400. Fixed by RHSA-2026:22934, RHSA-2026:25561, RHSA-2026:7378 — update the affected packages (`sudo dnf update`). Affected Red Hat products: Red Hat Hardened Images.
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When content is served or proxied through a location block with both source_charset utf-8; and a charset directive (for example, charset koi8-r;) configured, remote, unauthenticated attackers can send requests (in conjunction with conditions beyond their control) to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. A flaw was found in NGINX. Remote, unauthenticated attackers can exploit a vulnerability in the `ngx_http_charset_module` when specific charset configurations are present. This can lead to a heap buffer over-read, potentially causing limited disclosure of memory or a denial of service by restarting the NGINX worker process. Red Hat severity: Moderate — CVSS 4.8 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L). Weakness: CWE-125. Fixed by RHSA-2026:27197 — update the affected packages (`sudo dnf update`). Affected Red Hat products: Red Hat Hardened Images.
Incorrect boundary conditions in the Internationalization component. This vulnerability was fixed in Firefox ESR 140.12, Firefox ESR 115.37, and Thunderbird 140.12. Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory. Red Hat severity: Moderate — CVSS 6.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Weakness: CWE-131. Affected Red Hat products: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 10.0 Extended Update Support; Red Hat Enterprise Linux 7 Extended Lifecycle Support; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support; Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On; Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support; Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On; Red Hat Enterprise Linux 8.8 Telecommunications Update Service; Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions; Red Hat Enterprise Linux 9; Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions; Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions; Red Hat Enterprise Linux 9.6 Extended Update Support; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Will not fix / out of support: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7.
Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory. Red Hat severity: Moderate — CVSS 6.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Weakness: CWE-787. Affected Red Hat products: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 10.0 Extended Update Support; Red Hat Enterprise Linux 7 Extended Lifecycle Support; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support; Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On; Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support; Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On; Red Hat Enterprise Linux 8.8 Telecommunications Update Service; Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions; Red Hat Enterprise Linux 9; Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions; Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions; Red Hat Enterprise Linux 9.6 Extended Update Support; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7.
Mitigation bypass in the DOM: Security component. Red Hat rates this moderate (CVSS 6.1). Weakness: CWE-807. Affected package(s): firefox, thunderbird. Resolved in Red Hat advisory RHSA-2026:29940 — update the affected packages (`sudo dnf update`).
Memory safety bug fixed in Thunderbird ESR 140.12. Red Hat rates this moderate (CVSS 6.1). Weakness: CWE-787. Affected package(s): firefox, thunderbird. Resolved in Red Hat advisory RHSA-2026:29940 — update the affected packages (`sudo dnf update`).
Information disclosure, sandbox escape in the Security: Process Sandboxing component. Red Hat rates this moderate (CVSS 6.1). Weakness: CWE-403. Affected package(s): firefox, thunderbird. Resolved in Red Hat advisory RHSA-2026:29940 — update the affected packages (`sudo dnf update`).
Information disclosure, sandbox escape in the Security: Process Sandboxing component. Red Hat rates this moderate (CVSS 6.1). Weakness: CWE-243. Affected package(s): firefox, thunderbird. Resolved in Red Hat advisory RHSA-2026:29940 — update the affected packages (`sudo dnf update`).
Memory safety bug fixed in Thunderbird ESR 140.12. Red Hat rates this moderate (CVSS 6.1). Weakness: CWE-825. Affected package(s): firefox, thunderbird. Resolved in Red Hat advisory RHSA-2026:29940 — update the affected packages (`sudo dnf update`).
Memory safety bug fixed in Thunderbird ESR 140.12. Red Hat rates this moderate (CVSS 6.1). Affected package(s): firefox, thunderbird. Resolved in Red Hat advisory RHSA-2026:29940 — update the affected packages (`sudo dnf update`).
Same-origin policy bypass in the Networking: Cookies component. Red Hat rates this moderate (CVSS 6.1). Weakness: CWE-346. Affected package(s): firefox, thunderbird. Resolved in Red Hat advisory RHSA-2026:29940 — update the affected packages (`sudo dnf update`).
Mitigation bypass in the DOM: Security component. Red Hat rates this moderate (CVSS 6.1). Affected package(s): firefox, thunderbird. Resolved in Red Hat advisory RHSA-2026:29940 — update the affected packages (`sudo dnf update`).
Information Disclosure due to Out-of-Bounds Read. Red Hat rates this moderate (CVSS 5.3). Weakness: CWE-125. Affected package(s): perl-socket-main. Resolved in Red Hat advisory RHSA-2026:11342 — update the affected packages (`sudo dnf update`).
A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gst_av1_parser_parse_tile_list_obu() function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a user into opening a specially crafted AV1 media file, triggering an assertion abort and causing the application to crash. Affected products named by the advisory: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 9.
Session hijacking and unauthorized data access due to insufficient session expiration. Red Hat rates this moderate (CVSS 5.3). Weakness: CWE-613. Affected package(s): ansible-automation-platform. Resolved in Red Hat advisory RHSA-2026:25928 — update the affected packages (`sudo dnf update`).