VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
Advisories the vendor has revised
fix deadlock in remain-on-channel. Red Hat rates this low (CVSS 5.5). Weakness: CWE-833.
handle rbtree insertion error in decode_choose_args(). Red Hat rates this moderate (CVSS 5.5). Weakness: CWE-617.
join hook list via splice_list_rcu() in commit phase. Red Hat rates this moderate (CVSS 5.5). Weakness: CWE-821.
Set the mhdp connector earlier in atomic_enable(). Red Hat rates this low (CVSS 5.5). Weakness: CWE-824.
dm cache: fix dirty mapping checking in passthrough mode switching. Red Hat rates this moderate (CVSS 5.5). Weakness: CWE-367.
prevent NULL pointer dereference during unmount. Red Hat rates this low (CVSS 5.5). Weakness: CWE-825.
Fix stale offload->prog pointer after constant blinding. Red Hat rates this moderate (CVSS 6.7). Weakness: CWE-825.
Fix potential out-of-bounds access in osdmap_decode(). Red Hat rates this moderate (CVSS 5.5). Weakness: CWE-1284.
Python tarfile module: Denial of Service via improper EOF handling in streaming mode. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-835. Red Hat lists fixing advisory RHSA-2026:35813 with package python3-11-main-3.11.15-4.4.hum1, python3-14-main-3.14.6-1.2.hum1, python3-13-main-3.13.14-1.2.hum1, python3-12-main-3.12.13-3.3.hum1.
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, UnwrappedPropertyHandler.processUnwrappedCreatorProperties() replays buffered JSON into creator parameters but never consults prop.visibleInView(activeView). The normal property-based creator path gates creator properties on the active view, but this unwrapped-creator replay path bypasses that check, so a constructor parameter annotated with both @JsonView(AdminView.class) and @JsonUnwrapped is populated from attacker JSON even when a more restrictive view is active. This vulnerability is fixed in 2.21.4 and 3.1.4. This vulnerability allows a remote attacker to bypass security view restrictions by sending specially crafted JSON (JavaScript Object Notation) data. The UnwrappedPropertyHandler component, which processes unwrapped properties, incorrectly populates constructor parameters that should be hidden by an active security view. This can lead to unauthorized information disclosure or data manipulation. When processing unwrapped creator properties, the component fails to properly enforce @JsonView annotations, enabling sensitive constructor parameters to be populated from untrusted JSON data. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N). Weakness: CWE-639.
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.0.0 until 2.18.8, 2.21.4, and 3.1.4, JDKFromStringDeserializer constructed InetSocketAddress with new InetSocketAddress(host, port), which performs eager DNS name resolution for hostname inputs at deserialization time. An application that binds untrusted JSON into a type containing an InetSocketAddress field issues an attacker-chosen DNS query during readValue, before any application-level validation or connect logic. The fix uses InetSocketAddress.createUnresolved(host, port), deferring DNS to an explicit connect. This vulnerability is fixed in 2.18.8, 2.21.4, and 3.1.4. A flaw was found in jackson-databind, a library used for processing JSON data. This vulnerability allows a remote attacker to force the application to perform an attacker-chosen DNS (Domain Name System) query. This occurs when untrusted JSON input containing specific network address information is processed, potentially leading to the disclosure of sensitive network configuration details. Moderate: A flaw in `jackson-databind` can lead to information disclosure in Red Hat products that process untrusted JSON input. This eager DNS resolution occurs before application-level validation, potentially revealing internal network configuration details through DNS logs.
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.8.0 until 2.18.9, 2.21.5, and 3.1.4, in BeanDeserializerBase.createContextual(), per-property @JsonIgnoreProperties exclusions are applied by _handleByNameInclusion(), producing a contextual deserializer whose BeanPropertyMap has the ignored properties removed. The subsequent per-property case-insensitivity block (triggered by @JsonFormat(ACCEPT_CASE_INSENSITIVE_PROPERTIES)) rebuilds from this._beanProperties (the original, unfiltered map) instead of contextual._beanProperties, then overwrites the filtered map — restoring every property _handleByNameInclusion had just removed. This vulnerability is fixed in 2.18.9, 2.21.5, and 3.1.4. This vulnerability occurs in the data-binding functionality where properties intended to be ignored are incorrectly restored and become writable again. An attacker could potentially exploit this by providing input that modifies data through these supposedly ignored properties. This could lead to unintended changes in application data, impacting data integrity. This is a Moderate impact flaw in jackson-databind where applications enabling case-insensitive property matching alongside per-property @JsonIgnoreProperties may inadvertently expose fields to unauthorized modification.
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, POJOPropertiesCollector._renameProperties() allows a property with @JsonProperty("renamed") on the getter and @JsonIgnore on the setter to be renamed rather than dropped. With MapperFeature.INFER_PROPERTY_MUTATORS enabled (default), the private backing field is retained; during deserialization BeanDeserializerFactory.addBeanProps() sees hasField()==true, builds a FieldProperty, and makes the backing field writable. An attacker supplying the renamed JSON key writes the backing field directly, bypassing the @JsonIgnore on the setter. This vulnerability is fixed in 3.1.4. This vulnerability allows a remote attacker to bypass security controls by exploiting an issue in how properties are handled when both @JsonProperty (for renaming) and @JsonIgnore (for ignoring) annotations are used. By supplying a specially crafted JSON key, an attacker can directly write to a private data field, circumventing the intended security restrictions and potentially leading to unexpected data modification. Moderate: This flaw in jackson-databind allows for property tampering and mass assignment in Red Hat products. Red Hat severity: Moderate — CVSS 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). Weakness: CWE-915.
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, in BeanDeserializer._deserializeUsingPropertyBased, the active-view (@JsonView) filter was applied only to creator properties; the regular property-buffering branch performed no prop.visibleInView(activeView) check. A change making SetterlessProperty.isMerging() return true routed setterless Collection/Map properties through this unguarded path, so a setterless collection annotated with a restricted @JsonView is populated from attacker JSON even when the active view excludes it. This vulnerability is fixed in 2.21.4 and 3.1.4. A remote attacker can exploit this vulnerability due to an issue in how active-view (@JsonView) filters are applied. This can lead to information disclosure, allowing an attacker to access data that should otherwise be restricted. Moderate: A flaw in jackson-databind allows for information disclosure and an access-control bypass. This occurs because the `@JsonView` filter, intended to restrict data visibility, is not correctly applied to setterless collection and map properties during deserialization. An attacker could exploit this to populate view-restricted properties from untrusted JSON, potentially accessing sensitive data that should be excluded by the active view.
Traefik is an HTTP reverse proxy and load balancer. From 3.7.0-ea.1 until 3.7.5, there is a medium severity vulnerability in Traefik's Kubernetes Ingress NGINX provider that causes affected routes to fail open. When an Ingress explicitly enables BasicAuth or DigestAuth through the supported nginx.ingress.kubernetes.io/auth-type and auth-secret annotations, but the referenced auth Secret cannot be resolved or parsed, Traefik logs the resolution error, skips installing the authentication middleware, and still emits a router to the backend service. A route that operators intended to protect is therefore published to the data plane without its authentication control, allowing unauthenticated access to the backend. The trigger is an invalid or unresolved auth dependency — a missing, malformed, unreadable, or policy-denied Secret — rather than an intentionally unprotected route. This vulnerability is fixed in 3.7.5. This allows unauthenticated access to backend services that were intended to be protected, potentially exposing sensitive information or functionality. Red Hat severity: Low — CVSS 4.4 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). Weakness: CWE-166. Affected Red Hat products: Red Hat OpenShift Dev Spaces. Red Hat does not currently list a fixing RHSA for this CVE.
When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters (\r) the resulting file could be injected with unexpected keys and values if the attacker controls the written value. This occurs if the input contains multi-line text with carriage return characters, leading to potential configuration manipulation. Red Hat severity: Moderate — CVSS 5.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N). Weakness: CWE-93. Affected Red Hat products: Red Hat Enterprise Linux 8. Red Hat does not currently list a fixing RHSA for this CVE.
Claude Code is an agentic coding tool. From 0.2.54 until 2.1.163, because the hostname huggingface.co was pre-approved as a bare hostname for the WebFetch tool, any path on that domain—including attacker-controlled model repositories—was auto-approved without a permission prompt or being subject to --allowedTools restrictions. An attacker able to inject untrusted content into a Claude Code context could direct it to issue WebFetch requests against attacker-controlled repository files (e.g. /resolve/main/config.json), which HuggingFace counts as downloads server-side, creating a covert out-of-band channel for encoding and exfiltrating data Claude can access such as files, environment variables, or command output. Reliably exploiting this required the ability to add untrusted content into a Claude Code context window. This vulnerability is fixed in 2.1.163. The primary impact of this vulnerability is the unauthorized disclosure of information. Red Hat OpenShift Dev Spaces ships claude-code version 2.1.138 in its plugin registry container. Red Hat severity: Moderate — CVSS 5.3 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N). Weakness: CWE-863. Affected Red Hat products: Red Hat OpenShift Dev Spaces. Red Hat does not currently list a fixing RHSA for this CVE.
In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers (X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device) from client requests before forwarding them to object-servers. An authenticated user with write access can inject these headers to redirect container update requests to an attacker-controlled server, enabling server-side request forgery. The SSRF requests expose internal cluster metadata including storage policy indexes, partition mappings, device names, and when at rest encryption is enabled, cipher text and initialization vectors for the container-level encryption key. The attacker can also cause "ghost listings" in arbitrary containers via the shard-range redirect mechanism. Red Hat OpenStack Platform 13, 16.2, 17.1, and Red Hat OpenStack Services on OpenShift 18.0 ship OpenStack Swift proxy-server in affected versions and are vulnerable to this flaw. This vulnerability is rated as Moderate severity because exploitation requires an authenticated user with write access to at least one Swift container. The SSRF allows redirection of container update requests to attacker-controlled servers, exposing internal cluster metadata. The attack is network-accessible but requires valid credentials and write permissions, limiting the attacker population to existing tenants within the deployment.
dhcpcd through 10.3.2, fixed in commit 78ea09e, contains a heap use-after-free vulnerability in the control socket handling within src/control.c that allows local unprivileged attackers to trigger memory corruption when privilege separation is disabled. Attackers can connect to the control socket and send a privileged command such as -x, causing control_recvdata() to free the client object while the same READ+HANGUP event subsequently reaches control_hangup() with the stale pointer, resulting in a use-after-free condition exploitable in deployments using --disable-privsep or where privsep initialization has failed with the control socket operating in mode 0666. A flaw was found in dhcpcd. This occurs when privilege separation is disabled, enabling the attacker to send a privileged command to the control socket. Successful exploitation can lead to a denial of service. Red Hat severity: Moderate — CVSS 4.7 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-825. Affected Red Hat products: Red Hat Enterprise Linux 10. Red Hat does not currently list a fixing RHSA for this CVE.
dhcpcd through 10.3.2, fixed in commit 708b4a5, contains a memory leak vulnerability in the IPv6 Router Advertisement route information handling that allows an unauthenticated same-link attacker to cause denial of service by sending crafted Router Advertisements. Attackers can repeatedly send Router Advertisements containing Route Information options with a lifetime of zero, triggering unfreed allocations in routeinfo_findalloc() that cause linear memory exhaustion and eventual daemon crash. A flaw was found in dhcpcd. By repeatedly sending specially crafted Router Advertisements with a zero lifetime, the attacker can cause the system to exhaust its memory, leading to a denial of service and a daemon crash. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-772. Affected Red Hat products: Red Hat Enterprise Linux 10. Red Hat does not currently list a fixing RHSA for this CVE.