VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
1149 advisories across 32 monitored vendors.
Use after free in Payments. Red Hat rates this important (CVSS 6.6). Weakness: CWE-825.
The webp decoder can panic when processing a VP8 chunk with dimensions that do not match the canvas size. A flaw was found in the `golang.org/x/image/webp` library's WebP decoder. A remote attacker could exploit this vulnerability by providing a specially crafted WebP image containing a VP8 chunk with mismatched dimensions. This could cause the decoder to panic, leading to a denial of service (DoS) for applications processing such images. Red Hat products are not affected by this vulnerability. VolSync is a storage replication operator and Cryostat Storage is an object storage backend — neither processes WebP images. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Weakness: CWE-1288. Red Hat lists Cryostat 4; Red Hat Advanced Cluster Management for Kubernetes 2 as not affected.
Information disclosure via DNS rebinding attack. Red Hat rates this moderate (CVSS 5.3). Weakness: CWE-346.
Denial of Service via deeply nested array comparison. Red Hat rates this moderate (CVSS 5.5). Weakness: CWE-770. Red Hat lists fixing advisory RHSA-2026:29986 with package jq-main-1.8.2-0.1.hum1.
Heap out-of-bounds write via oversized raw file processing. Red Hat rates this moderate (CVSS 6.6). Weakness: CWE-787. Red Hat lists fixing advisory RHSA-2026:29986 with package jq-main-1.8.2-0.1.hum1.
Denial of Service via integer overflow and buffer overrun on 32-bit systems. Red Hat rates this moderate (CVSS 5.5). Weakness: CWE-190. Red Hat lists fixing advisory RHSA-2026:29986 with package jq-main-1.8.2-0.1.hum1.
pnpm and pacquet: Information disclosure of environment secrets via improper environment variable expansion. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-15.
Information disclosure of authentication credentials via malicious .npmrc file. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-201.
Arbitrary Code Execution via Malicious Lockfile. Red Hat rates this moderate (CVSS 6.4). Weakness: CWE-78.
Package integrity check bypass allows installation of malicious content. Red Hat rates this moderate (CVSS 6.8). Weakness: CWE-494.
Denial of Service due to improper handling of malicious package manifest bin keys. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-22.
Attacker can re-enable and take over disabled clients via Registration Access Token. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-613. Red Hat lists fixing advisory RHSA-2026:30049 with package rhbk/keycloak-operator-bundle:26.4.13-1, rhbk/keycloak-rhel9-operator:26.4-19, rhbk/keycloak-rhel9, rhbk/keycloak-rhel9:26.6-8.
Information disclosure through arbitrary filesystem path probing. Red Hat rates this moderate (CVSS 4.9). Weakness: CWE-22. Red Hat lists fixing advisory RHSA-2026:30049 with package rhbk/keycloak-operator-bundle:26.4.13-1, rhbk/keycloak-rhel9-operator:26.4-19, rhbk/keycloak-rhel9, rhbk/keycloak-rhel9:26.6-8.
Denial of Service via crafted spell file. Red Hat rates this moderate (CVSS 5.5). Weakness: CWE-787. Red Hat lists fixing advisory RHSA-2026:35387 with package vim-main-9.2.780-1.hum1.
Denial of service via crafted undo file. Red Hat rates this moderate (CVSS 5.5). Weakness: CWE-125.
Out-of-bounds Read with libsodium-encrypted Files. Red Hat rates this moderate (CVSS 4.7). Weakness: CWE-125. Red Hat lists fixing advisory RHSA-2026:30267 with package vim-main-9.2.725-1.hum1.
Vim is an open source, command line text editor. From 9.1.1784 until 9.2.0678, when the bundled zip plugin autoload/zip.vim falls back to PowerShell to browse, read, extract, update or delete entries in a zip archive, it builds the PowerShell command by inserting archive entry names that are quoted only for the shell, not for PowerShell. A crafted entry name can break out of the intended string context and cause PowerShell to execute arbitrary commands with the privileges of the user running Vim, triggered by opening, viewing or extracting the archive. This vulnerability is fixed in 9.2.0678. A security vulnerability exists in the Vim text editor. If a user opens a specially crafted ZIP file in Vim, it can trick the application into running hidden, harmful commands on their computer. This specific issue is only triggered if Vim relies on PowerShell to open the ZIP file. This vulnerability was introduced in Vim version 9.1.1784. Because Red Hat products do not ship this version, they are unaffected. Red Hat severity: Moderate — CVSS 5.8 (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L). Weakness: CWE-78. Red Hat lists Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9; Red Hat OpenShift Container Platform 4 as not affected.
Vim is an open source, command line text editor. From 9.2.0320 until 9.2.0679, a crafted undo or swap file can store a virtual-text property whose offset and length point outside the line's property data. When Vim restores or displays such a line it converts the offset into a pointer and reads the virtual text without bounds checking, causing an out-of-bounds read that can crash Vim or disclose adjacent heap memory. This vulnerability is fixed in 9.2.0679. A local attacker could exploit this vulnerability by providing a specially crafted undo or swap file. When Vim processes this file, an out-of-bounds read occurs, which can lead to the disclosure of sensitive information from memory or cause the application to crash, resulting in a denial of service (DoS). This vulnerability was introduced in Vim version 9.2.0320. Because Red Hat products do not ship this version, they are unaffected. Red Hat severity: Moderate. Weakness: CWE-125. Red Hat lists Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9; Red Hat OpenShift Container Platform 4 as not affected.
Denial of Service via stack out-of-bounds write in spell_soundfold_sofo(). Red Hat rates this moderate (CVSS 4.7). Weakness: CWE-787. Red Hat lists fixing advisory RHSA-2026:30267 with package vim-main-9.2.725-1.hum1.
Memory corruption due to XInclude substitution. Red Hat rates this moderate (CVSS 6.2). Weakness: CWE-825.