VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
3478 advisories across 32 monitored vendors.
The webp decoder can panic when processing a VP8 chunk with dimensions that do not match the canvas size. A flaw was found in the `golang.org/x/image/webp` library's WebP decoder. A remote attacker could exploit this vulnerability by providing a specially crafted WebP image containing a VP8 chunk with mismatched dimensions. This could cause the decoder to panic, leading to a denial of service (DoS) for applications processing such images. Red Hat products are not affected by this vulnerability. VolSync is a storage replication operator and Cryostat Storage is an object storage backend — neither processes WebP images. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Weakness: CWE-1288. Red Hat lists Cryostat 4; Red Hat Advanced Cluster Management for Kubernetes 2 as not affected.
Information disclosure via DNS rebinding attack. Red Hat rates this moderate (CVSS 5.3). Weakness: CWE-346.
Denial of Service via deeply nested array comparison. Red Hat rates this moderate (CVSS 5.5). Weakness: CWE-770. Red Hat lists fixing advisory RHSA-2026:29986 with package jq-main-1.8.2-0.1.hum1.
Heap out-of-bounds write via oversized raw file processing. Red Hat rates this moderate (CVSS 6.6). Weakness: CWE-787. Red Hat lists fixing advisory RHSA-2026:29986 with package jq-main-1.8.2-0.1.hum1.
Denial of Service via integer overflow and buffer overrun on 32-bit systems. Red Hat rates this moderate (CVSS 5.5). Weakness: CWE-190. Red Hat lists fixing advisory RHSA-2026:29986 with package jq-main-1.8.2-0.1.hum1.
pnpm and pacquet: Information disclosure of environment secrets via improper environment variable expansion. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-15.
Information disclosure of authentication credentials via malicious .npmrc file. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-201.
Arbitrary Code Execution via Malicious Lockfile. Red Hat rates this moderate (CVSS 6.4). Weakness: CWE-78.
Package integrity check bypass allows installation of malicious content. Red Hat rates this moderate (CVSS 6.8). Weakness: CWE-494.
Denial of Service due to improper handling of malicious package manifest bin keys. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-22.
Attacker can re-enable and take over disabled clients via Registration Access Token. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-613. Red Hat lists fixing advisory RHSA-2026:30049 with package rhbk/keycloak-operator-bundle:26.4.13-1, rhbk/keycloak-rhel9-operator:26.4-19, rhbk/keycloak-rhel9, rhbk/keycloak-rhel9:26.6-8.
Information disclosure through arbitrary filesystem path probing. Red Hat rates this moderate (CVSS 4.9). Weakness: CWE-22. Red Hat lists fixing advisory RHSA-2026:30049 with package rhbk/keycloak-operator-bundle:26.4.13-1, rhbk/keycloak-rhel9-operator:26.4-19, rhbk/keycloak-rhel9, rhbk/keycloak-rhel9:26.6-8.
Denial of Service via crafted spell file. Red Hat rates this moderate (CVSS 5.5). Weakness: CWE-787. Red Hat lists fixing advisory RHSA-2026:35387 with package vim-main-9.2.780-1.hum1.
Denial of service via crafted undo file. Red Hat rates this moderate (CVSS 5.5). Weakness: CWE-125.
Out-of-bounds Read with libsodium-encrypted Files. Red Hat rates this moderate (CVSS 4.7). Weakness: CWE-125. Red Hat lists fixing advisory RHSA-2026:30267 with package vim-main-9.2.725-1.hum1.
Arbitrary code execution via crafted zip archive entry names. Red Hat rates this moderate (CVSS 5.8). Weakness: CWE-78.
Out-of-bounds Read with Text Properties. Red Hat rates this moderate. Weakness: CWE-125.
Denial of Service via stack out-of-bounds write in spell_soundfold_sofo(). Red Hat rates this moderate (CVSS 4.7). Weakness: CWE-787. Red Hat lists fixing advisory RHSA-2026:30267 with package vim-main-9.2.725-1.hum1.
Memory corruption due to XInclude substitution. Red Hat rates this moderate (CVSS 6.2). Weakness: CWE-825.
Denial of Service due to improper XPathContext garbage collection. Red Hat rates this low (CVSS 4.7). Weakness: CWE-771.