VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
129 advisories across 32 monitored vendors.
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri’s CRuby native extension could leave a Ruby wrapper pointing to freed memory when replacing the value of an XML attribute. If Ruby code had already accessed an attribute child node, Nokogiri::XML::Attr#value= could free the underlying native child node while the wrapper remained reachable through the document node cache. A later use of the freed child node or a Ruby GC mark could dereference an invalid pointer, causing an invalid read and a possible segfault. This vulnerability is fixed in 1.19.4. The Nokogiri maintainers have evaluated this as low severity. Reaching it requires an unusual API-usage pattern that does not arise during normal use. The application must directly access an attribute's child node and then replace that same attribute's value via Attr#value= or #content=. Nokogiri 1.19.4 makes this pattern safe with no change to the public API. Red Hat severity: Low — CVSS 3.7 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Weakness: CWE-825. Affected Red Hat products: Red Hat 3scale API Management Platform 2; Red Hat Satellite 6. Red Hat does not currently list a fixing RHSA for this CVE.
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri contains a bug when calling certain methods on allocated-but-uninitialized native wrapper classes that inherit from Nokogiri::XML::Node. This caused a NULL pointer dereference that could crash the process. This vulnerability is fixed in 1.19.4. An attacker who can control the construction of Nokogiri node objects could exploit this to cause a Denial of Service. Red Hat severity: Low — CVSS 2.9 (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Weakness: CWE-476. Affected Red Hat products: Red Hat 3scale API Management Platform 2; Red Hat Satellite 6. Red Hat does not currently list a fixing RHSA for this CVE.
"Remember me" cookie age is not verified on the server. This potentially allows an attacker to intercept a valid cookie and reuse it indefinitely, even after the configured expiration time has passed. This issue affects all Apache Shiro versions from 1.2.4 through 2.x, and 3.0.0-alpha-1, only when RememberMe functionality is enabled. Upgrade to version 3.0.0 or later, which fixes the issue. Red Hat severity: Low — CVSS 3 (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N). Weakness: CWE-294. Affected Red Hat products: Red Hat Fuse 7; Red Hat JBoss Enterprise Application Platform Expansion Pack. Red Hat does not currently list a fixing RHSA for this CVE.
A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using textproto.Reader.ReadLine(), which buffers input indefinitely until a newline character is received, with no length limit or read deadline. Red Hat has rated this issue as having Low security impact. The vulnerable code runs in virt-handler, a node-level DaemonSet; however, in OpenShift Virtualization, cgroup memory limits ensure the OOM kill is contained to the virt-handler pod and does not affect the node kernel or kubelet. Running VM workloads (QEMU processes) survive independently and continue operating — only management operations (live migration, graceful shutdown, monitoring updates) are temporarily disrupted. An administrator can recover by deleting the offending VirtualMachineInstance, after which virt-handler resumes normal operation on its next restart. The attack surface is limited to VMIs that explicitly configure a downwardMetrics virtio-serial device, which is not part of the default VM configuration. The blast radius is confined to a single node. Red Hat severity: Low — CVSS 3.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L). Weakness: CWE-770. Affected Red Hat products: Red Hat OpenShift Virtualization 4. Red Hat does not currently list a fixing RHSA for this CVE.
concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReadWriteLock#release_write_lock does not verify that the calling thread acquired the write lock. Any thread with access to the lock object can release an active write lock held by another thread. A second writer can then enter its critical section while the first writer is still running. Concurrent::ReadWriteLock#release_read_lock also decrements the shared counter even when no read lock is held. Calling it on a fresh lock changes the counter from 0 to -1, after which normal read acquisition raises Concurrent::ResourceLimitError. This is a synchronization correctness issue in the public Concurrent::ReadWriteLock API. This vulnerability is fixed in 1.3.7. A flaw was found in concurrent-ruby, a Ruby library for managing concurrent operations. The `Concurrent::ReadWriteLock` component contains a synchronization issue where write locks can be released by unauthorized threads. This could allow multiple threads to write concurrently, potentially leading to data corruption. Furthermore, an issue with read lock management can cause a denial of service (DoS) by preventing legitimate read operations. This is essentially a library misuse scenario. The attack requires local code execution in the same Ruby process AND use of the manual locking API (ReadWriteLock).
ImageMagick before 7.1.2-19 contains an out-of-bounds access vulnerability in ConnectedComponentsImage() when processing connected-components artifacts with invalid indices. Attackers can trigger access violations by specifying malformed connected-components definitions via CLI, causing denial of service or potential code execution. By passing malformed connected-components definitions through the CLI, an attacker can cause a denial of service or potentially execute arbitrary code. Exploitation requires local user interaction via the CLI and can result in a denial of service or arbitrary code execution. Red Hat severity: Low — CVSS 3.3 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). Affected Red Hat products: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Will not fix / out of support: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Red Hat does not currently list a fixing RHSA for this CVE.
ImageMagick before 7.1.2-15 contains a memory leak vulnerability in multiple coders that write raw pixel data where allocated objects are not properly freed. Attackers can trigger this leak by processing specially crafted images, causing memory exhaustion and denial of service. A flaw was found in ImageMagick. Red Hat severity: Low — CVSS 3.7 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Affected Red Hat products: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Will not fix / out of support: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Red Hat does not currently list a fixing RHSA for this CVE.
Caddy is an extensible server platform that uses TLS by default. From 2.4.0 until 2.11.3, the authorization layer and the /config traversal layer do not agree on what object the path refers to. In this case, a path authorized for one config object is accepted, but then resolves to a different config object during traversal. This happens because the authorization layer uses string prefix matching and the /config traversal layer parses array indices numerically using strconv.Atoi(). This vulnerability is fixed in 2.11.3. A remote administrator with restricted access to specific configuration objects could bypass these limitations. This discrepancy allows an attacker to read and modify unauthorized configuration elements, undermining the principle of least privilege in remote administration. This Moderate-impact flaw in Caddy's remote administration API, which allows an authorization bypass due to differing interpretations of array indices, does not affect Red Hat products. The vulnerable code is not present in Red Hat's supported offerings. Red Hat severity: Moderate — CVSS 3.8 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N). Weakness: CWE-551. Red Hat lists Red Hat Hardened Images as not affected.
CMS (Cryptographic Message Syntax) parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is supposed to be 12 bytes but 4 bytes is accepted. NOTE: this is related to CVE-2026-34182. By accepting an authentication tag length of 4 bytes instead of the required 12 bytes, this vulnerability allows for a low-impact data integrity issue where the cryptographic validity of messages could be compromised. A Low-impact flaw in GnuPG's gpgsm component accepts an incorrect AES-GCM authentication tag length in CMS messages. This compromises cryptographic data integrity, though confidentiality and availability are unaffected. Red Hat severity: Low — CVSS 2.9 (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Affected Red Hat products: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9; Red Hat Hardened Images. Will not fix / out of support: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Red Hat does not currently list a fixing RHSA for this CVE.
ImageMagick before 7.1.2-15 and 6.9.13-40 contains a heap use-after-free in the meta coder: when memory allocation fails, a single byte is written to a stale pointer. Remote attackers can trigger it by processing specially crafted image files, causing a denial of service. A flaw was found in ImageMagick. This ImageMagick flaw is rated as Low impact. The impact is limited to availability, and the attack requires specific conditions, making successful exploitation less probable in typical Red Hat deployments unless processing untrusted images. Red Hat severity: Low — CVSS 3.7 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Weakness: CWE-825. Affected Red Hat products: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Will not fix / out of support: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Red Hat does not currently list a fixing RHSA for this CVE.
A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds read, occurs during the cleanup of GSSAPI (Generic Security Service Application Programming Interface) indicators when a trailing NULL termination is missing in the auth-indicators array. A remote attacker, under specific configurations involving GSSAPI authentication and a Kerberos environment, could exploit this to cause the SSH authentication path to crash or abort. This leads to a denial of service (DoS), impacting the availability of the SSH service. This flaw is rated Low. A heap out-of-bounds read in OpenSSH's GSSAPI authentication component can lead to a denial of service. Exploitation requires `GSSAPIAuthentication` to be explicitly enabled, which is not the default configuration in Red Hat products, and a Kerberos environment providing authenticated `auth-indicators`. The impact is limited to the availability of the SSH authentication process. This vulnerability doesn't affect the upstream OpenSSH versions and is restricted to the versions as shipped with Red Hat Enterprise Linux. Red Hat severity: Low — CVSS 3.7 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Weakness: CWE-125. Affected Red Hat products: Red Hat Hardened Images; Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9.
React Router is a router for React. This is a low severity vulnerability because modern browser protections (CORS preflight, SameSite cookies) already block the cross-origin attack vectors that this missing CSRF check would otherwise gate. This vulnerability is fixed in 7.15.1. Insufficient Cross-Site Request Forgery (CSRF) checks in the framework mode allow a remote attacker to bypass these protections on PUT, PATCH, and DELETE requests. This could lead to a low integrity impact, where an attacker might be able to perform unintended actions on behalf of a user. Modern browser security features, such as Cross-Origin Resource Sharing (CORS) preflight and SameSite cookies, significantly limit the practical exploitability of this vulnerability. Red Hat severity: Low — CVSS 3.1 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N). Weakness: CWE-352. Affected Red Hat products: Exploit Intelligence; Network Observability Operator; OpenShift Pipelines; Red Hat Ansible Automation Platform 2; Red Hat Data Grid 8; Red Hat OpenShift AI (RHOAI); Red Hat OpenShift Container Platform 4; Red Hat Quay 3; Red Hat Trusted Artifact Signer; Red Hat Trusted Profile Analyzer.
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.31, parse_form() did not validate the Content-Length header before using it to bound its chunked read of the request body. A negative Content-Length turned the bounded read into a read-until-EOF, so the entire body was loaded into memory in a single read instead of in fixed-size chunks. The realistic exposure is limited to bespoke WSGI or http.server handlers that forward raw client headers directly into parse_form(). Common frameworks such as Starlette and FastAPI do not call parse_form() directly and are not affected by this specific code path. Red Hat severity: Low — CVSS 3.7 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Weakness: CWE-400. Affected Red Hat products: Exploit Intelligence; Migration Toolkit for Applications 8; OpenShift Lightspeed; Red Hat AI Inference Server; Red Hat Ansible Automation Platform 2; Red Hat Enterprise Linux AI (RHEL AI) 3; Red Hat OpenShift AI (RHOAI); Red Hat OpenShift Virtualization 4; Red Hat Satellite 6. Red Hat lists OpenShift Lightspeed; Red Hat Hardened Images as not affected. Red Hat does not currently list a fixing RHSA for this CVE.
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, parse_options_header parsed Content-Disposition (and Content-Type) headers with email.message.Message, which transparently applies RFC 2231/5987 decoding. The extended parameter syntax (filename*=charset'lang'value, name*=..., and the filename*0/filename*1 continuation form) is decoded and surfaced under the bare filename/name key, and overrides the plain parameter when both are present. RFC 7578 §4.2 explicitly forbids the filename* form in multipart/form-data. Components that follow RFC 7578, or that do not implement RFC 2231/5987 decoding for multipart/form-data (WAFs, proxies, gateways), may interpret such a header differently. An attacker can exploit that difference to smuggle a different field name or filename past an upstream inspector to the backend. This vulnerability is fixed in 0.0.30. This vulnerability allows a remote attacker to bypass security controls by exploiting a difference in how Content-Disposition and Content-Type headers are parsed. Specifically, the parse_options_header function incorrectly applies RFC 2231/5987 decoding, which is forbidden for multipart/form-data. Red Hat severity: Low — CVSS 3.7 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Weakness: CWE-1286.
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, DigestAuthMiddleware can send an authentication response after following a cross-origin redirect. This likely requires an open redirect vulnerability or similar on the target domain for an attacker to be able to execute. Further, the attacker is only receiving the digest, so should only be able to extract the user's credentials if the cryptography is weak or there is some kind of password reuse. This vulnerability is fixed in 3.14.1. This could allow a remote attacker, in conjunction with an open redirect vulnerability on the target domain, to potentially extract a user's credentials if weak cryptography is used or if there is password reuse. This vulnerability primarily leads to information disclosure. Red Hat severity: Low — CVSS 3.1 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). Weakness: CWE-940. Affected Red Hat products: Exploit Intelligence; Migration Toolkit for Applications 8; OpenShift Lightspeed; Red Hat AI Inference Server; Red Hat Ansible Automation Platform 2; Red Hat Ansible Automation Platform Ansible Core 2; Red Hat Discovery 2; Red Hat Enterprise Linux AI (RHEL AI) 3; Red Hat OpenShift AI (RHOAI); Red Hat Satellite 6. Red Hat lists Red Hat Hardened Images as not affected. Red Hat does not currently list a fixing RHSA for this CVE.
Babel is a compiler for writing next generation JavaScript. Prior to 8.0.0-rc.6 and 7.29.6, @babel/core affected by an arbitrary file read via a sourceMappingURL comment. Using @babel/core to compile maliciously crafted code can allow an attacker to read any source map from the system that is running Babel, if the attacker controls the input source code, can read the output source code, and knows the path of the source map file that they want to read. This vulnerability is fixed in 8.0.0-rc.6 and 7.29.6. Red Hat rates this issue as having Low impact for Red Hat AI products. @babel/core is bundled only in build-time or developer UI tooling (dashboard, model registry, MLflow) and the arbitrary file read requires local access and attacker-controlled source map processing that is not exposed in normal production use. Red Hat severity: Low — CVSS 3.6 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N). Weakness: CWE-22.
When undici parses a Set-Cookie header, it accepts any SameSite attribute value that contains Strict, Lax, or None as a substring, rather than the case-insensitive exact match specified by RFC 6265. Non-spec values are silently mapped to one of the three standard tokens. For example, SameSite=NoneOfYourBusiness is parsed as None (the most permissive setting), and SameSite=StrictLax is parsed as Lax (a downgrade from Strict). Affected applications are those that consume Set-Cookie headers from server responses (for example via undici's fetch or proxy code paths) and then forward or rely on the parsed sameSite attribute. A malicious or non-compliant server can coerce the consumer's view of a cookie's SameSite policy to a weaker value, silently degrading the SameSite enforcement the cookie is supposed to provide. This was introduced in undici 5.15.0 when the cookies feature was added. Patches: Upgrade to undici v6.26.0, v7.28.0 or v8.5.0. Workarounds: After parsing a Set-Cookie header, validate that the resulting sameSite attribute is one of 'Strict', 'Lax', or 'None' (exact, case-insensitive) before forwarding or relying on it. A flaw was found in undici. When undici processes Set-Cookie headers, it incorrectly interprets the SameSite attribute, accepting partial matches instead of exact ones. This allows a malicious server to downgrade a cookie's SameSite policy to a less secure setting, potentially leading to unintended information disclosure or a weakening of security protections for the user. This Low impact flaw in undici, as used in various Red Hat products, arises from incorrect parsing of the `SameSite` cookie attribute. A malicious server could exploit this by sending a specially crafted `Set-Cookie` header, causing the `SameSite` policy to be downgraded to a less secure setting. This could lead to a minor weakening of security protections or unintended information disclosure in applications that process and rely on these cookie attributes. Red Hat severity: Low — CVSS 3.7 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Weakness: CWE-1286. Fixed by RHSA-2026:35841, RHSA-2026:35842 — update the affected packages (`sudo dnf update`). Affected Red Hat products: Red Hat Enterprise Linux 10.
Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can inject an unsolicited HTTP/1.1 response onto an idle socket after a request completes. When the client dispatches the next request on that socket, it associates the injected response with the new request, causing responses to be delivered to the wrong requests. This requires an attacker-controlled or compromised upstream HTTP/1.1 server and keep-alive connection reuse. Patches: Upgrade to undici v6.26.0, v7.28.0 or v8.5.0. Workarounds: Disable keep-alive connection reuse by setting keepAliveTimeout: 0 on the Client or Pool. A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici's HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket. Consequently, when the client dispatches a new request on that socket, it may associate the injected response with the new request, leading to responses being delivered to unintended recipients or requests. This could result in a low impact on data integrity. Low: A flaw in Undici's HTTP/1.1 client, as used in various Red Hat products, allows an attacker-controlled upstream server to inject unsolicited responses onto reused keep-alive sockets. This can lead to incorrect response delivery, potentially impacting data integrity, but requires a compromised server and active keep-alive connections. Red Hat severity: Low — CVSS 3.7 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Weakness: CWE-940. Fixed by RHSA-2026:35841, RHSA-2026:35842 — update the affected packages (`sudo dnf update`). Affected Red Hat products: Red Hat Enterprise Linux 10.
Denial-of-service in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory. Red Hat severity: Low — CVSS 3.4 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N). Weakness: CWE-1286. Affected Red Hat products: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 10.0 Extended Update Support; Red Hat Enterprise Linux 7 Extended Lifecycle Support; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support; Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On; Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support; Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On; Red Hat Enterprise Linux 8.8 Telecommunications Update Service; Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions; Red Hat Enterprise Linux 9; Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions; Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions; Red Hat Enterprise Linux 9.6 Extended Update Support; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Will not fix / out of support: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7.
Incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory. Red Hat severity: Low — CVSS 3.4 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N). Weakness: CWE-131. Affected Red Hat products: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 10.0 Extended Update Support; Red Hat Enterprise Linux 7 Extended Lifecycle Support; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support; Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On; Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support; Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On; Red Hat Enterprise Linux 8.8 Telecommunications Update Service; Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions; Red Hat Enterprise Linux 9; Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions; Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions; Red Hat Enterprise Linux 9.6 Extended Update Support; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Will not fix / out of support: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7.