VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
Advisories the vendor has revised
Heap overflow when preparsing SQL statements with excessive placeholders. Red Hat rates this important (CVSS 8.1). Weakness: CWE-131. Affected products named by the advisory: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; and 1 more.
A heap buffer overflow flaw was found in the SASL I/O layer of 389 Directory Server (389-ds-base). After a successful SASL bind with integrity protection (SSF > 0), an authenticated attacker can send a specially crafted oversized LDAP UNBIND packet that is copied into a 512-byte heap receive buffer without a bounds check in sasl_io_recv() in sasl_io.c. This allows up to approximately 2 megabytes of attacker-controlled data to overflow the buffer, causing a denial of service (server crash). In FreeIPA and Red Hat Identity Management deployments, any domain user with a valid Kerberos ticket, any enrolled host, or any service account can trigger this vulnerability over the network after authenticating via GSSAPI. Red Hat rates this issue as Important impact. Exploitation requires a valid SASL-authenticated LDAP session, not Directory Manager access. Any user who can bind with SASL mechanisms such as GSSAPI/Kerberos or DIGEST-MD5 can trigger the denial of service. In deployments where domain users, enrolled hosts, and service accounts routinely authenticate to the directory over Kerberos, the attack surface includes any such principal with network access to LDAP. This flaw is independent of CVE-2025-14905, which patched a separate heap overflow in schema.c and did not modify sasl_io.c. Red Hat severity: Important — CVSS 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
sudo LDAP provider searches entire directory tree for sudoRole objects by default, enabling privilege escalation. Red Hat rates this important (CVSS 8.8). Weakness: CWE-1188. Affected products named by the advisory: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9; and 1 more.
Use-after-free / double-free in query-completion handling. Red Hat rates this important (CVSS 7.5). Weakness: CWE-416. Affected products named by the advisory: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9; and 2 more.
A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting (XSS) attack. If using a set of combined configuration to allow unescaped characters in URL with embedded Undertow and Jastow, a server might be vulnerable to improper input handling. Exploitation requires a specific, non-default configuration, limiting its applicability in typical deployments. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N). Weakness: CWE-79. Affected Red Hat products: Red Hat JBoss Enterprise Application Platform 8.1; Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 10; Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8; Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9; Red Hat JBoss Enterprise Application Platform 7; Red Hat JBoss Enterprise Application Platform 8; Red Hat JBoss Enterprise Application Platform Expansion Pack; Red Hat Single Sign-On 7. Red Hat fixing advisory: RHSA-2026:36345, RHSA-2026:36344, RHSA-2026:36342, RHSA-2026:36343.
Privilege escalation via improper authorization in XML API. Red Hat rates this critical (CVSS 9.9). Weakness: CWE-15. Affected products named by the advisory: Red Hat Enterprise Linux; Red Hat OpenShift Dev Spaces.
Denial of Service via adversarial regular expression in structured outputs API. Red Hat rates this important (CVSS 7.5). Weakness: CWE-1333. Affected products named by the advisory: Red Hat AI Inference Server; Red Hat Enterprise Linux AI (RHEL AI) 3; Red Hat OpenShift AI (RHOAI).
Denial of Service via malformed speculative decoding workload. Red Hat rates this important (CVSS 7.5). Weakness: CWE-125. Affected products named by the advisory: Red Hat AI Inference Server; Red Hat Enterprise Linux AI (RHEL AI) 3; Red Hat OpenShift AI (RHOAI).
Denial of Service via crafted BDF font file. Red Hat rates this important (CVSS 7.5). Weakness: CWE-770. Affected products named by the advisory: Exploit Intelligence; Lightspeed Core; OpenShift Lightspeed; Red Hat AI Inference Server; and 7 more.
Denial of Service via crafted GD 2.x image file. Red Hat rates this important (CVSS 7.5). Weakness: CWE-1285. Affected products named by the advisory: Exploit Intelligence; Lightspeed Core; OpenShift Lightspeed; Red Hat AI Inference Server; and 7 more.
Denial of Service via excessive memory allocation when processing font files. Red Hat rates this important (CVSS 7.5). Weakness: CWE-1050. Affected products named by the advisory: Exploit Intelligence; Lightspeed Core; OpenShift Lightspeed; Red Hat AI Inference Server; and 7 more.
Denial of Service via crafted PCF font data. Red Hat rates this important (CVSS 7.5). Weakness: CWE-409. Affected products named by the advisory: Red Hat Ansible Automation Platform 2; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Satellite 6.
Path traversal in configDependencies env lockfile allows symlink creation outside node_modules/.pnpm-config. Red Hat rates this important (CVSS 8.2). Affected products named by the advisory: Red Hat Enterprise Linux; Red Hat AMQ Broker 7; Red Hat Build of Keycloak; Red Hat JBoss Enterprise Application Platform 8; and 1 more.
patch-remove could delete project-selected files outside the patches directory. Red Hat rates this important (CVSS 7.1). Weakness: CWE-22. Affected products named by the advisory: Red Hat Enterprise Linux; Red Hat AMQ Broker 7; Red Hat Build of Keycloak; Red Hat JBoss Enterprise Application Platform 8; and 1 more.
A flaw was found in Red Hat Advanced Cluster Security for Kubernetes (RHACS). Central does not limit the depth of GraphQL queries served on the authenticated GraphQL API. An authenticated user with a valid API token can send deeply nested queries that cause excessive resource consumption in Central, resulting in a denial of service for the management plane. Red Hat Product Security is aware of this issue affecting RHACS Central. Red Hat is not aware of malicious exploitation of this issue outside of coordinated testing. Updates addressing this issue will be released according to the RHACS support lifecycle. Refer to the associated errata when available for affected versions and update instructions. Red Hat severity: Important — CVSS 7.7 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). Weakness: CWE-400. Red Hat fixing advisory: RHSA-2026:36625, RHSA-2026:36207, RHSA-2026:36319. Affected products named by the advisory: Red Hat Advanced Cluster Security for Kubernetes 4.10; Red Hat Advanced Cluster Security for Kubernetes 4.11; Red Hat Advanced Cluster Security for Kubernetes 4.9.
Apache Camel JMS components: Arbitrary Exchange state injection. Red Hat rates this important (CVSS 8.1). Weakness: CWE-502. Affected products named by the advisory: Red Hat Enterprise Linux; Red Hat build of Apache Camel 4 for Quarkus 3; Red Hat build of Apache Camel for Spring Boot 4.
Server-Side Request Forgery and sensitive data exposure. Red Hat rates this important (CVSS 8.2). Weakness: CWE-918. Affected products named by the advisory: Red Hat Enterprise Linux; Red Hat build of Apache Camel 4 for Quarkus 3; Red Hat build of Apache Camel for Spring Boot 4.
Remote attacker can execute unintended operations via header manipulation. Red Hat rates this important (CVSS 7.5). Weakness: CWE-639. Affected products named by the advisory: Red Hat Enterprise Linux; Red Hat build of Apache Camel 4 for Quarkus 3; Red Hat build of Apache Camel for Spring Boot 4; Red Hat JBoss Enterprise Application Platform Expansion Pack.
Apache Camel (camel-vertx-http): Remote Code Execution via Deserialization of Untrusted Data. Red Hat rates this important (CVSS 8.1). Weakness: CWE-502. Affected products named by the advisory: Red Hat Enterprise Linux; Red Hat build of Apache Camel 4 for Quarkus 3; Red Hat build of Apache Camel for Spring Boot 4; Red Hat JBoss Enterprise Application Platform Expansion Pack.
Information disclosure via error messages containing sensitive data. Red Hat rates this important (CVSS 5.3). Weakness: CWE-209. Affected product named by the advisory: Red Hat Enterprise Linux.