VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
Advisories the vendor has revised
Bootimus through 0.1.70 contains a broken access control vulnerability that allows authenticated low-privileged users to perform administrative actions by exploiting missing role enforcement in the JWTMiddleware function in internal/auth/auth.go, which validates JWT tokens and account status but fails to inspect the is_admin flag. Attackers can send requests to any endpoint under the /api/users path to create new administrator accounts or reset administrator passwords, thereby gaining full control of the server and the ability to modify boot menus and installation scripts served to PXE clients. A flaw was found in dhcpcd. This vulnerability allows an unauthenticated attacker on the same network link to trigger a one-byte stack out-of-bounds write. By sending a specially crafted DHCPv6 ADVERTISE message with an oversized option, the attacker can corrupt adjacent stack memory. This can lead to a denial of service (DoS) in the affected system. Red Hat severity: Moderate — CVSS 5.3 (CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-787. Affected Red Hat products: Red Hat Enterprise Linux 10. Red Hat does not currently list a fixing RHSA for this CVE.
dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a one-byte stack out-of-bounds write vulnerability in dhcp6_makemessage() in src/dhcp6.c that allows unauthenticated same-link attackers to write beyond a fixed local buffer by serializing an oversized RFC6603 OPTION_PD_EXCLUDE option body. Attackers can send a crafted DHCPv6 ADVERTISE message containing an IA_PD IAPREFIX /0 with a valid OPTION_PD_EXCLUDE using an exclude prefix length of /121 through /128 to trigger the out-of-bounds write and potentially corrupt adjacent stack memory. A flaw was found in dhcpcd. By sending a specially crafted DHCPv6 ADVERTISE message with an oversized option, the attacker can write beyond a buffer, potentially corrupting adjacent memory. This could lead to a denial of service. Red Hat severity: Moderate — CVSS 5.3 (CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-787. Affected Red Hat products: Red Hat Enterprise Linux 10. Red Hat does not currently list a fixing RHSA for this CVE.
dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a heap use-after-free vulnerability that allows unauthenticated same-link attackers to crash the daemon by sending a crafted DHCPv6 RENEW reply with RFC6603 OPTION_PD_EXCLUDE and both preferred and valid lifetimes set to zero. Attackers acting as or impersonating a DHCPv6 server can trigger dhcp6_deprecatedele() to free a delegated child address while an outer TAILQ_FOREACH_SAFE iterator in dhcp6_deprecateaddrs() still holds the freed pointer, causing a use-after-free when TAILQ_REMOVE is reached. A flaw was found in dhcpcd. This can lead to a Denial of Service (DoS), causing the dhcpcd daemon to crash due to a heap use-after-free vulnerability. Red Hat severity: Moderate — CVSS 5.3 (CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-825. Affected Red Hat products: Red Hat Enterprise Linux 10. Red Hat does not currently list a fixing RHSA for this CVE.
Insecure Sensitive HTTP Header Sanitization. Red Hat rates this moderate (CVSS 6.2). Weakness: CWE-532. Red Hat lists fixing advisory RHSA-2026:28438 with package satellite/foreman-mcp-server-rhel9:1782228692.
ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory leak in coders/txt.c when processing TXT files with texture attributes: the texture object allocated via ReadImage is not released when GetTypeMetrics fails, leaking memory each time a crafted TXT file with a texture attribute is processed. Processing specially crafted TXT files with malicious texture attributes can exhaust system memory, allowing an attacker to cause a Denial of Service (DoS). A moderate-impact memory leak in ImageMagick can cause a Denial of Service (DoS) if a user or automated system is tricked into processing a maliciously crafted TXT file. Red Hat severity: Moderate — CVSS 5.3 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H). Weakness: CWE-772. Affected Red Hat products: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Will not fix / out of support: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Red Hat does not currently list a fixing RHSA for this CVE.
A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials, allowing a delegated editor to exfiltrate SA tokens and escalate privileges. In a typical OpenShift Logging deployment a user managing ClusterLogForwarder objects is also expected to manage secrets with storage credentials. A user with the rights to manage secrets can obtain a token for a SA in the namespace and as such the flaw does not result in any privilege gain or security boundary being broken. The score assigned is reflective of a scenario where secret provisioning and CLF configuration are managed by separate roles. Red Hat severity: Moderate — CVSS 6.8 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). Weakness: CWE-862. Affected Red Hat products: Logging Subsystem for Red Hat OpenShift. Red Hat does not currently list a fixing RHSA for this CVE.
All versions of the package expr-eval are vulnerable to Code Execution via the toJSFunction() API. An attacker can execute arbitrary JavaScript by supplying crafted expressions that are compiled into native code using new Function(). Because user-controlled expressions are transformed directly into executable JavaScript, attackers can escape the intended expression sandbox and run arbitrary code within the application's context. A remote attacker can exploit this vulnerability by supplying crafted expressions to the toJSFunction() API. RHEL AI 3.4 bootc images ship expr-eval@2.0.2 as a dependency of @langchain/community. The only identified consumer is the LangChain Calculator tool, which calls Parser.evaluate() and does not invoke toJSFunction(). CVE-2026-12866 affects only the toJSFunction() API. No other npm package in the image depends on expr-eval. For this reason the issue is rated Low for RHEL AI. Red Hat severity: Low — CVSS 4.2 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N). Weakness: CWE-917. Affected Red Hat products: Red Hat Enterprise Linux AI (RHEL AI) 3. Red Hat does not currently list a fixing RHSA for this CVE.
A flaw was found in the GStreamer gst-plugins-bad package. When processing a malformed H.266/VVC video stream with a crafted aspect ratio indicator value, the H.266 parser performs an out-of-bounds read of up to 8 bytes from adjacent memory. This flaw allows an attacker to craft a malicious H.266 video file or stream that, when processed by a GStreamer-based application, could leak limited memory contents through video metadata, potentially exposing sensitive information from the application's address space. Red Hat Enterprise Linux versions that ship gstreamer1-plugins-bad with H.266/VVC parser support are affected by this vulnerability. The impact is rated Moderate because exploitation requires user interaction (opening or streaming a malicious H.266 media file) and the information disclosure is limited to 8 bytes from the read-only .data section per malformed frame, making it difficult to extract meaningful sensitive data in practice. The vulnerability does not lead to code execution or denial of service under normal circumstances. Red Hat severity: Moderate — CVSS 4.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N). Weakness: CWE-125. Red Hat does not currently list a fixing RHSA for this CVE. Affected products named by the advisory: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9.
An issue in the sslr_qst_get component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. This issue impacts the availability of the affected system. Although `virtuoso-opensource` is shipped with RHEL 7 Extended Lifecycle Support (ELS), the vulnerable code is completely absent from the package. Therefore, Red Hat products are not impacted by this vulnerability. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-89. Red Hat lists Red Hat Enterprise Linux 7 as not affected.
An issue in the t_set_push component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. An attacker can exploit this vulnerability by sending specially crafted SQL statements to the t_set_push component. This can lead to a Denial of Service (DoS), making the system unavailable to legitimate users. Although `virtuoso-opensource` is shipped with RHEL 7 Extended Lifecycle Support (ELS), the vulnerable code is completely absent from the package. Therefore, Red Hat products are not impacted by this vulnerability. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-89. Red Hat lists Red Hat Enterprise Linux 7 as not affected.
An issue in the sqlo_tb_col_preds component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. This can lead to the unavailability of the service. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-89. Affected Red Hat products: Red Hat Enterprise Linux 7. Will not fix / out of support: Red Hat Enterprise Linux 7. Red Hat does not currently list a fixing RHSA for this CVE.
An issue in the sqlo_key_part_best component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. This vulnerability allows an attacker to disrupt the availability of the service. Moderate: This denial of service flaw in virtuoso-opensource does not affect Red Hat Enterprise Linux 7 as the vulnerable code is not present in the shipped package. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-89. Red Hat lists Red Hat Enterprise Linux 7 as not affected.
An issue in the sqlo_try_in_loop component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. An attacker could send specially crafted SQL (Structured Query Language) statements to a specific component, `sqlo_try_in_loop`, leading to a Denial of Service (DoS). This could make the service unavailable to legitimate users. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-606. Affected Red Hat products: Red Hat Enterprise Linux 7. Will not fix / out of support: Red Hat Enterprise Linux 7. Red Hat does not currently list a fixing RHSA for this CVE.
A flaw was found in the Pen Drive report generator. Cluster-sourced data is rendered into HTML reports without proper escaping or sanitization. An attacker with cluster administrator privileges can inject a stored cross-site scripting (XSS) payload into cluster objects (such as ClusterVersion spec.channel) that executes in the browser of any user who opens the generated HTML report. This flaw affects Pen Drive versions prior to 1.0.0-2. The vulnerability requires cluster administrator privileges to inject the XSS payload and user interaction (opening the report) for exploitation, limiting the attack surface. Red Hat severity: Moderate — CVSS 6.9 (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N). Weakness: CWE-79. Affected Red Hat products: Pen Drive Powered by Red Hat Lightspeed. Red Hat does not currently list a fixing RHSA for this CVE.
A flaw was found in Squid. Due to improper input validation, an out-of-bounds read can occur in the FTP gateway. This issue allows an authenticated and trusted client to read memory from random transactions when accessing a misbehaving FTP server using the Squid gateway feature. To exploit this issue, an attacker must have a valid account on the Squid proxy and must also control an FTP server reachable from the proxy on port 21. HTTPS traffic handled via CONNECT tunnels (the vast majority of modern web traffic) is opaque to the proxy because the underlying request data is encrypted and Squid does not have access to it. The impact is limited to information disclosure of cleartext HTTP request contents or traffic in TLS-terminating (SSL bump) proxy configurations where Squid decrypts and inspects traffic. FTP protocol usage has declined considerably in most environments since major browsers removed FTP support, further narrowing the practical attack surface. Due to these reasons, this vulnerability has been rated with a moderate severity. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Weakness: CWE-125. Affected Red Hat products: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9. Red Hat does not currently list a fixing RHSA for this CVE.
A flaw was found in Squid. Due to improper input validation, a heap-based buffer overflow can occur when processing cache digests. This issue allows a trusted server to cause a denial of service when sending specially crafted replies to cache_digest request messages. To exploit this issue, an attacker must control a trusted cache peer server. Also, cache digests are not enabled in the default configuration. Squid deployments that do not use cache peering are not affected. Furthermore, even those that do are only vulnerable when the attacker controls a configured peer server within the same administrative domain. A compromised peer can reliably crash the Squid process via a heap-based buffer overflow during digest exchange, but code execution faces considerable practical security barriers. Default Red Hat Enterprise Linux security features, including SELinux enforcement, Address Space Layout Randomization (ASLR) and NX (No-Execute) stack protection, significantly increase the difficulty of achieving arbitrary code execution, limiting the impact of this vulnerability. Due to these reasons, this vulnerability has been rated with a moderate severity. Red Hat severity: Moderate — CVSS 5.5 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). Weakness: CWE-122.
A flaw was found in p11-kit. The RPC message attribute parsing functions p11_rpc_message_get_attribute() and p11_rpc_message_get_attribute_array_value() form a mutually-recursive call chain with no recursion depth limit when processing nested CKA_WRAP_TEMPLATE, CKA_UNWRAP_TEMPLATE, and CKA_DERIVE_TEMPLATE attributes. Red Hat severity: Moderate — CVSS 6.2 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-674. Affected Red Hat products: Red Hat Hardened Images; Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9; Red Hat OpenShift Container Platform 4. Red Hat fixing advisory: RHSA-2026:37469, RHSA-2026:38342.
A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possible by pre-binding the preferred abstract X socket name when X11 forwarding is enabled and a local UNIX-domain X socket is used. A successful attack can compromise the confidentiality of forwarded X11 traffic, including sensitive window contents and input, and may allow some manipulation of the forwarded session. This is a Moderate severity flaw. The OpenSSH client in Red Hat Enterprise Linux is vulnerable to a local man-in-the-middle attack on X11 forwarding connections. Exploitation requires an attacker to have local unprivileged access on the client system and for X11 forwarding to be explicitly enabled and in use, which is not a default configuration. This vulnerability doesn't affect the upstream OpenSSH versions and is restricted to the versions as shipped with Red Hat Enterprise Linux. Red Hat severity: Moderate — CVSS 5 (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N). Weakness: CWE-923. Affected Red Hat products: Red Hat Hardened Images; Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9. Under investigation: Red Hat OpenShift Container Platform 4. Red Hat fixing advisory: RHSA-2026:36759.
A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group Exchange (DH-GEX) client path. This occurs during FIPS (Federal Information Processing Standards) mode known-group validation when the client processes attacker-controlled DH-GEX group parameters. Successful exploitation leads to client-side process termination, resulting in a Denial of Service (DoS). This Moderate flaw in OpenSSH affects clients operating in FIPS mode when negotiating Diffie-Hellman Group Exchange (DH-GEX) with a malicious SSH server. While it can lead to client process termination, resulting in a denial of service, the impact is limited to availability and does not result in broader system compromise. In order to exploit this vulnerability the attacker needs to trick the user to connect to an untrusted malicious server or compromise the server first. The availability impact is considered Low as the only impacted process is the single run of the SSH client trying to connect to the malicious server. This vulnerability affects only the OpenSSH versions shipped with Red Hat products. Red Hat severity: Moderate — CVSS 4.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). Weakness: CWE-415.
vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.0, vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model. A deployment that supplies --revision or --code-revision can still load dynamic code, GGUF files, image processors, retrieval side weights, or same-repository subfolder weights/config from an unpinned/default revision. This is a supply-chain integrity issue for pinned vLLM deployments. Operators can believe they are serving a reviewed model revision while vLLM resolves behavior-affecting nested or sibling artifacts outside that reviewed revision. This vulnerability is fixed in 0.22.0. This issue can lead to a supply-chain integrity compromise, where operators may unknowingly serve models with unreviewed or unintended behavior. Red Hat rates this issue as having Moderate impact. The flaw is a supply-chain integrity issue when operators pin a HuggingFace model revision but vLLM may still load nested artifacts from an unpinned revision. It affects Red Hat AI Inference Server, Red Hat OpenShift AI, and Red Hat Enterprise Linux AI images that ship vLLM versions prior to 0.22.0. KServe control-plane components that bundle vLLM as a library are not affected. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N). Weakness: CWE-829.