VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
1798 advisories across 32 monitored vendors.
IKEv1 Denial of Service via RSA-SHA1 (PKCS#1 Version 1.5 Encrypted) authentication payload. Red Hat rates this moderate (CVSS 7.5). Weakness: CWE-347.
IKEv2 Denial of Service via RSA-SHA1 (PKCS#1 RSASSA-PKCS1-v1_5) authentication payload. Red Hat rates this moderate (CVSS 7.5). Weakness: CWE-347.
IKEv2 Denial of Service via malformed fragmentation. Red Hat rates this important (CVSS 7.5). Weakness: CWE-193.
Spring Statemachine's Kryo-based persistence backends (JPA, MongoDB, Redis and ZooKeeper) deserialise persisted state-machine contexts without enforcing a class allowlist (CWE-502, deserialisation of untrusted data), which can lead to remote code execution inside the application JVM. Affected versions: Spring Statemachine 4.0.0 through 4.0.1 Spring Statemachine 3.2.0 through 3.2.4
Denial of Service via deeply nested JSON processing. Red Hat rates this important (CVSS 7.5). Weakness: CWE-1050.
Arbitrary code execution via PolymorphicTypeValidator bypass. Red Hat rates this important (CVSS 8.1). Weakness: CWE-502. Red Hat lists fixing advisory RHSA-2026:36839 with package jackson-databind.
Security bypass allows arbitrary code execution. Red Hat rates this important (CVSS 8.1). Weakness: CWE-184. Red Hat lists fixing advisory RHSA-2026:36839 with package jackson-databind.
Remote client can inject or override identity headers via header normalization. Red Hat rates this important (CVSS 8.1). Weakness: CWE-444.
Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow. Red Hat rates this important (CVSS 7.1). Weakness: CWE-131.
Active Session Hijacking via Insecure Session State Reuse. Red Hat rates this important (CVSS 7.8). Weakness: CWE-287. Red Hat lists fixing advisory RHSA-2026:28438 with package satellite/foreman-mcp-server-rhel9:1782228692.
Arbitrary code execution via SVG decoder command injection. Red Hat rates this important (CVSS 8.1). Weakness: CWE-78. Red Hat lists fixing advisory RHSA-2026:32961 with package ImageMagick-0:6.9.10.68-17.el7_9. Affected product named by the advisory: Red Hat Enterprise Linux 7.
Denial of Service via HTTP/2 Rapid Reset technique. Red Hat rates this important (CVSS 7.5). Weakness: CWE-770.
Denial of Service in st_compare component via crafted SQL statements. Red Hat rates this important (CVSS 7.5). Weakness: CWE-89.
openlink virtuoso-opensource: Denial of Service via crafted SQL statements. Red Hat rates this important (CVSS 7.5). Weakness: CWE-89.
Denial of Service via crafted SQL statements in sqlo_place_dt_set. Red Hat rates this important (CVSS 7.5). Weakness: CWE-89.
Denial of Service via crafted SQL statements. Red Hat rates this important (CVSS 7.5). Weakness: CWE-770.
Arbitrary code execution via malicious HuggingFace model. Red Hat rates this important (CVSS 7.5). Weakness: CWE-617. Red Hat lists fixing advisory RHSA-2026:36006 with package rhaiis/vllm-cuda-rhel9:1782951012, rhaiis/vllm-rocm-rhel9:1782951244.
Authentication Bypass via Host Header Injection. Red Hat rates this important (CVSS 8.1). Weakness: CWE-290.
http-proxy-middleware is node.js http-proxy middleware. From 3.0.4 until 3.0.7 and 4.1.1, fixRequestBody() is the library's documented helper for re-emitting a request body that was already consumed by a body parser. When the outgoing Content-Type is multipart/form-data, it rebuilds the body with handlerFormDataBodyData(), which interpolates each req.body key and value directly into the multipart wire format without neutralizing CR/LF. A \r\n inside a value (or key) lets an attacker close the current part and inject an entirely new form part. Because the proxy's own body parser saw a single opaque value, any gateway-side policy or validation performed on req.body is evaluated against a different set of fields than the upstream backend ultimately parses a request/parameter desynchronization across the trust boundary. This vulnerability is fixed in 3.0.7 and 4.1.1. A remote attacker could exploit a vulnerability in the fixRequestBody() function, which is used to re-emit a request body. By injecting carriage return and line feed characters (\r\n) into a request body key or value, an attacker can bypass security policies and validation performed by the proxy. This desynchronization between the proxy and the backend server can lead to a compromise of data integrity. Other Red Hat AI products are not affected or do not expose the vulnerable code path in normal operation.
Information Disclosure via Path Traversal in `nltk.data.load()`. Red Hat rates this important (CVSS 7.5). Weakness: CWE-22.