VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
Advisories the vendor has revised
A user with Viewer permissions can use specially crafted requests to the Tempo and Loki data source plugins to reach unintended backend endpoints. Depending on the backend configuration this can expose data source credentials, leak internal responses, or trigger administrative actions on the configured backend. A remote attacker with a Viewer role could exploit a path traversal vulnerability by manipulating user-supplied input in URL paths. This could allow the attacker to capture sensitive administrator-configured datasource credentials, invoke state-changing administrative functions on Tempo, or exfiltrate internal service data from Loki. Red Hat severity: Moderate — CVSS 5.4 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L). Weakness: CWE-22. Affected Red Hat products: Multicluster Global Hub; Red Hat Advanced Cluster Management for Kubernetes 2; Red Hat Ceph Storage 5; Red Hat Ceph Storage 6; Red Hat Ceph Storage 7; Red Hat Ceph Storage 8; Red Hat Ceph Storage 9; Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9. Red Hat does not currently list a fixing RHSA for this CVE.
Use After Free in libxml2's xmlParseInternalSubset from GNOME libxml2 version 2.9.11 to 2.11.0 allows a remote attacker to cause a denial-of-service via maliciously crafted XML input with improper entity resolution handling. A flaw was found in libxml2. This improper handling of entity resolution can lead to a denial-of-service (DoS), making the affected system or application unavailable. This Moderate impact use-after-free vulnerability in libxml2 can lead to a denial of service in Red Hat products that process untrusted XML input. In the worst-case scenario, a remote attacker is able to provide specially crafted XML, which, if parsed by an affected application, could cause the application to crash. Red Hat severity: Moderate — CVSS 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-416. Affected Red Hat products: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9; Red Hat OpenShift Container Platform 4. Red Hat lists Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 7; Red Hat Hardened Images as not affected. Will not fix / out of support: Red Hat Enterprise Linux 6. Red Hat does not currently list a fixing RHSA for this CVE.
A flaw was found in GStreamer's gst-plugins-bad package. When processing a specially crafted H.264 video file containing malformed MVC or SVC extension slice NAL units, a 1-byte heap out-of-bounds read can occur during parsing. This happens when the parser attempts to check slice boundary information without first verifying that the NAL unit contains enough data beyond the extension header. An attacker could exploit this by tricking a user into opening a malicious H.264 video file, potentially causing the application to crash or leak a single byte of heap memory. Red Hat product impact analysis pending. Component mapping required to determine which products ship the affected code. The vulnerable code path specifically affects H.264 NAL extension slices (type 20) used in MVC (Multi-view Video Coding) and SVC (Scalable Video Coding) formats, which are less commonly encountered than baseline H.264. The out-of-bounds read is limited to 1 byte and requires local file access with user interaction (opening a crafted video file). Modern Linux distributions include ASLR and stack canaries which provide some defense-in-depth against heap-based vulnerabilities, though these do not prevent the initial out-of-bounds read from occurring. Red Hat severity: Moderate — CVSS 4.4 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L). Weakness: CWE-125.
Multiple NetApp products incorporate Golang. Golang versions through 1.25.10 and 1.26.0 through 1.26.3 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data, Denial of Service (DoS). Affected products: Data Infrastructure Insights Telegraf Agent, NetApp Kubernetes Monitoring Operator, Trident, Trident Protect. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
Bitnami MariaDB Galera container images and Helm chart are affected by a hardcoded default credential vulnerability in the Galera replication health-check user. The MARIADB_REPLICATION_USER and MARIADB_REPLICATION_PASSWORD environment variables defaulted to monitor and monitor respectively. This user is granted REPLICATION CLIENT privileges from any host ('%'). The Bitnami Helm chart for MariaDB Galera did not expose parameters to configure this user's credentials, resulting in all chart deployments using this publicly known credential by default. Affected versions — Container image: 10.6.x prior to 10.6.27-photon-5-r0; 10.11.x prior to 10.11.17-photon-5-r1; 11.4.x prior to 11.4.12-photon-5-r0; 11.8.x prior to 11.8.7-photon-5-r1; 12.3.x prior to 12.3.2-photon-5-r0 / 12.3.2-debian-12-r0. Helm chart: prior to 18.3.0.
setupBpmLogs follows symlink for bpm.log open and chown — container-to-host privilege escalation via /etc/shadow. A compromised process inside a bpm container can cause root to chown an arbitrary host file to vcap and append bpm JSON log lines to it. The chown alone lets the attacker take ownership of /etc/shadow and read every password hash on the host via the read-only /etc bind mount. This is a container-to-host confidentiality break affecting every bpm-managed job. Affected versions: bpm-release, all versions prior to v1.4.30.
Docker Sandboxes (sbx) blocks ICMP egress with an authorizer applied only at network-creation time, and does not re-apply it to networks rebuilt from disk when the Docker daemon restarts, so a restart-surviving sandbox forwards ICMP to arbitrary hosts. A workload inside a sandbox, which the threat model treats as untrusted, can therefore defeat the documented ICMP egress block to perform network reconnaissance and exfiltrate data over an ICMP covert channel, regardless of the configured allowlist.
Docker Sandboxes (sbx) enforces an HTTP/S-only egress allowlist but does not apply it to DNS resolution: the per-network embedded DNS server forwards any queried name to the host resolver whenever the network is internet-connected, without consulting the policy. A workload inside a sandbox, which the threat model treats as untrusted, can therefore encode data into DNS labels for an attacker-controlled domain and exfiltrate it through a DNS covert channel, bypassing the configured allowlist.
A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied commands. An attacker with vmadmin privileges could exploit this vulnerability by using certain commands at the CLI. A successful exploit could allow the attacker to elevate privileges to root. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-priv-esc-F4wJB7AU <br/>Security Impact Rating: Medium <br/>CVE: CVE-2026-20246
A vulnerability in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to insufficient input validation in the configuration template engine of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system in limited areas of the file system. This vulnerability affects only areas of the operating system for which the template user has write permissions. To exploit this vulnerability, the attacker must have valid template user credentials with write permissions. Template users with read permissions cannot exploit this vulnerability. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cnc-inj-QNMeEmxk <br/>Security Impact Rating: Medium <br/>CVE: CVE-2026-20220
A vulnerability in the browser-based version of Cisco Webex App could have allowed an unauthenticated, remote attacker to redirect users to a malicious webpage. Cisco has addressed this vulnerability in the Cisco Webex App, and no customer action is needed. This vulnerability existed due to improper input validation of URL parameters in an HTTP request. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by persuading a user to click a crafted URL. A successful exploit could have allowed the attacker to redirect a user to a malicious website. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-redirect-KOyxhffH <br/>Security Impact Rating: Medium <br/>CVE: CVE-2026-20178
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When content is served or proxied through a location block with both source_charset utf-8; and a charset directive (for example, charset koi8-r;) configured, remote, unauthenticated attackers can send requests (in conjunction with conditions beyond their control) to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Multiple NetApp products incorporate OpenSSL. OpenSSL version 4.0 is susceptible to a vulnerability which when successfully exploited could lead to Denial of Service (DoS). Successful exploitation of this vulnerability could lead to Denial of Service (DoS). Affected products: NetApp Console Agent Container (adc), NetApp Console Agent Container (cbs), NetApp Console Agent Container (cbs-backend), NetApp HCI Baseboard Management Controller (BMC) - H610S, ONTAP Select Deploy administration utility. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
Multiple NetApp products incorporate OpenSSL. OpenSSL versions 4.0 and 3.6 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS). Affected products: NetApp Console Agent Container (adc), NetApp Console Agent Container (cbs), NetApp Console Agent Container (cbs-backend), NetApp HCI Baseboard Management Controller (BMC) - H610S, ONTAP Select Deploy administration utility. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
Multiple NetApp products incorporate OpenSSL. OpenSSL versions 4.0, 3.6, 3.5, 3.4 and 3.0 (AES-SIV mode only) are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information or addition or modification of data. Affected products: Active IQ Unified Manager for Linux, Active IQ Unified Manager for VMware vSphere, NetApp Console Agent Container (adc), NetApp Console Agent Container (cbs), NetApp Console Agent Container (cbs-backend), NetApp HCI Baseboard Management Controller (BMC) - H610S, ONTAP Select Deploy administration utility. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
Multiple NetApp products incorporate OpenSSL. OpenSSL versions 4.0, 3.6, 3.5, 3.4, and 3.0 are susceptible to a vulnerability which when successfully exploited could lead to Denial of Service (DoS). Successful exploitation of this vulnerability could lead to Denial of Service (DoS). Affected products: Active IQ Unified Manager for Linux, Active IQ Unified Manager for VMware vSphere, Management Services for Element Software and NetApp HCI, NetApp Console Agent Container (adc), NetApp Console Agent Container (cbs), NetApp Console Agent Container (cbs-backend), NetApp HCI Baseboard Management Controller (BMC) - H610S, ONTAP Select Deploy administration utility. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
Multiple NetApp products incorporate OpenSSL. OpenSSL versions 4.0, 3.6, 3.5, and 3.4 is/are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information. Successful exploitation of this vulnerability could lead to disclosure of sensitive information. Affected products: Active IQ Unified Manager for VMware vSphere, Management Services for Element Software and NetApp HCI, NetApp Console Agent Container (adc), NetApp Console Agent Container (cbs), NetApp Console Agent Container (cbs-backend), NetApp HCI Baseboard Management Controller (BMC) - H610S, ONTAP Select Deploy administration utility. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
Multiple NetApp products incorporate OpenSSL. OpenSSL versions 4.0, 3.6, 3.5, 3.4, 3.0, 1.1.1, and 1.0.2 are susceptible to a vulnerability which when successfully exploited could lead to Denial of Service (DoS). Successful exploitation of this vulnerability could lead to Denial of Service (DoS). Affected products: Active IQ Unified Manager for Linux, Active IQ Unified Manager for VMware vSphere, NetApp Console Agent Container (adc), NetApp Console Agent Container (cbs-backend), NetApp HCI Baseboard Management Controller (BMC) - H610S, ONTAP Select Deploy administration utility. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists because the affected software does not properly validate user-supplied input during a file upload process. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected API endpoint of the affected system. A successful exploit could allow the attacker to create or overwrite any file on the underlying operating system. This file could later be used to elevate to root. To exploit this vulnerability, the attacker must have valid credentials with at least write access. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-arbfw-c2rZvQ <br/>Security Impact Rating: Medium <br/>CVE: CVE-2026-20262
Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to create empty files or directories at arbitrary absolute paths on the host filesystem. This issue has been patched in Docker Engine version 29.5.1 and Moby Daemon version 2.0.0-beta.14.