VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
1725 advisories across 32 monitored vendors.
Claude Code is an agentic coding tool. From 0.2.54 until 2.1.163, because the hostname huggingface.co was pre-approved as a bare hostname for the WebFetch tool, any path on that domain—including attacker-controlled model repositories—was auto-approved without a permission prompt or being subject to --allowedTools restrictions. An attacker able to inject untrusted content into a Claude Code context could direct it to issue WebFetch requests against attacker-controlled repository files (e.g. /resolve/main/config.json), which HuggingFace counts as downloads server-side, creating a covert out-of-band channel for encoding and exfiltrating data Claude can access such as files, environment variables, or command output. Reliably exploiting this required the ability to add untrusted content into a Claude Code context window. This vulnerability is fixed in 2.1.163. The primary impact of this vulnerability is the unauthorized disclosure of information. Red Hat OpenShift Dev Spaces ships claude-code version 2.1.138 in its plugin registry container. Red Hat severity: Moderate — CVSS 5.3 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N). Weakness: CWE-863. Affected Red Hat products: Red Hat OpenShift Dev Spaces. Red Hat does not currently list a fixing RHSA for this CVE.
In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers (X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device) from client requests before forwarding them to object-servers. An authenticated user with write access can inject these headers to redirect container update requests to an attacker-controlled server, enabling server-side request forgery. The SSRF requests expose internal cluster metadata including storage policy indexes, partition mappings, device names, and when at rest encryption is enabled, cipher text and initialization vectors for the container-level encryption key. The attacker can also cause "ghost listings" in arbitrary containers via the shard-range redirect mechanism. Red Hat OpenStack Platform 13, 16.2, 17.1, and Red Hat OpenStack Services on OpenShift 18.0 ship OpenStack Swift proxy-server in affected versions and are vulnerable to this flaw. This vulnerability is rated as Moderate severity because exploitation requires an authenticated user with write access to at least one Swift container. The SSRF allows redirection of container update requests to attacker-controlled servers, exposing internal cluster metadata. The attack is network-accessible but requires valid credentials and write permissions, limiting the attacker population to existing tenants within the deployment.
dhcpcd through 10.3.2, fixed in commit 78ea09e, contains a heap use-after-free vulnerability in the control socket handling within src/control.c that allows local unprivileged attackers to trigger memory corruption when privilege separation is disabled. Attackers can connect to the control socket and send a privileged command such as -x, causing control_recvdata() to free the client object while the same READ+HANGUP event subsequently reaches control_hangup() with the stale pointer, resulting in a use-after-free condition exploitable in deployments using --disable-privsep or where privsep initialization has failed with the control socket operating in mode 0666. A flaw was found in dhcpcd. This occurs when privilege separation is disabled, enabling the attacker to send a privileged command to the control socket. Successful exploitation can lead to a denial of service. Red Hat severity: Moderate — CVSS 4.7 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-825. Affected Red Hat products: Red Hat Enterprise Linux 10. Red Hat does not currently list a fixing RHSA for this CVE.
dhcpcd through 10.3.2, fixed in commit 708b4a5, contains a memory leak vulnerability in the IPv6 Router Advertisement route information handling that allows an unauthenticated same-link attacker to cause denial of service by sending crafted Router Advertisements. Attackers can repeatedly send Router Advertisements containing Route Information options with a lifetime of zero, triggering unfreed allocations in routeinfo_findalloc() that cause linear memory exhaustion and eventual daemon crash. A flaw was found in dhcpcd. By repeatedly sending specially crafted Router Advertisements with a zero lifetime, the attacker can cause the system to exhaust its memory, leading to a denial of service and a daemon crash. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-772. Affected Red Hat products: Red Hat Enterprise Linux 10. Red Hat does not currently list a fixing RHSA for this CVE.
Bootimus through 0.1.70 contains a broken access control vulnerability that allows authenticated low-privileged users to perform administrative actions by exploiting missing role enforcement in the JWTMiddleware function in internal/auth/auth.go, which validates JWT tokens and account status but fails to inspect the is_admin flag. Attackers can send requests to any endpoint under the /api/users path to create new administrator accounts or reset administrator passwords, thereby gaining full control of the server and the ability to modify boot menus and installation scripts served to PXE clients. A flaw was found in dhcpcd. This vulnerability allows an unauthenticated attacker on the same network link to trigger a one-byte stack out-of-bounds write. By sending a specially crafted DHCPv6 ADVERTISE message with an oversized option, the attacker can corrupt adjacent stack memory. This can lead to a denial of service (DoS) in the affected system. Red Hat severity: Moderate — CVSS 5.3 (CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-787. Affected Red Hat products: Red Hat Enterprise Linux 10. Red Hat does not currently list a fixing RHSA for this CVE.
dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a one-byte stack out-of-bounds write vulnerability in dhcp6_makemessage() in src/dhcp6.c that allows unauthenticated same-link attackers to write beyond a fixed local buffer by serializing an oversized RFC6603 OPTION_PD_EXCLUDE option body. Attackers can send a crafted DHCPv6 ADVERTISE message containing an IA_PD IAPREFIX /0 with a valid OPTION_PD_EXCLUDE using an exclude prefix length of /121 through /128 to trigger the out-of-bounds write and potentially corrupt adjacent stack memory. A flaw was found in dhcpcd. By sending a specially crafted DHCPv6 ADVERTISE message with an oversized option, the attacker can write beyond a buffer, potentially corrupting adjacent memory. This could lead to a denial of service. Red Hat severity: Moderate — CVSS 5.3 (CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-787. Affected Red Hat products: Red Hat Enterprise Linux 10. Red Hat does not currently list a fixing RHSA for this CVE.
dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a heap use-after-free vulnerability that allows unauthenticated same-link attackers to crash the daemon by sending a crafted DHCPv6 RENEW reply with RFC6603 OPTION_PD_EXCLUDE and both preferred and valid lifetimes set to zero. Attackers acting as or impersonating a DHCPv6 server can trigger dhcp6_deprecatedele() to free a delegated child address while an outer TAILQ_FOREACH_SAFE iterator in dhcp6_deprecateaddrs() still holds the freed pointer, causing a use-after-free when TAILQ_REMOVE is reached. A flaw was found in dhcpcd. This can lead to a Denial of Service (DoS), causing the dhcpcd daemon to crash due to a heap use-after-free vulnerability. Red Hat severity: Moderate — CVSS 5.3 (CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-825. Affected Red Hat products: Red Hat Enterprise Linux 10. Red Hat does not currently list a fixing RHSA for this CVE.
Insecure Sensitive HTTP Header Sanitization. Red Hat rates this moderate (CVSS 6.2). Weakness: CWE-532. Red Hat lists fixing advisory RHSA-2026:28438 with package satellite/foreman-mcp-server-rhel9:1782228692.
ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory leak in coders/txt.c when processing TXT files with texture attributes: the texture object allocated via ReadImage is not released when GetTypeMetrics fails, leaking memory each time a crafted TXT file with a texture attribute is processed. Processing specially crafted TXT files with malicious texture attributes can exhaust system memory, allowing an attacker to cause a Denial of Service (DoS). A moderate-impact memory leak in ImageMagick can cause a Denial of Service (DoS) if a user or automated system is tricked into processing a maliciously crafted TXT file. Red Hat severity: Moderate — CVSS 5.3 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H). Weakness: CWE-772. Affected Red Hat products: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Will not fix / out of support: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Red Hat does not currently list a fixing RHSA for this CVE.
A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials, allowing a delegated editor to exfiltrate SA tokens and escalate privileges. In a typical OpenShift Logging deployment a user managing ClusterLogForwarder objects is also expected to manage secrets with storage credentials. A user with the rights to manage secrets can obtain a token for a SA in the namespace and as such the flaw does not result in any privilege gain or security boundary being broken. The score assigned is reflective of a scenario where secret provisioning and CLF configuration are managed by separate roles. Red Hat severity: Moderate — CVSS 6.8 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). Weakness: CWE-862. Affected Red Hat products: Logging Subsystem for Red Hat OpenShift. Red Hat does not currently list a fixing RHSA for this CVE.
All versions of the package expr-eval are vulnerable to Code Execution via the toJSFunction() API. An attacker can execute arbitrary JavaScript by supplying crafted expressions that are compiled into native code using new Function(). Because user-controlled expressions are transformed directly into executable JavaScript, attackers can escape the intended expression sandbox and run arbitrary code within the application's context. A remote attacker can exploit this vulnerability by supplying crafted expressions to the toJSFunction() API. RHEL AI 3.4 bootc images ship expr-eval@2.0.2 as a dependency of @langchain/community. The only identified consumer is the LangChain Calculator tool, which calls Parser.evaluate() and does not invoke toJSFunction(). CVE-2026-12866 affects only the toJSFunction() API. No other npm package in the image depends on expr-eval. For this reason the issue is rated Low for RHEL AI. Red Hat severity: Low — CVSS 4.2 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N). Weakness: CWE-917. Affected Red Hat products: Red Hat Enterprise Linux AI (RHEL AI) 3. Red Hat does not currently list a fixing RHSA for this CVE.
A flaw was found in the GStreamer gst-plugins-bad package. When processing a malformed H.266/VVC video stream with a crafted aspect ratio indicator value, the H.266 parser performs an out-of-bounds read of up to 8 bytes from adjacent memory. This flaw allows an attacker to craft a malicious H.266 video file or stream that, when processed by a GStreamer-based application, could leak limited memory contents through video metadata, potentially exposing sensitive information from the application's address space. Red Hat Enterprise Linux versions that ship gstreamer1-plugins-bad with H.266/VVC parser support are affected by this vulnerability. The impact is rated Moderate because exploitation requires user interaction (opening or streaming a malicious H.266 media file) and the information disclosure is limited to 8 bytes from the read-only .data section per malformed frame, making it difficult to extract meaningful sensitive data in practice. The vulnerability does not lead to code execution or denial of service under normal circumstances. Red Hat severity: Moderate — CVSS 4.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N). Weakness: CWE-125. Red Hat does not currently list a fixing RHSA for this CVE. Affected products named by the advisory: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9.
An issue in the sslr_qst_get component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. This issue impacts the availability of the affected system. Although `virtuoso-opensource` is shipped with RHEL 7 Extended Lifecycle Support (ELS), the vulnerable code is completely absent from the package. Therefore, Red Hat products are not impacted by this vulnerability. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-89. Red Hat lists Red Hat Enterprise Linux 7 as not affected.
An issue in the t_set_push component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. An attacker can exploit this vulnerability by sending specially crafted SQL statements to the t_set_push component. This can lead to a Denial of Service (DoS), making the system unavailable to legitimate users. Although `virtuoso-opensource` is shipped with RHEL 7 Extended Lifecycle Support (ELS), the vulnerable code is completely absent from the package. Therefore, Red Hat products are not impacted by this vulnerability. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-89. Red Hat lists Red Hat Enterprise Linux 7 as not affected.
An issue in the sqlo_tb_col_preds component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. This can lead to the unavailability of the service. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-89. Affected Red Hat products: Red Hat Enterprise Linux 7. Will not fix / out of support: Red Hat Enterprise Linux 7. Red Hat does not currently list a fixing RHSA for this CVE.
An issue in the sqlo_key_part_best component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. This vulnerability allows an attacker to disrupt the availability of the service. Moderate: This denial of service flaw in virtuoso-opensource does not affect Red Hat Enterprise Linux 7 as the vulnerable code is not present in the shipped package. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-89. Red Hat lists Red Hat Enterprise Linux 7 as not affected.
An issue in the sqlo_try_in_loop component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. An attacker could send specially crafted SQL (Structured Query Language) statements to a specific component, `sqlo_try_in_loop`, leading to a Denial of Service (DoS). This could make the service unavailable to legitimate users. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-606. Affected Red Hat products: Red Hat Enterprise Linux 7. Will not fix / out of support: Red Hat Enterprise Linux 7. Red Hat does not currently list a fixing RHSA for this CVE.
A flaw was found in the Pen Drive report generator. Cluster-sourced data is rendered into HTML reports without proper escaping or sanitization. An attacker with cluster administrator privileges can inject a stored cross-site scripting (XSS) payload into cluster objects (such as ClusterVersion spec.channel) that executes in the browser of any user who opens the generated HTML report. This flaw affects Pen Drive versions prior to 1.0.0-2. The vulnerability requires cluster administrator privileges to inject the XSS payload and user interaction (opening the report) for exploitation, limiting the attack surface. Red Hat severity: Moderate — CVSS 6.9 (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N). Weakness: CWE-79. Affected Red Hat products: Pen Drive Powered by Red Hat Lightspeed. Red Hat does not currently list a fixing RHSA for this CVE.
A flaw was found in Squid. Due to improper input validation, an out-of-bounds read can occur in the FTP gateway. This issue allows an authenticated and trusted client to read memory from random transactions when accessing a misbehaving FTP server using the Squid gateway feature. To exploit this issue, an attacker must have a valid account on the Squid proxy and must also control an FTP server reachable from the proxy on port 21. HTTPS traffic handled via CONNECT tunnels (the vast majority of modern web traffic) is opaque to the proxy because the underlying request data is encrypted and Squid does not have access to it. The impact is limited to information disclosure of cleartext HTTP request contents or traffic in TLS-terminating (SSL bump) proxy configurations where Squid decrypts and inspects traffic. FTP protocol usage has declined considerably in most environments since major browsers removed FTP support, further narrowing the practical attack surface. Due to these reasons, this vulnerability has been rated with a moderate severity. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Weakness: CWE-125. Affected Red Hat products: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9. Red Hat does not currently list a fixing RHSA for this CVE.
A flaw was found in Squid. Due to improper input validation, a heap-based buffer overflow can occur when processing cache digests. This issue allows a trusted server to cause a denial of service when sending specially crafted replies to cache_digest request messages. To exploit this issue, an attacker must control a trusted cache peer server. Also, cache digests are not enabled in the default configuration. Squid deployments that do not use cache peering are not affected. Furthermore, even those that do are only vulnerable when the attacker controls a configured peer server within the same administrative domain. A compromised peer can reliably crash the Squid process via a heap-based buffer overflow during digest exchange, but code execution faces considerable practical security barriers. Default Red Hat Enterprise Linux security features, including SELinux enforcement, Address Space Layout Randomization (ASLR) and NX (No-Execute) stack protection, significantly increase the difficulty of achieving arbitrary code execution, limiting the impact of this vulnerability. Due to these reasons, this vulnerability has been rated with a moderate severity. Red Hat severity: Moderate — CVSS 5.5 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). Weakness: CWE-122.