VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
Critical/high still unreviewed, or CISA KEV listed
fix missing expect put in obj eval. Red Hat rates this moderate (CVSS 7). Weakness: CWE-772.
fix refcount saturation and potential UAF in qrtr_port_remove. Red Hat rates this moderate (CVSS 7). Weakness: CWE-911.
Fix potential use-after-free in get_timestamp. Red Hat rates this moderate (CVSS 7). Weakness: CWE-825.
Clear HCI_UART_PROTO_INIT on error. Red Hat rates this moderate (CVSS 7). Weakness: CWE-825.
fix nfs4_file access extra count in nfsd4_add_rdaccess_to_wrdeleg. Red Hat rates this moderate (CVSS 7). Weakness: CWE-911.
IKEv1 Denial of Service via RSA-SHA1 (PKCS#1 Version 1.5 Encrypted) authentication payload. Red Hat rates this moderate (CVSS 7.5). Weakness: CWE-347.
IKEv2 Denial of Service via RSA-SHA1 (PKCS#1 RSASSA-PKCS1-v1_5) authentication payload. Red Hat rates this moderate (CVSS 7.5). Weakness: CWE-347.
IKEv2 Denial of Service via malformed fragmentation. Red Hat rates this important (CVSS 7.5). Weakness: CWE-193.
mTLS enforcement bypass due to HTTP/3 TLS configuration flaw. Red Hat rates this important (CVSS 9.1). Weakness: CWE-289.
Unauthorized access due to mutual TLS bypass. Red Hat rates this important (CVSS 9.1). Weakness: CWE-807.
Authentication bypass in StripPrefix middleware allows unauthorized access to protected paths. Red Hat rates this important (CVSS 9.1). Weakness: CWE-22.
websocket missing authorization allows credential theft via activation_id spoofing. Red Hat rates this critical (CVSS 9.6). Weakness: CWE-862. Red Hat lists fixing advisory RHSA-2026:28376 with package automation-eda-controller-0:1.2.9-2.el9ap, ansible-automation-platform-26/eda-controller-rhel9:1781732675, automation-eda-controller-0:1.1.19-1.el8ap, ansible-automation-platform-25/eda-controller-rhel8:1781741251. Affected products named by the advisory: Red Hat Enterprise Linux 9; Red Hat Enterprise Linux 8.
Spring Statemachine's Kryo-based persistence backends (JPA, MongoDB, Redis and ZooKeeper) deserialise persisted state-machine contexts without enforcing a class allowlist (CWE-502, deserialisation of untrusted data), which can lead to remote code execution inside the application JVM. Affected versions: Spring Statemachine 4.0.0 through 4.0.1 Spring Statemachine 3.2.0 through 3.2.4
Denial of Service via deeply nested JSON processing. Red Hat rates this important (CVSS 7.5). Weakness: CWE-1050.
Arbitrary code execution via PolymorphicTypeValidator bypass. Red Hat rates this important (CVSS 8.1). Weakness: CWE-502. Red Hat lists fixing advisory RHSA-2026:36839 with package jackson-databind.
Security bypass allows arbitrary code execution. Red Hat rates this important (CVSS 8.1). Weakness: CWE-184. Red Hat lists fixing advisory RHSA-2026:36839 with package jackson-databind.
Remote client can inject or override identity headers via header normalization. Red Hat rates this important (CVSS 8.1). Weakness: CWE-444.
Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow. Red Hat rates this important (CVSS 7.1). Weakness: CWE-131.
Active Session Hijacking via Insecure Session State Reuse. Red Hat rates this important (CVSS 7.8). Weakness: CWE-287. Red Hat lists fixing advisory RHSA-2026:28438 with package satellite/foreman-mcp-server-rhel9:1782228692.
Arbitrary code execution via SVG decoder command injection. Red Hat rates this important (CVSS 8.1). Weakness: CWE-78. Red Hat lists fixing advisory RHSA-2026:32961 with package ImageMagick-0:6.9.10.68-17.el7_9. Affected product named by the advisory: Red Hat Enterprise Linux 7.