VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
1747 advisories across 32 monitored vendors.
Fix shadow paging use-after-free due to unexpected role. Red Hat rates this important (CVSS 7.8). Weakness: CWE-825. Red Hat lists fixing advisory RHSA-2026:39983 with package kernel-0:5.14.0-570.127.1.el9_6, kernel-0:6.12.0-211.32.1.el10_2, kernel-0:5.14.0-427.137.1.el9_4, kernel-0:6.12.0-55.88.1.el10_0. Affected products named by the advisory: Red Hat Enterprise Linux 9; Red Hat Enterprise Linux 1; Red Hat Enterprise Linux 8.
Require in-GHCB scratch area if GHCB v2+ is in use. Red Hat rates this important (CVSS 7). Weakness: CWE-787.
Set gc_in_progress to true in unix_gc(). Red Hat rates this moderate (CVSS 7). Weakness: CWE-366.
Denial of Service via uncontrolled memory allocation in decodeFromByteBuffer. Red Hat rates this low (CVSS 5). Weakness: CWE-770. Red Hat lists fixing advisory RHSA-2026:26989 with package rust-main-1.96.1-1.hum1, netavark-main-2.0.0-1.hum1.
A weakness has been identified in onnx up to 1.21.x. This vulnerability affects the function convPoolShapeInference_opset19 of the file onnx/defs/nn/old.cc of the component onnxruntime. This manipulation causes out-of-bounds read. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. Patch name: a7bf3a0f1d18bb62575236ef6e4944980c40e045. It is recommended to apply a patch to fix this issue. A flaw was found in onnx. This could lead to the disclosure of sensitive information. Red Hat severity: Moderate — CVSS 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). Weakness: CWE-125. Affected Red Hat products: Red Hat OpenShift AI (RHOAI). Red Hat does not currently list a fixing RHSA for this CVE.
Local state issue via 'Count' argument manipulation. Red Hat rates this low (CVSS 3.3). Weakness: CWE-1284. Red Hat lists fixing advisory RHSA-2026:26989 with package rust-main-1.96.1-1.hum1, netavark-main-2.0.0-1.hum1.
Denial of Service via uncontrolled memory allocation. Red Hat rates this low (CVSS 3.3). Weakness: CWE-770. Red Hat lists fixing advisory RHSA-2026:26989 with package rust-main-1.96.1-1.hum1, netavark-main-2.0.0-1.hum1.
A vulnerability has been found in connorskees grass up to 0.13.4. The impacted element is the function grass_compiler::selector::extend/grass_compiler::evaluate::visitor. The manipulation leads to denial of service. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The project maintainer explains: "DoS vulnerabilities are generally fine in Sass compilers -- they are trivially possible with recursive functions, infinite loops, nested mixins, etc. The description here is wrong. Compile time is not expected to be linear relative to the input, and the @extend algorithm is definitionally exponential." A flaw was found in grass, a Sass compiler. This can lead to the compiler becoming unresponsive or crashing, impacting the availability of the service. While a DoS is possible through manipulating compiler functions, such as `grass_compiler::selector::extend` or `grass_compiler::evaluate::visitor`, this typically affects build or development environments where local access is already assumed, limiting its broader impact on Red Hat products. Red Hat severity: Low — CVSS 3.3 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). Weakness: CWE-835.
A flaw has been found in connorskees grass up to 0.13.4. The affected element is the function grass_compiler::raw_to_parse_error of the component UTF-8 Character Handler. Executing a manipulation can lead to denial of service. The attack is restricted to local execution. The exploit has been published and may be used. In Issue #117 with similar structure the project maintainer explains: "DoS vulnerabilities are generally fine in Sass compilers -- they are trivially possible with recursive functions, infinite loops, nested mixins, etc. The description here is wrong. Compile time is not expected to be linear relative to the input, and the @extend algorithm is definitionally exponential." A flaw was found in Grass. This could lead to a denial of service, making the system or application unavailable to legitimate users. Red Hat severity: Low — CVSS 3.3 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). Weakness: CWE-1050.
WatchGuard Fireware OS contains a race condition leading to a use-after-free vulnerability in LDAP authentication for the Mobile User VPN with IKEv2. A remote unauthenticated attacker could exploit this vulnerability to execute arbitrary code in the context of the iked process on Fireboxes that have a Mobile VPN with IKEv2 configured to use an external LDAP authentication server. This vulnerability affects Fireware OS 11.0 up to and including 11.12.4_Update1, 12.0 up to and including 12.12 and 2025.1 up to and including 2026.2.
Incomplete Fix for CVE-2026-8631. Red Hat rates this important (CVSS 9.8). Weakness: CWE-190. Red Hat lists fixing advisory RHSA-2026:39976 with package hplip-0:3.23.12-10.el10_2.5. Affected product named by the advisory: Red Hat Enterprise Linux 1.
Linux Kernel versions 6.6.32 prior to 6.7, 6.9 prior to 6.12.84, 6.13 prior to 6.18.25, 6.19 prior to 7.0.2, and prior to 7.1-rc1 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS). NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
Apache Tomcat versions 11.0.0-M1 through 11.0.22, 10.1.0-M7 through 10.1.55, and 9.0.83 through 9.0.118 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information or addition or modification of data. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
Arbitrary code execution via deserialization vulnerability. Red Hat rates this important (CVSS 8.8). Weakness: CWE-502.
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache Lucene. Net (Lucene. Net.Replicator library). This issue affects Apache Lucene. Net.Replicator: from 4.8.0-beta00005 through 4.8.0-beta00017. Users are recommended to upgrade to version 4.8.0-beta00018, which fixes the issue.
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache Lucene. Net (Lucene. Net.Replicator library). This issue affects Apache Lucene. Net.Replicator: from 4.8.0-beta00005 before 4.8.0-beta00018. Users are recommended to upgrade to version 4.8.0-beta00018, which fixes the issue.
Man-in-the-middle attack via SSH host key bypass. Red Hat rates this important (CVSS 7.4). Weakness: CWE-347. Red Hat lists fixing advisory RHSA-2026:29017 with package rust-main-1.96.1-1.hum1, curl-main-8.21.0-0.1.hum1.
Information disclosure due to persistent Referer header. Red Hat rates this important (CVSS 7.5). Weakness: CWE-201. Red Hat lists fixing advisory RHSA-2026:29017 with package rust-main-1.96.1-1.hum1, curl-main-8.21.0-0.1.hum1.
Information disclosure via cached SSL session and early data. Red Hat rates this important (CVSS 7.5). Weakness: CWE-295.
Use-after-free via curl_easy_pause() in CURLMOPT_SOCKETFUNCTION callback. Red Hat rates this important (CVSS 7.3). Weakness: CWE-825. Red Hat lists fixing advisory RHSA-2026:29017 with package rust-main-1.96.1-1.hum1, curl-main-8.21.0-0.1.hum1.