VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
1153 advisories across 32 monitored vendors.
Arbitrary file write via crafted symbolic links during archive extraction. Red Hat rates this important (CVSS 8). Weakness: CWE-22.
Use after free in Web Authentication. Red Hat rates this important (CVSS 7.5). Weakness: CWE-825.
Use after free in Blink. Red Hat rates this important (CVSS 8.8). Weakness: CWE-825.
Insufficient validation of untrusted input in DevTools. Red Hat rates this important (CVSS 8.3). Weakness: CWE-368.
Use after free in Digital Credentials. Red Hat rates this important (CVSS 8.8). Weakness: CWE-825.
Use after free in FileSystem. Red Hat rates this important (CVSS 8.8). Weakness: CWE-825.
Use after free in Autofill. Red Hat rates this critical (CVSS 8.8). Weakness: CWE-825.
Out of bounds read in Blink>InterestGroups. Red Hat rates this critical (CVSS 8.8). Weakness: CWE-125.
Remote code execution via Zip Slip vulnerability in model download. Red Hat rates this important (CVSS 8.3). Weakness: CWE-22.
Remote code execution via malicious HTML in Playwright-based rendering. Red Hat rates this important (CVSS 8.2). Weakness: CWE-918.
Denial of Service via crafted Markdown input. Red Hat rates this important (CVSS 7.5). Weakness: CWE-1333.
Denial of Service via crafted nested query strings. Red Hat rates this important (CVSS 7.5). Weakness: CWE-770.
Remote Code Execution via Unsafe Deserialization in gRPC Registry Server. Red Hat rates this important (CVSS 8.8). Weakness: CWE-502.
Arbitrary code execution outside sandbox. Red Hat rates this important (CVSS 8.5). Weakness: CWE-917.
Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not intercept the implicit type casts applied to the elements of typed for-each loops in sandboxed Groovy scripts, allowing attackers able to provide such scripts to invoke arbitrary constructors and bypass the sandbox protection. By exploiting a failure to properly intercept implicit type casts in typed for-each loops, an attacker can invoke arbitrary constructors, potentially leading to arbitrary code execution within the Jenkins environment. Red Hat rates this as an Important vulnerability in the Jenkins Script Security Plugin. The scope is unchanged (S:U) because the sandbox and the Jenkins controller share the same security authority — a sandbox escape executes code in the same context rather than crossing a trust boundary to a separate system. Red Hat severity: Important — CVSS 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Weakness: CWE-1287. Affected Red Hat products: OpenShift Developer Tools and Services. Red Hat does not currently list a fixing RHSA for this CVE.
purge outqueue on stale COOKIE-ECHO handling. Red Hat rates this moderate (CVSS 7). Weakness: CWE-825.
fix missing zerocopy reference in pskb_carve helpers. Red Hat rates this important (CVSS 7.8). Weakness: CWE-911.
fix UAF with retry loop. Red Hat rates this important (CVSS 7). Weakness: CWE-825.
handle empty bo and UAF races. Red Hat rates this important (CVSS 7). Weakness: CWE-476.
Fix WARN_ON in __iommu_group_set_domain_nofail() due to reset. Red Hat rates this important (CVSS 7). Weakness: CWE-825.