VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
738 advisories across 32 monitored vendors.
Sandbox escape in the DOM: Navigation component. Red Hat rates this important (CVSS 7.5). Weakness: CWE-653. Affected package(s): firefox, thunderbird. Resolved in Red Hat advisory RHSA-2026:29940 — update the affected packages (`sudo dnf update`).
Sandbox escape in the DOM: Workers component. Red Hat rates this important (CVSS 7.5). Weakness: CWE-266. Affected package(s): firefox, thunderbird. Resolved in Red Hat advisory RHSA-2026:29940 — update the affected packages (`sudo dnf update`).
Use-after-free in the Graphics: WebGPU component. Red Hat rates this important (CVSS 7.5). Weakness: CWE-825. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Incorrect boundary conditions in the Web Audio component. Red Hat rates this important (CVSS 7.5). Weakness: CWE-787. Affected package(s): firefox, thunderbird. Resolved in Red Hat advisory RHSA-2026:29940 — update the affected packages (`sudo dnf update`).
Use-after-free in the Networking: HTTP component. Red Hat rates this important (CVSS 7.5). Weakness: CWE-825. Affected package(s): firefox, thunderbird. Resolved in Red Hat advisory RHSA-2026:29940 — update the affected packages (`sudo dnf update`).
Memory safety bug fixed in Thunderbird ESR 140.12. Red Hat rates this important (CVSS 7.5). Weakness: CWE-823. Affected package(s): firefox, thunderbird. Resolved in Red Hat advisory RHSA-2026:29940 — update the affected packages (`sudo dnf update`).
Privilege escalation in the Graphics: WebRender component. Red Hat rates this important (CVSS 7.5). Weakness: CWE-266. Affected package(s): firefox, thunderbird. Resolved in Red Hat advisory RHSA-2026:29940 — update the affected packages (`sudo dnf update`).
A stack-based buffer overflow vulnerability in the CGI program of Zyxel GS1900-48HPv2 firmware versions through 2.90(ABTQ.1)C0 could allow a LAN-based, unauthenticated attacker to exploit the flaw and potentially execute OS commands via a crafted HTTP request.
Denial of Service via integer overflow in remote message decompression. Red Hat rates this important (CVSS 8.6). Weakness: CWE-190. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
integer overflow in VIOSockSelect leads to heap-based buffer overflow. Red Hat rates this important (CVSS 7.8). Weakness: CWE-190. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
local privilege escalation via forged cifs.spnego key description in cifs.upcall. Red Hat rates this important (CVSS 7.8). Weakness: CWE-250. Affected package(s): cifs-utils. Resolved in Red Hat advisory RHSA-2026:32990 — update the affected packages (`sudo dnf update`).
Crypt::DSA: Crypt::DSA: Private-key recovery via nonce reuse across signatures. Red Hat rates this important (CVSS 7.1). Weakness: CWE-323. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios. This affects both the WebMVC and WebFlux Gateway Servers. Affected versions: Spring Cloud Gateway 3.1.x (fix 3.1.13).
In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components: spring-ai-elasticsearch-store, spring-ai-opensearch-store, spring-ai-gemfire-store. Affected versions: Spring AI 1.0.0 through 1.0.x (fix 1.0.9).
In Spring Cloud Sleuth, it is possible for a user to provide specially crafted calls that may cause a denial-of-service (DoS) condition. The application is vulnerable when it uses a vulnerable version of org.springframework.cloud:spring-cloud-sleuth-instrumentation and Spring TX instrumentation is not disabled. Affected versions: Spring Cloud Sleuth 3.1.0 through 3.1.13.
Arbitrary code execution via heap buffer overflow in formula compilation. Red Hat rates this important (CVSS 7.8). Weakness: CWE-131. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Heap use-after-free allows arbitrary code execution via malformed ODF number format. Red Hat rates this important (CVSS 7.3). Weakness: CWE-825. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Information disclosure and denial of service via improper proxy configuration. Red Hat rates this important (CVSS 7.1). Weakness: CWE-346. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.