VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
Critical/high still unreviewed, or CISA KEV listed
Yeoman Environment provides an API to discover, create, and run generators, and to configure where and how a generator is resolved. Versions 2.9.0 through 6.0.0 install missing local generator packages from caller-supplied package names without user confirmation. In downstream consumers that pass attacker-controlled project configuration into this path, this can result in arbitrary package installation and code execution during CLI bootstrap. The vulnerable method is installLocalGenerators(), which calls repository.install() directly without prompting the user. This issue has been fixed in version 6.0.0. This vulnerability allows an attacker to install arbitrary packages and execute code during command-line interface (CLI) bootstrap. The primary impact is arbitrary code execution. This is an Important flaw in Yeoman Environment that could lead to arbitrary code execution. The vulnerability arises when downstream consumers process attacker-controlled project configurations, allowing the installation of unconfirmed local generator packages during CLI bootstrap. Exploitation requires user interaction with malicious input, limiting the attack vector to specific development workflows. Red Hat severity: Important — CVSS 8.2 (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H). Weakness: CWE-426.
Passing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server to execute code on the local machine. A remote attacker, by operating a malicious Dynamic Host Configuration Protocol (DHCP) server, could send specially crafted DHCP replies containing unsanitized strings. This vulnerability allows the attacker to execute arbitrary code on the local machine, potentially leading to a complete compromise of the affected system. This Important vulnerability in the wicked DHCP client allows a remote attacker to achieve arbitrary code execution on a system configured to obtain an IP address from a malicious DHCP server. By sending specially crafted DHCP replies, an attacker can exploit unsanitized strings, leading to a complete compromise of the affected system. This risk is primarily present in environments where systems are exposed to untrusted DHCP servers. Red Hat severity: Important — CVSS 8.8 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Weakness: CWE-94.
Memory safety bug fixed in Thunderbird ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12 and Thunderbird 140.12. Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory. Red Hat severity: Important — CVSS 7.5 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). Affected Red Hat products: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 10.0 Extended Update Support; Red Hat Enterprise Linux 7 Extended Lifecycle Support; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support; Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On; Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support; Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On; Red Hat Enterprise Linux 8.8 Telecommunications Update Service; Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions; Red Hat Enterprise Linux 9; Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions; Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions; Red Hat Enterprise Linux 9.6 Extended Update Support; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Will not fix / out of support: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7.
Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory. Red Hat severity: Important — CVSS 7.5 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). Weakness: CWE-825. Affected Red Hat products: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 10.0 Extended Update Support; Red Hat Enterprise Linux 7 Extended Lifecycle Support; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support; Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On; Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support; Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On; Red Hat Enterprise Linux 8.8 Telecommunications Update Service; Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions; Red Hat Enterprise Linux 9; Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions; Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions; Red Hat Enterprise Linux 9.6 Extended Update Support; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7.
Memory safety bugs present in Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152 and Thunderbird 152. Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory. Red Hat severity: Important — CVSS 7.5 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). Weakness: CWE-825. Red Hat lists Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9 as not affected.
JIT miscompilation in the DOM: Core & HTML component. Red Hat rates this important (CVSS 7.5). Weakness: CWE-733. Affected package(s): firefox, thunderbird. Resolved in Red Hat advisory RHSA-2026:29940 — update the affected packages (`sudo dnf update`).
Memory safety bug fixed in Firefox ESR 140.12. Red Hat rates this important (CVSS 7.5). Weakness: CWE-843. Affected package(s): firefox, thunderbird. Resolved in Red Hat advisory RHSA-2026:29940 — update the affected packages (`sudo dnf update`).
Sandbox escape due to incorrect boundary conditions in the Networking component. Red Hat rates this important (CVSS 7.5). Weakness: CWE-653. Affected package(s): firefox, thunderbird. Resolved in Red Hat advisory RHSA-2026:29940 — update the affected packages (`sudo dnf update`).
Sandbox escape in the Security: Process Sandboxing component. Red Hat rates this important (CVSS 7.5). Weakness: CWE-403. Affected package(s): firefox, thunderbird. Resolved in Red Hat advisory RHSA-2026:29940 — update the affected packages (`sudo dnf update`).
Sandbox escape in the DOM: Navigation component. Red Hat rates this important (CVSS 7.5). Weakness: CWE-653. Affected package(s): firefox, thunderbird. Resolved in Red Hat advisory RHSA-2026:29940 — update the affected packages (`sudo dnf update`).
Sandbox escape in the DOM: Workers component. Red Hat rates this important (CVSS 7.5). Weakness: CWE-266. Affected package(s): firefox, thunderbird. Resolved in Red Hat advisory RHSA-2026:29940 — update the affected packages (`sudo dnf update`).
Use-after-free in the Graphics: WebGPU component. Red Hat rates this important (CVSS 7.5). Weakness: CWE-825. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Incorrect boundary conditions in the Web Audio component. Red Hat rates this important (CVSS 7.5). Weakness: CWE-787. Affected package(s): firefox, thunderbird. Resolved in Red Hat advisory RHSA-2026:29940 — update the affected packages (`sudo dnf update`).
Use-after-free in the Networking: HTTP component. Red Hat rates this important (CVSS 7.5). Weakness: CWE-825. Affected package(s): firefox, thunderbird. Resolved in Red Hat advisory RHSA-2026:29940 — update the affected packages (`sudo dnf update`).
Memory safety bug fixed in Thunderbird ESR 140.12. Red Hat rates this important (CVSS 7.5). Weakness: CWE-823. Affected package(s): firefox, thunderbird. Resolved in Red Hat advisory RHSA-2026:29940 — update the affected packages (`sudo dnf update`).
Privilege escalation in the Graphics: WebRender component. Red Hat rates this important (CVSS 7.5). Weakness: CWE-266. Affected package(s): firefox, thunderbird. Resolved in Red Hat advisory RHSA-2026:29940 — update the affected packages (`sudo dnf update`).
A stack-based buffer overflow vulnerability in the CGI program of Zyxel GS1900-48HPv2 firmware versions through 2.90(ABTQ.1)C0 could allow a LAN-based, unauthenticated attacker to exploit the flaw and potentially execute OS commands via a crafted HTTP request.
Denial of Service via integer overflow in remote message decompression. Red Hat rates this important (CVSS 8.6). Weakness: CWE-190. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
integer overflow in VIOSockSelect leads to heap-based buffer overflow. Red Hat rates this important (CVSS 7.8). Weakness: CWE-190. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
local privilege escalation via forged cifs.spnego key description in cifs.upcall. Red Hat rates this important (CVSS 7.8). Weakness: CWE-250. Affected package(s): cifs-utils. Resolved in Red Hat advisory RHSA-2026:32990 — update the affected packages (`sudo dnf update`).