VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
1747 advisories across 32 monitored vendors.
Apache Log4j versions 2.7 prior to 2.25.4 and 3.0.0-alpha1 through 3.0.0-beta3 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data. Successful exploitation of this vulnerability could lead to addition or modification of data. Affected products: Data Infrastructure Insights and Data Secure Storage Workload Security Agent. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
Apache Log4j versions 2.14.0 prior to 2.25.4 and 3.0.0-alpha1 through 3.0.0-beta3 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data. Successful exploitation of this vulnerability could lead to addition or modification of data. Affected products: Data Infrastructure Insights and Data Secure Storage Workload Security Agent. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
Apache Tomcat versions 11.0.0-M1 through 11.0.4, 10.1.0-M1 through 10.1.36, and 9.0.0.M1 through 9.0.100 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS). NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
Nginx version 1.25.3 is susceptible to a vulnerability which when successfully exploited could lead to Denial of Service (DoS). Successful exploitation of this vulnerability could lead to Denial of Service (DoS). NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
Nginx versions 1.25.0 through 1.25.3 are susceptible to a vulnerability which when successfully exploited could lead to Denial of Service (DoS). Successful exploitation of this vulnerability could lead to Denial of Service (DoS). NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
Apache Tomcat versions 11.0.0-M1 through 11.0.22, 10.1.0-M1 through 10.1.55, 9.0.0-M1 through 9.0.118, and 8.5.0 through 8.5.100 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS). NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
A vulnerability was determined in Open Asset Import Library Assimp up to 6.0.4. Affected is the function Assimp::Exporter::ExportToBlob of the file code/AssetLib/Ply/PlyLoader.cpp of the component PLY Model Handler. This manipulation causes double free. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report. This vulnerability, a double free, exists within the PLY Model Handler component. A remote attacker could exploit this flaw by manipulating PLY model files, leading to a denial of service and making the application unavailable. This double free vulnerability can be triggered by processing a specially crafted PLY model file, potentially leading to application unavailability. While remote, exploitation typically requires user interaction to open a malicious file. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Weakness: CWE-1341. Affected Red Hat products: Red Hat Enterprise Linux 10. Red Hat does not currently list a fixing RHSA for this CVE.
webpack-dev-server versions 5.2.5 and earlier terminate the whole Node.js process when an unauthenticated peer sends either a normal HTTP request with a malformed Host header or a WebSocket upgrade to the default /ws endpoint with a malformed Origin header. The malformed value causes an uncaught exception in the host-validation path and crashes the dev server. Impact is limited to availability of the development server, no data disclosure, no code execution. Workarounds: keep the dev server bound to localhost (the default) and do not expose it to untrusted networks. This malformed input causes an uncaught exception, leading to the termination of the Node.js process and crashing the development server. This vulnerability results in a Denial of Service (DoS), impacting the availability of the development server. webpack-dev-server is a development-time tool used to serve files during local frontend development and is not started or executed in production deployments. While the package may appear in SBOM manifests due to its presence in build-stage node_modules, the webpack-dev-server process is not running in shipped container images or installed RPM packages, so the vulnerable code path (host/origin header validation) cannot be reached by an attacker in a production environment. Red Hat severity: Moderate — CVSS 4.3 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
webpack-dev-server versions 5.2.5 and earlier expose two internal developer endpoints, /webpack-dev-server/open-editor and /webpack-dev-server/invalidate, that perform state-changing actions on any GET request without verifying that the request originated from the dev server's own page. Any website a developer visits while the dev server is running can trigger these endpoints cross-origin with no interaction beyond the visit. An attacker can open an arbitrary existing local file in the developer's editor, including files outside the project root, and repeated requests can spawn editor processes and force recompilations that degrade the developer's machine. Patches: upgrade to webpack-dev-server 5.2.6. Workarounds: none. This vulnerability allows a remote attacker to exploit exposed internal developer endpoints, `/webpack-dev-server/open-editor` and `/webpack-dev-server/invalidate`, through cross-origin requests. Repeated exploitation can lead to a denial of service by spawning numerous editor processes and forcing recompilations, degrading the developer's system performance. Red Hat severity: Moderate — CVSS 4.7 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L). Weakness: CWE-940. Affected products named by the advisory: Cryostat 4; Gatekeeper 3; Migration Toolkit for Containers; Node HealthCheck Operator; and 21 more.
FGAP v2 parent group children endpoint bypasses per-child view permission filter. Red Hat rates this moderate (CVSS 4.3). Weakness: CWE-1220.
FGAP v2 client scope assignment bypass via ClientResource. Red Hat rates this moderate (CVSS 5.4).
FGAP v2 role groups endpoint discloses hidden group metadata without group view permission. Red Hat rates this moderate (CVSS 4.3).
off-by-one buffer overflows in ipa-otpd oauth2.c during OAuth2 device authorization. Red Hat rates this low (CVSS 4.2). Weakness: CWE-787.
Improper Restriction of XML External Entity Reference vulnerability in Apache Lucene.Net (Lucene.Net.Analysis.Common library). This issue affects Apache Lucene.Net.Analysis.Common: from 4.8.0-beta00005 before 4.8.0-beta00018. Users are recommended to upgrade to version 4.8.0-beta00018, which fixes the issue.
Information disclosure via incorrect .netrc password lookup. Red Hat rates this moderate (CVSS 4.8). Weakness: CWE-289. Red Hat lists fixing advisory RHSA-2026:29017 with package rust-main-1.96.1-1.hum1, curl-main-8.21.0-0.1.hum1.
Cookie injection via malicious HTTP server using super cookies. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-565. Red Hat lists fixing advisory RHSA-2026:29017 with package rust-main-1.96.1-1.hum1, curl-main-8.21.0-0.1.hum1.
Information disclosure via incorrect Digest authentication header reuse. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-201. Red Hat lists fixing advisory RHSA-2026:29017 with package rust-main-1.96.1-1.hum1, curl-main-8.21.0-0.1.hum1.
Certificate validation bypass due to incorrect connection reuse. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-295. Red Hat lists fixing advisory RHSA-2026:29017 with package rust-main-1.96.1-1.hum1, curl-main-8.21.0-0.1.hum1.
Use-after-free vulnerability leading to Denial of Service. Red Hat rates this moderate (CVSS 4.7). Weakness: CWE-825.
In exception circumstances, WatchGuard Fireware OS on a FireCluster may use a hard-coded encryption key to encrypt saved credentials for Access Portal resources. This vulnerability affects Fireware OS 12.1 up to and including 12.12 and 2025.1 up to and including 2026.2. This vulnerability does not affect devices that do not support the Access Portal feature or standalone Fireboxes not deployed in a FireCluster.