VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
Critical/high still unreviewed, or CISA KEV listed
Integer overflow in Poppler SplashOutputDev::tilingPatternFill leads to heap buffer overflow via unchecked dimension multiplication. Red Hat rates this important (CVSS 7.8). Weakness: CWE-190. Affected package(s): rhaiis/model-opt-cuda-rhel9:1782352950, rhaiis/vllm-spyre-rhel9:1782352919, poppler, rhaiis/vllm-rocm-rhel9:1782353093, rhaiis/vllm-cuda-rhel9:1782352847, poppler-main. Resolved in Red Hat advisory RHSA-2026:29952 — update the affected packages (`sudo dnf update`).
Arbitrary Code Execution via crafted discovery URI bypass. Red Hat rates this important (CVSS 8.8). Weakness: CWE-502. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Unauthorized Broker Management via Incorrect Default Permissions. Red Hat rates this important (CVSS 8.1). Weakness: CWE-276. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Information disclosure via unauthenticated BrokerInfo command. Red Hat rates this important (CVSS 7.5). Weakness: CWE-306. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Tear down vGIC on failed vCPU creation If kvm_arch_vcpu_create() fails to share the vCPU page with the hypervisor, we propagate the error back to the ioctl but leave the vGIC vCPU data initialised. In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec nvmet_tcp_build_pdu_iovec() could walk past cmd->req.sg when a PDU length or offset exceeds sg_cnt and then use bogus sg->length/offset values, leading to _copy_to_iter() GPF/KASAN. It was discovered that the Linux kernel algif_aead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container.)(CVE-2026-31431) Affected Ubuntu releases: 24.04, 22.04, 20.04, 18.04. CVEs: CVE-2026-31431, CVE-2025-37849, CVE-2026-23112.
CPU Exhaustion in Avro Decoder via Unbounded Block-Count Iteration. Red Hat rates this important (CVSS 7.5). Weakness: CWE-835. Affected package(s): rhacm2/acm-grafana-rhel9:1782383730. Resolved in Red Hat advisory RHSA-2026:30651 — update the affected packages (`sudo dnf update`).
Integer Overflow in Avro Decoder. Red Hat rates this important (CVSS 7.5). Weakness: CWE-190. Affected package(s): rhacm2/acm-grafana-rhel9:1782383730. Resolved in Red Hat advisory RHSA-2026:30651 — update the affected packages (`sudo dnf update`).
Out-of-bounds write in planar bitmap decoder allows arbitrary code execution. Red Hat rates this important (CVSS 8.8). Weakness: CWE-787. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Arbitrary code execution and denial of service via heap-buffer-overflow. Red Hat rates this important (CVSS 8.8). Weakness: CWE-131. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Arbitrary code execution or denial of service via heap use-after-free in RDPEAR NDR parser. Red Hat rates this important (CVSS 7.5). Weakness: CWE-825. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Arbitrary code execution via crafted RDPGFX PDUs. Red Hat rates this important (CVSS 8.8). Weakness: CWE-787. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
org.keycloak:keycloak-services: Keycloak: Authentication bypass via JWT algorithm confusion. Red Hat rates this important (CVSS 8.1). Weakness: CWE-347. Affected package(s): rhbk/keycloak-rhel9:26.6, rhbk/keycloak-operator-bundle:26.6.4, rhbk/keycloak-rhel9-operator:26.6. Resolved in Red Hat advisory RHSA-2026:30083 — update the affected packages (`sudo dnf update`).
Stack buffer overflow allows arbitrary code execution via a crafted authentication tag.. Red Hat rates this important (CVSS 9.8). Weakness: CWE-120. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Denial of Service due to unbounded memory allocation when parsing oversized baggage. Red Hat rates this important (CVSS 7.5). Weakness: CWE-770. Affected package(s): offline-knowledge-portal/rhokp-rhel9:1782239370. Resolved in Red Hat advisory RHSA-2026:28573 — update the affected packages (`sudo dnf update`).
Metrics exporter allows privilege escalation to PostgreSQL superuser and OS RCE. Red Hat rates this important (CVSS 8.8). Weakness: CWE-250. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Authentication bypass due to forged JSON Web Tokens. Red Hat rates this important (CVSS 7.4). Weakness: CWE-347. Affected package(s): ansible-automation-platform, quay/quay-rhel8:1782487717, python3.12-pyjwt, quay/quay-rhel8:1781878070, fence-agents, quay/quay-rhel8:1781937357. Resolved in Red Hat advisory RHSA-2026:35837 — update the affected packages (`sudo dnf update`).
VMExport directory symlink escape enables exporter pod file read. Red Hat rates this important (CVSS 7.7). Weakness: CWE-59. Affected package(s): container-native-virtualization/virt-exportserver-rhel9:1781757410, container-native-virtualization/virt-exportserver-rhel9:1781590993, container-native-virtualization/virt-exportserver-rhel9:1781928221, container-native-virtualization/virt-exportserver-rhel9:1782012918, container-native-virtualization/virt-exportserver-rhel9:1781838712. Resolved in Red Hat advisory RHSA-2026:28002 — update the affected packages (`sudo dnf update`).
Command injection in rpmuncompress doUntar() via unescaped archive top-level directory name in popen() shell command. Red Hat rates this moderate (CVSS 7). Weakness: CWE-78. Affected package(s): rpm-main. Resolved in Red Hat advisory RHSA-2026:28491 — update the affected packages (`sudo dnf update`).
Privilege escalation via improper scope mapping enforcement. Red Hat rates this important (CVSS 7.3). Weakness: CWE-266. Affected package(s): rhbk/keycloak-operator-bundle:26.4.13, rhbk/keycloak-rhel9-operator:26.4, rhbk/keycloak-rhel9, rhbk/keycloak-rhel9:26.6, rhbk/keycloak-rhel9:26.4, rhbk/keycloak-operator-bundle:26.6.4. Resolved in Red Hat advisory RHSA-2026:30049 — update the affected packages (`sudo dnf update`).
defensively unhash xfrm_state lists in __xfrm_state_delete. Red Hat rates this important (CVSS 7). Weakness: CWE-763. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.