VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
1726 advisories across 32 monitored vendors.
A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gst_av1_parser_parse_tile_list_obu() function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a user into opening a specially crafted AV1 media file, triggering an assertion abort and causing the application to crash. Affected products named by the advisory: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 9.
Session hijacking and unauthorized data access due to insufficient session expiration. Red Hat rates this moderate (CVSS 5.3). Weakness: CWE-613. Affected package(s): ansible-automation-platform. Resolved in Red Hat advisory RHSA-2026:25928 — update the affected packages (`sudo dnf update`).
Plaintext password recovery via timing discrepancy in pam_userdb module. Red Hat rates this moderate (CVSS 4.8). Weakness: CWE-208. Affected package(s): pam-main. Resolved in Red Hat advisory RHSA-2026:35016 — update the affected packages (`sudo dnf update`).
Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to create empty files or directories at arbitrary absolute paths on the host filesystem. This issue has been patched in Docker Engine version 29.5.1 and Moby Daemon version 2.0.0-beta.14.
Unauthorized file creation via path traversal. Red Hat rates this moderate (CVSS 5.8). Weakness: CWE-22. Affected package(s): mariadb10.11, mariadb11, galera, mariadb:11.8, mariadb11.8, mariadb:10.11. Resolved in Red Hat advisory RHSA-2026:33093 — update the affected packages (`sudo dnf update`).
MariaDB server: Information disclosure of stored routine definitions due to insufficient privilege check. Red Hat rates this moderate (CVSS 4.3). Weakness: CWE-266. Affected package(s): mariadb10.11, mariadb11, galera, mariadb:11.8, mariadb11.8, mariadb:10.11. Resolved in Red Hat advisory RHSA-2026:33093 — update the affected packages (`sudo dnf update`).
Denial of Service due to HTTP/2 max header size handling. Red Hat rates this moderate (CVSS 5.3). Weakness: CWE-770. Affected package(s): netty-codec-http2. Resolved in Red Hat advisory RHSA-2026:26018 — update the affected packages (`sudo dnf update`).
Data manipulation via request-boundary confusion in HttpObjectDecoder. Red Hat rates this moderate (CVSS 5.3). Weakness: CWE-444. Affected package(s): netty-codec-http. Resolved in Red Hat advisory RHSA-2026:26018 — update the affected packages (`sudo dnf update`).
Denial of Service via uncontrolled HTTP/2 concurrent streams. Red Hat rates this moderate (CVSS 5.3). Weakness: CWE-770. Affected package(s): netty-codec-http2. Resolved in Red Hat advisory RHSA-2026:26018 — update the affected packages (`sudo dnf update`).
Sandbox Breakout Using Promise Species. Red Hat rates this moderate (CVSS 6.6). Affected package(s): rhdh/rhdh-hub-rhel9:1782761244. Resolved in Red Hat advisory RHSA-2026:33574 — update the affected packages (`sudo dnf update`).
Arbitrary code execution due to incomplete sandbox restrictions. Red Hat rates this moderate (CVSS 4.1). Weakness: CWE-184. Affected package(s): rhdh/rhdh-hub-rhel9:1782761244. Resolved in Red Hat advisory RHSA-2026:33574 — update the affected packages (`sudo dnf update`).
Netty DNS resolver: DNS Cache Poisoning via predictable transaction IDs. Red Hat rates this moderate (CVSS 6.8). Weakness: CWE-1241. Affected package(s): netty-resolver-dns. Resolved in Red Hat advisory RHSA-2026:26018 — update the affected packages (`sudo dnf update`).
Sandbox escape leading to arbitrary code execution via security bypass. Red Hat rates this moderate (CVSS 4.1). Weakness: CWE-480. Affected package(s): rhdh/rhdh-hub-rhel9:1782761244. Resolved in Red Hat advisory RHSA-2026:33574 — update the affected packages (`sudo dnf update`).
Arbitrary code execution via sandbox escape vulnerability. Red Hat rates this moderate (CVSS 4.1). Weakness: CWE-843. Affected package(s): rhdh/rhdh-hub-rhel9:1782761244. Resolved in Red Hat advisory RHSA-2026:33574 — update the affected packages (`sudo dnf update`).
A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges could exploit this vulnerability by submitting a malformed virtio-blk SCSI request, leading to an out-of-bounds write in the host heap memory and a potential denial of service (DoS) for the QEMU process. Affected products named by the advisory: Red Hat Enterprise Linux 9; Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux for NVIDIA 26; and 1 more. Affected products named by the advisory: Red Hat OpenShift Container Platform 4.
Idira Privileged Access Manager (PAM) Self-Hosted Vault versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8 exhibit a validation vulnerability. Under specific circumstances and configuration scenarios, processing unexpected input could potentially lead to an unexpected service termination, resulting in a localized denial of service (DoS). CyberArk Security Bulletin: CA26-17
Idira Vendor PAM - Self-Hosted Connector versions prior 1.1.100504 under specific conditions and configuration scenarios, TLS certificate validation may not be fully enforced. CyberArk Security Bulletin: CA26-17
Idira Endpoint Privilege Manager Linux Agent versions prior to 26.5 allow a local attacker to potentially compromise the agent daemon initialization. CyberArk Security Bulletin: CA26-19
Idira Identity Browser Extension (Chrome, Firefox, and Edge builds) versions prior to 26.8.1 exhibit an origin validation flaw within its internal web-page verification routines. If an authenticated user navigates to a specially crafted webpage, this interaction could potentially allow a remote attacker to trigger unauthorized application interaction or execution parameters within the context of that authenticated browser session. CyberArk Security Bulletin: CA26-21
Due to incomplete input validation in Idira Privileged Session Manager for SSH (PSMP) versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6, an authenticated, low-privileged user could potentially execute arbitrary commands on the PSMP host. CyberArk Security Bulletins: CA26-17 and CA26-18