VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
Critical/high still unreviewed, or CISA KEV listed
Use after free in Digital Credentials in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) An use after free flaw was found in the Digital Credentials component of the Chromium browser. Upstream bug(s): https://code.google.com/p/chromium/issues/detail?id=519728275 Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory. Red Hat severity: Important — CVSS 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Weakness: CWE-825.
Use after free in WebShare in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) Upstream bug(s): https://code.google.com/p/chromium/issues/detail?id=516496659 Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory. Red Hat severity: Important — CVSS 8.3 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). Weakness: CWE-825.
Quarkus is a Java framework for building cloud-native applications. Prior to versions 3.37.0, 3.36.3, 3.33.2.1, 3.33.3, 3.27.4.1, 3.27.5, and 3.20.6.2, Quarkus HTTP path-based authorization policies can be bypassed using encoded semicolons (%3B) to smuggle matrix parameters past the security layer, and using encoded slashes (%2F) or backslashes (%5C) to access protected static resources. This is a distinct issue from CVE-2026-39852, which addressed only literal semicolon stripping. Versions 3.37.0, 3.36.3, 3.33.2.1, 3.33.3, 3.27.4.1, 3.27.5, and 3.20.6.2 contain a patch. A flaw was found in Quarkus. This could allow unauthorized access to protected static resources, leading to information disclosure. This is critical in deployments where Quarkus applications serve sensitive static content and rely solely on path-based authorization. Red Hat severity: Important — CVSS 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Weakness: CWE-551.
When the Strimzi cluster operator is deployed with watchAnyNamespace=true (or a multi-namespace list), any namespace editor can set Kafka.spec.entityOperator.userOperator.watchedNamespace (or topicOperator.watchedNamespace) to an arbitrary namespace. The cluster operator then creates a Role granting full CRUD on Secrets in the target namespace and a RoleBinding pointing to a ServiceAccount in the attacker's namespace — effectively granting cluster-admin-equivalent access via kube-system secret exfiltration. The RBAC objects created cross-namespace have their ownerReferences deliberately stripped, making the privilege grant persistent even after the Kafka CR or attacker namespace is deleted. Fixed in Strimzi 1.0.1 and 1.1.0 by adding a dedicated environment variable to explicitly enable the watched namespace feature (disabled by default). Red Hat severity: Important — CVSS 8 (CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H). Weakness: CWE-250. Affected Red Hat products: streams for Apache Kafka 2; streams for Apache Kafka 3. Red Hat does not currently list a fixing RHSA for this CVE.
Multiple NetApp products incorporate OpenSSL. OpenSSL versions 4.0 and 3.6 are susceptible to a vulnerability which when successfully exploited could lead to Denial of Service (DoS). Successful exploitation of this vulnerability could lead to Denial of Service (DoS). Affected products: Management Services for Element Software and NetApp HCI, NetApp Console Agent Container (adc), NetApp Console Agent Container (cbs), NetApp Console Agent Container (cbs-backend), ONTAP Select Deploy administration utility. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
Multiple NetApp products incorporate OpenSSL. OpenSSL versions 4.0, 3.6, 3.5, 3.4, 3.0, 1.1.1, and 1.0.2 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS). Affected products: Active IQ Unified Manager for Linux, Active IQ Unified Manager for VMware vSphere, Management Services for Element Software and NetApp HCI, NetApp Console Agent Container (adc), NetApp Console Agent Container (cbs), NetApp Console Agent Container (cbs-backend), ONTAP Select Deploy administration utility. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
Multiple NetApp products incorporate OpenSSL. OpenSSL versions 4.0, 3.6, 3.5, and 3.4 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information or addition or modification of data. Affected products: Active IQ Unified Manager for VMware vSphere, Management Services for Element Software and NetApp HCI, NetApp Console Agent Container (adc), NetApp Console Agent Container (cbs), NetApp Console Agent Container (cbs-backend), ONTAP Select Deploy administration utility. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
Multiple NetApp products incorporate OpenSSL. OpenSSL versions 4.0, 3.6, 3.5, 3.4, 3.0, 1.1.1, and 1.0.2 are susceptible to a vulnerability which when successfully exploited could lead to Denial of Service (DoS). Successful exploitation of this vulnerability could lead to Denial of Service (DoS). Affected products: Active IQ Unified Manager for Linux, Active IQ Unified Manager for VMware vSphere, Management Services for Element Software and NetApp HCI, NetApp Console Agent Container (adc), NetApp Console Agent Container (cbs-backend), ONTAP Select Deploy administration utility. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
Multiple NetApp products incorporate OpenSSL. OpenSSL versions 4.0, 3.6, 3.5, 3.4, and 3.0 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information. Successful exploitation of this vulnerability could lead to disclosure of sensitive information. Affected products: Active IQ Unified Manager for Linux, Active IQ Unified Manager for VMware vSphere, NetApp Console Agent Container (cbs), NetApp Console Agent Container (cbs-backend), ONTAP Select Deploy administration utility. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
Multiple NetApp products incorporate OpenSSL. OpenSSL versions 4.0, 3.6, 3.5, and 3.4 are susceptible to a vulnerability which when successfully exploited could lead to Denial of Service (DoS). Successful exploitation of this vulnerability could lead to Denial of Service (DoS). Affected products: Active IQ Unified Manager for VMware vSphere, Management Services for Element Software and NetApp HCI, NetApp Console Agent Container (adc), NetApp Console Agent Container (cbs), NetApp Console Agent Container (cbs-backend), ONTAP Select Deploy administration utility. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
Multiple NetApp products incorporate OpenSSL. OpenSSL versions 4.0, 3.6, 3.5, 3.4, 3.0, 1.1.1, and 1.0.2 are susceptible to a vulnerability which when successfully exploited could lead to Denial of Service (DoS). Successful exploitation of this vulnerability could lead to Denial of Service (DoS). Affected products: Active IQ Unified Manager for Linux, Active IQ Unified Manager for VMware vSphere, NetApp Console Agent Container (adc), NetApp Console Agent Container (cbs), NetApp Console Agent Container (cbs-backend), ONTAP Select Deploy administration utility. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
Multiple NetApp products incorporate OpenSSL. OpenSSL versions 4.0, 3.6, and 3.5 are susceptible to a vulnerability which when successfully exploited could lead to Denial of Service (DoS). Successful exploitation of this vulnerability could lead to Denial of Service (DoS). Affected products: Active IQ Unified Manager for VMware vSphere, Management Services for Element Software and NetApp HCI, NetApp Console Agent Container (cbs-backend), ONTAP Select Deploy administration utility. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk <br/>Security Impact Rating: Critical <br/>CVE: CVE-2026-20127
May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability was disclosed in February 2026. This new advisory is for a new vulnerability in the control connection handshaking. The Indicators of Compromise section of this advisory includes Show Control Connections guidance to help with system checks. A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to the affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric. Cisco has released software updates that address this vulnerability.
List of Security Fixes and Improvements in Veeam Kasten for Kubernetes KB ID: 4825 Product: Veeam Kasten for Kubernetes | 7 | 7.5 | 8 | 8.5 Kasten K10 by Veeam | 3 | 5 | 5.5 | 6 | 6.5 Published: 2026-03-02 Last Modified: 2026-07-15 Purpose This article describes all security-related fixes and improvements introduced in each release or update of Veeam Kasten for Kubernetes. This article aims to provide our customers' security and compliance teams with detailed information on security improvements. Full product release notes are available here: Veeam Kasten for Kubernetes — Release Notes Security Fixes and Improvements Veeam Kasten for Kubernetes 9.0.1 Upgraded to Go 1.26.5 to resolve CVE-2026-39822 & CVE-2026-42505 Updated the UBI minimal base image to incorporate the latest security fixes. Improved logging security for Veeam Backup & Replication API credentials and other sensitive values previously written to Kasten logs. It is recommended to upgrade Veeam Kasten and to refresh the token by manually logging out.
ws is an open source WebSocket client and server for Node.js. All versions from 1.1.0 up to (but not including) 5.2.5, from 6.0.0 up to 6.2.4, from 7.0.0 up to 7.5.11, and from 8.0.0 up to 8.21.0 are affected by a memory exhaustion DoS vulnerability. A peer can send a high volume of exceptionally small fragments and data chunks, with modest network traffic, to force the remote peer into allocating and holding structural wrappers that consume far more memory than the default documented message-size limit, leading to process termination due to OOM. This issue has been fixed in versions 5.2.5, 6.2.4, 7.5.11, and 8.21.0. This action forces the affected component to allocate and hold structural wrappers that consume excessive memory. Consequently, this leads to process termination and a denial of service (DoS) for the remote peer. This is an Important denial of service vulnerability in the `ws` WebSocket library. This can result in service disruption for Red Hat products that utilize `ws` for WebSocket communication. Red Hat severity: Important — CVSS 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-1050. Affected products named by the advisory: Cluster Observability Operator 1.5.0; Red Hat Developer Hub 1.10; Red Hat Developer Hub 1.9; Red Hat Discovery 2; and 29 more.
Yeoman Environment provides an API to discover, create, and run generators, and to configure where and how a generator is resolved. Versions 2.9.0 through 6.0.0 install missing local generator packages from caller-supplied package names without user confirmation. In downstream consumers that pass attacker-controlled project configuration into this path, this can result in arbitrary package installation and code execution during CLI bootstrap. The vulnerable method is installLocalGenerators(), which calls repository.install() directly without prompting the user. This issue has been fixed in version 6.0.0. This vulnerability allows an attacker to install arbitrary packages and execute code during command-line interface (CLI) bootstrap. The primary impact is arbitrary code execution. This is an Important flaw in Yeoman Environment that could lead to arbitrary code execution. The vulnerability arises when downstream consumers process attacker-controlled project configurations, allowing the installation of unconfirmed local generator packages during CLI bootstrap. Exploitation requires user interaction with malicious input, limiting the attack vector to specific development workflows. Red Hat severity: Important — CVSS 8.2 (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H). Weakness: CWE-426.
Passing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server to execute code on the local machine. A remote attacker, by operating a malicious Dynamic Host Configuration Protocol (DHCP) server, could send specially crafted DHCP replies containing unsanitized strings. This vulnerability allows the attacker to execute arbitrary code on the local machine, potentially leading to a complete compromise of the affected system. This Important vulnerability in the wicked DHCP client allows a remote attacker to achieve arbitrary code execution on a system configured to obtain an IP address from a malicious DHCP server. By sending specially crafted DHCP replies, an attacker can exploit unsanitized strings, leading to a complete compromise of the affected system. This risk is primarily present in environments where systems are exposed to untrusted DHCP servers. Red Hat severity: Important — CVSS 8.8 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Weakness: CWE-94.
Memory safety bug fixed in Thunderbird ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12 and Thunderbird 140.12. Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory. Red Hat severity: Important — CVSS 7.5 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). Affected Red Hat products: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 10.0 Extended Update Support; Red Hat Enterprise Linux 7 Extended Lifecycle Support; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support; Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On; Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support; Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On; Red Hat Enterprise Linux 8.8 Telecommunications Update Service; Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions; Red Hat Enterprise Linux 9; Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions; Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions; Red Hat Enterprise Linux 9.6 Extended Update Support; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Will not fix / out of support: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7.
Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory. Red Hat severity: Important — CVSS 7.5 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). Weakness: CWE-825. Affected Red Hat products: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 10.0 Extended Update Support; Red Hat Enterprise Linux 7 Extended Lifecycle Support; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support; Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On; Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support; Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On; Red Hat Enterprise Linux 8.8 Telecommunications Update Service; Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions; Red Hat Enterprise Linux 9; Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions; Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions; Red Hat Enterprise Linux 9.6 Extended Update Support; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7.