VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
1779 advisories across 32 monitored vendors.
Multiple vulnerabilities in ClamAV could allow a remote attacker to cause a denial of service (DoS) condition, interrupting scanning operations. For more information about these vulnerabilities, see the Details section of this advisory. For additional information on these vulnerabilities in ClamAV, see the ClamAV blog. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. Notes: The Security Impact Rating (SIR) for these vulnerabilities is High for Windows-based platforms only because those platforms run the ClamAV scanning process in a privileged security context. The platforms that are highly impacted include Cisco Secure Endpoint Connector for Windows. The SIR for these vulnerabilities is Medium on other platforms, including Linux and Mac platforms, because those platforms run the ClamAV scanning process in a lower-privileged security context. The affected platforms include Secure Endpoint Connector for Linux and Mac. Cisco Secure Endpoint Private Cloud itself is not impacted by these vulnerabilities. However, the Cisco Secure Endpoint Connector software that is distributed from the device is impacted.
Arbitrary file read and code execution via path traversal. Red Hat rates this important (CVSS 7.5). Weakness: CWE-22.
Denial of Service in TLS 1.3 session ticket handling. Red Hat rates this important (CVSS 7.5). Weakness: CWE-130.
Denial of Service via unvalidated endpoint URL length. Red Hat rates this important (CVSS 7.5). Weakness: CWE-1284.
Denial of Service via uncontrolled resource consumption in JSON parsing. Red Hat rates this important (CVSS 7.5). Weakness: CWE-770.
Unauthorized access to trace data due to missing authorization validation. Red Hat rates this important (CVSS 8.1). Weakness: CWE-425.
fix UAF in l2cap_sock_cleanup_listen() vs l2cap_conn_del(). Red Hat rates this moderate (CVSS 7). Weakness: CWE-366.
JWT verification bypass allows unauthorized access via HTTPProxy misconfiguration. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-295.
Erlang OTP ssh: Denial of Service via infinite loop in SFTP channel. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-835.
Erlang OTP ssh: Information disclosure via SFTP REALPATH handler. Red Hat rates this moderate (CVSS 4.3). Weakness: CWE-204. Red Hat lists fixing advisory RHSA-2026:35998 with package erlang27-main-27.3.4.14-1.hum1.
DPoP verifier accepts malformed proof with private key material. Red Hat rates this moderate (CVSS 5.3). Weakness: CWE-358.
Server-Side Request Forgery allows unauthorized internal network access. Red Hat rates this moderate (CVSS 5.8). Weakness: CWE-918.
Request smuggling via re-parsing of Content-Length header. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-444. Red Hat lists fixing advisory RHSA-2026:34975 with package rust-main-1.96.1-1.hum1.
use chan timer to close channels in cleanup_listen(). Red Hat rates this moderate (CVSS 5.5). Weakness: CWE-413.
Unauthenticated data injection during TLS handshake. Red Hat rates this low (CVSS 3.7). Weakness: CWE-924.
Authentication bypass due to improper input neutralization. Red Hat rates this critical (CVSS 9.1). Weakness: CWE-140.
containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 the CRI plugin propagates labels from an image config (LABEL instruction in Dockerfile) to a container without validation. This may result in executing an arbitrary command on the host, via a plugin that consumes container labels for some operations. This issue has been fixed in versions 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10.
Remote code execution via JNDI injection. Red Hat rates this important (CVSS 7.5). Weakness: CWE-502.
SQL Injection vulnerability. Red Hat rates this important (CVSS 7.3). Weakness: CWE-89.
Allocation of resources without limits or throttling in the HTTP/2 HPACK decoder in Apache HttpComponents Core (5.4.2 and earlier, 5.5-beta1 and earlier) allows an remote attacker to cause a denial of service through memory exhaustion by sending oversized compressed header blocks before the HTTP/2 SETTINGS acknowledgement causes the configured header list size limit to be applied.