VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
4113 advisories across 32 monitored vendors.
Host-root command execution via unvalidated image config labels in CRI plugin. Red Hat rates this important (CVSS 8.8). Weakness: CWE-78. Red Hat lists fixing advisory RHSA-2026:37252 with package rhacm2/submariner-rhel9-operator:1782933193, multicluster-engine/assisted-service-8-rhel8:1783332008, trivy-main-0.72.0-0.1.hum1, multicluster-engine/assisted-service-9-rhel9:1783350355.
fix UAF due to unlocked ->mnt_ns read in may_decode_fh(). Red Hat rates this moderate (CVSS 7). Weakness: CWE-364.
Mitigate TLBI errata on various Arm CPUs. Red Hat rates this moderate (CVSS 7). Weakness: CWE-1037.
clear i_sends on setup unwind. Red Hat rates this moderate (CVSS 7). Weakness: CWE-825.
File store write outside working directory via symlink traversal. Red Hat rates this moderate (CVSS 5.3). Weakness: CWE-22.
A flaw was found in oras-go. During the monolithic blob upload process, oras-go reuses the Authorization header for subsequent requests, even if a malicious registry provides a cross-host Location header. This vulnerability allows an attacker-controlled endpoint to receive the caller's credentials, leading to information disclosure. Additionally, it can enable client-side Server-Side Request Forgery (SSRF) to a cross-host target. Red Hat severity: Moderate — CVSS 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). Weakness: CWE-522. Under investigation: Gatekeeper 3; Multicluster Global Hub; OpenShift Service Mesh 3; Red Hat Advanced Cluster Management for Kubernetes 2; Red Hat OpenShift Container Platform 4; Red Hat OpenStack Platform 16.2; Red Hat OpenStack Platform 17.1; Red Hat OpenStack Platform 18.0.
A flaw was found in oras-go, a Go library used for managing OCI (Open Container Initiative) artifacts. An attacker can exploit this vulnerability by providing a specially crafted tarball containing a malicious hardlink. When this tarball is extracted, the hardlink can be manipulated to point to files outside the intended extraction location, specifically within the victim's current working directory. This allows an attacker to read sensitive information from the system, and in some cases, could lead to unauthorized access to critical system files if the component is operating with elevated privileges. The ensureLinkPath tar extraction helper validates that a hardlink's target resolves inside the extract base directory, but returns the original unresolved target string instead of the validated path. When os.Link() is called with a relative Linkname, it resolves against the process's current working directory (CWD), not the extract directory. An attacker controlling an OCI registry can craft a tarball layer with a malicious hardlink entry whose relative Linkname escapes the extract directory, creating a hardlink to arbitrary files in the victim's CWD. Exploitation requires the victim to run `oras pull` (or code using the oras-go file store) against an attacker-controlled registry with auto-extract enabled (io.deis.oras.content.unpack annotation set to true).
Unauthorized certificates accepted due to ignored `certificateOIDs` verification option. Red Hat rates this moderate (CVSS 5.9). Weakness: CWE-345.
Insufficient verification of data authenticity allows timestamp manipulation. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-345.
Cookie injection allows planting cookies for unrelated domains. Red Hat rates this moderate (CVSS 4). Weakness: CWE-346.
containerd is an open-source container runtime. Versions prior to 1.7.33, 2.0.10, 2.1.9, 2.2.5 and 2.3.2, contain a vulnerability that allows a maliciously crafted image to cause a Denial of Service (DoS) condition. When creating a container from this image, memory exhaustion occurs, leading to an Out Of Memory (OOM) kill of the containerd process. This renders the container runtime API unavailable and can disrupt clients such as the Docker Engine or Kubernetes control-plane components. This issue has been fixed in versions 1.7.33, 2.0.10, 2.1.9, 2.2.5 and 2.3.2.
Heap buffer overwrite via incorrect argument handling in JP2 encoder. Red Hat rates this moderate (CVSS 5.5). Weakness: CWE-787.
Denial of Service via invalid arguments to connected-components option. Red Hat rates this moderate (CVSS 4.7). Weakness: CWE-835.
Denial of Service via crafted image in MVG decoder. Red Hat rates this moderate (CVSS 5.3). Weakness: CWE-787.
Heap buffer overflow in MVG decoder allows out-of-bounds write. Red Hat rates this moderate (CVSS 5.9). Weakness: CWE-787.
Denial of Service via crafted 8BIM profile. Red Hat rates this moderate (CVSS 5.5). Weakness: CWE-825.
Information disclosure vulnerability in MNG decoder. Red Hat rates this moderate (CVSS 5.3). Weakness: CWE-908.
Information disclosure via overly permissive file permissions. Red Hat rates this moderate (CVSS 5.5). Weakness: CWE-277.
Denial of Service via integer overflow in XCF decoder. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-125.
Unauthorized file access due to missing policy checks in concatenate operation. Red Hat rates this moderate (CVSS 6.1). Weakness: CWE-1220.