VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
1830 advisories across 32 monitored vendors.
Incorrect boundary conditions in the JavaScript Engine: JIT component. Red Hat rates this important (CVSS 7.5). Weakness: CWE-787. Affected package(s): thunderbird, firefox. Resolved in Red Hat advisory RHSA-2026:26551 — update the affected packages (`sudo dnf update`).
Adversarial Robustness Toolbox (ART) Kubeflow: Remote code execution via unsanitized user input. Red Hat rates this important (CVSS 8.8). Weakness: CWE-94. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Arbitrary Code Execution via Command-Line Argument Injection. Red Hat rates this important (CVSS 8.8). Weakness: CWE-94. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
llm CLI tool: Arbitrary code execution via code injection in --functions argument. Red Hat rates this important (CVSS 7.3). Weakness: CWE-94. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Arbitrary file read via bypassed source path validation. Red Hat rates this important (CVSS 7.5). Weakness: CWE-22. Affected package(s): rhoai/odh-th06-cuda130-torch210-py312-rhel9:1782136276, rhoai/odh-th06-cpu-torch210-py312-rhel9:1782135464, rhoai/odh-training-cuda128-torch29-py312-rhel9:1782132240, rhoai/odh-th06-rocm64-torch291-py312-rhel9:1782135346. Resolved in Red Hat advisory RHSA-2026:34456 — update the affected packages (`sudo dnf update`).
Arbitrary command execution via crafted links in system logs UI. Red Hat rates this important (CVSS 8). Weakness: CWE-78. Affected package(s): cockpit. Resolved in Red Hat advisory RHSA-2026:21390 — update the affected packages (`sudo dnf update`).
"Dirty Frag" RxRPC variant is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel. Red Hat rates this important (CVSS 7.8). Weakness: CWE-123. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
XML::LibXML: Denial of Service via truncated UTF-8 in XML node names. Red Hat rates this important (CVSS 7.5). Weakness: CWE-125. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
denial of service via crafted XML input. Red Hat rates this important (CVSS 7.5). Weakness: CWE-407. Affected package(s): expat, rhui5/haproxy-rhel9:1781525671, rhui5/installer-rhel9:1781525693, rhui5/cds-rhel9:1781525684, libexpat, discovery/discovery-ui-rhel9:1782166952. Resolved in Red Hat advisory RHSA-2026:22715 — update the affected packages (`sudo dnf update`).
denial of service via DOMNode::C14N(). Red Hat rates this important (CVSS 7.5). Weakness: CWE-835. Affected package(s): php8.4. Resolved in Red Hat advisory RHSA-2026:22649 — update the affected packages (`sudo dnf update`).
global buffer over-read in mb_convert_encoding() with attacker-supplied encoding. Red Hat rates this important (CVSS 8.2). Weakness: CWE-125. Affected package(s): php8.4. Resolved in Red Hat advisory RHSA-2026:22649 — update the affected packages (`sudo dnf update`).
PHP SOAP extension: Remote Code Execution via use-after-free vulnerability. Red Hat rates this important (CVSS 7.7). Weakness: CWE-825. Affected package(s): php, php:7.4. Resolved in Red Hat advisory RHSA-2026:33449 — update the affected packages (`sudo dnf update`).
NULL pointer dereference in SOAP apache:Map decoder with missing <value>. Red Hat rates this important (CVSS 7.5). Weakness: CWE-476. Affected package(s): php, php8.4, php:8.2, php:7.4, php:8.3. Resolved in Red Hat advisory RHSA-2026:22649 — update the affected packages (`sudo dnf update`).
SQL injection in pdo_firebird via NUL bytes in quoted strings. Red Hat rates this important (CVSS 8.1). Weakness: CWE-89. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
signed integer overflow in metaphone(). Red Hat rates this important (CVSS 7.5). Weakness: CWE-190. Affected package(s): php, php8.4, php:8.2, php:7.4, php:8.3. Resolved in Red Hat advisory RHSA-2026:22649 — update the affected packages (`sudo dnf update`).
Net::IMAP: IMAP Command Injection via Symbol Arguments. Red Hat rates this important (CVSS 7.1). Weakness: CWE-93. Affected package(s): ruby, ruby4.0, ruby:3.3, ruby:2.5, ruby:4.0. Resolved in Red Hat advisory RHSA-2026:33514 — update the affected packages (`sudo dnf update`).
Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS. Red Hat rates this important (CVSS 7.4). Weakness: CWE-325. Affected package(s): ruby, ruby4, ruby4.0, ruby:3.3, ruby3, ruby:2.5. Resolved in Red Hat advisory RHSA-2026:33514 — update the affected packages (`sudo dnf update`).
Privilege escalation via ptrace when installed in setuid mode. Red Hat rates this important (CVSS 7). Weakness: CWE-269. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Privilege escalation via security control bypass. Red Hat rates this important (CVSS 8.1). Weakness: CWE-863. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Denial of Service via large request body to Webhook Interceptor. Red Hat rates this important (CVSS 7.5). Weakness: CWE-770. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.