VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
4111 advisories across 32 monitored vendors.
Denial of Service via crafted WireFormatInfo frame. Red Hat rates this important (CVSS 7.5). Weakness: CWE-770.
Denial of Service via repeated BrokerInfo commands. Red Hat rates this important (CVSS 7.5). Weakness: CWE-770.
Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: Unbounded header buffer in STOMP NIO codec. Red Hat rates this important (CVSS 7.5). Weakness: CWE-789.
Information disclosure due to broken temporary destination isolation. Red Hat rates this important (CVSS 8.2). Weakness: CWE-1220.
Denial of Service due to exponential-time complexity. Red Hat rates this important (CVSS 7.5). Weakness: CWE-1333. Red Hat lists fixing advisory RHSA-2026:35272 with package nodejs26-main-26.4.0-1.3.hum1, nodejs22-main-22.23.1-2.hum1, nodejs24-main-24.18.0-0.2.hum1.
Denial of Service via crafted input. Red Hat rates this important (CVSS 7.5). Weakness: CWE-1050. Red Hat lists fixing advisory RHSA-2026:40262 with package quay/quay-rhel8:1784125838.
Information disclosure via path traversal vulnerability. Red Hat rates this important (CVSS 7.5). Weakness: CWE-22.
Use-After-Free in Oj::Parser SAJ Long Key Callback. Red Hat rates this moderate.
Use-After-Free in Oj::Parser array_class/hash_class GC Marking. Red Hat rates this moderate.
Denial of Service via input string mutation during JSON parsing. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-825.
Stack Buffer Overflow in Oj.dump via Large Indent. Red Hat rates this moderate.
Information disclosure via uninitialized stack memory read. Red Hat rates this moderate (CVSS 5.3). Weakness: CWE-125.
Use-After-Free in parser symbol key cache toggle. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-825.
Information disclosure via unstripped credential headers during HTTP redirects. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-201.
Denial of Service via crafted PDF with missing stream length. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-770.
A flaw was found in Fulcio's OpenID Connect (OIDC) Discovery client. This vulnerability allows a remote attacker to perform Server-Side Request Forgery (SSRF) by redirecting discovery requests to internal systems. Additionally, an attacker can manipulate the JSON Web Key Set (JWKS) Uniform Resource Identifier (URI) to poison the verifier cache with malicious keys, enabling the validation of attacker-controlled signatures. Furthermore, the flaw can lead to the leakage of Kubernetes ServiceAccount tokens to third-party hosts through cross-host redirects or misconfigured MetaIssuers, potentially exposing sensitive cluster credentials. Exploitation requires a compromised or malicious OIDC issuer already trusted in the Fulcio configuration. In typical Red Hat Trusted Artifact Signer deployments, OIDC issuers are explicitly configured and curated, reducing the attack surface."}] Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N). Weakness: CWE-918. Affected products named by the advisory: Assisted Installer for Red Hat OpenShift Container Platform 2; Confidential Compute Attestation; Kernel Module Management Operator for Red Hat Openshift; Lightspeed Core; and 31 more.
A flaw was found in Sigstore Timestamp Authority. An unauthenticated remote attacker can exploit this vulnerability by sending requests with arbitrary HTTP paths and methods. This leads to the creation of an excessive number of unique metric labels, causing unbounded memory growth and a denial of service (DoS) condition on the server. This issue is a type of Improper Restriction of Resource Consumption (CWE-770). The wrapMetrics middleware records raw HTTP request paths and methods as Prometheus labels, allowing unbounded memory growth via requests with random paths. Red Hat Trusted Artifact Signer ships a fixed version and is not affected. Red Hat severity: Moderate — CVSS 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-770.
Information Disclosure via brute-force attack on hash function. Red Hat rates this moderate (CVSS 4.3). Weakness: CWE-916.
SQL misconfiguration in the Gravitino UI, in versions 1.0.0 and below, can allow a malicious user to read or truncate files. Users are recommended to upgrade to version 1.0.0, which fixes this issue.
Denial of Service via Integer Overflow in FuzzyMatchV2 function. Red Hat rates this moderate (CVSS 5). Weakness: CWE-190.