VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
Advisories the vendor has revised
Memory corruption due to XInclude substitution. Red Hat rates this moderate (CVSS 6.2). Weakness: CWE-825.
Denial of Service due to improper XPathContext garbage collection. Red Hat rates this low (CVSS 4.7). Weakness: CWE-771.
Denial of Service via out-of-bounds read. Red Hat rates this moderate (CVSS 5.9). Weakness: CWE-125.
A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected device, possibly leading to browser-based attacks. This vulnerability is due to insufficient validation of user-supplied input for HTTP requests that are sent to an affected device. An attacker who has knowledge of the address of the affected device could exploit this vulnerability by persuading a user to click a crafted link that contains the affected device address. A successful exploit could allow the attacker to conduct browser-based attacks and execute arbitrary script code in the context of the affected interface or access sensitive information on the affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-finesse-rfi-gwpkdc89 <br/>Security Impact Rating: Medium <br/>CVE: CVE-2026-20175
Server-Side Request Forgery (SSRF) and XML External Entity (XXE) via improper enforcement of NONET parse option. Red Hat rates this low (CVSS 4.8). Weakness: CWE-611.
Denial of Service or Information Disclosure via invalid encoding handling. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-825.
Silent file attachment via ?attach= parameter. Red Hat rates this moderate (CVSS 6.5).
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed sensitive information to be written to application logs due to insufficient filtering in a CI/CD API endpoint.
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with developer-role permissions to bypass package protection rules and overwrite protected Maven package metadata due to incorrect authorization checks.
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with Reporter-level group permissions to view package metadata from projects with the Package Registry disabled due to incorrect authorization checks in the group packages feature.
GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user to read or modify another group's virtual registry cleanup policy settings without authorization.
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.5 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an unauthenticated user to view confidential issue references on public projects due to improper authorization checks.
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.8 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user to conceal content within a Snippet due to improper input validation.
GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 prior to 18.11.6, 19.0 prior to 19.0.3, and 19.1 prior to 19.1.1 in which incorrect authorization in DAST site profile management could allow a user with Developer role to exfiltrate DAST site profile secrets under certain conditions.
Denial of Service due to inefficient input parsing. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-1050.
symlink following in WriteToCachedFile allows host file overwrite from virt-launcher. Red Hat rates this moderate (CVSS 4.2). Weakness: CWE-61.
SSRF in virt-api port-forward via unvalidated guest-agent-reported IP. Red Hat rates this moderate (CVSS 6.4). Weakness: CWE-918.
fix bulk-out buffer overflow. Red Hat rates this moderate (CVSS 5.3). Weakness: CWE-787.
Skip remove_waiter() when waiter is not enqueued. Red Hat rates this moderate (CVSS 5.5). Weakness: CWE-476.
Fix DMA and xdp_frame leak on XDP_TX xmit failure. Red Hat rates this moderate (CVSS 5.5). Weakness: CWE-772.