VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
Critical/high still unreviewed, or CISA KEV listed
Insufficient policy enforcement in Service Worker. Red Hat rates this important (CVSS 9.3). Weakness: CWE-940. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Heap buffer overflow in WebRTC. Red Hat rates this important (CVSS 9.6). Weakness: CWE-120. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Use after free in QUIC. Red Hat rates this important (CVSS 9.8). Weakness: CWE-825. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Denial of Service and Information Disclosure vulnerability. Red Hat rates this important (CVSS 7.1). Weakness: CWE-125. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Heap buffer overflow vulnerability in image decoding. Red Hat rates this important (CVSS 7.1). Weakness: CWE-120. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Arbitrary code execution or denial of service via crafted HEIF/AVIF file. Red Hat rates this important (CVSS 8.8). Weakness: CWE-787. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Memory safety bugs fixed in Firefox ESR 115.36, Firefox ESR 140.11 and Firefox 151. Red Hat rates this important (CVSS 7.5). Weakness: CWE-787. Affected package(s): thunderbird, firefox. Resolved in Red Hat advisory RHSA-2026:26551 — update the affected packages (`sudo dnf update`).
Memory safety bugs fixed in Firefox 151. Red Hat rates this important (CVSS 7.5). Weakness: CWE-787. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Same-origin policy bypass in the DOM: Networking component. Red Hat rates this important (CVSS 7.5). Weakness: CWE-79. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Use-after-free in the DOM: Bindings (WebIDL) component. Red Hat rates this important (CVSS 7.5). Weakness: CWE-825. Affected package(s): thunderbird, firefox. Resolved in Red Hat advisory RHSA-2026:26551 — update the affected packages (`sudo dnf update`).
Incorrect boundary conditions in the Audio/Video: Web Codecs component. Red Hat rates this important (CVSS 7.5). Weakness: CWE-787. Affected package(s): thunderbird, firefox. Resolved in Red Hat advisory RHSA-2026:26551 — update the affected packages (`sudo dnf update`).
Sandbox escape in Firefox and Firefox Focus for Android. Red Hat rates this important (CVSS 7.5). Weakness: CWE-653. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Open redirect when using wildcard valid redirect URIs in Keycloak. Red Hat rates this important (CVSS 8.1). Weakness: CWE-601. Affected package(s): rhbk/keycloak-rhel9-operator, rhbk/keycloak-operator-bundle:26.4.12, rhbk/keycloak-operator-bundle:26.2.16, rhbk/keycloak-rhel9-operator:26.2, rhbk/keycloak-rhel9:26.4, rhbk/keycloak-rhel9:26.2. Resolved in Red Hat advisory RHSA-2026:19594 — update the affected packages (`sudo dnf update`).
Session fixation in OIDC login flow that can lead to account takeover. Red Hat rates this important (CVSS 7.5). Weakness: CWE-290. Affected package(s): rhbk/keycloak-rhel9-operator, rhbk/keycloak-operator-bundle:26.4.12, rhbk/keycloak-operator-bundle:26.2.16, rhbk/keycloak-rhel9-operator:26.2, rhbk/keycloak-rhel9:26.4, rhbk/keycloak-rhel9:26.2. Resolved in Red Hat advisory RHSA-2026:19594 — update the affected packages (`sudo dnf update`).
Access token disclosure and implicit flow bypass via forged client data. Red Hat rates this moderate (CVSS 7.1). Weakness: CWE-472. Affected package(s): rhbk/keycloak-operator-bundle:26.4.12, rhbk/keycloak-rhel9-operator, rhbk/keycloak-rhel9:26.4, rhbk/keycloak-rhel9-operator:26.4. Resolved in Red Hat advisory RHSA-2026:19596 — update the affected packages (`sudo dnf update`).
Denial of Service via specially crafted SAML input. Red Hat rates this important (CVSS 7.5). Weakness: CWE-1286. Affected package(s): rhbk/keycloak-rhel9, rhbk/keycloak-operator-bundle:26.4.12, rhbk/keycloak-operator-bundle:26.2.16, rhbk/keycloak-rhel9-operator:26.2, rhbk/keycloak-rhel9:26.4, rhbk/keycloak-rhel9:26.2. Resolved in Red Hat advisory RHSA-2026:19594 — update the affected packages (`sudo dnf update`).
Arbitrary code execution via crafted configuration module. Red Hat rates this important (CVSS 8.1). Weakness: CWE-502. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Remote Code Execution via Insecure Deserialization. Red Hat rates this important (CVSS 8.8). Weakness: CWE-502. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Insufficient policy enforcement in ServiceWorker. Red Hat rates this important (CVSS 7.4). Weakness: CWE-346. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Type Confusion in GFX. Red Hat rates this important (CVSS 8.2). Weakness: CWE-843. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.