VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
1778 advisories across 32 monitored vendors.
SQL Injection vulnerability. Red Hat rates this important (CVSS 7.3). Weakness: CWE-89.
Security bypass via Container Device Interface (CDI) annotation smuggling during checkpoint restoration. Red Hat rates this important (CVSS 8.2). Weakness: CWE-807. Red Hat lists fixing advisory RHSA-2026:36873 with package rhacm2/submariner-rhel9-operator:1782933193, syft-main-1.46.0-0.1.hum1, trivy-main-0.69.3-1.2.hum1.
Privilege escalation via incorrect user ID handling. Red Hat rates this important (CVSS 7.8). Weakness: CWE-681. Red Hat lists fixing advisory RHSA-2026:35111 with package trivy-main-0.72.0-0.1.hum1.
Denial of Service via excessive HTTP headers. Red Hat rates this important (CVSS 7.5). Weakness: CWE-770.
Denial of Service via crafted ALZ file. Red Hat rates this important (CVSS 7.5). Weakness: CWE-120.
Denial of Service via crafted DMG file. Red Hat rates this important (CVSS 7.5). Weakness: CWE-190.
Denial of Service via crafted 7z file. Red Hat rates this important (CVSS 7.5). Weakness: CWE-120.
Denial of Service via crafted PESpin file. Red Hat rates this important (CVSS 7.5). Weakness: CWE-120.
Denial of Service via crafted InstallShield file. Red Hat rates this important (CVSS 7.5). Weakness: CWE-770.
Denial of Service via crafted Portable Executable (PE) files. Red Hat rates this important (CVSS 7.5). Weakness: CWE-787.
Denial of Service via crafted FSG file parsing. Red Hat rates this important (CVSS 7.5). Weakness: CWE-787.
NVIDIA Container Toolkit for Linux contains a vulnerability where an attacker could cause a time-of-check time-of-use race condition. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, and data tampering. Red Hat ships NVIDIA Container Toolkit version 1.19.1 in RHEL 9 and RHEL 10, which includes the fix for this vulnerability. Red Hat severity: Important — CVSS 8.5 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H). Weakness: CWE-367. Red Hat lists Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 9 as not affected.
Privilege escalation to administrator-level access via usergroup role assignment manipulation. Red Hat rates this important (CVSS 8.8). Weakness: CWE-266. Red Hat lists fixing advisory RHSA-2026:34366 with package foreman-0:3.14.0.17-1.el9sat, foreman-0:3.18.0.7-1.el9sat, foreman-0:3.12.0.17-1.el9sat, foreman-0:3.12.0.17-1.el8sat. Affected products named by the advisory: Red Hat Enterprise Linux 9; Red Hat Enterprise Linux 8.
Authentication bypass via predictable session IDs. Red Hat rates this important (CVSS 7.4). Weakness: CWE-331.
Host-root command execution via unvalidated image config labels in CRI plugin. Red Hat rates this important (CVSS 8.8). Weakness: CWE-78. Red Hat lists fixing advisory RHSA-2026:37252 with package rhacm2/submariner-rhel9-operator:1782933193, multicluster-engine/assisted-service-8-rhel8:1783332008, trivy-main-0.72.0-0.1.hum1, multicluster-engine/assisted-service-9-rhel9:1783350355.
In the Linux kernel, the following vulnerability has been resolved: fhandle: fix UAF due to unlocked ->mnt_ns read in may_decode_fh() may_decode_fh() accesses mount::mnt_ns without holding any locks; that means the mount can concurrently be unmounted, and the mnt_namespace can concurrently be freed after an RCU grace period. This race can happens as follows, assuming that the mount point was created by open_tree(..., OPEN_TREE_CLONE): thread 1 thread 2 RCU __do_sys_open_by_handle_at do_handle_open handle_to_path may_decode_fh is_mounted [mount::mnt_ns access] [mount::mnt_ns access] __do_sys_close fput_close_sync __fput dissolve_on_fput umount_tree class_namespace_excl_destructor namespace_unlock free_mnt_ns mnt_ns_tree_remove call_rcu(mnt_ns_release_rcu) mnt_ns_release_rcu mnt_ns_release kfree [mnt_namespace::user_ns access] **UAF** Fix it by taking rcu_read_lock() around the mount::mnt_ns access, like in __prepend_path(). Additionally, document the semantics of mount::mnt_ns, and use WRITE_ONCE() for writers that can race with lockless readers. This bug is unreachable unless one of the following is set: - CONFIG_PREEMPTION - CONFIG_RCU_STRICT_GRACE_PERIOD because it requires an RCU grace period to happen during a syscall without an explicit preemption.
In the Linux kernel, the following vulnerability has been resolved: arm64: errata: Mitigate TLBI errata on various Arm CPUs A number of CPUs developed by Arm suffer from errata whereby a broadcast TLBI;DSB sequence may complete before the global observation of writes which are translated by an affected TLB entry. These errata ONLY affect the completion of memory accesses which have been translated by an invalidated TLB entry, and these errata DO NOT affect the actual invalidation of TLB entries. TLB entries are removed correctly. This issue has been assigned CVE ID CVE-2025-10263. To mitigate this issue, Arm recommends that software follows any affected TLBI;DSB sequence with an additional TLBI;DSB, which will ensure that all memory write effects affected by the first TLBI have been globally observed. The additional TLBI can use any operation that is broadcast to affected CPUs, and the additional DSB can use any option that is sufficient to complete the additional TLBI. The ARM64_WORKAROUND_REPEAT_TLBI workaround is sufficient to mitigate the issue. Enable this workaround for affected CPUs, and update the silicon errata documentation accordingly. Note that due to the manner in which Arm develops IP and tracks errata, some CPUs share a common erratum number. A flaw was found in the Linux kernel, affecting systems running on certain Arm processors.
In the Linux kernel, the following vulnerability has been resolved: net: rds: clear i_sends on setup unwind The RDS IB connection teardown path is written so it can run during partial startup and on repeated shutdown attempts. It uses NULL pointers to distinguish resources that are still owned from resources that have already been released. When rds_ib_setup_qp() fails after allocating i_sends but before allocating i_recvs, the sends_out path frees i_sends without clearing the pointer. A later shutdown pass can still treat that stale pointer as a live send ring allocation. Clear i_sends after vfree() in the error unwind path so the existing shutdown logic continues to use the correct ownership state. A flaw was found in the Linux kernel's Reliable Datagram Sockets (RDS) over InfiniBand (IB) connection teardown process. When the rds_ib_setup_qp() function fails to set up a connection, it may free a memory allocation (i_sends) without properly clearing the associated pointer. This can lead to a stale pointer being used in a subsequent shutdown operation, potentially causing incorrect memory access and system instability or a denial of service. Red Hat severity: Moderate — CVSS 7 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). Weakness: CWE-825. Affected Red Hat products: Red Hat Enterprise Linux 6. Will not fix / out of support: Red Hat Enterprise Linux 6.
Heap corruption and Denial of Service via integer overflow in JSON parsing. Red Hat rates this important (CVSS 7.5). Weakness: CWE-787.
Heap corruption via crafted JSON object key. Red Hat rates this important (CVSS 7.5). Weakness: CWE-131.