VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
1625 advisories across 32 monitored vendors.
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, an authenticated user with subscription deny permissions could bypass a plain subject deny rule by using a queue subscription, because queue-specific deny evaluation could override the plain subject deny result when the queue name itself was not denied. This issue is fixed in versions 2.14.0, 2.12.7, and 2.11.16. An authenticated user with specific permissions could bypass security rules designed to deny access to certain message subjects. This bypass occurs when a queue subscription is used, allowing the user to access information that should otherwise be restricted. The consequence is unauthorized information disclosure, potentially exposing sensitive data. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Weakness: CWE-551. Red Hat lists Red Hat Hardened Images as not affected.
pypdf is a free and open-source pure-python PDF library. Prior to 6.14.1, an attacker can craft a PDF with a page content stream containing a not terminated inline image, causing an infinite loop during inline image end marker detection such as when extracting page text. This issue is fixed in version 6.14.1. When a user processes this crafted PDF, such as during text extraction, the vulnerability causes an infinite loop, leading to a Denial of Service (DoS) condition. This issue impacts the availability of the pypdf application. This Moderate-impact flaw in the pypdf library can lead to a denial of service. A remote attacker could provide a specially crafted PDF document containing an unterminated inline image, causing an infinite loop when the document is processed, such as during text extraction. This issue primarily affects the availability of applications that handle untrusted PDF content. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Weakness: CWE-835. Affected Red Hat products: Exploit Intelligence; OpenShift Lightspeed; Red Hat Ansible Automation Platform 2; Red Hat Enterprise Linux AI (RHEL AI) 3; Red Hat OpenShift AI (RHOAI); Red Hat Quay 3. Red Hat does not currently list a fixing RHSA for this CVE.
pypdf is a free and open-source pure-python PDF library. Prior to 6.14.2, an attacker can craft a PDF with a page content stream containing a not terminated inline image that uses the ASCII85 or ASCIIHex filters, causing an infinite loop during parsing such as when extracting page text. This issue is fixed in version 6.14.2. When this crafted PDF is parsed, it can lead to an infinite loop, resulting in a denial of service (DoS) due to resource exhaustion. This Moderate flaw in the pypdf library allows a remote attacker to trigger a denial of service by providing a specially crafted PDF file. While requiring user interaction to process a malicious PDF, the issue can lead to service unavailability in applications utilizing pypdf for PDF processing. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Weakness: CWE-606. Affected Red Hat products: Red Hat Enterprise Linux AI (RHEL AI) 3; Red Hat OpenShift AI (RHOAI). Under investigation: Exploit Intelligence; OpenShift Lightspeed; Red Hat Ansible Automation Platform 2; Red Hat Quay 3. Red Hat does not currently list a fixing RHSA for this CVE.
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.10-stable, LiteLLM's /health/test_connection endpoint resolved request-supplied environment and OIDC file references in litellm_params, allowing a proxy administrator or another privileged caller with permission to test model connections to read files from the local filesystem via an oidc/file/ reference. This issue is fixed in version 1.83.10-stable. A flaw was found in LiteLLM, a proxy server for Large Language Model (LLM) APIs. This unauthorized file access could lead to information disclosure. LiteLLM Proxy Server exposes a POST /health/test_connection endpoint that resolves os.environ/ references supplied in request parameters and reads OIDC credential files via the oidc/file/ secret provider without restricting the file path to an approved credentials directory. Red Hat components that use the litellm Python package only as an LLM client library (litellm.completion()/litellm.acompletion() and similar), without running the LiteLLM Proxy Server, do not expose this endpoint and are not affected. Red Hat severity: Moderate — CVSS 4.9 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). Weakness: CWE-22. Red Hat lists Exploit Intelligence; Lightspeed Core; Red Hat Ansible Automation Platform 2; Red Hat OpenShift AI (RHOAI) as not affected.
Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. From 1.9.0 before 1.22.0, onnx.version_converter.convert_version() can dereference a null pointer in Upsample_6_7::adapt_upsample_6_7() in onnx/version_converter/adapters/upsample_6_7.h when processing an untrusted model with an Upsample node that has zero inputs, causing an unrecoverable denial of service. This issue is fixed in version 1.22.0. This vulnerability allows a remote attacker to cause an unrecoverable denial of service (DoS) by providing a specially crafted untrusted model. The flaw occurs when the onnx.version_converter.convert_version() function attempts to process an Upsample node with zero inputs, leading to a null pointer dereference and a system crash. This Moderate impact denial of service flaw in Open Neural Network Exchange (ONNX) can be triggered when processing a specially crafted untrusted model. A remote attacker could exploit this by providing a malicious model with an Upsample node having zero inputs, leading to a null pointer dereference and an unrecoverable system crash. This requires user interaction to process the untrusted model. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Weakness: CWE-476. Affected Red Hat products: Red Hat OpenShift AI (RHOAI). Red Hat does not currently list a fixing RHSA for this CVE.
A flaw was found in `guardrails-detectors`, a component of Red Hat OpenShift AI. This vulnerability, known as Regular Expression Denial of Service (ReDoS), allows a remote attacker to provide specially crafted regular expressions to the public detection API. This can cause catastrophic backtracking, leading to a worker process consuming 100% CPU indefinitely and resulting in a denial of service for the entire guardrails-mediated LLM pipeline. Exploitation requires network adjacency, as end-users do not directly interact with the vulnerable API. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-1333. Affected Red Hat products: Red Hat OpenShift AI (RHOAI). Red Hat does not currently list a fixing RHSA for this CVE.
pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with repeated malformed cross-reference streams that cause pypdf to spend long runtimes recovering broken cross-reference table entries. This issue is fixed in version 6.14.0. A remote attacker could exploit this vulnerability by crafting a malicious PDF file containing repeated malformed cross-reference streams. This could cause the pypdf library to spend excessive time recovering broken cross-reference table entries, leading to a denial of service (DoS) condition for applications processing such files. An attacker could exploit this by providing a specially crafted PDF with malformed cross-reference streams, causing significantly extended processing time. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Weakness: CWE-1050. Affected Red Hat products: Exploit Intelligence; OpenShift Lightspeed; Red Hat Ansible Automation Platform 2; Red Hat Enterprise Linux AI (RHEL AI) 3; Red Hat OpenShift AI (RHOAI); Red Hat Quay 3. Red Hat does not currently list a fixing RHSA for this CVE.
pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with declared image size values that are much too large compared to the actual data, causing large memory usage in pypdf image parsing. This issue is fixed in version 6.14.0. Moderate: A flaw in the pypdf library allows an attacker to craft a malicious PDF with oversized image declarations, leading to excessive memory consumption during parsing. This could result in a denial of service on systems processing untrusted PDF files. Red Hat severity: Moderate — CVSS 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Weakness: CWE-770. Affected Red Hat products: Exploit Intelligence; OpenShift Lightspeed; Red Hat Ansible Automation Platform 2; Red Hat Enterprise Linux AI (RHEL AI) 3; Red Hat OpenShift AI (RHOAI); Red Hat Quay 3. Red Hat does not currently list a fixing RHSA for this CVE.
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the Include directive in src/mistune/directives/include.py detects only direct self-includes and not indirect cycles, allowing two markdown files that include each other to trigger unbounded recursion, raise RecursionError, and crash the rendering request. This issue is fixed in version 3.3.0. This oversight allows for unbounded recursion, which can lead to a `RecursionError` and crash the rendering request, resulting in a Denial of Service (DoS) for the application using the parser. This flaw in the Mistune Include directive can cause a denial of service when an application explicitly enables the Include plugin and renders user-controlled Markdown files from disk. Exploitation requires an attacker to place at least two coordinated Markdown files on the include search path; default Mistune configurations that parse inline strings without the Include plugin are not affected. Red Hat severity: Moderate — CVSS 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Weakness: CWE-835. Affected Red Hat products: Migration Toolkit for Applications 8. Under investigation: Red Hat OpenShift AI (RHOAI); Red Hat OpenShift Container Platform 4; Red Hat Satellite 6. Red Hat does not currently list a fixing RHSA for this CVE.
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a Markdown document containing many repeated or distinct reference-link definitions causes quadratic work in src/mistune/block_parser.py and the ref_links environment dictionary handling, allowing denial of service through CPU exhaustion. This issue is fixed in version 3.3.0. A remote attacker could exploit this vulnerability by providing a specially crafted Markdown document containing numerous repeated or distinct reference-link definitions. This can lead to excessive processing, causing CPU exhaustion and a denial of service (DoS) for the affected system. This triggers excessive CPU consumption during parsing, which may render affected applications unresponsive and result in a denial of service. Red Hat uses PR:L because delivering the crafted Markdown document document to Mistune will require authenticated access in affected products, platform login/RBAC prevents unauthenticated remote submission in default deployments. The upstream PR:N score assumes any Internet-facing app parsing untrusted Markdown without authentication. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-606. Affected Red Hat products: Migration Toolkit for Applications 8; Red Hat OpenShift AI (RHOAI); Red Hat OpenShift Container Platform 4; Red Hat Satellite 6.
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the safe_url filter in src/mistune/renderers/html.py blocks only javascript:, vbscript:, file:, and data: schemes, allowing legacy or chained schemes such as feed:, view-source:, jar:, livescript:, mocha:, ms-its:, mk:, and res: to reach rendered href and src attributes and potentially execute script in affected user agents. This issue is fixed in version 3.3.0. The `safe_url` filter, intended to prevent malicious Uniform Resource Locators (URLs), did not adequately block all potentially harmful schemes. This oversight allows an attacker to embed specially crafted URLs using legacy or chained schemes within rendered HTML attributes. Consequently, a remote attacker could exploit this to execute arbitrary script code in a user's browser, leading to a Cross-Site Scripting (XSS) vulnerability. This Moderate-impact flaw in Mistune, a Python Markdown parser, allows for Cross-Site Scripting (XSS) due to insufficient filtering of URL schemes. Exploitation requires a user to process specially crafted Markdown content, which could lead to arbitrary script execution in the user browser. Red Hat products that utilize Mistune to render untrusted Markdown input are susceptible to this vulnerability. Red Hat severity: Moderate — CVSS 6.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Weakness: CWE-79.
OpenVPN Access Server 2.7.2 through 3.1.0 accepts bare line-feed sequences inside HTTP header values, allowing remote attackers to perform HTTP request smuggling when deployed behind a reverse proxy The issue stems from the server accepting unstandardized bare line-feed sequences in HTTP headers. Red Hat severity: Moderate — CVSS 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). Weakness: CWE-444.
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, long sequences of well-formed double-asterisk or triple-asterisk emphasis pairs around a character cause quadratic work in src/mistune/inline_parser.py because the parser scans forward for matching close markers from every potential opening run, allowing denial of service in default Mistune parsing. This issue is fixed in version 3.3.0. An attacker can exploit this vulnerability by providing specially crafted Markdown input containing long sequences of emphasis pairs. This can cause the parser to perform excessive computational work, leading to a denial of service (DoS) condition in the default Mistune parsing. This can lead to resource exhaustion and service unavailability in applications utilizing Mistune, where user-controlled Markdown input is processed. Red Hat assigns PR:L in the product-specific CVSS base score because delivering the crafted Markdown document to Mistune requires authenticated access in affected products; platform login and RBAC prevent unauthenticated remote submission in default deployments. The upstream PR:N score assumes any Internet-facing application parsing untrusted Markdown without authentication. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-1333.
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, render_admonition() in src/mistune/directives/admonition.py concatenates the Admonition directive :class: option into the HTML class attribute without escaping, allowing attribute injection and cross-site scripting even when HTMLRenderer escape mode is enabled. This issue is fixed in version 3.2.1. A remote attacker could exploit this by providing specially crafted input, leading to the execution of arbitrary script code in the user's browser. This Moderate flaw in the Mistune Markdown parser allows for Cross-Site Scripting (XSS) due to improper sanitization of user-controlled input within the Admonition directive's class attribute. This vulnerability requires user interaction with malicious content for successful exploitation. Red Hat severity: Moderate — CVSS 5.4 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N). Weakness: CWE-79. Affected Red Hat products: Migration Toolkit for Applications 8; Red Hat OpenShift AI (RHOAI); Red Hat OpenShift Container Platform 4. Under investigation: Red Hat Satellite 6. Red Hat does not currently list a fixing RHSA for this CVE.
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, HTMLRenderer.safe_url() does not block percent-encoded javascript URIs, allowing attacker-supplied Markdown links or images to bypass URL protections and execute script in rendered HTML. This issue is fixed in version 3.3.0. This can lead to the execution of arbitrary scripts in the rendered HTML, potentially compromising the user's system. Red Hat products ship python-mistune in both the older 0.8.x series and newer 3.x series. The URL sanitization bypass applies to both versions: the 0.8.x escape_link() function and the 3.x safe_url() function both fail to decode percent-encoded characters before checking for dangerous URI schemes. Exploitation requires an attacker who can inject Markdown content into an application that renders it with mistune, and a victim who clicks the malicious link. This limits the exposure. Red Hat severity: Moderate — CVSS 6.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Weakness: CWE-79. Affected Red Hat products: Migration Toolkit for Applications 8; Red Hat OpenShift AI (RHOAI); Red Hat OpenShift Container Platform 4. Under investigation: Red Hat Satellite 6. Red Hat does not currently list a fixing RHSA for this CVE.
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the toc plugin and TableOfContents directive generate heading IDs as predictable toc_N values without slugifying the heading text, allowing attacker-controlled id="toc_N" content to collide with generated anchors and redirect same-page navigation, CSS selectors, or JavaScript handlers. This issue is fixed in version 3.3.0. This could lead to unexpected behavior or information disclosure within the application. This flaw has a Moderate impact on Red Hat products that ship mistune 3.x with the toc plugin. Exploitation requires the attacker to submit Markdown content to a multi-author rendering context where toc is enabled, limiting the practical attack surface. Red Hat severity: Moderate — CVSS 4.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N). Weakness: CWE-79. Affected Red Hat products: Migration Toolkit for Applications 8; Red Hat OpenShift AI (RHOAI). Under investigation: Red Hat OpenShift AI (RHOAI); Red Hat Satellite 6. Red Hat lists Red Hat OpenShift Container Platform 4 as not affected. Red Hat does not currently list a fixing RHSA for this CVE.
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unicode normalization, so on macOS APFS or HFS+ an NFD file name could bypass an NFC exclusion rule and be packed into a source distribution. This issue is fixed in version 83.0.0. A flaw was found in setuptools, a Python package management tool. The FileList component, responsible for handling file exclusions, did not properly normalize Unicode file names when applying exclusion rules. As a result, sensitive files that should have been excluded could be inadvertently included in a source distribution, leading to information disclosure. Red Hat severity: Moderate — CVSS 6.1 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N). Weakness: CWE-1025.
CVE-2026-0281 PAN-OS: Information Disclosure Vulnerability in Management Web Interface
CVE-2026-0279 PAN-OS: Multiple Cross-Site Scripting (XSS) Vulnerabilities
CVE-2026-0282 PAN-OS: File Deletion Vulnerability in Management Web Interface