VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
1076 advisories across 32 monitored vendors.
showdown contains a stored cross-site scripting vulnerability in the parseHeaders function of src/subParsers/makehtml/tables.js that fails to properly escape table header ID attributes. Attackers can inject arbitrary HTML and script-executing SVG elements through double-quote characters in markdown table headers, achieving stored XSS when untrusted markdown is rendered with the default github flavor configuration. A flaw was found in Showdown. This vulnerability, a stored cross-site scripting (XSS) issue, allows an attacker to inject malicious code into web pages. When untrusted markdown is processed, this can lead to the execution of malicious scripts in a user's web browser, potentially compromising user data or session integrity. Showdown, as integrated into Red Hat products, is susceptible to a stored cross-site scripting vulnerability. Affected versions: <= 2.1.0. Red Hat severity: Moderate — CVSS 6.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Weakness: CWE-79. Affected Red Hat products: Cryostat 4; Multicluster Engine for Kubernetes; Node HealthCheck Operator; Red Hat 3scale API Management Platform 2; Red Hat Advanced Cluster Management for Kubernetes 2; Red Hat Ansible Automation Platform 2; Red Hat OpenShift AI (RHOAI); Red Hat OpenShift Container Platform 4; Red Hat OpenShift Virtualization 4; Red Hat Quay 3.
showdown contains a cross-site scripting vulnerability in metadata title handling that allows attackers to inject arbitrary HTML and JavaScript. When completeHTMLDocument option is enabled, unescaped less-than and greater-than characters in markdown frontmatter metadata are inserted directly into HTML title tags, enabling attackers to break out of the title context and execute malicious scripts in the rendered page. A flaw was found in showdown. This cross-site scripting (XSS) vulnerability occurs in the metadata title handling when the `completeHTMLDocument` option is enabled. This allows the attacker to break out of the HTML title context and execute arbitrary HTML and JavaScript, potentially leading to information disclosure or arbitrary code execution in the user's browser. Red Hat rates this flaw as Moderate. Exploitation requires two non-default showdown options enabled simultaneously: metadata and completeHTMLDocument, both of which default to false. Red Hat products that ship showdown do not enable completeHTMLDocument in their default configurations, which reduces the likelihood of exploitation. Red Hat severity: Moderate — CVSS 6.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Weakness: CWE-79.
Denial of Service via crafted prompt in /v1/completions request. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-617.
Denial of Service due to excessive memory allocation via oversized audio file uploads. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-770.
Arbitrary command injection via shell metacharacters in file paths. Red Hat rates this moderate (CVSS 4.5). Weakness: CWE-78.
From CVEorg collector. Red Hat rates this moderate (CVSS 5.3). Weakness: CWE-617.
LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to 0.8.18, an attacker who can send an HTTP request to a server running the LangSmith SDK's TracingMiddleware can cause that server to read an arbitrary file from its local filesystem and upload the contents to LangSmith as a trace attachment. Depending on how the distributed trace system is deployed, triggering a read may not require authentication. Retrieving the contents requires read access to the LangSmith workspace the traces are sent to. The net effect is a trust-boundary crossing: a party with workspace trace-read access (for example a low-privilege workspace member, a contractor, or a compromised teammate account) gains the ability to read files from any server running TracingMiddleware, a capability outside that workspace's intended trust boundary. This vulnerability is fixed in 0.8.18. This Moderate-impact information disclosure flaw in LangSmith Client SDK's TracingMiddleware allows an authenticated attacker with trace-read access to a LangSmith workspace to read arbitrary files from a server running the middleware. This represents a trust-boundary crossing, enabling unauthorized access to local filesystem data on affected systems where the TracingMiddleware is exposed via HTTP. Red Hat severity: Moderate — CVSS 5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).
NestedSecretsSettingsSource follows symlinks outside secrets_dir, enabling local file read and bypassing secrets_dir_max_size. Red Hat rates this moderate (CVSS 5.3). Weakness: CWE-22.
From CVEorg collector. Red Hat rates this moderate (CVSS 4.9).
Information disclosure via error messages containing sensitive data. Red Hat rates this moderate (CVSS 5.3). Weakness: CWE-209.
Information disclosure via error messages containing sensitive data. Red Hat rates this important (CVSS 5.3). Weakness: CWE-209.
Message redirection and injection via header manipulation. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-20.
CLI argument injection and path traversal. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-78.
Integer overflow allows local impact. Red Hat rates this moderate (CVSS 5.3). Weakness: CWE-190.
A flaw exists in the org.keycloak.broker.oidc package where the OIDC broker incorrectly synchronizes the email_verified claim. When an OIDC identity provider is configured with trustEmail=true and the userinfo endpoint is enabled, Keycloak retrieves the email address from the userinfo response but retrieves the email_verified status exclusively from the id_token. The root cause is a lack of validation ensuring that the email_verified claim in the id_token actually refers to the email address returned by the userinfo endpoint. If these two sources return different email addresses, the id_token's email_verified=true claim is blindly applied to the userinfo email. Exploitation Conditions: The OIDC identity provider must have trustEmail set to true (non-default). The attacker must control or have compromised the upstream OIDC provider. Concrete Impact: Mark arbitrary email addresses as verified in the Keycloak database. Bypass email-based security controls or verification workflows. Potential account takeover if the application relies solely on the email_verified flag from the IdP to link accounts. Successful exploitation allows an attacker to cause an arbitrary email address to be marked as verified in Keycloak without proper validation. Red Hat severity: Moderate — CVSS 4.8 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). Weakness: CWE-1288.
Denial of Service via uncontrolled memory allocation in decodeFromByteBuffer. Red Hat rates this low (CVSS 5). Weakness: CWE-770. Red Hat lists fixing advisory RHSA-2026:26989 with package rust-main-1.96.1-1.hum1, netavark-main-2.0.0-1.hum1.
Information disclosure via out-of-bounds read. Red Hat rates this moderate (CVSS 4.3). Weakness: CWE-125.
Denial of Service vulnerability in PLY Model Handler. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-1341.
Denial of Service via malformed headers. Red Hat rates this moderate (CVSS 4.3). Weakness: CWE-248.
Arbitrary file opening and denial of service via exposed developer endpoints. Red Hat rates this moderate (CVSS 4.7). Weakness: CWE-940.