VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
Critical/high still unreviewed, or CISA KEV listed
DTLS certificate Subject DN stack buffer overflow in openssl_verify_callback. Red Hat rates this important (CVSS 7.5). Weakness: CWE-121.
A bug in `BaseSerialization.deserialize()` allowed unrestricted `import_string()` of attacker-controlled class paths when the Scheduler / API Server loaded a serialized DAG: a DAG author could embed a malicious trigger into a DAG to gain remote code execution on the API Server / Scheduler process, crossing the Airflow security boundary that DAG-author code must never execute in those processes. Users are advised to upgrade to `apache-airflow` 3.3.0 or later. As a defense-in-depth mitigation, deployments where DAG-author trust is limited can restrict the `[core] allowed_deserialization_classes` config to a narrow allowlist.
Heap overflow when preparsing SQL statements with excessive placeholders. Red Hat rates this important (CVSS 8.1). Weakness: CWE-131.
Heap buffer overflow in sasl_io_recv() via padded SASL UNBIND. Red Hat rates this important (CVSS 8.8). Weakness: CWE-122. Red Hat lists fixing advisory RHSA-2026:36209 with package redhat-ds:11-8060020260702180044.0ca98e7e, 389-ds:1.4-8060020260626130540.824efc52, redhat-ds:12-9040020260703055735.1674d574, redhat-ds:11-8100020260702145313.37ed7c03. Affected products named by the advisory: Red Hat Enterprise Linux 9; Red Hat Enterprise Linux 1; Red Hat Enterprise Linux 7.
sudo LDAP provider searches entire directory tree for sudoRole objects by default, enabling privilege escalation. Red Hat rates this important (CVSS 8.8). Weakness: CWE-1188.
A path traversal flaw was found in SSSD's AD GPO provider. The ad_gpo_extract_smb_components() function does not sanitize .. sequences in the gPCFileSysPath LDAP attribute, allowing an attacker with AD GPO management access to write files outside the GPO cache directory as root. On default RHEL configurations with SELinux enforcing, this can be used to inject Kerberos configuration leading to authentication bypass. SELinux blocks writes to most security-critical paths such as /etc/cron.d/. Red Hat severity: Moderate — CVSS 8 (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). Weakness: CWE-23. Affected Red Hat products: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9; Red Hat OpenShift Container Platform 4. Will not fix / out of support: Red Hat Enterprise Linux 6. Red Hat does not currently list a fixing RHSA for this CVE.
Use-after-free / double-free in query-completion handling. Red Hat rates this important (CVSS 7.5). Weakness: CWE-416.