VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
Critical/high still unreviewed, or CISA KEV listed
Unauthorized access to trace data due to missing authorization validation. Red Hat rates this important (CVSS 8.1). Weakness: CWE-425.
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix UAF in l2cap_sock_cleanup_listen() vs l2cap_conn_del() bt_accept_dequeue() unlinks a not-yet-accepted child from the parent accept queue and release_sock()s it before returning, so the returned sk has no caller reference and is unlocked. l2cap_sock_cleanup_listen() walks these children on listening-socket close. A concurrent HCI disconnect drives hci_rx_work -> l2cap_conn_del() which runs l2cap_chan_del() + l2cap_sock_kill() and frees the child sk and its l2cap_chan; cleanup_listen() then uses both: BUG: KASAN: slab-use-after-free in l2cap_sock_kill l2cap_sock_kill / l2cap_sock_cleanup_listen / __x64_sys_close Freed by: l2cap_conn_del -> l2cap_sock_close_cb -> l2cap_sock_kill This is distinct from the two fixes already in this area: commit e83f5e24da741 ("Bluetooth: serialize accept_q access") serialises the accept_q list/poll and takes temporary refs inside bt_accept_dequeue(), and CVE-2025-39860 serialises the userspace close()/accept() race by calling cleanup_listen() under lock_sock() in l2cap_sock_release(). Neither covers l2cap_conn_del() running from hci_rx_work, so this UAF still reproduces on current bluetooth/master.
Authentication bypass due to improper input neutralization. Red Hat rates this critical (CVSS 9.1). Weakness: CWE-140.
Remote code execution via JNDI injection. Red Hat rates this important (CVSS 7.5). Weakness: CWE-502.
SQL Injection vulnerability. Red Hat rates this important (CVSS 7.3). Weakness: CWE-89.
Security bypass via Container Device Interface (CDI) annotation smuggling during checkpoint restoration. Red Hat rates this important (CVSS 8.2). Weakness: CWE-807. Red Hat lists fixing advisory RHSA-2026:36873 with package rhacm2/submariner-rhel9-operator:1782933193, syft-main-1.46.0-0.1.hum1, trivy-main-0.69.3-1.2.hum1.
Privilege escalation via incorrect user ID handling. Red Hat rates this important (CVSS 7.8). Weakness: CWE-681. Red Hat lists fixing advisory RHSA-2026:35111 with package trivy-main-0.72.0-0.1.hum1.
Denial of Service via excessive HTTP headers. Red Hat rates this important (CVSS 7.5). Weakness: CWE-770.
Denial of Service via crafted ALZ file. Red Hat rates this important (CVSS 7.5). Weakness: CWE-120.
Denial of Service via crafted DMG file. Red Hat rates this important (CVSS 7.5). Weakness: CWE-190.
Denial of Service via crafted 7z file. Red Hat rates this important (CVSS 7.5). Weakness: CWE-120.
Denial of Service via crafted PESpin file. Red Hat rates this important (CVSS 7.5). Weakness: CWE-120.
Denial of Service via crafted InstallShield file. Red Hat rates this important (CVSS 7.5). Weakness: CWE-770.
Denial of Service via crafted Portable Executable (PE) files. Red Hat rates this important (CVSS 7.5). Weakness: CWE-787.
Denial of Service via crafted FSG file parsing. Red Hat rates this important (CVSS 7.5). Weakness: CWE-787.
NVIDIA Container Toolkit for Linux contains a vulnerability where an attacker could cause a time-of-check time-of-use race condition. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, and data tampering. Red Hat ships NVIDIA Container Toolkit version 1.19.1 in RHEL 9 and RHEL 10, which includes the fix for this vulnerability. Red Hat severity: Important — CVSS 8.5 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H). Weakness: CWE-367. Red Hat lists Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 9 as not affected.
Privilege escalation to administrator-level access via usergroup role assignment manipulation. Red Hat rates this important (CVSS 8.8). Weakness: CWE-266. Red Hat lists fixing advisory RHSA-2026:34366 with package foreman-0:3.14.0.17-1.el9sat, foreman-0:3.18.0.7-1.el9sat, foreman-0:3.12.0.17-1.el9sat, foreman-0:3.12.0.17-1.el8sat. Affected products named by the advisory: Red Hat Enterprise Linux 9; Red Hat Enterprise Linux 8.
Authentication bypass via predictable session IDs. Red Hat rates this important (CVSS 7.4). Weakness: CWE-331.
Host-root command execution via unvalidated image config labels in CRI plugin. Red Hat rates this important (CVSS 8.8). Weakness: CWE-78. Red Hat lists fixing advisory RHSA-2026:37252 with package rhacm2/submariner-rhel9-operator:1782933193, multicluster-engine/assisted-service-8-rhel8:1783332008, trivy-main-0.72.0-0.1.hum1, multicluster-engine/assisted-service-9-rhel9:1783350355.
In the Linux kernel, the following vulnerability has been resolved: fhandle: fix UAF due to unlocked ->mnt_ns read in may_decode_fh() may_decode_fh() accesses mount::mnt_ns without holding any locks; that means the mount can concurrently be unmounted, and the mnt_namespace can concurrently be freed after an RCU grace period. This race can happens as follows, assuming that the mount point was created by open_tree(..., OPEN_TREE_CLONE): thread 1 thread 2 RCU __do_sys_open_by_handle_at do_handle_open handle_to_path may_decode_fh is_mounted [mount::mnt_ns access] [mount::mnt_ns access] __do_sys_close fput_close_sync __fput dissolve_on_fput umount_tree class_namespace_excl_destructor namespace_unlock free_mnt_ns mnt_ns_tree_remove call_rcu(mnt_ns_release_rcu) mnt_ns_release_rcu mnt_ns_release kfree [mnt_namespace::user_ns access] **UAF** Fix it by taking rcu_read_lock() around the mount::mnt_ns access, like in __prepend_path(). Additionally, document the semantics of mount::mnt_ns, and use WRITE_ONCE() for writers that can race with lockless readers. This bug is unreachable unless one of the following is set: - CONFIG_PREEMPTION - CONFIG_RCU_STRICT_GRACE_PERIOD because it requires an RCU grace period to happen during a syscall without an explicit preemption.