VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
Critical/high still unreviewed, or CISA KEV listed
Arbitrary code execution via nested NodeVM bypass. Red Hat rates this important (CVSS 9.9). Weakness: CWE-1100. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Sandbox escape via arbitrary prototype access leading to arbitrary code execution. Red Hat rates this important (CVSS 10). Weakness: CWE-914. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Remote code execution via NodeVM builtin allowlist bypass. Red Hat rates this important (CVSS 9.9). Weakness: CWE-829. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Arbitrary code execution via sandbox escape. Red Hat rates this important (CVSS 10). Weakness: CWE-653. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Denial of Service via excessive multipart part headers. Red Hat rates this important (CVSS 7.5). Weakness: CWE-606. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Denial of Service due to excessive resource consumption from crafted MQTT 5 header. Red Hat rates this important (CVSS 7.5). Weakness: CWE-770. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Denial of Service via unbounded memory allocation in HTTP content decompression. Red Hat rates this important (CVSS 7.5). Weakness: CWE-770. Affected package(s): devspaces/pluginregistry-rhel9:1780696380, cryostat/jfr-datasource-rhel9:4.2.0, netty-codec-http, devspaces/openvsx-rhel9:1780948325, devspaces/server-rhel9:1780694994, cryostat/cryostat-reports-rhel9:4.2.0. Resolved in Red Hat advisory RHSA-2026:23808 — update the affected packages (`sudo dnf update`).
Incorrect HTTP response parsing leads to data confusion. Red Hat rates this important (CVSS 7.3). Weakness: CWE-444. Affected package(s): devspaces/pluginregistry-rhel9:1780696380, cryostat/jfr-datasource-rhel9:4.2.0, netty-codec-http, devspaces/openvsx-rhel9:1780948325, devspaces/server-rhel9:1780694994, cryostat/cryostat-reports-rhel9:4.2.0. Resolved in Red Hat advisory RHSA-2026:23808 — update the affected packages (`sudo dnf update`).
Denial of Service via excessive memory allocation in LZ4FrameDecoder. Red Hat rates this important (CVSS 7.5). Weakness: CWE-770. Resolved in Red Hat advisory RHSA-2026:34608 — update the affected packages (`sudo dnf update`).
High integrity impact due to improper DNS domain name constraint enforcement. Red Hat rates this important (CVSS 7.5). Weakness: CWE-1286. Affected package(s): netty-codec-dns, devspaces/pluginregistry-rhel9:1780696380, cryostat/jfr-datasource-rhel9:4.2.0, devspaces/openvsx-rhel9:1780948325, devspaces/server-rhel9:1780694994, cryostat/cryostat-reports-rhel9:4.2.0. Resolved in Red Hat advisory RHSA-2026:23808 — update the affected packages (`sudo dnf update`).
HTTP Header Injection via HttpProxyHandler Disabled Validation. Red Hat rates this important (CVSS 7.5). Weakness: CWE-93. Affected package(s): netty-handler-proxy, devspaces/pluginregistry-rhel9:1780696380, cryostat/jfr-datasource-rhel9:4.2.0, devspaces/openvsx-rhel9:1780948325, devspaces/server-rhel9:1780694994, cryostat/cryostat-reports-rhel9:4.2.0. Resolved in Red Hat advisory RHSA-2026:23808 — update the affected packages (`sudo dnf update`).
HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers. Red Hat rates this important (CVSS 7.2). Weakness: CWE-444. Affected package(s): devspaces/pluginregistry-rhel9:1780696380, cryostat/jfr-datasource-rhel9:4.2.0, netty-codec-http, devspaces/openvsx-rhel9:1780948325, devspaces/server-rhel9:1780694994, cryostat/cryostat-reports-rhel9:4.2.0. Resolved in Red Hat advisory RHSA-2026:23808 — update the affected packages (`sudo dnf update`).
Denial of Service via host memory exhaustion. Red Hat rates this important (CVSS 8.6). Weakness: CWE-1285. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Sandbox escape leads to Denial of Service. Red Hat rates this important (CVSS 8.6). Weakness: CWE-248. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Remote code execution due to path restriction bypass via symlinks. Red Hat rates this important (CVSS 8.5). Weakness: CWE-59. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Information disclosure via security fix bypass in middleware with Turbopack. Red Hat rates this important (CVSS 7.5). Weakness: CWE-358. Affected package(s): next. Resolved in Red Hat advisory RHSA-2026:34608 — update the affected packages (`sudo dnf update`).
Denial of Service via crafted POST requests to server actions. Red Hat rates this important (CVSS 7.5). Weakness: CWE-833. Affected package(s): next. Resolved in Red Hat advisory RHSA-2026:34608 — update the affected packages (`sudo dnf update`).
Server-Side Request Forgery via crafted WebSocket upgrade requests. Red Hat rates this important (CVSS 8.6). Weakness: CWE-918. Affected package(s): next. Resolved in Red Hat advisory RHSA-2026:34608 — update the affected packages (`sudo dnf update`).
Denial of Service via Image Optimization API. Red Hat rates this important (CVSS 7.5). Weakness: CWE-770. Affected package(s): next. Resolved in Red Hat advisory RHSA-2026:34608 — update the affected packages (`sudo dnf update`).
Authorization bypass via crafted query parameters. Red Hat rates this important (CVSS 8.1). Weakness: CWE-551. Affected package(s): next. Resolved in Red Hat advisory RHSA-2026:34608 — update the affected packages (`sudo dnf update`).