VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
1836 advisories across 32 monitored vendors.
Use-after-free in the DOM: Core & HTML component. Red Hat rates this important (CVSS 7.5). Weakness: CWE-825. Affected package(s): thunderbird, firefox. Resolved in Red Hat advisory RHSA-2026:10757 — update the affected packages (`sudo dnf update`).
Arbitrary code execution via integer overflow in EXR image processing. Red Hat rates this important (CVSS 8.2). Weakness: CWE-190. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Arbitrary file overwrite via symbolic link following. Red Hat rates this moderate (CVSS 7.1). Weakness: CWE-59. Affected package(s): rhoai/odh-mlserver-rhel9:1778262856, rhoai/odh-feature-server-rhel9:1780069135, rhoai/odh-kserve-storage-initializer-rhel9:1780069127, rhoai/odh-vllm-gaudi-rhel9:1780069069, satellite/iop-host-inventory-rhel9:1780414237, rhoai/odh-vllm-gaudi-rhel9:1778600187. Resolved in Red Hat advisory RHSA-2026:19712 — update the affected packages (`sudo dnf update`).
Authentication bypass via improper JWT validation. Red Hat rates this important (CVSS 8.6). Weakness: CWE-303. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Memory corruption vulnerability via Double-Free/Use-After-Free. Red Hat rates this important (CVSS 7.3). Weakness: CWE-1341. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
vibrantlabsai RAGAS: vibrantlabsai RAGAS: Server-Side Request Forgery via retrieved_contexts argument manipulation. Red Hat rates this important (CVSS 8.1). Weakness: CWE-918. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Arbitrary code execution via injected protobuf definition type fields. Red Hat rates this important (CVSS 8.8). Weakness: CWE-94. Affected package(s): rhdh/rhdh-hub-rhel9:1779841586, rhdh/rhdh-hub-rhel9:1781187342, rhoai/odh-mod-arch-model-registry-rhel9:1780467147, rhoai/odh-dashboard-rhel9:1780467029. Resolved in Red Hat advisory RHSA-2026:21338 — update the affected packages (`sudo dnf update`).
Server-Side Template Injection via expression execution bypass. Red Hat rates this important (CVSS 8.5). Weakness: CWE-917. Affected package(s): devspaces/openvsx-rhel9:1779528224, devspaces/pluginregistry-rhel9:1779359423. Resolved in Red Hat advisory RHSA-2026:21772 — update the affected packages (`sudo dnf update`).
Server-Side Template Injection via security bypass in expression execution. Red Hat rates this important (CVSS 8.5). Weakness: CWE-917. Affected package(s): devspaces/openvsx-rhel9:1779528224, devspaces/pluginregistry-rhel9:1779359423. Resolved in Red Hat advisory RHSA-2026:21772 — update the affected packages (`sudo dnf update`).
cloud metadata SSRF via FQDN-typed EndpointSlice bypasses destination validation. Red Hat rates this important (CVSS 7.7). Weakness: CWE-918. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Information disclosure of preshared API key via playground endpoint. Red Hat rates this important (CVSS 7.5). Weakness: CWE-201. Affected package(s): multicluster-globalhub/multicluster-globalhub-grafana-rhel9:1779925273, rhacm2/acm-grafana-rhel9:1780677003. Resolved in Red Hat advisory RHSA-2026:24539 — update the affected packages (`sudo dnf update`).
mTLS client certificate spoofing via unstripped X-SSL-Client headers on HTTP frontend. Red Hat rates this important (CVSS 7.4). Weakness: CWE-287. Affected package(s): openshift4/ose-haproxy-router-rhel9:1781552170, openshift4/ose-haproxy-router-rhel9:1781643967, openshift4/ose-haproxy-router-rhel9:1781639027. Resolved in Red Hat advisory RHSA-2026:27063 — update the affected packages (`sudo dnf update`).
Privilege Escalation via improper privilege management. Red Hat rates this important (CVSS 7). Weakness: CWE-273. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Denial of Service via unauthenticated root token generation or rekey operations. Red Hat rates this important (CVSS 7.5). Weakness: CWE-770. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Information disclosure of authentication tokens via incorrect header handling. Red Hat rates this important (CVSS 7.5). Weakness: CWE-201. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Denial of Service due to unauthorized secret deletion via policy bypass. Red Hat rates this important (CVSS 8.1). Weakness: CWE-639. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Denial of service via stack buffer overflow during QUIC handshake. Red Hat rates this important (CVSS 7.5). Weakness: CWE-120. Affected package(s): samba, ngtcp2-main. Resolved in Red Hat advisory RHSA-2026:22963 — update the affected packages (`sudo dnf update`).
APCB SMM driver: kernel: linux-firmware: AMD APCB SMM driver: Arbitrary Code Execution via incorrect boot service use. Red Hat rates this important (CVSS 7.5). Weakness: CWE-648. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
path traversal via the .install field. Red Hat rates this important (CVSS 7.1). Weakness: CWE-24. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Use-after-free vulnerability in extended attribute handling. Red Hat rates this important (CVSS 7.4). Weakness: CWE-805. Affected package(s): rsync, rhcos, discovery/discovery-ui-rhel9:1782166952. Resolved in Red Hat advisory RHSA-2026:25044 — update the affected packages (`sudo dnf update`).