VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
4108 advisories across 32 monitored vendors.
Heap out-of-bounds write via oversized raw file processing. Red Hat rates this moderate (CVSS 6.6). Weakness: CWE-787. Red Hat lists fixing advisory RHSA-2026:29986 with package jq-main-1.8.2-0.1.hum1.
Denial of Service via integer overflow and buffer overrun on 32-bit systems. Red Hat rates this moderate (CVSS 5.5). Weakness: CWE-190. Red Hat lists fixing advisory RHSA-2026:29986 with package jq-main-1.8.2-0.1.hum1.
pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm and pacquet expanded ${ENV_VAR} placeholders from repository-controlled .npmrc and pnpm-workspace.yaml into registry request destinations and registry credentials. A malicious repository could cause dependency resolution to send victim environment secrets to an attacker-selected registry before lifecycle scripts run. This vulnerability is fixed in 10.34.2 and 11.5.3. A malicious repository could exploit this vulnerability by crafting specific .npmrc or pnpm-workspace.yaml files. When these package managers process these files, they improperly expand environment variable placeholders, leading to the disclosure of sensitive victim environment secrets to an attacker-controlled registry. This could result in unauthorized access to confidential information. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). Weakness: CWE-15. Affected Red Hat products: Red Hat AMQ Broker 7; Red Hat Build of Keycloak; Red Hat JBoss Enterprise Application Platform 8; Red Hat JBoss Enterprise Application Platform Expansion Pack. Red Hat does not currently list a fixing RHSA for this CVE.
pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm can send user-level unscoped npm authentication credentials to a registry chosen by a repository-local .npmrc file. In the reproduced case, the user's npm config contains a default registry and an unscoped _authToken. The repository does not provide a token-bearing auth line. It only sets registry= to a different registry URL. During normal pnpm metadata/install workflows, pnpm binds the user-origin unscoped credential to the repository-selected registry and sends it as an Authorization header. This vulnerability is fixed in 10.34.0 and 11.4.0. During normal pnpm operations, the user's authentication token, intended for their default registry, can be inadvertently sent to a different, potentially malicious, registry. This could lead to the unauthorized disclosure of sensitive authentication tokens. This Moderate impact information disclosure flaw in pnpm allows an attacker to obtain user-level unscoped npm authentication credentials. When a user runs pnpm commands in a repository with a malicious local `.npmrc` file, their authentication token, intended for their default registry, can be redirected to an attacker-controlled registry. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Weakness: CWE-201.
pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm passes the lockfile-controlled git resolution.commit value to git fetch without a -- separator or commit-format validation. For git dependencies fetched through the shallow-fetch path, a malicious lockfile can replace the expected 40-character commit hash with a Git option such as --upload-pack=<command>. For SSH and local transports, --upload-pack can execute the supplied command. HTTPS transports ignore --upload-pack, so the practical attack surface is primarily SSH or local git dependencies. This vulnerability is fixed in 10.34.0 and 11.4.0. An attacker could exploit this vulnerability by providing a malicious lockfile, which could lead to arbitrary code execution. This Moderate severity flaw in pnpm allows for arbitrary code execution. The vulnerability arises from pnpm's improper handling of git dependency commit values from a malicious lockfile, specifically when using SSH or local git transports. Red Hat products utilizing pnpm, such as Konflux, Red Hat Build of Keycloak, Enterprise Application Platform, and Red Hat AMQ, are affected if they process untrusted pnpm-lock.yaml files with SSH or local git dependencies. Red Hat severity: Moderate — CVSS 6.4 (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N). Weakness: CWE-78.
pnpm is a package manager. However, plain pnpm install then performs a resolution repair, accepts the registry's new integrity, updates the lockfile, installs the new content, and exits successfully. This means the lockfile integrity check does not act as a hard stop by default. This vulnerability is fixed in 10.34.0 and 11.4.0. This could lead to the installation of unintended or malicious software, compromising the integrity and confidentiality of the system. Red Hat severity: Moderate — CVSS 6.8 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N). Weakness: CWE-494. Affected Red Hat products: Red Hat AMQ Broker 7; Red Hat Build of Keycloak; Red Hat JBoss Enterprise Application Platform 8; Red Hat JBoss Enterprise Application Platform Expansion Pack. Red Hat does not currently list a fixing RHSA for this CVE.
pnpm is a package manager. Prior to 10.34.2 and 11.5.3, Manifest bin object keys such as "", ".", and ".." passed pnpm's bin-name guard. When a malicious package was installed globally, later global remove, update, or add-replacement flows could re-derive those names from the installed manifest and pass path.join(globalBinDir, binName) to removeBin. For "." this targets the global bin directory; for ".." this targets its parent. This vulnerability is fixed in 10.34.2 and 11.5.3. When a malicious package with specially crafted manifest bin object keys (such as "." or "..") is installed globally, subsequent package management operations like removal, update, or replacement could lead to the deletion of critical directories. This requires an attacker to first trick a user into installing a malicious package globally, limiting the immediate exploitability in typical Red Hat deployments. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Weakness: CWE-22. Affected Red Hat products: Red Hat AMQ Broker 7; Red Hat Build of Keycloak; Red Hat JBoss Enterprise Application Platform 8; Red Hat JBoss Enterprise Application Platform Expansion Pack. Red Hat does not currently list a fixing RHSA for this CVE.
Attacker can re-enable and take over disabled clients via Registration Access Token. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-613. Red Hat lists fixing advisory RHSA-2026:30049 with package rhbk/keycloak-operator-bundle:26.4.13-1, rhbk/keycloak-rhel9-operator:26.4-19, rhbk/keycloak-rhel9, rhbk/keycloak-rhel9:26.6-8.
Information disclosure through arbitrary filesystem path probing. Red Hat rates this moderate (CVSS 4.9). Weakness: CWE-22. Red Hat lists fixing advisory RHSA-2026:30049 with package rhbk/keycloak-operator-bundle:26.4.13-1, rhbk/keycloak-rhel9-operator:26.4-19, rhbk/keycloak-rhel9, rhbk/keycloak-rhel9:26.6-8.
Vim is an open source, command line text editor. Prior to 9.2.0662, the dump_prefixes() function in src/spell.c walks a spell-file prefix trie iteratively with a depth counter while dumping the prefixes that apply to a word. The counter is bounded only by the trie structure itself; it is never checked against the size of the fixed MAXWLEN-element stack arrays it indexes (prefix[], arridx[], curi[]). A crafted .spl file, loaded when the user dumps the word list, can drive the descent arbitrarily deep, so the function writes past the end of those arrays. This is a stack out-of-bounds write that corrupts the call frame and crashes the editor. This vulnerability is fixed in 9.2.0662. A remote attacker could exploit this vulnerability by convincing a user to load a specially crafted spell file. This leads to a Denial of Service (DoS), making the editor unavailable to the user. A flaw was found in Vim's spell file handling. The dump_prefixes() function in src/spell.c does not validate the depth of the prefix trie against the size of fixed-size stack arrays, allowing a crafted .spl file to cause a stack out-of-bounds write and crash. Red Hat ships Vim in all RHEL versions and OpenShift CoreOS. Exploitation requires a user to load a malicious spell file and run :spelldump or spelling completion. Red Hat severity: Moderate — CVSS 5.5 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).
Vim is an open source, command line text editor. Prior to 9.2.0670, get_text_props() in src/textprop.c reads a uint16 property count stored inline after a line's text and returns it as the number of 32-byte textprop_T entries that follow. The only check is a floor that guarantees room for a single entry; the count is never checked against the amount of data actually present. A line that declares a large count while carrying little data causes consumers to read far past the end of the line buffer. Such a line can be delivered through a crafted undo file, leading to a crash. This vulnerability is fixed in 9.2.0670. A flaw in Vim allows an attacker to cause a Denial of Service (DoS) via an application crash. If a user opens a maliciously crafted undo file, an out-of-bounds read is triggered in the get_text_props() function due to missing length validation on property counts. Exploitation requires specific user interaction; the vulnerability only triggers when a local user is tricked into opening a specially crafted undo file in Vim. This limits the attack surface to scenarios where untrusted files are intentionally processed Red Hat severity: Moderate — CVSS 5.5 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Weakness: CWE-125. Affected Red Hat products: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 9; Red Hat OpenShift Container Platform 4.
Out-of-bounds Read with libsodium-encrypted Files. Red Hat rates this moderate (CVSS 4.7). Weakness: CWE-125. Red Hat lists fixing advisory RHSA-2026:30267 with package vim-main-9.2.725-1.hum1.
Vim is an open source, command line text editor. From 9.1.1784 until 9.2.0678, when the bundled zip plugin autoload/zip.vim falls back to PowerShell to browse, read, extract, update or delete entries in a zip archive, it builds the PowerShell command by inserting archive entry names that are quoted only for the shell, not for PowerShell. A crafted entry name can break out of the intended string context and cause PowerShell to execute arbitrary commands with the privileges of the user running Vim, triggered by opening, viewing or extracting the archive. This vulnerability is fixed in 9.2.0678. A security vulnerability exists in the Vim text editor. If a user opens a specially crafted ZIP file in Vim, it can trick the application into running hidden, harmful commands on their computer. This specific issue is only triggered if Vim relies on PowerShell to open the ZIP file. This vulnerability was introduced in Vim version 9.1.1784. Because Red Hat products do not ship this version, they are unaffected. Red Hat severity: Moderate — CVSS 5.8 (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L). Weakness: CWE-78. Red Hat lists Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9; Red Hat OpenShift Container Platform 4 as not affected.
Vim is an open source, command line text editor. From 9.2.0320 until 9.2.0679, a crafted undo or swap file can store a virtual-text property whose offset and length point outside the line's property data. When Vim restores or displays such a line it converts the offset into a pointer and reads the virtual text without bounds checking, causing an out-of-bounds read that can crash Vim or disclose adjacent heap memory. This vulnerability is fixed in 9.2.0679. A local attacker could exploit this vulnerability by providing a specially crafted undo or swap file. When Vim processes this file, an out-of-bounds read occurs, which can lead to the disclosure of sensitive information from memory or cause the application to crash, resulting in a denial of service (DoS). This vulnerability was introduced in Vim version 9.2.0320. Because Red Hat products do not ship this version, they are unaffected. Red Hat severity: Moderate. Weakness: CWE-125. Red Hat lists Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9; Red Hat OpenShift Container Platform 4 as not affected.
Denial of Service via stack out-of-bounds write in spell_soundfold_sofo(). Red Hat rates this moderate (CVSS 4.7). Weakness: CWE-787. Red Hat lists fixing advisory RHSA-2026:30267 with package vim-main-9.2.725-1.hum1.
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, XInclude substitution performed by Nokogiri::XML::Node#do_xinclude replaced each <xi:include> in place, freeing the include node along with its children (such as <xi:fallback> and its descendants) and any namespaces declared on them. If an application had already exposed one of those nodes or namespaces to Ruby, the corresponding Ruby object was left pointing at freed memory. Using the object could result in invalid reads or writes to memory. This vulnerability is fixed in 1.19.4. When performing XInclude substitutions, the library prematurely frees memory associated with nodes and namespaces. If an application has exposed these freed objects to Ruby, a local attacker could potentially trigger invalid reads or writes to memory. This memory corruption could lead to information disclosure or denial of service. Red Hat products ship Nokogiri as a dependency of several components. The impact on Red Hat products is rated Moderate because exploitation requires the application to both perform XInclude substitution and separately retain references to nodes or namespaces within the substituted elements — a combination that is uncommon in typical usage patterns. This vulnerability only affects CRuby; JRuby is not affected.
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::XPathContext did not keep its source document alive for garbage collection. If an XPathContext outlived its document and the document was collected, evaluating an XPath expression could read invalid memory and potentially segfault. This is only reachable when application code constructs an XPathContext directly and lets the document become unreachable while continuing to use the context. The normal Document#xpath, #css, and related search methods are not affected, and it is not triggerable by malicious document input. This vulnerability is fixed in 1.19.4. An attacker could potentially exploit this by causing the application to read invalid memory, leading to a denial of service (DoS) through a segmentation fault. Red Hat rates this flaw as Low impact, consistent with the upstream maintainers' assessment. This is purely an application-level code pattern issue, not an externally exploitable vulnerability. Red Hat severity: Low — CVSS 4.7 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-771. Affected Red Hat products: Red Hat 3scale API Management Platform 2; Red Hat Satellite 6. Red Hat does not currently list a fixing RHSA for this CVE.
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::NodeSet#[] (and its alias #slice) checked the requested index against the node set's bounds using a 32-bit-truncated copy of the index. A large negative index could pass the check and then be used at full width, reading outside the node set's storage. On CRuby this is an out-of-bounds read that typically crashes the process; on JRuby it is not memory-unsafe but returns an incorrect node. This vulnerability is fixed in 1.19.4. This vulnerability allows an attacker to trigger an out-of-bounds read by providing a specially crafted large negative index to certain methods. This can lead to a denial of service (DoS) by crashing the application on CRuby, or by returning incorrect data on JRuby. Red Hat ships Nokogiri as a dependency in several products (Satellite, 3scale API Management, RHEL BuildRoot). The vulnerable code path requires an attacker to supply a specially crafted large negative integer index to `Nokogiri::XML::NodeSet#[]` or `#slice`. Typically, NodeSet indices are not directly exposed to untrusted user input, which limits the practical exploitability of this flaw. On CRuby (used in Red Hat products), exploitation results in a process crash (denial of service) due to an out-of-bounds read, but does not lead to information disclosure or code execution.
A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected device, possibly leading to browser-based attacks. This vulnerability is due to insufficient validation of user-supplied input for HTTP requests that are sent to an affected device. An attacker who has knowledge of the address of the affected device could exploit this vulnerability by persuading a user to click a crafted link that contains the affected device address. A successful exploit could allow the attacker to conduct browser-based attacks and execute arbitrary script code in the context of the affected interface or access sensitive information on the affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-finesse-rfi-gwpkdc89 <br/>Security Impact Rating: Medium <br/>CVE: CVE-2026-20175
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on by default for Nokogiri::XML::Schema (see CVE-2020-26247), was not correctly enforced on the JRuby implementation. As a result, a schema parsed with default options could still cause external resources to be fetched over the network, potentially enabling SSRF or XXE attacks. This vulnerability is fixed in 1.19.4. This oversight could allow a specially crafted XML schema to fetch external resources over the network, potentially leading to Server-Side Request Forgery (SSRF) or XML External Entity (XXE) attacks. Red Hat products are not affected by this vulnerability. Red Hat products use the CRuby (MRI) implementation, where NONET is correctly enforced and external resource fetching is properly blocked. Red Hat severity: Low — CVSS 4.8 (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N). Weakness: CWE-611. Red Hat lists Red Hat 3scale API Management Platform 2; Red Hat Satellite 6 as not affected.