VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
Critical/high still unreviewed, or CISA KEV listed
Arbitrary code execution via sandbox breakout through inspect function. Red Hat rates this important (CVSS 8.1). Weakness: CWE-653. Affected package(s): rhdh/rhdh-hub-rhel9:1781187342. Resolved in Red Hat advisory RHSA-2026:26234 — update the affected packages (`sudo dnf update`).
NULL pointer dereference via specially crafted request. Red Hat rates this low (CVSS 7.5). Weakness: CWE-476. Affected package(s): jbcs-httpd24-httpd, httpd, httpd-main, mod_dav_lock.so. Resolved in Red Hat advisory RHSA-2026:27200 — update the affected packages (`sudo dnf update`).
Remote Code Execution via Double Free in HTTP/2 Protocol. Red Hat rates this important (CVSS 8.8). Weakness: CWE-1341. Affected package(s): httpd-main. Resolved in Red Hat advisory RHSA-2026:13938 — update the affected packages (`sudo dnf update`).
Account hijacking and unauthorized access via unverified email linking. Red Hat rates this important (CVSS 8.3). Weakness: CWE-305. Affected package(s): automation-gateway, automation-controller, python3.12-django-ansible-base, ansible-automation-platform. Resolved in Red Hat advisory RHSA-2026:13508 — update the affected packages (`sudo dnf update`).
off-by-one out-of-bounds reads in AJP getter functions. Red Hat rates this moderate (CVSS 7.5). Weakness: CWE-125. Affected package(s): httpd, httpd:2.4, jbcs-httpd24-httpd, httpd-main, mod_proxy_ajp.so. Resolved in Red Hat advisory RHSA-2026:27200 — update the affected packages (`sudo dnf update`).
heap-based buffer over-read due to missing null-termination check. Red Hat rates this moderate (CVSS 8.2). Weakness: CWE-170. Affected package(s): httpd, httpd:2.4, jbcs-httpd24-httpd, httpd-main, mod_proxy_ajp.so. Resolved in Red Hat advisory RHSA-2026:27200 — update the affected packages (`sudo dnf update`).
heap-based buffer over-read and memory disclosure in ajp_parse_data(). Red Hat rates this moderate (CVSS 8.2). Weakness: CWE-126. Affected package(s): httpd, httpd:2.4, jbcs-httpd24-httpd, httpd-main, mod_proxy_ajp.so. Resolved in Red Hat advisory RHSA-2026:27200 — update the affected packages (`sudo dnf update`).
Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly. Red Hat rates this important (CVSS 7.5). Weakness: CWE-130. Affected package(s): rhui5/installer-rhel9:1781525693, libtasn1, gnutls, rhui5/cds-rhel9:1781525684, discovery/discovery-ui-rhel9:1782166952, discovery/discovery-server-rhel9:1782159791. Resolved in Red Hat advisory RHSA-2026:29197 — update the affected packages (`sudo dnf update`).
osrg GoBGP: Denial of service via out-of-bounds read in BMP Parser. Red Hat rates this important (CVSS 7.5). Weakness: CWE-125. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
osrg GoBGP: Integer underflow via manipulation in parseRibEntry function. Red Hat rates this important (CVSS 7.5). Weakness: CWE-191. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
io.quarkus:quarkus-vertx-http: io.quarkus:quarkus-vertx-http: Authorization bypass via semicolons in HTTP requests. Red Hat rates this important (CVSS 8.2). Weakness: CWE-551. Affected package(s): cryostat/jfr-datasource-rhel9:4.2.0, quarkus-vertx-http, cryostat/cryostat-reports-rhel9:4.2.0, cryostat/cryostat-rhel9:4.2.0. Resolved in Red Hat advisory RHSA-2026:25089 — update the affected packages (`sudo dnf update`).
Denial of Service via FBXConverter.cpp and ConvertMeshMultiMaterial() method. Red Hat rates this important (CVSS 7.5). Weakness: CWE-1284. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Denial of Service via FBXParser.cpp ParseVectorDataArray() function. Red Hat rates this important (CVSS 7.5). Weakness: CWE-1284. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
denial of service via crafted BGP UPDATE message. Red Hat rates this important (CVSS 7.5). Weakness: CWE-191. Affected package(s): frr10, frr. Resolved in Red Hat advisory RHSA-2026:24370 — update the affected packages (`sudo dnf update`).
TOCTOU race condition in abrt-dbus SetElement allows arbitrary file writes to dump directories. Red Hat rates this important (CVSS 7.8). Weakness: CWE-367. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
ChownProblemDir succeeds during active post-create event processing due to inadequate locking. Red Hat rates this important (CVSS 7). Weakness: CWE-362. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
event handler scripts follow symlinks when writing output files, allowing arbitrary file overwrites. Red Hat rates this important (CVSS 7). Weakness: CWE-59. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Information disclosure via ServerSideDiff allows reading Kubernetes Secret data. Red Hat rates this important (CVSS 9.6). Weakness: CWE-312. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
integer overflow via large username or password arguments. Red Hat rates this important (CVSS 9.1). Weakness: CWE-190. Affected package(s): libssh2-main, rust-main. Resolved in Red Hat advisory RHSA-2026:7021 — update the affected packages (`sudo dnf update`).
HTTP Request Smuggling via Duplicate Content-Length Headers. Red Hat rates this important (CVSS 7.4). Weakness: CWE-444. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.