VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
1837 advisories across 32 monitored vendors.
Arbitrary file write via specially crafted plugin. Red Hat rates this important (CVSS 8.2). Weakness: CWE-22. Affected package(s): helm-cli. Resolved in Red Hat advisory RHSA-2026:26441 — update the affected packages (`sudo dnf update`).
Server-Side Request Forgery and proxy bypass due to improper hostname normalization. Red Hat rates this important (CVSS 7). Weakness: CWE-1289. Affected package(s): openshift-service-mesh/kiali-rhel9:1776149682, openshift-service-mesh/kiali-ossmc-rhel9:1776151134, rhoai/odh-mod-arch-model-registry-rhel9:1780467147, devspaces/dashboard-rhel9:1776795511, openshift-service-mesh/kiali-ossmc-rhel8:1776202125, rhoai/odh-mod-arch-gen-ai-rhel9:1778473763. Resolved in Red Hat advisory RHSA-2026:13826 — update the affected packages (`sudo dnf update`).
Arbitrary file reads via maliciously crafted URL. Red Hat rates this important (CVSS 7.5). Weakness: CWE-22. Affected package(s): rhtas/client-server-rhel9:1780399582. Resolved in Red Hat advisory RHSA-2026:24478 — update the affected packages (`sudo dnf update`).
Arbitrary code execution via path traversal in tsk_recover. Red Hat rates this important (CVSS 7.9). Weakness: CWE-22. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Arbitrary code execution via heap buffer overflow in WebML. Red Hat rates this important (CVSS 8.8). Weakness: CWE-131. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Buffer overflow via non-contiguous buffer in API. Red Hat rates this important (CVSS 7.3). Weakness: CWE-131. Affected package(s): ansible-automation-platform, quay/quay-rhel8:1779811473, quay/quay-rhel8:1779689392, ansible-automation-platform-tech-preview/metrics-service-rhel9:1779760844, automation-controller, python3.12-cryptography. Resolved in Red Hat advisory RHSA-2026:23361 — update the affected packages (`sudo dnf update`).
github.com/open-telemetry/opentelemetry-go: OpenTelemetry-Go: Arbitrary code execution via PATH hijacking on BSD/Solaris. Red Hat rates this important (CVSS 8.8). Weakness: CWE-426. Affected package(s): multicluster-engine/assisted-service. Resolved in Red Hat advisory RHSA-2026:26254 — update the affected packages (`sudo dnf update`).
denial of service via specially crafted HTTP requests to Server Function endpoints. Red Hat rates this important (CVSS 7.5). Weakness: CWE-770. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
early return from the JASPIAuthenticator class without clearing ThreadLocal variables. Red Hat rates this important (CVSS 7.4). Weakness: CWE-226. Affected package(s): jetty-ee10-plus, jetty-ee10-servlets, jetty-ee10-apache-jsp, jetty-ee10-webapp, offline-knowledge-portal/rhokp-rhel9:1782239370, jetty-ee10-servlet. Resolved in Red Hat advisory RHSA-2026:25089 — update the affected packages (`sudo dnf update`).
Denial of Service vulnerability in certificate chain building. Red Hat rates this important (CVSS 7.5). Weakness: CWE-770. Affected package(s): rhc, openshift-service-mesh/pilot-rhel8:1777319850, openshift-service-mesh/istio-rhel9-operator:1778149657, grafana-pcp, openshift-service-mesh/istio-cni-rhel8:1777374598, rhtas/client-server-rhel9:1780399582. Resolved in Red Hat advisory RHSA-2026:11507 — update the affected packages (`sudo dnf update`).
Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages. Red Hat rates this important (CVSS 7.5). Weakness: CWE-764. Affected package(s): rhc, grafana-pcp, skopeo, host-metering, container-tools:rhel8, git-lfs. Resolved in Red Hat advisory RHSA-2026:11507 — update the affected packages (`sudo dnf update`).
possible memory corruption after bound check elimination. Red Hat rates this moderate (CVSS 8.1). Weakness: CWE-733. Affected package(s): openshift4/openshift-route-controller-manager-rhel8:1781867531, openshift4/ose-gcp-cloud-controller-manager-rhel9:1781927538, openshift4/ose-nutanix-machine-controllers-rhel9:1781926777, openshift4/ose-cluster-bootstrap-rhel9:1779251452, openshift4/ose-cluster-policy-controller-rhel9:1779258265, openshift4/ose-machine-api-provider-aws-rhel9:1779249874. Resolved in Red Hat advisory RHSA-2026:10704 — update the affected packages (`sudo dnf update`).
Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application. Red Hat rates this important (CVSS 8.8). Weakness: CWE-1289. Affected package(s): rhtas/client-server-rhel9:1780399582, golang1, cryostat/cryostat-storage-rhel9:4.1.1, opentelemetry-collector, hawtio-operator-container, web-terminal/web-terminal-exec-rhel9:1780425077. Resolved in Red Hat advisory RHSA-2026:28047 — update the affected packages (`sudo dnf update`).
no-op interface conversion bypasses overlap checking. Red Hat rates this moderate (CVSS 8.1). Weakness: CWE-440. Affected package(s): openshift4/openshift-route-controller-manager-rhel8:1781867531, openshift4/ose-gcp-cloud-controller-manager-rhel9:1781927538, openshift4/ose-nutanix-machine-controllers-rhel9:1781926777, openshift4/ose-cluster-bootstrap-rhel9:1779251452, openshift4/ose-cluster-policy-controller-rhel9:1779258265, openshift4/ose-machine-api-provider-aws-rhel9:1779249874. Resolved in Red Hat advisory RHSA-2026:10704 — update the affected packages (`sudo dnf update`).
Root.Chmod can follow symlinks out of the root. Red Hat rates this moderate (CVSS 7.8). Weakness: CWE-367. Affected package(s): rhc, grafana-pcp, dynflow-utils, host-metering, multicluster-globalhub/multicluster-globalhub-grafana-rhel9:1778867753, quay/quay-rhel9:1779922205. Resolved in Red Hat advisory RHSA-2026:11507 — update the affected packages (`sudo dnf update`).
insecure direct object reference in BlobUpload. Red Hat rates this important (CVSS 7.4). Weakness: CWE-639. Affected package(s): quay/quay-rhel9:1779922205, quay/quay-rhel8:1779811473, quay/quay-rhel8:1779689392, quay/quay-rhel8:1779822261, openshift/mirror-registry-rhel8:1782177012, quay/quay-rhel9:1779204086. Resolved in Red Hat advisory RHSA-2026:23361 — update the affected packages (`sudo dnf update`).
remote code execution using pickle deserialization. Red Hat rates this moderate (CVSS 7.1). Weakness: CWE-502. Affected package(s): quay/quay-rhel9:1779922205, quay/quay-rhel8:1779811473, quay/quay-rhel8:1779689392, quay/quay-rhel8:1779822261, openshift/mirror-registry-rhel8:1782177012, quay/quay-rhel9:1779204086. Resolved in Red Hat advisory RHSA-2026:23361 — update the affected packages (`sudo dnf update`).
Arbitrary code execution via malformed XCOFF object file processing. Red Hat rates this important (CVSS 7.8). Weakness: CWE-122. Affected package(s): binutils-main. Resolved in Red Hat advisory RHSA-2026:33527 — update the affected packages (`sudo dnf update`).
integer underflow in gio/gdbusintrospection.c via "g_dbus_node_info_new_for_xml". Red Hat rates this important (CVSS 7.5). Weakness: CWE-191. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
fix crash due to unvalidated vcc pointer in sigd_send(). Red Hat rates this moderate (CVSS 7.1). Weakness: CWE-822. Affected package(s): kernel. Resolved in Red Hat advisory RHSA-2026:33285 — update the affected packages (`sudo dnf update`).