VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
1837 advisories across 32 monitored vendors.
A malicious website may be able to process restricted web content outside the sandbox. Red Hat rates this important (CVSS 8.8). Weakness: CWE-120. Affected package(s): webkit2gtk3, webkitgtk4. Resolved in Red Hat advisory RHSA-2026:19206 — update the affected packages (`sudo dnf update`).
Information disclosure via incorrect cookie handling in fetch requests. Red Hat rates this important (CVSS 7.5). Weakness: CWE-201. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Remote Code Execution via JavaScript expression injection. Red Hat rates this important (CVSS 8.8). Weakness: CWE-917. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Arbitrary code execution via CLI precompiler input sanitization flaw. Red Hat rates this important (CVSS 8.2). Weakness: CWE-94. Affected package(s): cluster-observability-operator/logging-console-plugin-pf4-rhel9:1782839279, cluster-observability-operator/troubleshooting-panel-console-plugin-pf6-rhel9:1782839996, cluster-observability-operator/logging-console-plugin-pf5-rhel9:1782840539, devspaces/code-rhel9:1776744110. Resolved in Red Hat advisory RHSA-2026:34342 — update the affected packages (`sudo dnf update`).
Arbitrary code execution via crafted template context. Red Hat rates this important (CVSS 8.1). Weakness: CWE-94. Affected package(s): cluster-observability-operator/logging-console-plugin-pf4-rhel9:1782839279, cluster-observability-operator/troubleshooting-panel-console-plugin-pf6-rhel9:1782839996, cluster-observability-operator/logging-console-plugin-pf5-rhel9:1782840539, devspaces/code-rhel9:1776744110. Resolved in Red Hat advisory RHSA-2026:34342 — update the affected packages (`sudo dnf update`).
Denial of Service via malformed decorator syntax in template compilation. Red Hat rates this important (CVSS 7.5). Weakness: CWE-248. Affected package(s): cluster-observability-operator/logging-console-plugin-pf4-rhel9:1782839279, cluster-observability-operator/troubleshooting-panel-console-plugin-pf6-rhel9:1782839996, cluster-observability-operator/logging-console-plugin-pf5-rhel9:1782840539, devspaces/code-rhel9:1776744110. Resolved in Red Hat advisory RHSA-2026:34342 — update the affected packages (`sudo dnf update`).
Arbitrary code execution via @partial-block overwrite. Red Hat rates this important (CVSS 8.1). Weakness: CWE-917. Affected package(s): cluster-observability-operator/logging-console-plugin-pf4-rhel9:1782839279, cluster-observability-operator/troubleshooting-panel-console-plugin-pf6-rhel9:1782839996, cluster-observability-operator/logging-console-plugin-pf5-rhel9:1782840539, devspaces/code-rhel9:1776744110. Resolved in Red Hat advisory RHSA-2026:34342 — update the affected packages (`sudo dnf update`).
Forge (node-forge): Certificate validation bypass allows unauthorized certificate issuance. Red Hat rates this important (CVSS 7.4). Weakness: CWE-295. Affected package(s): rhdh/rhdh-hub-rhel9:1777903262, cluster-observability-operator/logging-console-plugin-pf4-rhel9:1782839279, automation-gateway, rhdh/rhdh-hub-rhel9:1776784286. Resolved in Red Hat advisory RHSA-2026:13826 — update the affected packages (`sudo dnf update`).
Authentication bypass via forged Ed25519 cryptographic signatures. Red Hat rates this important (CVSS 7.5). Weakness: CWE-347. Affected package(s): rhdh/rhdh-hub-rhel9:1777903262, cluster-observability-operator/logging-console-plugin-pf4-rhel9:1782839279, automation-gateway, rhdh/rhdh-hub-rhel9:1776784286. Resolved in Red Hat advisory RHSA-2026:13826 — update the affected packages (`sudo dnf update`).
Signature Forgery via Weak RSASSA PKCS#1 v1.5 Verification. Red Hat rates this important (CVSS 7.5). Weakness: CWE-347. Affected package(s): quay/quay-rhel9:1779922205, quay/quay-rhel8:1779811473, rhdh/rhdh-hub-rhel9:1777903262, quay/quay-rhel8:1779689392, cluster-observability-operator/logging-console-plugin-pf4-rhel9:1782839279, quay/quay-rhel8:1779822261. Resolved in Red Hat advisory RHSA-2026:23361 — update the affected packages (`sudo dnf update`).
Denial of Service via infinite loop in BigInteger.modInverse(). Red Hat rates this important (CVSS 7.5). Weakness: CWE-606. Affected package(s): rhdh/rhdh-hub-rhel9:1777903262, cluster-observability-operator/logging-console-plugin-pf4-rhel9:1782839279, automation-platform-ui, automation-gateway, rhdh/rhdh-hub-rhel9:1776784286. Resolved in Red Hat advisory RHSA-2026:13826 — update the affected packages (`sudo dnf update`).
Denial of Service via HTTP/2 CONTINUATION frame flood. Red Hat rates this important (CVSS 7.5). Weakness: CWE-770. Affected package(s): eap8-netty-transport-native-epoll, rhoai/odh-modelmesh-rhel9:1776756834, cryostat/jfr-datasource-rhel9:4.2.0, netty-codec-http, eap8-netty, cryostat/cryostat-rhel9:4.2.0. Resolved in Red Hat advisory RHSA-2026:8509 — update the affected packages (`sudo dnf update`).
Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values. Red Hat rates this important (CVSS 7.5). Weakness: CWE-444. Affected package(s): eap8-netty-transport-native-epoll, devspaces/pluginregistry-rhel9:1776717247, netty-codec-http, rhoai/odh-modelmesh-rhel9:1776756834, cryostat/jfr-datasource-rhel9:4.2.0, devspaces/server-rhel9:1776796445. Resolved in Red Hat advisory RHSA-2026:8509 — update the affected packages (`sudo dnf update`).
Information disclosure and unauthorized data modification via unprotected tracing and assessment endpoints. Red Hat rates this important (CVSS 8.1). Weakness: CWE-425. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Denial of Service via unbounded memory read in feature toggle evaluation. Red Hat rates this important (CVSS 7.5). Weakness: CWE-770. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Information disclosure of data-source passwords via public dashboards. Red Hat rates this important (CVSS 7.5). Weakness: CWE-201. Affected package(s): grafana. Resolved in Red Hat advisory RHSA-2026:11416 — update the affected packages (`sudo dnf update`).
Authentication bypass via non-canonical HTTP header injection. Red Hat rates this important (CVSS 7.7). Weakness: CWE-290. Affected package(s): devspaces/traefik-rhel9:1776718585. Resolved in Red Hat advisory RHSA-2026:10175 — update the affected packages (`sudo dnf update`).
Cross-tenant traffic exposure and host restriction bypass via rule-syntax injection in Knative provider. Red Hat rates this important (CVSS 7.7). Weakness: CWE-917. Affected package(s): devspaces/traefik-rhel9:1776718585. Resolved in Red Hat advisory RHSA-2026:10175 — update the affected packages (`sudo dnf update`).
denial of service via crafted message before authentication. Red Hat rates this important (CVSS 7.5). Weakness: CWE-770. Affected package(s): dovecot. Resolved in Red Hat advisory RHSA-2026:26564 — update the affected packages (`sudo dnf update`).
denial of service via specially crafted NOOP command. Red Hat rates this important (CVSS 7.5). Weakness: CWE-770. Affected package(s): dovecot. Resolved in Red Hat advisory RHSA-2026:26564 — update the affected packages (`sudo dnf update`).