VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
1838 advisories across 32 monitored vendors.
Full access via timing oracle attack in credential verification. Red Hat rates this important (CVSS 7.4). Weakness: CWE-208. Affected package(s): dovecot. Resolved in Red Hat advisory RHSA-2026:26564 — update the affected packages (`sudo dnf update`).
Authentication bypass and user enumeration due to cleared auth_username_chars configuration. Red Hat rates this important (CVSS 7.7). Weakness: CWE-89. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Denial of Service via crafted SASL initial response in AUTHENTICATE command. Red Hat rates this important (CVSS 7.5). Weakness: CWE-229. Affected package(s): dovecot. Resolved in Red Hat advisory RHSA-2026:26564 — update the affected packages (`sudo dnf update`).
Arbitrary file write and code execution via untrusted frontend. Red Hat rates this moderate (CVSS 8.2). Weakness: CWE-22. Affected package(s): openshift-service-mesh/istio-proxyv2-rhel9:1776240392, quay/quay-rhel9:1779922205, multicluster-engine/must-gather-rhel9:1782158798, openshift-service-mesh/istio-proxyv2-rhel9:1776291540, openshift-service-mesh/istio-proxyv2-rhel9:1776315466, oadp/oadp-mustgather-rhel9:1779770049. Resolved in Red Hat advisory RHSA-2026:9453 — update the affected packages (`sudo dnf update`).
Denial of Service via crafted Styled Layer Descriptor. Red Hat rates this important (CVSS 7.5). Weakness: CWE-787. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
io.opentelemetry.javaagent/opentelemetry-javaagent: OpenTelemetry Java Instrumentation: Remote code execution via deserialization vulnerability in RMI. Red Hat rates this important (CVSS 8.1). Weakness: CWE-502. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Remote code execution due to hardcoded trust_remote_code setting. Red Hat rates this important (CVSS 8.8). Weakness: CWE-501. Affected package(s): rhaiis/vllm-cuda-rhel9:1779223654, rhelai3/bootc-azure-cuda-rhel9:1776871985, rhelai3/bootc-aws-cuda-rhel9:1776871984, rhaiis/model-opt-cuda-rhel9:1775749857, rhaiis/vllm-rocm-rhel9:1775680262, rhaiis/vllm-rocm-rhel9:1779223651. Resolved in Red Hat advisory RHSA-2026:19712 — update the affected packages (`sudo dnf update`).
Privilege escalation and unauthorized access due to improper authentication token validation in web UI. Red Hat rates this important (CVSS 8.2). Weakness: CWE-303. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Local privilege escalation or denial of service via predictable temporary file paths. Red Hat rates this important (CVSS 8.8). Weakness: CWE-59. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Image cache poisoning due to insufficient image fingerprint validation. Red Hat rates this important (CVSS 8.5). Weakness: CWE-354. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
File (Field) Paths: Drupal File (Field) Paths: Information Disclosure via filename-collision uploads. Red Hat rates this important (CVSS 7.7). Weakness: CWE-73. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Denial of Service via malformed JSON input. Red Hat rates this important (CVSS 7.5). Weakness: CWE-1285. Affected package(s): multicluster-engine/assisted-service, syft-main, multicluster-globalhub/multicluster-globalhub-grafana-rhel9:1779212259, multicluster-globalhub/multicluster-globalhub-grafana-rhel9:1780167118, trivy-main, multicluster-globalhub/multicluster-globalhub-grafana-rhel9:1778867753. Resolved in Red Hat advisory RHSA-2026:21769 — update the affected packages (`sudo dnf update`).
Denial of Service via malicious PostgreSQL server. Red Hat rates this important (CVSS 7.5). Weakness: CWE-1285. Affected package(s): quay/quay-rhel8:1779689392, multicluster-globalhub/multicluster-globalhub-grafana-rhel9:1780167118, multicluster-globalhub/multicluster-globalhub-rhel9-operator:1779209992, multicluster-globalhub/multicluster-globalhub-manager-rhel9:1779210608, advanced-cluster-security/rhacs-scanner-v4-rhel8:1777307791, quay/quay-rhel8:1776752646. Resolved in Red Hat advisory RHSA-2026:11916 — update the affected packages (`sudo dnf update`).
Denial of Service via crafted regular expressions. Red Hat rates this important (CVSS 7.5). Weakness: CWE-1333. Affected package(s): ansible-automation-platform, migration-toolkit-virtualization/mtv-console-plugin-rhel9:1779139872, cryostat/cryostat-openshift-console-plugin-rhel9:4.2.0, rhtas/rhtas-console-ui-rhel9:1776673130, rhdh/rhdh-hub-rhel9:1776784286, rhosdt/tempo-jaeger-query-rhel9:1776435608. Resolved in Red Hat advisory RHSA-2026:13826 — update the affected packages (`sudo dnf update`).
Integrity bypass due to incorrect XML Digital Signature validation via loop variable capture issue. Red Hat rates this important (CVSS 7.5). Weakness: CWE-347. Affected package(s): multicluster-globalhub/multicluster-globalhub-grafana-rhel9:1779212259, multicluster-globalhub/multicluster-globalhub-grafana-rhel9:1780167118, rhacm2/acm-grafana-rhel9:1777142269, multicluster-globalhub/multicluster-globalhub-grafana-rhel9:1778867753, multicluster-globalhub/multicluster-globalhub-grafana-rhel9:1779579439, openshift-gitops. Resolved in Red Hat advisory RHSA-2026:21769 — update the affected packages (`sudo dnf update`).
Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion. Red Hat rates this moderate (CVSS 7.6). Weakness: CWE-124. Affected package(s): libpng, firefox, java, thunderbird, discovery/discovery-ui-rhel9:1782756541, rhaiis/model-opt-cuda-rhel9:1780681984. Resolved in Red Hat advisory RHSA-2026:11805 — update the affected packages (`sudo dnf update`).
Arbitrary code execution due to use-after-free vulnerability. Red Hat rates this moderate (CVSS 7.5). Weakness: CWE-825. Affected package(s): libpng, firefox, discovery/discovery-ui-rhel9:1782756541, libpng15, thunderbird, libpng12. Resolved in Red Hat advisory RHSA-2026:18064 — update the affected packages (`sudo dnf update`).
Authorization bypass allows information disclosure and denial of service. Red Hat rates this moderate (CVSS 7.7). Weakness: CWE-306. Affected package(s): multicluster-globalhub/multicluster-globalhub-grafana-rhel9:1780167118, multicluster-globalhub/multicluster-globalhub-grafana-rhel9:1778867753, multicluster-globalhub/multicluster-globalhub-grafana-rhel9:1779579439, etcd. Resolved in Red Hat advisory RHSA-2026:21769 — update the affected packages (`sudo dnf update`).
Remote Code Execution via command injection in WebSocket proxy. Red Hat rates this important (CVSS 8). Weakness: CWE-78. Affected package(s): foreman, rubygem-katello, rubygem-fog-kubevirt, python-pulp-container, python-pulp-rpm, python-django. Resolved in Red Hat advisory RHSA-2026:5968 — update the affected packages (`sudo dnf update`).
Denial of Service via heap Use-After-Free vulnerability in ICP handling. Red Hat rates this important (CVSS 7.5). Weakness: CWE-825. Affected package(s): squid, squid:4. Resolved in Red Hat advisory RHSA-2026:8880 — update the affected packages (`sudo dnf update`).