VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
Advisories the vendor has revised
A flaw was found in p11-kit. The RPC message attribute parsing functions p11_rpc_message_get_attribute() and p11_rpc_message_get_attribute_array_value() form a mutually-recursive call chain with no recursion depth limit when processing nested CKA_WRAP_TEMPLATE, CKA_UNWRAP_TEMPLATE, and CKA_DERIVE_TEMPLATE attributes. Red Hat severity: Moderate — CVSS 6.2 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-674. Affected Red Hat products: Red Hat Hardened Images; Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9; Red Hat OpenShift Container Platform 4. Red Hat fixing advisory: RHSA-2026:37469, RHSA-2026:38342.
Caddy is an extensible server platform that uses TLS by default. From 2.4.0 until 2.11.3, the authorization layer and the /config traversal layer do not agree on what object the path refers to. In this case, a path authorized for one config object is accepted, but then resolves to a different config object during traversal. This happens because the authorization layer uses string prefix matching and the /config traversal layer parses array indices numerically using strconv.Atoi(). This vulnerability is fixed in 2.11.3. A remote administrator with restricted access to specific configuration objects could bypass these limitations. This discrepancy allows an attacker to read and modify unauthorized configuration elements, undermining the principle of least privilege in remote administration. This Moderate-impact flaw in Caddy's remote administration API, which allows an authorization bypass due to differing interpretations of array indices, does not affect Red Hat products. The vulnerable code is not present in Red Hat's supported offerings. Red Hat severity: Moderate — CVSS 3.8 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N). Weakness: CWE-551. Red Hat lists Red Hat Hardened Images as not affected.
CMS (Cryptographic Message Syntax) parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is supposed to be 12 bytes but 4 bytes is accepted. NOTE: this is related to CVE-2026-34182. By accepting an authentication tag length of 4 bytes instead of the required 12 bytes, this vulnerability allows for a low-impact data integrity issue where the cryptographic validity of messages could be compromised. A Low-impact flaw in GnuPG's gpgsm component accepts an incorrect AES-GCM authentication tag length in CMS messages. This compromises cryptographic data integrity, though confidentiality and availability are unaffected. Red Hat severity: Low — CVSS 2.9 (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Affected Red Hat products: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9; Red Hat Hardened Images. Will not fix / out of support: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Red Hat does not currently list a fixing RHSA for this CVE.
ImageMagick before 7.1.2-15 and 6.9.13-40 contains a heap use-after-free in the meta coder: when memory allocation fails, a single byte is written to a stale pointer. Remote attackers can trigger it by processing specially crafted image files, causing a denial of service. A flaw was found in ImageMagick. This ImageMagick flaw is rated as Low impact. The impact is limited to availability, and the attack requires specific conditions, making successful exploitation less probable in typical Red Hat deployments unless processing untrusted images. Red Hat severity: Low — CVSS 3.7 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Weakness: CWE-825. Affected Red Hat products: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Will not fix / out of support: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Red Hat does not currently list a fixing RHSA for this CVE.
Critical authentication bypass allows unauthorized API access. Red Hat rates this important (CVSS 9.1). Weakness: CWE-501. Red Hat lists fixing advisory RHSA-2026:36006 with package rhaiis/vllm-rocm-rhel9:1782353093, rhaiis/vllm-cuda-rhel9:1782352847, rhaiis/vllm-cuda-rhel9:1782951012, rhaiis/vllm-rocm-rhel9:1782951244.
Remote Code Execution via stored Cross-Site Scripting in nbconvert handlers. Red Hat rates this important (CVSS 9). Weakness: CWE-79.
Arbitrary code execution via malicious HuggingFace model. Red Hat rates this important (CVSS 7.5). Weakness: CWE-617. Red Hat lists fixing advisory RHSA-2026:36006 with package rhaiis/vllm-cuda-rhel9:1782951012, rhaiis/vllm-rocm-rhel9:1782951244.
Authentication Bypass via Host Header Injection. Red Hat rates this important (CVSS 8.1). Weakness: CWE-290.
http-proxy-middleware is node.js http-proxy middleware. From 3.0.4 until 3.0.7 and 4.1.1, fixRequestBody() is the library's documented helper for re-emitting a request body that was already consumed by a body parser. When the outgoing Content-Type is multipart/form-data, it rebuilds the body with handlerFormDataBodyData(), which interpolates each req.body key and value directly into the multipart wire format without neutralizing CR/LF. A \r\n inside a value (or key) lets an attacker close the current part and inject an entirely new form part. Because the proxy's own body parser saw a single opaque value, any gateway-side policy or validation performed on req.body is evaluated against a different set of fields than the upstream backend ultimately parses a request/parameter desynchronization across the trust boundary. This vulnerability is fixed in 3.0.7 and 4.1.1. A remote attacker could exploit a vulnerability in the fixRequestBody() function, which is used to re-emit a request body. By injecting carriage return and line feed characters (\r\n) into a request body key or value, an attacker can bypass security policies and validation performed by the proxy. This desynchronization between the proxy and the backend server can lead to a compromise of data integrity. Other Red Hat AI products are not affected or do not expose the vulnerable code path in normal operation.
Information Disclosure via Path Traversal in `nltk.data.load()`. Red Hat rates this important (CVSS 7.5). Weakness: CWE-22.
Arbitrary code execution via prototype pollution of filename option. Red Hat rates this important (CVSS 8.1). Weakness: CWE-915.
request.form() limits silently ignored for application/x-www-form-urlencoded enable DoS. Red Hat rates this important (CVSS 7.5). Weakness: CWE-770. Red Hat lists fixing advisory RHSA-2026:36006 with package rhaiis/vllm-cuda-rhel9:1782951012, jaeger-main-2.19.0-1.hum1, rhaiis/vllm-rocm-rhel9:1782951244.
protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.6.1 and 8.4.1, protobufjs could recurse without a depth limit while converting decoded messages to plain objects or JSON. This affected generated toObject() conversion and the custom google.protobuf.Any JSON conversion path. A crafted protobuf binary payload containing deeply nested Any values could cause the JavaScript call stack to be exhausted during conversion to JSON. This vulnerability is fixed in 7.6.1 and 8.4.1. A flaw was found in protobufjs. This uncontrolled recursion could exhaust the JavaScript call stack during conversion to JSON, leading to a Denial of Service (DoS). Red Hat rates this issue as having Low impact for Red Hat Enterprise Linux AI bootc images. Although protobufjs is present as a transitive dependency, the vulnerable parsing path is not exercised in normal product operation. Red Hat severity: Moderate — CVSS 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-606. Affected Red Hat products: Red Hat Enterprise Linux AI (RHEL AI) 3; Red Hat OpenShift AI (RHOAI).
@angular/platform-server: Angular: SSRF via Hostname Hijacking in @angular/platform-server. Red Hat rates this important.
@angular/platform-server: domino: Angular Platform Server: Cross-Site Scripting via unescaped `</noscript>` tags in dynamic content. Red Hat rates this important (CVSS 8.1). Weakness: CWE-79.
A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possible by pre-binding the preferred abstract X socket name when X11 forwarding is enabled and a local UNIX-domain X socket is used. A successful attack can compromise the confidentiality of forwarded X11 traffic, including sensitive window contents and input, and may allow some manipulation of the forwarded session. This is a Moderate severity flaw. The OpenSSH client in Red Hat Enterprise Linux is vulnerable to a local man-in-the-middle attack on X11 forwarding connections. Exploitation requires an attacker to have local unprivileged access on the client system and for X11 forwarding to be explicitly enabled and in use, which is not a default configuration. This vulnerability doesn't affect the upstream OpenSSH versions and is restricted to the versions as shipped with Red Hat Enterprise Linux. Red Hat severity: Moderate — CVSS 5 (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N). Weakness: CWE-923. Affected Red Hat products: Red Hat Hardened Images; Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9. Under investigation: Red Hat OpenShift Container Platform 4. Red Hat fixing advisory: RHSA-2026:36759.
A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group Exchange (DH-GEX) client path. This occurs during FIPS (Federal Information Processing Standards) mode known-group validation when the client processes attacker-controlled DH-GEX group parameters. Successful exploitation leads to client-side process termination, resulting in a Denial of Service (DoS). This Moderate flaw in OpenSSH affects clients operating in FIPS mode when negotiating Diffie-Hellman Group Exchange (DH-GEX) with a malicious SSH server. While it can lead to client process termination, resulting in a denial of service, the impact is limited to availability and does not result in broader system compromise. In order to exploit this vulnerability the attacker needs to trick the user to connect to an untrusted malicious server or compromise the server first. The availability impact is considered Low as the only impacted process is the single run of the SSH client trying to connect to the malicious server. This vulnerability affects only the OpenSSH versions shipped with Red Hat products. Red Hat severity: Moderate — CVSS 4.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). Weakness: CWE-415.
vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.0, vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model. A deployment that supplies --revision or --code-revision can still load dynamic code, GGUF files, image processors, retrieval side weights, or same-repository subfolder weights/config from an unpinned/default revision. This is a supply-chain integrity issue for pinned vLLM deployments. Operators can believe they are serving a reviewed model revision while vLLM resolves behavior-affecting nested or sibling artifacts outside that reviewed revision. This vulnerability is fixed in 0.22.0. This issue can lead to a supply-chain integrity compromise, where operators may unknowingly serve models with unreviewed or unintended behavior. Red Hat rates this issue as having Moderate impact. The flaw is a supply-chain integrity issue when operators pin a HuggingFace model revision but vLLM may still load nested artifacts from an unpinned revision. It affects Red Hat AI Inference Server, Red Hat OpenShift AI, and Red Hat Enterprise Linux AI images that ship vLLM versions prior to 0.22.0. KServe control-plane components that bundle vLLM as a library are not affected. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N). Weakness: CWE-829.
vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.1, the vLLM Dockerfile is vulnerable to a dependency confusion attack through the flashinfer-jit-cache package. The package is installed from a custom index (flashinfer.ai/whl/) using --extra-index-url, but the package name was not registered on PyPI, and UV_INDEX_STRATEGY="unsafe-best-match" is set globally. An attacker who registers flashinfer-jit-cache on PyPI with version 0.6.11.post2 can execute arbitrary code as root during the Docker build and backdoor every resulting container image, enabling exfiltration of all user prompts, API credentials, and model data from production vLLM deployments This vulnerability is fixed in 0.22.1. CVE-2026-54232 is a build-time dependency confusion issue in upstream vLLM Dockerfiles before 0.22.1. It does not allow remote exploitation of a running vLLM inference service. Red Hat OpenShift AI is not affected. Red Hat AI Inference Server and RHEL AI CUDA images that include flashinfer-jit-cache are in scope for build-process review, but Red Hat has no evidence that shipped images were compromised. Red Hat severity: Moderate — CVSS 5.7 (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N). Weakness: CWE-426. Affected Red Hat products: Red Hat AI Inference Server; Red Hat Enterprise Linux AI (RHEL AI) 3. Red Hat does not currently list a fixing RHSA for this CVE.
vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, vLLM's /v1/audio/transcriptions endpoint limits compressed upload size but not decoded PCM output. A 25MB OPUS file expands to ~14.9GB of float32 PCM at decode time. This vulnerability is fixed in 0.23.1rc0. A remote attacker could exploit a vulnerability in the `/v1/audio/transcriptions` endpoint. By uploading a specially crafted compressed audio file, such as an OPUS file, the attacker could cause the system to allocate an excessive amount of memory during the decoding process. This uncontrolled memory allocation can lead to a Denial of Service (DoS) condition, making the service unavailable to legitimate users. Red Hat rates this issue as having Moderate impact. A crafted audio upload to the vLLM /v1/audio/transcriptions endpoint can cause excessive decoded PCM allocation and denial of service. Affected components are vLLM serving images in Red Hat AI Inference Server, Red Hat OpenShift AI, and Red Hat Enterprise Linux AI bootc that ship vLLM prior to 0.23.1. KServe sidecars are not affected. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-770. Red Hat lists Red Hat OpenShift AI (RHOAI) as not affected. Red Hat does not currently list a fixing RHSA for this CVE.