VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
Advisories the vendor has revised
A user with Viewer permissions can use specially crafted requests to the Tempo and Loki data source plugins to reach unintended backend endpoints. Depending on the backend configuration this can expose data source credentials, leak internal responses, or trigger administrative actions on the configured backend. A remote attacker with a Viewer role could exploit a path traversal vulnerability by manipulating user-supplied input in URL paths. This could allow the attacker to capture sensitive administrator-configured datasource credentials, invoke state-changing administrative functions on Tempo, or exfiltrate internal service data from Loki. Red Hat severity: Moderate — CVSS 5.4 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L). Weakness: CWE-22. Affected Red Hat products: Multicluster Global Hub; Red Hat Advanced Cluster Management for Kubernetes 2; Red Hat Ceph Storage 5; Red Hat Ceph Storage 6; Red Hat Ceph Storage 7; Red Hat Ceph Storage 8; Red Hat Ceph Storage 9; Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9. Red Hat does not currently list a fixing RHSA for this CVE.
Use After Free in libxml2's xmlParseInternalSubset from GNOME libxml2 version 2.9.11 to 2.11.0 allows a remote attacker to cause a denial-of-service via maliciously crafted XML input with improper entity resolution handling. A flaw was found in libxml2. This improper handling of entity resolution can lead to a denial-of-service (DoS), making the affected system or application unavailable. This Moderate impact use-after-free vulnerability in libxml2 can lead to a denial of service in Red Hat products that process untrusted XML input. In the worst-case scenario, a remote attacker is able to provide specially crafted XML, which, if parsed by an affected application, could cause the application to crash. Red Hat severity: Moderate — CVSS 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-416. Affected Red Hat products: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9; Red Hat OpenShift Container Platform 4. Red Hat lists Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 7; Red Hat Hardened Images as not affected. Will not fix / out of support: Red Hat Enterprise Linux 6. Red Hat does not currently list a fixing RHSA for this CVE.
A flaw was found in GStreamer's gst-plugins-bad package. When processing a specially crafted H.264 video file containing malformed MVC or SVC extension slice NAL units, a 1-byte heap out-of-bounds read can occur during parsing. This happens when the parser attempts to check slice boundary information without first verifying that the NAL unit contains enough data beyond the extension header. An attacker could exploit this by tricking a user into opening a malicious H.264 video file, potentially causing the application to crash or leak a single byte of heap memory. Red Hat product impact analysis pending. Component mapping required to determine which products ship the affected code. The vulnerable code path specifically affects H.264 NAL extension slices (type 20) used in MVC (Multi-view Video Coding) and SVC (Scalable Video Coding) formats, which are less commonly encountered than baseline H.264. The out-of-bounds read is limited to 1 byte and requires local file access with user interaction (opening a crafted video file). Modern Linux distributions include ASLR and stack canaries which provide some defense-in-depth against heap-based vulnerabilities, though these do not prevent the initial out-of-bounds read from occurring. Red Hat severity: Moderate — CVSS 4.4 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L). Weakness: CWE-125.
A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds read, occurs during the cleanup of GSSAPI (Generic Security Service Application Programming Interface) indicators when a trailing NULL termination is missing in the auth-indicators array. A remote attacker, under specific configurations involving GSSAPI authentication and a Kerberos environment, could exploit this to cause the SSH authentication path to crash or abort. This leads to a denial of service (DoS), impacting the availability of the SSH service. This flaw is rated Low. A heap out-of-bounds read in OpenSSH's GSSAPI authentication component can lead to a denial of service. Exploitation requires `GSSAPIAuthentication` to be explicitly enabled, which is not the default configuration in Red Hat products, and a Kerberos environment providing authenticated `auth-indicators`. The impact is limited to the availability of the SSH authentication process. This vulnerability doesn't affect the upstream OpenSSH versions and is restricted to the versions as shipped with Red Hat Enterprise Linux. Red Hat severity: Low — CVSS 3.7 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Weakness: CWE-125. Affected Red Hat products: Red Hat Hardened Images; Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9.
React Router is a router for React. This is a low severity vulnerability because modern browser protections (CORS preflight, SameSite cookies) already block the cross-origin attack vectors that this missing CSRF check would otherwise gate. This vulnerability is fixed in 7.15.1. Insufficient Cross-Site Request Forgery (CSRF) checks in the framework mode allow a remote attacker to bypass these protections on PUT, PATCH, and DELETE requests. This could lead to a low integrity impact, where an attacker might be able to perform unintended actions on behalf of a user. Modern browser security features, such as Cross-Origin Resource Sharing (CORS) preflight and SameSite cookies, significantly limit the practical exploitability of this vulnerability. Red Hat severity: Low — CVSS 3.1 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N). Weakness: CWE-352. Affected Red Hat products: Exploit Intelligence; Network Observability Operator; OpenShift Pipelines; Red Hat Ansible Automation Platform 2; Red Hat Data Grid 8; Red Hat OpenShift AI (RHOAI); Red Hat OpenShift Container Platform 4; Red Hat Quay 3; Red Hat Trusted Artifact Signer; Red Hat Trusted Profile Analyzer.
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.31, parse_form() did not validate the Content-Length header before using it to bound its chunked read of the request body. A negative Content-Length turned the bounded read into a read-until-EOF, so the entire body was loaded into memory in a single read instead of in fixed-size chunks. The realistic exposure is limited to bespoke WSGI or http.server handlers that forward raw client headers directly into parse_form(). Common frameworks such as Starlette and FastAPI do not call parse_form() directly and are not affected by this specific code path. Red Hat severity: Low — CVSS 3.7 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Weakness: CWE-400. Affected Red Hat products: Exploit Intelligence; Migration Toolkit for Applications 8; OpenShift Lightspeed; Red Hat AI Inference Server; Red Hat Ansible Automation Platform 2; Red Hat Enterprise Linux AI (RHEL AI) 3; Red Hat OpenShift AI (RHOAI); Red Hat OpenShift Virtualization 4; Red Hat Satellite 6. Red Hat lists OpenShift Lightspeed; Red Hat Hardened Images as not affected. Red Hat does not currently list a fixing RHSA for this CVE.
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, parse_options_header parsed Content-Disposition (and Content-Type) headers with email.message.Message, which transparently applies RFC 2231/5987 decoding. The extended parameter syntax (filename*=charset'lang'value, name*=..., and the filename*0/filename*1 continuation form) is decoded and surfaced under the bare filename/name key, and overrides the plain parameter when both are present. RFC 7578 §4.2 explicitly forbids the filename* form in multipart/form-data. Components that follow RFC 7578, or that do not implement RFC 2231/5987 decoding for multipart/form-data (WAFs, proxies, gateways), may interpret such a header differently. An attacker can exploit that difference to smuggle a different field name or filename past an upstream inspector to the backend. This vulnerability is fixed in 0.0.30. This vulnerability allows a remote attacker to bypass security controls by exploiting a difference in how Content-Disposition and Content-Type headers are parsed. Specifically, the parse_options_header function incorrectly applies RFC 2231/5987 decoding, which is forbidden for multipart/form-data. Red Hat severity: Low — CVSS 3.7 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Weakness: CWE-1286.
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, DigestAuthMiddleware can send an authentication response after following a cross-origin redirect. This likely requires an open redirect vulnerability or similar on the target domain for an attacker to be able to execute. Further, the attacker is only receiving the digest, so should only be able to extract the user's credentials if the cryptography is weak or there is some kind of password reuse. This vulnerability is fixed in 3.14.1. This could allow a remote attacker, in conjunction with an open redirect vulnerability on the target domain, to potentially extract a user's credentials if weak cryptography is used or if there is password reuse. This vulnerability primarily leads to information disclosure. Red Hat severity: Low — CVSS 3.1 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). Weakness: CWE-940. Affected Red Hat products: Exploit Intelligence; Migration Toolkit for Applications 8; OpenShift Lightspeed; Red Hat AI Inference Server; Red Hat Ansible Automation Platform 2; Red Hat Ansible Automation Platform Ansible Core 2; Red Hat Discovery 2; Red Hat Enterprise Linux AI (RHEL AI) 3; Red Hat OpenShift AI (RHOAI); Red Hat Satellite 6. Red Hat lists Red Hat Hardened Images as not affected. Red Hat does not currently list a fixing RHSA for this CVE.
Babel is a compiler for writing next generation JavaScript. Prior to 8.0.0-rc.6 and 7.29.6, @babel/core affected by an arbitrary file read via a sourceMappingURL comment. Using @babel/core to compile maliciously crafted code can allow an attacker to read any source map from the system that is running Babel, if the attacker controls the input source code, can read the output source code, and knows the path of the source map file that they want to read. This vulnerability is fixed in 8.0.0-rc.6 and 7.29.6. Red Hat rates this issue as having Low impact for Red Hat AI products. @babel/core is bundled only in build-time or developer UI tooling (dashboard, model registry, MLflow) and the arbitrary file read requires local access and attacker-controlled source map processing that is not exposed in normal production use. Red Hat severity: Low — CVSS 3.6 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N). Weakness: CWE-22.
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow a remote attacker to achieve remote code execution or conduct information disclosure attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-G5WP8vv <br/>Security Impact Rating: Critical <br/>CVE: CVE-2026-20181,CVE-2026-20190
Multiple NetApp products incorporate Golang. Golang versions through 1.25.10 and 1.26.0 through 1.26.3 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data, Denial of Service (DoS). Affected products: Data Infrastructure Insights Telegraf Agent, NetApp Kubernetes Monitoring Operator, Trident, Trident Protect. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
Bitnami Cassandra container images are affected by a retained default superuser vulnerability. When a custom administrator account is configured via the CASSANDRA_USER environment variable, the container initialization script creates the new superuser account but fails to drop the built-in cassandra account in certain scenarios. This leaves the default cassandra:cassandra superuser active as an unintended access path. Affected versions — Container image: 4.0.x prior to 4.0.20-photon-5-r7; 4.1.x prior to 4.1.11-photon-5-r7; 5.0.x prior to 5.0.8-photon-5-r4 / 5.0.8-debian-12-r3.
Bitnami MariaDB Galera container images and Helm chart are affected by a hardcoded default credential vulnerability in the Galera replication health-check user. The MARIADB_REPLICATION_USER and MARIADB_REPLICATION_PASSWORD environment variables defaulted to monitor and monitor respectively. This user is granted REPLICATION CLIENT privileges from any host ('%'). The Bitnami Helm chart for MariaDB Galera did not expose parameters to configure this user's credentials, resulting in all chart deployments using this publicly known credential by default. Affected versions — Container image: 10.6.x prior to 10.6.27-photon-5-r0; 10.11.x prior to 10.11.17-photon-5-r1; 11.4.x prior to 11.4.12-photon-5-r0; 11.8.x prior to 11.8.7-photon-5-r1; 12.3.x prior to 12.3.2-photon-5-r0 / 12.3.2-debian-12-r0. Helm chart: prior to 18.3.0.
setupBpmLogs follows symlink for bpm.log open and chown — container-to-host privilege escalation via /etc/shadow. A compromised process inside a bpm container can cause root to chown an arbitrary host file to vcap and append bpm JSON log lines to it. The chown alone lets the attacker take ownership of /etc/shadow and read every password hash on the host via the read-only /etc bind mount. This is a container-to-host confidentiality break affecting every bpm-managed job. Affected versions: bpm-release, all versions prior to v1.4.30.
Docker Sandboxes (sbx) blocks ICMP egress with an authorizer applied only at network-creation time, and does not re-apply it to networks rebuilt from disk when the Docker daemon restarts, so a restart-surviving sandbox forwards ICMP to arbitrary hosts. A workload inside a sandbox, which the threat model treats as untrusted, can therefore defeat the documented ICMP egress block to perform network reconnaissance and exfiltrate data over an ICMP covert channel, regardless of the configured allowlist.
Docker Sandboxes (sbx) enforces an HTTP/S-only egress allowlist but does not apply it to DNS resolution: the per-network embedded DNS server forwards any queried name to the host resolver whenever the network is internet-connected, without consulting the policy. A workload inside a sandbox, which the threat model treats as untrusted, can therefore encode data into DNS labels for an attacker-controlled domain and exfiltrate it through a DNS covert channel, bypassing the configured allowlist.
NGINX Open Source has a vulnerability in the ngx_http_v3_module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen a QPACK encoder stream. This may cause a Use-after-Free in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_proxy_v2_module and ngx_http_grpc_module modules. This vulnerability exists when the proxy_http_version to 2 or grpc_pass directives are used to proxy HTTP/2 traffic, the ignore_invalid_headers directive is set to off, and the large_client_header_buffers directive size is larger than 2 megabytes. A remote, unauthenticated attacker, along with conditions beyond their control, could send large headers while creating an upstream request. This may cause a heap-based buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Affected products named by the advisory: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9; Red Hat Hardened Images.
Multiple NetApp products incorporate OpenSSL. OpenSSL versions 4.0, 3.6, 3.5, 3.4, and 3.0 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information or addition or modification of data. Affected products: Active IQ Unified Manager for Linux, Active IQ Unified Manager for VMware vSphere, NetApp Console Agent Container (adc), NetApp Console Agent Container (cbs), NetApp Console Agent Container (cbs-backend), ONTAP Select Deploy administration utility. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition (CRD) access log format setting are rendered directly into NGINX configuration templates without sanitization or escaping. An authenticated attacker with permission to create or modify these CRDs may craft values that inject arbitrary NGINX configuration directives. This is a control plane issue; there is no data plane exposure from the vulnerability trigger itself. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.