VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
624 advisories across 32 monitored vendors.
Denial of Service via malformed headers. Red Hat rates this moderate (CVSS 4.3). Weakness: CWE-248.
Arbitrary file opening and denial of service via exposed developer endpoints. Red Hat rates this moderate (CVSS 4.7). Weakness: CWE-940.
FGAP v2 parent group children endpoint bypasses per-child view permission filter. Red Hat rates this moderate (CVSS 4.3). Weakness: CWE-1220.
FGAP v2 client scope assignment bypass via ClientResource. Red Hat rates this moderate (CVSS 5.4).
FGAP v2 role groups endpoint discloses hidden group metadata without group view permission. Red Hat rates this moderate (CVSS 4.3).
off-by-one buffer overflows in ipa-otpd oauth2.c during OAuth2 device authorization. Red Hat rates this low (CVSS 4.2). Weakness: CWE-787.
Improper Restriction of XML External Entity Reference vulnerability in Apache Lucene.Net (Lucene.Net.Analysis.Common library). This issue affects Apache Lucene.Net.Analysis.Common: from 4.8.0-beta00005 before 4.8.0-beta00018. Users are recommended to upgrade to version 4.8.0-beta00018, which fixes the issue.
Information disclosure via incorrect .netrc password lookup. Red Hat rates this moderate (CVSS 4.8). Weakness: CWE-289. Red Hat lists fixing advisory RHSA-2026:34975 with package rust-main-1.96.1-1.hum1.
Cookie injection via malicious HTTP server using super cookies. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-565. Red Hat lists fixing advisory RHSA-2026:34975 with package rust-main-1.96.1-1.hum1.
Information disclosure via incorrect Digest authentication header reuse. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-201. Red Hat lists fixing advisory RHSA-2026:34975 with package rust-main-1.96.1-1.hum1.
Certificate validation bypass due to incorrect connection reuse. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-295. Red Hat lists fixing advisory RHSA-2026:34975 with package rust-main-1.96.1-1.hum1.
Use-after-free vulnerability leading to Denial of Service. Red Hat rates this moderate (CVSS 4.7). Weakness: CWE-825.
In exception circumstances, WatchGuard Fireware OS on a FireCluster may use a hard-coded encryption key to encrypt saved credentials for Access Portal resources. This vulnerability affects Fireware OS 12.1 up to and including 12.12 and 2025.1 up to and including 2026.2. This vulnerability does not affect devices that do not support the Access Portal feature or standalone Fireboxes not deployed in a FireCluster.
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS SIP Proxy module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-6947. This issue affects Fireware OS 12.0 up to and including 12.12, 12.5 up to and including 12.5.18, and 2025.1 up to and including 2026.2.
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS spamBlocker module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-1071. This issue affects Fireware OS 12.0 up to and including 12.12, 12.5 up to and including 12.5.18, and 2025.1 up to and including 2026.2.
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Autotask Technology Integration module) allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-13938. This issue affects Fireware OS 12.4 up to and including 12.12, 12.5 up to and including 12.5.18, and 2025.1 up to and including 2026.2.
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (ConnectWise Technology Integration module) allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-13937. This issue affects Fireware OS 12.4 up to and including 12.12, 12.5 up to and including 12.5.18, and 2025.1 up to and including 2026.2.
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Tigerpaw Technology Integration module) allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-13936. This issue affects Fireware OS 12.4 up to and including 12.12, 12.5 up to and including 12.5.18, and 2025.1 up to and including 2026.2.
Apache Tomcat versions 11.0.0-M1 through 11.0.22, 10.1.0-M1 through 10.1.55, 9.0.0.M1 through 9.0.118, 8.5.0 through 8.5.100, 7.0.0 through 7.0.109 are susceptible to vulnerabilities which when successfully exploited could lead to disclosure of sensitive information or addition or modification of data. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
Erlang OTP ssh: Denial of Service via infinite loop in SFTP channel. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-835.