VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
84 advisories across 32 monitored vendors.
ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the VIFF encoder when memory allocation fails. Attackers can trigger allocation failures by processing specially crafted VIFF images to exhaust available memory and cause denial of service. A flaw was found in ImageMagick. This vulnerability involves a memory leak within the VIFF encoder, a component responsible for handling image files. This action can exhaust available system memory, leading to a denial of service (DoS) where the system becomes unresponsive. Red Hat severity: Low — CVSS 2.9 (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Weakness: CWE-772. Under investigation: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7.
ImageMagick before 7.1.2-26 contains a policy bypass vulnerability in the APNG encoder and external delegates due to missing validation checks. Attackers can write files to disallowed paths by bypassing configured policy restrictions through the APNG encoding process. A flaw was found in ImageMagick. This could lead to unauthorized file creation or modification, potentially impacting system integrity. Red Hat severity: Low — CVSS 3.3 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). Weakness: CWE-22. Affected Red Hat products: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Will not fix / out of support: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Red Hat does not currently list a fixing RHSA for this CVE.
Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. Prior to 1.11.0, Apprise HTTP-based notification plugins and HTTP attachment and config loaders in apprise/attachment/http.py and apprise/config/http.py follow HTTP redirects by default and resend user-configured auth headers and query parameters on the redirected request, allowing a compromised trusted destination or on-path attacker to receive secrets such as Authorization headers, bearer tokens, custom headers, and service keys. This issue is fixed in version 1.11.0. A flaw was found in Apprise, an open-source library for sending notifications. This flaw affects the community-maintained python-apprise package as shipped in Fedora and EPEL. Red Hat does not ship Apprise in any core Red Hat product. Red Hat severity: Low — CVSS 3.1 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). Weakness: CWE-201.
ImageMagick before 7.1.2-18 contains a memory leak vulnerability in the META reader when processing APP1JPEG input paths. Attackers can trigger this memory leak by providing specially crafted APP1JPEG image files, causing denial of service through resource exhaustion. A flaw was found in ImageMagick. Successful exploitation leads to resource exhaustion, resulting in a denial of service (DoS) for the affected system. Red Hat severity: Low — CVSS 3.3 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). Weakness: CWE-772. Under investigation: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7.
A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The issue occurs during the parsing of a PAX extended header containing a malformed SUN.holesdata sparse-file attribute. Successful exploitation could lead to a denial of service, making the system unavailable, or potentially allow for arbitrary code execution, giving the attacker control over the affected system. Red Hat severity: Low — CVSS 3.9 (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L). Affected Red Hat products: Red Hat Hardened Images; Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9. Under investigation: Red Hat OpenShift Container Platform 4. Will not fix / out of support: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Red Hat fixing advisory: RHSA-2026:38279.
Misleading security logs due to incorrect control flow. Red Hat rates this low (CVSS 2.3). Weakness: CWE-778. Red Hat lists fixing advisory RHSA-2026:29203 with package tomcat11-main-11.0.23-0.1.hum1, tomcat10-main-10.1.56-1.hum1. Affected products named by the advisory: Red Hat Enterprise Linux; Red Hat Hardened Images.
Error condition not handled when configuring CRLs. Red Hat rates this low (CVSS 3.7). Weakness: CWE-390. Red Hat lists fixing advisory RHSA-2026:29203 with package tomcat11-main-11.0.23-0.1.hum1, tomcat10-main-10.1.56-1.hum1. Affected products named by the advisory: Red Hat Enterprise Linux; Red Hat Hardened Images.
Denial of service via heap-based buffer overflow in Bitcode File Handler. Red Hat rates this low (CVSS 3.3). Weakness: CWE-805. Red Hat lists fixing advisory RHSA-2026:7634 with package llvm21-main-21.1.8-6.hum1, llvm-main-21.1.8-1.1.hum1. Affected products named by the advisory: Red Hat Hardened Images; Red Hat AI Inference Server; Red Hat Enterprise Linux AI (RHEL AI) 3; Red Hat OpenShift AI (RHOAI).
Denial of Service via stack-based buffer overflow in StringMap::insert. Red Hat rates this low (CVSS 3.3). Weakness: CWE-120. Red Hat lists fixing advisory RHSA-2026:7634 with package llvm21-main-21.1.8-6.hum1, llvm-main-21.1.8-1.1.hum1. Affected products named by the advisory: Red Hat Enterprise Linux; Red Hat Hardened Images.
Unauthorized file metadata modification. Red Hat rates this low (CVSS 3.3). Weakness: CWE-279. Red Hat lists fixing advisory RHSA-2026:35272 with package nodejs20-main-20.20.2-1.hum1, nodejs:24-9080020260626074955.rhel9, nodejs:22-9080020260626075442.rhel9, nodejs25-main-25.9.0-1.1.hum1. Affected product named by the advisory: Red Hat Enterprise Linux 1. Affected products named by the advisory: Red Hat Enterprise Linux 10; Red Hat Hardened Images.
Local server can be started without network permission via Permission API flaw. Red Hat rates this low (CVSS 3.3). Weakness: CWE-648. Red Hat lists fixing advisory RHSA-2026:35272 with package nodejs20-main-20.20.2-1.hum1, nodejs25-main-25.9.0-1.1.hum1, nodejs26-main-26.4.0-1.3.hum1, nodejs22-main-22.23.1-2.hum1. Affected products named by the advisory: Red Hat Hardened Images; Red Hat Enterprise Linux.
When undici parses a Set-Cookie header, it accepts any SameSite attribute value that contains Strict, Lax, or None as a substring, rather than the case-insensitive exact match specified by RFC 6265. Non-spec values are silently mapped to one of the three standard tokens. For example, SameSite=NoneOfYourBusiness is parsed as None (the most permissive setting), and SameSite=StrictLax is parsed as Lax (a downgrade from Strict). Affected applications are those that consume Set-Cookie headers from server responses (for example via undici's fetch or proxy code paths) and then forward or rely on the parsed sameSite attribute. A malicious or non-compliant server can coerce the consumer's view of a cookie's SameSite policy to a weaker value, silently degrading the SameSite enforcement the cookie is supposed to provide. This was introduced in undici 5.15.0 when the cookies feature was added. Patches: Upgrade to undici v6.26.0, v7.28.0 or v8.5.0. Workarounds: After parsing a Set-Cookie header, validate that the resulting sameSite attribute is one of 'Strict', 'Lax', or 'None' (exact, case-insensitive) before forwarding or relying on it. A flaw was found in undici. When undici processes Set-Cookie headers, it incorrectly interprets the SameSite attribute, accepting partial matches instead of exact ones. This allows a malicious server to downgrade a cookie's SameSite policy to a less secure setting, potentially leading to unintended information disclosure or a weakening of security protections for the user. This Low impact flaw in undici, as used in various Red Hat products, arises from incorrect parsing of the `SameSite` cookie attribute. A malicious server could exploit this by sending a specially crafted `Set-Cookie` header, causing the `SameSite` policy to be downgraded to a less secure setting. This could lead to a minor weakening of security protections or unintended information disclosure in applications that process and rely on these cookie attributes. Red Hat severity: Low — CVSS 3.7 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Weakness: CWE-1286. Fixed by RHSA-2026:35841, RHSA-2026:35842 — update the affected packages (`sudo dnf update`). Affected Red Hat products: Red Hat Enterprise Linux 10.
Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can inject an unsolicited HTTP/1.1 response onto an idle socket after a request completes. When the client dispatches the next request on that socket, it associates the injected response with the new request, causing responses to be delivered to the wrong requests. This requires an attacker-controlled or compromised upstream HTTP/1.1 server and keep-alive connection reuse. Patches: Upgrade to undici v6.26.0, v7.28.0 or v8.5.0. Workarounds: Disable keep-alive connection reuse by setting keepAliveTimeout: 0 on the Client or Pool. A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici's HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket. Consequently, when the client dispatches a new request on that socket, it may associate the injected response with the new request, leading to responses being delivered to unintended recipients or requests. This could result in a low impact on data integrity. Low: A flaw in Undici's HTTP/1.1 client, as used in various Red Hat products, allows an attacker-controlled upstream server to inject unsolicited responses onto reused keep-alive sockets. This can lead to incorrect response delivery, potentially impacting data integrity, but requires a compromised server and active keep-alive connections. Red Hat severity: Low — CVSS 3.7 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Weakness: CWE-940. Fixed by RHSA-2026:35841, RHSA-2026:35842 — update the affected packages (`sudo dnf update`). Affected Red Hat products: Red Hat Enterprise Linux 10.
Denial-of-service in the Graphics: ImageLib component. Red Hat rates this low (CVSS 3.4). Weakness: CWE-1286. Affected package(s): firefox, thunderbird. Resolved in Red Hat advisory RHSA-2026:29940 — update the affected packages (`sudo dnf update`).
Incorrect boundary conditions in the Graphics: CanvasWebGL component. Red Hat rates this low (CVSS 3.4). Weakness: CWE-131. Affected package(s): firefox, thunderbird. Resolved in Red Hat advisory RHSA-2026:29940 — update the affected packages (`sudo dnf update`).
Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes. Red Hat rates this low (CVSS 3.7). Weakness: CWE-347. Affected package(s): insights-proxy/insights-proxy-container-rhel9:1782890503, rhui5/haproxy-rhel9:1781525671, openssl, rhui5/installer-rhel9:1781525693, rhui5/cds-rhel9:1781525684, discovery/discovery-ui-rhel9:1782166952. Resolved in Red Hat advisory RHSA-2026:29197 — update the affected packages (`sudo dnf update`).
Information disclosure due to user profile permission bypass. Red Hat rates this low (CVSS 2.7). Weakness: CWE-1220. Affected package(s): rhbk/keycloak-operator-bundle:26.4.13, rhbk/keycloak-rhel9-operator:26.4, rhbk/keycloak-rhel9, rhbk/keycloak-rhel9:26.4, rhbk/keycloak-operator-bundle:26.6.3, rhbk/keycloak-rhel9:26.6. Resolved in Red Hat advisory RHSA-2026:30049 — update the affected packages (`sudo dnf update`).
Privilege escalation in the Security component. Red Hat rates this low (CVSS 3.4). Weakness: CWE-266. Affected package(s): thunderbird, firefox. Resolved in Red Hat advisory RHSA-2026:26551 — update the affected packages (`sudo dnf update`).
Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component. Red Hat rates this low (CVSS 3.4). Affected package(s): thunderbird, firefox. Resolved in Red Hat advisory RHSA-2026:26551 — update the affected packages (`sudo dnf update`).
Mitigation bypass in the DOM: Security component. Red Hat rates this low (CVSS 3.4). Weakness: CWE-358. Affected package(s): thunderbird, firefox. Resolved in Red Hat advisory RHSA-2026:26551 — update the affected packages (`sudo dnf update`).