VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
535 advisories across 32 monitored vendors.
The Tempo Operator's gateway component failed to consistently apply namespace-scoped redaction on some query API response paths when query RBAC was enabled, allowing an authenticated user to read span attributes belonging to other tenants' namespaces. Affected product named by the advisory: Red Hat OpenShift distributed tracing 3.
ImageMagick before 7.1.2-26 contains a use-after-free vulnerability in the FormatMagickCaption method when memory allocation fails. Attackers can trigger memory allocation failures to cause a dangling pointer to reference freed memory, potentially enabling denial of service or code execution. A flaw was found in ImageMagick. Red Hat severity: Moderate — CVSS 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-825. Under investigation: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7.
ImageMagick before 7.1.2-26 and 6.9.13-51 is missing a check for the allowed memory allocation limit in matrix-backed operations such as -canny. An attacker can supply a crafted image that causes ImageMagick to allocate more memory than permitted by the configured policy, resulting in a denial of service. A flaw was found in ImageMagick. A remote attacker could provide a specially crafted image, causing the software to allocate more memory than permitted by its configuration. This can lead to a denial of service (DoS), making the system or application unavailable to legitimate users. Red Hat severity: Moderate — CVSS 5.5 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Weakness: CWE-770. Under investigation: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7.
ImageMagick before 7.1.2-26 contains a heap use-after-free vulnerability caused by missing null check when parsing XMP profiles. Attackers can craft malicious image files with specially crafted XMP data to trigger the vulnerability and cause application crashes. A flaw was found in ImageMagick. This vulnerability allows a remote attacker to cause the application to crash. The issue stems from improper handling of XMP (Extensible Metadata Platform) profiles within image files. By crafting a malicious image with specially designed XMP data, an attacker can trigger a heap use-after-free condition, leading to a denial of service. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Weakness: CWE-476. Affected Red Hat products: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Will not fix / out of support: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Red Hat does not currently list a fixing RHSA for this CVE.
ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the magnify operation that allows attackers to read out of bounds memory. An unrecognized magnify:method value triggers an out of bounds read, potentially exposing sensitive information or causing denial of service. A flaw was found in ImageMagick. This heap buffer overflow vulnerability, identified as CWE-122 (Heap-based Buffer Overflow), occurs in the magnify operation when processing an unrecognized `magnify:method` value. An attacker could exploit this by providing a specially crafted input, leading to an out-of-bounds read. This could potentially expose sensitive information or cause a denial of service (DoS) to the system. Red Hat severity: Moderate — CVSS 6.1 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H). Weakness: CWE-125. Under investigation: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7.
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Prior to 3.0.16, the multipart/form-data request body parser in libmodsecurity silently removes embedded line breaks from non-file form-field values before exporting them to ARGS and ARGS_POST because src/request_body_processor/multipart.cc overwrites reserved bytes in m_reserve instead of appending the current buffer. This creates a parser differential between ModSecurity and backend applications that preserve line breaks in form fields, allowing rules that inspect ARGS or ARGS_POST to miss payloads whose dangerous syntax depends on a line break. This issue is fixed in version 3.0.16. This bypass could lead to the execution of dangerous payloads that rely on line breaks, potentially resulting in a security compromise. This issue is classified as Moderate severity primarily because: Conditions for Exploitation: Successful exploitation requires a specific scenario where the backend application preserves line breaks and is inherently vulnerable to a payload that utilizes those line breaks. Additionally, the ModSecurity configuration must rely on rules inspecting the affected ARGS or ARGS_POST variables to allow the bypass to occur.
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. From 3.0.0 through 3.0.15, the t:utf8toUnicode transformation in src/actions/transformations/utf8_to_unicode.cc produces wrong output on i386 architecture because snprintf uses sizeof on a char pointer rather than the length of the unicode buffer, allowing rules that use this transformation to be bypassed on i386 architecture. This issue is fixed in version 3.0.16. The `t:utf8toUnicode` transformation function, responsible for converting UTF-8 encoded characters to Unicode, generates incorrect output on i386 architectures. This vulnerability allows an attacker to bypass WAF rules, potentially enabling malicious requests to reach the protected application. The consequence is a moderate integrity loss due to the circumvention of security controls. Conditions for Exploitation: Exploitation is strictly limited to 32-bit (i386) architectures, which reduces the likelihood of exploitation in typical deployments. Furthermore, it requires the ModSecurity configuration to actively use rules that rely on the affected transformation function. Impact Limitations: The vulnerability functions solely as a WAF rule bypass and does not directly cause privilege escalation, data corruption, or arbitrary code execution on the host system.
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0, FreeRDP server implementations with the MS-RDPECAM camera device enumerator channel enabled scan attacker-supplied DeviceName and VirtualChannelName fields for a NUL terminator in channels/rdpecam/server/camera_device_enumerator_main.c and then dereference once past the scan bound, allowing a malicious RDP client to trigger a 1- to 2-byte out-of-bounds heap read. This issue is fixed in version 3.28.0. A malicious RDP client can exploit this by manipulating the DeviceName and VirtualChannelName fields, which can lead to information disclosure and denial of service. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L). Weakness: CWE-125. Affected Red Hat products: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9. Will not fix / out of support: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Red Hat does not currently list a fixing RHSA for this CVE.
FreeRDP is a free implementation of the Remote Desktop Protocol. From 3.21.0 before 3.28.0, FreeRDP clients using the GFX pipeline contain an incomplete fix for CVE-2026-23530 in planar_decompress_plane_rle_only in libfreerdp/codec/planar.c, allowing a malicious RDP server to send a truncated RDPGFX_CMDID_WIRETOSURFACE_1 planar payload that reads one byte past the input buffer. This issue is fixed in version 3.28.0. FreeRDP clients using the Graphics (GFX) pipeline are vulnerable to an out-of-bounds read. A malicious RDP server can exploit this by sending a specially crafted, truncated RDPGFX_CMDID_WIRETOSURFACE_1 planar payload. This can lead to reading one byte beyond the intended buffer, potentially disclosing sensitive information or causing a denial of service. Red Hat severity: Moderate — CVSS 5.4 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L). Weakness: CWE-125. Affected Red Hat products: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9. Will not fix / out of support: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Red Hat does not currently list a fixing RHSA for this CVE.
GNU Wget does not validate the IP address provided by an FTP PASV response while operating in FTP passive mode. A malicious FTP server, or an HTTP server that redirects to an FTP URL, can exploit this behavior to redirect Wget’s data connection to an arbitrary IP address and port. This allows an attacker to forge server-side requests (SSRF) from the machine running Wget, potentially accessing localhost services or internal network resources. A flaw was found in Wget. Red Hat severity: Moderate — CVSS 5.9 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Weakness: CWE-918.
Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, the psd print sessions dump CLI command in coturn takes a filename argument and directly passes it to fopen with no path validation. An authenticated admin with CLI access can overwrite arbitrary files writable by the coturn process because the command string is used as-is after stripping the psd prefix and leading spaces, allowing truncation and overwrite with session dump data. This issue is fixed in version 4.13.0. An authenticated administrator with command-line interface (CLI) access could exploit a vulnerability in the `psd print sessions dump` command. This flaw allows the administrator to overwrite arbitrary files on the system that are writable by the Coturn process, potentially leading to data corruption or denial of service. This flaw affects the community-maintained coturn TURN/STUN server as shipped in Fedora and EPEL. Red Hat does not ship coturn in any core Red Hat product. Fedora and EPEL currently ship coturn 4.14.0, which already includes the fix released in 4.13.0, so the shipped builds are not vulnerable to this arbitrary file overwrite via the CLI psd command. Red Hat severity: Moderate — CVSS 6 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H). Weakness: CWE-22.
ImageMagick before 7.1.2-15 contains a use-after-free vulnerability in the PDB decoder that uses a stale pointer when memory allocation fails. Attackers can trigger this vulnerability by processing malicious PDB files to cause crashes or write a single zero byte to freed memory. A flaw was found in ImageMagick. This use-after-free vulnerability (CWE-416) exists within the PDB (Program Database) decoder. A remote attacker could exploit this by tricking a user into processing a specially crafted malicious PDB file. This could lead to a denial of service (DoS) due to application crashes or potentially allow for a single zero-byte write to freed memory, resulting in limited data corruption. Red Hat severity: Moderate — CVSS 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H). Weakness: CWE-825. Under investigation: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7.
A flaw was found in Vim, an open-source command-line text editor. The PHP omni-completion script improperly handles specially crafted input. When a victim opens a malicious PHP file and invokes omni-completion, an unescaped class or trait name can be interpreted as Ex commands. This allows a remote attacker to achieve arbitrary operating-system command execution. Red Hat Product Security has rated this vulnerability as having a Moderate impact. The requirement for a non-default configuration, combined with mandatory user interaction, significantly reduces the real-world risk." Red Hat severity: Moderate — CVSS 5.3 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L). Weakness: CWE-94. Affected Red Hat products: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9; Red Hat Hardened Images; Red Hat OpenShift Container Platform 4. Red Hat does not currently list a fixing RHSA for this CVE.
Vim is an open source, command line text editor. Prior to 9.2.0725, the single-byte branch of spell_soundfold_sal() in src/spell.c translates a word through a spell file's SAL sound-folding rules into a caller-owned result buffer, but its result writes are guarded with reslen < MAXWLEN, allowing reslen to reach MAXWLEN before res[reslen] = NUL writes one byte past the end of the MAXWLEN-element stack buffer. A boundary-length word passed to soundfold(), or reached via sound-based spell suggestion while a SAL-based spell language is active under a non-multibyte 8-bit encoding, can corrupt the eval_soundfold() stack frame and crash the editor. This issue is fixed in version 9.2.0725. An out-of-bounds write vulnerability in Vim's spell_soundfold_sal() function allows an attacker to corrupt memory and crash the editor (Denial of Service) by supplying a specially crafted word during spell sound-folding. This Moderate impact flaw in Vim's spell sound-folding feature can lead to a denial of service. This vulnerability primarily affects interactive users of the Vim text editor. Red Hat severity: Moderate — CVSS 5.5 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Weakness: CWE-787.
OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, OpenFGA's OIDC authenticator skipped JWT audience validation when authn.method was set to oidc, authn.oidc.issuer was configured, and authn.oidc.audience was not set, allowing a token minted for an unrelated service by the same identity provider to authenticate to OpenFGA. This issue is fixed in 1.18.0. Prior to 1.18.0, when OpenFGA is configured to use OIDC authentication (authn.method=oidc, authn.oidc.issuer set) but authn.oidc.audience is left unset, the JWT audience claim on incoming bearer tokens is not validated. As a result, a validly-signed OIDC access token issued by the same identity provider for a completely different, unrelated application can be accepted by OpenFGA as a valid credential, allowing an attacker holding such a token to authenticate to OpenFGA and perform unauthorized authorization queries or writes. An attacker who can obtain such a token, for example one issued to a lower-privileged or unrelated application at the same IdP, could use it to authenticate to OpenFGA and perform authorization queries or writes they should not be permitted to make. This flaw only affects deployments that explicitly enable OpenFGA's OIDC authentication method and leave --authn-oidc-audience unset.
OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, when MySQL is being used as the datastore and authorization decisions rely on case-sensitive user strings, the tuple, changelog, and authorization_model identifier columns can compare case-distinct values such as user:Alice and user:alice as equivalent, causing two distinct check requests to return the same response. This issue is fixed in 1.18.0. This can lead to improper policy enforcement, where two different authorization requests might receive the same, unintended response, potentially affecting access controls. Red Hat does not ship OpenFGA as a standalone product. The affected code is bundled inside Grafana's experimental "Zanzana" authorization engine (which vendors github.com/openfga/openfga as a Go dependency), and Grafana itself is embedded in Red Hat Ceph Storage's dashboard, Red Hat Advanced Cluster Management, Multicluster Global Hub, and RHEL's grafana package. Zanzana is disabled by default in upstream Grafana (feature toggle zanzana=false, experimental) and none of these embedding products expose it as a supported, user-configurable OpenFGA/MySQL-backed authorization server, which significantly limits real-world exposure even though the vulnerable dependency ships as part of the bundled code. Red Hat severity: Moderate — CVSS 5.4 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).
A security flaw has been discovered in enquirer up to 2.4.1. Affected is the function Enquirer.set of the component Public Package API. The manipulation of the argument question.name results in improperly controlled modification of object prototype attributes. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report. A flaw was found in enquirer, a command-line prompt tool. A remote attacker could exploit a vulnerability in the `Enquirer.set` function by manipulating the `question.name` argument. This improper handling of object prototype attributes can lead to prototype pollution, allowing an attacker to modify the behavior of an application. This could result in unexpected application behavior or potentially lead to further attacks. This could lead to unexpected application behavior in Red Hat products that use `enquirer` to process untrusted input, as an attacker could modify object attributes. The public availability of an exploit increases the risk. Red Hat severity: Moderate — CVSS 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). Weakness: CWE-915. Affected Red Hat products: OpenShift Pipelines; Red Hat Hardened Images; Red Hat OpenShift AI (RHOAI); Red Hat OpenShift Container Platform 4.
Impact: In body-parser versions prior to 1.20.6 (1.x line) and 2.3.0 (2.x line), when the parser is configured with an invalid limit option value such as an unparseable string or NaN, bytes.parse returns null and the request body size check is silently skipped. Applications that rely on limit as their primary safeguard against oversized request bodies will accept arbitrarily large payloads, leading to excessive memory and CPU usage and denial of service. After the fix, invalid limit values throw a clear error at parser construction time instead of silently disabling enforcement, while null and undefined continue to fall back to the default limit of 100kb. Workarounds: Validate the limit value before passing it to body-parser. For example, parse the value at startup and reject any configuration where the result is null or a non-finite number. This can lead to a Denial of Service (DoS) condition, making the application unavailable to legitimate users. Red Hat severity: Moderate — CVSS 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-770. Affected products named by the advisory: Confidential Compute Attestation; Cryostat 4; Gatekeeper 3; Migration Toolkit for Applications 8; and 30 more.
An integer overflow in the jbig2_arith_iaid_ctx_new() function of Artifex commit cc37d0 allows attackers to cause a Denial of Service (DoS) via a crafted input. A flaw was found in jbig2dec. This can lead to the affected system becoming unresponsive or crashing, disrupting its normal operation. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Weakness: CWE-190. Affected Red Hat products: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9. Red Hat does not currently list a fixing RHSA for this CVE.
JupyterLab Git is a Git extension for JupyterLab. Prior to 0.54.0, jupyterlab-git uses fnmatch.fnmatchcase() in GitHandler.prepare() in jupyterlab_git/handlers.py to enforce excluded_paths, allowing an authenticated user on a case-insensitive filesystem to vary URL path casing and read excluded directories. This issue is fixed in version 0.54.0. This vulnerability allows an authenticated user on a case-insensitive filesystem to bypass administrator-configured excluded paths by varying the case of the URL path segment. This bypass enables the user to read file content, view git status, logs, and diffs, and enumerate commits within directories that were intended to be excluded. The root cause is the unconditional case-sensitivity of the `fnmatch.fnmatchcase()` function used for path enforcement, which does not normalize paths for case-insensitive platforms. This Moderate impact flaw in JupyterLab Git, as deployed in Red Hat OpenShift AI, allows an authenticated user to bypass administrator-defined path exclusions on case-insensitive filesystems. By manipulating the casing of URL path segments, an attacker can gain unauthorized read access to sensitive Git repository information, including file content and commit history, from directories intended to be protected. This bypass occurs because the path enforcement mechanism does not account for filesystem case-insensitivity.