VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
Advisories the vendor has revised
Denial of Service via unbounded recursion in Markdown include directive. Red Hat rates this moderate (CVSS 5.3). Weakness: CWE-835. Affected product named by the advisory: Red Hat Enterprise Linux.
Brute-force attacks facilitated due to insufficient authentication delay. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-307. Red Hat lists fixing advisory RHSA-2026:37382 with package openssh-main-10.4p1-1.hum1. Affected products named by the advisory: Red Hat Enterprise Linux; Red Hat Hardened Images.
Denial of Service via excessive GSSAPI authentication attempts. Red Hat rates this moderate (CVSS 5.9). Weakness: CWE-307. Red Hat lists fixing advisory RHSA-2026:37382 with package openssh-main-10.4p1-1.hum1. Affected products named by the advisory: Red Hat Enterprise Linux; Red Hat Hardened Images.
OpenSSH sshd: Security bypass due to incorrect handling of forwarding and tunneling options. Red Hat rates this moderate (CVSS 5.9). Weakness: CWE-358. Red Hat lists fixing advisory RHSA-2026:37382 with package openssh-main-10.4p1-1.hum1. Affected products named by the advisory: Red Hat Enterprise Linux; Red Hat Hardened Images.
Undocumented GSSAPIStrictAcceptorCheck behavior impacts security in Windows Active Directory. Red Hat rates this moderate (CVSS 4.8). Weakness: CWE-909. Red Hat lists fixing advisory RHSA-2026:37382 with package openssh-main-10.4p1-1.hum1. Affected products named by the advisory: Red Hat Enterprise Linux; Red Hat Hardened Images.
SFTP security bypass due to command-line argument parsing flaw. Red Hat rates this moderate (CVSS 5.4). Weakness: CWE-88. Red Hat lists fixing advisory RHSA-2026:37382 with package openssh-main-10.4p1-1.hum1. Affected products named by the advisory: Red Hat Enterprise Linux; Red Hat Hardened Images.
sftp client allows attacker to control downloaded file location. Red Hat rates this moderate (CVSS 5.4). Weakness: CWE-22. Red Hat lists fixing advisory RHSA-2026:37382 with package openssh-main-10.4p1-1.hum1. Affected products named by the advisory: Red Hat Enterprise Linux; Red Hat Hardened Images.
GLX contextTags Use-After-Free in CommonMakeCurrent(). Red Hat rates this important (CVSS 6.5). Weakness: CWE-825. Red Hat lists fixing advisory RHSA-2026:38490 with package xorg-x11-server-Xwayland-0:24.1.9-4.el9_8.3, xorg-x11-server-Xwayland-0:24.1.9-4.el10_2.3. Affected products named by the advisory: Red Hat Enterprise Linux 9; Red Hat Enterprise Linux 1. Affected products named by the advisory: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8.
Jastow Cross-Site Scripting attack due to unsanitized URI. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-79. Red Hat lists fixing advisory RHSA-2026:36343 with package eap8-elytron-web-0:4.1.2-1.Final_redhat_00001.1.el10eap, eap8-jboss-ejb-client-0:5.0.8-1.Final_redhat_00001.1.el10eap, eap8-jandex-0:3.2.7-1.redhat_00001.1.el10eap, eap8-javaee-security-soteria-0:3.0.3-2.redhat_00001.1.el10eap. Affected product named by the advisory: Red Hat Enterprise Linux 1. Affected products named by the advisory: Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9; eap8-jboss-dmr; eap8-fge-btf; and 5 more.
Information disclosure via error messages containing sensitive data. Red Hat rates this important (CVSS 5.3). Weakness: CWE-209. Affected product named by the advisory: Red Hat Enterprise Linux.
Denial of Service via uncontrolled memory allocation in decodeFromByteBuffer. Red Hat rates this low (CVSS 5). Weakness: CWE-770. Red Hat lists fixing advisory RHSA-2026:26989 with package rust-main-1.96.1-1.hum1, netavark-main-2.0.0-1.hum1. Affected products named by the advisory: Red Hat Enterprise Linux; Red Hat Hardened Images.
Information disclosure via incorrect .netrc password lookup. Red Hat rates this moderate (CVSS 4.8). Weakness: CWE-289. Red Hat lists fixing advisory RHSA-2026:34975 with package rust-main-1.96.1-1.hum1. Affected products named by the advisory: Red Hat Enterprise Linux; Red Hat Hardened Images.
Cookie injection via malicious HTTP server using super cookies. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-565. Red Hat lists fixing advisory RHSA-2026:34975 with package rust-main-1.96.1-1.hum1. Affected products named by the advisory: Red Hat Enterprise Linux; Red Hat Hardened Images.
Information disclosure via incorrect Digest authentication header reuse. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-201. Red Hat lists fixing advisory RHSA-2026:34975 with package rust-main-1.96.1-1.hum1. Affected products named by the advisory: Red Hat Enterprise Linux; Red Hat Hardened Images; Red Hat OpenShift Dev Spaces; Red Hat Trusted Profile Analyzer.
Certificate validation bypass due to incorrect connection reuse. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-295. Red Hat lists fixing advisory RHSA-2026:34975 with package rust-main-1.96.1-1.hum1. Affected products named by the advisory: Red Hat Hardened Images; Red Hat Enterprise Linux 8; Red Hat JBoss Core Services.
ruby webrick through v1.9.2 WEBrick reparses trailer Content-Length into canonical request state, enabling request smuggling. NOTE: the Supplier reports that "The project README states that it is suitable for testing and development, and that its developers do not encourage its use to serve production web applications that may be subject to hostile input. It is not a production web server and is not intended to receive traffic from untrusted sources. Request smuggling is only reachable when WEBrick sits behind a proxy and receives hostile traffic in a production deployment, which is the configuration the project documents as discouraged." A flaw was found in WEBrick, a Ruby web server toolkit. This vulnerability allows a remote attacker to perform request smuggling by manipulating the Content-Length header in HTTP/1.1 requests. WEBrick incorrectly re-parses the trailer Content-Length, leading to a desynchronization between the proxy and the backend server. This desynchronization can enable an attacker to bypass security controls, access unauthorized information, or inject malicious requests. A flaw was found in WEBrick's chunked transfer encoding parser. When processing HTTP chunked requests, WEBrick reparses trailer fields into the main request header map without filtering.
containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a bug where the CRI plugin restores container.log from a checkpoint image without validating a symlinked path. This could result in reading an arbitrary file on the host via kubectl logs. This issue has been fixed in versions 2.3.2, 2.2.5 and 2.1.9. This vulnerability, categorized as a Path Traversal (CWE-61), allows an attacker to read arbitrary files on the host system by manipulating symlinked paths during the checkpoint restore process. This can lead to unauthorized information disclosure from the host. This vulnerability is not exploitable in several Red Hat products listed in the affect table. Although some shipped images include the containerd Go module (primarily v1.x, and in a few cases containerd v2.x API client libraries) as a build-time dependency for OCI image handling, they do not execute the containerd daemon or its CRI plugin. As a result, the vulnerable containerd CRI checkpoint-restore code path is not exercised. Red Hat severity: Important — CVSS 6.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N). Weakness: CWE-59. Affected Red Hat products: Red Hat Hardened Images; Exploit Intelligence; MCP Server for Red Hat OpenShift; Migration Toolkit for Virtualization; OpenShift Serverless; Red Hat Ceph Storage 6; Red Hat Ceph Storage 9; Red Hat Openshift Data Foundation 4.
containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a vulnerability in the CRI checkpoint import process where it fails to validate the image references specified within a checkpoint image's configuration. An attacker with permissions to create pods can use a crafted checkpoint image to force containerd to pull a malicious image and assign it an arbitrary local tag, thereby poisoning the node's local image cache. Subsequently, if other pods on the same node attempt to use the poisoned tag with an IfNotPresent (or Never) pull policy, they will unknowingly execute the attacker's malicious image instead of the legitimate one. This can lead to a compromise of the affected pods, allowing the attacker to execute arbitrary code under the victim pod's identity. This issue has been fixed in versions 2.3.2, 2.2.5 and 2.1.9. Red Hat products include the containerd Go module (v1.x) as a library dependency. Red Hat severity: Moderate — CVSS 6.7 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). Weakness: CWE-1289. Affected Red Hat products: Red Hat Hardened Images.
containerd is an open-source container runtime. Versions prior to 1.7.33, 2.0.10, 2.1.9, 2.2.5 and 2.3.2, contain a vulnerability that allows a maliciously crafted image to cause a Denial of Service (DoS) condition. When creating a container from this image, memory exhaustion occurs, leading to an Out Of Memory (OOM) kill of the containerd process. This renders the container runtime API unavailable and can disrupt clients such as the Docker Engine or Kubernetes control-plane components. This issue has been fixed in versions 1.7.33, 2.0.10, 2.1.9, 2.2.5 and 2.3.2. A remote attacker could exploit this vulnerability by providing a maliciously crafted image. When a container is created from this image, it leads to uncontrolled resource consumption and memory exhaustion, causing the containerd process to terminate. While containerd libraries are bundled in some images for OCI image operations (e.g., estargz support via skopeo), the containerd daemon and its CRI plugin (where the vulnerable group-parsing code path exists) are not executed. Therefore, this vulnerability is not exploitable in Red Hat products. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-770. Affected Red Hat products: Red Hat Hardened Images. Under investigation: Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9.
A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomy_scope controller method does not properly validate organization and location IDs from nested request parameters, bypassing existing authorization checks. This allows the user to leak sensitive infrastructure metadata, including subnet topology, IP ranges, gateways, DNS servers, and VLAN IDs, from organizations and locations they are not authorized to access. Red Hat severity: Moderate — CVSS 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). Weakness: CWE-639. Affected Red Hat products: Red Hat Satellite 6.16 for RHEL 8; Red Hat Satellite 6.16 for RHEL 9; Red Hat Satellite 6.17 for RHEL 9; Red Hat Satellite 6.18 for RHEL 9; Red Hat Satellite 6.19 for RHEL 9; Red Hat Satellite 6. Red Hat fixing advisory: RHSA-2026:34367, RHSA-2026:34366, RHSA-2026:34368, RHSA-2026:34365.