VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
Advisories the vendor has revised
SSRF and local file read via user-supplied XML Schema (xml-with-schema:). Red Hat rates this important (CVSS 9.3). Weakness: CWE-918. Affected products named by the advisory: Red Hat Enterprise Linux; Red Hat OpenShift AI (RHOAI).
Arbitrary code execution or denial of service via integer overflow in RDP message processing. Red Hat rates this important (CVSS 8.8). Weakness: CWE-787. Affected products named by the advisory: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9.
Remote code execution via heap out-of-bounds write in RemoteFX decoding. Red Hat rates this important (CVSS 7.5). Weakness: CWE-787. Affected products named by the advisory: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9.
Localhost services exposed via IPv4-mapped IPv6 address bypass. Red Hat rates this important (CVSS 7.4). Weakness: CWE-289. Affected product named by the advisory: Red Hat Enterprise Linux.
Arbitrary code execution via SQL injection in HTTPS admin panel. Red Hat rates this important (CVSS 7.2). Weakness: CWE-89. Affected product named by the advisory: Red Hat Enterprise Linux.
CPU Denial of Service in HTML parser via repeated unterminated markup declarations. Red Hat rates this important (CVSS 7.5). Weakness: CWE-835. Red Hat lists fixing advisory RHSA-2026:37535 with package python3-12-main-3.12.13-3.5.hum1, python3-11-main-3.11.15-5.2.hum1, python3-14-main-3.14.6-1.3.hum1, python3-13-main-3.13.14-1.3.hum1. Affected products named by the advisory: Exploit Intelligence; Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9; and 4 more.
Command Injection via GPS device subtype allows arbitrary code execution. Red Hat rates this important (CVSS 7.8). Weakness: CWE-78. Affected products named by the advisory: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 9.
Local privilege escalation via symlink attack in guest-ssh-add-authorized-keys. Red Hat rates this important (CVSS 7.3). Weakness: CWE-61. Affected products named by the advisory: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7.
Remote Code Execution via unsafe deserialization in model loaders. Red Hat rates this important (CVSS 7.5). Weakness: CWE-502. Affected products named by the advisory: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 9; Red Hat Hardened Images; Red Hat OpenShift distributed tracing 3.
Arbitrary script execution via improper input sanitization. Red Hat rates this important (CVSS 7.3). Weakness: CWE-79. Affected products named by the advisory: Red Hat Enterprise Linux; OpenShift Pipelines; Red Hat OpenShift Container Platform 4.
Arbitrary file write via path traversal in SCP client. Red Hat rates this important (CVSS 8.1). Weakness: CWE-22. Affected product named by the advisory: Red Hat Enterprise Linux.
Denial of Service via repeated leafnode INFO messages during pre-authentication. Red Hat rates this important (CVSS 7.5). Weakness: CWE-476. Affected products named by the advisory: Red Hat Enterprise Linux; Red Hat Hardened Images.
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, when no_auth_user was configured, a parser fast path intended for ordinary client connections could also apply to route or leafnode listeners, allowing an unauthenticated peer to bypass inter-server CONNECT authentication and operate with the privileges associated with that connection type. This issue is fixed in versions 2.14.0, 2.12.7, and 2.11.16. A flaw was found in NATS Server. This allows an unauthenticated attacker on an adjacent network to bypass inter-server authentication. Consequently, the attacker can operate with the privileges of a trusted connection, leading to a high impact on data integrity. Red Hat severity: Important — CVSS 8.8 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L). Weakness: CWE-551. Red Hat lists Red Hat Hardened Images as not affected.
Denial of Service via unbounded decompression of HTTP response bodies. Red Hat rates this important (CVSS 7.5). Weakness: CWE-409. Affected products named by the advisory: Migration Toolkit for Applications 8; Red Hat Ansible Automation Platform 2; Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 8; and 3 more.
Directory traversal via crafted skill archive upload. Red Hat rates this important (CVSS 8.1). Weakness: CWE-22. Affected products named by the advisory: Red Hat Enterprise Linux; Exploit Intelligence; Lightspeed Core; Red Hat Ansible Automation Platform 2; and 1 more.
Arbitrary code execution and information disclosure via custom code guardrails. Red Hat rates this important (CVSS 7.2). Weakness: CWE-94. Affected products named by the advisory: Red Hat Enterprise Linux; Exploit Intelligence; Lightspeed Core; Red Hat Ansible Automation Platform 2; and 1 more.
HashiCorp memberlist: Denial of Service via push/pull state handling. Red Hat rates this important (CVSS 7.5). Weakness: CWE-770. Affected products named by the advisory: Logging Subsystem for Red Hat OpenShift; Multicluster Global Hub; Red Hat Advanced Cluster Management for Kubernetes 2; Red Hat Ansible Automation Platform 2; and 6 more.
@opentelemetry/propagator-jaeger: OpenTelemetry JavaScript: Denial of Service via malformed HTTP header decoding. Red Hat rates this important (CVSS 7.5). Weakness: CWE-248. Affected products named by the advisory: Red Hat Enterprise Linux; OpenShift Serverless; Red Hat Developer Hub; Self-service automation portal 2.
Go os.Root: Symlink following vulnerability allows directory traversal. Red Hat rates this important (CVSS 7.8). Weakness: CWE-59. Red Hat lists fixing advisory RHSA-2026:38493 with package golang-0:1.26.5-1.el10_2, buildah-2:1.43.1-4.el10_2, buildah-2:1.43.1-4.el9_8, golang-0:1.26.5-1.el9_8. Affected products named by the advisory: Red Hat Enterprise Linux 1; Red Hat Enterprise Linux 9. Affected products named by the advisory: Assisted Installer for Red Hat OpenShift Container Platform 2; Builds for Red Hat OpenShift; cert-manager Operator for Red Hat OpenShift; Compliance Operator; and 70 more.
Denial of Service via invalid binary POST requests. Red Hat rates this important (CVSS 7.5). Weakness: CWE-772. Red Hat lists fixing advisory RHSA-2026:37577 with package dotnet8-0-main-8.0.128-1.1.hum1. Affected products named by the advisory: Red Hat Hardened Images; Red Hat Enterprise Linux AI (RHEL AI) 3.