← Browse

Red Hat

300 CVEs
CVE IDSeverityProduct / summaryPublished
CVE-2026-14258 MEDIUM 6.5 Red Hat Enterprise Linux 10 — A flaw was found in dhcpcd's IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6… 2026-07-01 CVE-2026-14324 MEDIUM 6.5 Red Hat Enterprise Linux 10 — RAOP module accepts unbounded Content-Length values and does not check the pw_array_add() return. 2026-07-01 CVE-2026-14330 MEDIUM 5.5 Red Hat Enterprise Linux 10 — Multiple unbounded alloca() calls in the PulseAudio protocol server. 2026-07-01 CVE-2026-23537 CRITICAL 9.1 Feast Feature Server — A vulnerability has been identified in the Feast Feature Server’s `/save-document` endpoint that allows an una… 2026-07-01 CVE-2026-5135 MEDIUM 6.5 Red Hat Satellite 6.16 For Rhel 8 — A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-e… 2026-07-01 CVE-2026-5136 HIGH 8.8 Red Hat Satellite 6.16 For Rhel 8 — A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments agains… 2026-07-01 CVE-2026-5138 MEDIUM 4.3 Red Hat Satellite 6.16 For Rhel 8 — A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant inf… 2026-07-01 CVE-2026-5142 MEDIUM 6.5 Red Hat Satellite 6.16 For Rhel 8 — A flaw was found in foreman. Authenticated users with 'view_keypairs' permission can bypass taxonomy scoping, … 2026-07-01 CVE-2026-12388 MEDIUM 6.5 Red Hat Build Of Keycloak — A flaw was found in the Identity Provider (IdP) mapper component of Keycloak, which is used to manage how user… 2026-06-30 CVE-2026-12610 MEDIUM 6.4 Red Hat Enterprise Linux 10 — A flaw was found in sssd. When authenticating with a YubiKey, the SSSD PAM responder can crash due to a use-af… 2026-06-30 CVE-2026-13316 MEDIUM 4.4 Red Hat Satellite 6 — A flaw has been found in foreman when HTTP parameters are modified in http_proxies_controller and http_proxy f… 2026-06-30 CVE-2026-14164 HIGH 7.5 Red Hat Hardened Images — A double free issue has been identified in libarchive's RAR5 reader. During parsing of a specially crafted RAR… 2026-06-30 CVE-2026-14209 MEDIUM 4.3 Red Hat Build Of Keycloak — A vulnerability was discovered in Keycloak's Admin UI extension that allows certain administrative users to by… 2026-06-30 CVE-2026-4629 MEDIUM 6.5 Red Hat Build Of Keycloak — A flaw was found in Keycloak. A highly privileged user with `manage-clients` permission can exploit this vulne… 2026-06-30 CVE-2026-58010 MEDIUM 6.5 Glib — A flaw was found in GLib. An off-by-one error can occur in the gvs_tuple_is_normal function in the glib/gvaria… 2026-06-30 CVE-2026-58011 MEDIUM 6.5 Glib — A flaw was found in GLib. An out-of-bounds read of only 2 bytes can occur in the g_date_time_get_ymd function …● PoC 2026-06-30 CVE-2026-58012 MEDIUM 6.5 Glib — A flaw was found in GLib. A buffer over-read can occur in the g_regex_replace function when used with the `G_R… 2026-06-30 CVE-2026-58013 MEDIUM 6.5 Glib — A flaw was found in GLib. A buffer over-read can occur in g_io_channel_read_line_backend() in the giochannel.c… 2026-06-30 CVE-2026-58014 HIGH 7.3 Glib — A flaw was found in GLib. An off-by-one error can occur in the g_key_file_get_locale_string_list function in t… 2026-06-30 CVE-2026-58015 MEDIUM 5.9 Glib — A flaw was found in GLib. The D-Bus client-side implementation of the DBUS_COOKIE_SHA1 SASL authentication mec… 2026-06-30 CVE-2026-58016 HIGH 7.5 Glib — A flaw was found in GLib. A state confusion issue exists in g_dbus_node_info_new_for_xml() in the gio/gdbusint… 2026-06-30 CVE-2026-12856 HIGH 8.8 Red Hat Openshift Dev Spaces — A flaw was found in the vscode-java extension, which provides Java language support for Visual Studio Code. Th… 2026-06-29 CVE-2026-12912 HIGH 7.3 Red Hat Enterprise Linux 10 — A flaw was found in libtiff. A remote attacker could exploit this vulnerability by providing a specially craft… 2026-06-29 CVE-2026-13595 MEDIUM 6.8 Red Hat Hardened Images — A flaw was found in the libblkid library of util-linux. During nested partition probing, the BSD, Minix, Solar… 2026-06-29 CVE-2026-13601 HIGH 7.1 Red Hat Enterprise Linux 6 — A flaw was found in Yelp due to an overly permissive Content Security Policy (CSP) implementation provided by … 2026-06-29 CVE-2026-13676 HIGH 7.5 Fast Uri — fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode (IDN) hostnames for HTTP-family U… 2026-06-29 CVE-2026-13757 MEDIUM 6.2 Red Hat Enterprise Linux 10 — A flaw was found in p11-kit. The RPC message attribute parsing functions p11_rpc_message_get_attribute() and p… 2026-06-29 CVE-2026-54369 HIGH 8.4 Acl — acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions acl… 2026-06-29 CVE-2026-54371 HIGH 8.4 Attr — attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr utilities th… 2026-06-29 CVE-2026-57965 MEDIUM 5.1 Red Hat Enterprise Linux 10 — A flaw was found in spice-vdagent. A malicious or compromised SPICE host can trigger an integer overflow by se… 2026-06-29 CVE-2026-57966 MEDIUM 4.4 Red Hat Enterprise Linux 10 — A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE h… 2026-06-29 CVE-2026-58049 HIGH 8.8 Ffmpeg — FFmpeg's RASC video decoder (decode_dlta in libavcodec/rasc.c) performs 32-bit reads and writes at the row cur…● PoC 2026-06-28 CVE-2026-13322 LOW 3.8 Red Hat Openshift Virtualization 4 — A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using te… 2026-06-26 CVE-2026-13325 HIGH 8.5 Red Hat Openshift Virtualization 4 — A flaw was found in KubeVirt's migration proxy. When spec.configuration.migrations.disableTLS is set to true o… 2026-06-26 CVE-2026-13434 MEDIUM 4.9 Red Hat Openshift Virtualization 4 — A flaw was found in KubeVirt's network annotation generator. When a tenant creates a VirtualMachineInstance wi… 2026-06-26 CVE-2026-47220 HIGH 7.5 Envoy — Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.… 2026-06-26 CVE-2026-48933 HIGH 7.5 Node — A flaw in Node.js WebCrypto implementation can crash the process if the input of `subtle.encrypt()` is a multi… 2026-06-26 CVE-2026-53281 HIGH 8.8 Linux — In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Avoid NULL pointer dereferenc… 2026-06-26 CVE-2026-53322 HIGH 8.8 Linux — In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Clean up DMABUFs before disabli… 2026-06-26 CVE-2026-57915 HIGH 7.3 Apache Kerby — It is possible to bypass the Kerberos pre-authentication check in Apache Kerby by sending a PA-DATA with an un… 2026-06-26 CVE-2026-11800 HIGH 8.1 Red Hat Build Of Keycloak 26.6 — A flaw was found in Keycloak. This JWT algorithm confusion vulnerability in the JWT Authorization Grant flow a… 2026-06-25 CVE-2026-12975 HIGH 8.5 Red Hat Build Of Apicurio Registry 3 — A flaw was found in Apicurio Registry. The ContentTypeUtil.isParsableXml() method creates a SAXParserFactory w… 2026-06-25 CVE-2026-12992 HIGH 7.4 Red Hat Build Of Apicurio Registry 3 — A flaw was found in Apicurio Registry. The WSDLReaderAccessor creates a wsdl4j WSDLReader without disabling th… 2026-06-25 CVE-2026-12993 MEDIUM 6.5 Red Hat Build Of Apicurio Registry 3 — A flaw was found in Apicurio Registry. The DocumentBuilderAccessor correctly blocks external DTD and schema ac… 2026-06-25 CVE-2026-13083 MEDIUM 6.9 Pen Drive Powered By Red Hat Lightspeed — A flaw was found in the Pen Drive report generator. Cluster-sourced data is rendered into HTML reports without… 2026-06-25 CVE-2026-13218 MEDIUM 4.2 Red Hat Openshift Virtualization 4 — A flaw was found in KubeVirt's virt-handler network cache handling. The WriteToCachedFile function writes data… 2026-06-25 CVE-2026-13318 MEDIUM 6.4 Red Hat Openshift Virtualization 4 — A server-side request forgery (SSRF) flaw was found in KubeVirt's virt-api port-forward handler. When processi… 2026-06-25 CVE-2026-53143 HIGH 7 Linux — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix buffer overflow in SDMA q… 2026-06-25 CVE-2026-53145 HIGH 7.8 Linux — In the Linux kernel, the following vulnerability has been resolved: drm/gem: Try to fix change_handle ioctl, … 2026-06-25 CVE-2026-53148 HIGH 7 Linux — In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Clamp XDomain response data … 2026-06-25 CVE-2026-53153 HIGH 7.8 Linux — In the Linux kernel, the following vulnerability has been resolved: mm/list_lru: drain before clearing xarray… 2026-06-25 CVE-2026-53175 CRITICAL 9.8 Linux — In the Linux kernel, the following vulnerability has been resolved: inet: frags: fix use-after-free caused by… 2026-06-25 CVE-2026-53176 CRITICAL 9.8 Linux — In the Linux kernel, the following vulnerability has been resolved: IB/isert: Reject login PDUs shorter than … 2026-06-25 CVE-2026-53185 HIGH 7.8 Linux — In the Linux kernel, the following vulnerability has been resolved: zram: fix use-after-free in zram_bvec_wri… 2026-06-25 CVE-2026-53194 HIGH 7.8 Linux — In the Linux kernel, the following vulnerability has been resolved: USB: serial: kl5kusb105: fix bulk-out buf… 2026-06-25 CVE-2026-53196 MEDIUM 6.8 Linux — In the Linux kernel, the following vulnerability has been resolved: USB: serial: io_ti: fix heap overflow in … 2026-06-25 CVE-2026-53202 HIGH 7.8 Linux — In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix signed integer truncation… 2026-06-25 CVE-2026-53203 HIGH 7.1 Linux — In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Add buffer overflow check in … 2026-06-25 CVE-2026-53277 HIGH 8.8 Linux — In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Take the SRCU lock for page t… 2026-06-25 CVE-2026-9083 MEDIUM 4.9 Red Hat Build Of Keycloak 26.4 — A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vulnerabilit… 2026-06-25 CVE-2026-9086 HIGH 7.3 Red Hat Build Of Keycloak 26.4 — A flaw was found in Keycloak. A remote attacker with administrative privileges, specifically those with `manag… 2026-06-25 CVE-2026-9099 HIGH 7.7 Red Hat Build Of Keycloak 26.4 — A flaw was found in Keycloak. A missing authorization check in the GroupResource.addChild() endpoint within th… 2026-06-25 CVE-2026-9705 MEDIUM 6.5 Red Hat Build Of Keycloak 26.4 — A flaw was found in Keycloak's client registration service. A remote attacker, possessing a previously issued … 2026-06-25 CVE-2026-9799 MEDIUM 4.6 Red Hat Build Of Keycloak 26.4 — A flaw was found in org.keycloak.authorization. An authenticated user with a granted User-Managed Access (UMA)… 2026-06-25 CVE-2026-9800 HIGH 8.1 Red Hat Build Of Keycloak 26.4 — A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all a… 2026-06-25 CVE-2026-11998 HIGH 7.6 Angularjs — A flaw in AngularJS' Strict Contextual Escaping (SCE) logic allows bypassing certain SCE policies for resource…● PoC 2026-06-24 CVE-2026-13201 HIGH 7.3 Red Hat Openshift Virtualization 4 — A flaw was found in KubeVirt's safepath package used by virt-handler. The OpenAtNoFollow function uses O_PATH|… 2026-06-24 CVE-2026-13208 MEDIUM 6.5 Red Hat Openshift Virtualization 4 — A flaw was found in KubeVirt's virt-handler domain notify server. The gRPC handlers for HandleDomainEvent and … 2026-06-24 CVE-2026-2050 HIGH 7.8 Gimp — GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allow… 2026-06-24 CVE-2026-44016 HIGH 8.2 Docling — Docling simplifies document processing by parsing diverse formats and providing integrations with the generati… 2026-06-24 CVE-2026-44017 HIGH 7.5 Docling — Docling simplifies document processing by parsing diverse formats and providing integrations with the generati… 2026-06-24 CVE-2026-44020 HIGH 7.5 Docling — Docling simplifies document processing by parsing diverse formats and providing integrations with the generati… 2026-06-24 CVE-2026-49851 HIGH 8.7 Mistune — Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Mistune is vulnerable to a CPU… 2026-06-24 CVE-2026-49980 CRITICAL 9.8 Rclone — Rclone is a command-line program to sync files and directories to and from different cloud storage providers. … 2026-06-24 CVE-2026-52923 HIGH 7.8 Linux — In the Linux kernel, the following vulnerability has been resolved: ipc: limit next_id allocation to the vali… 2026-06-24 CVE-2026-52924 CRITICAL 9.8 Linux — In the Linux kernel, the following vulnerability has been resolved: sctp: purge outqueue on stale COOKIE-ECHO… 2026-06-24 CVE-2026-52943 HIGH 7.8 Linux — In the Linux kernel, the following vulnerability has been resolved: net: skbuff: fix missing zerocopy referen… 2026-06-24 CVE-2026-52950 HIGH 7.8 Linux — In the Linux kernel, the following vulnerability has been resolved: drm/xe/dma-buf: fix UAF with retry loop … 2026-06-24 CVE-2026-52951 HIGH 7.8 Linux — In the Linux kernel, the following vulnerability has been resolved: drm/xe/dma-buf: handle empty bo and UAF r… 2026-06-24 CVE-2026-52952 HIGH 8.8 Linux — In the Linux kernel, the following vulnerability has been resolved: iommu: Fix WARN_ON in __iommu_group_set_d… 2026-06-24 CVE-2026-52955 CRITICAL 9.8 Linux — In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds acce… 2026-06-24 CVE-2026-52969 HIGH 7 Linux — In the Linux kernel, the following vulnerability has been resolved: KVM: Reject wrapped offset in kvm_reset_d… 2026-06-24 CVE-2026-52972 HIGH 7 Linux — In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Cap AEAD AD length to 0x… 2026-06-24 CVE-2026-52973 HIGH 7.8 Linux — In the Linux kernel, the following vulnerability has been resolved: futex: Drop CLONE_THREAD requirement for … 2026-06-24 CVE-2026-52976 HIGH 7.8 Linux — In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix error cleanup in xe_exec_queu… 2026-06-24 CVE-2026-52987 HIGH 7.8 Linux — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: avoid double drm_exec_fini() … 2026-06-24 CVE-2026-52989 CRITICAL 9.8 Linux — In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: propagate nvmet_tcp_build_pdu_… 2026-06-24 CVE-2026-52991 HIGH 7.8 Linux — In the Linux kernel, the following vulnerability has been resolved: sched/psi: fix race between file release … 2026-06-24 CVE-2026-52993 CRITICAL 9.8 Linux — In the Linux kernel, the following vulnerability has been resolved: tipc: fix double-free in tipc_buf_append(… 2026-06-24 CVE-2026-53000 HIGH 7.8 Linux — In the Linux kernel, the following vulnerability has been resolved: netfilter: nat: use kfree_rcu to release … 2026-06-24 CVE-2026-53002 CRITICAL 9.8 Linux — In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: remove sprintf usag… 2026-06-24 CVE-2026-53006 CRITICAL 9.8 Linux — In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible UAF in icmpv6_rcv() C… 2026-06-24 CVE-2026-53009 HIGH 7.8 Linux — In the Linux kernel, the following vulnerability has been resolved: ice: fix double-free of tx_buf skb If ic… 2026-06-24 CVE-2026-53016 HIGH 7.8 Linux — In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - copy IV using skcipher ivsi… 2026-06-24 CVE-2026-53033 HIGH 7.8 Linux — In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Take state lock for af_unix… 2026-06-24 CVE-2026-53059 HIGH 7 Linux — In the Linux kernel, the following vulnerability has been resolved: dm log: fix out-of-bounds write due to re… 2026-06-24 CVE-2026-53071 HIGH 8.8 Linux — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: Add missing chan lock i… 2026-06-24 CVE-2026-53081 HIGH 7.8 Linux — In the Linux kernel, the following vulnerability has been resolved: bpf: Enforce regsafe base id consistency … 2026-06-24 CVE-2026-53085 HIGH 7.8 Linux — In the Linux kernel, the following vulnerability has been resolved: bpf: fix mm lifecycle in open-coded task_… 2026-06-24 CVE-2026-53090 HIGH 7.8 Linux — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix ld_{abs,ind} failure path analys… 2026-06-24 CVE-2026-53091 HIGH 8.4 Linux — In the Linux kernel, the following vulnerability has been resolved: net: pull headers in qdisc_pkt_len_segs_i… 2026-06-24 CVE-2026-53092 HIGH 7.8 Linux — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix linked reg delta tracking when s… 2026-06-24 CVE-2026-54297 HIGH 7.5 Faraday — Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. From … 2026-06-24 CVE-2026-56121 CRITICAL 9.3 Feast — Feast before 0.63.0 contains an unsafe deserialization vulnerability that allows unauthenticated or unauthoriz…● PoC 2026-06-24 CVE-2026-57281 HIGH 7.5 Jenkins Script Security Plugin — Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not reject Groovy AST transformation annota… 2026-06-24 CVE-2026-10609 MEDIUM 6.8 Logging Subsystem For Red Hat Openshift — A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and for… 2026-06-23 CVE-2026-11807 CRITICAL 9.6 Red Hat Ansible Automation Platform 2.5 For Rhel 8 — A missing authorization vulnerability was found in the Event-Driven Ansible (EDA) websocket API. The /api/eda/… 2026-06-23 CVE-2026-11819 MEDIUM 5.5 Red Hat Enterprise Linux 10 — Module: plugins/modules/keyring_info.py CVSS 3.1: 5.5 MEDIUM — AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Issue: …● PoC 2026-06-23 CVE-2026-11820 MEDIUM 6.5 Red Hat Enterprise Linux 10 — A flaw was found in the community.general Ansible collection's nexmo module. The module constructs HTTP reques… 2026-06-23 CVE-2026-12112 HIGH 7.8 Red Hat Satellite 6.19 — A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauth… 2026-06-23 CVE-2026-12891 MEDIUM 4.3 Red Hat Enterprise Linux 10 — A flaw was found in the GStreamer gst-plugins-bad package. When processing a malformed H.266/VVC video stream … 2026-06-23 CVE-2026-12892 MEDIUM 4.4 Red Hat Enterprise Linux 10 — A flaw was found in GStreamer's gst-plugins-bad package. When processing a specially crafted H.264 video file … 2026-06-23 CVE-2026-12969 MEDIUM 5.3 Red Hat Enterprise Linux 10 — An out-of-bounds read vulnerability exists in dnsmasq's find_soa() function in src/rfc1035.c. When parsing NS … 2026-06-23 CVE-2026-48020 HIGH 7.8 Traefik — Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.48, 3.6.19, and 3.7.3, there is a high sever… 2026-06-23 CVE-2026-48491 HIGH 7.8 Traefik — Traefik is an HTTP reverse proxy and load balancer. From 3.7.0 until 3.7.3, there is a high severity vulnerabi… 2026-06-23 CVE-2026-52845 HIGH 8.1 Caddy — Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, forward_auth copy_headers de… 2026-06-23 CVE-2026-53622 HIGH 7.8 Traefik — Traefik is an HTTP reverse proxy and load balancer. Prior to 3.7.3, there is a critical vulnerability in Traef… 2026-06-23 CVE-2026-54513 HIGH 8.1 Jackson Databind — jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Proce… 2026-06-23 CVE-2026-55653 MEDIUM 4.3 Red Hat Enterprise Linux 10 — A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hell… 2026-06-23 CVE-2026-55654 LOW 3.7 Red Hat Enterprise Linux 10 — A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds read, occurs during the cleanup of GSSAP… 2026-06-23 CVE-2026-55655 MEDIUM 5 Red Hat Enterprise Linux 10 — A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 f… 2026-06-23 CVE-2026-56379 N/A 0 Imagemagick — ImageMagick before 7.1.2-15 and 6.9.13-40 contains a command injection vulnerability in the SVG decoder that a… 2026-06-23 CVE-2026-9073 MEDIUM 6.2 Red Hat Satellite 6.19 — A flaw was found in foreman-mcp-server. This component utilizes two distinct logging mechanisms that can expos… 2026-06-23 CVE-2025-61018 HIGH 7.5 Red Hat Enterprise Linux 7 — An issue in the sqlo_place_dt_set component of openlink virtuoso-opensource v7.2.11 allows attackers to cause … 2026-06-23 CVE-2025-61020 HIGH 7.5 Red Hat Enterprise Linux 7 — An issue in the sqlo_strip_in_join component of openlink virtuoso-opensource v7.2.11 allows attackers to cause… 2026-06-23 CVE-2025-61023 HIGH 7.5 Red Hat Enterprise Linux 7 — An issue in the st_compare component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denia… 2026-06-23 CVE-2025-61028 HIGH 7.5 Red Hat Enterprise Linux 7 — An issue in the time_t_to_dt component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Den… 2026-06-23 CVE-2026-12549 MEDIUM 4.8 Red Hat Enterprise Linux 10 — The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks w… 2026-06-22 CVE-2026-12725 MEDIUM 5.9 Red Hat Enterprise Linux 10 — A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and query logging are both enabled, … 2026-06-22 CVE-2026-41523 HIGH 7.5 Vllm — vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.0, an assert-based sec… 2026-06-22 CVE-2026-44727 CRITICAL 9.3 Jupyter Server — Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handlers in jupy… 2026-06-22 CVE-2026-46417 HIGH 8.8 Angular — Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript… 2026-06-22 CVE-2026-48746 CRITICAL 9.1 Vllm — vLLM is an inference and serving engine for large language models (LLMs). From 0.3.0 until 0.22.0, a vulnerabi… 2026-06-22 CVE-2026-49468 CRITICAL 9.5 Litellm — LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.84.0, This v… 2026-06-22 CVE-2026-50556 HIGH 8.6 Angular — Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript… 2026-06-22 CVE-2026-54099 HIGH 8.8 Red Hat Openshift Container Platform 4 — A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform. The W… 2026-06-22 CVE-2026-54100 HIGH 8.3 Red Hat Openshift Container Platform 4 — A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform. WMCO … 2026-06-22 CVE-2026-54293 HIGH 7.5 Nltk — NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting … 2026-06-22 CVE-2026-12773 MEDIUM 6.9 Litellm — A weakness has been identified in BerriAI litellm up to 1.59.8. Affected is the function UserAPIKeyAuth of the…● PoC 2026-06-21 CVE-2026-56340 HIGH 8.7 Vllm — vLLM versions >= 0.10.2 and < 0.13.0 are missing sparse tensor validation in multimodal embeddings processing.… 2026-06-20 CVE-2026-12706 MEDIUM 6.5 Red Hat Enterprise Linux Ai (Rhel Ai) 3 — A use-after-free vulnerability was found in FFmpeg's RASC video decoder. The decode_move() function initialize… 2026-06-19 CVE-2026-12726 MEDIUM 6.3 Red Hat Ansible Automation Platform 2 — A flaw was found in the AWX GitHub webhook integration. When processing GitHub pull_request webhooks, the cont… 2026-06-19 CVE-2026-3195 HIGH 7.4 Red Hat Enterprise Linux 10 — A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the `virtio_snd_pc… 2026-06-19 CVE-2026-3196 MEDIUM 5.5 Red Hat Enterprise Linux 10 — An integer overflow vulnerability was found in the virtio-snd device via PCM_INFO requests from the guest. A m… 2026-06-19 CVE-2026-50559 HIGH 7.5 Quarkus — Quarkus is a Java framework for building cloud-native applications. Prior to versions 3.37.0, 3.36.3, 3.33.2.1… 2026-06-19 CVE-2026-52910 HIGH 7.8 Linux — In the Linux kernel, the following vulnerability has been resolved: bpf: Free reuseport cBPF prog after RCU g… 2026-06-19 CVE-2026-56208 HIGH 7.6 Red Hat Hardened Images — A heap buffer overflow vulnerability was found in libaom, the reference AV1 codec implementation. A flaw in th… 2026-06-19 CVE-2026-56209 HIGH 7.1 Red Hat Hardened Images — An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation. A missin… 2026-06-19 CVE-2026-56210 HIGH 7.1 Red Hat Hardened Images — A heap-buffer-overflow read vulnerability was found in libaom, the reference AV1 codec implementation. A missi… 2026-06-19 CVE-2026-56211 HIGH 7.1 Red Hat Hardened Images — A remote code execution vulnerability was found in libaom, the reference AV1 codec implementation. Insufficien… 2026-06-19 CVE-2026-11791 MEDIUM 5 Red Hat Directory Server 11 — A flaw was found in 389 Directory Server. During schema reload, the attr_syntax_swap_ht() function uncondition… 2026-06-18 CVE-2026-12505 HIGH 7.8 Red Hat Enterprise Linux 10 — A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privil… 2026-06-18 CVE-2026-45696 HIGH 8.3 Openexr — OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion … 2026-06-18 CVE-2026-8461 HIGH 8.8 Ffmpeg — An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, all… 2026-06-18 CVE-2026-12151 HIGH 7.5 Undici — Impact: The undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a mes… 2026-06-17 CVE-2026-12491 MEDIUM 4.8 Red Hat Ai Inference Server — A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises… 2026-06-17 CVE-2026-12515 MEDIUM 4.3 Red Hat Hardened Images — A flaw was found in Katello's of Red Hat Satellite. A content upload functionality where insufficient authoriz… 2026-06-17 CVE-2026-12528 MEDIUM 5.4 Red Hat Directory Server 11 — A flaw was found in 389 Directory Server in the __aclp__normalize_acltxt() function of aclparse.c. A malformed… 2026-06-17 CVE-2026-42055 CRITICAL 9.2 Nginx Open Source — NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_proxy_v2_module and ngx_http_grpc_module… 2026-06-17 CVE-2026-42530 CRITICAL 9.2 Nginx Open Source — NGINX Open Source has a vulnerability in the ngx_http_v3_module module. When NGINX Open Source is configured t… 2026-06-17 CVE-2026-47774 HIGH 7.5 Envoy — Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.35.… 2026-06-17 CVE-2026-48818 HIGH 7.5 Starlette — Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and earlier, StaticFiles on Windows is vu… 2026-06-17 CVE-2026-6734 HIGH 7.5 Undici — Impact: When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without v… 2026-06-17 CVE-2026-9697 HIGH 7.4 Undici — Impact: undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI (sock… 2026-06-17 CVE-2026-10649 HIGH 8.6 Red Hat Enterprise Linux 10 — A flaw was found in Pacemaker. An unauthenticated remote attacker can exploit an integer overflow vulnerabilit… 2026-06-16 CVE-2026-12289 HIGH 8.8 Firefox — Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152, Firefo… 2026-06-16 CVE-2026-12290 HIGH 8.1 Firefox — Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firef… 2026-06-16 CVE-2026-12291 HIGH 8.8 Firefox — Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR 140… 2026-06-16 CVE-2026-12292 HIGH 8.1 Firefox — Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 152, Firefox… 2026-06-16 CVE-2026-12293 CRITICAL 9.8 Firefox — Use-after-free in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Thunderbird … 2026-06-16 CVE-2026-12294 CRITICAL 9.6 Firefox — Sandbox escape in the DOM: Workers component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12,… 2026-06-16 CVE-2026-12295 CRITICAL 9.6 Firefox — Sandbox escape in the DOM: Navigation component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.… 2026-06-16 CVE-2026-12296 CRITICAL 9.6 Firefox — Sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Fir… 2026-06-16 CVE-2026-12297 CRITICAL 9.6 Firefox — Sandbox escape due to incorrect boundary conditions in the Networking component. This vulnerability was fixed … 2026-06-16 CVE-2026-12298 MEDIUM 5.4 Firefox — Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thund… 2026-06-16 CVE-2026-12299 MEDIUM 5.4 Firefox — JIT miscompilation in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152, Firefox ESR… 2026-06-16 CVE-2026-12326 HIGH 8.1 Firefox — Memory safety bugs present in Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory co… 2026-06-16 CVE-2026-12328 HIGH 8.1 Firefox — Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and … 2026-06-16 CVE-2026-12329 MEDIUM 5.3 Firefox — Memory safety bug fixed in Thunderbird ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12 and Thun… 2026-06-16 CVE-2026-12398 HIGH 7.5 Red Hat Ansible Automation Platform 2 — A command injection vulnerability was found in galaxy_ng. The do_git_checkout() function in the legacy role im… 2026-06-16 CVE-2026-1764 MEDIUM 5.6 Red Hat Enterprise Linux 10 — A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor. When processing spec… 2026-06-16 CVE-2026-1765 MEDIUM 5.6 Red Hat Enterprise Linux 10 — A flaw was found in the `tracker-extract-mp3` component of GNOME localsearch (previously known as tracker-mine… 2026-06-16 CVE-2026-1766 MEDIUM 5.6 Red Hat Enterprise Linux 10 — A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor, specifically within … 2026-06-16 CVE-2026-1767 MEDIUM 5.6 Red Hat Enterprise Linux 10 — A flaw was found in the GNOME localsearch (previously known as tracker-miners) MP3 Extractor `tracker-extract-… 2026-06-16 CVE-2026-2604 MEDIUM 5.6 Evolution Data Server — A flaw was found in evolution-data-server. Inconsistent comparison logic in the addressbook file backend allow…● PoC 2026-06-16 CVE-2026-42014 MEDIUM 6.6 Red Hat Enterprise Linux 10 — A flaw was found in GnuTLS. The `gnutls_pkcs11_token_set_pin` function, used for changing the Security Officer… 2026-06-16 CVE-2026-46331 HIGH 7.8 Linux — In the Linux kernel, the following vulnerability has been resolved: net/sched: fix pedit partial COW leading …● PoC 2026-06-16 CVE-2026-48779 HIGH 7.5 Ws — ws is an open source WebSocket client and server for Node.js. All versions from 1.1.0 up to (but not including… 2026-06-16 CVE-2026-4367 MEDIUM 5.5 Red Hat Hardened Images — A flaw was found in libXpm. A local user with low privileges could exploit an Out-of-Bounds Read vulnerability… 2026-06-16 CVE-2026-44188 MEDIUM 5.3 Red Hat Ansible Automation Platform 2.7 — A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows… 2026-06-15 CVE-2026-52718 MEDIUM 6.5 Red Hat Enterprise Linux 10 — A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gst_av1_pa… 2026-06-15 CVE-2026-52719 HIGH 7.1 Red Hat Enterprise Linux 10 — An out-of-bounds read vulnerability was found in the VA JPEG decoder in GStreamer's gst-plugins-bad. The JPEG … 2026-06-15 CVE-2026-52720 HIGH 8.8 Red Hat Enterprise Linux 10 — A heap buffer overflow vulnerability was found in GStreamer's librfb (RFB/VNC client). The rectangle bounds ch… 2026-06-15 CVE-2026-52721 MEDIUM 5.3 Red Hat Enterprise Linux 10 — Multiple out-of-bounds read vulnerabilities were found in GStreamer's pcapparse element. Malformed PCAP record… 2026-06-15 CVE-2026-52722 HIGH 7.1 Red Hat Enterprise Linux 10 — A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with larg… 2026-06-15 CVE-2026-53703 HIGH 7.1 Red Hat Enterprise Linux 10 — A vulnerability was found in the GStreamer RealMedia demuxer (gst-plugins-ugly). When processing a RealMedia (… 2026-06-15 CVE-2026-53704 HIGH 7.1 Red Hat Enterprise Linux 10 — A flaw was found in GStreamer's RealMedia demuxer in the gst-plugins-ugly package. When processing a RealMedia… 2026-06-15 CVE-2026-53705 HIGH 7.6 Red Hat Enterprise Linux 10 — A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted… 2026-06-15 CVE-2026-6040 MEDIUM 5.4 Libreoffice — A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position va… 2026-06-15 CVE-2026-8357 MEDIUM 5.4 Libreoffice — LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compil… 2026-06-15 CVE-2026-54228 HIGH 7.8 Red Hat Enterprise Linux 6 — A time-of-check time-of-use (TOCTOU) race condition was found in the abrt-dbus D-Bus service's SetElement meth… 2026-06-13 CVE-2026-54229 HIGH 7 Red Hat Enterprise Linux 6 — A race condition was found in the abrt-dbus D-Bus service's ChownProblemDir method. ChownProblemDir opens the … 2026-06-13 CVE-2026-54230 HIGH 7 Red Hat Enterprise Linux 6 — A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport. Event … 2026-06-13 CVE-2026-54231 MEDIUM 5.5 Red Hat Enterprise Linux 6 — A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The ev… 2026-06-13 CVE-2026-12143 HIGH 8.7 Form Data — form-data is a library for creating readable multipart/form-data streams. In versions through 4.0.5, the `fiel… 2026-06-12 CVE-2026-44168 HIGH 8 Server — MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 … 2026-06-12 CVE-2026-44170 MEDIUM 6.3 Server — MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 … 2026-06-12 CVE-2026-44172 MEDIUM 6.9 Server — MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application tha… 2026-06-12 CVE-2026-44173 MEDIUM 5 Server — MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 … 2026-06-12 CVE-2026-44893 HIGH 7.5 Netty — Netty is a network application framework for development of protocol servers and clients. In netty-codec-hapro… 2026-06-12 CVE-2026-44894 HIGH 7.5 Netty — Netty is a network application framework for development of protocol servers and clients. NoQuicTokenHandler i… 2026-06-12 CVE-2026-44990 CRITICAL 9.3 Sanitize Html — ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sa… 2026-06-12 CVE-2026-45416 HIGH 7.5 Netty — Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.… 2026-06-12 CVE-2026-45674 HIGH 8.7 Netty — Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.… 2026-06-12 CVE-2026-45830 HIGH 8.8 Chromadb — A lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project allows any authen… 2026-06-12 CVE-2026-45832 HIGH 8.8 Chromadb — All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the au… 2026-06-12 CVE-2026-45833 CRITICAL 9.4 Chromadb — A code injection vulnerability in version 0.4.17 or later of the ChromaDB Python project allows an authenticat… 2026-06-12 CVE-2026-46340 HIGH 7.5 Netty — Netty is a network application framework for development of protocol servers and clients. In versions of netty… 2026-06-12 CVE-2026-47691 HIGH 8.7 Netty — Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.… 2026-06-12 CVE-2026-48006 HIGH 8.7 Netty — Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.… 2026-06-12 CVE-2026-48043 MEDIUM 5.3 Netty — Netty is a network application framework for development of protocol servers and clients. In netty-codec-http2… 2026-06-12 CVE-2026-48059 HIGH 8.7 Netty — Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.… 2026-06-12 CVE-2026-48163 HIGH 8 Server — MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 … 2026-06-12 CVE-2026-48165 HIGH 8 Server — MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 … 2026-06-12 CVE-2026-48748 HIGH 7.5 Netty — Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2… 2026-06-12 CVE-2026-48914 MEDIUM 6.7 Red Hat Enterprise Linux 10 — A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate t… 2026-06-12 CVE-2026-49875 MEDIUM 6.5 Apache Cxf — Apache CXF's EndpointReferenceUtils and W3CMultiSchemaFactory classes construct a SAXParserFactory without the… 2026-06-12 CVE-2026-50010 HIGH 7.5 Netty — Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.… 2026-06-12 CVE-2026-50011 HIGH 7.5 Netty — Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.… 2026-06-12 CVE-2026-50627 CRITICAL 9.1 Apache Cxf — The JwtAccessTokenValidator class in Apache CXF fails to validate the 'aud' (Audience) claims of incoming JWT … 2026-06-12 CVE-2026-50628 CRITICAL 9.8 Apache Cxf — A logic error in OAuthRequestFilter rejects legitimate requests originating from the bound IP address, while b… 2026-06-12 CVE-2026-50632 HIGH 8.1 Apache Cxf — A further incomplete fix for a previous advisory CVE-2026-44417 (Untrusted JMS configuration can lead to RCE) … 2026-06-12 CVE-2026-50633 HIGH 8.1 Apache Cxf — A JNDI Injection vulnerability has been discovered in Apache CXF's JCA integration module, which can allow for… 2026-06-12 CVE-2026-11774 HIGH 7.6 Red Hat Directory Server 11 — An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server (389-ds-base). In sasl_io_sta… 2026-06-11 CVE-2026-11816 HIGH 8.1 Keras Team/Keras — Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the archive extraction utilities lo… 2026-06-11 CVE-2026-11850 MEDIUM 5 Red Hat Hardened Images — An integer underflow vulnerability was found in MIT krb5 in the berval2tl_data() function in plugins/kdb/ldap/… 2026-06-11 CVE-2026-11986 MEDIUM 4.9 Red Hat Build Of Keycloak — A flaw was found in the admin-ui-ext component of Keycloak, which provides extended administrative user interf… 2026-06-11 CVE-2026-44249 HIGH 8.1 Netty — Netty is a network application framework for development of protocol servers and clients. In netty-handler pri… 2026-06-11 CVE-2026-44250 HIGH 7.5 Netty — Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis… 2026-06-11 CVE-2026-44486 HIGH 7.5 Axios — Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’ Node.js H… 2026-06-11 CVE-2026-44487 HIGH 8.2 Axios — Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’s Node.js … 2026-06-11 CVE-2026-44488 HIGH 7.5 Axios — Axios is a promise based HTTP client for the browser and Node.js. Axios versions 1.7.0 through 1.15.x did not … 2026-06-11 CVE-2026-44492 HIGH 8.6 Axios — Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios does not n… 2026-06-11 CVE-2026-44494 HIGH 8.7 Axios — Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.16.0, the Axios libra… 2026-06-11 CVE-2026-44495 HIGH 7 Axios — Axios is a promise based HTTP client for the browser and Node.js. From 0.19.0 to before 0.31.1 and 1.15.2, Axi… 2026-06-11 CVE-2026-44496 HIGH 7.5 Axios — Axios is a promise based HTTP client for the browser and Node.js. Axios versions before 0.32.0 on the 0.x line… 2026-06-11 CVE-2026-44890 HIGH 7.5 Netty — Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis… 2026-06-11 CVE-2026-47162 HIGH 7.3 Vim — Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnera… 2026-06-11 CVE-2026-49261 CRITICAL 10 Server — MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through… 2026-06-11 CVE-2026-52860 HIGH 7.5 Vim — Vim is an open source, command line text editor. Prior to version 9.2.0597, Vim's Python omni-completion execu… 2026-06-11 CVE-2026-53701 MEDIUM 6.5 Red Hat Enterprise Linux 10 — An out-of-bounds write vulnerability was found in GStreamer's H.266/VVC PPS picture partition parser in gst-pl… 2026-06-11 CVE-2026-53702 MEDIUM 6.5 Red Hat Enterprise Linux 10 — A stack buffer overflow flaw was found in the GStreamer H.265 codec parser library (gst-plugins-bad). When par… 2026-06-11 CVE-2026-5497 HIGH 7.5 Vllm Project/Vllm — vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory (OOM) Denial of Service (DoS) attack due to u… 2026-06-11 CVE-2026-10143 HIGH 8.7 Kafka Python — kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in SCRAM authentication handling that a… 2026-06-10 CVE-2026-11837 HIGH 7.3 Red Hat Enterprise Linux 10 — A local privilege escalation vulnerability was found in the ansible.posix authorized_key module. The module's … 2026-06-10 CVE-2026-11884 MEDIUM 6.5 Red Hat Directory Server 11 — A heap buffer overflow flaw was found in 389 Directory Server. When serializing objectclass definitions, the o… 2026-06-10 CVE-2026-2049 HIGH 7.8 Gimp — GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allow… 2026-06-10 CVE-2026-45031 MEDIUM 5.3 Imagemagick — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versio… 2026-06-10 CVE-2026-45359 MEDIUM 5.7 Imagemagick — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versio… 2026-06-10 CVE-2026-45664 MEDIUM 5.3 Imagemagick — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versio… 2026-06-10 CVE-2026-46520 HIGH 7.5 Imagemagick — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versio… 2026-06-10 CVE-2026-46522 HIGH 7.5 Imagemagick — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versio…● PoC 2026-06-10 CVE-2026-46523 MEDIUM 6.2 Imagemagick — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versio… 2026-06-10 CVE-2026-46529 HIGH 8.4 Atril — Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click… 2026-06-10 CVE-2026-46625 HIGH 7.5 Js Cookie — JavaScript Cookie is a JavaScript API for handling cookies, client-side. Prior to version 3.0.7, js-cookie's i… 2026-06-10 CVE-2026-49218 HIGH 7.5 Imagemagick — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versio… 2026-06-10 CVE-2026-49759 HIGH 8.8 Otp — Stack-based Buffer Overflow vulnerability in Erlang OTP erts (inet_drv) allows an unauthenticated remote attac… 2026-06-10 CVE-2026-53435 HIGH 8.8 Jenkins — In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attackers to have Jenkins deserializ… 2026-06-10 CVE-2026-53437 MEDIUM 4.3 Jenkins — Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is le… 2026-06-10 CVE-2026-53460 HIGH 7.5 Imagemagick — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versio… 2026-06-10 CVE-2026-53461 HIGH 7.5 Imagemagick — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versio… 2026-06-10 CVE-2026-6893 HIGH 7.5 Red Hat Enterprise Linux 10 — A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by provid… 2026-06-10 CVE-2026-11785 MEDIUM 4.3 Red Hat Directory Server 11 — A flaw was found in 389 Directory Server. A type confusion in the SSO token extended operation handler causes … 2026-06-09 CVE-2026-11786 LOW 1.9 Red Hat Directory Server 11 — A flaw was found in 389 Directory Server. The LDIF parser reads past the end of a heap buffer when processing … 2026-06-09 CVE-2026-11787 MEDIUM 5 Red Hat Directory Server 11 — A flaw was found in 389 Directory Server. The ldap_utf8prev() function reads bytes before the start of a buffe… 2026-06-09 CVE-2026-11788 MEDIUM 5.9 Red Hat Directory Server 11 — A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure… 2026-06-09 CVE-2026-11789 MEDIUM 4.9 Red Hat Directory Server 11 — A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer underflow… 2026-06-09 CVE-2026-11790 MEDIUM 4.9 Red Hat Directory Server 11 — A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password storage plugin does not enforce an upper … 2026-06-09 CVE-2026-11792 LOW 3.3 Red Hat Directory Server 11 — A heap buffer overflow flaw was found in 389 Directory Server. When audit logging is enabled, the create_maske… 2026-06-09 CVE-2026-11793 MEDIUM 4.9 Red Hat Directory Server 11 — A stack buffer overflow flaw was found in 389 Directory Server. The checkPrefix() function in pw.c copies an a… 2026-06-09 CVE-2026-40983 HIGH 7.5 Micrometer — In Micrometer, it is possible for a user to provide specially crafted gRPC requests that may cause a denial-of… 2026-06-09 CVE-2026-40984 HIGH 7.5 Micrometer — In Micrometer, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of… 2026-06-09 CVE-2026-41731 HIGH 8.1 Spring For Apache Kafka — JsonKafkaHeaderMapper and the deprecated DefaultKafkaHeaderMapper matched type headers against trusted package… 2026-06-09 CVE-2026-42570 HIGH 7.5 Devalue — Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficien… 2026-06-09 CVE-2026-42573 MEDIUM 5.3 Svelte — Svelte is a performance oriented web framework. Prior to version 5.55.7, Svelte was vulnerable to DOM clobberi… 2026-06-09 CVE-2026-45447 HIGH 8.8 Openssl — Issue summary: A specially crafted PKCS#7 or S/MIME signed message could trigger a use-after-free during PKCS#… 2026-06-09 CVE-2026-45490 HIGH 7.8 .Net 10.0 — Improper authorization in .NET allows an authorized attacker to elevate privileges locally. 2026-06-09 CVE-2026-45591 HIGH 7.5 .Net 10.0 — Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a netwo… 2026-06-09 CVE-2026-46316 CRITICAL 9.3 Linux — In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the translatio… 2026-06-09 CVE-2026-46323 HIGH 7.8 Linux — In the Linux kernel, the following vulnerability has been resolved: net: gro: don't merge zcopy skbs skb_gro… 2026-06-09 CVE-2026-52902 MEDIUM 4.7 Red Hat Ansible Automation Platform 2 — A path traversal vulnerability was found in awxkit, the CLI tool for AWX. The YAML !include directive does not… 2026-06-09 CVE-2026-9698 HIGH 7.5 Dbi — DBI versions before 1.648 for Perl saved errors in a limited-sized buffer. Error messages that were returned … 2026-06-09 CVE-2025-10263 CRITICAL 9.1 C1 Ultra — Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925,… 2026-06-09 CVE-2025-71319 HIGH 8.7 Image Size — image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanentl…● PoC 2026-06-09 CVE-2026-11569 MEDIUM 5.4 Red Hat Quay 3 — A flaw was found in Quay. The filedrop endpoint accepts any mime type without validation, allowing an authenti… 2026-06-08 CVE-2026-11577 HIGH 7.2 Red Hat Build Of Keycloak — A flaw was found in Keycloak. A limited administrator can exploit an improper access control vulnerability in … 2026-06-08 CVE-2026-11611 MEDIUM 6.5 Red Hat Directory Server 11 — A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounde… 2026-06-08 CVE-2026-34355 HIGH 7.5 Apache Http Server — A buffer overflow in mod_proxy_html in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted … 2026-06-08 CVE-2026-3238 HIGH 7.5 Red Hat Enterprise Linux 10 — A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The W… 2026-06-08 CVE-2026-42536 HIGH 7.5 Apache Http Server — Heap-based Buffer Overflow vulnerability in Apache HTTP Server with mod_xml2enc, xml2StartParse, and untrusted… 2026-06-08