Red Hat
300 CVEsCVE IDSeverityProduct / summaryPublished
CVE-2026-14258
MEDIUM 6.5
Red Hat Enterprise Linux 10 — A flaw was found in dhcpcd's IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6…
2026-07-01
CVE-2026-14324
MEDIUM 6.5
Red Hat Enterprise Linux 10 — RAOP module accepts unbounded Content-Length values and does not check the pw_array_add() return.
2026-07-01
CVE-2026-14330
MEDIUM 5.5
Red Hat Enterprise Linux 10 — Multiple unbounded alloca() calls in the PulseAudio protocol server.
2026-07-01
CVE-2026-23537
CRITICAL 9.1
Feast Feature Server — A vulnerability has been identified in the Feast Feature Server’s `/save-document` endpoint that allows an una…
2026-07-01
CVE-2026-5135
MEDIUM 6.5
Red Hat Satellite 6.16 For Rhel 8 — A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-e…
2026-07-01
CVE-2026-5136
HIGH 8.8
Red Hat Satellite 6.16 For Rhel 8 — A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments agains…
2026-07-01
CVE-2026-5138
MEDIUM 4.3
Red Hat Satellite 6.16 For Rhel 8 — A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant inf…
2026-07-01
CVE-2026-5142
MEDIUM 6.5
Red Hat Satellite 6.16 For Rhel 8 — A flaw was found in foreman. Authenticated users with 'view_keypairs' permission can bypass taxonomy scoping, …
2026-07-01
CVE-2026-12388
MEDIUM 6.5
Red Hat Build Of Keycloak — A flaw was found in the Identity Provider (IdP) mapper component of Keycloak, which is used to manage how user…
2026-06-30
CVE-2026-12610
MEDIUM 6.4
Red Hat Enterprise Linux 10 — A flaw was found in sssd. When authenticating with a YubiKey, the SSSD PAM responder can crash due to a use-af…
2026-06-30
CVE-2026-13316
MEDIUM 4.4
Red Hat Satellite 6 — A flaw has been found in foreman when HTTP parameters are modified in http_proxies_controller and http_proxy f…
2026-06-30
CVE-2026-14164
HIGH 7.5
Red Hat Hardened Images — A double free issue has been identified in libarchive's RAR5 reader. During parsing of a specially crafted RAR…
2026-06-30
CVE-2026-14209
MEDIUM 4.3
Red Hat Build Of Keycloak — A vulnerability was discovered in Keycloak's Admin UI extension that allows certain administrative users to by…
2026-06-30
CVE-2026-4629
MEDIUM 6.5
Red Hat Build Of Keycloak — A flaw was found in Keycloak. A highly privileged user with `manage-clients` permission can exploit this vulne…
2026-06-30
CVE-2026-58010
MEDIUM 6.5
Glib — A flaw was found in GLib. An off-by-one error can occur in the gvs_tuple_is_normal function in the glib/gvaria…
2026-06-30
CVE-2026-58011
MEDIUM 6.5
Glib — A flaw was found in GLib. An out-of-bounds read of only 2 bytes can occur in the g_date_time_get_ymd function …● PoC
2026-06-30
CVE-2026-58012
MEDIUM 6.5
Glib — A flaw was found in GLib. A buffer over-read can occur in the g_regex_replace function when used with the `G_R…
2026-06-30
CVE-2026-58013
MEDIUM 6.5
Glib — A flaw was found in GLib. A buffer over-read can occur in g_io_channel_read_line_backend() in the giochannel.c…
2026-06-30
CVE-2026-58014
HIGH 7.3
Glib — A flaw was found in GLib. An off-by-one error can occur in the g_key_file_get_locale_string_list function in t…
2026-06-30
CVE-2026-58015
MEDIUM 5.9
Glib — A flaw was found in GLib. The D-Bus client-side implementation of the DBUS_COOKIE_SHA1 SASL authentication mec…
2026-06-30
CVE-2026-58016
HIGH 7.5
Glib — A flaw was found in GLib. A state confusion issue exists in g_dbus_node_info_new_for_xml() in the gio/gdbusint…
2026-06-30
CVE-2026-12856
HIGH 8.8
Red Hat Openshift Dev Spaces — A flaw was found in the vscode-java extension, which provides Java language support for Visual Studio Code. Th…
2026-06-29
CVE-2026-12912
HIGH 7.3
Red Hat Enterprise Linux 10 — A flaw was found in libtiff. A remote attacker could exploit this vulnerability by providing a specially craft…
2026-06-29
CVE-2026-13595
MEDIUM 6.8
Red Hat Hardened Images — A flaw was found in the libblkid library of util-linux. During nested partition probing, the BSD, Minix, Solar…
2026-06-29
CVE-2026-13601
HIGH 7.1
Red Hat Enterprise Linux 6 — A flaw was found in Yelp due to an overly permissive Content Security Policy (CSP) implementation provided by …
2026-06-29
CVE-2026-13676
HIGH 7.5
Fast Uri — fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode (IDN) hostnames for HTTP-family U…
2026-06-29
CVE-2026-13757
MEDIUM 6.2
Red Hat Enterprise Linux 10 — A flaw was found in p11-kit. The RPC message attribute parsing functions p11_rpc_message_get_attribute() and p…
2026-06-29
CVE-2026-54369
HIGH 8.4
Acl — acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions acl…
2026-06-29
CVE-2026-54371
HIGH 8.4
Attr — attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr utilities th…
2026-06-29
CVE-2026-57965
MEDIUM 5.1
Red Hat Enterprise Linux 10 — A flaw was found in spice-vdagent. A malicious or compromised SPICE host can trigger an integer overflow by se…
2026-06-29
CVE-2026-57966
MEDIUM 4.4
Red Hat Enterprise Linux 10 — A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE h…
2026-06-29
CVE-2026-58049
HIGH 8.8
Ffmpeg — FFmpeg's RASC video decoder (decode_dlta in libavcodec/rasc.c) performs 32-bit reads and writes at the row cur…● PoC
2026-06-28
CVE-2026-13322
LOW 3.8
Red Hat Openshift Virtualization 4 — A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using te…
2026-06-26
CVE-2026-13325
HIGH 8.5
Red Hat Openshift Virtualization 4 — A flaw was found in KubeVirt's migration proxy. When spec.configuration.migrations.disableTLS is set to true o…
2026-06-26
CVE-2026-13434
MEDIUM 4.9
Red Hat Openshift Virtualization 4 — A flaw was found in KubeVirt's network annotation generator. When a tenant creates a VirtualMachineInstance wi…
2026-06-26
CVE-2026-47220
HIGH 7.5
Envoy — Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.…
2026-06-26
CVE-2026-48933
HIGH 7.5
Node — A flaw in Node.js WebCrypto implementation can crash the process if the input of `subtle.encrypt()` is a multi…
2026-06-26
CVE-2026-53281
HIGH 8.8
Linux — In the Linux kernel, the following vulnerability has been resolved:
iommu/vt-d: Avoid NULL pointer dereferenc…
2026-06-26
CVE-2026-53322
HIGH 8.8
Linux — In the Linux kernel, the following vulnerability has been resolved:
vfio/pci: Clean up DMABUFs before disabli…
2026-06-26
CVE-2026-57915
HIGH 7.3
Apache Kerby — It is possible to bypass the Kerberos pre-authentication check in Apache Kerby by sending a PA-DATA with an un…
2026-06-26
CVE-2026-11800
HIGH 8.1
Red Hat Build Of Keycloak 26.6 — A flaw was found in Keycloak. This JWT algorithm confusion vulnerability in the JWT Authorization Grant flow a…
2026-06-25
CVE-2026-12975
HIGH 8.5
Red Hat Build Of Apicurio Registry 3 — A flaw was found in Apicurio Registry. The ContentTypeUtil.isParsableXml() method creates a SAXParserFactory w…
2026-06-25
CVE-2026-12992
HIGH 7.4
Red Hat Build Of Apicurio Registry 3 — A flaw was found in Apicurio Registry. The WSDLReaderAccessor creates a wsdl4j WSDLReader without disabling th…
2026-06-25
CVE-2026-12993
MEDIUM 6.5
Red Hat Build Of Apicurio Registry 3 — A flaw was found in Apicurio Registry. The DocumentBuilderAccessor correctly blocks external DTD and schema ac…
2026-06-25
CVE-2026-13083
MEDIUM 6.9
Pen Drive Powered By Red Hat Lightspeed — A flaw was found in the Pen Drive report generator. Cluster-sourced data is rendered into HTML reports without…
2026-06-25
CVE-2026-13218
MEDIUM 4.2
Red Hat Openshift Virtualization 4 — A flaw was found in KubeVirt's virt-handler network cache handling. The WriteToCachedFile function writes data…
2026-06-25
CVE-2026-13318
MEDIUM 6.4
Red Hat Openshift Virtualization 4 — A server-side request forgery (SSRF) flaw was found in KubeVirt's virt-api port-forward handler. When processi…
2026-06-25
CVE-2026-53143
HIGH 7
Linux — In the Linux kernel, the following vulnerability has been resolved:
drm/amdkfd: Fix buffer overflow in SDMA q…
2026-06-25
CVE-2026-53145
HIGH 7.8
Linux — In the Linux kernel, the following vulnerability has been resolved:
drm/gem: Try to fix change_handle ioctl, …
2026-06-25
CVE-2026-53148
HIGH 7
Linux — In the Linux kernel, the following vulnerability has been resolved:
thunderbolt: Clamp XDomain response data …
2026-06-25
CVE-2026-53153
HIGH 7.8
Linux — In the Linux kernel, the following vulnerability has been resolved:
mm/list_lru: drain before clearing xarray…
2026-06-25
CVE-2026-53175
CRITICAL 9.8
Linux — In the Linux kernel, the following vulnerability has been resolved:
inet: frags: fix use-after-free caused by…
2026-06-25
CVE-2026-53176
CRITICAL 9.8
Linux — In the Linux kernel, the following vulnerability has been resolved:
IB/isert: Reject login PDUs shorter than …
2026-06-25
CVE-2026-53185
HIGH 7.8
Linux — In the Linux kernel, the following vulnerability has been resolved:
zram: fix use-after-free in zram_bvec_wri…
2026-06-25
CVE-2026-53194
HIGH 7.8
Linux — In the Linux kernel, the following vulnerability has been resolved:
USB: serial: kl5kusb105: fix bulk-out buf…
2026-06-25
CVE-2026-53196
MEDIUM 6.8
Linux — In the Linux kernel, the following vulnerability has been resolved:
USB: serial: io_ti: fix heap overflow in …
2026-06-25
CVE-2026-53202
HIGH 7.8
Linux — In the Linux kernel, the following vulnerability has been resolved:
accel/ivpu: Fix signed integer truncation…
2026-06-25
CVE-2026-53203
HIGH 7.1
Linux — In the Linux kernel, the following vulnerability has been resolved:
accel/ivpu: Add buffer overflow check in …
2026-06-25
CVE-2026-53277
HIGH 8.8
Linux — In the Linux kernel, the following vulnerability has been resolved:
KVM: arm64: Take the SRCU lock for page t…
2026-06-25
CVE-2026-9083
MEDIUM 4.9
Red Hat Build Of Keycloak 26.4 — A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vulnerabilit…
2026-06-25
CVE-2026-9086
HIGH 7.3
Red Hat Build Of Keycloak 26.4 — A flaw was found in Keycloak. A remote attacker with administrative privileges, specifically those with `manag…
2026-06-25
CVE-2026-9099
HIGH 7.7
Red Hat Build Of Keycloak 26.4 — A flaw was found in Keycloak. A missing authorization check in the GroupResource.addChild() endpoint within th…
2026-06-25
CVE-2026-9705
MEDIUM 6.5
Red Hat Build Of Keycloak 26.4 — A flaw was found in Keycloak's client registration service. A remote attacker, possessing a previously issued …
2026-06-25
CVE-2026-9799
MEDIUM 4.6
Red Hat Build Of Keycloak 26.4 — A flaw was found in org.keycloak.authorization. An authenticated user with a granted User-Managed Access (UMA)…
2026-06-25
CVE-2026-9800
HIGH 8.1
Red Hat Build Of Keycloak 26.4 — A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all a…
2026-06-25
CVE-2026-11998
HIGH 7.6
Angularjs — A flaw in AngularJS' Strict Contextual Escaping (SCE) logic allows bypassing certain SCE policies for resource…● PoC
2026-06-24
CVE-2026-13201
HIGH 7.3
Red Hat Openshift Virtualization 4 — A flaw was found in KubeVirt's safepath package used by virt-handler. The OpenAtNoFollow function uses O_PATH|…
2026-06-24
CVE-2026-13208
MEDIUM 6.5
Red Hat Openshift Virtualization 4 — A flaw was found in KubeVirt's virt-handler domain notify server. The gRPC handlers for HandleDomainEvent and …
2026-06-24
CVE-2026-2050
HIGH 7.8
Gimp — GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allow…
2026-06-24
CVE-2026-44016
HIGH 8.2
Docling — Docling simplifies document processing by parsing diverse formats and providing integrations with the generati…
2026-06-24
CVE-2026-44017
HIGH 7.5
Docling — Docling simplifies document processing by parsing diverse formats and providing integrations with the generati…
2026-06-24
CVE-2026-44020
HIGH 7.5
Docling — Docling simplifies document processing by parsing diverse formats and providing integrations with the generati…
2026-06-24
CVE-2026-49851
HIGH 8.7
Mistune — Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Mistune is vulnerable to a CPU…
2026-06-24
CVE-2026-49980
CRITICAL 9.8
Rclone — Rclone is a command-line program to sync files and directories to and from different cloud storage providers. …
2026-06-24
CVE-2026-52923
HIGH 7.8
Linux — In the Linux kernel, the following vulnerability has been resolved:
ipc: limit next_id allocation to the vali…
2026-06-24
CVE-2026-52924
CRITICAL 9.8
Linux — In the Linux kernel, the following vulnerability has been resolved:
sctp: purge outqueue on stale COOKIE-ECHO…
2026-06-24
CVE-2026-52943
HIGH 7.8
Linux — In the Linux kernel, the following vulnerability has been resolved:
net: skbuff: fix missing zerocopy referen…
2026-06-24
CVE-2026-52950
HIGH 7.8
Linux — In the Linux kernel, the following vulnerability has been resolved:
drm/xe/dma-buf: fix UAF with retry loop
…
2026-06-24
CVE-2026-52951
HIGH 7.8
Linux — In the Linux kernel, the following vulnerability has been resolved:
drm/xe/dma-buf: handle empty bo and UAF r…
2026-06-24
CVE-2026-52952
HIGH 8.8
Linux — In the Linux kernel, the following vulnerability has been resolved:
iommu: Fix WARN_ON in __iommu_group_set_d…
2026-06-24
CVE-2026-52955
CRITICAL 9.8
Linux — In the Linux kernel, the following vulnerability has been resolved:
libceph: Fix potential out-of-bounds acce…
2026-06-24
CVE-2026-52969
HIGH 7
Linux — In the Linux kernel, the following vulnerability has been resolved:
KVM: Reject wrapped offset in kvm_reset_d…
2026-06-24
CVE-2026-52972
HIGH 7
Linux — In the Linux kernel, the following vulnerability has been resolved:
crypto: af_alg - Cap AEAD AD length to 0x…
2026-06-24
CVE-2026-52973
HIGH 7.8
Linux — In the Linux kernel, the following vulnerability has been resolved:
futex: Drop CLONE_THREAD requirement for …
2026-06-24
CVE-2026-52976
HIGH 7.8
Linux — In the Linux kernel, the following vulnerability has been resolved:
drm/xe: Fix error cleanup in xe_exec_queu…
2026-06-24
CVE-2026-52987
HIGH 7.8
Linux — In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: avoid double drm_exec_fini() …
2026-06-24
CVE-2026-52989
CRITICAL 9.8
Linux — In the Linux kernel, the following vulnerability has been resolved:
nvmet-tcp: propagate nvmet_tcp_build_pdu_…
2026-06-24
CVE-2026-52991
HIGH 7.8
Linux — In the Linux kernel, the following vulnerability has been resolved:
sched/psi: fix race between file release …
2026-06-24
CVE-2026-52993
CRITICAL 9.8
Linux — In the Linux kernel, the following vulnerability has been resolved:
tipc: fix double-free in tipc_buf_append(…
2026-06-24
CVE-2026-53000
HIGH 7.8
Linux — In the Linux kernel, the following vulnerability has been resolved:
netfilter: nat: use kfree_rcu to release …
2026-06-24
CVE-2026-53002
CRITICAL 9.8
Linux — In the Linux kernel, the following vulnerability has been resolved:
netfilter: conntrack: remove sprintf usag…
2026-06-24
CVE-2026-53006
CRITICAL 9.8
Linux — In the Linux kernel, the following vulnerability has been resolved:
ipv6: fix possible UAF in icmpv6_rcv()
C…
2026-06-24
CVE-2026-53009
HIGH 7.8
Linux — In the Linux kernel, the following vulnerability has been resolved:
ice: fix double-free of tx_buf skb
If ic…
2026-06-24
CVE-2026-53016
HIGH 7.8
Linux — In the Linux kernel, the following vulnerability has been resolved:
crypto: ccp - copy IV using skcipher ivsi…
2026-06-24
CVE-2026-53033
HIGH 7.8
Linux — In the Linux kernel, the following vulnerability has been resolved:
bpf, sockmap: Take state lock for af_unix…
2026-06-24
CVE-2026-53059
HIGH 7
Linux — In the Linux kernel, the following vulnerability has been resolved:
dm log: fix out-of-bounds write due to re…
2026-06-24
CVE-2026-53071
HIGH 8.8
Linux — In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: l2cap: Add missing chan lock i…
2026-06-24
CVE-2026-53081
HIGH 7.8
Linux — In the Linux kernel, the following vulnerability has been resolved:
bpf: Enforce regsafe base id consistency …
2026-06-24
CVE-2026-53085
HIGH 7.8
Linux — In the Linux kernel, the following vulnerability has been resolved:
bpf: fix mm lifecycle in open-coded task_…
2026-06-24
CVE-2026-53090
HIGH 7.8
Linux — In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix ld_{abs,ind} failure path analys…
2026-06-24
CVE-2026-53091
HIGH 8.4
Linux — In the Linux kernel, the following vulnerability has been resolved:
net: pull headers in qdisc_pkt_len_segs_i…
2026-06-24
CVE-2026-53092
HIGH 7.8
Linux — In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix linked reg delta tracking when s…
2026-06-24
CVE-2026-54297
HIGH 7.5
Faraday — Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. From …
2026-06-24
CVE-2026-56121
CRITICAL 9.3
Feast — Feast before 0.63.0 contains an unsafe deserialization vulnerability that allows unauthenticated or unauthoriz…● PoC
2026-06-24
CVE-2026-57281
HIGH 7.5
Jenkins Script Security Plugin — Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not reject Groovy AST transformation annota…
2026-06-24
CVE-2026-10609
MEDIUM 6.8
Logging Subsystem For Red Hat Openshift — A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and for…
2026-06-23
CVE-2026-11807
CRITICAL 9.6
Red Hat Ansible Automation Platform 2.5 For Rhel 8 — A missing authorization vulnerability was found in the Event-Driven Ansible (EDA) websocket API. The /api/eda/…
2026-06-23
CVE-2026-11819
MEDIUM 5.5
Red Hat Enterprise Linux 10 — Module: plugins/modules/keyring_info.py
CVSS 3.1: 5.5 MEDIUM — AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Issue: …● PoC
2026-06-23
CVE-2026-11820
MEDIUM 6.5
Red Hat Enterprise Linux 10 — A flaw was found in the community.general Ansible collection's nexmo module.
The module constructs HTTP reques…
2026-06-23
CVE-2026-12112
HIGH 7.8
Red Hat Satellite 6.19 — A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauth…
2026-06-23
CVE-2026-12891
MEDIUM 4.3
Red Hat Enterprise Linux 10 — A flaw was found in the GStreamer gst-plugins-bad package. When processing a malformed H.266/VVC video stream …
2026-06-23
CVE-2026-12892
MEDIUM 4.4
Red Hat Enterprise Linux 10 — A flaw was found in GStreamer's gst-plugins-bad package. When processing a specially crafted H.264 video file …
2026-06-23
CVE-2026-12969
MEDIUM 5.3
Red Hat Enterprise Linux 10 — An out-of-bounds read vulnerability exists in dnsmasq's find_soa() function in src/rfc1035.c. When parsing NS …
2026-06-23
CVE-2026-48020
HIGH 7.8
Traefik — Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.48, 3.6.19, and 3.7.3, there is a high sever…
2026-06-23
CVE-2026-48491
HIGH 7.8
Traefik — Traefik is an HTTP reverse proxy and load balancer. From 3.7.0 until 3.7.3, there is a high severity vulnerabi…
2026-06-23
CVE-2026-52845
HIGH 8.1
Caddy — Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, forward_auth copy_headers de…
2026-06-23
CVE-2026-53622
HIGH 7.8
Traefik — Traefik is an HTTP reverse proxy and load balancer. Prior to 3.7.3, there is a critical vulnerability in Traef…
2026-06-23
CVE-2026-54513
HIGH 8.1
Jackson Databind — jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Proce…
2026-06-23
CVE-2026-55653
MEDIUM 4.3
Red Hat Enterprise Linux 10 — A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hell…
2026-06-23
CVE-2026-55654
LOW 3.7
Red Hat Enterprise Linux 10 — A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds read, occurs during the cleanup of GSSAP…
2026-06-23
CVE-2026-55655
MEDIUM 5
Red Hat Enterprise Linux 10 — A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 f…
2026-06-23
CVE-2026-56379
N/A 0
Imagemagick — ImageMagick before 7.1.2-15 and 6.9.13-40 contains a command injection vulnerability in the SVG decoder that a…
2026-06-23
CVE-2026-9073
MEDIUM 6.2
Red Hat Satellite 6.19 — A flaw was found in foreman-mcp-server. This component utilizes two distinct logging mechanisms that can expos…
2026-06-23
CVE-2025-61018
HIGH 7.5
Red Hat Enterprise Linux 7 — An issue in the sqlo_place_dt_set component of openlink virtuoso-opensource v7.2.11 allows attackers to cause …
2026-06-23
CVE-2025-61020
HIGH 7.5
Red Hat Enterprise Linux 7 — An issue in the sqlo_strip_in_join component of openlink virtuoso-opensource v7.2.11 allows attackers to cause…
2026-06-23
CVE-2025-61023
HIGH 7.5
Red Hat Enterprise Linux 7 — An issue in the st_compare component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denia…
2026-06-23
CVE-2025-61028
HIGH 7.5
Red Hat Enterprise Linux 7 — An issue in the time_t_to_dt component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Den…
2026-06-23
CVE-2026-12549
MEDIUM 4.8
Red Hat Enterprise Linux 10 — The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks w…
2026-06-22
CVE-2026-12725
MEDIUM 5.9
Red Hat Enterprise Linux 10 — A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and
query logging are both enabled, …
2026-06-22
CVE-2026-41523
HIGH 7.5
Vllm — vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.0, an assert-based sec…
2026-06-22
CVE-2026-44727
CRITICAL 9.3
Jupyter Server — Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handlers in jupy…
2026-06-22
CVE-2026-46417
HIGH 8.8
Angular — Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript…
2026-06-22
CVE-2026-48746
CRITICAL 9.1
Vllm — vLLM is an inference and serving engine for large language models (LLMs). From 0.3.0 until 0.22.0, a vulnerabi…
2026-06-22
CVE-2026-49468
CRITICAL 9.5
Litellm — LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.84.0, This v…
2026-06-22
CVE-2026-50556
HIGH 8.6
Angular — Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript…
2026-06-22
CVE-2026-54099
HIGH 8.8
Red Hat Openshift Container Platform 4 — A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform. The W…
2026-06-22
CVE-2026-54100
HIGH 8.3
Red Hat Openshift Container Platform 4 — A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform. WMCO …
2026-06-22
CVE-2026-54293
HIGH 7.5
Nltk — NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting …
2026-06-22
CVE-2026-12773
MEDIUM 6.9
Litellm — A weakness has been identified in BerriAI litellm up to 1.59.8. Affected is the function UserAPIKeyAuth of the…● PoC
2026-06-21
CVE-2026-56340
HIGH 8.7
Vllm — vLLM versions >= 0.10.2 and < 0.13.0 are missing sparse tensor validation in multimodal embeddings processing.…
2026-06-20
CVE-2026-12706
MEDIUM 6.5
Red Hat Enterprise Linux Ai (Rhel Ai) 3 — A use-after-free vulnerability was found in FFmpeg's RASC video decoder. The decode_move() function initialize…
2026-06-19
CVE-2026-12726
MEDIUM 6.3
Red Hat Ansible Automation Platform 2 — A flaw was found in the AWX GitHub webhook integration. When processing GitHub pull_request webhooks, the cont…
2026-06-19
CVE-2026-3195
HIGH 7.4
Red Hat Enterprise Linux 10 — A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the `virtio_snd_pc…
2026-06-19
CVE-2026-3196
MEDIUM 5.5
Red Hat Enterprise Linux 10 — An integer overflow vulnerability was found in the virtio-snd device via PCM_INFO requests from the guest. A m…
2026-06-19
CVE-2026-50559
HIGH 7.5
Quarkus — Quarkus is a Java framework for building cloud-native applications. Prior to versions 3.37.0, 3.36.3, 3.33.2.1…
2026-06-19
CVE-2026-52910
HIGH 7.8
Linux — In the Linux kernel, the following vulnerability has been resolved:
bpf: Free reuseport cBPF prog after RCU g…
2026-06-19
CVE-2026-56208
HIGH 7.6
Red Hat Hardened Images — A heap buffer overflow vulnerability was found in libaom, the reference AV1 codec implementation. A flaw in th…
2026-06-19
CVE-2026-56209
HIGH 7.1
Red Hat Hardened Images — An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation. A missin…
2026-06-19
CVE-2026-56210
HIGH 7.1
Red Hat Hardened Images — A heap-buffer-overflow read vulnerability was found in libaom, the reference AV1 codec implementation. A missi…
2026-06-19
CVE-2026-56211
HIGH 7.1
Red Hat Hardened Images — A remote code execution vulnerability was found in libaom, the reference AV1 codec implementation. Insufficien…
2026-06-19
CVE-2026-11791
MEDIUM 5
Red Hat Directory Server 11 — A flaw was found in 389 Directory Server. During schema reload, the attr_syntax_swap_ht() function uncondition…
2026-06-18
CVE-2026-12505
HIGH 7.8
Red Hat Enterprise Linux 10 — A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privil…
2026-06-18
CVE-2026-45696
HIGH 8.3
Openexr — OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion …
2026-06-18
CVE-2026-8461
HIGH 8.8
Ffmpeg — An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, all…
2026-06-18
CVE-2026-12151
HIGH 7.5
Undici — Impact:
The undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a mes…
2026-06-17
CVE-2026-12491
MEDIUM 4.8
Red Hat Ai Inference Server — A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises…
2026-06-17
CVE-2026-12515
MEDIUM 4.3
Red Hat Hardened Images — A flaw was found in Katello's of Red Hat Satellite. A content upload functionality where insufficient authoriz…
2026-06-17
CVE-2026-12528
MEDIUM 5.4
Red Hat Directory Server 11 — A flaw was found in 389 Directory Server in the __aclp__normalize_acltxt() function of aclparse.c. A malformed…
2026-06-17
CVE-2026-42055
CRITICAL 9.2
Nginx Open Source — NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_proxy_v2_module and ngx_http_grpc_module…
2026-06-17
CVE-2026-42530
CRITICAL 9.2
Nginx Open Source — NGINX Open Source has a vulnerability in the ngx_http_v3_module module. When NGINX Open Source is configured t…
2026-06-17
CVE-2026-47774
HIGH 7.5
Envoy — Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.35.…
2026-06-17
CVE-2026-48818
HIGH 7.5
Starlette — Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and earlier, StaticFiles on Windows is vu…
2026-06-17
CVE-2026-6734
HIGH 7.5
Undici — Impact:
When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without v…
2026-06-17
CVE-2026-9697
HIGH 7.4
Undici — Impact:
undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI (sock…
2026-06-17
CVE-2026-10649
HIGH 8.6
Red Hat Enterprise Linux 10 — A flaw was found in Pacemaker. An unauthenticated remote attacker can exploit an integer overflow vulnerabilit…
2026-06-16
CVE-2026-12289
HIGH 8.8
Firefox — Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152, Firefo…
2026-06-16
CVE-2026-12290
HIGH 8.1
Firefox — Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firef…
2026-06-16
CVE-2026-12291
HIGH 8.8
Firefox — Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR 140…
2026-06-16
CVE-2026-12292
HIGH 8.1
Firefox — Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 152, Firefox…
2026-06-16
CVE-2026-12293
CRITICAL 9.8
Firefox — Use-after-free in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Thunderbird …
2026-06-16
CVE-2026-12294
CRITICAL 9.6
Firefox — Sandbox escape in the DOM: Workers component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12,…
2026-06-16
CVE-2026-12295
CRITICAL 9.6
Firefox — Sandbox escape in the DOM: Navigation component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.…
2026-06-16
CVE-2026-12296
CRITICAL 9.6
Firefox — Sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Fir…
2026-06-16
CVE-2026-12297
CRITICAL 9.6
Firefox — Sandbox escape due to incorrect boundary conditions in the Networking component. This vulnerability was fixed …
2026-06-16
CVE-2026-12298
MEDIUM 5.4
Firefox — Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thund…
2026-06-16
CVE-2026-12299
MEDIUM 5.4
Firefox — JIT miscompilation in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152, Firefox ESR…
2026-06-16
CVE-2026-12326
HIGH 8.1
Firefox — Memory safety bugs present in Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory co…
2026-06-16
CVE-2026-12328
HIGH 8.1
Firefox — Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and …
2026-06-16
CVE-2026-12329
MEDIUM 5.3
Firefox — Memory safety bug fixed in Thunderbird ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12 and Thun…
2026-06-16
CVE-2026-12398
HIGH 7.5
Red Hat Ansible Automation Platform 2 — A command injection vulnerability was found in galaxy_ng. The do_git_checkout() function in the legacy role im…
2026-06-16
CVE-2026-1764
MEDIUM 5.6
Red Hat Enterprise Linux 10 — A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor. When processing spec…
2026-06-16
CVE-2026-1765
MEDIUM 5.6
Red Hat Enterprise Linux 10 — A flaw was found in the `tracker-extract-mp3` component of GNOME localsearch (previously known as tracker-mine…
2026-06-16
CVE-2026-1766
MEDIUM 5.6
Red Hat Enterprise Linux 10 — A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor, specifically within …
2026-06-16
CVE-2026-1767
MEDIUM 5.6
Red Hat Enterprise Linux 10 — A flaw was found in the GNOME localsearch (previously known as tracker-miners) MP3 Extractor `tracker-extract-…
2026-06-16
CVE-2026-2604
MEDIUM 5.6
Evolution Data Server — A flaw was found in evolution-data-server. Inconsistent comparison logic in the addressbook file backend allow…● PoC
2026-06-16
CVE-2026-42014
MEDIUM 6.6
Red Hat Enterprise Linux 10 — A flaw was found in GnuTLS. The `gnutls_pkcs11_token_set_pin` function, used for changing the Security Officer…
2026-06-16
CVE-2026-46331
HIGH 7.8
Linux — In the Linux kernel, the following vulnerability has been resolved:
net/sched: fix pedit partial COW leading …● PoC
2026-06-16
CVE-2026-48779
HIGH 7.5
Ws — ws is an open source WebSocket client and server for Node.js. All versions from 1.1.0 up to (but not including…
2026-06-16
CVE-2026-4367
MEDIUM 5.5
Red Hat Hardened Images — A flaw was found in libXpm. A local user with low privileges could exploit an Out-of-Bounds Read vulnerability…
2026-06-16
CVE-2026-44188
MEDIUM 5.3
Red Hat Ansible Automation Platform 2.7 — A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows…
2026-06-15
CVE-2026-52718
MEDIUM 6.5
Red Hat Enterprise Linux 10 — A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gst_av1_pa…
2026-06-15
CVE-2026-52719
HIGH 7.1
Red Hat Enterprise Linux 10 — An out-of-bounds read vulnerability was found in the VA JPEG decoder in GStreamer's gst-plugins-bad. The JPEG …
2026-06-15
CVE-2026-52720
HIGH 8.8
Red Hat Enterprise Linux 10 — A heap buffer overflow vulnerability was found in GStreamer's librfb (RFB/VNC client). The rectangle bounds ch…
2026-06-15
CVE-2026-52721
MEDIUM 5.3
Red Hat Enterprise Linux 10 — Multiple out-of-bounds read vulnerabilities were found in GStreamer's pcapparse element. Malformed PCAP record…
2026-06-15
CVE-2026-52722
HIGH 7.1
Red Hat Enterprise Linux 10 — A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with larg…
2026-06-15
CVE-2026-53703
HIGH 7.1
Red Hat Enterprise Linux 10 — A vulnerability was found in the GStreamer RealMedia demuxer (gst-plugins-ugly). When processing a RealMedia (…
2026-06-15
CVE-2026-53704
HIGH 7.1
Red Hat Enterprise Linux 10 — A flaw was found in GStreamer's RealMedia demuxer in the gst-plugins-ugly package. When processing a RealMedia…
2026-06-15
CVE-2026-53705
HIGH 7.6
Red Hat Enterprise Linux 10 — A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted…
2026-06-15
CVE-2026-6040
MEDIUM 5.4
Libreoffice — A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position va…
2026-06-15
CVE-2026-8357
MEDIUM 5.4
Libreoffice — LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compil…
2026-06-15
CVE-2026-54228
HIGH 7.8
Red Hat Enterprise Linux 6 — A time-of-check time-of-use (TOCTOU) race condition was found in the abrt-dbus D-Bus service's SetElement meth…
2026-06-13
CVE-2026-54229
HIGH 7
Red Hat Enterprise Linux 6 — A race condition was found in the abrt-dbus D-Bus service's ChownProblemDir method. ChownProblemDir opens the …
2026-06-13
CVE-2026-54230
HIGH 7
Red Hat Enterprise Linux 6 — A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport. Event …
2026-06-13
CVE-2026-54231
MEDIUM 5.5
Red Hat Enterprise Linux 6 — A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The ev…
2026-06-13
CVE-2026-12143
HIGH 8.7
Form Data — form-data is a library for creating readable multipart/form-data streams. In versions through 4.0.5, the `fiel…
2026-06-12
CVE-2026-44168
HIGH 8
Server — MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 …
2026-06-12
CVE-2026-44170
MEDIUM 6.3
Server — MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 …
2026-06-12
CVE-2026-44172
MEDIUM 6.9
Server — MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application tha…
2026-06-12
CVE-2026-44173
MEDIUM 5
Server — MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 …
2026-06-12
CVE-2026-44893
HIGH 7.5
Netty — Netty is a network application framework for development of protocol servers and clients. In netty-codec-hapro…
2026-06-12
CVE-2026-44894
HIGH 7.5
Netty — Netty is a network application framework for development of protocol servers and clients. NoQuicTokenHandler i…
2026-06-12
CVE-2026-44990
CRITICAL 9.3
Sanitize Html — ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sa…
2026-06-12
CVE-2026-45416
HIGH 7.5
Netty — Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.…
2026-06-12
CVE-2026-45674
HIGH 8.7
Netty — Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.…
2026-06-12
CVE-2026-45830
HIGH 8.8
Chromadb — A lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project allows any authen…
2026-06-12
CVE-2026-45832
HIGH 8.8
Chromadb — All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the au…
2026-06-12
CVE-2026-45833
CRITICAL 9.4
Chromadb — A code injection vulnerability in version 0.4.17 or later of the ChromaDB Python project allows an authenticat…
2026-06-12
CVE-2026-46340
HIGH 7.5
Netty — Netty is a network application framework for development of protocol servers and clients. In versions of netty…
2026-06-12
CVE-2026-47691
HIGH 8.7
Netty — Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.…
2026-06-12
CVE-2026-48006
HIGH 8.7
Netty — Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.…
2026-06-12
CVE-2026-48043
MEDIUM 5.3
Netty — Netty is a network application framework for development of protocol servers and clients. In netty-codec-http2…
2026-06-12
CVE-2026-48059
HIGH 8.7
Netty — Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.…
2026-06-12
CVE-2026-48163
HIGH 8
Server — MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 …
2026-06-12
CVE-2026-48165
HIGH 8
Server — MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 …
2026-06-12
CVE-2026-48748
HIGH 7.5
Netty — Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2…
2026-06-12
CVE-2026-48914
MEDIUM 6.7
Red Hat Enterprise Linux 10 — A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate t…
2026-06-12
CVE-2026-49875
MEDIUM 6.5
Apache Cxf — Apache CXF's EndpointReferenceUtils and W3CMultiSchemaFactory classes construct a SAXParserFactory without the…
2026-06-12
CVE-2026-50010
HIGH 7.5
Netty — Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.…
2026-06-12
CVE-2026-50011
HIGH 7.5
Netty — Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.…
2026-06-12
CVE-2026-50627
CRITICAL 9.1
Apache Cxf — The JwtAccessTokenValidator class in Apache CXF fails to validate the 'aud' (Audience) claims of incoming JWT …
2026-06-12
CVE-2026-50628
CRITICAL 9.8
Apache Cxf — A logic error in OAuthRequestFilter rejects legitimate requests originating from the bound IP address, while b…
2026-06-12
CVE-2026-50632
HIGH 8.1
Apache Cxf — A further incomplete fix for a previous advisory CVE-2026-44417 (Untrusted JMS configuration can lead to RCE) …
2026-06-12
CVE-2026-50633
HIGH 8.1
Apache Cxf — A JNDI Injection vulnerability has been discovered in Apache CXF's JCA integration module, which can allow for…
2026-06-12
CVE-2026-11774
HIGH 7.6
Red Hat Directory Server 11 — An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server (389-ds-base). In sasl_io_sta…
2026-06-11
CVE-2026-11816
HIGH 8.1
Keras Team/Keras — Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the archive extraction utilities lo…
2026-06-11
CVE-2026-11850
MEDIUM 5
Red Hat Hardened Images — An integer underflow vulnerability was found in MIT krb5 in the berval2tl_data() function in plugins/kdb/ldap/…
2026-06-11
CVE-2026-11986
MEDIUM 4.9
Red Hat Build Of Keycloak — A flaw was found in the admin-ui-ext component of Keycloak, which provides extended administrative user interf…
2026-06-11
CVE-2026-44249
HIGH 8.1
Netty — Netty is a network application framework for development of protocol servers and clients. In netty-handler pri…
2026-06-11
CVE-2026-44250
HIGH 7.5
Netty — Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis…
2026-06-11
CVE-2026-44486
HIGH 7.5
Axios — Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’ Node.js H…
2026-06-11
CVE-2026-44487
HIGH 8.2
Axios — Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’s Node.js …
2026-06-11
CVE-2026-44488
HIGH 7.5
Axios — Axios is a promise based HTTP client for the browser and Node.js. Axios versions 1.7.0 through 1.15.x did not …
2026-06-11
CVE-2026-44492
HIGH 8.6
Axios — Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios does not n…
2026-06-11
CVE-2026-44494
HIGH 8.7
Axios — Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.16.0, the Axios libra…
2026-06-11
CVE-2026-44495
HIGH 7
Axios — Axios is a promise based HTTP client for the browser and Node.js. From 0.19.0 to before 0.31.1 and 1.15.2, Axi…
2026-06-11
CVE-2026-44496
HIGH 7.5
Axios — Axios is a promise based HTTP client for the browser and Node.js. Axios versions before 0.32.0 on the 0.x line…
2026-06-11
CVE-2026-44890
HIGH 7.5
Netty — Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis…
2026-06-11
CVE-2026-47162
HIGH 7.3
Vim — Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnera…
2026-06-11
CVE-2026-49261
CRITICAL 10
Server — MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through…
2026-06-11
CVE-2026-52860
HIGH 7.5
Vim — Vim is an open source, command line text editor. Prior to version 9.2.0597, Vim's Python omni-completion execu…
2026-06-11
CVE-2026-53701
MEDIUM 6.5
Red Hat Enterprise Linux 10 — An out-of-bounds write vulnerability was found in GStreamer's H.266/VVC PPS picture partition parser in gst-pl…
2026-06-11
CVE-2026-53702
MEDIUM 6.5
Red Hat Enterprise Linux 10 — A stack buffer overflow flaw was found in the GStreamer H.265 codec parser library (gst-plugins-bad). When par…
2026-06-11
CVE-2026-5497
HIGH 7.5
Vllm Project/Vllm — vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory (OOM) Denial of Service (DoS) attack due to u…
2026-06-11
CVE-2026-10143
HIGH 8.7
Kafka Python — kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in SCRAM authentication handling that a…
2026-06-10
CVE-2026-11837
HIGH 7.3
Red Hat Enterprise Linux 10 — A local privilege escalation vulnerability was found in the ansible.posix authorized_key module. The module's …
2026-06-10
CVE-2026-11884
MEDIUM 6.5
Red Hat Directory Server 11 — A heap buffer overflow flaw was found in 389 Directory Server. When serializing objectclass definitions, the o…
2026-06-10
CVE-2026-2049
HIGH 7.8
Gimp — GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allow…
2026-06-10
CVE-2026-45031
MEDIUM 5.3
Imagemagick — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versio…
2026-06-10
CVE-2026-45359
MEDIUM 5.7
Imagemagick — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versio…
2026-06-10
CVE-2026-45664
MEDIUM 5.3
Imagemagick — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versio…
2026-06-10
CVE-2026-46520
HIGH 7.5
Imagemagick — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versio…
2026-06-10
CVE-2026-46522
HIGH 7.5
Imagemagick — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versio…● PoC
2026-06-10
CVE-2026-46523
MEDIUM 6.2
Imagemagick — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versio…
2026-06-10
CVE-2026-46529
HIGH 8.4
Atril — Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click…
2026-06-10
CVE-2026-46625
HIGH 7.5
Js Cookie — JavaScript Cookie is a JavaScript API for handling cookies, client-side. Prior to version 3.0.7, js-cookie's i…
2026-06-10
CVE-2026-49218
HIGH 7.5
Imagemagick — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versio…
2026-06-10
CVE-2026-49759
HIGH 8.8
Otp — Stack-based Buffer Overflow vulnerability in Erlang OTP erts (inet_drv) allows an unauthenticated remote attac…
2026-06-10
CVE-2026-53435
HIGH 8.8
Jenkins — In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attackers to have Jenkins deserializ…
2026-06-10
CVE-2026-53437
MEDIUM 4.3
Jenkins — Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is le…
2026-06-10
CVE-2026-53460
HIGH 7.5
Imagemagick — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versio…
2026-06-10
CVE-2026-53461
HIGH 7.5
Imagemagick — ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versio…
2026-06-10
CVE-2026-6893
HIGH 7.5
Red Hat Enterprise Linux 10 — A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by provid…
2026-06-10
CVE-2026-11785
MEDIUM 4.3
Red Hat Directory Server 11 — A flaw was found in 389 Directory Server. A type confusion in the SSO token extended operation handler causes …
2026-06-09
CVE-2026-11786
LOW 1.9
Red Hat Directory Server 11 — A flaw was found in 389 Directory Server. The LDIF parser reads past the end of a heap buffer when processing …
2026-06-09
CVE-2026-11787
MEDIUM 5
Red Hat Directory Server 11 — A flaw was found in 389 Directory Server. The ldap_utf8prev() function reads bytes before the start of a buffe…
2026-06-09
CVE-2026-11788
MEDIUM 5.9
Red Hat Directory Server 11 — A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure…
2026-06-09
CVE-2026-11789
MEDIUM 4.9
Red Hat Directory Server 11 — A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer underflow…
2026-06-09
CVE-2026-11790
MEDIUM 4.9
Red Hat Directory Server 11 — A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password storage plugin does not enforce an upper …
2026-06-09
CVE-2026-11792
LOW 3.3
Red Hat Directory Server 11 — A heap buffer overflow flaw was found in 389 Directory Server. When audit logging is enabled, the create_maske…
2026-06-09
CVE-2026-11793
MEDIUM 4.9
Red Hat Directory Server 11 — A stack buffer overflow flaw was found in 389 Directory Server. The checkPrefix() function in pw.c copies an a…
2026-06-09
CVE-2026-40983
HIGH 7.5
Micrometer — In Micrometer, it is possible for a user to provide specially crafted gRPC requests that may cause a denial-of…
2026-06-09
CVE-2026-40984
HIGH 7.5
Micrometer — In Micrometer, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of…
2026-06-09
CVE-2026-41731
HIGH 8.1
Spring For Apache Kafka — JsonKafkaHeaderMapper and the deprecated DefaultKafkaHeaderMapper matched type headers against trusted package…
2026-06-09
CVE-2026-42570
HIGH 7.5
Devalue — Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficien…
2026-06-09
CVE-2026-42573
MEDIUM 5.3
Svelte — Svelte is a performance oriented web framework. Prior to version 5.55.7, Svelte was vulnerable to DOM clobberi…
2026-06-09
CVE-2026-45447
HIGH 8.8
Openssl — Issue summary: A specially crafted PKCS#7 or S/MIME signed message could
trigger a use-after-free during PKCS#…
2026-06-09
CVE-2026-45490
HIGH 7.8
.Net 10.0 — Improper authorization in .NET allows an authorized attacker to elevate privileges locally.
2026-06-09
CVE-2026-45591
HIGH 7.5
.Net 10.0 — Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a netwo…
2026-06-09
CVE-2026-46316
CRITICAL 9.3
Linux — In the Linux kernel, the following vulnerability has been resolved:
KVM: arm64: vgic-its: Drop the translatio…
2026-06-09
CVE-2026-46323
HIGH 7.8
Linux — In the Linux kernel, the following vulnerability has been resolved:
net: gro: don't merge zcopy skbs
skb_gro…
2026-06-09
CVE-2026-52902
MEDIUM 4.7
Red Hat Ansible Automation Platform 2 — A path traversal vulnerability was found in awxkit, the CLI tool for AWX. The YAML !include directive does not…
2026-06-09
CVE-2026-9698
HIGH 7.5
Dbi — DBI versions before 1.648 for Perl saved errors in a limited-sized buffer.
Error messages that were returned …
2026-06-09
CVE-2025-10263
CRITICAL 9.1
C1 Ultra — Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925,…
2026-06-09
CVE-2025-71319
HIGH 8.7
Image Size — image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanentl…● PoC
2026-06-09
CVE-2026-11569
MEDIUM 5.4
Red Hat Quay 3 — A flaw was found in Quay. The filedrop endpoint accepts any mime type without validation, allowing an authenti…
2026-06-08
CVE-2026-11577
HIGH 7.2
Red Hat Build Of Keycloak — A flaw was found in Keycloak. A limited administrator can exploit an improper access control vulnerability in …
2026-06-08
CVE-2026-11611
MEDIUM 6.5
Red Hat Directory Server 11 — A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounde…
2026-06-08
CVE-2026-34355
HIGH 7.5
Apache Http Server — A buffer overflow in mod_proxy_html in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted …
2026-06-08
CVE-2026-3238
HIGH 7.5
Red Hat Enterprise Linux 10 — A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The W…
2026-06-08
CVE-2026-42536
HIGH 7.5
Apache Http Server — Heap-based Buffer Overflow vulnerability in Apache HTTP Server with mod_xml2enc, xml2StartParse, and untrusted…
2026-06-08