Skip to main content

Red Hat

8632 CVEs vendor

Monthly

CVE-2026-46448 PyPI HIGH PATCH GHSA This Week

Resource-accounting bypass in OpenStack Nova (compute service) lets an authenticated tenant create an instance whose scheduler hint data is not properly stripped, resulting in a running VM that has no corresponding Placement allocation. Because the instance consumes real host CPU/RAM/disk that the Placement service never accounted for, an attacker with ordinary project credentials can quietly over-subscribe a compute host and degrade availability for co-located tenants. SSVC lists exploitation as proof-of-concept (no public exploit identified as weaponized) with partial technical impact; EPSS is low at 0.26% (17th percentile).

Information Disclosure Nova Red Hat
NVD VulDB
CVSS 3.1
8.5
EPSS
0.3%
CVE-2026-54531 PyPI MEDIUM PATCH GHSA This Month

Processing crafted PDF outlines in pypdf versions prior to 6.13.0 triggers an infinite loop during writer merge operations, causing a denial of service. Applications that accept user-supplied PDFs and merge them using PdfWriter are affected - specifically any code path that calls merge() on a PDF whose /Outlines or /Parent hierarchy contains circular references. No public exploit has been identified at time of analysis and this is not listed in CISA KEV; a vendor-released patch is available as pypdf 6.13.0.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-54530 PyPI MEDIUM PATCH GHSA This Month

Infinite loop denial-of-service in pypdf allows an attacker to hang any Python application that processes a crafted PDF using layout-mode text extraction. The vulnerability arises because the `/Parent` hierarchy traversal in `_layout_mode_fonts()` lacked cycle detection, so a circular reference structure in a malicious PDF causes the parser to loop indefinitely. No active exploitation is confirmed (not in CISA KEV) and no public exploit code has been identified, but the attack surface is broad: any service accepting user-supplied PDFs and passing them to pypdf's layout-mode extraction is potentially affected.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-49461 PyPI MEDIUM PATCH GHSA This Month

Uncontrolled resource consumption in pypdf versions before 6.12.2 allows any attacker who can cause an application to call `extract_text()` on a crafted PDF to trigger unbounded memory growth, resulting in denial of service. The vulnerability arises specifically during form XObject traversal: a PDF containing a self-referencing XObject resource dictionary causes the extraction code to recurse infinitely without cycle detection. No public exploit code has been identified at time of analysis, and this vulnerability does not appear in the CISA KEV catalog.

Denial Of Service Red Hat
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-49460 PyPI MEDIUM PATCH GHSA This Month

Denial-of-service in the pypdf Python library allows an attacker to cause excessive CPU consumption by supplying a crafted PDF containing a FlateDecode stream with a PNG predictor filter. Any application using pypdf to parse untrusted PDFs is affected on versions prior to 6.12.2. No public exploit is identified at time of analysis, but the attack surface is broad given pypdf's use in document processing pipelines; no special authentication is required to exploit applications that accept user-supplied PDFs.

Information Disclosure Red Hat
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2026-12330 MEDIUM PATCH This Month

Incorrect boundary conditions in the Internationalization component. This vulnerability was fixed in Firefox ESR 140.12 and Firefox ESR 115.37.

Mozilla Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2026-12327 HIGH PATCH This Week

Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Buffer Overflow Mozilla RCE Red Hat Suse
NVD VulDB
CVSS 3.1
7.3
EPSS
0.2%
CVE-2026-12325 MEDIUM PATCH This Month

Uncontrolled resource consumption in Mozilla Firefox's Graphics: ImageLib component allows remote attackers to crash or hang the browser by serving specially crafted image content to an unsuspecting user. All Firefox release-channel versions prior to 152 and both ESR tracks (prior to 140.12 and 115.37) are affected, exposing a broad install base across consumer and enterprise environments. No public exploit has been identified, SSVC rates exploitation as none with a non-automatable attack path, and KEV listing is absent - signals that collectively place this vulnerability at lower real-world priority despite a CVSS 6.5 score.

Mozilla Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-12324 HIGH PATCH This Week

Memory safety flaw in the CanvasWebGL graphics component of Mozilla Firefox allows remote attackers to trigger incorrect boundary handling through crafted web content, leading to limited confidentiality, integrity, and availability impact. The issue affects Firefox prior to version 152 and Firefox ESR prior to 140.12, and no public exploit identified at time of analysis. Reported by Mozilla with low complexity and no authentication required (CVSS 7.3).

Mozilla Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
7.3
EPSS
0.2%
CVE-2026-12323 MEDIUM PATCH This Month

Spoofing via CWE-1021 (UI layer restriction failure) in Mozilla Firefox's DOM Core & HTML component allows remote unauthenticated attackers to render deceptive UI content in a victim's browser when they interact with a malicious web page. All Firefox versions prior to 152 are affected. No public exploit has been identified at time of analysis, and CISA SSVC assessment classifies exploitation status as none with partial technical impact, placing real-world urgency below the moderate CVSS score suggests.

Mozilla XSS Suse Red Hat
NVD VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2026-12322 MEDIUM PATCH This Month

Clickjacking issue in the Widget: Gtk component. This vulnerability was fixed in Firefox 152.

Mozilla XSS Suse Red Hat
NVD VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2026-12321 MEDIUM PATCH This Month

JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 152.

Mozilla Information Disclosure Suse Red Hat
NVD VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2026-12320 MEDIUM PATCH This Month

Information disclosure in the Password Manager component. This vulnerability was fixed in Firefox 152.

Mozilla Information Disclosure Suse Red Hat
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-12319 MEDIUM PATCH This Month

Denial-of-service in Mozilla Firefox's Audio/Video Playback component allows a remote attacker to crash or render the browser unresponsive by delivering crafted media content to a victim. All Firefox releases prior to version 152 are affected per CPE coverage. No public exploit has been identified at time of analysis, and SSVC rates exploitation as none with partial technical impact, placing this in the moderate-priority tier rather than an emergency response category.

Mozilla Denial Of Service Suse Red Hat
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-12318 HIGH PATCH This Week

Memory corruption in the NSS (Network Security Services) Libraries component shipped with Mozilla Firefox allows remote attackers to trigger out-of-bounds memory access via incorrect boundary condition handling, with low impact across confidentiality, integrity, and availability. Mozilla addressed the issue in Firefox 152, with associated advisories MFSA2026-57 and MFSA2026-60. There is no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

Mozilla Buffer Overflow Suse Red Hat
NVD VulDB
CVSS 3.1
7.3
EPSS
0.2%
CVE-2026-12317 HIGH PATCH This Week

Memory corruption in Mozilla Firefox versions prior to 152 allows remote unauthenticated attackers to crash the browser by serving crafted web content, resulting in denial of service. The CVSS 3.1 base score of 7.5 reflects high availability impact without confidentiality or integrity loss, and no public exploit identified at time of analysis. Mozilla disclosed the issue via advisories MFSA2026-57 and MFSA2026-60 with a fix shipped in Firefox 152.

Mozilla Buffer Overflow Suse Red Hat
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-12316 CRITICAL PATCH Act Now

Security mitigation bypass in the DOM: Security component of Mozilla Firefox prior to version 152 allows remote attackers to compromise confidentiality and integrity of browser-rendered content without user interaction. The flaw carries a critical CVSS 3.1 score of 9.1 (AV:N/AC:L/PR:N/UI:N) and is tagged as an Authentication Bypass class issue, though no public exploit identified at time of analysis. The vulnerability has been patched by Mozilla in Firefox 152 per MFSA2026-57/MFSA2026-60.

Authentication Bypass Mozilla Suse Red Hat
NVD VulDB
CVSS 3.1
9.1
EPSS
0.3%
CVE-2026-12315 CRITICAL PATCH Act Now

Security mitigation bypass in the DOM: Security component of Mozilla Firefox allows remote attackers to circumvent browser security controls, with high impact to confidentiality and integrity. The flaw affects Firefox versions prior to 152 and Firefox ESR prior to 140.12, with no public exploit identified at time of analysis. Given the CVSS 9.1 rating and network-reachable attack vector, any user browsing a malicious page is potentially exposed.

Authentication Bypass Mozilla Red Hat Suse
NVD VulDB
CVSS 3.1
9.1
EPSS
0.3%
CVE-2026-12314 HIGH PATCH This Week

Memory corruption in Mozilla Firefox prior to version 152 and Firefox ESR prior to 140.12 allows remote attackers to compromise browser memory integrity through crafted web content, with confidentiality impact rated High per the CVSS vector. The flaw stems from a buffer-handling defect (CWE-119) reported by Mozilla itself and addressed across multiple security advisories (MFSA2026-57, -58, -60, -61). No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Mozilla Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-12313 MEDIUM PATCH This Month

Sandbox escape with information disclosure in Mozilla Firefox's Process Sandboxing component allows a remote attacker to break out of the browser sandbox and read sensitive data from the host environment when a user visits attacker-controlled content. Affected versions span all Firefox releases prior to 152 and all Firefox ESR releases prior to 140.12, patched by Mozilla in mfsa2026-57 and mfsa2026-58. No public exploit identified at time of analysis and SSVC signals no current exploitation activity, keeping real-world urgency at moderate priority despite the scope-changing nature of the flaw.

Privilege Escalation Mozilla Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
4.7
EPSS
0.2%
CVE-2026-12312 HIGH PATCH This Week

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Mozilla Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-12311 MEDIUM PATCH This Month

Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Mozilla Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
4.7
EPSS
0.2%
CVE-2026-12310 HIGH PATCH This Week

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Mozilla Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-12309 MEDIUM PATCH This Month

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Mozilla Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-12308 MEDIUM PATCH This Month

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Mozilla Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2026-12307 MEDIUM PATCH This Month

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Mozilla Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2026-12306 MEDIUM PATCH This Month

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Mozilla Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2026-12305 HIGH PATCH This Week

Denial of service in Mozilla Firefox prior to version 152 and Firefox ESR prior to 140.12 stems from a memory safety bug (CWE-119) that remote attackers can trigger via crafted web content. The CVSS 7.5 score reflects high availability impact with no confidentiality or integrity loss, consistent with a browser crash rather than reliable code execution. No public exploit identified at time of analysis, and Mozilla has shipped fixes across multiple advisories (MFSA2026-57, -58, -60, -61).

Mozilla Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-12304 CRITICAL PATCH Act Now

Same-origin policy bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Authentication Bypass Mozilla Red Hat Suse
NVD VulDB
CVSS 3.1
9.1
EPSS
0.2%
CVE-2026-12303 MEDIUM PATCH This Month

Out-of-bounds read in Firefox's WebGPU graphics component exposes browser memory contents to remote attackers who can lure a user to a malicious webpage. All Firefox versions prior to 152 are affected, with the vulnerability stemming from incorrect boundary conditions during GPU-accelerated rendering operations. No public exploit or active exploitation has been identified at time of analysis; exploitation requires user interaction, limiting opportunistic mass exploitation despite the zero-authentication requirement on the attacker side.

Mozilla Information Disclosure Buffer Overflow Suse Red Hat
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-12302 MEDIUM PATCH This Month

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37.

Authentication Bypass Mozilla Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2026-12301 MEDIUM PATCH This Month

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152.

Mozilla Buffer Overflow Suse Red Hat
NVD VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2026-12300 MEDIUM PATCH This Month

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152.

Mozilla Buffer Overflow Suse Red Hat
NVD VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2026-12087 CRITICAL PATCH Act Now

Socket versions before 2.041 for Perl have an out-of-bounds heap read. In Socket.xs, pack_ip_mreq_source() checks the length of its source argument before the argument is read, so the check tests the byte length carried over from the preceding multiaddr argument instead. Both addresses occupy a 4-byte field, so a valid multiaddr lets a source of any length pass the check, and the source is then copied into the 4-byte imr_sourceaddr field with a fixed-size copy. A source shorter than 4 bytes is not rejected, and the copy reads up to 3 bytes past the end of its buffer. Calling pack_ip_mreq_source() with a source value shorter than 4 bytes copies adjacent heap memory into the returned packed structure.

Information Disclosure Buffer Overflow Socket Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.2%
CVE-2026-48817 PyPI MEDIUM PATCH GHSA This Month

Starlette's HTTPEndpoint dispatcher allows remote unauthenticated attackers to invoke arbitrary internal Python instance methods as HTTP handlers by sending non-standard HTTP method names that resolve to endpoint attributes via getattr, effectively circumventing authorization logic guarding intended public handlers. Applications built on Starlette - including FastAPI - are affected when HTTPEndpoint subclasses are registered via Route(...) without an explicit methods= argument and those subclasses expose internal methods whose lowercased names match non-standard HTTP token shapes. No public exploit or active exploitation has been identified at time of analysis; a vendor-released patch is available in starlette 1.1.0.

Information Disclosure Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2026-54274 PyPI MEDIUM PATCH GHSA This Month

Denial-of-service in aiohttp (all versions up to and including 3.14.0) allows remote attackers to exhaust server memory by sending large, incomplete WebSocket frame payloads that bypass the library's configured memory size limits. Any Python web application exposing WebSocket endpoints via aiohttp is affected - no authentication is implied as a prerequisite at the protocol layer. No public exploit code has been identified at time of analysis, but the attack primitive is straightforward and the fix is available in 3.14.1.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
6.6
EPSS
0.3%
CVE-2026-54273 PyPI MEDIUM PATCH GHSA This Month

Unbounded HTTP/1 pipelined request queuing in aiohttp server allows a remote, unauthenticated attacker to exhaust process memory and cause denial of service by sending pipelined requests faster than the server can handle them. All aiohttp server deployments at version 3.14.0 and earlier are affected; the client library is not impacted. No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog, though the attack requires no special tooling beyond a standard HTTP/1.1 client capable of pipelining.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
6.6
EPSS
0.3%
CVE-2026-54278 PyPI MEDIUM PATCH GHSA This Month

Unread compressed request bodies in aiohttp bypass the client_max_size limit during the cleanup phase, allowing a single-chunk decompression of an arbitrarily large payload into server memory. All versions up to and including 3.14.0 are affected. An attacker who can send HTTP requests with compressed bodies can trigger a zip bomb condition during cleanup, exhausting server memory and causing denial of service. No public exploit has been identified at time of analysis.

Information Disclosure Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
6.6
EPSS
0.3%
CVE-2026-52721 MEDIUM This Month

Out-of-bounds read vulnerabilities in GStreamer's pcapparse element expose Red Hat Enterprise Linux 6 through 10 users to potential application crashes or limited memory disclosure when processing malformed PCAP files. The flaws reside in IPv4/TCP header parsing logic, where specially crafted PCAP records trigger reads beyond buffer boundaries across multiple code paths. Real-world exposure is materially constrained by pcapparse's restriction to debugging pipelines, the requirement for local user interaction, and high attack complexity; no public exploit or active exploitation has been identified at time of analysis.

Information Disclosure Buffer Overflow Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 +4
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-8358 MEDIUM PATCH This Month

Heap buffer overflow in LibreOffice Calc's tracked-changes importer allows an attacker who delivers a maliciously crafted spreadsheet to corrupt heap memory, causing high-impact availability loss and potentially enabling arbitrary code execution at the victim's privilege level. The vulnerability is triggered when a document reuses the same change identifier for two structurally different change types, causing the importer to misidentify object size and write past the allocation boundary. A proof-of-concept exists (CVSS 4.0 E:P modifier); no confirmed active exploitation (CISA KEV) has been recorded at time of analysis.

Memory Corruption Buffer Overflow Libreoffice Red Hat Suse
NVD VulDB
CVSS 4.0
5.4
EPSS
0.1%
CVE-2026-8356 MEDIUM PATCH This Month

Stack buffer overflow in LibreOffice's legacy binary PPT importer allows a crafted presentation file to corrupt stack memory, causing application crash or potential arbitrary code execution under the victim's user context. The flaw affects all LibreOffice versions when importing PPT files containing a colour-replacement record whose combined colour counts across two parsing passes exceed the fixed-size stack-allocated colour tables. No public exploit has been confirmed actively exploited (not in CISA KEV), though the CVSS 4.0 supplemental E:P metric indicates proof-of-concept code exists, elevating this above a purely theoretical risk.

Memory Corruption Buffer Overflow Libreoffice Red Hat Suse
NVD VulDB
CVSS 4.0
5.4
EPSS
0.1%
CVE-2026-6047 MEDIUM PATCH This Month

Heap buffer overflow in LibreOffice's OOXML (DOCX) import component allows a specially crafted document to corrupt memory when processing text box elements, with high availability impact and limited confidentiality and integrity exposure. The flaw stems from a type confusion during deferred parser event replay: a handler object assumed to be a larger type is written to at that type's field layout, but the actual object may be smaller, causing the write to land past the end of the heap allocation. A proof-of-concept exploit exists (CVSS 4.0 E:P); no confirmed active exploitation is recorded in CISA KEV at time of analysis.

Memory Corruption Buffer Overflow Libreoffice Red Hat Suse
NVD VulDB
CVSS 4.0
5.4
EPSS
0.1%
CVE-2026-6045 MEDIUM PATCH This Month

Heap buffer overflow in LibreOffice's EMF+ graphics importer enables memory corruption when a user opens a specially crafted document containing a malicious gradient brush. The root cause is an integer overflow in the multiplication used to compute a heap allocation size from an attacker-controlled gradient blend point count - resulting in an undersized buffer that is subsequently written as if it were full-sized. A proof of concept exists (CVSS 4.0 E:P supplemental metric), no confirmed active exploitation is recorded, and impact spans process crash to potential arbitrary code execution within the LibreOffice session.

Memory Corruption Buffer Overflow Libreoffice Red Hat Suse
NVD VulDB
CVSS 4.0
5.4
EPSS
0.1%
CVE-2026-6039 MEDIUM PATCH This Month

Heap buffer overflow in LibreOffice's DXF import engine allows a crafted CAD file to corrupt process memory when a polyline with more than 65,535 points is parsed. The root cause is an integer truncation defect: the point count read from the DXF file is narrowed to a 16-bit value when sizing the heap allocation, but the original, un-truncated count drives the subsequent write loop - any polyline exceeding 65,535 points overflows the undersized buffer. A proof-of-concept exists (CVSS 4.0 E:P), exploitation requires passive user interaction (opening a malicious DXF file), and no active exploitation has been confirmed in CISA KEV at time of analysis.

Memory Corruption Buffer Overflow Libreoffice Red Hat Suse
NVD VulDB
CVSS 4.0
5.4
EPSS
0.1%
CVE-2026-12205 CRITICAL PATCH Act Now

Private-key recovery is possible in Crypt::DSA for Perl (all versions before 1.21) because the module caches the per-signature DSA nonce (k) inside the Key object and never clears it, causing every call to sign() after the first to reuse the identical nonce and produce signatures with matching r values. Any attacker who can observe two or more DSA signatures produced by the same Key object can apply well-known algebraic techniques to recover the private key entirely, after which they can forge arbitrary signatures. No public exploit code has been identified at time of analysis and CISA KEV listing is absent, but the cryptographic impact is catastrophic: all keys used to sign more than once under an affected version must be treated as fully compromised.

Information Disclosure Red Hat
NVD VulDB
CVSS 3.1
9.1
EPSS
0.2%
CVE-2026-44188 MEDIUM PATCH This Month

Insufficient OAuth token invalidation in Ansible Lightspeed (part of Red Hat Ansible Automation Platform 2.x) allows a remote attacker who has exfiltrated a valid access token to maintain persistent authenticated sessions even after the legitimate user has logged out. The backend fails to revoke the token server-side on logout, leaving it exploitable until natural expiration. Successful exploitation enables unauthorized read access to sensitive Ansible resources - including inventories, playbooks, and configuration data - with no public exploit or CISA KEV listing identified at time of analysis.

Information Disclosure Red Hat Ansible Automation Platform 2 7 Red Hat Ansible Automation Platform 2 Red Hat
NVD VulDB
CVSS 3.1
5.3
EPSS
0.4%
CVE-2026-12208 MEDIUM POC This Month

Prototype pollution in jsonata-js (all versions up to 2.2.0) allows remote unauthenticated attackers to inject arbitrary properties into JavaScript's Object.prototype via the createFrame function in src/jsonata.js. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) with exploitation status E:P confirms this is network-exploitable with zero prerequisites, and a public proof-of-concept has been published on GitHub demonstrating a hasOwnProperty guard bypass. No patch exists - the vendor failed to respond to coordinated disclosure - leaving all users of jsonata ≤ 2.2.0 indefinitely exposed.

Prototype Pollution Information Disclosure Jsonata Red Hat
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.3%
CVE-2025-70102 MEDIUM This Month

NULL pointer dereference in dhcpcd 10.3.0 allows an unauthenticated attacker on the same network segment to crash the DHCP client daemon by sending a crafted packet with unexpected or invalid option tokens. The fault occurs in parse_option() at src/if-options.c:1886, where a NULL return from option lookup is immediately dereferenced as a 'struct dhcp_opt' member without a null check, causing a runtime abort. No public exploit or CISA KEV listing exists, and EPSS sits at the 4th percentile, indicating low but real crash-level risk for any host running this specific dhcpcd version on a shared or adversarially accessible network segment.

Denial Of Service Null Pointer Dereference N A Red Hat Suse
NVD VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2026-54411 MEDIUM This Month

Timing side-channel in Linux-PAM's pam_userdb module through version 1.7.2 allows plaintext password recovery by any attacker capable of repeatedly submitting authentication attempts to a service backed by the vulnerable configuration. The module's use of length-prefixed strncmp() (or strncasecmp() with PAM_ICASE_ARG) on plaintext credentials leaks both password length and individual prefix bytes via measurable response-time differences, enabling iterative character-by-character reconstruction of the stored password. Proof-of-concept exploit methodology exists per CVSS 4.0 supplemental metadata (E:P); while no CISA KEV listing was found, the high confidentiality impact (VC:H) and credential-disclosure nature make this a meaningful risk for any deployment relying on pam_userdb in plaintext mode.

Information Disclosure Linux Pam Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2026-54421 MEDIUM PATCH This Month

Unredacted iSCSI credential disclosure in OpenStack Ironic through 35.0.1 occurs specifically when an authenticated operator issues a PATCH request to update authorized fields in a node's volume properties - the API response returns sensitive data such as iSCSI CHAP usernames and secrets in plaintext. The scope change reflected in the CVSS (S:C) is meaningful: leaked storage credentials extend the blast radius beyond Ironic itself to the underlying iSCSI storage infrastructure. Notably, the same volume properties endpoint does not exhibit this behavior on POST requests, isolating the flaw to the PATCH response serialization path. No public exploit code has been identified and the vulnerability is not listed in CISA KEV.

Information Disclosure Ironic Red Hat Suse
NVD VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-45831 HIGH This Week

Cross-tenant authorization bypass in ChromaDB's SimpleRBACAuthorizationProvider (versions 0.5.0 and later) allows authenticated users to perform actions against tenants, databases, and collections they do not own. The provider verifies that a user holds a given permission but never validates the scope of that permission against the target resource, enabling lateral movement across multi-tenant deployments. No public exploit identified at time of analysis, but the flaw was disclosed by HiddenLayer and affects any Chroma deployment relying on the built-in RBAC provider for tenant isolation.

Python Authentication Bypass Chromadb Red Hat
NVD VulDB
CVSS 4.0
8.8
EPSS
0.0%
CVE-2026-50560 Maven MEDIUM POC PATCH GHSA This Month

Netty's HTTP/2 codec mishandles the SETTINGS_MAX_HEADER_LIST_SIZE client setting, enabling a denial-of-service attack functionally equivalent to HTTP/2 Rapid Reset (CVE-2023-44487) but with a distinct on-wire signature. Affected Netty versions prior to 4.1.135.Final and 4.2.15.Final fully process and proxy incoming requests to the origin before encountering an exception during response header serialization, consuming server resources without completing responses. No public exploit has been identified at time of analysis, and EPSS stands at 0.02% (5th percentile), though the attack technique parallels a well-documented catastrophic DDoS class.

Denial Of Service Netty Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-50020 Maven MEDIUM POC PATCH GHSA This Month

HTTP request smuggling in Netty's HttpObjectDecoder (netty-codec-http) allows unauthenticated remote attackers to manipulate request-boundary parsing in pipelined or multiplexed deployments by injecting non-CRLF ISO control characters (NUL, SOH, STX, etc.) before the HTTP request-line. Affected are all Netty releases prior to 4.1.135.Final and 4.2.15.Final; both branches have vendor-confirmed patches. No public exploit code has been identified and EPSS is 0.04% (12th percentile), indicating low current exploitation likelihood, though the attack surface expands significantly in architectures fronted by proxies or load balancers that strip or interpret those control bytes differently than Netty does.

Request Smuggling Information Disclosure Netty Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-47729 MEDIUM POC This Month

Squid proxy server is affected by CVE-2026-47729, disclosed alongside CVE-2026-50012 in a single oss-security post dated 2026-06-12 by Amos Jeffries. This is a pre-NVD disclosure, meaning technical details, affected versions, CVSS scores, and patch information have not yet been published to the NVD. No exploit code has been identified at time of analysis, and CISA KEV status is not confirmed.

Information Disclosure Suse Red Hat
NVD VulDB GitHub
CVE-2026-50012 HIGH This Week

Squid caching proxy is affected by CVE-2026-50012, disclosed via the oss-security mailing list on 2026-06-12 as a pre-NVD advisory. No technical details - description, affected versions, vulnerability class, or impact - have been made available in the current intelligence snapshot. The advisory was bundled with a sibling disclosure (CVE-2026-47729) from the same Squid maintainer post, suggesting a coordinated release, but no further differentiation between the two CVEs is derivable from available data. No exploitation, no KEV listing, and no EPSS score are present at time of analysis.

Information Disclosure Suse Red Hat
NVD VulDB
CVE-2026-12035 HIGH PATCH This Week

Use after free in Views in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Microsoft Use After Free Memory Corruption Denial Of Service Google +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-12034 HIGH PATCH This Week

Insufficient validation of untrusted input in Linux Toolkit Theming in Google Chrome on Linux prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)

Google Information Disclosure Suse Red Hat
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-12033 MEDIUM PATCH This Month

Out of bounds read in VideoCapture in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the GPU process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Google Information Disclosure Buffer Overflow Suse Red Hat
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-12031 HIGH PATCH This Week

Sandbox escape in Google Chrome on Windows prior to 149.0.7827.115 allows a remote attacker who has already compromised the renderer process to break out of the Chromium sandbox via a crafted HTML page abusing the Views UI framework. Chromium rates the severity High, and no public exploit is identified at time of analysis, but sandbox-escape primitives are routinely chained with renderer RCE bugs into full browser compromise on Windows endpoints.

Microsoft Google Information Disclosure Suse Red Hat
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-12030 HIGH PATCH This Week

Sandbox escape in Google Chrome on Android prior to 149.0.7827.115 allows a remote attacker who has already compromised the renderer process to break out of the sandbox through a heap-based out-of-bounds write in the GPU process triggered by a crafted HTML page. Chromium rates the severity High and a vendor patch is available, but no public exploit has been identified at time of analysis. The CVSS 8.3 score reflects the chained nature of the attack (compromised renderer required) combined with full impact across confidentiality, integrity, and availability.

Heap Overflow Google Buffer Overflow Suse Red Hat
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-12029 HIGH PATCH This Week

Use after free in Video in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Microsoft Use After Free Memory Corruption Denial Of Service Google +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-12028 HIGH PATCH This Week

Use after free in GPU in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Google Use After Free Memory Corruption Denial Of Service Suse +1
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-12027 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome prior to 149.0.7827.115 allows a remote attacker who has already compromised the renderer process to break out of the Headless component sandbox via a crafted HTML page. The flaw is rated High severity by Chromium and carries CVSS 9.6 due to scope change and user interaction, though EPSS remains very low (0.03%) and there is no public exploit identified at time of analysis. A vendor patch is available in the stable channel update published June 2026.

Privilege Escalation Google Red Hat
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-12025 MEDIUM PATCH This Month

Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

Google Information Disclosure Suse Red Hat
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-12024 MEDIUM PATCH This Month

Same-origin policy bypass in Google Chrome's DevTools component exposes all Chrome versions prior to 149.0.7827.115 to cross-origin integrity violations when a victim visits a crafted HTML page. The root cause (CWE-346) is insufficient origin validation within DevTools policy enforcement, allowing a remote unauthenticated attacker to circumvent the browser's fundamental isolation boundary and tamper with cross-origin content. No public exploit identified at time of analysis; EPSS of 0.02% (4th percentile) and absence of a CISA KEV listing indicate currently low real-world exploitation pressure despite the High Chromium severity rating.

Authentication Bypass Google Red Hat
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-12022 HIGH PATCH This Week

Sandbox escape in Google Chrome on macOS prior to 149.0.7827.115 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a race condition in Safe Browsing handling of a malicious file. Chromium rates the issue High severity and a vendor patch is available, though no public exploit has been identified at time of analysis.

Race Condition Google Information Disclosure Suse Red Hat
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-12020 HIGH PATCH This Week

Use after free in Autofill in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Google Use After Free Memory Corruption Denial Of Service Suse +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-12019 HIGH PATCH This Week

Sandbox escape in Google Chrome on Linux and ChromeOS prior to 149.0.7827.115 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a heap buffer overflow in the Codecs component triggered by a crafted HTML page. Google rates the underlying issue as High severity and a vendor patch is available, but no public exploit is identified at time of analysis and the bug is not listed in CISA KEV. Exploitation is conditional on chaining with a prior renderer compromise, which raises real-world complexity.

Google Memory Corruption Buffer Overflow Suse Red Hat
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-12011 HIGH PATCH This Week

Use after free in WebMIDI in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Microsoft Use After Free Memory Corruption Denial Of Service Google +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-12009 HIGH PATCH This Week

Sandbox escape in Google Chrome on macOS prior to 149.0.7827.115 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page that exercises the Accessibility subsystem. Chromium rates the issue Critical severity; no public exploit identified at time of analysis, and the flaw is not on the CISA KEV list. The bug is reachable only after a prior renderer compromise and requires user interaction, which limits drive-by exploitation but makes it a key second-stage primitive in a full browser chain.

Google Information Disclosure Suse Red Hat
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-12007 HIGH PATCH This Week

Remote code execution in Google Chrome on Windows prior to 149.0.7827.115 allows remote attackers to trigger a use-after-free condition in the Core component via a crafted HTML page, leading to arbitrary code execution within the renderer process. Chromium rates the severity as Critical, and no public exploit has been identified at time of analysis, but the bug class (UAF in Core) is historically a frequent target for in-the-wild exploitation against Chrome. The vulnerability requires the victim to visit attacker-controlled content (UI:R).

Microsoft Use After Free Memory Corruption RCE Denial Of Service +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-52859 MEDIUM PATCH This Month

Out-of-bounds read in Vim's built-in terminal emulator (`:terminal` feature) prior to version 9.2.0565 allows a program running inside a `:terminal` window to crash Vim by outputting crafted Unicode combining characters that exhaust all six libvterm cell slots, causing the unguarded loop in `update_snapshot()` to walk past the fixed-size array and append out-of-bounds memory into the scrollback buffer. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog and no public exploit code has been identified, placing this in the lower-urgency tier despite the CVSS 4.0 score of 6.9. Real-world exploitation is constrained by the requirement that a victim be actively using Vim's `:terminal` feature to render attacker-influenced program output.

Information Disclosure Buffer Overflow Vim Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-53702 MEDIUM This Month

Stack buffer overflow in GStreamer's H.265/HEVC codec parser (gst-plugins-bad) allows remote unauthenticated attackers to crash GStreamer-based applications by delivering a crafted H.265 video file or stream that a user opens. The root cause is an incorrect loop bound in the buffering period SEI message parser: the parser mistakenly uses cpb_cnt_minus1[i] (the current loop index variable) rather than cpb_cnt_minus1[0] from the referenced Sequence Parameter Set, causing the loop to iterate beyond the bounds of stack-allocated CPB delay arrays and corrupt stack memory. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, though the deterministic parser logic makes crash reproduction straightforward.

Memory Corruption Buffer Overflow Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 +3
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-53701 MEDIUM This Month

Out-of-bounds write in GStreamer's H.266/VVC PPS picture partition parser (`gst-plugins-bad`) allows an attacker to crash media-processing applications - and potentially achieve code execution - by delivering a crafted H.266/VVC media file. The flaw in `gst_h266_parser_parse_picture_partition()` (gsth266parser.c) permits unbounded slice index increments across three fixed-size arrays in `GstH266PPS` during multi-slice-in-tile processing. A proof-of-concept demonstrating at least a 4-byte write exists; no public exploit beyond that initial POC or CISA KEV listing has been identified at time of analysis, though the code structure permits larger writes across multiple iterations which elevates downstream risk above a pure DoS assessment.

Memory Corruption Buffer Overflow Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 +3
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11774 HIGH This Week

Heap buffer overflow in 389 Directory Server (389-ds-base) SASL I/O layer allows authenticated remote attackers to crash the LDAP service or achieve remote code execution after a successful SASL bind with integrity protection (SSF > 0). The flaw stems from an integer overflow in sasl_io_start_packet() that bypasses the nsslapd-maxsasliosize ceiling, enabling roughly 2 MB of attacker-controlled heap corruption. No public exploit identified at time of analysis, and the impact is amplified in FreeIPA and Red Hat Identity Management deployments where any enrolled user, host, or service principal qualifies as an authenticated attacker.

Integer Overflow RCE Denial Of Service Red Hat Buffer Overflow +8
NVD VulDB
CVSS 3.1
7.6
EPSS
0.1%
CVE-2026-11986 MEDIUM This Month

Broken access control in the admin-ui-ext component of Red Hat Build of Keycloak permits an authenticated delegated administrator to exploit missing granular permission checks on bulk role-removal endpoints, stripping highly privileged roles from arbitrary users or groups within the Keycloak realm. Affected deployments are those using Keycloak's delegated administration model with the admin-ui-ext extension active; exploitation is bounded by the PR:H CVSS requirement, meaning an attacker must already hold delegated admin credentials. No public exploit has been identified and the vulnerability is not listed in CISA KEV, placing real-world risk in the moderate range with highest relevance to environments with partially trusted delegated administrators.

Information Disclosure Red Hat Build Of Keycloak Red Hat Jboss Enterprise Application Platform Expansion Pack Red Hat
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-48998 PHP MEDIUM PATCH GHSA This Month

Host confusion in guzzlehttp/psr7 (all versions prior to 2.10.2) allows unauthenticated network attackers to supply a malformed Host header - such as `trusted.example@evil.example` - causing the library's URI construction logic to reinterpret the value as URI userinfo and a different host, silently replacing the parsed URI host with the attacker-controlled domain. Applications that rely on the resulting PSR-7 URI host for routing, allow-list enforcement, or forwarding decisions are at risk of sending requests and credentials to unintended destinations. No public exploit has been identified at time of analysis and no CISA KEV listing exists, but the conditional impact on forwarding gateways and API proxies built on psr7's server-request parsing functions is concrete.

Information Disclosure Psr7 Red Hat
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-11850 MEDIUM PATCH This Month

Heap out-of-bounds read in MIT krb5's LDAP KDB plugin allows a compromised or malicious LDAP backend to crash the KDC or kadmind process, or leak heap memory. The flaw exists in berval2tl_data() within libkdb_ldap and is triggered when the LDAP server returns a krbExtraData attribute with bv_len less than 2, causing an unsigned integer underflow that drives a memcpy of up to 65,534 bytes from a near-zero-length source buffer. Exploitation requires prior control of the LDAP KDB backend server (PR:H, AC:H), constraining real-world risk to insider or supply-chain threat scenarios; no public exploit or CISA KEV listing exists at time of analysis.

Integer Overflow Buffer Overflow Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 +6
NVD VulDB
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-52726 PyPI HIGH POC PATCH GHSA This Week

Arbitrary code execution in Dulwich (pure-Python Git implementation) versions 0.23.2 through 1.2.4 allows a malicious upstream repository to drop executable files into a victim's .git/hooks/ directory during a recursive clone or submodule update. When the victim subsequently runs any git or dulwich command that invokes the planted hook, the attacker's code executes with the victim's privileges. No public exploit identified at time of analysis, though the technique mirrors the well-documented upstream Git flaws CVE-2024-32002 and CVE-2024-32004.

Path Traversal Python RCE Suse Red Hat
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-53465 NuGet MEDIUM PATCH GHSA This Month

Heap-based buffer over-write in ImageMagick's SF3 encoder prior to version 7.1.2-25 allows an attacker who can supply a crafted multi-frame image to corrupt heap memory, yielding high availability impact and potential integrity exposure. All ImageMagick installations before 7.1.2-25 are affected regardless of platform. No public exploit has been identified at time of analysis and the vulnerability is absent from CISA KEV; however, CWE-122 write primitives carry inherent escalation risk beyond the scored DoS impact depending on heap layout at time of trigger.

Heap Overflow Buffer Overflow Imagemagick Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-53464 NuGet MEDIUM PATCH GHSA This Month

Memory leak in ImageMagick's wand option parser degrades availability when invalid options are supplied, affecting all versions prior to 7.1.2-25. The leak is described as small, meaning impact is limited to gradual memory exhaustion rather than immediate resource collapse. No active exploitation has been identified (not in CISA KEV), no public exploit code is known, and an EPSS score was not provided - consistent with a low-severity, locally-triggered defect. The 'Information Disclosure' tag in the source data is inconsistent with the CVSS C:N metric and the description; this discrepancy should be treated as a possible tagging error unless the vendor advisory clarifies memory-content exposure.

Information Disclosure Imagemagick Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
4.0
EPSS
0.0%
CVE-2026-53463 NuGet MEDIUM PATCH GHSA This Month

Null pointer dereference in ImageMagick's distort operation crashes the processing process when an attacker supplies malformed distort arguments via a crafted image. Affected are all ImageMagick 6.x versions prior to 6.9.13-50 and all 7.x versions prior to 7.1.2-25. An unauthenticated remote attacker who can cause a target application to process a specially crafted image can trigger a DoS; no public exploit has been identified at time of analysis and this vulnerability is not listed in the CISA KEV catalog.

Denial Of Service Null Pointer Dereference Imagemagick Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-53462 NuGet MEDIUM POC PATCH GHSA This Month

Heap-use-after-free in ImageMagick's CheckPrimitiveExtent function allows remote attackers to crash the image processing service by supplying crafted input that triggers a memory allocation failure, resulting in a denial-of-service condition. Affected are all releases of the 6.x branch prior to 6.9.13-50 and all 7.x releases prior to 7.1.2-25. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog; however, the network-accessible attack vector is relevant wherever ImageMagick processes untrusted images (e.g., web upload pipelines, CI/CD asset processors).

Use After Free Memory Corruption Denial Of Service Imagemagick Red Hat +1
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-10142 PyPI HIGH PATCH This Week

Denial of service in the kafka-python client library (versions prior to 2.3.2) allows a malicious Kafka broker or man-in-the-middle attacker to exhaust client memory or wedge connections by sending a crafted 4-byte frame length header. The protocol parser's receive_bytes() function performs no bounds check on the declared frame size, leading to multi-gigabyte allocations or uncaught ValueError exceptions that stop consumer heartbeats. No public exploit identified at time of analysis; reported by VulnCheck with an upstream patch already merged.

Python Information Disclosure Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-48096 Go MEDIUM PATCH GHSA This Month

Cache key collision in OpenFGA's iterator caching mechanism allows two distinct authorization check requests to resolve to the same cache key, causing the engine to return a stale, incorrect authorization result to a subsequent requester. All OpenFGA deployments prior to version 1.16.0 with iterator caching enabled are affected, specifically when using the experimental weighted_graph_check union resolution path. An authenticated attacker who can trigger authorization checks under conditions that produce a colliding cache key may receive an incorrect allow or deny decision, undermining the integrity and confidentiality of access control enforced by the engine. No public exploit identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.

Information Disclosure Openfga Red Hat
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-48860 HIGH PATCH This Week

Authentication bypass in Erlang/OTP's TLS distribution module (inet_tls_dist) lets any attacker holding a TLS certificate signed by a CA in the node's trust store gain full Erlang distribution access, including remote code execution via rpc:call/4 and code:load_binary/3. The flaw stems from check_ip/1 inspecting the local socket address (inet:sockname/1) instead of the peer's address (inet:peername/1), so the LAN-allowlist subnet comparison always matches. No public exploit identified at time of analysis, but the one-line root cause is fully disclosed in the upstream fix commit.

Authentication Bypass Otp Suse Red Hat
NVD GitHub VulDB
CVSS 4.0
7.5
EPSS
0.0%
CVE-2026-48858 MEDIUM PATCH This Month

SSRF and FTP bounce attacks are enabled in Erlang/OTP's ftp_internal module because the PASV handler blindly trusts the IP address returned in a server's 227 response, connecting the data channel to an attacker-controlled internal target without validating it against the control connection's actual peer address. All Erlang applications using the ftp client in its default passive IPv4 mode (ipfamily=inet, ftp_extension=false) across OTP 17.4 through pre-29.0.2 are affected, spanning both the legacy inets-bundled module and the standalone ftp application. No active exploitation has been confirmed (not in CISA KEV), but a functional proof-of-concept demonstrating the redirect attack is publicly embedded in the upstream fix commit, significantly lowering the exploitation barrier.

SSRF Otp Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-53470 CRITICAL Act Now

{id}/image-url` endpoint to obtain presigned S3 download URLs for OVA images belonging to other users/organizations. The leaked OVA contains long-lived agent JWTs and source configuration, enabling cross-tenant takeover of victim sources. No public exploit identified at time of analysis, but the upstream fix in PR #1218 confirms the access-control gap.

Authentication Bypass Red Hat
NVD GitHub
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-53471 CRITICAL Act Now

Cross-tenant data tampering in kubev2v migration-planner allows an authenticated agent token holder to overwrite inventory and status data belonging to other tenants. The agent-API middleware accepts any valid JWT without verifying the token's source_id claim matches the source ID in the UpdateSourceInventory and UpdateAgentStatus request paths, enabling complete tenant isolation collapse. No public exploit identified at time of analysis, but the upstream fix in PR #1213 (kubev2v/migration-planner) confirms the issue is real and trivially exploitable given a low-privileged agent token.

Authentication Bypass Red Hat
NVD GitHub
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-53473 MEDIUM This Month

Stored cross-site scripting in Red Hat's migration-planner-ui-app (kubev2v project) allows an authenticated attacker who can register a discovery agent to inject a javascript: URI into the agent's credentialUrl field, which executes in another organizational user's browser when they click the resulting link in the UI. No public exploit identified at time of analysis, but the upstream fix (PR #750) and Red Hat Bugzilla entry confirm the issue is real and patched via a safeExternalUrl protocol allowlist. Successful exploitation hijacks the victim's Red Hat SSO session and enables cross-tenant data access and API actions.

XSS Red Hat Migration Planner Ui
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.0%
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Resource-accounting bypass in OpenStack Nova (compute service) lets an authenticated tenant create an instance whose scheduler hint data is not properly stripped, resulting in a running VM that has no corresponding Placement allocation. Because the instance consumes real host CPU/RAM/disk that the Placement service never accounted for, an attacker with ordinary project credentials can quietly over-subscribe a compute host and degrade availability for co-located tenants. SSVC lists exploitation as proof-of-concept (no public exploit identified as weaponized) with partial technical impact; EPSS is low at 0.26% (17th percentile).

Information Disclosure Nova Red Hat
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Processing crafted PDF outlines in pypdf versions prior to 6.13.0 triggers an infinite loop during writer merge operations, causing a denial of service. Applications that accept user-supplied PDFs and merge them using PdfWriter are affected - specifically any code path that calls merge() on a PDF whose /Outlines or /Parent hierarchy contains circular references. No public exploit has been identified at time of analysis and this is not listed in CISA KEV; a vendor-released patch is available as pypdf 6.13.0.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Infinite loop denial-of-service in pypdf allows an attacker to hang any Python application that processes a crafted PDF using layout-mode text extraction. The vulnerability arises because the `/Parent` hierarchy traversal in `_layout_mode_fonts()` lacked cycle detection, so a circular reference structure in a malicious PDF causes the parser to loop indefinitely. No active exploitation is confirmed (not in CISA KEV) and no public exploit code has been identified, but the attack surface is broad: any service accepting user-supplied PDFs and passing them to pypdf's layout-mode extraction is potentially affected.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Uncontrolled resource consumption in pypdf versions before 6.12.2 allows any attacker who can cause an application to call `extract_text()` on a crafted PDF to trigger unbounded memory growth, resulting in denial of service. The vulnerability arises specifically during form XObject traversal: a PDF containing a self-referencing XObject resource dictionary causes the extraction code to recurse infinitely without cycle detection. No public exploit code has been identified at time of analysis, and this vulnerability does not appear in the CISA KEV catalog.

Denial Of Service Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Denial-of-service in the pypdf Python library allows an attacker to cause excessive CPU consumption by supplying a crafted PDF containing a FlateDecode stream with a PNG predictor filter. Any application using pypdf to parse untrusted PDFs is affected on versions prior to 6.12.2. No public exploit is identified at time of analysis, but the attack surface is broad given pypdf's use in document processing pipelines; no special authentication is required to exploit applications that accept user-supplied PDFs.

Information Disclosure Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Incorrect boundary conditions in the Internationalization component. This vulnerability was fixed in Firefox ESR 140.12 and Firefox ESR 115.37.

Mozilla Buffer Overflow Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Buffer Overflow Mozilla RCE +2
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Uncontrolled resource consumption in Mozilla Firefox's Graphics: ImageLib component allows remote attackers to crash or hang the browser by serving specially crafted image content to an unsuspecting user. All Firefox release-channel versions prior to 152 and both ESR tracks (prior to 140.12 and 115.37) are affected, exposing a broad install base across consumer and enterprise environments. No public exploit has been identified, SSVC rates exploitation as none with a non-automatable attack path, and KEV listing is absent - signals that collectively place this vulnerability at lower real-world priority despite a CVSS 6.5 score.

Mozilla Denial Of Service Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Memory safety flaw in the CanvasWebGL graphics component of Mozilla Firefox allows remote attackers to trigger incorrect boundary handling through crafted web content, leading to limited confidentiality, integrity, and availability impact. The issue affects Firefox prior to version 152 and Firefox ESR prior to 140.12, and no public exploit identified at time of analysis. Reported by Mozilla with low complexity and no authentication required (CVSS 7.3).

Mozilla Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Spoofing via CWE-1021 (UI layer restriction failure) in Mozilla Firefox's DOM Core & HTML component allows remote unauthenticated attackers to render deceptive UI content in a victim's browser when they interact with a malicious web page. All Firefox versions prior to 152 are affected. No public exploit has been identified at time of analysis, and CISA SSVC assessment classifies exploitation status as none with partial technical impact, placing real-world urgency below the moderate CVSS score suggests.

Mozilla XSS Suse +1
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Clickjacking issue in the Widget: Gtk component. This vulnerability was fixed in Firefox 152.

Mozilla XSS Suse +1
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 152.

Mozilla Information Disclosure Suse +1
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Information disclosure in the Password Manager component. This vulnerability was fixed in Firefox 152.

Mozilla Information Disclosure Suse +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Denial-of-service in Mozilla Firefox's Audio/Video Playback component allows a remote attacker to crash or render the browser unresponsive by delivering crafted media content to a victim. All Firefox releases prior to version 152 are affected per CPE coverage. No public exploit has been identified at time of analysis, and SSVC rates exploitation as none with partial technical impact, placing this in the moderate-priority tier rather than an emergency response category.

Mozilla Denial Of Service Suse +1
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Memory corruption in the NSS (Network Security Services) Libraries component shipped with Mozilla Firefox allows remote attackers to trigger out-of-bounds memory access via incorrect boundary condition handling, with low impact across confidentiality, integrity, and availability. Mozilla addressed the issue in Firefox 152, with associated advisories MFSA2026-57 and MFSA2026-60. There is no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

Mozilla Buffer Overflow Suse +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Memory corruption in Mozilla Firefox versions prior to 152 allows remote unauthenticated attackers to crash the browser by serving crafted web content, resulting in denial of service. The CVSS 3.1 base score of 7.5 reflects high availability impact without confidentiality or integrity loss, and no public exploit identified at time of analysis. Mozilla disclosed the issue via advisories MFSA2026-57 and MFSA2026-60 with a fix shipped in Firefox 152.

Mozilla Buffer Overflow Suse +1
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Security mitigation bypass in the DOM: Security component of Mozilla Firefox prior to version 152 allows remote attackers to compromise confidentiality and integrity of browser-rendered content without user interaction. The flaw carries a critical CVSS 3.1 score of 9.1 (AV:N/AC:L/PR:N/UI:N) and is tagged as an Authentication Bypass class issue, though no public exploit identified at time of analysis. The vulnerability has been patched by Mozilla in Firefox 152 per MFSA2026-57/MFSA2026-60.

Authentication Bypass Mozilla Suse +1
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Security mitigation bypass in the DOM: Security component of Mozilla Firefox allows remote attackers to circumvent browser security controls, with high impact to confidentiality and integrity. The flaw affects Firefox versions prior to 152 and Firefox ESR prior to 140.12, with no public exploit identified at time of analysis. Given the CVSS 9.1 rating and network-reachable attack vector, any user browsing a malicious page is potentially exposed.

Authentication Bypass Mozilla Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Memory corruption in Mozilla Firefox prior to version 152 and Firefox ESR prior to 140.12 allows remote attackers to compromise browser memory integrity through crafted web content, with confidentiality impact rated High per the CVSS vector. The flaw stems from a buffer-handling defect (CWE-119) reported by Mozilla itself and addressed across multiple security advisories (MFSA2026-57, -58, -60, -61). No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Mozilla Buffer Overflow Red Hat +1
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Sandbox escape with information disclosure in Mozilla Firefox's Process Sandboxing component allows a remote attacker to break out of the browser sandbox and read sensitive data from the host environment when a user visits attacker-controlled content. Affected versions span all Firefox releases prior to 152 and all Firefox ESR releases prior to 140.12, patched by Mozilla in mfsa2026-57 and mfsa2026-58. No public exploit identified at time of analysis and SSVC signals no current exploitation activity, keeping real-world urgency at moderate priority despite the scope-changing nature of the flaw.

Privilege Escalation Mozilla Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Mozilla Buffer Overflow Red Hat +1
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Mozilla Information Disclosure Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Mozilla Buffer Overflow Red Hat +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Mozilla Buffer Overflow Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Mozilla Buffer Overflow Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Mozilla Buffer Overflow Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Mozilla Buffer Overflow Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in Mozilla Firefox prior to version 152 and Firefox ESR prior to 140.12 stems from a memory safety bug (CWE-119) that remote attackers can trigger via crafted web content. The CVSS 7.5 score reflects high availability impact with no confidentiality or integrity loss, consistent with a browser crash rather than reliable code execution. No public exploit identified at time of analysis, and Mozilla has shipped fixes across multiple advisories (MFSA2026-57, -58, -60, -61).

Mozilla Buffer Overflow Red Hat +1
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Same-origin policy bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.

Authentication Bypass Mozilla Red Hat +1
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Out-of-bounds read in Firefox's WebGPU graphics component exposes browser memory contents to remote attackers who can lure a user to a malicious webpage. All Firefox versions prior to 152 are affected, with the vulnerability stemming from incorrect boundary conditions during GPU-accelerated rendering operations. No public exploit or active exploitation has been identified at time of analysis; exploitation requires user interaction, limiting opportunistic mass exploitation despite the zero-authentication requirement on the attacker side.

Mozilla Information Disclosure Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37.

Authentication Bypass Mozilla Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152.

Mozilla Buffer Overflow Suse +1
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152.

Mozilla Buffer Overflow Suse +1
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Socket versions before 2.041 for Perl have an out-of-bounds heap read. In Socket.xs, pack_ip_mreq_source() checks the length of its source argument before the argument is read, so the check tests the byte length carried over from the preceding multiaddr argument instead. Both addresses occupy a 4-byte field, so a valid multiaddr lets a source of any length pass the check, and the source is then copied into the 4-byte imr_sourceaddr field with a fixed-size copy. A source shorter than 4 bytes is not rejected, and the copy reads up to 3 bytes past the end of its buffer. Calling pack_ip_mreq_source() with a source value shorter than 4 bytes copies adjacent heap memory into the returned packed structure.

Information Disclosure Buffer Overflow Socket +2
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Starlette's HTTPEndpoint dispatcher allows remote unauthenticated attackers to invoke arbitrary internal Python instance methods as HTTP handlers by sending non-standard HTTP method names that resolve to endpoint attributes via getattr, effectively circumventing authorization logic guarding intended public handlers. Applications built on Starlette - including FastAPI - are affected when HTTPEndpoint subclasses are registered via Route(...) without an explicit methods= argument and those subclasses expose internal methods whose lowercased names match non-standard HTTP token shapes. No public exploit or active exploitation has been identified at time of analysis; a vendor-released patch is available in starlette 1.1.0.

Information Disclosure Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

Denial-of-service in aiohttp (all versions up to and including 3.14.0) allows remote attackers to exhaust server memory by sending large, incomplete WebSocket frame payloads that bypass the library's configured memory size limits. Any Python web application exposing WebSocket endpoints via aiohttp is affected - no authentication is implied as a prerequisite at the protocol layer. No public exploit code has been identified at time of analysis, but the attack primitive is straightforward and the fix is available in 3.14.1.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

Unbounded HTTP/1 pipelined request queuing in aiohttp server allows a remote, unauthenticated attacker to exhaust process memory and cause denial of service by sending pipelined requests faster than the server can handle them. All aiohttp server deployments at version 3.14.0 and earlier are affected; the client library is not impacted. No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog, though the attack requires no special tooling beyond a standard HTTP/1.1 client capable of pipelining.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

Unread compressed request bodies in aiohttp bypass the client_max_size limit during the cleanup phase, allowing a single-chunk decompression of an arbitrarily large payload into server memory. All versions up to and including 3.14.0 are affected. An attacker who can send HTTP requests with compressed bodies can trigger a zip bomb condition during cleanup, exhausting server memory and causing denial of service. No public exploit has been identified at time of analysis.

Information Disclosure Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Out-of-bounds read vulnerabilities in GStreamer's pcapparse element expose Red Hat Enterprise Linux 6 through 10 users to potential application crashes or limited memory disclosure when processing malformed PCAP files. The flaws reside in IPv4/TCP header parsing logic, where specially crafted PCAP records trigger reads beyond buffer boundaries across multiple code paths. Real-world exposure is materially constrained by pcapparse's restriction to debugging pipelines, the requirement for local user interaction, and high attack complexity; no public exploit or active exploitation has been identified at time of analysis.

Information Disclosure Buffer Overflow Red Hat Enterprise Linux 10 +6
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Heap buffer overflow in LibreOffice Calc's tracked-changes importer allows an attacker who delivers a maliciously crafted spreadsheet to corrupt heap memory, causing high-impact availability loss and potentially enabling arbitrary code execution at the victim's privilege level. The vulnerability is triggered when a document reuses the same change identifier for two structurally different change types, causing the importer to misidentify object size and write past the allocation boundary. A proof-of-concept exists (CVSS 4.0 E:P modifier); no confirmed active exploitation (CISA KEV) has been recorded at time of analysis.

Memory Corruption Buffer Overflow Libreoffice +2
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Stack buffer overflow in LibreOffice's legacy binary PPT importer allows a crafted presentation file to corrupt stack memory, causing application crash or potential arbitrary code execution under the victim's user context. The flaw affects all LibreOffice versions when importing PPT files containing a colour-replacement record whose combined colour counts across two parsing passes exceed the fixed-size stack-allocated colour tables. No public exploit has been confirmed actively exploited (not in CISA KEV), though the CVSS 4.0 supplemental E:P metric indicates proof-of-concept code exists, elevating this above a purely theoretical risk.

Memory Corruption Buffer Overflow Libreoffice +2
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Heap buffer overflow in LibreOffice's OOXML (DOCX) import component allows a specially crafted document to corrupt memory when processing text box elements, with high availability impact and limited confidentiality and integrity exposure. The flaw stems from a type confusion during deferred parser event replay: a handler object assumed to be a larger type is written to at that type's field layout, but the actual object may be smaller, causing the write to land past the end of the heap allocation. A proof-of-concept exploit exists (CVSS 4.0 E:P); no confirmed active exploitation is recorded in CISA KEV at time of analysis.

Memory Corruption Buffer Overflow Libreoffice +2
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Heap buffer overflow in LibreOffice's EMF+ graphics importer enables memory corruption when a user opens a specially crafted document containing a malicious gradient brush. The root cause is an integer overflow in the multiplication used to compute a heap allocation size from an attacker-controlled gradient blend point count - resulting in an undersized buffer that is subsequently written as if it were full-sized. A proof of concept exists (CVSS 4.0 E:P supplemental metric), no confirmed active exploitation is recorded, and impact spans process crash to potential arbitrary code execution within the LibreOffice session.

Memory Corruption Buffer Overflow Libreoffice +2
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Heap buffer overflow in LibreOffice's DXF import engine allows a crafted CAD file to corrupt process memory when a polyline with more than 65,535 points is parsed. The root cause is an integer truncation defect: the point count read from the DXF file is narrowed to a 16-bit value when sizing the heap allocation, but the original, un-truncated count drives the subsequent write loop - any polyline exceeding 65,535 points overflows the undersized buffer. A proof-of-concept exists (CVSS 4.0 E:P), exploitation requires passive user interaction (opening a malicious DXF file), and no active exploitation has been confirmed in CISA KEV at time of analysis.

Memory Corruption Buffer Overflow Libreoffice +2
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Private-key recovery is possible in Crypt::DSA for Perl (all versions before 1.21) because the module caches the per-signature DSA nonce (k) inside the Key object and never clears it, causing every call to sign() after the first to reuse the identical nonce and produce signatures with matching r values. Any attacker who can observe two or more DSA signatures produced by the same Key object can apply well-known algebraic techniques to recover the private key entirely, after which they can forge arbitrary signatures. No public exploit code has been identified at time of analysis and CISA KEV listing is absent, but the cryptographic impact is catastrophic: all keys used to sign more than once under an affected version must be treated as fully compromised.

Information Disclosure Red Hat
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Insufficient OAuth token invalidation in Ansible Lightspeed (part of Red Hat Ansible Automation Platform 2.x) allows a remote attacker who has exfiltrated a valid access token to maintain persistent authenticated sessions even after the legitimate user has logged out. The backend fails to revoke the token server-side on logout, leaving it exploitable until natural expiration. Successful exploitation enables unauthorized read access to sensitive Ansible resources - including inventories, playbooks, and configuration data - with no public exploit or CISA KEV listing identified at time of analysis.

Information Disclosure Red Hat Ansible Automation Platform 2 7 Red Hat Ansible Automation Platform 2 +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Prototype pollution in jsonata-js (all versions up to 2.2.0) allows remote unauthenticated attackers to inject arbitrary properties into JavaScript's Object.prototype via the createFrame function in src/jsonata.js. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) with exploitation status E:P confirms this is network-exploitable with zero prerequisites, and a public proof-of-concept has been published on GitHub demonstrating a hasOwnProperty guard bypass. No patch exists - the vendor failed to respond to coordinated disclosure - leaving all users of jsonata ≤ 2.2.0 indefinitely exposed.

Prototype Pollution Information Disclosure Jsonata +1
NVD VulDB GitHub
EPSS 0% CVSS 6.3
MEDIUM This Month

NULL pointer dereference in dhcpcd 10.3.0 allows an unauthenticated attacker on the same network segment to crash the DHCP client daemon by sending a crafted packet with unexpected or invalid option tokens. The fault occurs in parse_option() at src/if-options.c:1886, where a NULL return from option lookup is immediately dereferenced as a 'struct dhcp_opt' member without a null check, causing a runtime abort. No public exploit or CISA KEV listing exists, and EPSS sits at the 4th percentile, indicating low but real crash-level risk for any host running this specific dhcpcd version on a shared or adversarially accessible network segment.

Denial Of Service Null Pointer Dereference N A +2
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM This Month

Timing side-channel in Linux-PAM's pam_userdb module through version 1.7.2 allows plaintext password recovery by any attacker capable of repeatedly submitting authentication attempts to a service backed by the vulnerable configuration. The module's use of length-prefixed strncmp() (or strncasecmp() with PAM_ICASE_ARG) on plaintext credentials leaks both password length and individual prefix bytes via measurable response-time differences, enabling iterative character-by-character reconstruction of the stored password. Proof-of-concept exploit methodology exists per CVSS 4.0 supplemental metadata (E:P); while no CISA KEV listing was found, the high confidentiality impact (VC:H) and credential-disclosure nature make this a meaningful risk for any deployment relying on pam_userdb in plaintext mode.

Information Disclosure Linux Pam Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Unredacted iSCSI credential disclosure in OpenStack Ironic through 35.0.1 occurs specifically when an authenticated operator issues a PATCH request to update authorized fields in a node's volume properties - the API response returns sensitive data such as iSCSI CHAP usernames and secrets in plaintext. The scope change reflected in the CVSS (S:C) is meaningful: leaked storage credentials extend the blast radius beyond Ironic itself to the underlying iSCSI storage infrastructure. Notably, the same volume properties endpoint does not exhibit this behavior on POST requests, isolating the flaw to the PATCH response serialization path. No public exploit code has been identified and the vulnerability is not listed in CISA KEV.

Information Disclosure Ironic Red Hat +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Cross-tenant authorization bypass in ChromaDB's SimpleRBACAuthorizationProvider (versions 0.5.0 and later) allows authenticated users to perform actions against tenants, databases, and collections they do not own. The provider verifies that a user holds a given permission but never validates the scope of that permission against the target resource, enabling lateral movement across multi-tenant deployments. No public exploit identified at time of analysis, but the flaw was disclosed by HiddenLayer and affects any Chroma deployment relying on the built-in RBAC provider for tenant isolation.

Python Authentication Bypass Chromadb +1
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM POC PATCH This Month

Netty's HTTP/2 codec mishandles the SETTINGS_MAX_HEADER_LIST_SIZE client setting, enabling a denial-of-service attack functionally equivalent to HTTP/2 Rapid Reset (CVE-2023-44487) but with a distinct on-wire signature. Affected Netty versions prior to 4.1.135.Final and 4.2.15.Final fully process and proxy incoming requests to the origin before encountering an exception during response header serialization, consuming server resources without completing responses. No public exploit has been identified at time of analysis, and EPSS stands at 0.02% (5th percentile), though the attack technique parallels a well-documented catastrophic DDoS class.

Denial Of Service Netty Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

HTTP request smuggling in Netty's HttpObjectDecoder (netty-codec-http) allows unauthenticated remote attackers to manipulate request-boundary parsing in pipelined or multiplexed deployments by injecting non-CRLF ISO control characters (NUL, SOH, STX, etc.) before the HTTP request-line. Affected are all Netty releases prior to 4.1.135.Final and 4.2.15.Final; both branches have vendor-confirmed patches. No public exploit code has been identified and EPSS is 0.04% (12th percentile), indicating low current exploitation likelihood, though the attack surface expands significantly in architectures fronted by proxies or load balancers that strip or interpret those control bytes differently than Netty does.

Request Smuggling Information Disclosure Netty +2
NVD GitHub VulDB
MEDIUM POC This Month

Squid proxy server is affected by CVE-2026-47729, disclosed alongside CVE-2026-50012 in a single oss-security post dated 2026-06-12 by Amos Jeffries. This is a pre-NVD disclosure, meaning technical details, affected versions, CVSS scores, and patch information have not yet been published to the NVD. No exploit code has been identified at time of analysis, and CISA KEV status is not confirmed.

Information Disclosure Suse Red Hat
NVD VulDB GitHub
HIGH This Week

Squid caching proxy is affected by CVE-2026-50012, disclosed via the oss-security mailing list on 2026-06-12 as a pre-NVD advisory. No technical details - description, affected versions, vulnerability class, or impact - have been made available in the current intelligence snapshot. The advisory was bundled with a sibling disclosure (CVE-2026-47729) from the same Squid maintainer post, suggesting a coordinated release, but no further differentiation between the two CVEs is derivable from available data. No exploitation, no KEV listing, and no EPSS score are present at time of analysis.

Information Disclosure Suse Red Hat
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Views in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Microsoft Use After Free Memory Corruption +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Insufficient validation of untrusted input in Linux Toolkit Theming in Google Chrome on Linux prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)

Google Information Disclosure Suse +1
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Out of bounds read in VideoCapture in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the GPU process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Google Information Disclosure Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on Windows prior to 149.0.7827.115 allows a remote attacker who has already compromised the renderer process to break out of the Chromium sandbox via a crafted HTML page abusing the Views UI framework. Chromium rates the severity High, and no public exploit is identified at time of analysis, but sandbox-escape primitives are routinely chained with renderer RCE bugs into full browser compromise on Windows endpoints.

Microsoft Google Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on Android prior to 149.0.7827.115 allows a remote attacker who has already compromised the renderer process to break out of the sandbox through a heap-based out-of-bounds write in the GPU process triggered by a crafted HTML page. Chromium rates the severity High and a vendor patch is available, but no public exploit has been identified at time of analysis. The CVSS 8.3 score reflects the chained nature of the attack (compromised renderer required) combined with full impact across confidentiality, integrity, and availability.

Heap Overflow Google Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in Video in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Microsoft Use After Free Memory Corruption +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in GPU in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Google Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome prior to 149.0.7827.115 allows a remote attacker who has already compromised the renderer process to break out of the Headless component sandbox via a crafted HTML page. The flaw is rated High severity by Chromium and carries CVSS 9.6 due to scope change and user interaction, though EPSS remains very low (0.03%) and there is no public exploit identified at time of analysis. A vendor patch is available in the stable channel update published June 2026.

Privilege Escalation Google Red Hat
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

Google Information Disclosure Suse +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Same-origin policy bypass in Google Chrome's DevTools component exposes all Chrome versions prior to 149.0.7827.115 to cross-origin integrity violations when a victim visits a crafted HTML page. The root cause (CWE-346) is insufficient origin validation within DevTools policy enforcement, allowing a remote unauthenticated attacker to circumvent the browser's fundamental isolation boundary and tamper with cross-origin content. No public exploit identified at time of analysis; EPSS of 0.02% (4th percentile) and absence of a CISA KEV listing indicate currently low real-world exploitation pressure despite the High Chromium severity rating.

Authentication Bypass Google Red Hat
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on macOS prior to 149.0.7827.115 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a race condition in Safe Browsing handling of a malicious file. Chromium rates the issue High severity and a vendor patch is available, though no public exploit has been identified at time of analysis.

Race Condition Google Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Autofill in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Google Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on Linux and ChromeOS prior to 149.0.7827.115 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a heap buffer overflow in the Codecs component triggered by a crafted HTML page. Google rates the underlying issue as High severity and a vendor patch is available, but no public exploit is identified at time of analysis and the bug is not listed in CISA KEV. Exploitation is conditional on chaining with a prior renderer compromise, which raises real-world complexity.

Google Memory Corruption Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in WebMIDI in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Microsoft Use After Free Memory Corruption +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on macOS prior to 149.0.7827.115 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page that exercises the Accessibility subsystem. Chromium rates the issue Critical severity; no public exploit identified at time of analysis, and the flaw is not on the CISA KEV list. The bug is reachable only after a prior renderer compromise and requires user interaction, which limits drive-by exploitation but makes it a key second-stage primitive in a full browser chain.

Google Information Disclosure Suse +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome on Windows prior to 149.0.7827.115 allows remote attackers to trigger a use-after-free condition in the Core component via a crafted HTML page, leading to arbitrary code execution within the renderer process. Chromium rates the severity as Critical, and no public exploit has been identified at time of analysis, but the bug class (UAF in Core) is historically a frequent target for in-the-wild exploitation against Chrome. The vulnerability requires the victim to visit attacker-controlled content (UI:R).

Microsoft Use After Free Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Out-of-bounds read in Vim's built-in terminal emulator (`:terminal` feature) prior to version 9.2.0565 allows a program running inside a `:terminal` window to crash Vim by outputting crafted Unicode combining characters that exhaust all six libvterm cell slots, causing the unguarded loop in `update_snapshot()` to walk past the fixed-size array and append out-of-bounds memory into the scrollback buffer. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog and no public exploit code has been identified, placing this in the lower-urgency tier despite the CVSS 4.0 score of 6.9. Real-world exploitation is constrained by the requirement that a victim be actively using Vim's `:terminal` feature to render attacker-influenced program output.

Information Disclosure Buffer Overflow Vim +2
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Stack buffer overflow in GStreamer's H.265/HEVC codec parser (gst-plugins-bad) allows remote unauthenticated attackers to crash GStreamer-based applications by delivering a crafted H.265 video file or stream that a user opens. The root cause is an incorrect loop bound in the buffering period SEI message parser: the parser mistakenly uses cpb_cnt_minus1[i] (the current loop index variable) rather than cpb_cnt_minus1[0] from the referenced Sequence Parameter Set, causing the loop to iterate beyond the bounds of stack-allocated CPB delay arrays and corrupt stack memory. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, though the deterministic parser logic makes crash reproduction straightforward.

Memory Corruption Buffer Overflow Red Hat Enterprise Linux 10 +5
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Out-of-bounds write in GStreamer's H.266/VVC PPS picture partition parser (`gst-plugins-bad`) allows an attacker to crash media-processing applications - and potentially achieve code execution - by delivering a crafted H.266/VVC media file. The flaw in `gst_h266_parser_parse_picture_partition()` (gsth266parser.c) permits unbounded slice index increments across three fixed-size arrays in `GstH266PPS` during multi-slice-in-tile processing. A proof-of-concept demonstrating at least a 4-byte write exists; no public exploit beyond that initial POC or CISA KEV listing has been identified at time of analysis, though the code structure permits larger writes across multiple iterations which elevates downstream risk above a pure DoS assessment.

Memory Corruption Buffer Overflow Red Hat Enterprise Linux 10 +5
NVD VulDB
EPSS 0% CVSS 7.6
HIGH This Week

Heap buffer overflow in 389 Directory Server (389-ds-base) SASL I/O layer allows authenticated remote attackers to crash the LDAP service or achieve remote code execution after a successful SASL bind with integrity protection (SSF > 0). The flaw stems from an integer overflow in sasl_io_start_packet() that bypasses the nsslapd-maxsasliosize ceiling, enabling roughly 2 MB of attacker-controlled heap corruption. No public exploit identified at time of analysis, and the impact is amplified in FreeIPA and Red Hat Identity Management deployments where any enrolled user, host, or service principal qualifies as an authenticated attacker.

Integer Overflow RCE Denial Of Service +10
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM This Month

Broken access control in the admin-ui-ext component of Red Hat Build of Keycloak permits an authenticated delegated administrator to exploit missing granular permission checks on bulk role-removal endpoints, stripping highly privileged roles from arbitrary users or groups within the Keycloak realm. Affected deployments are those using Keycloak's delegated administration model with the admin-ui-ext extension active; exploitation is bounded by the PR:H CVSS requirement, meaning an attacker must already hold delegated admin credentials. No public exploit has been identified and the vulnerability is not listed in CISA KEV, placing real-world risk in the moderate range with highest relevance to environments with partially trusted delegated administrators.

Information Disclosure Red Hat Build Of Keycloak Red Hat Jboss Enterprise Application Platform Expansion Pack +1
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Host confusion in guzzlehttp/psr7 (all versions prior to 2.10.2) allows unauthenticated network attackers to supply a malformed Host header - such as `trusted.example@evil.example` - causing the library's URI construction logic to reinterpret the value as URI userinfo and a different host, silently replacing the parsed URI host with the attacker-controlled domain. Applications that rely on the resulting PSR-7 URI host for routing, allow-list enforcement, or forwarding decisions are at risk of sending requests and credentials to unintended destinations. No public exploit has been identified at time of analysis and no CISA KEV listing exists, but the conditional impact on forwarding gateways and API proxies built on psr7's server-request parsing functions is concrete.

Information Disclosure Psr7 Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

Heap out-of-bounds read in MIT krb5's LDAP KDB plugin allows a compromised or malicious LDAP backend to crash the KDC or kadmind process, or leak heap memory. The flaw exists in berval2tl_data() within libkdb_ldap and is triggered when the LDAP server returns a krbExtraData attribute with bv_len less than 2, causing an unsigned integer underflow that drives a memcpy of up to 65,534 bytes from a near-zero-length source buffer. Exploitation requires prior control of the LDAP KDB backend server (PR:H, AC:H), constraining real-world risk to insider or supply-chain threat scenarios; no public exploit or CISA KEV listing exists at time of analysis.

Integer Overflow Buffer Overflow Red Hat Enterprise Linux 10 +8
NVD VulDB
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Arbitrary code execution in Dulwich (pure-Python Git implementation) versions 0.23.2 through 1.2.4 allows a malicious upstream repository to drop executable files into a victim's .git/hooks/ directory during a recursive clone or submodule update. When the victim subsequently runs any git or dulwich command that invokes the planted hook, the attacker's code executes with the victim's privileges. No public exploit identified at time of analysis, though the technique mirrors the well-documented upstream Git flaws CVE-2024-32002 and CVE-2024-32004.

Path Traversal Python RCE +2
NVD GitHub VulDB
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Heap-based buffer over-write in ImageMagick's SF3 encoder prior to version 7.1.2-25 allows an attacker who can supply a crafted multi-frame image to corrupt heap memory, yielding high availability impact and potential integrity exposure. All ImageMagick installations before 7.1.2-25 are affected regardless of platform. No public exploit has been identified at time of analysis and the vulnerability is absent from CISA KEV; however, CWE-122 write primitives carry inherent escalation risk beyond the scored DoS impact depending on heap layout at time of trigger.

Heap Overflow Buffer Overflow Imagemagick +2
NVD GitHub VulDB
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Memory leak in ImageMagick's wand option parser degrades availability when invalid options are supplied, affecting all versions prior to 7.1.2-25. The leak is described as small, meaning impact is limited to gradual memory exhaustion rather than immediate resource collapse. No active exploitation has been identified (not in CISA KEV), no public exploit code is known, and an EPSS score was not provided - consistent with a low-severity, locally-triggered defect. The 'Information Disclosure' tag in the source data is inconsistent with the CVSS C:N metric and the description; this discrepancy should be treated as a possible tagging error unless the vendor advisory clarifies memory-content exposure.

Information Disclosure Imagemagick Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Null pointer dereference in ImageMagick's distort operation crashes the processing process when an attacker supplies malformed distort arguments via a crafted image. Affected are all ImageMagick 6.x versions prior to 6.9.13-50 and all 7.x versions prior to 7.1.2-25. An unauthenticated remote attacker who can cause a target application to process a specially crafted image can trigger a DoS; no public exploit has been identified at time of analysis and this vulnerability is not listed in the CISA KEV catalog.

Denial Of Service Null Pointer Dereference Imagemagick +2
NVD GitHub VulDB
EPSS 0% CVSS 5.9
MEDIUM POC PATCH This Month

Heap-use-after-free in ImageMagick's CheckPrimitiveExtent function allows remote attackers to crash the image processing service by supplying crafted input that triggers a memory allocation failure, resulting in a denial-of-service condition. Affected are all releases of the 6.x branch prior to 6.9.13-50 and all 7.x releases prior to 7.1.2-25. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog; however, the network-accessible attack vector is relevant wherever ImageMagick processes untrusted images (e.g., web upload pipelines, CI/CD asset processors).

Use After Free Memory Corruption Denial Of Service +3
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Denial of service in the kafka-python client library (versions prior to 2.3.2) allows a malicious Kafka broker or man-in-the-middle attacker to exhaust client memory or wedge connections by sending a crafted 4-byte frame length header. The protocol parser's receive_bytes() function performs no bounds check on the declared frame size, leading to multi-gigabyte allocations or uncaught ValueError exceptions that stop consumer heartbeats. No public exploit identified at time of analysis; reported by VulnCheck with an upstream patch already merged.

Python Information Disclosure Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Cache key collision in OpenFGA's iterator caching mechanism allows two distinct authorization check requests to resolve to the same cache key, causing the engine to return a stale, incorrect authorization result to a subsequent requester. All OpenFGA deployments prior to version 1.16.0 with iterator caching enabled are affected, specifically when using the experimental weighted_graph_check union resolution path. An authenticated attacker who can trigger authorization checks under conditions that produce a colliding cache key may receive an incorrect allow or deny decision, undermining the integrity and confidentiality of access control enforced by the engine. No public exploit identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.

Information Disclosure Openfga Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Authentication bypass in Erlang/OTP's TLS distribution module (inet_tls_dist) lets any attacker holding a TLS certificate signed by a CA in the node's trust store gain full Erlang distribution access, including remote code execution via rpc:call/4 and code:load_binary/3. The flaw stems from check_ip/1 inspecting the local socket address (inet:sockname/1) instead of the peer's address (inet:peername/1), so the LAN-allowlist subnet comparison always matches. No public exploit identified at time of analysis, but the one-line root cause is fully disclosed in the upstream fix commit.

Authentication Bypass Otp Suse +1
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

SSRF and FTP bounce attacks are enabled in Erlang/OTP's ftp_internal module because the PASV handler blindly trusts the IP address returned in a server's 227 response, connecting the data channel to an attacker-controlled internal target without validating it against the control connection's actual peer address. All Erlang applications using the ftp client in its default passive IPv4 mode (ipfamily=inet, ftp_extension=false) across OTP 17.4 through pre-29.0.2 are affected, spanning both the legacy inets-bundled module and the standalone ftp application. No active exploitation has been confirmed (not in CISA KEV), but a functional proof-of-concept demonstrating the redirect attack is publicly embedded in the upstream fix commit, significantly lowering the exploitation barrier.

SSRF Otp Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 9.6
CRITICAL Act Now

{id}/image-url` endpoint to obtain presigned S3 download URLs for OVA images belonging to other users/organizations. The leaked OVA contains long-lived agent JWTs and source configuration, enabling cross-tenant takeover of victim sources. No public exploit identified at time of analysis, but the upstream fix in PR #1218 confirms the access-control gap.

Authentication Bypass Red Hat
NVD GitHub
EPSS 0% CVSS 9.6
CRITICAL Act Now

Cross-tenant data tampering in kubev2v migration-planner allows an authenticated agent token holder to overwrite inventory and status data belonging to other tenants. The agent-API middleware accepts any valid JWT without verifying the token's source_id claim matches the source ID in the UpdateSourceInventory and UpdateAgentStatus request paths, enabling complete tenant isolation collapse. No public exploit identified at time of analysis, but the upstream fix in PR #1213 (kubev2v/migration-planner) confirms the issue is real and trivially exploitable given a low-privileged agent token.

Authentication Bypass Red Hat
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM This Month

Stored cross-site scripting in Red Hat's migration-planner-ui-app (kubev2v project) allows an authenticated attacker who can register a discovery agent to inject a javascript: URI into the agent's credentialUrl field, which executes in another organizational user's browser when they click the resulting link in the UI. No public exploit identified at time of analysis, but the upstream fix (PR #750) and Red Hat Bugzilla entry confirm the issue is real and patched via a safeExternalUrl protocol allowlist. Successful exploitation hijacks the victim's Red Hat SSO session and enables cross-tenant data access and API actions.

XSS Red Hat Migration Planner Ui
NVD GitHub VulDB
Prev Page 3 of 96 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy