Skip to main content

Red Hat

8625 CVEs vendor

Monthly

CVE-2025-69646 MEDIUM PATCH This Month

Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug_rnglists data. [CVSS 5.5 MEDIUM]

Denial Of Service Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-69645 MEDIUM PATCH This Month

Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug information. [CVSS 5.5 MEDIUM]

Denial Of Service Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-69644 MEDIUM PATCH This Month

An issue was discovered in Binutils before 2.46. The objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed debug information. [CVSS 5.0 MEDIUM]

Denial Of Service Binutils Red Hat Suse
NVD
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-23925 MEDIUM PATCH This Month

An authenticated Zabbix user (User role) with template/host write permissions is able to create objects via the configuration.import API. This can lead to confidentiality loss by creating unauthorized hosts.

Authentication Bypass Zabbix Red Hat Suse
NVD VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-29068 HIGH PATCH This Week

PJSIP versions prior to 2.17 are vulnerable to a stack buffer overflow in the RTP payload parsing mechanism when processing more frames than allocated buffers can accommodate, enabling remote denial of service attacks over the network without authentication. An attacker can trigger a crash by sending specially crafted RTP packets containing excessive frame data, causing the application to become unavailable.

Buffer Overflow Pjsip Red Hat
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-28804 PyPI MEDIUM PATCH This Month

pypdf versions prior to 6.7.5 are vulnerable to denial-of-service attacks where specially crafted PDF files with ASCIIHexDecode filtered streams can cause excessive processing time and application hang. An unauthenticated attacker can exploit this by providing a malicious PDF that consumes significant computational resources when processed. A patch is available in version 6.7.5 and later.

Python Pypdf Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-28799 HIGH PATCH This Week

PJSIP versions prior to 2.17 contain a heap use-after-free vulnerability in the event subscription framework that can be triggered through presence unsubscription requests, allowing remote attackers without authentication to cause denial of service. The vulnerability resides in the evsub.c component and is exploitable over the network with no user interaction required. A patch is available in version 2.17 and later.

Use After Free Pjsip Red Hat
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-26998 Go MEDIUM PATCH This Month

Traefik versions prior to 2.11.38 and 3.6.9 fail to limit memory allocation when processing ForwardAuth middleware responses, allowing a malicious or compromised authentication server to trigger unbounded memory consumption. An attacker controlling the auth server can return an arbitrarily large response body that causes the Traefik process to exhaust available memory and crash, resulting in denial of service for all proxied routes. A patch is available in the specified versions.

Denial Of Service Traefik Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-27982 PyPI MEDIUM PATCH This Month

Allauth versions up to 65.14.1 is affected by url redirection to untrusted site (open redirect) (CVSS 6.1).

Django Open Redirect Allauth Red Hat
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-3381 CRITICAL PATCH Act Now

Insecure embedded zlib in Compress::Raw::Zlib through 2.219 for Perl.

Information Disclosure Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-2297 MEDIUM PATCH This Month

The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not use io.open_code() to read the .pyc files. sys.audit handlers for this audit event therefore do not fire.

Information Disclosure Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
5.7
EPSS
0.0%
CVE-2026-27898 Cargo MEDIUM PATCH This Month

Vaultwarden versions up to 1.35.4 is affected by authorization bypass through user-controlled key (CVSS 5.4).

Authentication Bypass Vaultwarden Red Hat
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-27803 Cargo HIGH PATCH This Week

Vaultwarden versions prior to 1.35.4 fail to properly enforce collection management permissions, allowing authenticated users with Manager roles to perform restricted management operations on collections where they lack authorization. An attacker with valid credentials can exploit this privilege escalation to modify or control collections they should not have access to. No patch is currently available for affected deployments.

Privilege Escalation Vaultwarden Red Hat
NVD GitHub
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-27802 Cargo HIGH PATCH This Week

Vaultwarden versions before 1.35.4 contain a privilege escalation vulnerability that allows authenticated Manager-level users to modify permissions on collections they should not have access to. An attacker with Manager role can exploit this during bulk permission updates to gain unauthorized access to sensitive collections. A patch is available in version 1.35.4 and should be applied immediately.

Privilege Escalation Vaultwarden Red Hat
NVD GitHub
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-27801 Cargo MEDIUM POC PATCH This Month

Two-factor authentication bypass in Vaultwarden 1.34.3 and earlier allows authenticated attackers to circumvent 2FA protections on sensitive operations, enabling unauthorized access to API keys and destructive actions against vaults and organizations. Public exploit code exists for this vulnerability, which affects the unofficial Bitwarden-compatible server and currently lacks an available patch. Attackers with legitimate account credentials can escalate privileges to perform administrative actions typically restricted by 2FA controls.

Authentication Bypass Vaultwarden Red Hat
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-3545 CRITICAL PATCH Act Now

Sandbox escape via navigation validation in Chrome before 145.0.7632.159. Patch available.

Google Chrome Red Hat Suse
NVD
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-3544 HIGH PATCH This Week

Google Chrome versions before 145.0.7632.159 contain a heap buffer overflow in the WebCodecs component that enables remote attackers to write data outside allocated memory bounds through malicious HTML pages. An unauthenticated attacker can exploit this vulnerability with minimal user interaction to achieve arbitrary code execution on affected systems. A patch is available in Chrome 145.0.7632.159 and later.

Google Buffer Overflow Chrome Red Hat Suse
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-3543 HIGH PATCH This Week

Out-of-bounds memory access in Google Chrome's V8 engine (versions prior to 145.0.7632.159) enables remote attackers to achieve memory corruption through malicious HTML pages without requiring user privileges beyond standard interaction. The vulnerability affects all Chrome users and could potentially lead to information disclosure, data corruption, or code execution depending on memory layout and exploitation context.

Chrome Google Red Hat Suse
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-3542 HIGH PATCH This Week

Out-of-bounds memory access in Google Chrome's WebAssembly implementation (versions prior to 145.0.7632.159) enables remote attackers to achieve full memory corruption through malicious HTML pages, requiring only user interaction. An attacker can exploit this to read sensitive data, modify memory, or crash the browser with no authentication needed. A patch is available in Chrome 145.0.7632.159 and later.

Google Chrome Red Hat Suse
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-3541 HIGH PATCH This Week

Out-of-bounds memory read in Google Chrome's CSS implementation (versions prior to 145.0.7632.159) allows network attackers to read sensitive memory contents by tricking users into viewing a malicious HTML page. The vulnerability requires user interaction but carries high impact, enabling information disclosure without authentication or special privileges. A patch is available in Chrome 145.0.7632.159 and later.

Google Chrome Red Hat Suse
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-3540 HIGH PATCH This Week

Out-of-bounds memory access in Google Chrome's WebAudio component (versions prior to 145.0.7632.159) enables remote attackers to read, modify, or crash the browser by tricking users into visiting malicious web pages. This network-based vulnerability requires no special privileges and affects all Chrome users who interact with untrusted content. A patch is available in Chrome 145.0.7632.159 and later versions.

Google Chrome Red Hat Suse
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-3539 HIGH PATCH This Week

Heap corruption in Google Chrome's DevTools prior to version 145.0.7632.159 can be triggered through a malicious extension, requiring user installation and interaction. An attacker exploiting this object lifecycle vulnerability could achieve arbitrary code execution with full system privileges. A patch is available in Chrome 145.0.7632.159 and later versions.

Google Chrome Red Hat Suse
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-3538 HIGH PATCH This Week

Google Chrome's Skia rendering engine contains an integer overflow flaw that enables remote attackers to access out-of-bounds memory when processing malicious HTML pages. Affected users running Chrome versions prior to 145.0.7632.159 could face memory corruption leading to information disclosure, data modification, or denial of service. A security patch is available to remediate this critical vulnerability.

Integer Overflow Chrome Google Red Hat Suse
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-3536 HIGH PATCH This Week

Google Chrome's ANGLE graphics library before version 145.0.7632.159 contains an integer overflow vulnerability that enables remote attackers to access out-of-bounds memory through malicious HTML pages. An unauthenticated attacker can exploit this flaw by tricking users into visiting a crafted webpage, potentially compromising confidentiality, integrity, and availability. A patch is available in Chrome 145.0.7632.159 and later versions.

Integer Overflow Chrome Google Red Hat Suse
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-23237 MEDIUM PATCH This Month

The Linux kernel's Classmate laptop driver lacks NULL pointer checks in sysfs attribute handlers, allowing local users to trigger a denial of service by accessing device attributes before driver initialization completes. A premature sysfs access can cause the driver to dereference a NULL pointer when retrieving uninitialized device data, crashing the affected system.

Linux Null Pointer Dereference Denial Of Service Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23235 HIGH PATCH This Week

Local privilege escalation in Linux kernel f2fs sysfs attributes allows unprivileged users to trigger out-of-bounds memory access and cause denial of service by writing oversized integer values to filesystem control interfaces. The vulnerability stems from improper bounds checking when mapping sysfs attributes to kernel structures of varying integer sizes, enabling attackers to corrupt kernel memory and crash the system. No patch is currently available for this vulnerability.

Linux Buffer Overflow Information Disclosure Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-23234 HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's f2fs filesystem allows a local attacker with user privileges to trigger memory corruption and crash the system through a race condition between I/O completion and filesystem unmount operations. The vulnerability occurs when a loop device completes write operations concurrently with an unmount that frees filesystem structures still being accessed by pending I/O handlers. This issue has no available patch and requires kernel-level access to exploit.

Linux Use After Free Information Disclosure Memory Corruption Linux Kernel +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23233 HIGH POC PATCH This Week

F2FS swapfile memory corruption in Linux kernel 6.6+ allows local attackers with user privileges to cause data corruption through improper physical block mapping when using fragmented swapfiles smaller than the F2FS section size. Public exploit code exists for this vulnerability, and attackers can trigger dm-verity corruption errors or F2FS node corruption leading to system crashes and data loss. No patch is currently available.

Linux Google Buffer Overflow Memory Corruption Linux Kernel +3
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23232 MEDIUM PATCH This Month

A revert of a Linux kernel patch introduces a potential deadlock condition in the f2fs filesystem when concurrent write operations and checkpoint operations occur, allowing a local user with write permissions to cause a denial of service through system hang. The vulnerability affects the Linux kernel's f2fs module and requires low privileges to trigger. No patch is currently available to address this issue.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71238 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix bsg_done() causing double free Kernel panic observed on system, [5353358.825191] BUG: unable to handle page fault for address: ff5f5e897b024000 [5353358.825194] #PF: supervisor write access in kernel mode [5353358.825195] #PF: error_code(0x0002) - not-present page [5353358.825196] PGD 100006067 P4D 0 [5353358.825198] Oops: 0002 [#1] PREEMPT SMP NOPTI [5353358.825200] CPU: 5 PID: 2132085 Comm: qlafwupdate.sub Kdump: loaded Tainted: G W L ------- --- 5.14.0-503.34.1.el9_5.x86_64 #1 [5353358.825203] Hardware name: HPE ProLiant DL360 Gen11/ProLiant DL360 Gen11, BIOS 2.44 01/17/2025 [5353358.825204] RIP: 0010:memcpy_erms+0x6/0x10 [5353358.825211] RSP: 0018:ff591da8f4f6b710 EFLAGS: 00010246 [5353358.825212] RAX: ff5f5e897b024000 RBX: 0000000000007090 RCX: 0000000000001000 [5353358.825213] RDX: 0000000000001000 RSI: ff591da8f4fed090 RDI: ff5f5e897b024000 [5353358.825214] RBP: 0000000000010000 R08: ff5f5e897b024000 R09: 0000000000000000 [5353358.825215] R10: ff46cf8c40517000 R11: 0000000000000001 R12: 0000000000008090 [5353358.825216] R13: ff591da8f4f6b720 R14: 0000000000001000 R15: 0000000000000000 [5353358.825218] FS: 00007f1e88d47740(0000) GS:ff46cf935f940000(0000) knlGS:0000000000000000 [5353358.825219] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [5353358.825220] CR2: ff5f5e897b024000 CR3: 0000000231532004 CR4: 0000000000771ef0 [5353358.825221] PKRU: 55555554 [5353358.825222] Call Trace: [5353358.825223] <TASK> [5353358.825224] ? show_trace_log_lvl+0x1c4/0x2df [5353358.825229] ? show_trace_log_lvl+0x1c4/0x2df [5353358.825232] ? sg_copy_buffer+0xc8/0x110 [5353358.825236] ? __die_body.cold+0x8/0xd [5353358.825238] ? page_fault_oops+0x134/0x170 [5353358.825242] ? kernelmode_fixup_or_oops+0x84/0x110 [5353358.825244] ? exc_page_fault+0xa8/0x150 [5353358.825247] ? asm_exc_page_fault+0x22/0x30 [5353358.825252] ? memcpy_erms+0x6/0x10 [5353358.825253] sg_copy_buffer+0xc8/0x110 [5353358.825259] qla2x00_process_vendor_specific+0x652/0x1320 [qla2xxx] [5353358.825317] qla24xx_bsg_request+0x1b2/0x2d0 [qla2xxx] Most routines in qla_bsg.c call bsg_done() only for success cases.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-0540 npm MEDIUM PATCH This Month

DOMPurify versions 2.5.3-2.5.8 and 3.1.3-3.3.1 fail to sanitize attribute values within certain rawtext HTML elements (noscript, xmp, noembed, noframes, iframe), allowing attackers to inject malicious scripts that execute when sanitized content is rendered in these contexts. An attacker can exploit this by embedding JavaScript payloads in HTML attributes, bypassing DOMPurify's sanitization to achieve cross-site scripting. A patch is available in commit 729097f.

XSS Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-15599 npm MEDIUM PATCH This Month

DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting missing textarea rawtext element validation in the SAFE_FOR_XML regex. [CVSS 6.1 MEDIUM]

XSS Dompurify Red Hat
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-3337 Cargo MEDIUM PATCH This Month

Timing side-channel attacks in AWS-LC's AES-CCM decryption implementation allow unauthenticated attackers to infer authentication tag validity through precise timing measurements. The vulnerability affects AWS-LC and related cryptographic libraries across multiple AES-CCM variants (128, 192, and 256-bit), potentially enabling attackers to forge authenticated messages. AWS service customers are unaffected, but applications using AWS-LC directly should upgrade to version 1.69.0 or later.

AWS Aws Libcrypto Aws Lc Fips Sys Aws Lc Sys Red Hat +2
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2026-2256 PyPI MEDIUM POC This Month

ModelScope ms-agent v1.6.0rc1 and earlier allows unauthenticated remote attackers to execute arbitrary operating system commands by injecting malicious input through prompt-derived parameters. Public exploit code exists for this vulnerability, and no patch is currently available. This command injection flaw affects AI/ML systems processing untrusted user prompts.

Command Injection AI / ML Red Hat
NVD GitHub
CVSS 3.1
6.5
EPSS
2.3%
CVE-2026-27631 MEDIUM PATCH This Month

Exiv2 versions prior to 0.28.8 are vulnerable to a denial of service attack through integer overflow in the preview component when specific command-line arguments are used, causing the application to crash with an uncaught exception. An attacker can trigger this vulnerability by providing a specially crafted image file to crash Exiv2 processes, affecting systems that rely on the library for metadata processing. A patch is available in version 0.28.8 and later.

Integer Overflow Denial Of Service Exiv2 Red Hat Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-27596 HIGH PATCH This Week

Out-of-bounds memory read in Exiv2 prior to version 0.28.8 causes denial of service through application crash when processing specially crafted image files with the preview extraction feature. The vulnerability requires specific command-line arguments (such as -pp) to trigger and affects all users running vulnerable Exiv2 versions for image metadata operations. A patch is available in version 0.28.8 and later.

Denial Of Service Exiv2 Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-25884 HIGH POC PATCH This Week

Out-of-bounds read in Exiv2's CRW image parser allows remote attackers to cause denial of service and potentially disclose sensitive memory contents through crafted image files. Versions prior to 0.28.8 are affected, and public exploit code exists for this vulnerability. A patch is available that administrators should deploy immediately to prevent exploitation.

Buffer Overflow Information Disclosure Exiv2 Red Hat Suse
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-28421 MEDIUM POC PATCH This Month

Vim versions before 9.2.0077 contain heap buffer overflow and segmentation fault vulnerabilities in swap file recovery that can be triggered by opening a specially crafted swap file, affecting users who recover sessions from untrusted sources. An attacker could exploit this to cause application crashes or potentially achieve code execution through memory corruption. A patch is available in version 9.2.0077 and later.

Code Injection Vim Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-28420 MEDIUM POC PATCH This Month

Vim versions prior to 9.2.0076 contain a heap buffer overflow and out-of-bounds read vulnerability in the terminal emulator when handling Unicode combining characters from supplementary planes, allowing a local attacker with user interaction to cause memory corruption and denial of service. The vulnerability requires local access and user interaction to trigger, with no confidentiality impact but potential integrity and availability consequences. A patch is available in version 9.2.0076 and later.

Buffer Overflow Heap Overflow Vim Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-28419 MEDIUM PATCH This Month

Vim versions prior to 9.2.0075 contain a heap buffer underflow in the tags file parser that triggers when processing malformed tag files with delimiters at line starts, potentially allowing local attackers with user interaction to read out-of-bounds memory and cause information disclosure or crashes. The vulnerability requires local file system access and user interaction to exploit, with a CVSS score of 5.3 indicating medium severity. A patch is available in Vim 9.2.0075 and later versions.

Heap Overflow Vim Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-28418 MEDIUM PATCH This Month

Vim versions prior to 9.2.0074 contain a heap buffer overflow in the Emacs-style tags file parser that allows reading up to 7 bytes of out-of-bounds memory when processing malformed tags files. A local attacker can trigger this vulnerability through a crafted tags file to leak sensitive information from the application's memory. The vulnerability has been patched in version 9.2.0074 and later.

Buffer Overflow Heap Overflow Vim Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-28417 MEDIUM PATCH This Month

Arbitrary command execution in Vim's netrw plugin prior to version 9.2.0073 allows attackers to execute shell commands with user privileges by crafting malicious URLs (such as scp:// handlers) that users are tricked into opening. The vulnerability requires user interaction but poses a local privilege escalation risk in multi-user environments. A patch is available in Vim 9.2.0073 and later.

Command Injection Vim Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-28416 PyPI HIGH PATCH GHSA This Week

Server-Side Request Forgery in Gradio prior to version 6.6.0 allows attackers to execute arbitrary HTTP requests through a victim's infrastructure by crafting a malicious Space with a poisoned proxy_url configuration. Applications that load untrusted Gradio Spaces via gr.load() are vulnerable to attacks targeting internal services, cloud metadata endpoints, and private networks. No patch is currently available for affected Python/ML applications.

Python SSRF AI / ML Gradio Red Hat
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-28415 PyPI MEDIUM PATCH This Month

Open redirect in Gradio's OAuth implementation allows unauthenticated attackers to redirect users to arbitrary external URLs through the unvalidated _target_url parameter on /logout and /login/callback endpoints in applications with OAuth enabled. This affects Gradio versions prior to 6.6.0 running on Hugging Face Spaces with gr.LoginButton, enabling phishing attacks or credential theft. The vulnerability has been patched in version 6.6.0 by sanitizing the parameter to only accept relative URLs.

Python AI / ML Gradio Hugging Face Red Hat
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-28351 PyPI MEDIUM PATCH This Month

Crafted PDF files can trigger excessive memory consumption in pypdf versions before 6.7.4 when processing content streams with the RunLengthDecode filter, enabling denial-of-service attacks against applications using the library. An unauthenticated attacker can exploit this remotely by submitting a malicious PDF, causing the affected application to exhaust system memory. A patch is available in pypdf 6.7.4 and later.

Python Pypdf Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-0980 Ruby HIGH PATCH This Week

Remote code execution in Red Hat Satellite's rubyipmi BMC component allows authenticated users with host creation or update permissions to execute arbitrary code by injecting malicious input into the BMC username field. An attacker with these privileges can compromise the underlying system through command injection. No patch is currently available for this vulnerability.

Red Hat RCE Command Injection
NVD VulDB
CVSS 3.1
8.3
EPSS
0.2%
CVE-2026-0871 Maven MEDIUM PATCH This Month

Build Of Keycloak contains a vulnerability that allows attackers to unauthorized changes to user profiles, even when the system is configured to res (CVSS 4.9).

Authentication Bypass Keycloak Build Of Keycloak Red Hat
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-9909 MEDIUM PATCH This Month

A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash (//) prefix in the gateway_path. [CVSS 6.7 MEDIUM]

Red Hat Information Disclosure
NVD VulDB
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-9908 MEDIUM PATCH This Month

A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Streams. [CVSS 6.7 MEDIUM]

Red Hat Information Disclosure
NVD VulDB
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-9907 MEDIUM PATCH This Month

A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Stream API. This vulnerability allows exposure of sensitive client credentials and internal infrastructure headers via the test_headers field when an event stream is in test mode. [CVSS 6.7 MEDIUM]

Red Hat Privilege Escalation Information Disclosure
NVD VulDB
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-9572 MEDIUM PATCH This Month

n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply proper filtering, leading to an authorization bypass. [CVSS 5.0 MEDIUM]

Information Disclosure Red Hat
NVD VulDB
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-13327 LIB MEDIUM PATCH This Month

A flaw was found in uv. This vulnerability allows an attacker to execute malicious code during package resolution or installation via specially crafted ZIP (Zipped Information Package) archives that exploit parsing differentials, requiring user interaction to install an attacker-controlled package. [CVSS 6.3 MEDIUM]

Information Disclosure Uv Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-28208 Maven MEDIUM POC PATCH This Month

Junrar versions prior to 7.5.8 contain a path traversal vulnerability in LocalFolderExtractor that allows attackers to write arbitrary files to the filesystem when processing malicious RAR archives on Linux/Unix systems. Public exploit code exists for this vulnerability, which can facilitate remote code execution through file overwrite attacks such as modifying shell profiles or cron jobs. Users should upgrade to version 7.5.8 or later to remediate this issue.

Linux Java RCE Path Traversal Junrar +1
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2026-27141 Go HIGH PATCH This Week

Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic [CVSS 7.5 HIGH]

Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-28296 MEDIUM PATCH This Month

FTP command injection in GVfs backend allows remote attackers to execute arbitrary FTP commands by embedding CRLF sequences in crafted file paths, potentially leading to unauthorized access or code execution. The vulnerability requires user interaction and affects systems utilizing the FTP GVfs backend for file operations. A patch is available to remediate this input validation weakness.

RCE Red Hat Suse
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-28295 MEDIUM PATCH This Month

GVfs FTP backend clients blindly trust server-provided IP addresses and ports during passive mode connections, enabling malicious FTP servers to conduct network reconnaissance and probe for open ports from the client's network perspective. The vulnerability requires user interaction but poses a confidentiality risk to network topology information. A patch is available to address this trust validation issue.

SSRF Red Hat Suse
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-27942 npm HIGH PATCH This Week

Stack overflow denial of service in fast-xml-parser versions prior to 5.3.8 occurs when the XML builder is used with the preserveOrder option enabled, causing the application to crash. An attacker can trigger this vulnerability remotely by sending specially crafted XML input, resulting in service unavailability for applications using the affected library. A patch is available in version 5.3.8 and later.

Stack Overflow Denial Of Service Fast Xml Parser Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-27904 npm HIGH POC PATCH This Week

Minimatch versions prior to 10.2.3 (and earlier affected versions) suffer from ReDoS vulnerabilities in nested extglob patterns that generate regexps with catastrophic backtracking, allowing remote attackers to cause denial of service with minimal input. A 12-byte glob pattern like `*(*(*(a|b)))` combined with an 18-byte non-matching string can hang the application for 7+ seconds, with larger patterns stalling for minutes. Public exploit code exists and no patch is currently available, making this a critical risk for any application using the default minimatch API.

Denial Of Service Minimatch Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-27903 npm HIGH POC PATCH This Week

Minimatch versions before 3.1.3 through 10.2.3 suffer from catastrophic backtracking in glob pattern matching when processing multiple GLOBSTAR segments, allowing attackers who control glob patterns to trigger exponential time complexity and cause denial of service. Public exploit code exists for this vulnerability, and affected Node.js applications using vulnerable Minimatch versions are at immediate risk. No patch is currently available, requiring users to upgrade to patched versions or implement input validation as a mitigation.

Node.js Minimatch Red Hat
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-27902 npm MEDIUM PATCH This Month

Improper output encoding in Svelte versions prior to 5.53.5 allows attackers to inject malicious HTML and execute arbitrary JavaScript in user browsers through unescaped error messages returned by the transformError function. An attacker who can control error content can exploit this XSS vulnerability to compromise application security and user data. A patch is available in version 5.53.5 and later.

XSS Svelte Red Hat
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-27901 npm MEDIUM PATCH This Month

Svelte versions prior to 5.53.5 fail to properly escape text bindings on contenteditable elements, allowing attackers to inject malicious HTML and execute arbitrary scripts when the application renders untrusted data as initial binding values during server-side rendering. This affects applications that use `bind:innerText` or `bind:textContent` with user-controlled input. A patch is available in version 5.53.5.

XSS Svelte Red Hat
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-27888 PyPI HIGH PATCH This Week

Denial of service in pypdf prior to version 6.7.3 allows remote attackers to exhaust system memory by crafting malicious PDF files that exploit FlateDecode-compressed streams accessed through the xfa property. The vulnerability requires no authentication or user interaction and affects any application processing untrusted PDF documents with the vulnerable library. Upgrade to pypdf 6.7.3 or later to remediate.

Python Pypdf Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-27837 npm MEDIUM POC PATCH This Month

Dottie versions 2.0.4 through 2.0.6 suffer from an incomplete prototype pollution fix that allows attackers to bypass validation by placing `__proto__` in non-first positions within dot-separated paths, affecting both `dottie.set()` and `dottie.transform()` functions. An attacker can exploit this to pollute object prototypes and achieve limited confidentiality, integrity, and availability impacts. Public exploit code exists and a patch is available in version 2.0.7.

Code Injection Dottie Red Hat
NVD GitHub
CVSS 3.1
6.3
EPSS
0.1%
CVE-2026-27799 NuGet MEDIUM PATCH This Month

Heap buffer over-read in ImageMagick and Magick.NET's DJVU image handler allows local attackers to read out-of-bounds memory through integer truncation in stride calculations. An attacker can trigger this vulnerability by supplying a malicious DJVU file, potentially leading to information disclosure or application crashes. Updates are available for ImageMagick versions 7.1.2-15, 6.9.13-40 and later.

Buffer Overflow Imagemagick Magick.Net Red Hat Suse
NVD GitHub
CVSS 3.1
4.0
EPSS
0.0%
CVE-2026-27798 NuGet MEDIUM PATCH This Month

Magick.NET and ImageMagick versions before 7.1.2-15 and 6.9.13-40 are vulnerable to heap buffer over-read when processing low-resolution images with the wavelet-denoise filter, allowing local attackers to read sensitive memory. This out-of-bounds read could expose confidential information from adjacent heap memory with no possibility of code execution or denial of service. A patch is available for affected users.

Buffer Overflow Magick.Net Imagemagick Red Hat Suse
NVD GitHub
CVSS 3.1
4.0
EPSS
0.0%
CVE-2026-27951 MEDIUM POC PATCH This Month

An integer overflow in FreeRDP's Stream_EnsureCapacity function prior to version 3.23.0 can trigger an endless blocking loop, causing denial of service on affected client and server implementations. This vulnerability primarily impacts 32-bit systems with sufficient physical memory and has public exploit code available. Administrators should upgrade to FreeRDP 3.23.0 or later to remediate this issue.

Integer Overflow Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-27950 HIGH PATCH This Week

FreeRDP versions prior to 3.23.0 contain an incomplete fix for a heap-use-after-free vulnerability that affects only the SDL2 code path, where freed memory pointers are not properly nulled, allowing an unauthenticated attacker to trigger a denial of service condition. Users running FreeRDP with SDL2 backends remain vulnerable despite the advisory claiming the issue was resolved. Upgrade to version 3.23.0 or later to obtain the complete fix.

Use After Free Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-26986 HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol. [CVSS 7.5 HIGH]

Windows Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-3172 HIGH POC PATCH This Week

Buffer overflow in parallel HNSW index build in pgvector 0.6.0 versions up to 0.8.1 is affected by integer underflow (CVSS 8.1).

Buffer Overflow Denial Of Service AI / ML Red Hat Suse
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-27015 MEDIUM POC PATCH This Month

Denial of service in FreeRDP prior to version 3.23.0 allows a malicious RDP server to crash the client application through a missing bounds check in smartcard packet handling. This vulnerability affects users who have explicitly enabled smartcard redirection, and public exploit code exists. The crash is triggered via assertion failure in builds with verbose assert checking enabled, which is the default configuration in FreeRDP 3.22.0.

Denial Of Service Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-26271 MEDIUM PATCH This Month

FreeRDP versions prior to 3.23.0 are vulnerable to a buffer overread in icon data processing that allows denial of service when clients receive crafted RDP Window Icon data from a server or network attacker. An unauthenticated remote attacker can exploit this vulnerability to crash the FreeRDP client by sending malicious icon structures during the RDP connection. A patch is available in version 3.23.0 and later.

Buffer Overflow Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-25997 CRITICAL POC PATCH Act Now

Use-after-free in FreeRDP xf_clipboard_format_equal before 3.23.0. Clipboard format comparison uses freed memory. Fifth FreeRDP UAF. PoC and patch available.

Use After Free Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-25959 CRITICAL POC PATCH Act Now

Use-after-free in FreeRDP xf_cliprdr_provide_data clipboard handling before 3.23.0. Clipboard data exchange triggers memory corruption. PoC and patch available.

Use After Free Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-25955 CRITICAL POC PATCH Act Now

Use-after-free in FreeRDP xf_AppUpdateWindowFromSurface before 3.23.0. Different code path from CVE-2026-25953. PoC and patch available.

Use After Free Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-25954 HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol. [CVSS 7.5 HIGH]

Windows Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-25953 CRITICAL POC PATCH Act Now

Use-after-free in FreeRDP xf_AppUpdateWindowFromSurface before 3.23.0. Surface-to-window update triggers memory corruption. PoC and patch available.

Use After Free Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-25952 CRITICAL POC PATCH Act Now

Use-after-free in FreeRDP xf_SetWindowMinMaxInfo before version 3.23.0. X11 client window management triggers memory corruption. PoC and patch available.

Windows Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-25942 HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol. [CVSS 7.5 HIGH]

Buffer Overflow Information Disclosure Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-25941 MEDIUM POC PATCH This Month

FreeRDP is a free implementation of the Remote Desktop Protocol. [CVSS 4.3 MEDIUM]

Denial Of Service Information Disclosure Freerdp Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-27794 PyPI MEDIUM PATCH This Month

Remote code execution in LangGraph's caching layer affects applications that explicitly enable cache backends inheriting from BaseCache with nodes opted into caching via CachePolicy. An attacker can exploit unsafe deserialization through pickle when msgpack serialization fails, allowing arbitrary code execution on affected systems. This vulnerability requires explicit cache configuration and does not affect default deployments.

Redis RCE SQLi Deserialization AI / ML +1
NVD GitHub
CVSS 3.1
6.6
EPSS
0.3%
CVE-2026-3203 MEDIUM PATCH This Month

Wireshark versions 4.4.0-4.4.13 and 4.6.0-4.6.3 crash when processing malformed RF4CE Profile protocol packets, enabling local denial of service attacks through user interaction. An attacker can trigger an out-of-bounds read by supplying a specially crafted packet file to a target user, causing the application to become unavailable. No patch is currently available for this vulnerability.

Denial Of Service Wireshark Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-3202 MEDIUM PATCH This Month

NTS-KE protocol dissector crash in Wireshark 4.6.0 to 4.6.3 allows denial of service [CVSS 4.7 MEDIUM]

Denial Of Service Wireshark Red Hat Suse
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-3201 MEDIUM POC PATCH This Month

Wireshark 4.6.0-4.6.3 and 4.4.0-4.4.13 can be crashed through memory exhaustion in the USB HID protocol dissector when processing malformed packets. A local attacker with the ability to trigger packet analysis can cause a denial of service condition, and public exploit code exists for this vulnerability. No patch is currently available.

Denial Of Service Wireshark Red Hat Suse
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-27699 npm CRITICAL POC PATCH Act Now

Path traversal in basic-ftp Node.js FTP client library before 5.2.0 allows malicious FTP servers to write files outside the intended download directory. PoC and patch available.

Node.js Path Traversal Basic Ftp Red Hat Suse
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-3118 MEDIUM This Month

Denial of Service in Red Hat Developer Hub's Orchestrator Plugin allows authenticated users to crash the entire Backstage application through malformed GraphQL queries due to insufficient input validation. An attacker can leverage this to temporarily disable platform access for all legitimate users. No patch is currently available to address this vulnerability.

Red Hat Denial Of Service SQLi
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-26104 MEDIUM PATCH This Month

Unprivileged users can extract LUKS encryption headers from the udisks daemon due to missing authorization checks on a privileged D-Bus method, allowing attackers to read sensitive cryptographic metadata and potentially compromise encrypted storage confidentiality. The vulnerability affects systems running vulnerable versions of udisks and requires local access to exploit. No patch is currently available.

Authentication Bypass Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-11563 MEDIUM PATCH This Month

URLs containing percent-encoded slashes (`/` or `\`) can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. This flaw only affects the wcurl command line tool. [CVSS 4.6 MEDIUM]

Path Traversal Wcurl Red Hat Suse
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2026-27628 PyPI HIGH PATCH This Week

Pypdf versions up to 6.7.2 is affected by loop with unreachable exit condition (infinite loop) (CVSS 7.5).

Python Pypdf Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-27572 Cargo HIGH PATCH This Week

Wasmtime's HTTP header handling in the wasmtime-wasi-http crate crashes when processing excessive header fields, allowing remote attackers to trigger denial of service against applications embedding Wasmtime. The vulnerability affects versions prior to 24.0.6, 36.0.6, 40.0.4, 41.0.4, and 42.0.0, and has been patched to return a controlled trap instead of panicking. Embedders should update immediately to mitigate this DoS vector.

Industrial Denial Of Service Wasmtime Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-27204 Cargo MEDIUM PATCH This Month

Uncontrolled resource allocation in Wasmtime's WASI host interfaces allows authenticated guests to trigger denial of service on the host system by exhausting resources without proper limits. Affected versions prior to 24.0.6, 36.0.6, 40.0.4, 41.0.4, and 42.0.0 require explicit configuration to mitigate this issue, though Wasmtime 42.0.0 and later provide secure defaults. No patch is currently available for older versions, and resource exhaustion protections must be manually enabled.

Denial Of Service Wasmtime Red Hat
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug_rnglists data. [CVSS 5.5 MEDIUM]

Denial Of Service Red Hat Suse
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug information. [CVSS 5.5 MEDIUM]

Denial Of Service Red Hat Suse
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

An issue was discovered in Binutils before 2.46. The objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed debug information. [CVSS 5.0 MEDIUM]

Denial Of Service Binutils Red Hat +1
NVD
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

An authenticated Zabbix user (User role) with template/host write permissions is able to create objects via the configuration.import API. This can lead to confidentiality loss by creating unauthorized hosts.

Authentication Bypass Zabbix Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

PJSIP versions prior to 2.17 are vulnerable to a stack buffer overflow in the RTP payload parsing mechanism when processing more frames than allocated buffers can accommodate, enabling remote denial of service attacks over the network without authentication. An attacker can trigger a crash by sending specially crafted RTP packets containing excessive frame data, causing the application to become unavailable.

Buffer Overflow Pjsip Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

pypdf versions prior to 6.7.5 are vulnerable to denial-of-service attacks where specially crafted PDF files with ASCIIHexDecode filtered streams can cause excessive processing time and application hang. An unauthenticated attacker can exploit this by providing a malicious PDF that consumes significant computational resources when processed. A patch is available in version 6.7.5 and later.

Python Pypdf Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

PJSIP versions prior to 2.17 contain a heap use-after-free vulnerability in the event subscription framework that can be triggered through presence unsubscription requests, allowing remote attackers without authentication to cause denial of service. The vulnerability resides in the evsub.c component and is exploitable over the network with no user interaction required. A patch is available in version 2.17 and later.

Use After Free Pjsip Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

Traefik versions prior to 2.11.38 and 3.6.9 fail to limit memory allocation when processing ForwardAuth middleware responses, allowing a malicious or compromised authentication server to trigger unbounded memory consumption. An attacker controlling the auth server can return an arbitrarily large response body that causes the Traefik process to exhaust available memory and crash, resulting in denial of service for all proxied routes. A patch is available in the specified versions.

Denial Of Service Traefik Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Allauth versions up to 65.14.1 is affected by url redirection to untrusted site (open redirect) (CVSS 6.1).

Django Open Redirect Allauth +1
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Insecure embedded zlib in Compress::Raw::Zlib through 2.219 for Perl.

Information Disclosure Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not use io.open_code() to read the .pyc files. sys.audit handlers for this audit event therefore do not fire.

Information Disclosure Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Vaultwarden versions up to 1.35.4 is affected by authorization bypass through user-controlled key (CVSS 5.4).

Authentication Bypass Vaultwarden Red Hat
NVD GitHub
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Vaultwarden versions prior to 1.35.4 fail to properly enforce collection management permissions, allowing authenticated users with Manager roles to perform restricted management operations on collections where they lack authorization. An attacker with valid credentials can exploit this privilege escalation to modify or control collections they should not have access to. No patch is currently available for affected deployments.

Privilege Escalation Vaultwarden Red Hat
NVD GitHub
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Vaultwarden versions before 1.35.4 contain a privilege escalation vulnerability that allows authenticated Manager-level users to modify permissions on collections they should not have access to. An attacker with Manager role can exploit this during bulk permission updates to gain unauthorized access to sensitive collections. A patch is available in version 1.35.4 and should be applied immediately.

Privilege Escalation Vaultwarden Red Hat
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM POC PATCH This Month

Two-factor authentication bypass in Vaultwarden 1.34.3 and earlier allows authenticated attackers to circumvent 2FA protections on sensitive operations, enabling unauthorized access to API keys and destructive actions against vaults and organizations. Public exploit code exists for this vulnerability, which affects the unofficial Bitwarden-compatible server and currently lacks an available patch. Attackers with legitimate account credentials can escalate privileges to perform administrative actions typically restricted by 2FA controls.

Authentication Bypass Vaultwarden Red Hat
NVD GitHub
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape via navigation validation in Chrome before 145.0.7632.159. Patch available.

Google Chrome Red Hat +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Google Chrome versions before 145.0.7632.159 contain a heap buffer overflow in the WebCodecs component that enables remote attackers to write data outside allocated memory bounds through malicious HTML pages. An unauthenticated attacker can exploit this vulnerability with minimal user interaction to achieve arbitrary code execution on affected systems. A patch is available in Chrome 145.0.7632.159 and later.

Google Buffer Overflow Chrome +2
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Out-of-bounds memory access in Google Chrome's V8 engine (versions prior to 145.0.7632.159) enables remote attackers to achieve memory corruption through malicious HTML pages without requiring user privileges beyond standard interaction. The vulnerability affects all Chrome users and could potentially lead to information disclosure, data corruption, or code execution depending on memory layout and exploitation context.

Chrome Google Red Hat +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Out-of-bounds memory access in Google Chrome's WebAssembly implementation (versions prior to 145.0.7632.159) enables remote attackers to achieve full memory corruption through malicious HTML pages, requiring only user interaction. An attacker can exploit this to read sensitive data, modify memory, or crash the browser with no authentication needed. A patch is available in Chrome 145.0.7632.159 and later.

Google Chrome Red Hat +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Out-of-bounds memory read in Google Chrome's CSS implementation (versions prior to 145.0.7632.159) allows network attackers to read sensitive memory contents by tricking users into viewing a malicious HTML page. The vulnerability requires user interaction but carries high impact, enabling information disclosure without authentication or special privileges. A patch is available in Chrome 145.0.7632.159 and later.

Google Chrome Red Hat +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Out-of-bounds memory access in Google Chrome's WebAudio component (versions prior to 145.0.7632.159) enables remote attackers to read, modify, or crash the browser by tricking users into visiting malicious web pages. This network-based vulnerability requires no special privileges and affects all Chrome users who interact with untrusted content. A patch is available in Chrome 145.0.7632.159 and later versions.

Google Chrome Red Hat +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap corruption in Google Chrome's DevTools prior to version 145.0.7632.159 can be triggered through a malicious extension, requiring user installation and interaction. An attacker exploiting this object lifecycle vulnerability could achieve arbitrary code execution with full system privileges. A patch is available in Chrome 145.0.7632.159 and later versions.

Google Chrome Red Hat +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Google Chrome's Skia rendering engine contains an integer overflow flaw that enables remote attackers to access out-of-bounds memory when processing malicious HTML pages. Affected users running Chrome versions prior to 145.0.7632.159 could face memory corruption leading to information disclosure, data modification, or denial of service. A security patch is available to remediate this critical vulnerability.

Integer Overflow Chrome Google +2
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Google Chrome's ANGLE graphics library before version 145.0.7632.159 contains an integer overflow vulnerability that enables remote attackers to access out-of-bounds memory through malicious HTML pages. An unauthenticated attacker can exploit this flaw by tricking users into visiting a crafted webpage, potentially compromising confidentiality, integrity, and availability. A patch is available in Chrome 145.0.7632.159 and later versions.

Integer Overflow Chrome Google +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The Linux kernel's Classmate laptop driver lacks NULL pointer checks in sysfs attribute handlers, allowing local users to trigger a denial of service by accessing device attributes before driver initialization completes. A premature sysfs access can cause the driver to dereference a NULL pointer when retrieving uninitialized device data, crashing the affected system.

Linux Null Pointer Dereference Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Local privilege escalation in Linux kernel f2fs sysfs attributes allows unprivileged users to trigger out-of-bounds memory access and cause denial of service by writing oversized integer values to filesystem control interfaces. The vulnerability stems from improper bounds checking when mapping sysfs attributes to kernel structures of varying integer sizes, enabling attackers to corrupt kernel memory and crash the system. No patch is currently available for this vulnerability.

Linux Buffer Overflow Information Disclosure +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's f2fs filesystem allows a local attacker with user privileges to trigger memory corruption and crash the system through a race condition between I/O completion and filesystem unmount operations. The vulnerability occurs when a loop device completes write operations concurrently with an unmount that frees filesystem structures still being accessed by pending I/O handlers. This issue has no available patch and requires kernel-level access to exploit.

Linux Use After Free Information Disclosure +4
NVD VulDB
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

F2FS swapfile memory corruption in Linux kernel 6.6+ allows local attackers with user privileges to cause data corruption through improper physical block mapping when using fragmented swapfiles smaller than the F2FS section size. Public exploit code exists for this vulnerability, and attackers can trigger dm-verity corruption errors or F2FS node corruption leading to system crashes and data loss. No patch is currently available.

Linux Google Buffer Overflow +5
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A revert of a Linux kernel patch introduces a potential deadlock condition in the f2fs filesystem when concurrent write operations and checkpoint operations occur, allowing a local user with write permissions to cause a denial of service through system hang. The vulnerability affects the Linux kernel's f2fs module and requires low privileges to trigger. No patch is currently available to address this issue.

Linux Information Disclosure Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix bsg_done() causing double free Kernel panic observed on system, [5353358.825191] BUG: unable to handle page fault for address: ff5f5e897b024000 [5353358.825194] #PF: supervisor write access in kernel mode [5353358.825195] #PF: error_code(0x0002) - not-present page [5353358.825196] PGD 100006067 P4D 0 [5353358.825198] Oops: 0002 [#1] PREEMPT SMP NOPTI [5353358.825200] CPU: 5 PID: 2132085 Comm: qlafwupdate.sub Kdump: loaded Tainted: G W L ------- --- 5.14.0-503.34.1.el9_5.x86_64 #1 [5353358.825203] Hardware name: HPE ProLiant DL360 Gen11/ProLiant DL360 Gen11, BIOS 2.44 01/17/2025 [5353358.825204] RIP: 0010:memcpy_erms+0x6/0x10 [5353358.825211] RSP: 0018:ff591da8f4f6b710 EFLAGS: 00010246 [5353358.825212] RAX: ff5f5e897b024000 RBX: 0000000000007090 RCX: 0000000000001000 [5353358.825213] RDX: 0000000000001000 RSI: ff591da8f4fed090 RDI: ff5f5e897b024000 [5353358.825214] RBP: 0000000000010000 R08: ff5f5e897b024000 R09: 0000000000000000 [5353358.825215] R10: ff46cf8c40517000 R11: 0000000000000001 R12: 0000000000008090 [5353358.825216] R13: ff591da8f4f6b720 R14: 0000000000001000 R15: 0000000000000000 [5353358.825218] FS: 00007f1e88d47740(0000) GS:ff46cf935f940000(0000) knlGS:0000000000000000 [5353358.825219] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [5353358.825220] CR2: ff5f5e897b024000 CR3: 0000000231532004 CR4: 0000000000771ef0 [5353358.825221] PKRU: 55555554 [5353358.825222] Call Trace: [5353358.825223] <TASK> [5353358.825224] ? show_trace_log_lvl+0x1c4/0x2df [5353358.825229] ? show_trace_log_lvl+0x1c4/0x2df [5353358.825232] ? sg_copy_buffer+0xc8/0x110 [5353358.825236] ? __die_body.cold+0x8/0xd [5353358.825238] ? page_fault_oops+0x134/0x170 [5353358.825242] ? kernelmode_fixup_or_oops+0x84/0x110 [5353358.825244] ? exc_page_fault+0xa8/0x150 [5353358.825247] ? asm_exc_page_fault+0x22/0x30 [5353358.825252] ? memcpy_erms+0x6/0x10 [5353358.825253] sg_copy_buffer+0xc8/0x110 [5353358.825259] qla2x00_process_vendor_specific+0x652/0x1320 [qla2xxx] [5353358.825317] qla24xx_bsg_request+0x1b2/0x2d0 [qla2xxx] Most routines in qla_bsg.c call bsg_done() only for success cases.

Linux Information Disclosure Linux Kernel +2
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

DOMPurify versions 2.5.3-2.5.8 and 3.1.3-3.3.1 fail to sanitize attribute values within certain rawtext HTML elements (noscript, xmp, noembed, noframes, iframe), allowing attackers to inject malicious scripts that execute when sanitized content is rendered in these contexts. An attacker can exploit this by embedding JavaScript payloads in HTML attributes, bypassing DOMPurify's sanitization to achieve cross-site scripting. A patch is available in commit 729097f.

XSS Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting missing textarea rawtext element validation in the SAFE_FOR_XML regex. [CVSS 6.1 MEDIUM]

XSS Dompurify Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Timing side-channel attacks in AWS-LC's AES-CCM decryption implementation allow unauthenticated attackers to infer authentication tag validity through precise timing measurements. The vulnerability affects AWS-LC and related cryptographic libraries across multiple AES-CCM variants (128, 192, and 256-bit), potentially enabling attackers to forge authenticated messages. AWS service customers are unaffected, but applications using AWS-LC directly should upgrade to version 1.69.0 or later.

AWS Aws Libcrypto Aws Lc Fips Sys +4
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM POC This Month

ModelScope ms-agent v1.6.0rc1 and earlier allows unauthenticated remote attackers to execute arbitrary operating system commands by injecting malicious input through prompt-derived parameters. Public exploit code exists for this vulnerability, and no patch is currently available. This command injection flaw affects AI/ML systems processing untrusted user prompts.

Command Injection AI / ML Red Hat
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Exiv2 versions prior to 0.28.8 are vulnerable to a denial of service attack through integer overflow in the preview component when specific command-line arguments are used, causing the application to crash with an uncaught exception. An attacker can trigger this vulnerability by providing a specially crafted image file to crash Exiv2 processes, affecting systems that rely on the library for metadata processing. A patch is available in version 0.28.8 and later.

Integer Overflow Denial Of Service Exiv2 +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Out-of-bounds memory read in Exiv2 prior to version 0.28.8 causes denial of service through application crash when processing specially crafted image files with the preview extraction feature. The vulnerability requires specific command-line arguments (such as -pp) to trigger and affects all users running vulnerable Exiv2 versions for image metadata operations. A patch is available in version 0.28.8 and later.

Denial Of Service Exiv2 Red Hat +1
NVD GitHub
EPSS 0% CVSS 8.1
HIGH POC PATCH This Week

Out-of-bounds read in Exiv2's CRW image parser allows remote attackers to cause denial of service and potentially disclose sensitive memory contents through crafted image files. Versions prior to 0.28.8 are affected, and public exploit code exists for this vulnerability. A patch is available that administrators should deploy immediately to prevent exploitation.

Buffer Overflow Information Disclosure Exiv2 +2
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

Vim versions before 9.2.0077 contain heap buffer overflow and segmentation fault vulnerabilities in swap file recovery that can be triggered by opening a specially crafted swap file, affecting users who recover sessions from untrusted sources. An attacker could exploit this to cause application crashes or potentially achieve code execution through memory corruption. A patch is available in version 9.2.0077 and later.

Code Injection Vim Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 4.4
MEDIUM POC PATCH This Month

Vim versions prior to 9.2.0076 contain a heap buffer overflow and out-of-bounds read vulnerability in the terminal emulator when handling Unicode combining characters from supplementary planes, allowing a local attacker with user interaction to cause memory corruption and denial of service. The vulnerability requires local access and user interaction to trigger, with no confidentiality impact but potential integrity and availability consequences. A patch is available in version 9.2.0076 and later.

Buffer Overflow Heap Overflow Vim +2
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Vim versions prior to 9.2.0075 contain a heap buffer underflow in the tags file parser that triggers when processing malformed tag files with delimiters at line starts, potentially allowing local attackers with user interaction to read out-of-bounds memory and cause information disclosure or crashes. The vulnerability requires local file system access and user interaction to exploit, with a CVSS score of 5.3 indicating medium severity. A patch is available in Vim 9.2.0075 and later versions.

Heap Overflow Vim Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

Vim versions prior to 9.2.0074 contain a heap buffer overflow in the Emacs-style tags file parser that allows reading up to 7 bytes of out-of-bounds memory when processing malformed tags files. A local attacker can trigger this vulnerability through a crafted tags file to leak sensitive information from the application's memory. The vulnerability has been patched in version 9.2.0074 and later.

Buffer Overflow Heap Overflow Vim +2
NVD GitHub VulDB
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

Arbitrary command execution in Vim's netrw plugin prior to version 9.2.0073 allows attackers to execute shell commands with user privileges by crafting malicious URLs (such as scp:// handlers) that users are tricked into opening. The vulnerability requires user interaction but poses a local privilege escalation risk in multi-user environments. A patch is available in Vim 9.2.0073 and later.

Command Injection Vim Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Server-Side Request Forgery in Gradio prior to version 6.6.0 allows attackers to execute arbitrary HTTP requests through a victim's infrastructure by crafting a malicious Space with a poisoned proxy_url configuration. Applications that load untrusted Gradio Spaces via gr.load() are vulnerable to attacks targeting internal services, cloud metadata endpoints, and private networks. No patch is currently available for affected Python/ML applications.

Python SSRF AI / ML +2
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Open redirect in Gradio's OAuth implementation allows unauthenticated attackers to redirect users to arbitrary external URLs through the unvalidated _target_url parameter on /logout and /login/callback endpoints in applications with OAuth enabled. This affects Gradio versions prior to 6.6.0 running on Hugging Face Spaces with gr.LoginButton, enabling phishing attacks or credential theft. The vulnerability has been patched in version 6.6.0 by sanitizing the parameter to only accept relative URLs.

Python AI / ML Gradio +2
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Crafted PDF files can trigger excessive memory consumption in pypdf versions before 6.7.4 when processing content streams with the RunLengthDecode filter, enabling denial-of-service attacks against applications using the library. An unauthenticated attacker can exploit this remotely by submitting a malicious PDF, causing the affected application to exhaust system memory. A patch is available in pypdf 6.7.4 and later.

Python Pypdf Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Remote code execution in Red Hat Satellite's rubyipmi BMC component allows authenticated users with host creation or update permissions to execute arbitrary code by injecting malicious input into the BMC username field. An attacker with these privileges can compromise the underlying system through command injection. No patch is currently available for this vulnerability.

Red Hat RCE Command Injection
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Build Of Keycloak contains a vulnerability that allows attackers to unauthorized changes to user profiles, even when the system is configured to res (CVSS 4.9).

Authentication Bypass Keycloak Build Of Keycloak +1
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash (//) prefix in the gateway_path. [CVSS 6.7 MEDIUM]

Red Hat Information Disclosure
NVD VulDB
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Streams. [CVSS 6.7 MEDIUM]

Red Hat Information Disclosure
NVD VulDB
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Stream API. This vulnerability allows exposure of sensitive client credentials and internal infrastructure headers via the test_headers field when an event stream is in test mode. [CVSS 6.7 MEDIUM]

Red Hat Privilege Escalation Information Disclosure
NVD VulDB
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply proper filtering, leading to an authorization bypass. [CVSS 5.0 MEDIUM]

Information Disclosure Red Hat
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

A flaw was found in uv. This vulnerability allows an attacker to execute malicious code during package resolution or installation via specially crafted ZIP (Zipped Information Package) archives that exploit parsing differentials, requiring user interaction to install an attacker-controlled package. [CVSS 6.3 MEDIUM]

Information Disclosure Uv Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 5.9
MEDIUM POC PATCH This Month

Junrar versions prior to 7.5.8 contain a path traversal vulnerability in LocalFolderExtractor that allows attackers to write arbitrary files to the filesystem when processing malicious RAR archives on Linux/Unix systems. Public exploit code exists for this vulnerability, which can facilitate remote code execution through file overwrite attacks such as modifying shell profiles or cron jobs. Users should upgrade to version 7.5.8 or later to remediate this issue.

Linux Java RCE +3
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic [CVSS 7.5 HIGH]

Denial Of Service Red Hat Suse
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

FTP command injection in GVfs backend allows remote attackers to execute arbitrary FTP commands by embedding CRLF sequences in crafted file paths, potentially leading to unauthorized access or code execution. The vulnerability requires user interaction and affects systems utilizing the FTP GVfs backend for file operations. A patch is available to remediate this input validation weakness.

RCE Red Hat Suse
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

GVfs FTP backend clients blindly trust server-provided IP addresses and ports during passive mode connections, enabling malicious FTP servers to conduct network reconnaissance and probe for open ports from the client's network perspective. The vulnerability requires user interaction but poses a confidentiality risk to network topology information. A patch is available to address this trust validation issue.

SSRF Red Hat Suse
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Stack overflow denial of service in fast-xml-parser versions prior to 5.3.8 occurs when the XML builder is used with the preserveOrder option enabled, causing the application to crash. An attacker can trigger this vulnerability remotely by sending specially crafted XML input, resulting in service unavailability for applications using the affected library. A patch is available in version 5.3.8 and later.

Stack Overflow Denial Of Service Fast Xml Parser +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Minimatch versions prior to 10.2.3 (and earlier affected versions) suffer from ReDoS vulnerabilities in nested extglob patterns that generate regexps with catastrophic backtracking, allowing remote attackers to cause denial of service with minimal input. A 12-byte glob pattern like `*(*(*(a|b)))` combined with an 18-byte non-matching string can hang the application for 7+ seconds, with larger patterns stalling for minutes. Public exploit code exists and no patch is currently available, making this a critical risk for any application using the default minimatch API.

Denial Of Service Minimatch Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Minimatch versions before 3.1.3 through 10.2.3 suffer from catastrophic backtracking in glob pattern matching when processing multiple GLOBSTAR segments, allowing attackers who control glob patterns to trigger exponential time complexity and cause denial of service. Public exploit code exists for this vulnerability, and affected Node.js applications using vulnerable Minimatch versions are at immediate risk. No patch is currently available, requiring users to upgrade to patched versions or implement input validation as a mitigation.

Node.js Minimatch Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Improper output encoding in Svelte versions prior to 5.53.5 allows attackers to inject malicious HTML and execute arbitrary JavaScript in user browsers through unescaped error messages returned by the transformError function. An attacker who can control error content can exploit this XSS vulnerability to compromise application security and user data. A patch is available in version 5.53.5 and later.

XSS Svelte Red Hat
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Svelte versions prior to 5.53.5 fail to properly escape text bindings on contenteditable elements, allowing attackers to inject malicious HTML and execute arbitrary scripts when the application renders untrusted data as initial binding values during server-side rendering. This affects applications that use `bind:innerText` or `bind:textContent` with user-controlled input. A patch is available in version 5.53.5.

XSS Svelte Red Hat
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in pypdf prior to version 6.7.3 allows remote attackers to exhaust system memory by crafting malicious PDF files that exploit FlateDecode-compressed streams accessed through the xfa property. The vulnerability requires no authentication or user interaction and affects any application processing untrusted PDF documents with the vulnerable library. Upgrade to pypdf 6.7.3 or later to remediate.

Python Pypdf Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM POC PATCH This Month

Dottie versions 2.0.4 through 2.0.6 suffer from an incomplete prototype pollution fix that allows attackers to bypass validation by placing `__proto__` in non-first positions within dot-separated paths, affecting both `dottie.set()` and `dottie.transform()` functions. An attacker can exploit this to pollute object prototypes and achieve limited confidentiality, integrity, and availability impacts. Public exploit code exists and a patch is available in version 2.0.7.

Code Injection Dottie Red Hat
NVD GitHub
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Heap buffer over-read in ImageMagick and Magick.NET's DJVU image handler allows local attackers to read out-of-bounds memory through integer truncation in stride calculations. An attacker can trigger this vulnerability by supplying a malicious DJVU file, potentially leading to information disclosure or application crashes. Updates are available for ImageMagick versions 7.1.2-15, 6.9.13-40 and later.

Buffer Overflow Imagemagick Magick.Net +2
NVD GitHub
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Magick.NET and ImageMagick versions before 7.1.2-15 and 6.9.13-40 are vulnerable to heap buffer over-read when processing low-resolution images with the wavelet-denoise filter, allowing local attackers to read sensitive memory. This out-of-bounds read could expose confidential information from adjacent heap memory with no possibility of code execution or denial of service. A patch is available for affected users.

Buffer Overflow Magick.Net Imagemagick +2
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

An integer overflow in FreeRDP's Stream_EnsureCapacity function prior to version 3.23.0 can trigger an endless blocking loop, causing denial of service on affected client and server implementations. This vulnerability primarily impacts 32-bit systems with sufficient physical memory and has public exploit code available. Administrators should upgrade to FreeRDP 3.23.0 or later to remediate this issue.

Integer Overflow Freerdp Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

FreeRDP versions prior to 3.23.0 contain an incomplete fix for a heap-use-after-free vulnerability that affects only the SDL2 code path, where freed memory pointers are not properly nulled, allowing an unauthenticated attacker to trigger a denial of service condition. Users running FreeRDP with SDL2 backends remain vulnerable despite the advisory claiming the issue was resolved. Upgrade to version 3.23.0 or later to obtain the complete fix.

Use After Free Freerdp Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol. [CVSS 7.5 HIGH]

Windows Freerdp Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 8.1
HIGH POC PATCH This Week

Buffer overflow in parallel HNSW index build in pgvector 0.6.0 versions up to 0.8.1 is affected by integer underflow (CVSS 8.1).

Buffer Overflow Denial Of Service AI / ML +2
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

Denial of service in FreeRDP prior to version 3.23.0 allows a malicious RDP server to crash the client application through a missing bounds check in smartcard packet handling. This vulnerability affects users who have explicitly enabled smartcard redirection, and public exploit code exists. The crash is triggered via assertion failure in builds with verbose assert checking enabled, which is the default configuration in FreeRDP 3.22.0.

Denial Of Service Freerdp Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

FreeRDP versions prior to 3.23.0 are vulnerable to a buffer overread in icon data processing that allows denial of service when clients receive crafted RDP Window Icon data from a server or network attacker. An unauthenticated remote attacker can exploit this vulnerability to crash the FreeRDP client by sending malicious icon structures during the RDP connection. A patch is available in version 3.23.0 and later.

Buffer Overflow Freerdp Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

Use-after-free in FreeRDP xf_clipboard_format_equal before 3.23.0. Clipboard format comparison uses freed memory. Fifth FreeRDP UAF. PoC and patch available.

Use After Free Freerdp Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

Use-after-free in FreeRDP xf_cliprdr_provide_data clipboard handling before 3.23.0. Clipboard data exchange triggers memory corruption. PoC and patch available.

Use After Free Freerdp Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

Use-after-free in FreeRDP xf_AppUpdateWindowFromSurface before 3.23.0. Different code path from CVE-2026-25953. PoC and patch available.

Use After Free Freerdp Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol. [CVSS 7.5 HIGH]

Windows Freerdp Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

Use-after-free in FreeRDP xf_AppUpdateWindowFromSurface before 3.23.0. Surface-to-window update triggers memory corruption. PoC and patch available.

Use After Free Freerdp Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

Use-after-free in FreeRDP xf_SetWindowMinMaxInfo before version 3.23.0. X11 client window management triggers memory corruption. PoC and patch available.

Windows Freerdp Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol. [CVSS 7.5 HIGH]

Buffer Overflow Information Disclosure Freerdp +2
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

FreeRDP is a free implementation of the Remote Desktop Protocol. [CVSS 4.3 MEDIUM]

Denial Of Service Information Disclosure Freerdp +2
NVD GitHub VulDB
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

Remote code execution in LangGraph's caching layer affects applications that explicitly enable cache backends inheriting from BaseCache with nodes opted into caching via CachePolicy. An attacker can exploit unsafe deserialization through pickle when msgpack serialization fails, allowing arbitrary code execution on affected systems. This vulnerability requires explicit cache configuration and does not affect default deployments.

Redis RCE SQLi +3
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Wireshark versions 4.4.0-4.4.13 and 4.6.0-4.6.3 crash when processing malformed RF4CE Profile protocol packets, enabling local denial of service attacks through user interaction. An attacker can trigger an out-of-bounds read by supplying a specially crafted packet file to a target user, causing the application to become unavailable. No patch is currently available for this vulnerability.

Denial Of Service Wireshark Red Hat +1
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

NTS-KE protocol dissector crash in Wireshark 4.6.0 to 4.6.3 allows denial of service [CVSS 4.7 MEDIUM]

Denial Of Service Wireshark Red Hat +1
NVD
EPSS 0% CVSS 4.7
MEDIUM POC PATCH This Month

Wireshark 4.6.0-4.6.3 and 4.4.0-4.4.13 can be crashed through memory exhaustion in the USB HID protocol dissector when processing malformed packets. A local attacker with the ability to trigger packet analysis can cause a denial of service condition, and public exploit code exists for this vulnerability. No patch is currently available.

Denial Of Service Wireshark Red Hat +1
NVD
EPSS 0% CVSS 9.1
CRITICAL POC PATCH Act Now

Path traversal in basic-ftp Node.js FTP client library before 5.2.0 allows malicious FTP servers to write files outside the intended download directory. PoC and patch available.

Node.js Path Traversal Basic Ftp +2
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Denial of Service in Red Hat Developer Hub's Orchestrator Plugin allows authenticated users to crash the entire Backstage application through malformed GraphQL queries due to insufficient input validation. An attacker can leverage this to temporarily disable platform access for all legitimate users. No patch is currently available to address this vulnerability.

Red Hat Denial Of Service SQLi
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Unprivileged users can extract LUKS encryption headers from the udisks daemon due to missing authorization checks on a privileged D-Bus method, allowing attackers to read sensitive cryptographic metadata and potentially compromise encrypted storage confidentiality. The vulnerability affects systems running vulnerable versions of udisks and requires local access to exploit. No patch is currently available.

Authentication Bypass Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

URLs containing percent-encoded slashes (`/` or `\`) can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. This flaw only affects the wcurl command line tool. [CVSS 4.6 MEDIUM]

Path Traversal Wcurl Red Hat +1
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Pypdf versions up to 6.7.2 is affected by loop with unreachable exit condition (infinite loop) (CVSS 7.5).

Python Pypdf Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Wasmtime's HTTP header handling in the wasmtime-wasi-http crate crashes when processing excessive header fields, allowing remote attackers to trigger denial of service against applications embedding Wasmtime. The vulnerability affects versions prior to 24.0.6, 36.0.6, 40.0.4, 41.0.4, and 42.0.0, and has been patched to return a controlled trap instead of panicking. Embedders should update immediately to mitigate this DoS vector.

Industrial Denial Of Service Wasmtime +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Uncontrolled resource allocation in Wasmtime's WASI host interfaces allows authenticated guests to trigger denial of service on the host system by exhausting resources without proper limits. Affected versions prior to 24.0.6, 36.0.6, 40.0.4, 41.0.4, and 42.0.0 require explicit configuration to mitigate this issue, though Wasmtime 42.0.0 and later provide secure defaults. No patch is currently available for older versions, and resource exhaustion protections must be manually enabled.

Denial Of Service Wasmtime Red Hat
NVD GitHub
Prev Page 31 of 96 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy