CVE-2026-26017

A flaw was found in CoreDNS, a DNS server that uses a chain of plugins. This logical vulnerability allows an attacker to bypass DNS access controls. The issue occurs because security plugins, such as 'acl', are evaluated before the 'rewrite' plugin, creating a Time-of-Check Time-of-Use TOCTOU fla...

CVE-2026-26999

A flaw was found in Traefik, an HTTP reverse proxy and load balancer. A remote unauthenticated client can exploit this vulnerability by sending an incomplete Transport Layer Security TLS record, which causes the TLS handshake to stall indefinitely. This can lead to resource exhaustion, such as fi...

CVE-2025-41117

A cross site scripting flaw has been discovered in Grafana's Explore Traces view. This view can be rendered as raw HTML and thus inject malicious JavaScript in the browser. This would require malicious JavaScript to be entered into the stack trace field. Only datasources with the Jaeger HTTP API...

CVE-2025-69872

A deserialization flaw was found in python-diskcache. This component uses Python pickle for serialization by default. An attacker with write access to the cache directory can exploit this vulnerability to achieve arbitrary code execution when a victim application reads from the cache. The impact ...

CVE-2026-24683

A heap buffer use after free has been discovered in FreeRDP. ainputsendinputevent caches channelcallback in a local variable and later uses it without synchronization; a concurrent channel close can free or reinitialize the callback, leading to a use after free. Mitigation Mitigation for this iss...

CVE-2026-1190

A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language SAML setup, it fails to validate the NotOnOrAfter timestamp within the SubjectConfirmationData. This allows an attacker to delay the expiration of SAML...

CVE-2025-59052

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Angular uses a DI container the "platform injector" to hold request-specific state during server-side rendering. For historical reasons, the container was stored as ...

CVE-2025-58057

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with specially crafted...

CVE-2025-57833

An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed QuerySet.annotate or QuerySet.alias. Mitigation...

CVE-2025-9572

No description is available for this CVE. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability...

CVE-2025-9162

A flaw was found in org.keycloak/keycloak-model-storage-service. The KeycloakRealmImport custom resource substitutes placeholders within imported realm documents, potentially referencing environment variables. This substitution process allows for injection attacks when crafted realm documents are...

CVE-2025-55004

A heap-based buffer overflow flaw was found in ImageMagick. This issue is present when handling images with separate alpha channels and performing image magnification in ReadOneMNGIMage. This vulnerability could be exploited to leak subsequent memory contents into the output image. Mitigation...

CVE-2025-8881

A flaw was found in chromium-browser. A coding error within the file picker component allows a remote attacker to trigger a cross-origin data leak by manipulating user interface gestures through a specially crafted HTML page. This manipulation allows the attacker to access data from other origins...

CVE-2025-43864

A flaw was found in the React Router. This vulnerability allows an attacker to trigger a rendering error via a crafted X-React-Router-SPA-Mode header, which can result in cache poisoning. If a caching system is in place, the corrupted error response may be cached and served to subsequent users,...

CVE-2024-27766

Disputed A flaw was found in MariaDB. This flaw allows a remote attacker to use a specially crafted payload to execute arbitrary commands in certain configurations. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product...

CVE-2024-0760

A flaw was found in the bind9 package, where a malicious client may send many DNS messages over the TCP protocol, leading to instabilities on the server side and potentially causing a denial of service. The server will recover automatically once the attack ceases. Mitigation Mitigation for this...

CVE-2023-45230

A security flaw was identified in EDK2, the open-source reference implementation of the UEFI specification, involving a buffer overflow vulnerability. This particular weakness enables an unauthorized attacker within the vicinity of the network to transmit a specifically crafted DHCPv6 message...

CVE-2023-37329

A heap-based buffer overflow vulnerability was found in the PGS Blu-ray subtitle decoder within GStreamer when processing specific files. This issue could allow a malicious third party to crash the application and execute code by manipulating the heap. Mitigation Mitigation for this issue is eith...

CVE-2023-32370

A vulnerability was found in webkit. A logic issue was addressed with improved validation. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to...

CVE-2020-22628

A flaw was found in the libraw library. This issue occurs due to an out-of-bounds read vulnerability that exists within the "LibRaw::stretch" function libraw\src\postprocessing\aspectratio.cpp when parsing a crafted CRW file. Mitigation Mitigation for this issue is either not available or the...