Lucene search
K
RedhatcveMost viewed

206401 matches found

RedhatCVE
RedhatCVE
•added 2017/01/11 3:47 p.m.•49 views

CVE-2016-7478

Zend/zendexceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service infinite loop via a crafted Exception object in serialized data, a related issue to CVE-2015-8876...

9.8CVSS5.5AI score0.42401EPSS
Exploits2References2
RedhatCVE
RedhatCVE
•added 2016/12/21 3:18 p.m.•49 views

CVE-2016-8743

It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a...

7.5CVSS2.4AI score0.13252EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2026/01/25 9:16 a.m.•48 views

CVE-2026-1103

The AIKTP plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization checks on the /aiktp/getToken REST API endpoint in all versions up to, and including, 5.0.04. The endpoint uses the 'verifyuserloggedin' as a permission callback, which only checks if a...

5.4CVSS5.5AI score0.00239EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/01/09 10:6 a.m.•48 views

CVE-2019-20525

Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp driver parameter...

6.1CVSS5.8AI score0.00906EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/01/07 9:18 a.m.•48 views

CVE-2025-1188

A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/admin/updateroutine.php. The manipulation of the argument tid leads to sql injection. The attack may be launched...

9.8CVSS7.3AI score0.00484EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2025/11/20 12:21 a.m.•48 views

CVE-2025-51662

A stored cross-site scripting XSS vulnerability is found in the text sharing feature of FileCodeBox version 2.2 and earlier. Insufficient input validation allows attackers to inject arbitrary JavaScript code into shared text "codeboxes". The xss payload is automatically executed in the browsers o...

5.4CVSS5.8AI score0.00148EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2025/10/10 3:23 a.m.•48 views

CVE-2025-27045

Information disclosure while processing batch command execution in Video driver...

6.1CVSS7AI score0.0009EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2025/07/16 8:58 p.m.•48 views

CVE-2025-53820

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the index.php endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers to inject...

6.5CVSS6AI score0.0024EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2025/03/02 1:24 p.m.•48 views

CVE-2025-22272

In the "/EPMUI/ModalDlgHandler.ashx?value=showReadonlyDlg" endpoint, it is possible to inject code in the "modalDlgMsgInternal" parameter via POST, which is then executed in the browser. The risk of exploiting vulnerability is reduced due to the required additional bypassing the...

2.1CVSS6.4AI score0.00427EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2024/08/16 12:8 a.m.•48 views

CVE-2024-7589

A signal handler in sshd8 may call a logging function that is not async-signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds 120 by default. This signal handler executes in the context of the sshd8's privileged code, which is not sandbox...

9.3CVSS8AI score0.99506EPSS
Exploits68References6
RedhatCVE
RedhatCVE
•added 2024/07/01 9:20 p.m.•48 views

CVE-2024-39008

A flaw was found in the fast-loops Node.js package. This flaw allows an attacker to alter the behavior of all objects inheriting from the affected prototype by passing arguments to the objectMergeDeep function crafted with the built-in property: proto. This issue can potentially lead to a denial ...

6.5CVSS9.4AI score0.00918EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/06/14 7:12 a.m.•48 views

CVE-2024-23443

A flaw was found in Kibana. A high-privileged user, allowed to create custom osquery packs, could affect the availability of Kibana by uploading a maliciously crafted osquery pack...

4.9CVSS6.9AI score0.01764EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2024/05/03 9:27 p.m.•48 views

CVE-2022-48692

This is a vulnerability identified in the Linux kernel's RDMA Remote Direct Memory Access subsystem, specifically within the SCSI RDMA Protocol SRP driver. The issue arises from a NULL pointer dereference that can occur during certain operations, leading to potential system crashes or unexpected...

5.5CVSS6.8AI score0.00225EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/04/17 8:59 p.m.•48 views

CVE-2024-26919

In the Linux kernel, the following vulnerability has been resolved: usb: ulpi: Fix debugfs directory leak The ULPI per-device debugfs root is named after the ulpi device's parent, but ulpiunregisterinterface tries to remove a debugfs directory named after the ulpi device itself. This results in t...

5.5CVSS6.8AI score0.00222EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/04/17 1:0 p.m.•48 views

CVE-2023-6544

A flaw was found in the Keycloak package. This issue occurs due to a permissive regular expression hardcoded for filtering which allows hosts to register a dynamic client. A malicious user with enough information about the environment could jeopardize an environment with this specific Dynamic...

5.4CVSS6.7AI score0.01075EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2024/04/04 1:3 a.m.•48 views

CVE-2024-26778

In the Linux kernel, the following vulnerability has been resolved: fbdev: savage: Error out if pixclock equals zero The userspace program could pass any values to the driver through ioctl interface. If the driver doesn't check the value of pixclock, it may cause divide-by-zero error. Although...

5.5CVSS6.6AI score0.00271EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/03/29 3:50 p.m.•48 views

CVE-2023-52629

A vulnerability was found in the push-switch driver of Linux Kernel due to improper cleanup sequence in switchdrvremove. Originally, flushwork was placed before timershutdownsync, allowing the worker to potentially be rescheduled in switchtimer and causing a use-after-free bug. Mitigation Red Hat...

5.5CVSS6.4AI score0.00242EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/03/04 5:26 p.m.•48 views

CVE-2023-52566

A use after free flaw was found in nilfsgccachesubmitreaddata in the Linux kernel. This may result in a crash...

5.5CVSS6AI score0.00222EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/02/29 5:2 p.m.•48 views

CVE-2024-1657

A flaw was found in the ansible automation platform. An insecure WebSocket connection was being used in installation from the Ansible rulebook EDA server. An attacker that has access to any machine in the CIDR block could download all rulebook data from the WebSocket, resulting in loss of...

8.1CVSS7.4AI score0.00378EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2024/02/23 2:2 p.m.•48 views

CVE-2023-52447

In the Linux kernel, the following vulnerability has been resolved: bpf: Defer the free of inner map when necessary When updating or deleting an inner map in map array or map htab, the map may still be accessed by non-sleepable program or sleepable program. However bpfmapfdputptr decreases the...

6.7CVSS6.6AI score0.00248EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/01/31 2:7 p.m.•48 views

CVE-2023-6779

An off-by-one heap-based buffer overflow was found in the vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INTMAX bytes, leading to an incorrect calculation of t...

8.2CVSS7.7AI score0.04794EPSS
Exploits8References5
RedhatCVE
RedhatCVE
•added 2024/01/19 12:4 p.m.•48 views

CVE-2024-22365

A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with /tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with pamnamespace configured will cause the openat in protectdir to...

5.5CVSS5.6AI score0.00459EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2024/01/18 4:35 a.m.•48 views

CVE-2024-21886

A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments. Mitigation Mitigation for this issue is either not available or the currently...

7.8CVSS9.4AI score0.0142EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2024/01/17 12:6 p.m.•48 views

CVE-2024-20985

Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server...

6.5CVSS6.6AI score0.01104EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/01/17 3:34 a.m.•48 views

CVE-2023-45233

The Network Package in EDK2 is vulnerable to an infinite loop exploit when parsing a PadN option within the Destination Options header of IPv6. This flaw allows an unauthorized attacker to gain access and potentially result in a loss of system availability. Mitigation Mitigation for this issue is...

7.5CVSS7.9AI score0.02084EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2024/01/12 6:30 a.m.•48 views

CVE-2022-48619

A vulnerability was found in drivers/input/input.c in the Linux Kernel, where the inputsetcapability function mishandles scenarios where an event code is outside the bitmap. This issue can lead to a kernel panic when the event code exceeds the bitmap for the specified event type, which could allo...

5.5CVSS7AI score0.00213EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2024/01/10 5:31 p.m.•48 views

CVE-2023-4001

An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a fil...

6.8CVSS7.2AI score0.00542EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/01/10 5:2 a.m.•48 views

CVE-2024-21319

A Denial of Service vulnerability was found in .NET Core project templates that utilize JWT-based authentication tokens. This issue may allow an unauthenticated client to consume arbitrarily large amounts of server memory, potentially triggering an out-of-memory condition on the server and making...

6.8CVSS7.9AI score0.02868EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/12/20 11:10 a.m.•48 views

CVE-2023-49083

A null-pointer dereference vulnerability was found in python-cryptography during the loading of PKCS7 certificates. Invoking "loadpempkcs7certificates" or "loadderpkcs7certificates" can trigger this issue and lead to subsequent segmentation fault and result in a Denial of Service DoS for any...

7.5CVSS6.5AI score0.00985EPSS
Exploits1References6
RedhatCVE
RedhatCVE
•added 2023/11/17 10:16 a.m.•48 views

CVE-2023-44446

A use-after-free flaw was found in the MXF demuxer in GStreamer when handling certain MXF video files. This issue could allow a malicious third party to trigger a crash in the application and may allow code execution. Mitigation Mitigation for this issue is either not available or the currently...

8.8CVSS6.3AI score0.01744EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/11/02 1:48 p.m.•48 views

CVE-2023-5764

A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data...

7.1CVSS7.5AI score0.00539EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/10/26 6:28 p.m.•48 views

CVE-2023-46316

A vulnerability was found in traceroute. This security issue is caused by wrapper scripts that do not properly parse command lines. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of...

5.5CVSS6.5AI score0.00367EPSS
Exploits2References4
RedhatCVE
RedhatCVE
•added 2023/08/23 9:22 p.m.•48 views

CVE-2022-47011

A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability...

5.5CVSS5.5AI score0.00403EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/08/23 7:15 p.m.•48 views

CVE-2020-19724

A memory consumption issue was identified in binutils in getdata function in nm.c file. This flaws could allow attackers to cause a denial of service via crafted command...

5.5CVSS5.4AI score0.00275EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/08/22 4:53 p.m.•48 views

CVE-2022-46751

Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy...

8.2CVSS8.3AI score0.01855EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/08/22 7:19 a.m.•48 views

CVE-2023-32006

A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. Mitigation Mitigation for this issue is either not available or the currentl...

7.1CVSS9.2AI score0.01273EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/08/04 7:49 a.m.•48 views

CVE-2023-4135

A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an allocated buffer can ...

6CVSS6.7AI score0.00409EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/07/19 11:7 a.m.•48 views

CVE-2023-25399

A flaw was found in SciPy, where it is vulnerable to a denial of service caused by a memory leak flaw in the PyFindObjects function due to a new reference not being decreased. This flaw allows a local attacker to send a specially crafted request, forcing the application to leak memory and perform...

5.5CVSS5.1AI score0.00378EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2023/06/16 9:44 a.m.•48 views

CVE-2023-3268

An out-of-bounds OOB memory access flaw was found in the Linux kernel in relayfilereadstartpos in kernel/relay.c in the relayfs. This flaw allows a local attacker to crash the system or leak kernel internal information. Mitigation Mitigation for this issue is either not available or the currently...

6CVSS6.9AI score0.00469EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/06/13 6:35 a.m.•48 views

CVE-2023-1428

A flaw was found in the gRPC library. Affected versions of this package are vulnerable to a reachable assertion, causing the abort function to be called and resulting in a denial of service. Mitigation Mitigation for this issue is either not available or the currently available options do not mee...

7.5CVSS7.2AI score0.00412EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/06/12 9:35 p.m.•48 views

CVE-2023-3141

A use-after-free flaw was found in r592remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This issue may allow a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak. Mitigation Mitigation for this issue is either not...

6.4CVSS7AI score0.00437EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/05/10 6:21 a.m.•48 views

CVE-2023-32205

The Mozilla Foundation Security Advisory describes this flaw as: In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks...

7.5CVSS7AI score0.00631EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/04/12 6:30 a.m.•48 views

CVE-2023-29532

The Mozilla Foundation Security Advisory describes this flaw as: A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check, before...

7.5CVSS5.8AI score0.00185EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/04/03 7:13 p.m.•48 views

CVE-2022-3509

A flaw was found in Textformat in protobuf-java core that can lead to a denial of service. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields can cause objects to convert between mutable and immutable forms, resulting in long garbage collection...

5.3CVSS7.3AI score0.00567EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/03/30 9:22 a.m.•48 views

CVE-2023-26545

A double-free flaw was found in the Linux kernel when the MPLS implementation handled sysctl allocation failures. This issue could allow a local user to cause a denial of service or possibly execute arbitrary code...

4.7CVSS6.6AI score0.00331EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/03/30 9:14 a.m.•48 views

CVE-2023-23003

A NULL pointer dereference flaw was found in the Linux kernel’s Linux performance measurement and analysis tool. This flaw allows a local user to crash the system...

4CVSS6.9AI score0.00267EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/03/15 5:13 a.m.•48 views

CVE-2022-41725

A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption flaw in the net/http and mime/multipart packages. By sending a specially-crafted request, a remote attacker can cause a denial of service...

7.5CVSS8.2AI score0.01231EPSS
Exploits0References7
RedhatCVE
RedhatCVE
•added 2023/03/14 10:43 a.m.•49 views

CVE-2023-1382

A data race flaw was found in the Linux kernel, between where con is allocated and con-sock is set. This issue leads to a NULL pointer dereference when accessing con-sock-sk in net/tipc/topsrv.c in the tipc protocol in the Linux kernel. Mitigation This flaw can be mitigated by preventing the...

5.5CVSS5.7AI score0.00184EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/02/22 4:59 a.m.•48 views

CVE-2022-38779

An open redirect flaw was found in Kibana. This issue can lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL...

6.1CVSS6.2AI score0.00513EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/02/16 11:56 a.m.•48 views

CVE-2022-41966

A flaw was found in the xstream package. This flaw allows an attacker to cause a denial of service by injecting recursive collections or maps, raising a stack overflow...

7.5CVSS4.6AI score0.08689EPSS
Exploits1References4
Total number of security vulnerabilities5000