Lucene search
K
RedhatcveRecent

206304 matches found

RedhatCVE
RedhatCVE
•added 2026/06/25 6:2 p.m.•7 views

CVE-2026-53119

A flaw was found in the Linux kernel's platform/wmi component. A vulnerability exists where a driver's match function can access memory after it has been freed Use-After-Free, due to improper locking during driver probing. This could allow an attacker to execute arbitrary code or cause the system...

6.1AI score0.00157EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/25 6:2 p.m.•6 views

CVE-2026-53075

A flaw was found in the Linux kernel's Point-to-Point Protocol PPP subsystem. A local unprivileged user can exploit this vulnerability by creating a new user namespace and bypassing authorization checks for unattached administrative input/output controls ioctls. This allows the user to perform...

8.8CVSS5.8AI score0.00182EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2026/06/25 6:2 p.m.•5 views

CVE-2026-53073

A flaw was found in the Linux kernel's Bluetooth Host Controller Interface HCI Universal Asynchronous Receiver/Transmitter UART driver. When the hciregisterdev function fails, a flag indicating protocol initialization is not properly cleared. This oversight allows incoming UART data to be process...

7CVSS5.7AI score0.00172EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/25 6:2 p.m.•7 views

CVE-2026-53074

A flaw was found in the Linux kernel's BPF Berkeley Packet Filter subsystem. Specifically, the bpfprogtestrunskb function, responsible for testing BPF programs with network packets, did not properly validate the length of IPv4 and IPv6 inputs. This could allow the kernel to attempt to access...

6.4CVSS5.8AI score0.00164EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/25 6:2 p.m.•6 views

CVE-2026-53078

A flaw was found in the Linux kernel's Berkeley Packet Filter BPF socket operations sockops program. When a BPF sockops program accesses context fields with the same destination and source registers, certain macros fail to properly clear the destination register. This can lead to a...

7.8CVSS6.2AI score0.00112EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/25 6:2 p.m.•6 views

CVE-2026-53076

A flaw was found in the Linux kernel. This vulnerability, located in the BPF Berkeley Packet Filter subsystem, involves an out-of-bounds read when data is copied between specific types of BPF maps. The system incorrectly handles data sizes that are not aligned to a specific memory boundary, causi...

7.1CVSS5.8AI score0.00116EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/25 6:2 p.m.•5 views

CVE-2026-53094

A flaw was found in the Linux kernel's Berkeley Packet Filter BPF component. When a dev-bound-only BPF program undergoes Just-In-Time JIT compilation with constant blinding enabled, a stale pointer to a freed program can occur. This issue arises when the network namespace is destroyed, leading to...

7.8CVSS5.8AI score0.00128EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/25 6:2 p.m.•6 views

CVE-2026-53071

A flaw was found in the Linux kernel's Bluetooth Logical Link Control and Adaptation Protocol L2CAP implementation. A remote Bluetooth Low Energy BLE device can exploit this by sending a specially crafted L2CAP ECRED reconfiguration response. This can lead to the corruption of the channel list,...

8.8CVSS5.8AI score0.00146EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/25 6:1 p.m.•6 views

CVE-2026-53115

A flaw was found in the Linux kernel's fsl-mc bus driver. During the driver probing process, a Use-After-Free UAF vulnerability can occur because the match callback accesses the driveroverride field without proper locking. This can lead to system instability or potentially allow an attacker to...

5.5CVSS6.1AI score0.00157EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/25 6:1 p.m.•4 views

CVE-2026-53116

A flaw was found in the Linux kernel's s390/ap driver. A race condition occurs when AP masks are updated, leading to aprevisereserved accessing the driveroverride field without proper locking. This can result in a Use-After-Free UAF vulnerability, where memory is accessed after it has been freed...

5.5CVSS5.9AI score0.00145EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/25 6:1 p.m.•8 views

CVE-2026-53118

A flaw was found in the Linux kernel's vdpa driver. This vulnerability occurs because a specific field, driveroverride, is accessed without proper locking during the driver's initialization process. An attacker could exploit this Use-After-Free UAF condition to potentially execute arbitrary code ...

5.5CVSS6.2AI score0.00155EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/25 6:1 p.m.•4 views

CVE-2026-53105

A flaw was found in the Linux kernel's Wi-Fi subsystem, specifically within the mt76: mt7925 driver. This vulnerability occurs due to a missing check for a NULL 'vif' Virtual Interface before it is accessed. An attacker could potentially trigger a kernel panic by exploiting scenarios where the...

5.5CVSS5.8AI score0.00168EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/25 5:47 p.m.•5 views

CVE-2026-53261

A flaw was found in the devlink component of the Linux kernel. This issue occurs when a devlink instance acquires a nested relation but fails to register, leading to a resource leak. This can result in system instability or a denial of service DoS over time due to resource exhaustion...

5.5CVSS5.8AI score0.00163EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/25 5:47 p.m.•5 views

CVE-2026-53274

A flaw was found in the Linux kernel's net/smc component. A local unprivileged user can exploit a logic flaw, specifically a 'sleep-inside-lock' issue within the smcsetsockopt function. By providing a specially crafted memory page, an attacker can cause the system to halt execution, leading to a...

5.5CVSS5.8AI score0.00181EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/25 5:47 p.m.•6 views

CVE-2026-53212

A flaw was found in the Linux kernel's netfilter component, specifically within the nfttunnel module. This vulnerability occurs due to a use-after-free error when an object is destroyed, where memory is prematurely deallocated while still being referenced by queued network packets. This can lead ...

7.8CVSS5.8AI score0.00125EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/25 5:47 p.m.•5 views

CVE-2026-53225

A flaw was found in the Linux kernel's Stream Control Transmission Protocol SCTP implementation. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted, truncated ASCONF Address Configuration chunk. This can cause the system to read up to 16 bytes of...

9.1CVSS5.8AI score0.00544EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/25 5:47 p.m.•6 views

CVE-2026-53259

A flaw was found in the Linux kernel, specifically within its management of IPv6 anycast addresses. A timing issue, known as a race condition, can occur when these addresses are added and removed from a system's internal list. This can lead to the system attempting to access memory that has alrea...

7.8CVSS5.7AI score0.00123EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/25 5:47 p.m.•5 views

CVE-2026-53275

A flaw was found in the Linux kernel's IPv6 multicast mcast component. When processing Multicast Listener Discovery MLD queries, a pointer to the multicast group address is not correctly reloaded after certain packet manipulations. This can lead to a use-after-free vulnerability, potentially...

8.8CVSS6AI score0.00252EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/25 5:47 p.m.•6 views

CVE-2026-53264

A flaw was found in the Linux kernel's networking scheduler. A race condition, which is a problem that occurs when multiple operations try to access the same resource at the same time, exists when network filter operations are run concurrently. This can lead to a Use-After-Free UAF vulnerability,...

7.8CVSS6AI score0.00129EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/25 5:47 p.m.•6 views

CVE-2026-53270

A flaw was found in the Linux kernel's IP Virtual Server IPVS component. During the ipvseditservice operation, the svc-scheduler pointer is cleared too late when unbinding an old scheduler. This improper handling allows packets to access previously freed scheduler data, leading to a use-after-fre...

7.8CVSS5.8AI score0.00129EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/25 5:32 p.m.•5 views

CVE-2026-54273

A flaw was found in AIOHTTP, an asynchronous HTTP client/server framework for asyncio and Python. An attacker could exploit this vulnerability by sending an unlimited number of pipelined requests, causing the system to consume excessive amounts of memory. This could lead to a Denial of Service Do...

8.7CVSS5.9AI score0.00279EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/25 5:32 p.m.•6 views

CVE-2026-54274

A flaw was found in aiohttp, an asynchronous HTTP client/server framework. An attacker can exploit this vulnerability by sending large, incomplete websocket frame payloads. This can bypass normal memory usage limits, potentially leading to a Denial of Service DoS where the affected system becomes...

8.7CVSS5.8AI score0.00305EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/25 5:32 p.m.•5 views

CVE-2026-54275

A flaw was found in aiohttp, an asynchronous HTTP client/server framework. This vulnerability allows a remote attacker to bypass the Transport Layer Security TLS Server Name Indication SNI check. This occurs when an application reuses an existing connection for multiple requests to the same domai...

7.5CVSS5.8AI score0.00266EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/25 5:32 p.m.•5 views

CVE-2026-54277

A flaw was found in aiohttp, an asynchronous HTTP client/server framework for Python. A remote attacker can exploit this vulnerability by sending oversized lines within an HTTP request. This bypasses the maxlinesize check in the C parser, causing the system to use an excessive amount of memory...

8.7CVSS5.9AI score0.00322EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/25 5:32 p.m.•5 views

CVE-2026-54278

A flaw was found in aiohttp, an asynchronous HTTP client/server framework. An attacker could send a specially crafted compressed request body that, during cleanup, would be decompressed into memory in one large chunk. This could potentially lead to a Denial of Service DoS condition, where the...

8.7CVSS5.9AI score0.00279EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/25 5:31 p.m.•5 views

CVE-2026-54293

A flaw was found in NLTK Natural Language Toolkit. The nltk.data.load function is vulnerable to path traversal when processing specially crafted nltk: URLs. An attacker can exploit a decode-after-check flaw, where URL-encoded path separators and traversal segments bypass security checks. This...

7.5CVSS5.9AI score0.00378EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2026/06/25 5:17 p.m.•4 views

CVE-2026-54906

A flaw was found in concurrent-ruby, a Ruby library for managing concurrent operations. The Concurrent::ReadWriteLock component contains a synchronization issue where write locks can be released by unauthorized threads. This could allow multiple threads to write concurrently, potentially leading ...

9.8CVSS5.7AI score0.0016EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/25 5:17 p.m.•5 views

CVE-2026-54904

A flaw was found in concurrent-ruby. A remote attacker could exploit a vulnerability in the Concurrent::AtomicReferenceupdate method, which can enter a permanent busy retry loop. This occurs when the current value is a special 'Not a Number' Float::NAN floating-point value, causing the method to...

8.2CVSS5.9AI score0.00278EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2026/06/25 5:2 p.m.•6 views

CVE-2026-57062

A flaw in GnuPG's gpgsm component improperly handles the Cryptographic Message Syntax CMS format for AES-GCM. By accepting an authentication tag length of 4 bytes instead of the required 12 bytes, this vulnerability allows for a low-impact data integrity issue where the cryptographic validity of...

2.9CVSS5.7AI score0.0011EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/25 5:1 p.m.•5 views

CVE-2026-57236

A flaw was found in Nokogiri, an XML and HTML library for Ruby. When an attacker provides an invalid encoding to the Documentencoding= function, the library frees the document's current encoding string without replacing it. This leaves the document referencing freed memory, which can lead to a...

8.2CVSS5.7AI score0.00331EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/25 4:2 p.m.•4 views

CVE-2026-9799

A flaw was found in org.keycloak.authorization. An authenticated user with a granted User-Managed Access UMA permission ticket for one resource can exploit this by using a specific permission request prefix to bypass per-resource access control. This allows the user to gain unauthorized access to...

4.6CVSS5.8AI score0.00166EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2026/06/25 4:2 p.m.•6 views

CVE-2026-9705

A flaw was found in Keycloak's client registration service. A remote attacker, possessing a previously issued Registration Access Token RAT, could exploit this vulnerability to re-enable a client that an administrator had explicitly disabled. This bypasses security controls, allowing the attacker...

6.5CVSS5.9AI score0.00267EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2026/06/25 4:1 p.m.•5 views

CVE-2026-9083

A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vulnerability by submitting an arbitrary filesystem path as a keystore parameter when creating a key provider component. This allows the administrator to probe arbitrary filesystem paths, determining...

4.9CVSS5.9AI score0.00519EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2026/06/25 4:1 p.m.•5 views

CVE-2026-9099

A flaw was found in Keycloak. A missing authorization check in the GroupResource.addChild endpoint within the Admin REST API allows an authenticated user with limited administrative privileges to reparent any existing group. When Fine-Grained Admin Permissions v2 FGAPv2 is enabled, an attacker wi...

7.7CVSS5.9AI score0.00288EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2026/06/25 4:1 p.m.•10 views

CVE-2026-9086

A flaw was found in Keycloak. A remote attacker with administrative privileges, specifically those with manage-client permission or access to client registration endpoints, could bypass client Uniform Resource Identifier URI validation. This is achieved by registering a malicious client with a...

7.3CVSS6.5AI score0.00419EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2026/06/25 4:1 p.m.•4 views

CVE-2026-9800

A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access UMA permission checks. By including the configured access-denied page path within a request URL, either as a path...

8.1CVSS5.7AI score0.00301EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2026/06/25 8:16 a.m.•7 views

CVE-2026-54279

A flaw was found in aiohttp before 3.14.1. Host-only cookies saved with CookieJar.save and later restored with CookieJar.load lose their host-only flag, so cookies intended for a single host may be sent to subdomains after persistence...

7.5CVSS5.7AI score0.00279EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/25 8:16 a.m.•10 views

CVE-2026-53124

A flaw was found in the ublk subsystem of the Linux kernel. When a ublk server fails to complete all I/O input/output operations, a per-I/O cancellation flag may remain set. This prevents the successful cancellation of outstanding I/O commands, potentially leading to resource exhaustion or a deni...

5.5CVSS5.8AI score0.00145EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/25 8:16 a.m.•7 views

CVE-2026-53123

A flaw was found in the Linux kernel's Multiple Device MD driver, specifically within the raid456 reshape functionality. A local user could trigger a deadlock by freezing the reshape process and writing to the md/suspendlo or md/suspendhi files while direct I/O operations are in progress. This...

5.5CVSS5.8AI score0.00171EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/25 8:16 a.m.•9 views

CVE-2026-53099

A flaw was found in the Linux kernel. The issue arises from an incorrect configuration option for Control-Flow Integrity CFI, a security mechanism designed to prevent certain types of attacks. Due to a naming change, the CFI code was not properly compiled, leading to its intended protections not...

5.9AI score0.00156EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/25 8:16 a.m.•9 views

CVE-2026-53098

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7915: fix use-after-free bugs in mt7915macdumpwork When the mt7915 pci chip is detaching, the mt7915crashdata is released in mt7915coredumpunregister. However, the work item dumpwork may still be running or pending,...

5.7AI score0.00168EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/25 8:16 a.m.•9 views

CVE-2026-53097

A flaw was found in the Linux kernel's mt7996 Wi-Fi driver. A use-after-free vulnerability exists in the mt7996macdumpwork function due to a race condition during the detachment of the mt7996 PCI chip. This can occur when mt7996crashdata is released while a related work item is still active,...

6AI score0.00168EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/25 8:16 a.m.•7 views

CVE-2026-12323

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Spoofing issue in the DOM: Core & HTML component...

5.4CVSS5.8AI score0.00168EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/25 8:16 a.m.•8 views

CVE-2026-12322

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Clickjacking issue in the Widget: Gtk component...

5.4CVSS5.8AI score0.00165EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/25 8:16 a.m.•7 views

CVE-2026-12321

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: JIT miscompilation in the JavaScript: WebAssembly component...

5.4CVSS5.8AI score0.00159EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/25 8:16 a.m.•7 views

CVE-2026-12320

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure in the Password Manager component...

4.3CVSS5.8AI score0.00179EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/25 8:16 a.m.•7 views

CVE-2026-12317

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bug fixed in Thunderbird 152...

7.5CVSS5.8AI score0.00288EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/25 8:16 a.m.•8 views

CVE-2026-12319

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Denial-of-service in the Audio/Video: Playback component...

6.5CVSS5.8AI score0.0021EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/25 8:16 a.m.•7 views

CVE-2026-12318

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Libraries component in NSS...

7.3CVSS5.8AI score0.00263EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/25 7:51 a.m.•7 views

CVE-2026-56121

A flaw was found in Feast. This vulnerability allows unauthenticated or unauthorized attackers to achieve remote code execution. By sending a specially crafted gRPC request to the registry server, attackers can exploit an unsafe deserialization process. This enables them to execute operating syst...

9.8CVSS6.3AI score0.00862EPSS
Exploits1References7
Total number of security vulnerabilities206304