Lucene search
K
RedhatcveRecent

206304 matches found

RedhatCVE
RedhatCVE
•added 2026/06/25 5:11 a.m.•12 views

CVE-2026-55602

A flaw was found in http-proxy-middleware before 2.0.10, 3.0.6, and 4.1.0. Router proxy-table host+path matching uses unanchored substring comparison on the Host header, so a crafted Host value that superstring-matches a configured key can route requests to an unintended backend...

8.6CVSS5.8AI score0.0034EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2026/06/25 5:11 a.m.•12 views

CVE-2026-54531

A flaw was found in pypdf before 6.13.0. A crafted PDF with outlines can trigger an infinite loop when merged into a PdfWriter, causing denial of service...

6.9CVSS5.7AI score0.00123EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2026/06/25 5:11 a.m.•14 views

CVE-2026-53096

A flaw was found in the Linux kernel's BPF Berkeley Packet Filter component, specifically within the devmapredirectmulti function. This vulnerability arises from an incorrect iteration method in an RCU Read-Copy-Update protected context, where hlistforeachentrysafe is used without proper RCU...

7.8CVSS5.8AI score0.00132EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/25 5:11 a.m.•12 views

CVE-2026-49460

A flaw was found in pypdf before 6.12.2. A crafted PDF that accesses a stream using the /FlateDecode filter with a PNG predictor can trigger excessively long processing times, leading to denial of service when the document is parsed...

5.5CVSS5.8AI score0.00117EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2026/06/25 5:11 a.m.•9 views

CVE-2026-12316

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...

9.1CVSS5.8AI score0.00245EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/25 5:11 a.m.•10 views

CVE-2026-12300

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bug fixed in Thunderbird 152...

6.1CVSS5.8AI score0.00252EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/25 5:11 a.m.•9 views

CVE-2026-12303

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure due to incorrect boundary conditions in the Graphics: WebGPU component...

6.1CVSS5.8AI score0.00222EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/25 2:10 a.m.•10 views

CVE-2026-57281

A flaw was found in the Jenkins Script Security Plugin. Attackers with the ability to run sandboxed Groovy scripts can exploit this vulnerability to execute arbitrary code outside the sandbox environment. This is due to the plugin's failure to reject Groovy Abstract Syntax Tree AST transformation...

8.5CVSS6.2AI score0.00594EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/25 2:10 a.m.•10 views

CVE-2026-53095

A flaw was found in the Linux kernel. This vulnerability allows for the abuse of the kprobewritectx mechanism through freplace in Berkeley Packet Filter BPF kprobe programs. A local attacker could exploit this by attaching a freplace program to a kprobe program that is attached to a kernel...

6.4CVSS5.8AI score0.00166EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/25 2:10 a.m.•15 views

CVE-2026-44168

A flaw was found in MariaDB. During a State Snapshot Transfer SST, the donor node improperly validates parameters sent by a joiner node. This vulnerability allows a malicious joiner to execute arbitrary shell commands on the donor server through the mariabackup SST method. This could lead to a...

8CVSS6.2AI score0.00469EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/25 2:9 a.m.•12 views

CVE-2026-23879

A flaw was found in py7zr. An attacker can craft a malicious archive containing symbolic links that, when extracted, can lead to arbitrary file writes outside the intended directory. This vulnerability may allow for remote code execution, privilege escalation, data corruption, or denial of servic...

8CVSS6.1AI score0.00404EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/25 2:9 a.m.•10 views

CVE-2026-12326

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could...

8.1CVSS5.9AI score0.00251EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/25 2:9 a.m.•9 views

CVE-2026-10702

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: JIT miscompilation in the JavaScript Engine: JIT component...

7.5CVSS5.8AI score0.00293EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/25 2:9 a.m.•9 views

CVE-2026-10701

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Graphics: Text component...

7.5CVSS5.8AI score0.00301EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/25 2:9 a.m.•10 views

CVE-2026-2050

A flaw was found in GIMP. This vulnerability, a heap-based buffer overflow, occurs during the parsing of HDR High Dynamic Range files due to insufficient validation of user-supplied data length. A remote attacker could exploit this by convincing a user to open a specially crafted malicious file,...

7.8CVSS7.7AI score0.00552EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/24 8:45 p.m.•7 views

CVE-2026-53130

In the Linux kernel, the following vulnerability has been resolved: fs/omfs: reject ssysblocksize smaller than OMFSDIRSTART omfsfillsuper rejects oversized ssysblocksize values PAGESIZE, but it does not reject values smaller than OMFSDIRSTART 0x1b8 = 440. Later, omfsmakeempty uses sbi-ssysblocksi...

7.8CVSS5.7AI score0.0013EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 8:45 p.m.•8 views

CVE-2026-53128

A flaw was found in the Linux kernel's drbd component. Specifically, an imbalance in RCU Read-Copy Update calls within the drbdadmdumpdevices function could occur, where rcureadlock was not properly invoked before rcureadunlock. This concurrency issue, identified by a thread-safety analyzer, may...

5.8AI score0.0018EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 8:45 p.m.•7 views

CVE-2026-53127

A flaw was found in the Linux kernel's block subsystem. This vulnerability allows for a memory leak when zone revalidation fails, specifically when blkrevalidatediskzones encounters an error after memory has been allocated for zonescond. This can lead to resource exhaustion, potentially resulting...

5.5CVSS5.7AI score0.00145EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 8:45 p.m.•7 views

CVE-2026-53126

A flaw was found in the Linux kernel's blk-cgroup component. This vulnerability occurs due to a missing disk reference release on an error path within the blkcgmaybethrottlecurrent function. When certain lookups or gets fail, the disk reference acquired is not properly freed. This oversight can...

5.5CVSS5.8AI score0.00157EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 8:45 p.m.•8 views

CVE-2026-53125

In the Linux kernel, the following vulnerability has been resolved: md: fix arraystate=clear sysfs deadlock When "clear" is written to arraystate, mdattrstore breaks sysfs active protection so the array can delete itself from its own sysfs store method. However, mdattrstore currently drops the...

5.5CVSS5.7AI score0.00169EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 8:45 p.m.•10 views

CVE-2026-53100

A flaw was found in the Linux kernel's mt76 wireless driver. This vulnerability occurs in the remain-on-channel functionality, where the mt76remainonchannel and mt76roccomplete functions attempt to acquire a mutex that is already held. This improper handling of the device mutex can lead to a syst...

5.5CVSS5.8AI score0.00166EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 8:45 p.m.•6 views

CVE-2026-52944

A flaw was found in the Linux kernel's ksmbd component. This vulnerability allows a client to bypass intended permission restrictions by using the FSCTLSETSPARSE operation. Specifically, a client on a read-only share can modify a file's sparse attribute, and clients on writable shares can modify...

5.8AI score0.00165EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 8:44 p.m.•10 views

CVE-2026-52931

A flaw was found in the batman-adv tpmeter module of the Linux kernel. A remote attacker could exploit this vulnerability by sending a specially crafted acknowledgment ACK packet to a node configured as a receiver in an ongoing tpmeter session. This could lead to the use of uninitialized sender...

9.8CVSS5.9AI score0.00404EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 8:44 p.m.•7 views

CVE-2026-52928

A flaw was found in the Linux kernel's afunix component. This vulnerability involves the incorrect handling of the SIOCATMARK operation when used with non-stream sockets, such as SOCKDGRAM and SOCKSEQPACKET. These socket types did not properly reject SIOCATMARK, an operation intended only for...

5.5CVSS5.8AI score0.00156EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 8:44 p.m.•8 views

CVE-2026-41000

A flaw was found in Spring Web Services. The security interceptor in the affected component did not properly integrate replay cache mechanisms. This vulnerability could allow a remote attacker to bypass replay protections for security tokens, such as UsernameToken nonces and SAML one-time-use...

3.7CVSS5.8AI score0.00223EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 8:44 p.m.•8 views

CVE-2026-52926

A flaw was found in the Linux kernel's batman-adv module, which is responsible for managing mesh networks. When a mesh network is being shut down, the system fails to properly clear the active gateway information. This leaves outdated network configuration data, which can prevent the mesh network...

5.8AI score0.00164EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 8:44 p.m.•8 views

CVE-2026-52914

A flaw was found in the Linux kernel's batman-adv component. This vulnerability allows a local attacker to cause a denial of service DoS by sending malformed fragment chains. The flaw is due to incorrect accounting of fragment reassembly length, which can be truncated during updates, bypassing...

9.8CVSS5.8AI score0.00519EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 8:39 p.m.•7 views

CVE-2026-57285

A flaw was found in the Jenkins GitHub Branch Source Plugin. A missing permission check allows an attacker with Overall/Read permission to obtain the URLs of GitHub Enterprise servers. This information disclosure could expose sensitive configuration details of the Jenkins environment...

4.3CVSS5.8AI score0.00216EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 8:39 p.m.•8 views

CVE-2026-57283

A flaw was found in Jenkins Pipeline: Groovy Plugin. This cross-site request forgery CSRF vulnerability allows attackers to instantiate types related to job or system configuration. This could enable unauthorized modifications to the Jenkins environment...

6.5CVSS5.7AI score0.00158EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 8:39 p.m.•8 views

CVE-2026-54651

A flaw was found in pypdf. An attacker can craft a malicious PDF file that, when merged with threads or articles into a writer, can lead to an an infinite loop. This vulnerability can result in a Denial of Service DoS condition, making the affected system unresponsive. Mitigation If PDF processin...

6.9CVSS5.8AI score0.00111EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2026/06/24 8:39 p.m.•7 views

CVE-2026-54530

A flaw was found in pypdf, a pure-python PDF library. An attacker can craft a malicious PDF file that, when processed by a system extracting text in layout mode, can lead to an infinite loop. This vulnerability results in a Denial of Service DoS, making the affected system unresponsive. Mitigatio...

6.9CVSS5.8AI score0.00123EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2026/06/24 8:39 p.m.•7 views

CVE-2026-53129

In the Linux kernel, the following vulnerability has been resolved: fs/mbcache: cancel shrink work before destroying the cache mbcachedestroy calls shrinkerfree and then frees all cache entries and the cache itself, but it does not cancel the pending cshrinkwork work item first. If...

5.5CVSS5.7AI score0.00157EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 8:39 p.m.•8 views

CVE-2026-52930

A flaw was found in the Linux kernel's inter-process communication IPC shared memory shm component. A synchronization issue exists where orphaned shared memory segments might be incorrectly destroyed while still in use due to a lack of serialization between cleanup and attachment updates. This...

5.5CVSS5.8AI score0.00165EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 8:39 p.m.•7 views

CVE-2026-52929

A flaw was found in the Linux kernel's Stream Control Transmission Protocol SCTP stream handling. When an attempt to add outgoing streams is denied, the system fails to fully roll back the associated state. This incomplete rollback can leave behind stale stream metadata, which a subsequent stream...

7.5CVSS5.8AI score0.00394EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 8:39 p.m.•7 views

CVE-2026-52927

A flaw was found in the Linux kernel's netfilter ebtables component. The compatmtwfromuser function, responsible for converting ebtables extensions, does not properly validate user-supplied sizes for match or target extensions. An attacker providing a size smaller than expected by an extension ca...

7.8CVSS5.8AI score0.0012EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 8:39 p.m.•7 views

CVE-2026-52925

A flaw was found in the Linux kernel's Virtual Routing and Forwarding VRF functionality. When a network device is removed from a VRF, a lack of proper synchronization can lead to a Null Pointer Dereference NPD. This issue can be triggered by a local user, potentially causing the system to crash,...

5.5CVSS5.8AI score0.00164EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 8:39 p.m.•6 views

CVE-2026-52912

A flaw was found in the Linux kernel's netfilter component. This vulnerability occurs because a queued bridge packet can retain a freed bridge master in its skb-dev field until it is reinjected. When the packet is later reinjected, the system attempts to use the freed bridge master, leading to a...

7.8CVSS5.8AI score0.00142EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 8:38 p.m.•6 views

CVE-2026-12770

A flaw was found in BerriAI litellm. A remote attacker could exploit an improper authorization vulnerability within the Admin Key Handler component. This could allow the attacker to perform unauthorized actions, leading to limited impacts on data integrity and service availability...

8.8CVSS5.9AI score0.00337EPSS
Exploits1References8
RedhatCVE
RedhatCVE
•added 2026/06/24 8:38 p.m.•5 views

CVE-2026-13208

A flaw was found in KubeVirt's virt-handler domain notify server. The gRPC handlers for HandleDomainEvent and HandleK8SEvent derive the VMI identity namespace/name solely from the request body without validating it against the connection's origin. Each virt-launcher pod connects through a per-VMI...

6.5CVSS5.8AI score0.00094EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2026/06/24 8:38 p.m.•5 views

CVE-2026-13201

A flaw was found in KubeVirt's safepath package used by virt-handler. The OpenAtNoFollow function uses OPATH|ONOFOLLOW to obtain a file descriptor to a path leaf, but downstream operations resolve the path via /proc/self/fd/N using link-following syscalls. When the leaf is a symlink, the kernel...

7.3CVSS6AI score0.00124EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2026/06/24 8:21 p.m.•5 views

CVE-2026-54513

A flaw was found in jackson-databind, a library used for processing data. This vulnerability allows an attacker to bypass security controls designed to validate data types. By sending specially crafted input, an attacker can force the system to process untrusted data, which may lead to the...

8.1CVSS5.9AI score0.00677EPSS
Exploits0References9
RedhatCVE
RedhatCVE
•added 2026/06/24 8:21 p.m.•6 views

CVE-2026-54297

A flaw was found in Faraday, an HTTP client library. The Faraday::NestedParamsEncoder, which handles nested query parameters, does not limit the depth of nested query strings during decoding. A remote attacker can exploit this by sending a specially crafted query string, causing the application t...

7.5CVSS5.8AI score0.00391EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2026/06/24 8:21 p.m.•6 views

CVE-2026-53091

A flaw was found in the Linux kernel's handling of Generic Segmentation Offload GSO packet headers. This vulnerability occurs when the qdiscpktlensegsinit function does not properly pull headers into the expected memory location, which can lead to incorrect processing by network drivers. A remote...

8.4CVSS5.9AI score0.00123EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 8:21 p.m.•5 views

CVE-2026-52924

A flaw was found in the Linux kernel's Stream Control Transmission Protocol SCTP implementation. This vulnerability, a use-after-free, occurs when the system processes a Stale Cookie ERROR during the setup or reconfiguration of an SCTP association. A remote attacker could exploit this by sending...

9.8CVSS5.9AI score0.00265EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 8:21 p.m.•6 views

CVE-2026-42450

OpenColorIO is a color management framework for visual effects and animation. Prior to version 2.5.2, FileFormatSpi3D.cpp:163 uses sscanf with %s into 64-byte stack buffers when parsing LUT data lines. Input comes from lineBuffer4096, so a crafted .spi3d file can overflow by 4000 bytes on...

8.4CVSS5.8AI score0.0012EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2026/06/24 8:21 p.m.•5 views

CVE-2026-52923

A flaw was found in the Linux kernel. The ipcidralloc function, used in the checkpoint/restore path for SysV Inter-Process Communication IPC ID allocation, does not properly limit ID allocation to the valid range. This can result in the system attempting to dereference freed memory, leading to a...

7.8CVSS5.8AI score0.00123EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 8:21 p.m.•7 views

CVE-2026-35025

ProFTPD through 1.3.9b and 1.3.10rc2 contains an access control bypass vulnerability that allows authenticated FTP users to circumvent Directory ACL restrictions by prefixing paths with /proc/self/root in the RNFR command handler. Attackers can exploit the unresolved symlink components in...

8.6CVSS5.8AI score0.00345EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2026/06/24 8:21 p.m.•5 views

CVE-2023-54365

A flaw was found in Traefik's HTTP/2 request handling. A remote attacker can exploit this vulnerability by rapidly creating and canceling HTTP/2 streams. This can exhaust server resources, leading to a denial of service DoS and making the service unavailable to legitimate users. This issue is...

8.7CVSS5.9AI score0.00562EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/24 3:37 p.m.•5 views

CVE-2026-56376

A flaw was found in ImageMagick. Remote attackers can exploit a heap use-after-free vulnerability in the meta coder by processing specially crafted image files. This can lead to a denial of service. Mitigation Since this vulnerability is isolated entirely within ImageMagick's meta coder, the...

6.3CVSS5.8AI score0.00184EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/24 3:37 p.m.•6 views

CVE-2026-52941

A flaw was found in the Linux kernel's net/smc module. An unprivileged local user could trigger a null pointer dereference by performing sendmsg or recvmsg operations on an SMC-D Shared Memory Communications - Direct socket while the smcmsgevent tracepoint is enabled. This can lead to a general...

5.5CVSS5.8AI score0.00164EPSS
Exploits0References4
Total number of security vulnerabilities206304