Lucene search
K
RedhatcveRecent

206304 matches found

RedhatCVE
RedhatCVE
•added 2026/06/24 3:37 p.m.•9 views

CVE-2026-52936

A flaw was found in the Linux kernel's jitterentropy cryptographic module. A long-held spinlock during entropy collection could cause parallel readers to stall. This issue allows a local attacker to trigger a Denial of Service DoS by causing contention for the shared lock, making the system...

5.5CVSS5.8AI score0.00156EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 3:37 p.m.•6 views

CVE-2026-52938

A flaw was found in the Linux kernel's Berkeley Packet Filter BPF storage. A race condition can occur where a storage element is accessed after its associated map has been deallocated, leading to a null pointer dereference. This can cause a kernel crash, resulting in a Denial of Service DoS for t...

5.7AI score0.00145EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 3:37 p.m.•6 views

CVE-2026-52934

A flaw was found in the Linux kernel's batman-adv Better Approach To Mobile Ad-hoc Networking - Advanced module. An integer overflow vulnerability in the TVLV Type-Length-Value packet processing can lead to an undersized memory allocation. This allows a subsequent operation to write beyond the...

8.8CVSS6.1AI score0.00247EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 3:37 p.m.•5 views

CVE-2026-52932

A flaw was found in the Linux kernel's xfrm IPcomp IP Payload Compression Protocol component. This vulnerability involves improper memory deallocation during error handling, where allocated resources are not correctly freed. This could allow a local attacker to cause resource exhaustion,...

7.5CVSS5.8AI score0.00339EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 3:37 p.m.•5 views

CVE-2026-52922

A flaw was found in the Linux kernel's batman-adv Better Approach To Mobile Ad-hoc Networking module. This vulnerability occurs because the batadvdatforwarddata function fails to validate the success of a memory allocation operation. An attacker could exploit this by triggering a scenario where t...

7.5CVSS5.8AI score0.00394EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 3:37 p.m.•5 views

CVE-2026-52921

A flaw was found in the Linux kernel's netfilter ipset component. Specifically, certain hash set variants such as hash:ip,mark and hash:ip,port that iterate IPv4 ranges with a 32-bit iterator do not correctly stop at the end of the requested range. This can cause the iteration to advance beyond t...

5.5CVSS5.8AI score0.00164EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 3:37 p.m.•6 views

CVE-2026-52919

A flaw was found in the batman-adv module of the Linux kernel. During the shutdown process of the tpmeter sender, an atomic counter can underflow due to multiple decrements. This can cause the sender kernel thread to loop indefinitely, leading to a use-after-free vulnerability if the associated...

7.8CVSS5.8AI score0.00117EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 3:37 p.m.•4 views

CVE-2026-52916

A flaw was found in the Linux kernel's batman-adv module. A remote attacker can exploit this vulnerability by sending specially crafted BATADVUNICASTFRAG packets, which are designed to contain other fragmented packets. This 'fragments in fragments' scenario causes the kernel to recursively proces...

5.9AI score0.00177EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 3:37 p.m.•6 views

CVE-2026-52913

In the Linux kernel, the following vulnerability has been resolved: batman-adv: v: stop OGMv2 on disabled interface When a batadvhardiface is disabled, its meshiface pointer is set to NULL. However, batadvvogmsendmeshif may still dispatch OGMs via batadvvogmqueueonif for interfaces that have sinc...

5.8AI score0.00176EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 3:37 p.m.•5 views

CVE-2026-12866

A flaw was found in expr-eval. A remote attacker can exploit this vulnerability by supplying crafted expressions to the toJSFunction API. These expressions are then compiled into native code using new Function, allowing the attacker to execute arbitrary JavaScript code. This can lead to arbitrary...

9.8CVSS6.6AI score0.00454EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2026/06/24 3:36 p.m.•7 views

CVE-2026-56371

A memory leak flaw was found in ImageMagick. Processing specially crafted TXT files with malicious texture attributes can exhaust system memory, allowing an attacker to cause a Denial of Service DoS. Mitigation If your application does not explicitly require rendering TXT files via ImageMagick, y...

6.9CVSS5.8AI score0.0023EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/24 3:36 p.m.•6 views

CVE-2026-52942

A flaw was found in the Linux kernel's netfilter logging component. This vulnerability occurs because the system does not properly check if a network packet's Media Access Control MAC header is valid before attempting to log it. A local attacker could send a specially crafted network packet,...

7.1CVSS5.8AI score0.00123EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 3:36 p.m.•5 views

CVE-2026-52940

A flaw was found in the Linux kernel's tun driver. An unprivileged user can exploit this vulnerability by setting the virtual network vnet header size to 24 bytes. This action causes the kernel to copy partially initialized stack memory to userspace when reading non-tunnel packets, leading to the...

7CVSS5.8AI score0.00154EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 3:36 p.m.•6 views

CVE-2026-52939

A flaw was found in the Linux kernel's Reliable Datagram Sockets RDS component. An unprivileged local user can trigger a kernel panic by sending a specially crafted atomic control message cmsg over an active RDS/InfiniBand IB connection. This issue is caused by improper handling of masked atomic...

5.5CVSS5.8AI score0.00164EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 3:36 p.m.•5 views

CVE-2026-52937

A flaw was found in the Linux kernel's tap driver. This vulnerability allows an attacker to potentially disclose sensitive kernel stack memory contents to userspace. The flaw occurs in the tapioctl function when handling the SIOCGIFHWADDR command, where uninitialized portions of a stack-allocated...

5.5CVSS5.7AI score0.00154EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 3:36 p.m.•5 views

CVE-2026-52935

A flaw was found in the Linux kernel. The espintcp component, responsible for handling encrypted network traffic, incorrectly reuses a partial data transmission state. This can lead to an out-of-bounds read, which may allow an attacker to access sensitive information or cause other memory...

7.8CVSS5.8AI score0.0012EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 3:36 p.m.•6 views

CVE-2026-52933

A flaw was found in the Linux kernel's iouring/poll component. A logic error exists in the iopollgetownership function due to an incorrect signed comparison. This flaw prevents the necessary slowpath from being triggered when the IOPOLLCANCELFLAG is set, potentially leading to unexpected behavior...

7.8CVSS5.8AI score0.0012EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 3:36 p.m.•4 views

CVE-2026-52920

A flaw was found in the Linux kernel's netfilter component, which is responsible for network packet filtering. This vulnerability, located in the xtpolicy module, involves an error in how strict inbound network policies are matched. This could allow an attacker to bypass established security rule...

8.3CVSS5.8AI score0.00299EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 3:36 p.m.•5 views

CVE-2026-52918

A flaw was found in the Linux kernel's Bluetooth subsystem. A race condition exists in the handling of the acceptq within the btsockpoll function due to a lack of synchronization. This could allow a local attacker to cause a denial of service by manipulating socket operations during child teardow...

8.8CVSS5.8AI score0.00266EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 3:36 p.m.•9 views

CVE-2026-52917

A flaw was found in the Linux kernel's Stream Control Transmission Protocol SCTP diagnostics. When performing a socket diagnostic sockdiag lookup, the system may attempt to access memory related to an SCTP association that has already been freed. This can lead to an out-of-bounds read from...

7.1CVSS5.7AI score0.00126EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 3:36 p.m.•4 views

CVE-2026-52915

A flaw was found in the Linux kernel's netfilter subsystem, specifically within the ip6thbh module responsible for handling IPv6 Hop-by-Hop HBH options. This vulnerability allows a local attacker to provide an oversized list of HBH options from userspace, leading to an out-of-bounds write. This c...

7.1CVSS5.8AI score0.00126EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 3:36 p.m.•5 views

CVE-2026-6653

A flaw was found in libxml2. A remote attacker can exploit a use-after-free vulnerability in the xmlParseInternalSubset function by providing maliciously crafted XML input. This improper handling of entity resolution can lead to a denial-of-service DoS, making the affected system or application...

8.3CVSS5.7AI score0.00289EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/24 3:36 p.m.•5 views

CVE-2025-61027

A flaw was found in openlink virtuoso-opensource. An attacker can exploit this vulnerability by sending specially crafted SQL statements to the tsetpush component. This can lead to a Denial of Service DoS, making the system unavailable to legitimate users...

7.5CVSS5.9AI score0.0035EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 3:36 p.m.•4 views

CVE-2025-61025

A flaw was found in virtuoso-opensource. Attackers can exploit this vulnerability by sending specially crafted SQL statements, which can lead to a Denial of Service DoS. This issue impacts the availability of the affected system...

7.5CVSS5.8AI score0.0035EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 3:36 p.m.•6 views

CVE-2025-61019

A flaw was found in virtuoso-opensource. An attacker could send specially crafted SQL Structured Query Language statements to the sqlokeypartbest component, leading to a Denial of Service DoS. This vulnerability allows an attacker to disrupt the availability of the service...

7.5CVSS5.9AI score0.0035EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 3:19 p.m.•4 views

CVE-2026-52943

A flaw was found in the Linux kernel. The pskbcarveinsideheader and pskbcarveinsidenonlinear helper functions, which handle network packet buffers, do not correctly account for zero-copy references. This oversight can lead to a use-after-free vulnerability, where memory is prematurely released...

7.8CVSS5.8AI score0.0018EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 3:19 p.m.•5 views

CVE-2026-48746

A flaw was found in vLLM, an inference and serving engine for large language models LLMs. This vulnerability, residing in ASGI web servers and Starlette's trust in them, allows an attacker to bypass the OpenAI API Authentication Middleware. This bypass enables unauthorized access to the API witho...

9.1CVSS5.8AI score0.0086EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2026/06/24 3:19 p.m.•5 views

CVE-2026-44393

A flaw was found in OpenStack oslo.messaging. The RabbitMQ driver does not properly verify the hostname of the message broker when establishing a TLS Transport Layer Security connection. An attacker capable of intercepting control-plane network traffic can exploit this vulnerability to impersonat...

7.4CVSS5.8AI score0.0016EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/24 3:19 p.m.•5 views

CVE-2025-61023

A flaw was found in virtuoso-opensource. An attacker could exploit a vulnerability in the stcompare component by sending specially crafted SQL statements. This could lead to a Denial of Service DoS, making the service unavailable to legitimate users...

7.5CVSS5.8AI score0.00482EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 3:19 p.m.•7 views

CVE-2025-61020

A flaw was found in openlink virtuoso-opensource. Attackers can exploit this vulnerability by sending specially crafted SQL statements to the sqlostripinjoin component. This can lead to a Denial of Service DoS, making the service unavailable to legitimate users...

7.5CVSS5.8AI score0.00482EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 3:19 p.m.•6 views

CVE-2025-61018

A flaw was found in openlink virtuoso-opensource. This vulnerability allows attackers to cause a Denial of Service DoS by sending specially crafted SQL statements to the sqloplacedtset component. A successful exploit could make the service unavailable to legitimate users...

7.5CVSS5.9AI score0.00482EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 7:27 a.m.•5 views

CVE-2026-54762

A flaw was found in Traefik, an HTTP reverse proxy and load balancer. When an Ingress is configured to use BasicAuth or DigestAuth, but the associated authentication secret cannot be resolved or is malformed, Traefik fails to apply the authentication middleware. This allows unauthenticated access...

8.6CVSS5.8AI score0.0036EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2026/06/24 7:25 a.m.•9 views

CVE-2026-54588

A flaw was found in Poweradmin, a web-based DNS administration tool. An unauthenticated attacker can exploit this vulnerability by manipulating the HTTPHOST request header. This manipulation allows the attacker to poison the redirecturi used in the OpenID Connect OIDC, Security Assertion Markup...

9.6CVSS5.8AI score0.00312EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2026/06/24 7:25 a.m.•10 views

CVE-2026-56379

A flaw was found in ImageMagick. This command injection vulnerability in the SVG Scalable Vector Graphics decoder allows a remote attacker to craft malicious SVG files. When these files are processed, the injected Magick Vector Graphics MVG commands can execute, potentially leading to arbitrary...

9.2CVSS6.6AI score0.01193EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/24 7:25 a.m.•5 views

CVE-2026-53622

A flaw was found in Traefik, an HTTP reverse proxy and load balancer. This critical vulnerability in Traefik's HTTP/3 QUIC TLS configuration selection allows unauthenticated clients to bypass router-specific mutual Transport Layer Security mTLS enforcement. When HTTP/3 is enabled and a router use...

10CVSS5.9AI score0.0024EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2026/06/24 7:25 a.m.•8 views

CVE-2026-49468

A flaw was found in LiteLLM, a proxy server AI Gateway used to call Large Language Model LLM APIs. A remote attacker could exploit a Host-header parsing vulnerability in the proxy authentication layer. By sending a crafted Host header, an attacker could gain unauthenticated access to protected...

9.8CVSS6AI score0.00559EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2026/06/24 7:25 a.m.•5 views

CVE-2026-48491

A flaw was found in Traefik, an HTTP reverse proxy and load balancer. This vulnerability allows an unauthenticated client to bypass mutual Transport Layer Security TLS enforcement, a security measure that verifies both client and server identities. The bypass occurs due to an issue in Traefik's...

10CVSS5.8AI score0.00245EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2026/06/24 7:25 a.m.•6 views

CVE-2025-61028

A flaw was found in the virtuoso-opensource component. An attacker could exploit this vulnerability by sending specially crafted SQL statements, leading to a Denial of Service DoS condition. This could make the affected system unavailable to legitimate users...

7.5CVSS5.9AI score0.00482EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 1:56 a.m.•12 views

CVE-2026-56406

A flaw was found in libexpat. An integer overflow vulnerability exists in the XMLParseBuffer function due to a missing check. This flaw could allow an attacker to cause memory corruption, potentially leading to arbitrary code execution, information disclosure, or a denial of service. Mitigation...

6.9CVSS5.9AI score0.00102EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 1:56 a.m.•9 views

CVE-2026-56117

A flaw was found in dhcpcd. A heap use-after-free vulnerability in the control socket handling allows a local unprivileged attacker to trigger memory corruption. This occurs when privilege separation is disabled, enabling the attacker to send a privileged command to the control socket. Successful...

5.7CVSS5.8AI score0.00093EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/24 1:56 a.m.•10 views

CVE-2026-56116

A flaw was found in dhcpcd. An unauthenticated attacker on the same network link can exploit a memory leak vulnerability in the IPv6 Router Advertisement route information handling. By repeatedly sending specially crafted Router Advertisements with a zero lifetime, the attacker can cause the syst...

7.1CVSS5.8AI score0.00187EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/24 1:56 a.m.•8 views

CVE-2026-56115

A flaw was found in dhcpcd. This vulnerability allows an unauthenticated attacker on the same network link to trigger a one-byte stack out-of-bounds write. By sending a specially crafted DHCPv6 ADVERTISE message with an oversized option, the attacker can corrupt adjacent stack memory. This can le...

8.8CVSS5.8AI score0.00307EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2026/06/24 1:56 a.m.•11 views

CVE-2026-56114

A flaw was found in dhcpcd. An unauthenticated attacker on the same network link could exploit a one-byte stack out-of-bounds write vulnerability in the dhcp6makemessage function. By sending a specially crafted DHCPv6 ADVERTISE message with an oversized option, the attacker can write beyond a...

6.5CVSS5.7AI score0.00175EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/24 1:56 a.m.•9 views

CVE-2026-56113

A flaw was found in dhcpcd. An unauthenticated attacker on the same network link can exploit this vulnerability by sending a specially crafted DHCPv6 RENEW reply. This can lead to a Denial of Service DoS, causing the dhcpcd daemon to crash due to a heap use-after-free vulnerability...

6.5CVSS5.8AI score0.00175EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/24 1:56 a.m.•10 views

CVE-2026-49461

A flaw was found in pypdf. An attacker can craft a malicious PDF document containing a form XObject with self-references. When a user attempts to extract text from a page within this crafted PDF, it can lead to excessive memory consumption. This vulnerability may result in a Denial of Service DoS...

6.9CVSS5.7AI score0.00123EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2026/06/24 1:56 a.m.•7 views

CVE-2026-0864

A flaw was found in the Python configparser module. When writing configuration files, an attacker who controls the input value can inject unexpected keys and values. This occurs if the input contains multi-line text with carriage return characters, leading to potential configuration manipulation...

5.5CVSS5.7AI score0.00128EPSS
Exploits0References7
RedhatCVE
RedhatCVE
•added 2026/06/24 1:56 a.m.•8 views

CVE-2026-48142

A flaw was found in NGINX. Remote, unauthenticated attackers can exploit a vulnerability in the ngxhttpcharsetmodule when specific charset configurations are present. This can lead to a heap buffer over-read, potentially causing limited disclosure of memory or a denial of service by restarting th...

6.3CVSS6AI score0.00398EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 1:55 a.m.•9 views

CVE-2025-61024

A flaw was found in virtuoso-opensource. An attacker could send specially crafted SQL Structured Query Language statements to a specific component, sqlotryinloop, leading to a Denial of Service DoS. This could make the service unavailable to legitimate users. Mitigation To reduce the attack...

7.5CVSS5.8AI score0.0035EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 1:55 a.m.•11 views

CVE-2025-61022

A flaw was found in openlink virtuoso-opensource. This issue, specifically within the sqlotbcolpreds component, allows attackers to cause a Denial of Service DoS by sending specially crafted SQL statements. This can lead to the unavailability of the service...

7.5CVSS5.8AI score0.0035EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/24 1:55 a.m.•12 views

CVE-2025-71382

A flaw was found in MuPDF. A remote attacker can exploit an uncontrolled recursion vulnerability in the EPUB CSS rendering engine by supplying a maliciously crafted EPUB file. This file, containing deeply nested HTML elements and inline CSS styles, causes the valuefrominheritableproperty function...

7.1CVSS5.9AI score0.00316EPSS
Exploits1References2
Total number of security vulnerabilities206304