Lucene search
+L
RedhatcveRecent

206786 matches found

RedhatCVE
RedhatCVE
added 3 hours ago4 views

CVE-2026-38755

A flaw was found in Busybox. A heap overflow vulnerability in the evalcommand function allows attackers to cause a Denial of Service DoS by supplying a specially crafted input. This can lead to the unavailability of the service. Mitigation Mitigation for this issue is either not available or the...

7.5CVSS6.1AI score0.0016EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 3 hours ago5 views

CVE-2026-38752

A flaw was found in BusyBox. This vulnerability, a stack overflow in the evaluate function, allows a remote attacker to cause a Denial of Service DoS by providing a specially crafted AWK script. A Denial of Service attack can make the affected system or application unavailable to legitimate users...

7.5CVSS6.3AI score0.0016EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 3 hours ago4 views

CVE-2026-47084

A flaw was found in Cyrus IMAP cyrus-imapd. An authenticated user, without administrative privileges, could bypass Access Control List ACL checks by using the LOCALDELETE command. This allowed them to delete mailboxes for which they did not have the necessary permissions, leading to unauthorized...

6.5CVSS6.1AI score
Exploits0References5
RedhatCVE
RedhatCVE
added 3 hours ago6 views

CVE-2026-47083

A flaw was found in Cyrus IMAP. An authenticated user can exploit the ESEARCH command to discover the existence of folder names belonging to other user accounts. This vulnerability leads to information disclosure, allowing an attacker to gain unauthorized knowledge about the structure of other...

4.3CVSS6AI score
Exploits0References5
RedhatCVE
RedhatCVE
added 3 hours ago5 views

CVE-2026-47082

A flaw was found in Cyrus IMAP's cyrus-imapd component. A user with low privileges can exploit a vulnerability in the vacation "fcc" feature. By crafting a specific Sieve script, the user can bypass access control lists and deliver vacation auto-reply messages into any mailbox, leading to...

5.4CVSS6AI score
Exploits0References5
RedhatCVE
RedhatCVE
added 3 hours ago3 views

CVE-2026-47089

A flaw was found in Cyrus IMAP cyrus-imapd. An authenticated user can exploit this vulnerability by using the IMAP LISTRIGHTS command. This allows the user to learn the access permissions of any mailbox they can name, which should be restricted to administrators. This leads to unauthorized...

4.3CVSS6AI score
Exploits0References5
RedhatCVE
RedhatCVE
added 4 hours ago3 views

CVE-2026-47085

A flaw was found in Cyrus IMAP cyrus-imapd. A remote attacker could exploit a vulnerability related to URLAUTH token forgery, caused by a missing mailbox key. This could allow the attacker to gain unauthorized read access to a victim's mailbox. The likelihood of exploitation is low due to the...

4CVSS6.1AI score
Exploits0References5
RedhatCVE
RedhatCVE
added 4 hours ago3 views

CVE-2026-47088

A flaw was found in Cyrus IMAP Internet Message Access Protocol daemon, cyrus-imapd. An authenticated IMAP user could exploit a heap exposure vulnerability during nested Multipurpose Internet Mail Extensions MIME comment parsing. By crafting an email message with a specially formed RFC 822 commen...

3.1CVSS6AI score
Exploits0References5
RedhatCVE
RedhatCVE
added 4 hours ago3 views

CVE-2026-47081

A flaw was found in Cyrus IMAP cyrus-imapd. An authenticated user could exploit this vulnerability by using the XAPPLEPUSHSERVICE command to determine if specific mailboxes exist on other users' accounts. This could allow the attacker to create Apple Push Notification Service APNS notifications f...

3.1CVSS6AI score
Exploits0References5
RedhatCVE
RedhatCVE
added 4 hours ago3 views

CVE-2026-47087

A flaw was found in Cyrus IMAP. The URLAUTH mechanism in Cyrus IMAP through version 3.12.2 does not properly revoke access for an authorizer. This allows a previously authorized user to retain access via a URLAUTH URL, even after their authorization has been revoked, potentially leading to...

3.5CVSS6AI score
Exploits0References5
RedhatCVE
RedhatCVE
added 4 hours ago3 views

CVE-2026-13713

A flaw was found in YAML::Syck. This vulnerability allows a remote attacker to cause a denial of service DoS by providing a specially crafted YAML document. The flaw occurs due to a use-after-free and double-free condition when an anchor node is redefined while still on the parser's value stack,...

7.5CVSS6.1AI score
Exploits0References5
RedhatCVE
RedhatCVE
added 4 hours ago3 views

CVE-2026-57076

A flaw was found in YAML::Syck. An attacker could exploit a heap use-after-free vulnerability by providing a specially crafted YAML document that reuses an anchor name as an anchors-table key. This flaw causes the software to read freed heap memory, which may lead to information disclosure or...

6.3CVSS6AI score
Exploits0References5
RedhatCVE
RedhatCVE
added 4 hours ago3 views

CVE-2026-57077

A flaw was found in YAML::Syck. An out-of-bounds read vulnerability exists due to an unbounded newline scan during block-scalar lexing. A remote attacker could exploit this by providing a specially crafted YAML document, leading to potential information disclosure. This issue is an incomplete fix...

4.3CVSS6.1AI score
Exploits0References6
RedhatCVE
RedhatCVE
added 4 hours ago4 views

CVE-2026-57075

A flaw was found in YAML::Syck. An out-of-bounds read vulnerability exists in the base64 decoder, specifically in the syckbase64dec function. This occurs because the decoder uses a signed character to index a lookup table, allowing specially crafted !!binary YAML nodes with high-bit bytes to caus...

6.5CVSS6AI score
Exploits0References5
RedhatCVE
RedhatCVE
added yesterday6 views

CVE-2026-59197

A flaw was found in Pillow prior to 12.3.0. The public RankFilter API can trigger a native heap out-of-bounds write when given a very large odd filter size. ImageFilter.RankFilter.filter calls image.expandsize // 2, size // 2 before rank-filter size validation, and ImagingExpand computes output...

8.2CVSS6AI score0.00397EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added yesterday8 views

CVE-2026-15945

A flaw was found in the group search functionality of the Keycloak server's administrative API. When Fine-Grained Admin Permissions FGAP v2 is enabled, a delegated administrator can bypass access restrictions to view parent groups they are not authorized to see. By searching for a child group the...

4.3CVSS6.1AI score
Exploits0References3
RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-43731

A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger a use-after-free due to improper memory management, leading to memory corruption...

8.8CVSS6AI score0.00201EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-43745

A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger an out-of-bounds write due to improper input validation, resulting in an unexpected process crash...

6.5CVSS6AI score0.00297EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-43740

A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger a use-after-free due to improper memory handling, leading to disclosure of process memory...

6.5CVSS6AI score0.00203EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-43742

A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger a use-after-free due to improper memory management, resulting in an unexpected process crash...

6.5CVSS6AI score0.0025EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-43734

A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger a use-after-free due to improper memory management, resulting in an unexpected process crash...

6.5CVSS6AI score0.0024EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-43732

A flaw was found in WebKitGTK. Processing maliciously crafted web content can disclose sensitive user information due to a path handling issue that was addressed with improved validation...

6.5CVSS6AI score0.00255EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-43727

A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger a use-after-free due to improper memory management, resulting in an unexpected process crash...

6.5CVSS6AI score0.00196EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-43721

A flaw was found in WebKitGTK. A malicious website can silently hijack clipboard data due to improper state management...

6.5CVSS6AI score0.00245EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added yesterday6 views

CVE-2026-43726

A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger a use-after-free due to improper memory management, resulting in an unexpected process crash...

6.5CVSS6AI score0.00189EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-43713

A flaw was found in WebKitGTK. Visiting a website can leak sensitive data due to a permissions issue that was addressed with additional restrictions...

6.5CVSS6AI score0.00312EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-43712

A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger an out-of-bounds write due to improper memory handling, resulting in an unexpected process crash...

6.5CVSS6AI score0.00202EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-43720

A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger a use-after-free due to improper memory management, resulting in an unexpected process crash...

6.5CVSS6AI score0.00289EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-43716

A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger a use-after-free due to improper memory handling, resulting in an unexpected process crash...

6.5CVSS6AI score0.00297EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added yesterday6 views

CVE-2026-43707

A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger memory corruption due to improper memory handling, resulting in an unexpected process crash...

6.5CVSS6AI score0.00307EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-43676

A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger an out-of-bounds read due to improper bounds checking, resulting in an unexpected process crash...

6.5CVSS6AI score0.00257EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-43699

A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger a use-after-free due to improper memory management, resulting in an unexpected process crash...

6.5CVSS6AI score0.0024EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-43663

A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger a use-after-free due to improper memory handling, resulting in an unexpected process crash...

6.5CVSS6AI score0.00194EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-39872

A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger a use-after-free due to improper memory handling, resulting in an unexpected process crash...

6.5CVSS6AI score0.00194EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added yesterday6 views

CVE-2026-43715

A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger a use-after-free due to improper memory management, leading to memory corruption...

8.8CVSS7AI score0.0036EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added yesterday6 views

CVE-2026-43725

A flaw was found in WebKitGTK. A malicious website can process restricted web content outside the sandbox due to improper input validation, potentially allowing access to resources that should be restricted...

7.1CVSS7AI score0.00314EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-43701

A flaw was found in WebKitGTK. A malicious website can process restricted web content outside the sandbox due to improper checks, potentially allowing access to resources that should be restricted...

7.1CVSS6.9AI score0.00182EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-43705

A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger a type confusion due to improper checks, leading to memory corruption...

8.8CVSS6.9AI score0.00275EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added yesterday9 views

CVE-2026-33382

A flaw in Grafana's API endpoints allows remote attackers to send excessively large request bodies without authentication. This exhausts server memory, resulting in a complete denial of service DoS. Mitigation Deploy a reverse proxy or API gateway e.g., Nginx in front of Grafana configured to...

7.5CVSS6.1AI score0.0038EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added yesterday6 views

CVE-2026-59884

A flaw was found in pyasn1, a generic ASN.1 library for Python. The Basic Encoding Rules BER decoder, used by CER and DER codecs, processes long-form tags by accumulating continuation octets without an upper bound. A remote attacker can exploit this by providing a specially crafted input, leading...

7.5CVSS6.1AI score0.00354EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added yesterday7 views

CVE-2026-8609

A flaw was found in Grafana. An unauthenticated attacker can repeatedly access the OAuth login route with unique values. This can lead to unbounded memory growth, eventually exhausting system memory and causing the Grafana instance to crash. This results in a denial of service for legitimate user...

7.5CVSS6.1AI score0.00397EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added yesterday6 views

CVE-2026-5674

A flaw was found in PipeWire, a multimedia server. This vulnerability allows an attacker to escape sandboxed applications, such as Flatpak, by exploiting PipeWire's PulseAudio compatibility layer. An attacker with minimal permissions within a sandboxed environment can load a malicious library,...

8.8CVSS6.4AI score
Exploits0References3
RedhatCVE
RedhatCVE
added yesterday6 views

CVE-2026-30623

A flaw was found in LiteLLM. This vulnerability allows a remote attacker to execute arbitrary operating system commands on the host where LiteLLM is running. This is possible because the application's MCP server creation functionality processes JSON configurations that can include unvalidated...

9.8CVSS6.4AI score0.00322EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added yesterday6 views

CVE-2026-38974

A flaw was found in Dulwich. The contrib/paramikovendor.py component is missing Secure Shell SSH host key verification. This vulnerability allows a remote attacker to impersonate a legitimate Git server. By doing so, the attacker could potentially intercept sensitive information or execute...

8.8CVSS6.3AI score0.00145EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added yesterday6 views

CVE-2026-58659

A flaw was found in PyTorch Lightning. This vulnerability allows attackers to achieve remote code execution by crafting malicious checkpoint files. These files exploit a weakness in the loadstate function, which imports and executes attacker-controlled module names from checkpoint instantiator...

8.4CVSS6.4AI score0.00235EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-60082

A flaw was found in perl-DBI, a database interface for Perl. This vulnerability arises when the DBI library processes inconsistent data, specifically when a statement handle lacks fields but is associated with a non-empty data row. This inconsistency can cause the internal row-buffer to attempt...

9.1CVSS6AI score0.00653EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-60081

A flaw was found in DBI::ProfileData, a Perl module. This vulnerability allows an attacker to cause a Denial of Service DoS by providing a specially crafted input. The flaw exists because the software does not properly limit the path index when processing profile dump files, which can lead to...

7.5CVSS6.1AI score0.0063EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added yesterday6 views

CVE-2026-15043

A flaw was found in DBI::SQL::Nano, a mini-SQL engine for Perl. This vulnerability occurs because the engine incorrectly evaluates SQL operators for text comparisons, specifically inverting the logic for "less than or equal to" and "greater than or equal to" operations. This can lead to...

9.8CVSS6.1AI score0.00513EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added yesterday7 views

CVE-2026-15392

A flaw was found in DBD::File. The completetablename method, responsible for building absolute table file paths, does not verify if the file is a symbolic link. This oversight allows a local attacker to create a symbolic link within the data directory that points to an arbitrary file outside of t...

7.7CVSS6.1AI score0.00196EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added yesterday7 views

CVE-2026-45363

A flaw was found in ruby-jwt, a Ruby implementation of the RFC 7519 OAuth JSON Web Token JWT standard. A remote attacker can exploit this vulnerability by crafting a malicious token that is accepted due to an empty key being used in the HMAC Hash-based Message Authentication Code digest calculati...

9.1CVSS6.1AI score0.00242EPSS
Exploits0References8
Total number of security vulnerabilities206786