Lucene search
K
RedhatcveRecent

206304 matches found

RedhatCVE
RedhatCVE
•added 2026/06/15 8:35 a.m.•14 views

CVE-2026-45416

A flaw was found in Netty, a network application framework. A remote attacker can exploit this vulnerability by sending a crafted TLS Transport Layer Security ClientHello message. This can lead to an eager allocation of a large memory buffer, causing a Denial of Service DoS due to excessive memor...

7.5CVSS5.4AI score0.00461EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2026/06/15 8:35 a.m.•8 views

CVE-2026-44890

A flaw was found in netty-codec-redis. A remote attacker can exploit this vulnerability by sending specially crafted Redis payloads across multiple connections without proper termination. This can exhaust the server's direct memory pool, leading to a Denial of Service DoS condition where legitima...

7.5CVSS5AI score0.00371EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2026/06/15 8:35 a.m.•10 views

CVE-2026-44250

A flaw was found in netty-codec-redis. A remote attacker can exploit this vulnerability by sending a specially crafted Redis payload containing deeply nested arrays. This action forces the server to allocate a large number of state objects and collections, leading to memory exhaustion...

7.5CVSS5.4AI score0.00371EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2026/06/15 8:35 a.m.•9 views

CVE-2026-12216

A flaw was found in Duktape. A local attacker can exploit this vulnerability by manipulating the countinstr argument in dukapibytecode.c, leading to memory corruption. This could result in a denial of service or other impacts due to compromised memory integrity. Mitigation Mitigation for this iss...

5.3CVSS5.1AI score0.00112EPSS
Exploits0References8
RedhatCVE
RedhatCVE
•added 2026/06/15 8:35 a.m.•6 views

CVE-2026-11816

A flaw was found in Keras. Attackers can exploit a path traversal vulnerability in the archive extraction utilities, specifically filtersafetarinfos and filtersafezipinfos. This occurs because the validation of archive member paths is performed against the process's current working directory CWD...

8.1CVSS7.6AI score0.00518EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 2026/06/13 8:33 a.m.•13 views

CVE-2026-35058

A flaw was found in OpenVPN. This vulnerability, caused by improper validation of packet length during tls-crypt-v2 key extraction, allows an authenticated attacker to send a specially crafted packet. Successful exploitation can trigger a fatal assertion, leading to a denial of service DoS...

6.9CVSS5.1AI score0.00317EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2026/06/13 8:33 a.m.•11 views

CVE-2026-42535

A flaw was found in the moddavfs module of Apache HTTP Server. A WebDAV Web Distributed Authoring and Versioning content author could exploit a path handling issue to directly manipulate trusted DAV property databases. This manipulation could potentially lead to child process crashes, resulting i...

9.1CVSS5.2AI score0.00538EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/13 2:34 a.m.•16 views

CVE-2026-54055

A flaw was found in Kitty, a cross-platform GPU-based terminal. A local attacker, specifically a child process running within the terminal, can exploit a Time-of-Check-Time-of-Use TOCTOU race condition in the file transmission protocol. This allows the attacker to create a symbolic link between a...

5CVSS5AI score0.00072EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2026/06/13 2:34 a.m.•23 views

CVE-2026-45673

A flaw was found in Netty's DNS resolver component. This vulnerability arises from the use of a predictable pseudo-random number generator PRNG for DNS transaction IDs and a static User Datagram Protocol UDP source port. This combination significantly reduces the randomness of DNS queries, making...

6.8CVSS4.9AI score0.00256EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2026/06/13 2:34 a.m.•13 views

CVE-2026-54057

A flaw was found in Kitty, a cross-platform GPU-based terminal. An input sanitization vulnerability in Kitty's OSC 21 color-control query reply allows an attacker to inject controlled bytes, including newlines, directly into the shell's input. This could enable an attacker to execute arbitrary co...

7.8CVSS5.5AI score0.00166EPSS
Exploits1References2
RedhatCVE
RedhatCVE
•added 2026/06/13 2:34 a.m.•12 views

CVE-2026-44894

A flaw was found in Netty, specifically within the netty-codec-classes-quic component's NoQuicTokenHandler. A remote attacker can exploit this vulnerability by sending an Initial packet with any non-empty token bytes and a spoofed victim's IP address. This improper token validation causes the Net...

7.5CVSS5AI score0.00143EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/13 2:34 a.m.•20 views

CVE-2026-54056

A flaw was found in Kitty, a cross-platform GPU based terminal. A remote attacker can exploit a vulnerability in the kitten dnd feature by sending a specially crafted drag-and-drop request. This allows the attacker to overwrite or truncate arbitrary files on the local system that are writable by...

7.6CVSS5AI score0.00268EPSS
Exploits1References2
RedhatCVE
RedhatCVE
•added 2026/06/13 2:34 a.m.•12 views

CVE-2026-48059

A flaw was found in the Netty HAProxy PROXY protocol v2 codec. A remote attacker can exploit this vulnerability by sending a specially crafted HAProxy PROXY protocol v2 header with nested PP2TYPESSL type-length-value TLV records. This can lead to a memory leak, causing the underlying cumulation...

8.7CVSS5.1AI score0.0059EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2026/06/13 2:34 a.m.•12 views

CVE-2026-48748

A flaw was found in Netty. A remote attacker can exploit a memory exhaustion vulnerability in the Netty HTTP/3 codec by creating an infinite number of blocked streams. This can lead to an Out Of Memory OOM error, resulting in a Denial of Service DoS for the affected system. Mitigation Mitigation...

7.5CVSS5AI score0.00366EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/13 2:34 a.m.•12 views

CVE-2026-48043

A flaw was found in netty-codec-http2. A remote attacker could send specially crafted frames that cause a resource leak within the DelegatingDecompressorFrameListener class. This resource leak could lead to an Out Of Memory Error OOME, potentially causing a Denial of Service DoS by taking down th...

7.5CVSS5AI score0.00578EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2026/06/13 2:34 a.m.•15 views

CVE-2026-42850

A flaw was found in Kitty, a cross-platform GPU based terminal. A remote attacker could exploit this vulnerability by sending a specially crafted escape code to a victim who is connected to the attacker via a program like netcat. This escape code triggers an unescaped error that is then executed ...

8.8CVSS5.6AI score0.00287EPSS
Exploits1References2
RedhatCVE
RedhatCVE
•added 2026/06/13 2:34 a.m.•12 views

CVE-2026-42851

A flaw was found in Kitty, a cross-platform GPU-based terminal. A local attacker, or a remote attacker who can control output displayed in the terminal, could exploit this vulnerability. By sending specially crafted input to the terminal, the attacker can cause Kitty to execute arbitrary Python...

7.8CVSS5.8AI score0.00164EPSS
Exploits1References2
RedhatCVE
RedhatCVE
•added 2026/06/13 2:34 a.m.•13 views

CVE-2026-44893

A flaw was found in netty-codec-haproxy, a component of the Netty network application framework. A remote attacker can exploit this vulnerability by sending a specially crafted HAProxy message with a malformed PP2TYPESSL TLV Type-Length-Value header. This can lead to an IndexOutOfBoundsException...

7.5CVSS5AI score0.00578EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2026/06/12 8:34 p.m.•12 views

CVE-2026-42567

A flaw was found in Svelte, a web framework. An internal regular expression regex in the Svelte runtime, specifically when processing , can be exploited by a remote attacker. By providing specially crafted input, an attacker can cause the regex to take an exponential amount of time to process,...

7.5CVSS5.4AI score0.00421EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/12 8:34 p.m.•12 views

CVE-2026-10142

A flaw was found in kafka-python. A malicious broker or a machine-in-the-middle attacker can exploit a denial-of-service vulnerability in the protocol parser. By sending a specially crafted 4-byte frame length value without proper bounds validation, an attacker can trigger excessive memory...

8.7CVSS5.2AI score0.00348EPSS
Exploits0References7
RedhatCVE
RedhatCVE
•added 2026/06/12 2:35 p.m.•11 views

CVE-2026-48855

A flaw was found in Erlang OTP ssh, specifically within the sshsftpd module. An authenticated SFTP client can exploit this vulnerability by creating a symbolic link symlink inside a restricted directory chroot that points to the root directory. When the client reads this symlink, the sshsftpd...

6.5CVSS5.2AI score0.00277EPSS
Exploits0References8
RedhatCVE
RedhatCVE
•added 2026/06/12 2:35 p.m.•10 views

CVE-2026-46433

A flaw was found in lldpd, an implementation of IEEE 802.1ab LLDP. A remote attacker on the adjacent network can send specially crafted Ethernet frames with 802.1Q VLAN Virtual Local Area Network tags. This can cause a 4-byte heap buffer over-read, leading to a denial of service DoS due to an...

6.5CVSS5.5AI score0.00225EPSS
Exploits0References7
RedhatCVE
RedhatCVE
•added 2026/06/12 2:35 p.m.•21 views

CVE-2026-44631

A flaw was found in Apache HTTP Server. This buffer underwrite vulnerability occurs when processing crafted regular expressions in the server's configuration. An attacker could potentially exploit this to cause a denial of service. Mitigation Only loadtrustedApache configuration; the bug triggers...

9.8CVSS5.4AI score0.00486EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/12 2:35 p.m.•9 views

CVE-2026-44119

A flaw was found in Apache HTTP Server. This improper privilege management vulnerability allows local .htaccess authors to read files with the privileges of the httpd user. This could lead to unauthorized information disclosure...

5.5CVSS5.2AI score0.00171EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/12 2:35 p.m.•8 views

CVE-2026-41843

A flaw was found in Spring Framework. Specifically, Spring MVC and WebFlux applications are vulnerable to a Path Traversal attack. This vulnerability allows a remote attacker to access sensitive files or directories on the server by manipulating requests for static resources. The successful...

5.9CVSS5.3AI score0.00341EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/12 2:35 p.m.•11 views

CVE-2026-29170

A flaw was found in Apache HTTP Server, specifically within the modproxyftp module. This cross-site scripting XSS vulnerability occurs during the generation of HTML directory lists when the server is configured to list FTP directory contents via either a forward or reverse proxy. An attacker coul...

6.1CVSS5AI score0.00504EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/12 2:35 p.m.•8 views

CVE-2026-2049

A flaw was found in GIMP. This heap-based buffer overflow vulnerability, located in the HDR file parsing component, allows a remote attacker to execute arbitrary code. User interaction is required for exploitation, as the target must open a malicious HDR file. The flaw occurs due to a lack of...

7.8CVSS7.9AI score0.00615EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/12 9:48 a.m.•14 views

CVE-2026-44249

A flaw was found in netty-handler, a component of the Netty network application framework. A remote attacker can exploit an incorrect masking operation in the IpSubnetFilterRule.compareTo function to bypass configured IPv6 subnet rules. This allows valid public IP addresses to circumvent intended...

8.1CVSS5AI score0.00552EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2026/06/12 9:42 a.m.•12 views

CVE-2026-48914

A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges could exploit this vulnerability by submitting a malformed virtio-blk SCSI request, leading to an...

6.7CVSS5.2AI score0.00121EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/12 9:42 a.m.•9 views

CVE-2026-53463

A flaw was found in ImageMagick. When processing images, a remote attacker could provide incorrect arguments to the distort operation, leading to a null pointer dereference. This vulnerability can cause the application to crash, resulting in a Denial of Service DoS for affected systems...

6.5CVSS5.3AI score0.00187EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/12 9:38 a.m.•9 views

CVE-2026-47166

A flaw was found in ImageMagick, a widely used software for image editing. An attacker with high privileges and local access could exploit a vulnerability in the magick -distribute-cache service. By causing a heap buffer over-read, this could lead to the disclosure of sensitive information and...

6CVSS5.3AI score0.00093EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/12 9:28 a.m.•11 views

CVE-2026-11945

A flaw was found in PostgreSQL Anonymizer. A local user with privileges to create JSON documents can embed malicious code within a specific key-value pair. If a superuser subsequently invokes the importdatabaserules or importrolesrules functions, this malicious code will be executed with superuse...

7.5CVSS5.5AI score0.00247EPSS
Exploits1References2
RedhatCVE
RedhatCVE
•added 2026/06/12 9:10 a.m.•11 views

CVE-2026-48998

A flaw was found in guzzlehttp/psr7, a PHP library for HTTP messages. A remote attacker could exploit improper validation of the Host header. By providing a specially crafted Host header, an attacker could cause the system to misinterpret the intended destination. This could lead to requests or...

5.3CVSS5.4AI score0.00198EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/12 8:49 a.m.•6 views

CVE-2026-11623

A flaw was found in tmux. A local attacker could exploit a use-after-free vulnerability in the imagefree function, potentially leading to information disclosure or denial of service. Exploitation of this flaw is considered difficult due to its high complexity...

4.5CVSS4.9AI score0.00124EPSS
Exploits0References11
RedhatCVE
RedhatCVE
•added 2026/06/12 8:48 a.m.•12 views

CVE-2026-52859

A flaw was found in Vim, an open-source command-line text editor. This vulnerability allows a program displaying output in a Vim terminal window to trigger an out-of-bounds write by sending a specific byte sequence. This can lead to a crash of the Vim application, resulting in a Denial of Service...

8.2CVSS5.2AI score0.00303EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2026/06/12 8:39 a.m.•7 views

CVE-2026-46557

A flaw was found in ImageMagick. A local attacker could exploit a missing depth check in the fx operation by providing a specially crafted argument. This could lead to a stack overflow, resulting in a denial of service DoS for the application...

6.2CVSS5.1AI score0.0012EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/12 8:23 a.m.•10 views

CVE-2026-46692

A flaw was found in ImageMagick, a free and open-source software used for editing and manipulating digital images. A remote attacker, by connecting to a magick -distribute-cache service, can trigger a heap buffer over-write in the server process. This vulnerability can lead to a denial of service...

5.9CVSS5.4AI score0.00092EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/12 6:29 a.m.•10 views

CVE-2026-49219

A flaw was found in ImageMagick, a free and open-source software used for editing and manipulating digital images. An attacker with local access could exploit an incorrect parsing of filenames to bypass security policies. This could allow the attacker to read files that are otherwise disallowed b...

5.5CVSS5.4AI score0.00128EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/12 6:13 a.m.•19 views

CVE-2026-46693

A flaw was found in ImageMagick. An attacker able to connect to a magick -distribute-cache service could exploit a race condition to hijack a file descriptor in the server process. This could lead to unauthorized access to sensitive information...

4.4CVSS5.4AI score0.00077EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/12 4:42 a.m.•12 views

CVE-2026-45287

A flaw was found in OpenTelemetry-Go before schema package version 0.0.17. ParseFile in go.opentelemetry.io/otel/schema/v1.0 and v1.1 opens a schema file and passes it to Parse without closing it, leaking one file descriptor per successful call. Repeated parsing in a long-running process can...

5.5CVSS5.7AI score0.00168EPSS
Exploits1References6
RedhatCVE
RedhatCVE
•added 2026/06/12 1:32 a.m.•9 views

CVE-2026-44494

A flaw was found in Axios. This vulnerability, a Prototype Pollution "Gadget" attack, allows an attacker to escalate any existing Object.prototype pollution in an application's dependency tree into a full Man-in-the-Middle MITM attack. This enables the attacker to intercept, read, and modify all...

8.7CVSS5.1AI score0.01041EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2026/06/12 1:13 a.m.•11 views

CVE-2026-44496

A flaw was found in Axios. A remote attacker, by influencing the XSRF cookie name in a browser environment, could cause the application to construct a regular expression that leads to excessive processing. This can result in a client-side Denial of Service DoS, where the affected browser tab may...

7.5CVSS5.1AI score0.00645EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2026/06/12 1:13 a.m.•10 views

CVE-2026-44492

A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not properly normalize IPv4-mapped IPv6 addresses. When a NOPROXY setting is configured to block direct access to specific IPv4 addresses, an attacker can bypass this restriction by using the...

8.6CVSS5AI score0.00921EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2026/06/12 1:9 a.m.•12 views

CVE-2026-44487

A flaw was found in Axios. During specific proxy-to-direct redirect flows in the Node.js HTTP adapter, a remote attacker could exploit this vulnerability. The Proxy-Authorization header, which contains proxy credentials and is intended only for the outbound proxy, may be forwarded to the final...

8.2CVSS5.1AI score0.00689EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2026/06/12 1:9 a.m.•9 views

CVE-2026-44486

A flaw was found in Axios, a promise-based HTTP client, specifically in its Node.js HTTP adapter. When Axios is configured to use an authenticated proxy and follows a redirect, it may inadvertently send the Proxy-Authorization header, containing proxy credentials, to the redirect target. This can...

7.5CVSS5.1AI score0.00552EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2026/06/11 11:59 p.m.•11 views

CVE-2026-44488

A flaw was found in Axios, a promise-based HTTP client. When using the fetch adapter, Axios did not properly enforce configured request and response size limits. This vulnerability allows a remote attacker, through a malicious or compromised server, or by supplying a large data URL, to send or...

7.5CVSS5.1AI score0.0063EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2026/06/11 11:36 p.m.•10 views

CVE-2026-44495

A flaw was found in Axios, a promise-based HTTP client. This vulnerability involves prototype pollution gadgets in the request configuration processing. If another vulnerability has already polluted the Object.prototype.transformResponse, affected Axios versions may incorrectly interpret this...

7CVSS5AI score0.00495EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/11 11:14 p.m.•12 views

CVE-2026-44490

A flaw was found in Axios, a promise-based HTTP client. This vulnerability, known as prototype pollution, allows an upstream dependency to modify the fundamental behavior of JavaScript objects. When this occurs, Axios can unknowingly incorporate these altered values, leading to two potential...

8.2CVSS5.1AI score0.00287EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2026/06/11 11:14 p.m.•12 views

CVE-2026-44489

A flaw was found in Axios, a promise-based HTTP client. A remote attacker could exploit a prototype pollution vulnerability, which occurs when nested objects are created without proper checks, allowing an attacker to inject malicious properties into Object.prototype. This vulnerability specifical...

5.3CVSS5.1AI score0.00228EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2026/06/11 6:14 p.m.•10 views

CVE-2026-53439

A flaw was found in Jenkins. Missing permission checks allow an attacker with Overall/Read permission to determine other users' configured timezone. This vulnerability also enables the attacker to enumerate the view names of other users' "My Views", leading to information disclosure. Mitigation...

4.3CVSS5.1AI score0.00234EPSS
Exploits0References4
Total number of security vulnerabilities206304