Lucene search
K
RedhatcveRecent

206286 matches found

RedhatCVE
RedhatCVE
•added 2 days ago•5 views

CVE-2026-48913

A flaw was found in the Apache HTTP Server's modhttp2 module. This vulnerability, known as a Use After Free, occurs when the server's file handles are exhausted. An attacker could potentially exploit this to cause a denial of service or, in some cases, execute arbitrary code, leading to system...

7.3CVSS6AI score0.00461EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2 days ago•9 views

CVE-2026-56016

A flaw was found in perl-CGI-Session. This vulnerability allows a remote attacker to predict session identifiers due to the use of low-entropy sources in the generateid method. By predicting a session identifier, an attacker can impersonate a user's session, leading to a bypass of authentication...

7.4CVSS5.7AI score0.00322EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2 days ago•5 views

CVE-2026-57452

A flaw was found in Vim, an open source command-line text editor. When opening a specially crafted encrypted file using the VimCrypt04! or VimCrypt05! methods, an attacker could trigger an unsigned length calculation error. This issue leads to an out-of-bounds read, causing Vim to crash and...

5.5CVSS5.9AI score0.0012EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2 days ago•6 views

CVE-2026-57451

A flaw in Vim allows an attacker to cause a Denial of Service DoS via an application crash. If a user opens a maliciously crafted undo file, an out-of-bounds read is triggered in the gettextprops function due to missing length validation on property counts. Mitigation Users are advised to avoid...

6.1CVSS5.8AI score0.00113EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2 days ago•5 views

CVE-2026-53540

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.31, parseform did not validate the Content-Length header before using it to bound its chunked read of the request body. A negative Content-Length turned the bounded read into a read-until-EOF, so the entire body was loaded...

3.7CVSS5.8AI score0.00217EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2 days ago•6 views

CVE-2026-14101

An insufficient policy enforcement flaw was found in the Sandbox component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513454805...

9.6CVSS5.7AI score0.00223EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2 days ago•6 views

CVE-2026-55895

A flaw was found in Vim, specifically within the netrw plugin. A local user could exploit a Vimscript code injection vulnerability by attempting to delete a specially crafted local file from the browser. This crafted filename, containing a bar character, could be interpolated into an Ex command,...

8.4CVSS6.4AI score0.00154EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2 days ago•7 views

CVE-2026-44018

A flaw was found in Docling, a tool for document processing. The METS-GBS backend, responsible for parsing XML and detecting document formats, lacked sufficient security controls. This allowed an attacker to create specially crafted METS-GBS archives. When these archives were processed, they coul...

7.1CVSS5.8AI score0.00113EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2 days ago•7 views

CVE-2026-40989

A flaw was found in Spring Cloud Function. An attacker could send a specially crafted request that triggers infinite recursion in the routing layer. This can lead to an Out Of Memory OOM error, causing a Denial of Service DoS condition where the application becomes unresponsive...

6.5CVSS5.7AI score0.00211EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2 days ago•7 views

CVE-2026-13484

A flaw was found in MLflow. This vulnerability, located in the Experiment-scoped Label Schema CRUD API, allows a remote attacker to exploit missing authorization. This could lead to unauthorized access or manipulation of data within the affected component. The attack has a high complexity, making...

8.8CVSS5.8AI score0.00263EPSS
Exploits1References10
RedhatCVE
RedhatCVE
•added 3 days ago•6 views

CVE-2026-50193

A flaw was found in jackson-databind, a general-purpose data-binding library for Jackson Data Processor. A remote attacker can exploit this vulnerability by sending deeply nested JSON JavaScript Object Notation data to a service that reads and processes it. This can lead to a Denial of Service Do...

7.5CVSS5.7AI score0.00616EPSS
Exploits1References6
RedhatCVE
RedhatCVE
•added 3 days ago•7 views

CVE-2026-54516

A flaw was found in jackson-databind. This vulnerability allows a remote attacker to bypass security controls by exploiting an issue in how properties are handled when both @JsonProperty for renaming and @JsonIgnore for ignoring annotations are used. By supplying a specially crafted JSON key, an...

5.3CVSS5.7AI score0.00282EPSS
Exploits0References8
RedhatCVE
RedhatCVE
•added 3 days ago•6 views

CVE-2026-54517

A flaw was found in jackson-databind. A remote attacker can exploit this vulnerability due to an issue in how active-view @JsonView filters are applied. Specifically, setterless collections annotated with a restricted @JsonView can be populated from attacker-controlled JSON even when the active...

5.3CVSS5.7AI score0.00237EPSS
Exploits0References8
RedhatCVE
RedhatCVE
•added 3 days ago•7 views

CVE-2026-54518

A flaw was found in jackson-databind. This vulnerability allows a remote attacker to bypass security view restrictions by sending specially crafted JSON JavaScript Object Notation data. The UnwrappedPropertyHandler component, which processes unwrapped properties, incorrectly populates constructor...

6.5CVSS5.7AI score0.00211EPSS
Exploits0References8
RedhatCVE
RedhatCVE
•added 3 days ago•8 views

CVE-2026-54514

A flaw was found in jackson-databind, a library used for processing JSON data. This vulnerability allows a remote attacker to force the application to perform an attacker-chosen DNS Domain Name System query. This occurs when untrusted JSON input containing specific network address information is...

5.3CVSS5.7AI score0.00219EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 3 days ago•6 views

CVE-2026-54512

A flaw was found in jackson-databind. This vulnerability allows a remote attacker to bypass the PolymorphicTypeValidator PTV when polymorphic typing is enabled and a type identifier contains generic parameters. By crafting a malicious type ID, an attacker can place a denied class as a generic typ...

8.1CVSS5.9AI score0.00617EPSS
Exploits1References6
RedhatCVE
RedhatCVE
•added 3 days ago•7 views

CVE-2026-54515

A flaw was found in jackson-databind. This vulnerability occurs in the data-binding functionality where properties intended to be ignored are incorrectly restored and become writable again. An attacker could potentially exploit this by providing input that modifies data through these supposedly...

5.3CVSS5.6AI score0.00345EPSS
Exploits0References7
RedhatCVE
RedhatCVE
•added 3 days ago•7 views

CVE-2026-55607

A flaw was found in Claude Code, an agentic coding tool, in its handling of worktrees. This vulnerability allowed the creation of specially named worktrees and navigation outside of the intended secure environment, leading to what is known as a 'git directory confusion attack'. By manipulating...

8.8CVSS6.1AI score0.0071EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 3 days ago•5 views

CVE-2026-13455

A flaw was found in PostgreSQL Anonymizer. Unprivileged masked users can repeatedly call the anon.hash function to collect seed and hash output pairs. This allows an attacker to perform an offline brute-force attack to deduce the salt, potentially leading to information disclosure. Mitigation...

4.3CVSS5.6AI score0.00118EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 3 days ago•5 views

CVE-2026-13573

A flaw was found in llvm. A local attacker could exploit a stack-based buffer overflow vulnerability in the llvm::StringMap::insert function. This manipulation could lead to a denial of service, making the affected system or application unavailable. Mitigation Mitigation for this issue is either...

4.8CVSS5.9AI score0.00124EPSS
Exploits0References10
RedhatCVE
RedhatCVE
•added 3 days ago•7 views

CVE-2026-57231

A flaw was found in Podman, a tool for managing OCI containers and pods. A malicious container image can be crafted with an environment variable that has a key but no value, or an asterisk , to trick Podman. This vulnerability causes Podman to pass host environment variables into the container...

7.5CVSS5.6AI score0.0026EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 3 days ago•7 views

CVE-2026-54475

A flaw was found in Apache ActiveMQ. Temporary destinations, which are designed to be private to a specific connection, can be accessed by other connections due to a missing authorization check. This allows an unauthorized connection to consume messages from another connection's temporary...

8.2CVSS5.6AI score0.00377EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 3 days ago•5 views

CVE-2026-56018

A flaw was found in JavaScript::Minifier::XS. Repeated calls to the minify function can lead to a memory leak, causing unbounded memory growth. This can result in the affected process consuming all available memory, leading to its termination and a Denial of Service DoS for users of the component...

7.5CVSS5.6AI score0.00609EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 3 days ago•6 views

CVE-2026-53916

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. An unauthenticated client that opens a STOMP NIO connection can send header bytes that never terminate which makes the broker buffer them without limit, exhausting the JVM hea...

7.5CVSS5.8AI score0.00524EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 3 days ago•5 views

CVE-2026-53917

A flaw was found in Apache ActiveMQ. An authenticated user can exploit this vulnerability by sending a specially crafted OpenWire Message with an excessively large encoded size value for the message property map. This lack of size validation during unmarshaling can lead to an out-of-memory error,...

7.5CVSS5.6AI score0.00524EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 3 days ago•6 views

CVE-2026-50734

A flaw was found in Apache ActiveMQ. An unauthenticated network attacker can exploit this vulnerability by sending a specially crafted WireFormatInfo frame with an excessively large size value. This unvalidated value causes the broker to attempt an oversized memory allocation during...

7.5CVSS5.6AI score0.00524EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 3 days ago•6 views

CVE-2026-53606

A flaw was found in sanitize-html, an HTML sanitizer library. This vulnerability allows a remote attacker to perform Cross-Site Scripting XSS attacks. The issue occurs because the sanitizer does not properly validate dangerous URI schemes, such as javascript:, when they are used in certain HTML...

5.4CVSS5.8AI score0.00136EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 3 days ago•10 views

CVE-2026-49434

A flaw was found in Apache ActiveMQ. An attacker with privileges to publish or modify entries in Lightweight Directory Access Protocol LDAP can exploit an improper input validation vulnerability. This allows the attacker to instantiate denied transports within the broker's Java Virtual Machine JV...

7.6CVSS5.6AI score0.00398EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 3 days ago•9 views

CVE-2026-49432

A flaw was found in Apache ActiveMQ. A remote, unauthenticated attacker can exploit an improper input validation vulnerability by sending a specially crafted message with a negative content-length to an exposed STOMP connector. This can lead to a denial of service DoS condition, either by consumi...

7.5CVSS5.6AI score0.00524EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 3 days ago•9 views

CVE-2026-29167

A flaw was found in Apache HTTP Server when using the modldap module in a per-directory configuration. This use-after-free vulnerability allows a remote attacker to potentially execute arbitrary code or cause a denial of service DoS due to improper memory handling. This could lead to system...

9.8CVSS6.2AI score0.00663EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 3 days ago•12 views

CVE-2026-50750

A flaw was found in Apache ActiveMQ. An unauthenticated remote attacker can exploit this vulnerability by repeatedly sending BrokerInfo commands without corresponding ConnectionInfo commands. This can lead to an Out of Memory condition, causing the broker to crash and resulting in a Denial of...

7.5CVSS5.7AI score0.00495EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 3 days ago•5 views

CVE-2026-45822

A flaw was found in the decode-uri-component library. This vulnerability allows a remote attacker to trigger a Denial of Service DoS by submitting specially crafted input. The decode function, when processing a large number of encoded URI components, consumes excessive CPU resources, which can le...

8.7CVSS5.8AI score0.00304EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 3 days ago•5 views

CVE-2026-13149

A flaw was found in brace-expansion. An attacker can exploit a vulnerability in the expand function by providing a specially crafted string. This string, containing consecutive non-expanding brace groups, can trigger exponential-time complexity, leading to significant CPU consumption and event-lo...

8.7CVSS5.8AI score0.00361EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 3 days ago•7 views

CVE-2026-53433

A flaw was found in fzf, a command-line fuzzy finder. This vulnerability allows a remote attacker to cause a Denial of Service DoS by sending a crafted POST request with many small segments to the --listen mode. The inefficient HTTP body processing, which uses repeated string concatenation, leads...

7.5CVSS5.8AI score0.00111EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 3 days ago•7 views

CVE-2026-53432

A flaw was found in fzf. An integer overflow vulnerability exists in the FuzzyMatchV2 function when processing exceptionally long input lines and patterns. This can lead to the application terminating unexpectedly with a non-recoverable panic, resulting in a Denial of Service DoS. A local user...

7.5CVSS5.8AI score0.00138EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 3 days ago•7 views

CVE-2026-12243

A flaw was found in NLTK. An attacker can exploit a path traversal vulnerability by providing specially crafted input to nltk.data.load or nltk.data.find. This allows the attacker to read arbitrary files accessible to the Python process, leading to information disclosure. The vulnerability arises...

7.5CVSS7.2AI score0.0051EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 3 days ago•7 views

CVE-2026-12893

A flaw was found in the GStreamer gst-libav plugin. A NULL pointer dereference in the demuxer error handler can be triggered when processing malformed media files, such as crafted Musepack .mpc files. When a user or application opens such a file using GStreamer, the application crashes, resulting...

5.5CVSS5.7AI score
Exploits0References4
RedhatCVE
RedhatCVE
•added 3 days ago•7 views

CVE-2026-46406

A flaw was found in Claude Code. The /copy command created responses in a predictable, world-readable temporary file without proper isolation or symlink protection. This allowed a local unprivileged user to read sensitive information from a privileged user's Claude response, potentially containin...

6.8CVSS6AI score0.00149EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 3 days ago•5 views

CVE-2026-12388

A flaw was found in the Identity Provider IdP mapper component of Keycloak, which is used to manage how user information from external services is mapped to Keycloak users. An administrator with limited permissions to manage identity providers can exploit this flaw by creating a "Hardcoded Role"...

6.5CVSS5.6AI score0.00233EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 3 days ago•7 views

CVE-2026-14209

A vulnerability was discovered in Keycloak's Admin UI extension that allows certain administrative users to bypass security restrictions. When Fine-Grained Admin Permissions FGAPv2 are enabled, an administrator who should only be able to search for users but not view their full details can use a...

4.3CVSS5.6AI score0.00173EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 3 days ago•9 views

CVE-2026-40987

A flaw was found in Spring Integration. A malicious or compromised FTP File Transfer Protocol, SFTP SSH File Transfer Protocol, or SMB Server Message Block server can exploit this vulnerability. This allows the server to write arbitrary files with attacker-controlled content to any location on th...

7.1CVSS6.2AI score0.0021EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 3 days ago•5 views

CVE-2026-13316

A flaw has been found in foreman when HTTP parameters are modified in httpproxiescontroller and httpproxy files. Attackers can perform an SSRF attack and steal cloud metadata service on AWS/GCP/Azure environment through foreman component. Mitigation Mitigation for this issue is either not availab...

4.4CVSS5.6AI score0.00109EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 3 days ago•8 views

CVE-2026-12610

A flaw was found in sssd. When authenticating with a YubiKey, the SSSD PAM responder can crash due to a use-after-free vulnerability, where a memory pointer is incorrectly handled. A local attacker could exploit this flaw by manipulating smartcard or YubiKey contents, leading to a denial of servi...

6.4CVSS5.8AI score0.00155EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 3 days ago•8 views

CVE-2026-53537

A flaw was found in Python-Multipart. This vulnerability allows a remote attacker to bypass security controls by exploiting a difference in how Content-Disposition and Content-Type headers are parsed. Specifically, the parseoptionsheader function incorrectly applies RFC 2231/5987 decoding, which ...

5.3CVSS5.8AI score0.00177EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 3 days ago•10 views

CVE-2026-55276

A flaw was found in Apache Tomcat. Due to an always-incorrect control flow implementation, special roles and empty authorization constraints were not accurately included when the effective web.xml configuration was logged. This could lead to a security oversight where administrators might...

9.1CVSS5.8AI score0.00285EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 3 days ago•18 views

CVE-2026-53434

A flaw was found in Apache Tomcat. When configuring Certificate Revocation Lists CRLs for a FFM presumably a specific type of connector, the system fails to detect and act upon an error condition. This oversight could lead to unexpected behavior or a security bypass, as the intended security...

9.1CVSS5.7AI score0.00285EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 3 days ago•9 views

CVE-2026-53316

In the Linux kernel, the following vulnerability has been resolved: drm/amd/ras: Fix NULL deref in rascorerasinterruptdetected Fixes a NULL pointer dereference when rascore is NULL and rascore-dev is accessed in the error path. Reported by: Dan Carpenter...

5.5CVSS5.7AI score0.00145EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 3 days ago•10 views

CVE-2026-56130

A flaw was found in Apache Shiro. When the 'Remember me' functionality is enabled, the server does not verify the age of the 'Remember me' cookie. This allows a remote attacker to intercept a valid cookie and reuse it indefinitely, potentially leading to session hijacking. Mitigation Mitigation f...

3CVSS5.7AI score0.00224EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 3 days ago•5 views

CVE-2026-53314

In the Linux kernel, the following vulnerability has been resolved: padata: Put CPU offline callback in ONLINE section to allow failure syzbot reported the following warning: DEAD callback error for CPU1 WARNING: kernel/cpu.c:1463 at cpudown+0x759/0x1020 kernel/cpu.c:1463, CPU0: syz.0.1960/14614 ...

5.5CVSS5.7AI score0.00161EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 3 days ago•6 views

CVE-2026-49271

A flaw was found in libheif, a decoder and encoder for HEIF and AVIF file formats. A remote attacker could exploit this vulnerability by providing a specially crafted HEIF file. The uncompressed HEIF decoder's validation of icef compressed-unit offsets can experience an integer wrap-around. This...

6.5CVSS5.8AI score0.00199EPSS
Exploits0References4
Total number of security vulnerabilities206286