Lucene search
K
RedhatcveRecent

206304 matches found

RedhatCVE
RedhatCVE
•added 5 hours ago•7 views

CVE-2026-56369

A vulnerability has been identified in ImageMagick, a software tool used to create, edit, and convert image files. This flaw allows a remote attacker to potentially decrypt and view images that were supposed to be securely encrypted by the software, leading to an unauthorized disclosure of...

6.3CVSS5.9AI score0.00229EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 5 hours ago•6 views

CVE-2026-20213

A flaw was found in ClamAV. An unauthenticated, remote attacker could exploit this vulnerability by submitting a specially crafted file containing Portable Executable PE content for scanning. This is due to improper boundary checks during the scanning process, which may lead to an out-of-bounds...

7.5CVSS6AI score0.00463EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 6 hours ago•5 views

CVE-2026-14615

A flaw was found in the Fine-Grained Admin Permissions FGAP v2 implementation within Keycloak's administrative services. When FGAP v2 is enabled, the system fails to properly filter child groups based on the caller's specific permissions when requested through a parent group. This allows a...

4.3CVSS5.9AI score
Exploits0References3
RedhatCVE
RedhatCVE
•added 6 hours ago•5 views

CVE-2026-14614

A flaw was found in the ClientResource component of Keycloak's admin services when Fine-Grained Admin Permissions FGAP v2 is enabled. This issue allows a delegated administrator, who should only have limited control over specific clients, to attach or remove hidden client scopes that they are not...

5.4CVSS5.9AI score
Exploits0References3
RedhatCVE
RedhatCVE
•added 6 hours ago•5 views

CVE-2026-14612

Two off-by-one errors in the FreeIPA ipa-otpd daemon's OAuth2 device authorization handler can cause out-of-bounds memory access when processing an oversized response from a configured external OAuth2/OIDC Identity Provider. An attacker who controls or can man-in-the-middle the IdP endpoint may b...

4.2CVSS5.9AI score
Exploits0References3
RedhatCVE
RedhatCVE
•added 6 hours ago•5 views

CVE-2026-14613

A vulnerability was discovered in Keycloak's administrative interface that allows certain administrators to see information about groups they shouldn't have access to. When the new Fine-Grained Admin Permissions FGAP v2 are turned on, an administrator who is allowed to see a specific "role" can...

4.3CVSS6AI score
Exploits0References3
RedhatCVE
RedhatCVE
•added 7 hours ago•5 views

CVE-2026-20243

A flaw was found in ClamAV's ALZ file format parser. An unauthenticated, remote attacker can exploit this vulnerability by submitting a specially crafted ALZ Archived Link Zipped file for scanning. This improper handling of ALZ files can lead to memory corruption, causing the ClamAV scanning...

7.5CVSS5.9AI score0.00389EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 7 hours ago•5 views

CVE-2026-55223

A flaw was found in c3p0, a JDBC Connection pooling library. This vulnerability allows a remote attacker to potentially execute arbitrary code by crafting a malicious data source object. When an application deserializes this object and automatically resolves its properties, it can trigger...

7.5CVSS6.3AI score0.00284EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 8 hours ago•6 views

CVE-2026-20244

A flaw was found in ClamAV's DMG file format parser. An unauthenticated, remote attacker can exploit this vulnerability by submitting a specially crafted DMG file for scanning. Improper boundary checks during the scanning process can lead to an integer overflow, primarily affecting 32-bit...

7.5CVSS7AI score0.00389EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 8 hours ago•5 views

CVE-2026-20214

A flaw was found in ClamAV. An unauthenticated, remote attacker could exploit a vulnerability in the FSG file format parser by submitting a specially crafted file for scanning. This improper handling of FSG files can lead to an out-of-bounds buffer write, causing memory corruption. A successful...

7.5CVSS7.2AI score0.00463EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 9 hours ago•4 views

CVE-2026-20217

A flaw was found in ClamAV. An unauthenticated, remote attacker can exploit a vulnerability in the PESpin file format parser by submitting a specially crafted file. This flaw, caused by improper boundary checks, leads to an out-of-bounds buffer write and memory corruption. A successful exploit ca...

7.5CVSS7.1AI score0.00389EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 9 hours ago•4 views

CVE-2026-20215

A flaw was found in ClamAV's 7z file format parser. An unauthenticated, remote attacker could exploit this vulnerability by submitting a specially crafted 7z file for scanning. This improper handling of 7z files can lead to memory corruption, allowing the attacker to cause a Denial of Service DoS...

7.5CVSS7AI score0.00389EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 9 hours ago•4 views

CVE-2026-57456

There is a security flaw in Vim. If you use Vim to open a malicious file written by a hacker, and you use the auto-complete feature while typing, the file can secretly force your computer to run unauthorized commands or malware. Mitigation To mitigate this vulnerability, users should avoid openin...

8.4CVSS6AI score0.00144EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 10 hours ago•7 views

CVE-2026-38969

A flaw was found in WEBrick, a Ruby web server toolkit. This vulnerability allows a remote attacker to perform request smuggling by manipulating the Content-Length header in HTTP/1.1 requests. WEBrick incorrectly re-parses the trailer Content-Length, leading to a desynchronization between the pro...

6.5CVSS5.9AI score
Exploits0References6
RedhatCVE
RedhatCVE
•added 11 hours ago•6 views

CVE-2026-13574

A flaw was found in llvm. A local attacker could exploit a heap-based buffer overflow vulnerability in the GCRelocateInst::getBasePtr function within the Bitcode File Handler component. This flaw could lead to a denial of service, making the affected system unavailable...

4.8CVSS6.1AI score0.00124EPSS
Exploits0References10
RedhatCVE
RedhatCVE
•added 11 hours ago•5 views

CVE-2026-55952

A flaw was found in Erlang/OTP's SSL Secure Sockets Layer application. An unauthenticated remote attacker can send a specially crafted ClientHello message to a TLS 1.3 server with session tickets enabled. This can permanently disrupt the server's ability to handle session tickets, leading to a...

8.2CVSS6AI score
Exploits0References10
RedhatCVE
RedhatCVE
•added 11 hours ago•6 views

CVE-2026-12480

A flaw was found in Keras. An attacker can craft a malicious model archive or weights file containing a Virtual Dataset VDS that references external files on a victim's system. When a user loads this malicious model, the external file is transparently read. This vulnerability leads to information...

5.5CVSS5.9AI score0.00127EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 12 hours ago•4 views

CVE-2026-54886

A flaw was found in the Erlang OTP ssh Secure Shell component, specifically within its SFTP SSH File Transfer Protocol module. An authenticated SFTP user can exploit this vulnerability by sending specially crafted extended data on an open channel. This action triggers an infinite loop in the...

6.5CVSS5.9AI score
Exploits0References8
RedhatCVE
RedhatCVE
•added 13 hours ago•5 views

CVE-2026-9563

A flaw was found in Eclipse Parsson. The JSON parser did not enforce a default maximum on the number of characters consumed while processing a single JSON document. A remote attacker could exploit this by providing a very large, specially crafted JSON document. This could force applications to...

7.5CVSS6AI score0.00366EPSS
Exploits0References8
RedhatCVE
RedhatCVE
•added 14 hours ago•7 views

CVE-2026-14544

A flaw was found in HPLIP HP Linux Imaging and Printing Software. This vulnerability, an incomplete fix for CVE-2026-8631, may allow a remote attacker to escalate privileges or achieve arbitrary code execution. This can occur through an integer overflow in the hpcups processing path when handling...

9.8CVSS6.2AI score
Exploits0References3
RedhatCVE
RedhatCVE
•added 14 hours ago•6 views

CVE-2026-58038

A flaw was found in the Wikimedia Foundation Timeline component. This cross-site scripting XSS vulnerability allows a remote attacker to inject malicious scripts into web pages. Successful exploitation could lead to significant impacts such as information disclosure, session hijacking, or...

3.7CVSS5.7AI score0.0024EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 15 hours ago•6 views

CVE-2026-54891

A flaw was found in Erlang's SSL Secure Sockets Layer component. A network-positioned attacker can exploit this vulnerability by injecting unauthenticated plaintext data into a client's TLS Transport Layer Security handshake. The client application may then process this injected data as if it wer...

6.3CVSS5.9AI score
Exploits0References8
RedhatCVE
RedhatCVE
•added 15 hours ago•5 views

CVE-2026-59102

A flaw was found in Forgejo. This stored cross-site scripting XSS vulnerability allows an authenticated attacker to execute malicious code in other users' web browsers. The flaw occurs when a user's full name, containing specially crafted HTML, is used in an Actions run description without proper...

5.4CVSS5.8AI score
Exploits0References2
RedhatCVE
RedhatCVE
•added 15 hours ago•4 views

CVE-2025-71385

A flaw was found in Netdata. A remote unauthenticated attacker could exploit a reflected Cross-Site Scripting XSS vulnerability in the api/v2/ilove.svg and api/v3/ilove.svg endpoints. By injecting malicious script into the love query parameter, an attacker could trick a victim into executing...

6.1CVSS6.2AI score
Exploits0References2
RedhatCVE
RedhatCVE
•added 15 hours ago•5 views

CVE-2026-20216

A flaw was found in ClamAV's InstallShield file format parser. An unauthenticated, remote attacker could exploit this vulnerability by submitting a specially crafted InstallShield file for scanning. This improper handling of temporary resources during file scanning could lead to the termination o...

7.5CVSS6AI score0.00389EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 19 hours ago•7 views

CVE-2026-54431

A flaw was found in liboauth2. The Demonstrating Proof-of-Possession DPoP verifier incorrectly accepts a malformed DPoP proof. This proof contains private key material in its JSON Web Key JWK header, which should be rejected according to RFC 9449. This vulnerability could allow an attacker to...

5.3CVSS5.8AI score
Exploits0References6
RedhatCVE
RedhatCVE
•added 19 hours ago•7 views

CVE-2026-54430

A flaw was found in liboauth2 in the oauth2josejwksawsalbresolve function. The AWS ALB JWT verifier reads the signer and kid fields from the unverified JWT header. When signer matches the configured ARN, kid is appended to the ALB base URL without path sanitization, and an HTTP GET request is...

5.8CVSS5.8AI score
Exploits0References6
RedhatCVE
RedhatCVE
•added yesterday•6 views

CVE-2026-54265

A flaw was found in Angular's @angular/compiler package. When a native DOM property requiring sanitization is bound using two-way binding syntax, the template compiler fails to apply the appropriate sanitizer. An attacker who controls the bound value can bypass Angular's built-in sanitization,...

6.1CVSS5.5AI score0.00195EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added yesterday•6 views

CVE-2026-53489

A flaw was found in containerd, an open-source container runtime. The Container Runtime Interface CRI plugin incorrectly restores container logs from a checkpoint image. This vulnerability, categorized as a Path Traversal CWE-61, allows an attacker to read arbitrary files on the host system by...

8.2CVSS5.9AI score0.00245EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added yesterday•5 views

CVE-2026-53358

A flaw was found in the Linux kernel's Bluetooth L2CAP Logical Link Control and Adaptation Protocol implementation. This vulnerability arises from an incorrect order of acquiring locks during channel cleanup, which could lead to a race condition. This issue could potentially cause instability or...

5.5CVSS5.8AI score
Exploits0References4
RedhatCVE
RedhatCVE
•added yesterday•5 views

CVE-2026-53357

A flaw was found in the Linux kernel's Bluetooth component. A Use-After-Free UAF vulnerability exists in the l2capsockcleanuplisten and l2capconndel functions. This flaw occurs due to a race condition during the cleanup of a listening socket and a concurrent Bluetooth HCI disconnect. An...

7CVSS5.8AI score
Exploits0References4
RedhatCVE
RedhatCVE
•added yesterday•5 views

CVE-2026-47692

A flaw was found in Envoy. The PROXY Protocol v2 header generator can emit data beyond the maximum allowed length, leading to a mismatch between the actual bytes sent and the length specified in the header. An attacker on an adjacent network could exploit this to smuggle bytes into upstream...

4.8CVSS5.6AI score0.00218EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added yesterday•6 views

CVE-2026-47221

A flaw was found in Envoy. An unauthenticated attacker can exploit a null pointer dereference vulnerability in the router filter. This occurs when handling HTTP 303 See Other internal redirects for body-less non-GET/HEAD requests. By sending a POST, PUT, DELETE, or PATCH request without a body to...

7.5CVSS5.6AI score0.00445EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added yesterday•5 views

CVE-2026-11769

A flaw was found in the Grafana Operator. This vulnerability allows a malicious user, who can create Dashboard or LibraryPanel resources for a Grafana instance, to exploit a path traversal issue within the jsonnet data templating language. This exploitation can lead to privilege escalation and...

8.8CVSS5.7AI score0.00361EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added yesterday•6 views

CVE-2026-48743

A flaw was found in Envoy, an open source edge and service proxy. This vulnerability occurs when Envoy translates an HTTP/3 request that is complete at the transport layer but still carries a nonzero Content-Length into an HTTP/1 request for an upstream server. If the upstream server responds...

7.5CVSS5.6AI score0.00298EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added yesterday•5 views

CVE-2026-48044

A flaw was found in Envoy, an open source edge and service proxy. A remote attacker can exploit this vulnerability by sending a specially crafted, highly compressed zstd payload to an Envoy proxy with zstd decompression enabled. This can lead to massive memory allocation, causing severe memory...

7.5CVSS5.7AI score0.00486EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added yesterday•5 views

CVE-2026-48042

A flaw was found in Envoy, an open-source edge and service proxy. A remote attacker could exploit this vulnerability by sending deeply nested JSON objects to the affected system. This could lead to a stack overflow during the destruction of JSON objects, resulting in a Denial of Service DoS for t...

7.5CVSS5.7AI score0.00557EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added yesterday•8 views

CVE-2026-47778

A flaw was found in Envoy, an open-source edge and service proxy. A remote attacker could exploit a structural flaw in the DefaultCertValidator::verifySubjectAltName function by presenting a specially crafted certificate. This certificate would contain a NUL byte within its DNS Subject Alternativ...

4.4CVSS5.6AI score0.00212EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added yesterday•7 views

CVE-2026-47204

A flaw was found in Envoy, an open source edge and service proxy. A remote attacker can exploit this vulnerability by sending a specially crafted Connect protocol request to a direct response route. This action causes the envoy.filters.http.grpcstats filter to crash, leading to a denial of servic...

7.5CVSS5.7AI score0.00448EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added yesterday•5 views

CVE-2026-48706

A flaw was found in Envoy, an open-source edge and service proxy. An attacker can exploit a heap write overflow vulnerability in Envoy's TCP StatsD sink by sending exceptionally long statistic names, such as those found in HTTP or gRPC request paths. This can lead to a denial-of-service, causing...

7.5CVSS5.9AI score0.0061EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added yesterday•6 views

CVE-2025-15666

A flaw was found in Assimp, the Open Asset Import Library. A local attacker could exploit a vulnerability where specially crafted model files could cause a heap-based buffer overflow. This issue, occurring in the SceneCombiner::Copy function, could allow an attacker to gain unauthorized access to...

6.1CVSS6AI score0.00123EPSS
Exploits0References8
RedhatCVE
RedhatCVE
•added yesterday•6 views

CVE-2026-55700

A flaw was found in pnpm, a package manager. A remote attacker could exploit a vulnerability in the pnpm stage download command by providing a specially crafted package manifest. This could allow the attacker to write files to arbitrary locations on the system, leading to unauthorized modificatio...

7.1CVSS6AI score0.00267EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added yesterday•8 views

CVE-2026-53492

A flaw was found in containerd, an open-source container runtime. The Container Runtime Interface CRI implementation, which allows Kubernetes to interact with container runtimes, improperly trusts Container Device Interface CDI annotations found within untrusted checkpoint image metadata during...

9.6CVSS5.9AI score0.00478EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added yesterday•6 views

CVE-2026-37106

A flaw was found in DokuWiki. A remote attacker can create an account through the registration function. This occurs when the DokuWiki instance is configured to allow self-registration, which is not the default setting. This could lead to the creation of unauthorized user accounts. Mitigation To...

9.8CVSS5.8AI score0.0051EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added yesterday•7 views

CVE-2026-11946

A flaw was found in open62541. An unauthenticated remote attacker can exploit a vulnerability in the GetEndpoints Discovery Service by sending a malformed request with an excessively long, unvalidated endpointUrl field. This can lead to the server buffering large amounts of data indefinitely,...

7.5CVSS5.8AI score
Exploits0References6
RedhatCVE
RedhatCVE
•added yesterday•5 views

CVE-2026-50195

A flaw was found in containerd, an open-source container runtime. The CRI Container Runtime Interface checkpoint import process fails to validate image references within a checkpoint image's configuration. An attacker with permissions to create pods can exploit this by using a specially crafted...

9.9CVSS6.4AI score0.00316EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added yesterday•5 views

CVE-2026-48853

A flaw was found in the grpc component of elixir-grpc. This vulnerability allows unauthenticated attackers to send specially crafted messages, leading to two critical outcomes. First, it can cause a Denial of Service DoS by crashing the Erlang virtual machine BEAM node. Second, under certain...

9.8CVSS7.5AI score0.00573EPSS
Exploits0References7
RedhatCVE
RedhatCVE
•added yesterday•5 views

CVE-2025-15646

A flaw was found in HTML::Gumbo, a Perl module used for parsing HTML. This vulnerability allows for information disclosure due to a type confusion error when processing HTML input containing a element. An attacker could exploit this by providing specially crafted HTML, leading to the disclosure o...

9.8CVSS5.8AI score0.00663EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added yesterday•5 views

CVE-2026-33592

A flaw was found in open62541. An unauthenticated remote attacker can exhaust server memory by sending an arbitrarily large string in the serverUris field of the FindServersRequest, which is part of the FindServers Discovery Service. The server buffers these large strings indefinitely, leading to...

7.5CVSS5.8AI score0.00388EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added yesterday•5 views

CVE-2026-47262

A flaw was found in containerd, an open-source container runtime. A remote attacker could exploit this vulnerability by providing a maliciously crafted image. When a container is created from this image, it leads to uncontrolled resource consumption and memory exhaustion, causing the containerd...

6.5CVSS5.8AI score0.00458EPSS
Exploits0References4
Total number of security vulnerabilities206304