Lucene search
K
RedhatcveRecent

206558 matches found

RedhatCVE
RedhatCVE
•added 3 hours ago•3 views

CVE-2026-53877

A flaw was found in Django. Instantiating django.contrib.gis.gdal.GDALRaster with a bytes object representing a raster file can trigger a heap buffer over-read in the vsibuffer property, reading roughly 32 bytes past the end of the allocated buffer. An attacker who can supply crafted raster data...

6.3CVSS6.1AI score0.00291EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 3 hours ago•3 views

CVE-2026-48588

A flaw was found in Django. When django.middleware.cache.UpdateCacheMiddleware or django.views.decorators.cache.cachepage is in use, responses that set a cookie are not excluded from caching if the request includes any cookie, even when that cookie is unrelated to the response for example, a...

5.3CVSS6.1AI score0.00378EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 3 hours ago•2 views

CVE-2026-53878

A flaw was found in Django. django.core.validators.DomainNameValidator accepted newline characters in domain name input. When applications use this validator outside Django form fields and include the validated value in HTTP response headers, a remote attacker could perform HTTP header injection...

6.1CVSS6.1AI score0.00217EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 3 hours ago•2 views

CVE-2026-58207

A flaw was found in NATS Server. A client with the ability to send account-scoped connection monitoring requests could crash the server. This is achieved by providing pagination offset and limit values that cause an arithmetic overflow, leading to a Denial of Service DoS. Mitigation Upstream...

7.7CVSS6AI score0.00548EPSS
Exploits0References8
RedhatCVE
RedhatCVE
•added 3 hours ago•2 views

CVE-2026-7492

A flaw was found in GitLab. Under certain conditions, an unauthenticated user could determine the existence of a private project. This information disclosure is possible due to improper authorization controls on cross-project reference pages. This vulnerability allows an attacker to gain sensitiv...

5.3CVSS6AI score0.00251EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 4 hours ago•2 views

CVE-2026-59929

A flaw was found in Mistune, a Python Markdown parser. The safeurl filter, intended to prevent malicious Uniform Resource Locators URLs, did not adequately block all potentially harmful schemes. This oversight allows an attacker to embed specially crafted URLs using legacy or chained schemes with...

6.1CVSS6.3AI score0.00191EPSS
Exploits1References6
RedhatCVE
RedhatCVE
•added 4 hours ago•3 views

CVE-2026-59262

A flaw was found in AFFiNE. This vulnerability allows an authenticated workspace member to bypass document read permissions by supplying arbitrary document Globally Unique Identifiers GUIDs to the histories GraphQL field. This can lead to information disclosure, enabling attackers to retrieve ful...

7.1CVSS6.1AI score0.00238EPSS
Exploits0References7
RedhatCVE
RedhatCVE
•added 4 hours ago•2 views

CVE-2026-55170

A flaw was found in OpenFGA, an authorization/permission engine. When using MySQL as the datastore, and authorization decisions depend on case-sensitive user strings, the system may incorrectly treat case-distinct values e.g., 'user:Alice' and 'user:alice' as equivalent. This can lead to improper...

5.4CVSS6AI score
Exploits0References8
RedhatCVE
RedhatCVE
•added 5 hours ago•2 views

CVE-2026-59938

A flaw was found in pypdf, a free and open-source pure-python PDF library. An attacker can exploit this vulnerability by crafting a malicious PDF file with image size values that are significantly larger than the actual embedded image data, causing pypdf to allocate large amounts of memory when...

6.9CVSS6AI score0.00329EPSS
Exploits0References7
RedhatCVE
RedhatCVE
•added 5 hours ago•2 views

CVE-2026-59937

A flaw was found in pypdf, a pure-python PDF library. A remote attacker could exploit this vulnerability by crafting a malicious PDF file containing repeated malformed cross-reference streams. This could cause the pypdf library to spend excessive time recovering broken cross-reference table...

7.5CVSS6AI score0.00301EPSS
Exploits0References7
RedhatCVE
RedhatCVE
•added 5 hours ago•2 views

CVE-2026-39822

A flaw was found in the os.Root functionality of Go on Unix systems. This vulnerability allows an attacker to bypass intended directory restrictions by crafting a path that ends with a symbolic link and a trailing slash. When a file is opened in os.Root with such a path, the symbolic link is...

7.8CVSS6AI score0.00181EPSS
Exploits0References7
RedhatCVE
RedhatCVE
•added 5 hours ago•2 views

CVE-2026-59923

A flaw was found in Mistune, a Python Markdown parser. This vulnerability allows an attacker to bypass URL protections by using specially crafted Markdown links or images containing percent-encoded javascript URIs. This can lead to the execution of arbitrary scripts in the rendered HTML,...

6.1CVSS6.2AI score0.00203EPSS
Exploits1References6
RedhatCVE
RedhatCVE
•added 5 hours ago•2 views

CVE-2026-59930

A flaw was found in Mistune, a Python Markdown parser. The table of contents toc plugin and TableOfContents directive generate heading identifiers IDs as predictable values e.g., tocN without properly processing the heading text. This allows an attacker to control content with a colliding ID, whi...

4.3CVSS6AI score0.00124EPSS
Exploits1References6
RedhatCVE
RedhatCVE
•added 6 hours ago•3 views

CVE-2026-59876

A flaw was found in protobufjs. The Text Format extension, responsible for compiling protobuf definitions into JavaScript functions, improperly parsed string-keyed map entries. This allowed a specially crafted map entry with the key proto to modify the prototype of the returned map object. An...

4.8CVSS6AI score0.00221EPSS
Exploits0References7
RedhatCVE
RedhatCVE
•added 6 hours ago•2 views

CVE-2026-59724

A flaw was found in Engine.IO. When Engine.IO servers have WebTransport enabled, a remote attacker can craft a session ID to resolve an inherited property of the clients object during WebTransport upgrade handling. This can lead to a TypeError, resulting in a denial of service DoS for the server...

7.5CVSS6.1AI score0.00339EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 6 hours ago•2 views

CVE-2026-59725

A flaw was found in Socket.IO, specifically within the Engine.IO protocol v4 polling transport. An unauthenticated attacker can exploit this vulnerability by sending invalid binary POST requests with a Content-Type of application/octet-stream. This improper handling of requests prevents the HTTP...

7.5CVSS6AI score0.00354EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 6 hours ago•3 views

CVE-2026-55693

Vim is an open source, command line text editor. Prior to 9.2.0653, the treecountwords function in src/spellfile.c fills in the word-count fields of a spell-file word trie by walking it iteratively with a depth counter. The counter is bounded only by the trie structure itself; it is never checked...

8.4CVSS6.1AI score0.00126EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 6 hours ago•3 views

CVE-2026-44545

A flaw was found in daphne. An unauthenticated remote attacker could exploit this vulnerability by sending arbitrarily large WebSocket messages or frames. This oversight in payload size handling can lead to excessive memory consumption, resulting in a denial of service DoS for the affected system...

7.5CVSS6AI score0.00328EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 7 hours ago•2 views

CVE-2026-59152

A flaw was found in the LangSmith Client SDK's TracingMiddleware. An attacker can send an HTTP request to a server running the TracingMiddleware, causing it to read an arbitrary file from its local filesystem. The contents of this file are then uploaded to LangSmith as a trace attachment. This...

5CVSS6.1AI score0.00174EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 7 hours ago•3 views

CVE-2026-15028

A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The issue occurs during the parsing of a PAX extended header containing a malformed SUN.holesdata sparse-file attribute. Successful exploitation cou...

3.9CVSS6.2AI score
Exploits0References5
RedhatCVE
RedhatCVE
•added 7 hours ago•2 views

CVE-2026-58374

A flaw was found in hostapd. An unauthenticated attacker within wireless range can send a specially crafted management frame during Wi-Fi 7 IEEE 802.11be Multi-Link Operation MLO association request processing. This crafted frame, containing a malformed Multi-Link Element or Per-STA Profile...

7.1CVSS6AI score0.00282EPSS
Exploits0References8
RedhatCVE
RedhatCVE
•added 7 hours ago•2 views

CVE-2026-53511

A flaw was found in calibre, an e-book manager. This vulnerability allows a remote attacker to execute unauthorized code on a user's system. By creating a specially crafted e-book file such as EPUB, OPF, or PDF with malicious metadata, an attacker can trigger the execution of arbitrary Python cod...

8.5CVSS6.4AI score0.00197EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 7 hours ago•4 views

CVE-2026-15187

A flaw was found in enquirer, a command-line prompt tool. A remote attacker could exploit a vulnerability in the Enquirer.set function by manipulating the question.name argument. This improper handling of object prototype attributes can lead to prototype pollution, allowing an attacker to modify...

5.3CVSS6.1AI score
Exploits0References10
RedhatCVE
RedhatCVE
•added 7 hours ago•2 views

CVE-2026-55689

OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, when OpenFGA is configured to use OIDC authentication authn.method=oidc, authn.oidc.issuer set but authn.oidc.audience is left unset, the JWT audience claim on incoming bearer tokens is not validated. As a result...

6.8CVSS6.1AI score
Exploits0References8
RedhatCVE
RedhatCVE
•added 7 hours ago•3 views

CVE-2026-15378

A flaw was found in the guardrails-detectors component. This vulnerability allows a remote attacker to perform a blind Server-Side Request Forgery SSRF by submitting a specially crafted XML Schema Definition XSD string. This can lead to unauthorized access to sensitive information, including...

9.3CVSS6.1AI score
Exploits0References3
RedhatCVE
RedhatCVE
•added 8 hours ago•2 views

CVE-2026-59935

A flaw was found in pypdf, a pure-python PDF library. A remote attacker can craft a malicious PDF file containing an unterminated inline image within the page content stream. When this crafted PDF is parsed, it can lead to an infinite loop, resulting in a denial of service DoS due to resource...

8.7CVSS6.1AI score0.00329EPSS
Exploits0References7
RedhatCVE
RedhatCVE
•added 8 hours ago•3 views

CVE-2026-38076

A flaw was found in jbig2dec. An integer overflow vulnerability in the jbig2arithiaidctxnew function allows a remote attacker to cause a Denial of Service DoS by providing a specially crafted input. This can lead to the affected system becoming unresponsive or crashing, disrupting its normal...

6.5CVSS6.1AI score
Exploits0References6
RedhatCVE
RedhatCVE
•added 8 hours ago•5 views

CVE-2026-58459

A flaw was found in gpsd, a service application that monitors one or more GPSes or AIS receivers. The gpsprof utility is vulnerable to a command injection. An attacker who can control the GPS device subtype value can embed malicious commands within the gnuplot plot title. When a user processes a...

8.4CVSS6.4AI score
Exploits0References8
RedhatCVE
RedhatCVE
•added 8 hours ago•2 views

CVE-2026-40898

A flaw was found in quic-go, an implementation of the QUIC protocol in Go. A remote attacker can exploit this by sending specially crafted HTTP/3 trailer fields. This can cause the system to allocate excessive memory, leading to a denial-of-service DoS condition where the affected server or clien...

7.5CVSS6AI score0.00279EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 9 hours ago•2 views

CVE-2026-10879

A flaw was found in perl-DBI. A heap overflow vulnerability exists when preparsing SQL statements with more than 9 binders. The preparse method incorrectly allocates buffer space for SQL placeholder characters, leading to an overflow when processing binders with two or more digits. This can resul...

9.8CVSS6.3AI score0.00413EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 9 hours ago•2 views

CVE-2026-44512

A flaw was found in Open Neural Network Exchange ONNX, an open standard for machine learning interoperability. This vulnerability allows a remote attacker to cause an unrecoverable denial of service DoS by providing a specially crafted untrusted model. The flaw occurs when the...

6.5CVSS6.1AI score0.0017EPSS
Exploits0References7
RedhatCVE
RedhatCVE
•added 9 hours ago•3 views

CVE-2026-47240

A flaw was found in Net::IMAP, a Ruby library that provides Internet Message Access Protocol IMAP client functionality. This vulnerability allows a remote attacker to inject arbitrary IMAP commands. This is possible when an IMAP server does not support non-synchronizing literals, leading to the...

6.1CVSS6.2AI score0.00491EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 9 hours ago•2 views

CVE-2026-54528

A flaw was found in JupyterLab Git, a Git extension for JupyterLab. This vulnerability allows an authenticated user on a case-insensitive filesystem to bypass administrator-configured excluded paths by varying the case of the URL path segment. This bypass enables the user to read file content, vi...

7.1CVSS6AI score0.00285EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added yesterday•3 views

CVE-2026-59874

A flaw was found in node-tar, a tar archive manipulation library for Node.js. A remote attacker could exploit this vulnerability by providing a specially crafted tar archive with a negative entry size in its header. This malformed header causes the archive scanner to enter an infinite loop,...

8.7CVSS5.8AI score0.00291EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added yesterday•2 views

CVE-2026-59875

A flaw was found in node-tar, a library for manipulating tar archives in Node.js. A remote attacker could craft a malicious archive containing null characters NUL bytes in its metadata. When this archive is processed, the unstripped null characters can cause the application to terminate...

5.3CVSS5.9AI score0.00291EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added yesterday•2 views

CVE-2026-59873

A flaw was found in node-tar, a tar archive manipulation library for Node.js. This vulnerability allows a remote attacker to craft a small gzip bomb, which, when processed, can lead to the exhaustion of disk space and CPU resources. This occurs because node-tar does not enforce strict limits on t...

9.2CVSS5.8AI score0.00291EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added yesterday•3 views

CVE-2026-59871

A flaw was found in node-tar, a library for manipulating tar archives in Node.js. This vulnerability occurs when the library incorrectly converts specific archive path values into numbers, leading to an error during subsequent path processing. An attacker could exploit this to cause the applicati...

5.3CVSS5.9AI score0.00291EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added yesterday•3 views

CVE-2026-39197

A flaw was found in Vector. A remote attacker could send a specially crafted compressed request to Vector's HTTP ingest sources, causing unbounded memory allocation during decompression and leading to a Denial of Service DoS. Mitigation Restrict network access to Vector's HTTP and gRPC ingest...

7.5CVSS6AI score0.00289EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added yesterday•2 views

CVE-2026-59939

A flaw was found in httplib2, a Python HTTP client library. This vulnerability allows a malicious or compromised HTTP server to send a small compressed data payload that, when decompressed by httplib2, expands to an extremely large size in memory. This unbounded decompression can lead to a Denial...

7.5CVSS5.8AI score0.00339EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added yesterday•4 views

CVE-2026-12590

A flaw was found in body-parser. When the parser is configured with an invalid limit option, such as an unparseable string or a non-numeric value, the request body size check is bypassed. This allows a remote attacker to send arbitrarily large payloads, consuming excessive memory and CPU resource...

5.9CVSS5.9AI score
Exploits0References5
RedhatCVE
RedhatCVE
•added yesterday•4 views

CVE-2026-53655

A flaw was found in node-tar. This vulnerability arises because node-tar incorrectly applies PAX extended header size records to subsequent intermediary metadata headers, leading to a desynchronization of the tar stream cursor compared to other standard tar implementations. A remote attacker coul...

6.9CVSS5.9AI score0.00107EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added yesterday•4 views

CVE-2026-15308

A flaw was found in Python. Its incremental HTML parser can be exploited by a remote attacker. By sending specially crafted, uncontrolled data with repeated, incomplete markup declarations, the attacker can cause the system to consume excessive central processing unit CPU resources. This leads to...

8.7CVSS5.8AI score
Exploits0References10
RedhatCVE
RedhatCVE
•added yesterday•4 views

CVE-2026-56362

A heap-buffer-overflow read in ImageMagick's OpenPixelCache occurs when image channel metadata updates before memory allocation. Attackers can trigger this via memory and disk allocation failures to disclose sensitive information. Mitigation Isolate ImageMagick tasks by running them inside...

8.1CVSS5.8AI score0.00195EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added yesterday•4 views

CVE-2026-56374

A heap buffer overflow vulnerability exists in ImageMagick and Magick.NET's FTXT encoder due to missing boundary checks for the ftxt:format parameter. A remote attacker could exploit this using a specially crafted FTXT image to cause a denial of service or disclose sensitive information. Mitigati...

7.1CVSS6.1AI score0.00148EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added yesterday•5 views

CVE-2026-45409

A flaw was found in the idna library, which handles Internationalized Domain Names in Python applications. A remote attacker could exploit this vulnerability by sending specially crafted, excessively long inputs to the library's encoding function. This could cause the system to consume significan...

6.9CVSS6.4AI score0.00408EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added yesterday•4 views

CVE-2026-58471

A flaw was found in GNU Wget. A remote attacker can exploit a heap buffer overflow vulnerability in the convertfname function. This occurs when processing a server-supplied filename that requires character set conversion, leading to memory corruption due to incorrect buffer reallocation. This can...

7.1CVSS6.2AI score0.00217EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added yesterday•5 views

CVE-2026-35188

A flaw was found in OpenSSL. A malicious server can exploit the TLS Online Certificate Status Protocol OCSP stapling feature by sending a specially crafted response. This can trigger a double-free vulnerability in the client's certificate verification process, potentially leading to a Denial of...

5.9CVSS7.2AI score0.00245EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added yesterday•5 views

CVE-2026-59926

A flaw was found in Mistune, a Python Markdown parser. The renderadmonition function in the Admonition directive concatenates user-controlled input into the HTML class attribute without proper escaping. This vulnerability allows for attribute injection and Cross-Site Scripting XSS attacks, even...

6.1CVSS6.3AI score0.00333EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added yesterday•4 views

CVE-2026-58203

A flaw was found in the pydantic-settings component. When configured to handle nested secrets, this vulnerability allows an attacker to read sensitive files from outside the designated secrets directory. By placing a specially crafted symbolic link within the secrets directory, an attacker can...

5.3CVSS5.9AI score0.00125EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added yesterday•4 views

CVE-2026-42505

A flaw was found in the crypto/tls package in Go. Handshakes utilizing Encrypted Client Hello ECH could lead to de-anonymization by a passive network observer. This is due to the disclosure of pre-shared key identities within the unencrypted client hello, allowing an attacker to potentially link...

5.3CVSS5.8AI score0.00419EPSS
Exploits0References7
Total number of security vulnerabilities206558