Lucene search
K
RedhatcveRecent

206704 matches found

RedhatCVE
RedhatCVE
added yesterday3 views

CVE-2026-15685

A flaw was found in Ollama. This vulnerability allows remote attackers to create a denial-of-service DoS condition on affected installations. The issue occurs within the downloadBlob function due to improper validation of user-supplied data, which can lead to memory access beyond the bounds of an...

7.5CVSS6.9AI score0.00391EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added yesterday3 views

CVE-2026-62294

A flaw was found in Flameshot. A local unprivileged attacker could exploit a time-of-check to time-of-use TOCTOU race condition in the "Open With" feature. By pre-planting a symbolic link symlink in a predictable temporary path, the attacker could cause Flameshot to write screenshot data through...

5.1CVSS6AI score
Exploits0References2
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-12382

A flaw was found in the AAP Gateway Envoy proxy configuration. The non-mTLS route to EDA event streams does not remove the Subject HTTP header from client requests, despite the source code defining requestHeadersToRemove for this header. An unauthenticated remote attacker can inject a spoofed...

8.2CVSS6.2AI score
Exploits0References3
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-47159

A flaw was found in Vaultwarden, a Bitwarden-compatible server. A remote attacker could exploit a vulnerability in the Single Sign-On SSO discovery and pre-validation process. This flaw allows an attacker to enumerate SSO-enabled organizations and obtain a pre-validation token without verifying...

6.9CVSS6.1AI score0.00046EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-47164

A flaw was found in Vaultwarden, a Bitwarden-compatible server. The Single Sign-On SSO login process, when configured to automatically link sign-ups by email, failed to verify the email address for existing user accounts. This allowed a remote attacker, by controlling an Identity Provider IdP...

7.7CVSS6.1AI score0.00053EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-47160

A flaw was found in Vaultwarden. An unauthenticated remote attacker could exploit an IP validation bypass in the /icons/domain/icon.png endpoint. This vulnerability, known as Server-Side Request Forgery SSRF, allows the attacker to make the Vaultwarden server perform HTTP/HTTPS requests to...

5.8CVSS6.2AI score0.00048EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-47158

A flaw was found in Vaultwarden, a Bitwarden-compatible server. An unauthenticated attacker could exploit a vulnerability in the Single Sign-On SSO authorization flow. This flaw, caused by improper binding of the OAuth state parameter to the browser session and inadequate cleanup of SSO...

8.3CVSS6AI score0.00031EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added yesterday3 views

CVE-2026-59733

A flaw was found in Rclone. When using the rclone serve restic --private-repos command, an authenticated user can include directory traversal sequences e.g., .. in a request. This allows them to bypass authorization and read, overwrite, or delete another user's private repository on backends that...

8.8CVSS6.1AI score0.00523EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-48801

A flaw was found in linkify-it, a library for recognizing links with full Unicode support. The LinkifyIt.prototype.match function, the package's primary public API, has an algorithmic complexity of ON² for inputs containing many fuzzy links or emails. This can be exploited by a remote attacker...

8.7CVSS6AI score0.00445EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added yesterday6 views

CVE-2026-15747

A flaw was found in Mojolicious. This vulnerability exposes a stable representation of the session Cross-Site Request Forgery CSRF token to a BREACH compression oracle. When a web server response containing the token is gzip-compressed and also echoes attacker-controlled input, an attacker can us...

9.1CVSS6AI score0.00152EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added yesterday3 views

CVE-2026-13030

An uninitialized use flaw was found in the GPU component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=522840723...

5.3CVSS6AI score0.00186EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-46635

A flaw was found in Twig, a template language for PHP. An untrusted template author, with the column filter in their allowed filters, can exploit this vulnerability. The column filter incorrectly passes object arrays to PHP's arraycolumn function, which can read properties that are not restricted...

5.3CVSS6AI score0.00371EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-48808

A flaw was found in Twig, a template language for PHP. The column filter in Twig fails to properly forward the active sandbox state, specifically the current Source to the SandboxExtension::checkPropertyAllowed function. This oversight results in the loss of SourcePolicyInterface decisions,...

6CVSS6AI score0.0026EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added yesterday3 views

CVE-2026-48805

A flaw was found in Twig, a template language for PHP. Deprecated internal wrappers in the src/Resources/core.php file do not correctly forward the sandbox state. This allows legacy function calls, such as twigarraysome, to bypass security restrictions imposed by the sandbox. An attacker could...

5.3CVSS6AI score0.00276EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added yesterday3 views

CVE-2026-47730

A flaw was found in Twig, a template language for PHP. The HtmlDumper component, responsible for rendering profiler information, does not properly sanitize user-controlled template or profile names before including them in the HTML output. This vulnerability allows an attacker to inject malicious...

5.1CVSS6.2AI score0.00269EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-15779

A flaw was found in samba's pamwinbind. When mkhomedir is enabled, pamwinbind chowns the target account's home directory without validating the path is not a critical system directory such as /. On affected systems, accounts with / as their home directory a common default for system accounts can...

6.1CVSS6.1AI score
Exploits0References6
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-48806

A flaw was found in Twig, a template language for PHP. This vulnerability allows a remote attacker to bypass security restrictions by providing specially crafted input. Successful exploitation can lead to the disclosure of sensitive information and potentially allow for limited unauthorized data...

7.1CVSS6.1AI score0.00238EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added yesterday3 views

CVE-2026-46633

A flaw was found in Twig, a template language for PHP. This vulnerability occurs because the Compiler::string function does not properly escape single quotes when processing a template name from a % use % tag within a PHP single-quoted string literal. A remote attacker could craft a malicious...

9.8CVSS6.2AI score0.0052EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added yesterday3 views

CVE-2026-49981

A flaw was found in Twig, a template language for PHP. An attacker with low privileges could exploit a caching issue in the template sandboxing mechanism. This allows a sandboxed template to bypass its intended security policy, potentially leading to unauthorized information disclosure and limite...

6CVSS6.1AI score0.00414EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-53633

A flaw was found in Vitest Browser Mode, a component of the Vitest testing framework. The cdp API exposed raw Chrome DevTools Protocol CDP methods without proper security restrictions. This vulnerability allows a remote attacker, with access to browser API metadata, to leverage CDP functions like...

9.8CVSS6.2AI score0.00585EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added yesterday3 views

CVE-2026-46639

A flaw was found in Twig, a template language for PHP. An attacker with write access to a sandboxed Twig template can bypass security restrictions due to an issue in object-destructuring assignment. This allows them to read public properties or invoke public methods on objects, leading to...

7.1CVSS6AI score0.00354EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-47428

A flaw was found in Vitest, a testing framework. In Vitest Browser Mode, a remote attacker could craft a specific browser-runner URL that, when visited, would allow the execution of arbitrary JavaScript code within the Vitest server. This vulnerability could also lead to the recovery of the...

9.6CVSS6.3AI score0.00367EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added yesterday3 views

CVE-2026-49477

A flaw was found in soupsieve, a CSS selector library. This vulnerability allows a remote attacker to cause a Denial of Service DoS by supplying specially crafted, untrusted CSS selector strings. The flaw occurs due to a regular expression vulnerable to catastrophic backtracking when processing a...

7.5CVSS6.1AI score0.00601EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-47429

A flaw was found in Vitest, a testing framework. On Windows, the Vitest UI/API server incorrectly handled file serving, which could allow an attacker to read sensitive files outside the project directory. Additionally, exposed API features could be exploited to execute arbitrary scripts, leading ...

9.8CVSS6.2AI score0.01024EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added yesterday3 views

CVE-2026-46638

A flaw was found in Twig, a template language for PHP. A security vulnerability exists where a template included within a restricted sandbox environment can bypass security checks if it was previously loaded without these restrictions. This allows the template to execute unauthorized functions,...

6CVSS6.1AI score0.0026EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-46640

A flaw was found in Twig, a template language for PHP. An attacker with low privileges could exploit a vulnerability in the self. and import-alias dynamic attribute syntax. By concatenating a malicious string into a MacroReferenceExpression name without proper validation, the attacker can cause r...

8.7CVSS6.4AI score0.00335EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-48807

A flaw was found in Twig, a template language for PHP. The security sandbox, designed to restrict operations, does not properly handle certain values when processing templates. This oversight could allow an attacker to bypass security policies, potentially leading to the disclosure of sensitive...

7.1CVSS6AI score0.00235EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added yesterday3 views

CVE-2026-47732

A flaw was found in Twig, a template language for PHP. This vulnerability allows a sandboxed template author to bypass security policies by triggering PHP string coercion on specific language constructs. This can lead to information disclosure, as an attacker may be able to invoke toString on...

7.1CVSS6AI score0.00371EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-48125

A flaw was found in UAParser.js, a JavaScript library for detecting client information. A remote attacker can exploit this vulnerability by sending a specially crafted Sec-CH-UA-Model header when the application uses the Client Hints API. This can cause excessive CPU usage due to a regular...

5.3CVSS6AI score0.00371EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added yesterday6 views

CVE-2026-49476

A flaw was found in soupsieve, a CSS selector library used with Beautiful Soup 4. This vulnerability allows a remote attacker to cause a denial of service DoS by supplying a specially crafted CSS selector string. The parser allocates unbounded memory when compiling large, comma-separated selector...

7.5CVSS6.1AI score0.00601EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added yesterday7 views

CVE-2026-15809

A flaw was found in CRI-O. The fix for a previous vulnerability CVE-2022-4318 was incorrect, allowing it to be bypassed. An attacker capable of setting environment variables on a container can inject a newline character into the HOME environment variable. This issue allows the addition of arbitra...

7.8CVSS6.1AI score
Exploits0References5
RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-47736

A flaw was found in Puma, a Ruby/Rack web server. When PROXY protocol v1 support is enabled, a remote attacker can continuously send data without proper termination. This causes the server to consume an increasing amount of memory and CPU resources, leading to a Denial of Service DoS where the...

7.5CVSS6.1AI score0.0035EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added yesterday6 views

CVE-2026-49978

A flaw was found in DOMPurify, a tool designed to sanitize HTML, MathML, and SVG to prevent cross-site scripting XSS attacks. When performing in-place sanitization, DOMPurify could fail to properly process content within shadow DOM elements attached to a .content. This oversight allows an attacke...

8.1CVSS6.1AI score0.00388EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-47737

A flaw was found in Puma, a Ruby/Rack web server. When setremoteaddress proxyprotocol: :v1 is enabled and persistent connections are used, Puma incorrectly re-parses PROXY protocol headers after each keep-alive request on the same connection. This allows a remote attacker to inject a second PROXY...

7.5CVSS6.1AI score0.00177EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-49459

A flaw was found in DOMPurify, a library designed to sanitize HTML, MathML, and SVG to prevent cross-site scripting XSS attacks. A remote attacker could exploit a vulnerability in the DOMPurify.sanitize function when used with the INPLACE: true option. This flaw allows an attacker to bypass the...

6.1CVSS6.2AI score0.00254EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-49458

A flaw was found in DOMPurify, a tool designed to prevent cross-site scripting XSS attacks by sanitizing HTML, MathML, and SVG content. When processing certain types of web page elements, DOMPurify failed to properly identify and sanitize malicious code. This oversight could allow an attacker to...

6.1CVSS6.1AI score0.00288EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added yesterday6 views

CVE-2026-53486

A flaw was found in the decompress package for Node.js. A remote attacker can exploit this vulnerability by crafting a malicious archive. When the archive is extracted, it can create files and links outside the intended directory, leading to unauthorized reading or writing of files. This is due t...

9.1CVSS6.1AI score0.00588EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-47423

A flaw was found in DOMPurify, a DOM-only cross-site scripting XSS sanitizer. Due to the default allowance of selectedcontent, a remote attacker could craft a malicious payload that, after initial sanitization, could be re-cloned by browsers, leading to the execution of unsanitized markup. This...

8.2CVSS6.1AI score0.00278EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-10846

A flaw was found in ldns. When applications use ldns as a resolver over User Datagram Protocol UDP, it fails to properly match the query's destination address and port with the response's source address and port. Additionally, the query ID and question are not matched with the response. This...

8.2CVSS6.1AI score0.00147EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added yesterday10 views

CVE-2026-14251

A flaw was found in the OpenShift GitOps operator. The ClusterRole reconciler does not validate resource ownership when reconciling ClusterRole objects. A namespace-scoped Argo CD instance can trigger deletion of a ClusterRole owned by a cluster-scoped Argo CD instance by crafting a name collisio...

7.7CVSS6AI score0.00223EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-39244

A flaw was found in adm-zip. A remote attacker can exploit this vulnerability by providing a specially crafted ZIP file. The file's header can be manipulated to declare an extremely large uncompressed size, causing the application to allocate an excessive amount of memory. This excessive memory...

7.5CVSS6AI score0.00432EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2 days ago4 views

CVE-2026-50651

.NET Denial of Service Vulnerability - HTTP/2 SETTINGS/PING ACK flood causing OOM...

7.5CVSS6.1AI score0.00617EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2 days ago4 views

CVE-2026-14685

A flaw was found in HdrHistogram. A local attacker could exploit this vulnerability by manipulating the 'Count' argument within the recordValueWithCount function. This manipulation leads to a state issue, which could impact the integrity of data processing within the affected component. Mitigatio...

4.8CVSS5.8AI score0.00118EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2 days ago4 views

CVE-2026-15714

An out-of-bounds read vulnerability was found in libsoup's multipart processing subsystem. The flaw exists in the soupmultipartinputstreamreadheaders function inside soup-multipart-input-stream.c, which does not adequately restrict or validate the size of incoming multipart boundary strings. When...

6.5CVSS6.1AI score0.0039EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2 days ago4 views

CVE-2026-15713

A vulnerability was found in libsoup's HTTP/2 protocol implementation. The library fails to correctly release memory context blocks under specific stream termination conditions, such as when an HTTP/2 connection encounters window exhaustion or explicit stream resets. A remote, unauthenticated...

5.9CVSS6.1AI score0.00349EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2 days ago4 views

CVE-2026-15711

A vulnerability was found in libsoup's WebSocket frame parsing implementation. The library fails to validate length rules specified in RFC 6455 §5.5, which mandates that all WebSocket control frames e.g., PING, PONG, CLOSE contain a payload of 125 bytes or less. A remote, unauthenticated attacker...

7.5CVSS6AI score0.00431EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2 days ago6 views

CVE-2026-15709

A flaw was found in libsoup's WebSocket implementation when using the permessage-deflate extension. The extension's decompression loop inflate processes data in chunks without enforcing an upper boundary limit on the output buffer size. While libsoup limits the incoming compressed frame size via...

7.5CVSS6.1AI score0.00548EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2 days ago5 views

CVE-2026-15712

A heap buffer over-read vulnerability was discovered in libsoup's versions: libsoup 3.0 to 3.7.0 HTTP/2 connection tracking framework. When the library processes an HTTP/2 GOAWAY frame, it improperly handles the "Additional Debug Data" payload by assuming the data stream is a safely NUL-terminate...

5.9CVSS6.1AI score0.00498EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2 days ago4 views

CVE-2026-62641

A flaw was found in Roundcube Webmail. The TNEF Transport Neutral Encapsulation Format decoder, which handles winmail.dat files, is vulnerable to a denial of service. A remote attacker could send a specially crafted compressed-RTF Rich Text Format file, causing the decoder to consume excessive...

4.3CVSS6.1AI score0.00234EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2 days ago4 views

CVE-2026-54432

A flaw was found in Roundcube Webmail. This Stored Cross-Site Scripting XSS vulnerability arises from improper escaping of the attachment MIME type on the attachment-validation warning page. A remote attacker could exploit this by sending a specially crafted attachment, potentially leading to the...

4.7CVSS6.2AI score0.00206EPSS
Exploits0References2
Total number of security vulnerabilities206704