Lucene search
+L
RedhatcveRecent

206772 matches found

redhatcve
redhatcve
•added yesterday•5 views

CVE-2026-59197

A flaw was found in Pillow prior to 12.3.0. The public RankFilter API can trigger a native heap out-of-bounds write when given a very large odd filter size. ImageFilter.RankFilter.filter calls image.expandsize // 2, size // 2 before rank-filter size validation, and ImagingExpand computes output...

8.2CVSS6AI score0.00397EPSS
Exploits0References7
redhatcve
redhatcve
•added yesterday•7 views

CVE-2026-15945

A flaw was found in the group search functionality of the Keycloak server's administrative API. When Fine-Grained Admin Permissions FGAP v2 is enabled, a delegated administrator can bypass access restrictions to view parent groups they are not authorized to see. By searching for a child group the...

4.3CVSS6.1AI score
Exploits0References3
redhatcve
redhatcve
•added yesterday•5 views

CVE-2026-43731

A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger a use-after-free due to improper memory management, leading to memory corruption...

8.8CVSS6AI score0.00201EPSS
Exploits0References5
redhatcve
redhatcve
•added yesterday•4 views

CVE-2026-43745

A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger an out-of-bounds write due to improper input validation, resulting in an unexpected process crash...

6.5CVSS6AI score0.00297EPSS
Exploits0References5
redhatcve
redhatcve
•added yesterday•5 views

CVE-2026-43740

A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger a use-after-free due to improper memory handling, leading to disclosure of process memory...

6.5CVSS6AI score0.00203EPSS
Exploits0References5
redhatcve
redhatcve
•added yesterday•4 views

CVE-2026-43742

A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger a use-after-free due to improper memory management, resulting in an unexpected process crash...

6.5CVSS6AI score0.0025EPSS
Exploits0References5
redhatcve
redhatcve
•added yesterday•4 views

CVE-2026-43734

A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger a use-after-free due to improper memory management, resulting in an unexpected process crash...

6.5CVSS6AI score0.0024EPSS
Exploits0References5
redhatcve
redhatcve
•added yesterday•5 views

CVE-2026-43732

A flaw was found in WebKitGTK. Processing maliciously crafted web content can disclose sensitive user information due to a path handling issue that was addressed with improved validation...

6.5CVSS6AI score0.00255EPSS
Exploits0References5
redhatcve
redhatcve
•added yesterday•5 views

CVE-2026-43727

A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger a use-after-free due to improper memory management, resulting in an unexpected process crash...

6.5CVSS6AI score0.00196EPSS
Exploits0References5
redhatcve
redhatcve
•added yesterday•4 views

CVE-2026-43721

A flaw was found in WebKitGTK. A malicious website can silently hijack clipboard data due to improper state management...

6.5CVSS6AI score0.00245EPSS
Exploits0References5
redhatcve
redhatcve
•added yesterday•5 views

CVE-2026-43726

A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger a use-after-free due to improper memory management, resulting in an unexpected process crash...

6.5CVSS6AI score0.00189EPSS
Exploits0References5
redhatcve
redhatcve
•added yesterday•4 views

CVE-2026-43713

A flaw was found in WebKitGTK. Visiting a website can leak sensitive data due to a permissions issue that was addressed with additional restrictions...

6.5CVSS6AI score0.00312EPSS
Exploits0References5
redhatcve
redhatcve
•added yesterday•5 views

CVE-2026-43712

A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger an out-of-bounds write due to improper memory handling, resulting in an unexpected process crash...

6.5CVSS6AI score0.00202EPSS
Exploits0References5
redhatcve
redhatcve
•added yesterday•4 views

CVE-2026-43720

A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger a use-after-free due to improper memory management, resulting in an unexpected process crash...

6.5CVSS6AI score0.00289EPSS
Exploits0References5
redhatcve
redhatcve
•added yesterday•4 views

CVE-2026-43716

A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger a use-after-free due to improper memory handling, resulting in an unexpected process crash...

6.5CVSS6AI score0.00297EPSS
Exploits0References5
redhatcve
redhatcve
•added yesterday•5 views

CVE-2026-43707

A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger memory corruption due to improper memory handling, resulting in an unexpected process crash...

6.5CVSS6AI score0.00307EPSS
Exploits0References5
redhatcve
redhatcve
•added yesterday•4 views

CVE-2026-43676

A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger an out-of-bounds read due to improper bounds checking, resulting in an unexpected process crash...

6.5CVSS6AI score0.00257EPSS
Exploits0References5
redhatcve
redhatcve
•added yesterday•4 views

CVE-2026-43699

A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger a use-after-free due to improper memory management, resulting in an unexpected process crash...

6.5CVSS6AI score0.0024EPSS
Exploits0References5
redhatcve
redhatcve
•added yesterday•4 views

CVE-2026-43663

A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger a use-after-free due to improper memory handling, resulting in an unexpected process crash...

6.5CVSS6AI score0.00194EPSS
Exploits0References5
redhatcve
redhatcve
•added yesterday•4 views

CVE-2026-39872

A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger a use-after-free due to improper memory handling, resulting in an unexpected process crash...

6.5CVSS6AI score0.00194EPSS
Exploits0References5
redhatcve
redhatcve
•added yesterday•5 views

CVE-2026-43715

A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger a use-after-free due to improper memory management, leading to memory corruption...

8.8CVSS7AI score0.0036EPSS
Exploits0References5
redhatcve
redhatcve
•added yesterday•5 views

CVE-2026-43725

A flaw was found in WebKitGTK. A malicious website can process restricted web content outside the sandbox due to improper input validation, potentially allowing access to resources that should be restricted...

7.1CVSS7AI score0.00314EPSS
Exploits0References5
redhatcve
redhatcve
•added yesterday•4 views

CVE-2026-43701

A flaw was found in WebKitGTK. A malicious website can process restricted web content outside the sandbox due to improper checks, potentially allowing access to resources that should be restricted...

7.1CVSS6.9AI score0.00182EPSS
Exploits0References5
redhatcve
redhatcve
•added yesterday•5 views

CVE-2026-43705

A flaw was found in WebKitGTK. Processing maliciously crafted web content can trigger a type confusion due to improper checks, leading to memory corruption...

8.8CVSS6.9AI score0.00275EPSS
Exploits0References5
redhatcve
redhatcve
•added yesterday•9 views

CVE-2026-33382

A flaw in Grafana's API endpoints allows remote attackers to send excessively large request bodies without authentication. This exhausts server memory, resulting in a complete denial of service DoS. Mitigation Deploy a reverse proxy or API gateway e.g., Nginx in front of Grafana configured to...

7.5CVSS6.1AI score0.0038EPSS
Exploits0References4
redhatcve
redhatcve
•added yesterday•6 views

CVE-2026-59884

A flaw was found in pyasn1, a generic ASN.1 library for Python. The Basic Encoding Rules BER decoder, used by CER and DER codecs, processes long-form tags by accumulating continuation octets without an upper bound. A remote attacker can exploit this by providing a specially crafted input, leading...

7.5CVSS6.1AI score0.00354EPSS
Exploits0References6
redhatcve
redhatcve
•added yesterday•7 views

CVE-2026-8609

A flaw was found in Grafana. An unauthenticated attacker can repeatedly access the OAuth login route with unique values. This can lead to unbounded memory growth, eventually exhausting system memory and causing the Grafana instance to crash. This results in a denial of service for legitimate user...

7.5CVSS6.1AI score0.00397EPSS
Exploits0References4
redhatcve
redhatcve
•added yesterday•6 views

CVE-2026-5674

A flaw was found in PipeWire, a multimedia server. This vulnerability allows an attacker to escape sandboxed applications, such as Flatpak, by exploiting PipeWire's PulseAudio compatibility layer. An attacker with minimal permissions within a sandboxed environment can load a malicious library,...

8.8CVSS6.4AI score
Exploits0References3
redhatcve
redhatcve
•added yesterday•6 views

CVE-2026-30623

A flaw was found in LiteLLM. This vulnerability allows a remote attacker to execute arbitrary operating system commands on the host where LiteLLM is running. This is possible because the application's MCP server creation functionality processes JSON configurations that can include unvalidated...

9.8CVSS6.4AI score0.00322EPSS
Exploits0References6
redhatcve
redhatcve
•added yesterday•6 views

CVE-2026-38974

A flaw was found in Dulwich. The contrib/paramikovendor.py component is missing Secure Shell SSH host key verification. This vulnerability allows a remote attacker to impersonate a legitimate Git server. By doing so, the attacker could potentially intercept sensitive information or execute...

8.8CVSS6.3AI score0.00145EPSS
Exploits0References6
redhatcve
redhatcve
•added yesterday•5 views

CVE-2026-58659

A flaw was found in PyTorch Lightning. This vulnerability allows attackers to achieve remote code execution by crafting malicious checkpoint files. These files exploit a weakness in the loadstate function, which imports and executes attacker-controlled module names from checkpoint instantiator...

8.4CVSS6.4AI score0.00235EPSS
Exploits0References7
redhatcve
redhatcve
•added yesterday•5 views

CVE-2026-60082

A flaw was found in perl-DBI, a database interface for Perl. This vulnerability arises when the DBI library processes inconsistent data, specifically when a statement handle lacks fields but is associated with a non-empty data row. This inconsistency can cause the internal row-buffer to attempt...

9.1CVSS6AI score0.00653EPSS
Exploits0References6
redhatcve
redhatcve
•added yesterday•4 views

CVE-2026-60081

A flaw was found in DBI::ProfileData, a Perl module. This vulnerability allows an attacker to cause a Denial of Service DoS by providing a specially crafted input. The flaw exists because the software does not properly limit the path index when processing profile dump files, which can lead to...

7.5CVSS6.1AI score0.0063EPSS
Exploits0References6
redhatcve
redhatcve
•added yesterday•6 views

CVE-2026-15043

A flaw was found in DBI::SQL::Nano, a mini-SQL engine for Perl. This vulnerability occurs because the engine incorrectly evaluates SQL operators for text comparisons, specifically inverting the logic for "less than or equal to" and "greater than or equal to" operations. This can lead to...

9.8CVSS6.1AI score0.00513EPSS
Exploits0References5
redhatcve
redhatcve
•added yesterday•7 views

CVE-2026-15392

A flaw was found in DBD::File. The completetablename method, responsible for building absolute table file paths, does not verify if the file is a symbolic link. This oversight allows a local attacker to create a symbolic link within the data directory that points to an arbitrary file outside of t...

7.7CVSS6.1AI score0.00196EPSS
Exploits0References6
redhatcve
redhatcve
•added yesterday•6 views

CVE-2026-45363

A flaw was found in ruby-jwt, a Ruby implementation of the RFC 7519 OAuth JSON Web Token JWT standard. A remote attacker can exploit this vulnerability by crafting a malicious token that is accepted due to an empty key being used in the HMAC Hash-based Message Authentication Code digest calculati...

9.1CVSS6.1AI score0.00242EPSS
Exploits0References8
redhatcve
redhatcve
•added yesterday•4 views

CVE-2026-54058

A flaw was found in Pillow prior to 12.3.0. When an uncompressed McIdas AREA image is loaded from a filename through the mmap raw codec path, attacker-controlled header words can set a row stride smaller than the natural row width. Pixel access such as Image.tobytes, getpixel, convert, or save ca...

9.1CVSS6AI score0.00384EPSS
Exploits0References7
redhatcve
redhatcve
•added yesterday•5 views

CVE-2026-59199

A flaw was found in Pillow, a Python imaging library. A remote attacker could exploit a vulnerability in the library's image processing functions, specifically when handling image coordinates near certain limits. This flaw, a native heap out-of-bounds write, could lead to a denial of service DoS,...

7.5CVSS6AI score0.0039EPSS
Exploits1References7
redhatcve
redhatcve
•added yesterday•5 views

CVE-2026-59200

A flaw was found in Pillow, a Python imaging library. A remote attacker could exploit a vulnerability in the PdfParser.PdfStream.decode function when processing a crafted FlateDecode PDF stream. By providing a specially designed PDF file, the attacker could cause the application to exhaust...

7.5CVSS6AI score0.0035EPSS
Exploits0References7
redhatcve
redhatcve
•added yesterday•4 views

CVE-2026-8595

A flaw in Grafana allows authenticated 'Editor' users to inject malicious scripts into a table panel's field names. Viewing the compromised dashboard executes the script in the victim's browser, risking data theft or client-side attacks...

6.8CVSS6.1AI score0.00239EPSS
Exploits0References4
redhatcve
redhatcve
•added yesterday•4 views

CVE-2026-61863

A flaw was found in ImageMagick. When processing a Tagged Image File Format TIFF image, a small memory leak can occur if the TIFF encoder is unable to create a temporary file. This can lead to a gradual consumption of system memory, potentially impacting the availability of the application...

7.5CVSS6AI score0.00102EPSS
Exploits0References5
redhatcve
redhatcve
•added yesterday•4 views

CVE-2026-61872

A flaw was found in ImageMagick. A local user can exploit this vulnerability by supplying malformed tile geometry parameters to the TIFF encoder. This can cause a memory leak, preventing allocated memory from being released. The primary consequence is increased memory consumption, which may lead ...

2.5CVSS6AI score0.00096EPSS
Exploits0References5
redhatcve
redhatcve
•added yesterday•4 views

CVE-2026-61859

A flaw was found in ImageMagick. A local attacker with low privileges can exploit a policy bypass vulnerability in the -script operation due to missing security policy checks. This allows the attacker to read files from paths that are otherwise disallowed by the configured security policy, leadin...

4.8CVSS6AI score0.00131EPSS
Exploits0References5
redhatcve
redhatcve
•added yesterday•4 views

CVE-2026-61868

A flaw was found in ImageMagick. A remote attacker could exploit a memory leak in the YUV decoder when processing a specially crafted image file. Repeatedly triggering this flaw can lead to resource exhaustion, resulting in a denial of service for the application. Mitigation Do not process...

6.3CVSS6AI score0.00222EPSS
Exploits0References5
redhatcve
redhatcve
•added yesterday•4 views

CVE-2026-61871

A flaw was found in ImageMagick. A remote attacker could exploit a memory leak in the ICON decoder by providing a specially crafted ICON file. When the file is processed, a memory allocation failure occurs, leading to memory exhaustion. This can result in a denial of service DoS, making the...

6.3CVSS6AI score0.00232EPSS
Exploits0References5
redhatcve
redhatcve
•added yesterday•4 views

CVE-2026-61866

A flaw was found in ImageMagick. A memory leak vulnerability exists in the JNG JPEG Network Graphics encoder when the application fails to open a blob. A remote attacker could exploit this by providing specially crafted malformed JNG files, leading to resource exhaustion and a denial of service D...

7.5CVSS6AI score0.00187EPSS
Exploits0References5
redhatcve
redhatcve
•added yesterday•4 views

CVE-2026-61864

A flaw was found in ImageMagick. When processing image transformations to the log colorspace, a memory leak can occur if the operation fails. This vulnerability, which can be triggered by a local attacker without requiring special privileges or user interaction, may lead to a denial of service du...

2.9CVSS6AI score0.00102EPSS
Exploits0References5
redhatcve
redhatcve
•added yesterday•4 views

CVE-2026-61862

A flaw was found in ImageMagick. When a user displays an image profile using the identify command with debug output enabled, a vulnerability allows for information disclosure. This occurs due to an out-of-bounds read, where a single byte beyond the profile's boundary can be unintentionally printe...

2.9CVSS6AI score0.00105EPSS
Exploits0References5
redhatcve
redhatcve
•added yesterday•4 views

CVE-2026-61869

A flaw was found in ImageMagick. A memory leak in the Magick Image File Format MIFF encoder can occur when the software attempts to process an image and a memory allocation fails. This vulnerability allows an attacker to cause a denial of service DoS by exhausting system resources. Mitigation Do...

2.9CVSS6AI score0.00102EPSS
Exploits0References5
redhatcve
redhatcve
•added yesterday•4 views

CVE-2026-61860

A flaw was found in ImageMagick. This vulnerability, a use-after-free, occurs when the freetype library fails to initialize, causing the software to continue processing with freed memory. A remote attacker could exploit this during image processing, leading to a denial of service DoS condition,...

6.3CVSS6AI score0.00221EPSS
Exploits0References5
Total number of security vulnerabilities206772