Lucene search
K
RedhatcveRecent

206286 matches found

RedhatCVE
RedhatCVE
•added 4 days ago•7 views

CVE-2026-12772

A flaw was found in BerriAI litellm. A remote attacker could exploit a vulnerability in the authenticateuser function within the PROXYADMIN database API Key Generator component. By performing a specific manipulation, an attacker can cause session expiration for users, leading to a denial of servi...

6.5CVSS6.5AI score0.00262EPSS
Exploits1References8
RedhatCVE
RedhatCVE
•added 4 days ago•8 views

CVE-2026-8461

A flaw was found in FFmpeg's libavcodec library. This out-of-bounds write vulnerability, specifically within the MagicYUV decoder, could allow a remote attacker to execute arbitrary code on the affected system. In other scenarios, it may lead to a denial-of-service, making the system unavailable...

8.8CVSS6.1AI score0.00477EPSS
Exploits3References5
RedhatCVE
RedhatCVE
•added 4 days ago•8 views

CVE-2025-71379

A flaw was found in vLLM. Multiple regular expression denial of service ReDoS vulnerabilities exist in versions greater than or equal to 0.6.3 and less than 0.9.0. An attacker can exploit this by submitting crafted input with nested or repeated structures to specific regex patterns within vLLM,...

7.5CVSS5.8AI score0.00321EPSS
Exploits1References5
RedhatCVE
RedhatCVE
•added 4 days ago•8 views

CVE-2026-49356

A flaw was found in @babel/core. This vulnerability allows an attacker, who controls the input source code and can read the output, to perform an arbitrary file read. By compiling maliciously crafted code containing a sourceMappingURL comment, the attacker can read any source map file from the...

3.6CVSS6AI score0.00116EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 4 days ago•8 views

CVE-2026-53632

A flaw was found in launch-editor. This component, used in Node.js to open files, can be tricked into accessing arbitrary paths, including Windows Universal Naming Convention UNC paths. When a malicious UNC path is opened, Windows automatically attempts NTLM authentication to a remote server...

5.5CVSS6AI score0.00322EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 4 days ago•6 views

CVE-2026-56340

A flaw was found in vLLM. This vulnerability allows a remote attacker to trigger crashes or resource exhaustion, leading to a denial of service DoS. By submitting specially crafted embedding requests with malformed tensor indices, when the prompt-embeds feature is enabled, an attacker could also...

8.8CVSS6.1AI score0.00352EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 4 days ago•10 views

CVE-2026-48712

A flaw was found in protobufjs. A remote attacker could exploit this by sending a crafted protobuf binary payload containing deeply nested 'Any' values. This uncontrolled recursion could exhaust the JavaScript call stack during conversion to JSON, leading to a Denial of Service DoS. Mitigation No...

7.5CVSS5.8AI score0.00324EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 4 days ago•11 views

CVE-2026-54282

A flaw was found in Starlette, a lightweight Asynchronous Server Gateway Interface ASGI framework. Prior to version 1.3.0, the HTTP request path was not properly validated when reconstructing the request.url. A remote attacker could craft a malicious HTTP request path that does not begin with a...

5.3CVSS5.8AI score0.00187EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 4 days ago•7 views

CVE-2026-54270

A flaw was found in protobufjs. This library compiles protobuf definitions into JavaScript JS functions. A remote attacker could send a specially crafted protobuf payload containing numerous unknown fields. This could cause the decoded message to retain substantially more memory than expected,...

5.3CVSS5.8AI score0.00293EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 4 days ago•9 views

CVE-2026-54269

A flaw was found in protobufjs, a JavaScript JS library for compiling protobuf definitions. A remote attacker could exploit this vulnerability by providing specially crafted protobuf definitions or message types that contain names colliding with internal protobufjs runtime helpers. This could lea...

5.3CVSS5.8AI score0.00238EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 4 days ago•7 views

CVE-2026-54233

A flaw was found in vLLM, an inference and serving engine for large language models LLMs. A remote attacker could exploit a vulnerability in the /v1/audio/transcriptions endpoint. By uploading a specially crafted compressed audio file, such as an OPUS file, the attacker could cause the system to...

6.5CVSS5.8AI score0.00243EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 4 days ago•8 views

CVE-2026-47155

A flaw was found in vLLM, an inference and serving engine for large language models LLMs. The revision pinning controls in vLLM do not consistently apply to all artifacts loaded for a model. This allows a deployment configured with specific revisions to still load dynamic code or other...

6.5CVSS5.8AI score0.00146EPSS
Exploits0References7
RedhatCVE
RedhatCVE
•added 4 days ago•7 views

CVE-2026-44022

A flaw was found in Docling, a tool for document processing. The LaTeX backend, responsible for handling commands like \includegraphics, \input, and \include, lacked proper validation for file paths. This vulnerability allows an attacker to craft a malicious LaTeX document containing path travers...

5.5CVSS5.9AI score0.00163EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 4 days ago•8 views

CVE-2026-53923

A flaw was found in vLLM. Integer truncation of tensor dimensions in vLLM's GGUF dequantize kernels leads to partial tensor processing. This results in the output tensor retaining previously used GPU memory, which, in multi-tenant inference deployments, can expose sensitive tensor data from other...

7.5CVSS5.7AI score0.00281EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 6 days ago•11 views

CVE-2026-57453

A security vulnerability exists in the Vim text editor. If a user opens a specially crafted ZIP file in Vim, it can trick the application into running hidden, harmful commands on their computer. This specific issue is only triggered if Vim relies on PowerShell to open the ZIP file...

7.3CVSS5.8AI score0.00137EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 6 days ago•8 views

CVE-2026-53228

A flaw was found in the Linux kernel's Simple Internet Transition SIT tunnel driver for IPv6. When processing network traffic with Generic Segmentation Offload GSO enabled, the driver may use a stale pointer to the inner IPv6 header after the socket buffer skb head has been reallocated. This can...

9.8CVSS5.8AI score0.00559EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 6 days ago•11 views

CVE-2026-53185

A flaw was found in the Linux kernel, specifically within the zram module. This vulnerability is a use-after-free error, where the system attempts to use a piece of memory after it has been freed. This occurs when the zrambvecwritepartial function allows an asynchronous read to write into a page...

7.8CVSS6AI score0.00099EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 6 days ago•11 views

CVE-2026-53171

A flaw was found in the Linux kernel's accel/ethosu driver. The dmalength function, responsible for calculating Direct Memory Access DMA region usage, contains several arithmetic issues. These issues, including potential underflows and overflows during calculations, can lead to an under-reporting...

8.8CVSS5.8AI score0.00137EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 6 days ago•10 views

CVE-2026-52975

A flaw was found in the Linux kernel's bonding 3ad module. This vulnerability is due to a data-race condition caused by improper Read-Copy-Update RCU implementation in the port-aggregator component. An attacker could potentially exploit this to cause system instability or unexpected behavior...

7.8CVSS5.8AI score0.00138EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added last week•8 views

CVE-2026-48930

A flaw was found in Node.js. This vulnerability in the TLS Transport Layer Security hostname handling allows embedded null characters in hostnames. This can lead to silent authority rebinding, potentially enabling an attacker to redirect network traffic to an unintended server and disclose...

9.8CVSS6AI score0.00405EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added last week•8 views

CVE-2026-48619

A flaw was found in Node.js. A malicious server can exploit the HTTP/2 client by sending an unlimited number of ORIGIN frames. This can lead to an Out of Memory error on the client, resulting in a denial of service. Mitigation Mitigation for this issue is either not available or the currently...

7.5CVSS5.9AI score0.00656EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added last week•9 views

CVE-2026-48935

A flaw was found in Node.js. The Permission API allows a local user to modify file metadata on paths that have been explicitly set as read-only. This can lead to unauthorized changes in file properties, impacting the integrity of the file system. Mitigation Mitigation for this issue is either not...

3.3CVSS5.6AI score0.00154EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added last week•7 views

CVE-2026-48934

A flaw was found in Node.js. An attacker can exploit a vulnerability in the Transport Layer Security TLS host verification process to bypass certification validation. This bypass could allow an attacker to intercept or alter communications, potentially leading to information disclosure or integri...

4.3CVSS5.6AI score0.00258EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added last week•8 views

CVE-2026-48928

A flaw was found in Node.js. An inconsistency in how Node.js matches hostnames can be exploited by a remote attacker in multi-context mTLS mutual Transport Layer Security setups. This vulnerability allows for a trust-policy bypass, potentially leading to unauthorized access to sensitive informati...

5.4CVSS5.7AI score0.00256EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added last week•7 views

CVE-2026-48615

A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs,...

7.5CVSS6.1AI score0.00437EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added last week•8 views

CVE-2026-48936

A flaw was found in Node.js. The Node.js Permission API can allow a local server to be started through a Unix domain socket, even when the --allow-net permission is not explicitly granted. This bypasses intended security restrictions, potentially leading to unintended local network exposure or...

3.3CVSS5.6AI score0.00154EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added last week•8 views

CVE-2026-48618

A flaw was found in Node.js. This flaw involves a mismatch in how Node.js handles TLS Transport Layer Security hostnames and unicode dot separators during authentication. This mismatch can lead to a wildcard-depth authentication bypass. An attacker could exploit this to bypass intended security...

7.7CVSS6.9AI score0.00674EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added last week•7 views

CVE-2026-48933

A flaw was found in the Node.js WebCrypto implementation. A remote attacker could exploit this vulnerability by providing an input to the subtle.encrypt function that is a multiple of 2 gigabytes GiB. This could lead to a denial of service DoS by crashing the Node.js process. Mitigation Mitigatio...

7.5CVSS7AI score0.02445EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added last week•8 views

CVE-2026-54905

A flaw was found in concurrent-ruby. The Concurrent::ReentrantReadWriteLock component can incorrectly grant a write lock to a thread while other threads still hold or can acquire read locks. This occurs when a thread acquires a read lock 32,768 times, causing an internal counter to incorrectly...

5.5CVSS5.6AI score0.00106EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added last week•8 views

CVE-2026-57234

A flaw was found in Nokogiri, an XML and HTML library for Ruby. The NONET parse option, intended to prevent external resource fetching, was not correctly enforced in the JRuby implementation of Nokogiri::XML::Schema. This oversight could allow a specially crafted XML schema to fetch external...

4.8CVSS5.6AI score0.00166EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added last week•8 views

CVE-2026-57437

A flaw was found in Nokogiri, an XML and HTML library for Ruby. This vulnerability occurs when an application directly constructs an XPathContext and allows its associated document to be garbage collected while the context is still in use. An attacker could potentially exploit this by causing the...

6.3CVSS5.6AI score0.00312EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added last week•8 views

CVE-2026-48090

A flaw was found in Envoy's HTTP OAuth2 filter. A use-after-free vulnerability exists where an in-flight async token exchange can remain attached to a downstream stream that has already been torn down, leading to undefined behavior, worker crashes, and denial of service. Mitigation Mitigation for...

5.9CVSS5.6AI score0.00579EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added last week•9 views

CVE-2026-47205

A flaw was found in Envoy's extauthz HTTP filter. A use-after-free vulnerability exists when processing per-route authorization overrides concurrently with rapid downstream client disconnects. This can lead to a segmentation fault and denial of service. Mitigation Mitigation for this issue is...

5.9CVSS5.6AI score0.00387EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added last week•8 views

CVE-2026-52987

A flaw was found in the Linux kernel. A double free vulnerability exists in the drm/amdgpu component within the userq validate function. This issue arises because the drmexecfini function is called twice on the same execution object, which is not designed to be idempotent. An attacker could...

7.8CVSS5.9AI score0.00131EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added last week•7 views

CVE-2026-52972

A flaw was found in the Linux kernel's afalg cryptography module. This vulnerability involves an arithmetic overflow when processing associated data lengths during the transmit buffer size check. A remote attacker could exploit this flaw by providing a specially crafted associated data length,...

7CVSS6AI score0.0014EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added last week•8 views

CVE-2026-47220

A flaw was found in Envoy. A remote attacker can exploit this vulnerability by sending a request with a missing host header when the %REQUESTEDSERVERNAMEX:Y% is used in the log format and host-related options, such as HOSTFIRST or SNIFIRST, are specified. This can lead to a crash of the Envoy...

7.5CVSS5.7AI score0.00665EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added last week•8 views

CVE-2026-46601

A flaw was found in the golang.org/x/image/webp library's WebP decoder. A remote attacker could exploit this vulnerability by providing a specially crafted WebP image containing a VP8 chunk with mismatched dimensions. This could cause the decoder to panic, leading to a denial of service DoS for...

7.5CVSS5.7AI score0.00339EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added last week•8 views

CVE-2026-52690

Spoofing replies to Recursor might mark an IP of an authoritative server as not supporting EDNS, causing valdiation of DNSSEC records served by that server to fail...

5.9CVSS5.8AI score0.00352EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added last week•7 views

CVE-2026-42390

An invalid zone might pass ZONEMD validation while it should not. This is only relevant if ZoneToCache is configured with ZONEMD validation...

5.3CVSS5.8AI score0.00213EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added last week•7 views

CVE-2026-40012

ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;...

5.3CVSS5.8AI score0.00305EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added last week•6 views

CVE-2026-42388

Incomplete validation of the SOA record present in a catalog zone might lead to a crash...

5.9CVSS5.8AI score0.004EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added last week•6 views

CVE-2026-42387

A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to a crash of the Recursor due to insuffcient input validation...

5.9CVSS5.7AI score0.004EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added last week•9 views

CVE-2026-53023

A flaw was found in the Linux kernel's NTFS3 file system driver. The ntfsfillsuper function, responsible for loading the volume label, did not properly null-terminate the converted UTF-8 label. This oversight could allow the ntfs3labelshow function to read beyond the allocated buffer when...

5.9AI score0.00172EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added last week•6 views

CVE-2026-42005

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...

4.3CVSS5.8AI score0.00479EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added last week•8 views

CVE-2026-40208

An attacker might be able to delay the processing of DoH3 queries by sending DoH3 GET queries with an invalid DATA frame...

3.7CVSS5.8AI score0.00285EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added last week•9 views

CVE-2026-53092

A flaw was found in the Linux kernel's Berkeley Packet Filter BPF subsystem. This vulnerability occurs due to incorrect delta tracking when source and destination registers are the same during register value adjustments. This can lead to a mismatch between the BPF verifier's analysis and the actu...

7.8CVSS5.7AI score0.00123EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added last week•8 views

CVE-2026-42389

This fix provides extra hardening for the 5.4.x branch by doing extra validation of incoming answers from authoritative servers...

5.3CVSS5.8AI score0.00175EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added last week•6 views

CVE-2026-42004

An attacker can send a crafted EDNS OPT record that will be ignored by DNSdist’s filtering rules, but will be rewritten as a valid OPT record when EDNS Client Subnet is inserted, causing the backend to see the EDNS options that DNSdist did not filter...

3.7CVSS5.8AI score0.00162EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added last week•6 views

CVE-2026-40011

An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be produced in the prometheus endpoint. The prometheus endpoint will then be rejected by the scraper until the dynamic block expires...

3.7CVSS5.7AI score0.00158EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added last week•7 views

CVE-2026-40211

An attacker can send crafted DNS over HTTP/3 queries, triggering an exception that prevents some buffer from being freed right away. The buffer will be freed at the end of the QUIC connection, but on some setups it might be possible to open enough concurrent DoH3 streams to trigger an out-of-memo...

5.3CVSS5.9AI score0.00413EPSS
Exploits0References2
Total number of security vulnerabilities206286