Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-40912

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-30 Apr, 2026 | 20:38
Updated At-30 Jun, 2026 | 12:08
Rejected At-
Credits

Traefik: StripPrefixRegex auth bypass via Path/RawPath desync

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's StripPrefixRegex middleware when used in combination with ForwardAuth, BasicAuth, or DigestAuth. The middleware matches the regex against the decoded URL path but uses the resulting byte length to slice the percent-encoded raw path. When a dot (or multiple dots) appears in the prefix portion of the URL, the raw path after stripping becomes a dot-segment (e.g. /./admin/secret). ForwardAuth receives this dot-segment path in X-Forwarded-Uri, which does not match the protected path patterns and therefore allows the request through. The backend then normalizes the dot-segment to the real path per RFC 3986 and serves the protected content An unauthenticated attacker can exploit this against any backend that performs dot-segment normalization. This issue has been patched in versions 2.11.43, 3.6.14, and 3.7.0-rc.2.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–ĽCommon Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:30 Apr, 2026 | 20:38
Updated At:30 Jun, 2026 | 12:08
Rejected At:
â–ĽCVE Numbering Authority (CNA)
Traefik: StripPrefixRegex auth bypass via Path/RawPath desync

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's StripPrefixRegex middleware when used in combination with ForwardAuth, BasicAuth, or DigestAuth. The middleware matches the regex against the decoded URL path but uses the resulting byte length to slice the percent-encoded raw path. When a dot (or multiple dots) appears in the prefix portion of the URL, the raw path after stripping becomes a dot-segment (e.g. /./admin/secret). ForwardAuth receives this dot-segment path in X-Forwarded-Uri, which does not match the protected path patterns and therefore allows the request through. The backend then normalizes the dot-segment to the real path per RFC 3986 and serves the protected content An unauthenticated attacker can exploit this against any backend that performs dot-segment normalization. This issue has been patched in versions 2.11.43, 3.6.14, and 3.7.0-rc.2.

Affected Products
Vendor
traefik
Product
traefik
Versions
Affected
  • < 2.11.43
  • >= 3.0.0-beta1, < 3.6.14
  • >= 3.7.0-ea.1, < 3.7.0-rc.2
Problem Types
TypeCWE IDDescription
CWECWE-706CWE-706: Use of Incorrectly-Resolved Name or Reference
Type: CWE
CWE ID: CWE-706
Description: CWE-706: Use of Incorrectly-Resolved Name or Reference
Metrics
VersionBase scoreBase severityVector
4.07.8HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
Version: 4.0
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/traefik/traefik/security/advisories/GHSA-6jwx-7vp4-9847
x_refsource_CONFIRM
https://github.com/traefik/traefik/releases/tag/v2.11.43
x_refsource_MISC
https://github.com/traefik/traefik/releases/tag/v3.6.14
x_refsource_MISC
https://github.com/traefik/traefik/releases/tag/v3.7.0-rc.2
x_refsource_MISC
Hyperlink: https://github.com/traefik/traefik/security/advisories/GHSA-6jwx-7vp4-9847
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/traefik/traefik/releases/tag/v2.11.43
Resource:
x_refsource_MISC
Hyperlink: https://github.com/traefik/traefik/releases/tag/v3.6.14
Resource:
x_refsource_MISC
Hyperlink: https://github.com/traefik/traefik/releases/tag/v3.7.0-rc.2
Resource:
x_refsource_MISC
â–ĽAuthorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
2. github.com/traefik/traefik: Traefik: Authentication bypass via crafted URL dot-segments in StripPrefixRegex middleware

A flaw was found in Traefik, an HTTP reverse proxy and load balancer. This authentication bypass vulnerability allows an unauthenticated attacker to access protected content. The flaw occurs when the StripPrefixRegex middleware is used with authentication mechanisms such as ForwardAuth, BasicAuth, or DigestAuth. By crafting a specific URL with dot-segments, an attacker can bypass authentication checks and gain unauthorized access to sensitive resources.

Affected Products
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Dev Spaces 3.28
CPEs
  • cpe:/a:redhat:openshift_devspaces:3.28::el9
Default Status
affected
Problem Types
TypeCWE IDDescription
CWECWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Type: CWE
CWE ID: CWE-22
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Metrics
VersionBase scoreBase severityVector
3.18.6HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Version: 3.1
Base score: 8.6
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Metrics Other Info
Red Hat severity rating
value:
Important
namespace:
https://access.redhat.com/security/updates/classification/
Impacts
CAPEC IDDescription
Solutions

RHSA-2026:21772: Red Hat OpenShift Dev Spaces 3.28

Configurations

Workarounds

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

Exploits

Credits

Timeline
EventDate
Reported to Red Hat.2026-04-30 21:01:06
Made public.2026-04-30 20:38:21
Event: Reported to Red Hat.
Date: 2026-04-30 21:01:06
Event: Made public.
Date: 2026-04-30 20:38:21
Replaced By

Rejected Reason

References
HyperlinkResource
https://access.redhat.com/security/cve/CVE-2026-40912
vdb-entry
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2464229
issue-tracking
x_refsource_REDHAT
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40912.json
x_sadp-csaf-vex
https://access.redhat.com/errata/RHSA-2026:21772
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-40912
Resource:
vdb-entry
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2464229
Resource:
issue-tracking
x_refsource_REDHAT
Hyperlink: https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40912.json
Resource:
x_sadp-csaf-vex
Hyperlink: https://access.redhat.com/errata/RHSA-2026:21772
Resource:
vendor-advisory
x_refsource_REDHAT
Information is not available yet
â–ĽNational Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:30 Apr, 2026 | 21:16
Updated At:30 Jun, 2026 | 03:19

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's StripPrefixRegex middleware when used in combination with ForwardAuth, BasicAuth, or DigestAuth. The middleware matches the regex against the decoded URL path but uses the resulting byte length to slice the percent-encoded raw path. When a dot (or multiple dots) appears in the prefix portion of the URL, the raw path after stripping becomes a dot-segment (e.g. /./admin/secret). ForwardAuth receives this dot-segment path in X-Forwarded-Uri, which does not match the protected path patterns and therefore allows the request through. The backend then normalizes the dot-segment to the real path per RFC 3986 and serves the protected content An unauthenticated attacker can exploit this against any backend that performs dot-segment normalization. This issue has been patched in versions 2.11.43, 3.6.14, and 3.7.0-rc.2.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.07.8HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.18.2HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Secondary3.18.6HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
N/A
Type: Secondary
Version: 4.0
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 8.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 8.6
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

traefik
traefik
>>traefik>>Versions before 2.11.43(exclusive)
cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*
traefik
traefik
>>traefik>>Versions from 3.0.0(inclusive) to 3.6.14(exclusive)
cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*
traefik
traefik
>>traefik>>3.7.0
cpe:2.3:a:traefik:traefik:3.7.0:ea1:*:*:*:*:*:*
traefik
traefik
>>traefik>>3.7.0
cpe:2.3:a:traefik:traefik:3.7.0:ea2:*:*:*:*:*:*
traefik
traefik
>>traefik>>3.7.0
cpe:2.3:a:traefik:traefik:3.7.0:ea3:*:*:*:*:*:*
traefik
traefik
>>traefik>>3.7.0
cpe:2.3:a:traefik:traefik:3.7.0:rc1:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-706Primarysecurity-advisories@github.com
CWE-22Secondary0b0ca135-0b70-47e7-9f44-1890c2a1c46c
CWE ID: CWE-706
Type: Primary
Source: security-advisories@github.com
CWE ID: CWE-22
Type: Secondary
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/traefik/traefik/releases/tag/v2.11.43security-advisories@github.com
Product
Release Notes
https://github.com/traefik/traefik/releases/tag/v3.6.14security-advisories@github.com
Product
Release Notes
https://github.com/traefik/traefik/releases/tag/v3.7.0-rc.2security-advisories@github.com
Product
Release Notes
https://github.com/traefik/traefik/security/advisories/GHSA-6jwx-7vp4-9847security-advisories@github.com
Exploit
Patch
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:217720b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
https://access.redhat.com/security/cve/CVE-2026-409120b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=24642290b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40912.json0b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
Hyperlink: https://github.com/traefik/traefik/releases/tag/v2.11.43
Source: security-advisories@github.com
Resource:
Product
Release Notes
Hyperlink: https://github.com/traefik/traefik/releases/tag/v3.6.14
Source: security-advisories@github.com
Resource:
Product
Release Notes
Hyperlink: https://github.com/traefik/traefik/releases/tag/v3.7.0-rc.2
Source: security-advisories@github.com
Resource:
Product
Release Notes
Hyperlink: https://github.com/traefik/traefik/security/advisories/GHSA-6jwx-7vp4-9847
Source: security-advisories@github.com
Resource:
Exploit
Patch
Vendor Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2026:21772
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-40912
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2464229
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A
Hyperlink: https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40912.json
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

175Records found

CVE-2026-40982
Matching Score-10
Assigner-VMware by Broadcom
ShareView Details
Matching Score-10
Assigner-VMware by Broadcom
CVSS Score-9.1||CRITICAL
EPSS-0.73% / 49.64%
||
7 Day CHG-0.07%
Published-07 May, 2026 | 03:49
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 (inclusive); upgrade to 3.1.14 or greater (Enterprise Support Only). Spring Cloud Config 4.1.x: affected from 4.1.0 through 4.1.9 (inclusive); upgrade to 4.1.10 or greater (Enterprise Support Only). Spring Cloud Config 4.2.x: affected from 4.2.0 through 4.2.6 (inclusive); upgrade to 4.2.7 or greater (Enterprise Support Only). Spring Cloud Config 4.3.x: affected from 4.3.0 through 4.3.2 (inclusive); upgrade to 4.3.3 or greater. Spring Cloud Config 5.0.x: affected from 5.0.0 through 5.0.2 (inclusive); upgrade to 5.0.3 or greater.

Action-Not Available
Vendor-VMware (Broadcom Inc.)Red Hat, Inc.
Product-spring_cloud_configSpring Cloud ConfigRed Hat Enterprise Linux 8Red Hat JBoss Enterprise Application Platform Expansion Pack
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-27489
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.59% / 44.03%
||
7 Day CHG+0.07%
Published-01 Apr, 2026 | 17:33
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ONNX: Path Traversal via Symlink

Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, a path traversal vulnerability via symlink allows to read arbitrary files outside model or user-provided directory. This issue has been patched in version 1.21.0.

Action-Not Available
Vendor-onnxThe Linux FoundationRed Hat, Inc.
Product-onnxonnxRed Hat OpenShift AI 2.25Red Hat OpenShift AI (RHOAI)
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-23
Relative Path Traversal
CWE ID-CWE-61
UNIX Symbolic Link (Symlink) Following
CVE-2026-25965
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-0.67% / 47.50%
||
7 Day CHG-0.08%
Published-24 Feb, 2026 | 01:20
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ImageMagick's policy bypass through path traversal allows reading restricted content despite secured policy

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick’s path security policy is enforced on the raw filename string before the filesystem resolves it. As a result, a policy rule such as /etc/* can be bypassed by a path traversal. The OS resolves the traversal and opens the sensitive file, but the policy matcher only sees the unnormalized path and therefore allows the read. This enables local file disclosure (LFI) even when policy-secure.xml is applied. Actions to prevent reading from files have been taken in versions .7.1.2-15 and 6.9.13-40 But it make sure writing is also not possible the following should be added to one's policy. This will also be included in ImageMagick's more secure policies by default.

Action-Not Available
Vendor-ImageMagick Studio LLCRed Hat, Inc.
Product-imagemagickImageMagickRed Hat Enterprise Linux Server Optional (v. 7 ELS)Red Hat Enterprise Linux Server (v. 7 ELS)Red Hat Enterprise Linux 6
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-68428
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-9.2||CRITICAL
EPSS-2.06% / 78.98%
||
7 Day CHG+0.78%
Published-05 Jan, 2026 | 21:43
Updated-30 Jun, 2026 | 12:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
jsPDF has Local File Inclusion/Path Traversal vulnerability

jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.0.0, user control of the first argument of the loadFile method in the node.js build allows local file inclusion/path traversal. If given the possibility to pass unsanitized paths to the loadFile method, a user can retrieve file contents of arbitrary files in the local file system the node process is running in. The file contents are included verbatim in the generated PDFs. Other affected methods are `addImage`, `html`, and `addFont`. Only the node.js builds of the library are affected, namely the `dist/jspdf.node.js` and `dist/jspdf.node.min.js` files. The vulnerability has been fixed in jsPDF@4.0.0. This version restricts file system access per default. This semver-major update does not introduce other breaking changes. Some workarounds areavailable. With recent node versions, jsPDF recommends using the `--permission` flag in production. The feature was introduced experimentally in v20.0.0 and is stable since v22.13.0/v23.5.0/v24.0.0. For older node versions, sanitize user-provided paths before passing them to jsPDF.

Action-Not Available
Vendor-parallparallaxRed Hat, Inc.
Product-jspdfjsPDFRed Hat Advanced Cluster Security for Kubernetes 4.8Red Hat Advanced Cluster Security 4Red Hat Advanced Cluster Security for Kubernetes 4.9
CWE ID-CWE-35
Path Traversal: '.../...//'
CWE ID-CWE-73
External Control of File Name or Path
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-54762
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.36% / 28.06%
||
7 Day CHG+0.18%
Published-23 Jun, 2026 | 19:17
Updated-26 Jun, 2026 | 16:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Traefik Kubernetes Ingress NGINX provider fails open when auth-secret resolution fails

Traefik is an HTTP reverse proxy and load balancer. From 3.7.0-ea.1 until 3.7.5, there is a medium severity vulnerability in Traefik's Kubernetes Ingress NGINX provider that causes affected routes to fail open. When an Ingress explicitly enables BasicAuth or DigestAuth through the supported nginx.ingress.kubernetes.io/auth-type and auth-secret annotations, but the referenced auth Secret cannot be resolved or parsed, Traefik logs the resolution error, skips installing the authentication middleware, and still emits a router to the backend service. A route that operators intended to protect is therefore published to the data plane without its authentication control, allowing unauthenticated access to the backend. The trigger is an invalid or unresolved auth dependency — a missing, malformed, unreadable, or policy-denied Secret — rather than an intentionally unprotected route. This vulnerability is fixed in 3.7.5.

Action-Not Available
Vendor-traefiktraefik
Product-traefiktraefik
CWE ID-CWE-636
Not Failing Securely ('Failing Open')
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2026-5367
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.6||HIGH
EPSS-0.87% / 54.32%
||
7 Day CHG~0.00%
Published-24 Apr, 2026 | 12:25
Updated-30 Jun, 2026 | 12:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ovn: ovn: information disclosure via crafted dhcpv6 packets

A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds of a packet. This out-of-bounds read can lead to the disclosure of sensitive information stored in heap memory, which is then returned to the attacker's virtual machine port.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat OpenShift Container Platform 4Fast Datapath for RHEL 8Fast Datapath for Red Hat Enterprise Linux 8Fast Datapath for Red Hat Enterprise Linux 10Fast Datapath for Red Hat Enterprise Linux 9Fast Datapath for RHEL 9Red Hat OpenShift Container Platform 4Fast Datapath for RHEL 8Fast Datapath for Red Hat Enterprise Linux 8Fast Datapath for Red Hat Enterprise Linux 10Fast Datapath for Red Hat Enterprise Linux 9Fast Datapath for RHEL 9
CWE ID-CWE-130
Improper Handling of Length Parameter Inconsistency
CVE-2026-5119
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.25% / 16.71%
||
7 Day CHG~0.00%
Published-30 Mar, 2026 | 05:35
Updated-09 Jun, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libsoup: libsoup: information disclosure via cleartext transmission of cookies during https tunnel establishment

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential session hijacking or user impersonation.

Action-Not Available
Vendor-Red Hat, Inc.The GNOME Project
Product-enterprise_linuxlibsoupRed Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 8Red Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 10Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 9Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2026-5081
Matching Score-8
Assigner-CPAN Security Group
ShareView Details
Matching Score-8
Assigner-CPAN Security Group
CVSS Score-9.1||CRITICAL
EPSS-0.30% / 21.95%
||
7 Day CHG-0.02%
Published-06 May, 2026 | 12:16
Updated-30 Jun, 2026 | 12:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure

Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure. Apache::Session::Generate::ModUniqueId (added in version 1.54) uses the value of the UNIQUE_ID environment variable for the session id. The UNIQUE_ID variable is set by the Apache mod_unique_id plugin, which generates unique ids for the request. The id is based on the IPv4 address, the process id, the epoch time, a 16-bit counter and a thread index, with no obfuscation. The server IP is often available to the public, and if not available, can be guessed from previous session ids being issued. The process ids may also be guessed from previous session ids. The timestamp is easily guessed (and leaked in the HTTP Date response header). The purpose of mod_unique_id is to assign a unique id to requests so that events can be correlated in different logs. The id is not designed, nor is it suitable for security purposes.

Action-Not Available
Vendor-chornyCHORNYRed Hat, Inc.
Product-apache\Apache::Session::Generate::ModUniqueIdRed Hat Hardened Images
CWE ID-CWE-340
Generation of Predictable Numbers or Identifiers
CWE ID-CWE-341
Predictable from Observable State
CVE-2026-6478
Matching Score-8
Assigner-PostgreSQL
ShareView Details
Matching Score-8
Assigner-PostgreSQL
CVSS Score-6.5||MEDIUM
EPSS-0.56% / 42.40%
||
7 Day CHG+0.32%
Published-14 May, 2026 | 13:00
Updated-02 Jul, 2026 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PostgreSQL discloses MD5-hashed passwords via covert timing channel

Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed passwords originating in upgrades from PostgreSQL 13 or earlier. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.

Action-Not Available
Vendor-n/aRed Hat, Inc.The PostgreSQL Global Development Group
Product-postgresqlPostgreSQLRed Hat Enterprise Linux 7Self-service automation portal 2Red Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)Red Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux AppStream (v. 10)Red Hat Enterprise Linux AppStream E4S (v.8.8)Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux 8Red Hat Enterprise Linux AppStream E4S (v.9.4)Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)Red Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat Enterprise Linux AppStream AUS (v.8.4)Red Hat CodeReady Linux Builder EUS (v.9.6)Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)Red Hat Hardened Images
CWE ID-CWE-385
Covert Timing Channel
CVE-2026-44492
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-0.92% / 55.94%
||
7 Day CHG+0.39%
Published-11 Jun, 2026 | 15:29
Updated-02 Jul, 2026 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Axios: shouldBypassProxy does not recognize IPv4-mapped IPv6 addresses, allowing NO_PROXY bypass (incomplete fix for CVE-2025-62718)

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios does not normalise IPv4-mapped IPv6 addresses. When NO_PROXY lists an IPv4 address such as 127.0.0.1 or 169.254.169.254, a request URL using the IPv4-mapped IPv6 form (::ffff:7f00:1, ::ffff:a9fe:a9fe) still routes through the configured proxy. Node.js resolves these addresses to the underlying IPv4 host, so the request reaches the internal service via the proxy rather than being blocked. This vulnerability is fixed in 0.32.0 and 1.16.0.

Action-Not Available
Vendor-axiosaxiosRed Hat, Inc.
Product-axiosaxiosRed Hat Advanced Cluster Security for Kubernetes 4.9Red Hat OpenShift Container Platform 4.21Red Hat Quay 3OpenShift PipelinesRed Hat OpenShift Service Mesh 3.3Red Hat OpenShift Container Platform 4.15Red Hat OpenShift Service Mesh 3.0Red Hat OpenShift Service Mesh 3.2Red Hat OpenShift Service Mesh 2.6Red Hat 3scale API Management Platform 2Red Hat Build of Podman Desktop - Tech PreviewRed Hat Satellite 6Red Hat Discovery 2Red Hat Container Native Virtualization 4.14Network Observability OperatorRed Hat OpenShift AI (RHOAI)multicluster engine for Kubernetes 2.8Self-service automation portal 2Red Hat Trusted Profile AnalyzerRed Hat OpenShift Dev SpacesRed Hat OpenShift Service Mesh 3.1Red Hat Advanced Cluster Security for Kubernetes 4.10Red Hat Fuse 7Gatekeeper 3Red Hat Advanced Cluster Management for Kubernetes 2.13Migration Toolkit for ContainersRed Hat build of Apicurio Registry 3Red Hat Enterprise Linux AI (RHEL AI) 3Red Hat build of Apache Camel for Spring Boot 4Red Hat Enterprise Linux 9Red Hat Data Grid 8Red Hat Trusted Artifact SignerOpenShift Service Mesh 3Red Hat Ansible Automation Platform 2Red Hat Enterprise Linux 8Red Hat build of Apache Camel - HawtIO 4Cryostat 4Red Hat OpenShift Virtualization 4Red Hat Developer Hub 1.9Red Hat OpenShift Container Platform 4.20Migration Toolkit for Applications 8Red Hat OpenShift Container Platform 4.16Red Hat AMQ Broker 7Red Hat OpenShift Container Platform 4
CWE ID-CWE-289
Authentication Bypass by Alternate Name
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-44578
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-38.70% / 98.40%
||
7 Day CHG+0.94%
Published-13 May, 2026 | 17:01
Updated-03 Jul, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Next.js: Server-side request forgery in applications using WebSocket upgrades

Next.js is a React framework for building full-stack web applications. From 13.4.13 to before 15.5.16 and 16.2.5, self-hosted applications using the built-in Node.js server can be vulnerable to server-side request forgery through crafted WebSocket upgrade requests. An attacker can cause the server to proxy requests to arbitrary internal or external destinations, which may expose internal services or cloud metadata endpoints. Vercel-hosted deployments are not affected. This vulnerability is fixed in 15.5.16 and 16.2.5.

Action-Not Available
Vendor-vercelvercelRed Hat, Inc.
Product-next.jsnext.jsRed Hat Enterprise Linux 9Red Hat Enterprise Linux 7streams for Apache Kafka 3Red Hat Trusted Artifact SignerRed Hat Enterprise Linux 8Red Hat Enterprise Linux 10Streams for Apache Kafka 2.9.4Red Hat Enterprise Linux AI (RHEL AI) 3
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-41603
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.4||HIGH
EPSS-0.59% / 44.05%
||
7 Day CHG+0.34%
Published-28 Apr, 2026 | 09:19
Updated-30 Jun, 2026 | 03:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Thrift: Java TSSLTransportFactory hostname verification

Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

Action-Not Available
Vendor-The Apache Software FoundationRed Hat, Inc.
Product-thriftApache ThriftRed Hat OpenShift AI (RHOAI)Multicluster Global Hub 1.3.4Red Hat OpenShift Container Platform 4Multicluster Global Hub 1.5.4Multicluster Global Hub 1.4.5Red Hat OpenShift GitOpsRed Hat AI Inference ServerRed Hat OpenShift distributed tracing 3Red Hat Enterprise Linux AI (RHEL AI) 3Red Hat Advanced Cluster Management for Kubernetes 2.15Multicluster Global Hub 1.6.2OpenShift Service Mesh 2Red Hat OpenShift distributed tracing 3.9.3
CWE ID-CWE-295
Improper Certificate Validation
CWE ID-CWE-297
Improper Validation of Certificate with Host Mismatch
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-41326
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-8.2||HIGH
EPSS-0.27% / 18.54%
||
7 Day CHG-0.02%
Published-24 Apr, 2026 | 18:46
Updated-30 Jun, 2026 | 12:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kata Containers: CopyFile Policy Subversion via Symlinks

Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. From v3.4.0 to v3.28.0, an oversight in the CopyFile policy (and perhaps the CopyFile handler) allows untrusted hosts to write to arbitrary locations inside the guest workload image. This can be used to overwrite binaries inside the guest and exfiltrate data from containers; even those running inside CVMs. This vulnerability is fixed in v3.29.0.

Action-Not Available
Vendor-katacontainerskata-containersRed Hat, Inc.
Product-confidential_containerskata_containerskata-containersConfidential Compute AttestationRed Hat OpenShift Container Platform 4Red Hat OpenShift Container Platform 4.19
CWE ID-CWE-1220
Insufficient Granularity of Access Control
CWE ID-CWE-61
UNIX Symbolic Link (Symlink) Following
CVE-2026-39858
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.8||HIGH
EPSS-0.48% / 37.92%
||
7 Day CHG-0.04%
Published-30 Apr, 2026 | 20:26
Updated-30 Jun, 2026 | 12:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Traefik: Forwarded alias spoofing top pre-auth decision bypass

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's ForwardAuth and snippet-based authentication middleware. Traefik's forwarded-header sanitization logic targets only canonical header names (e.g., X-Forwarded-Proto) and does not strip or normalize alias variants that use underscores instead of dashes (e.g., X_Forwarded_Proto). These unsanitized alias headers are forwarded intact to the authentication backend. When the backend normalizes underscore and dash header forms equivalently, an attacker can inject spoofed trust context — such as a trusted scheme or host — through the alias headers and bypass authentication on protected routes without valid credentials. This issue has been patched in versions 2.11.43, 3.6.14, and 3.7.0-rc.2.

Action-Not Available
Vendor-traefiktraefikRed Hat, Inc.
Product-traefiktraefikRed Hat OpenShift Dev Spaces 3.28
CWE ID-CWE-289
Authentication Bypass by Alternate Name
CWE ID-CWE-290
Authentication Bypass by Spoofing
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-39852
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-0.43% / 34.72%
||
7 Day CHG+0.17%
Published-05 May, 2026 | 20:58
Updated-03 Jul, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Quarkus authorization bypass via semicolon path normalization inconsistency

Quarkus is a Java framework for building cloud-native applications. In versions prior to 3.20.6.1, 3.27.3.1, 3.33.1.1, 3.35.1.1, 3.34.7, and 3.35.2, a path normalization inconsistency between the security layer and the routing layer allows unauthenticated or lower-privileged users to bypass HTTP path-based authorization policies. Quarkus's security layer performs authorization checks on the raw URL path which preserves matrix parameters (semicolons), while RESTEasy Reactive's routing layer strips matrix parameters before matching endpoints. An attacker can append a semicolon and arbitrary text to a request URL (e.g., /api/admin;anything) to bypass policies protecting /api/admin while still routing to the protected endpoint. This issue has been fixed in versions 3.20.6.1, 3.27.3.1, 3.33.1.1, 3.35.1.1, 3.34.7, and 3.35.2.

Action-Not Available
Vendor-quarkusquarkusioRed Hat, Inc.
Product-quarkusquarkusCryostat 4 on RHEL 9Red Hat build of Apicurio Registry 2Red Hat Process Automation 7Red Hat Build of KeycloakRed Hat Fuse 7Red Hat build of Quarkus 3.20.6.SP1Streams for Apache Kafka 2.9.4Red Hat Build of Apache Camel 4.14 for Quarkus 3.27Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat build of Apicurio Registry 3streams for Apache Kafka 3Red Hat build of Debezium 3OpenShift ServerlessHawtIO HawtIO 4.4.0Red Hat build of Apache Camel 4 for Quarkus 3Red Hat build of Quarkus 3.27.3.SP1Red Hat build of OptaPlanner 8Red Hat OpenShift AI (RHOAI)
CWE ID-CWE-551
Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
CWE ID-CWE-863
Incorrect Authorization
CVE-2012-5562
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.6||HIGH
EPSS-1.03% / 59.40%
||
7 Day CHG~0.00%
Published-02 Dec, 2019 | 18:12
Updated-09 Apr, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rhn-proxy: rhn-satellite: rhn-proxy: information disclosure via clear-text credential transmission when accessing rhn satellite

A flaw was found in rhn-proxy. This vulnerability may allow the rhn-proxy to transmit user credentials in clear-text when it accesses RHN Satellite. This could lead to information disclosure, where sensitive authentication details are exposed to unauthorized parties.

Action-Not Available
Vendor-Red Hat, Inc.
Product-satelliteRed Hat Satellite 6
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2026-35051
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.8||HIGH
EPSS-0.27% / 18.35%
||
7 Day CHG+0.01%
Published-30 Apr, 2026 | 20:26
Updated-30 Jun, 2026 | 12:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Traefik: ForwardAuth trustForwardHeader=false allows spoofed X-Forwarded-Prefix to bypass auth

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is an authentication bypass vulnerability in Traefik's ForwardAuth middleware when trustForwardHeader=false is configured and Traefik is deployed behind a trusted upstream proxy. This issue has been patched in versions 2.11.43, 3.6.14, and 3.7.0-rc.2.

Action-Not Available
Vendor-traefiktraefikRed Hat, Inc.
Product-traefiktraefikRed Hat OpenShift Dev Spaces 3.28
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CWE ID-CWE-501
Trust Boundary Violation
CVE-2026-33216
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-0.36% / 28.53%
||
7 Day CHG+0.09%
Published-25 Mar, 2026 | 19:41
Updated-30 Jun, 2026 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NATS has MQTT plaintext password disclosure

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, for MQTT deployments using usercodes/passwords: MQTT passwords are incorrectly classified as a non-authenticating identity statement (JWT) and exposed via monitoring endpoints. Versions 2.11.14 and 2.12.6 contain a fix. As a workaround, ensure monitoring end-points are adequately secured. Best practice remains to not expose the monitoring endpoint to the Internet or other untrusted network users.

Action-Not Available
Vendor-nats-ioThe Linux FoundationRed Hat, Inc.
Product-nats-servernats-serverMulticluster Global Hub 1.4.5Multicluster Global Hub 1.6.2Red Hat OpenShift Container Platform 4Multicluster Global Hub 1.5.4
CWE ID-CWE-213
Exposure of Sensitive Information Due to Incompatible Policies
CWE ID-CWE-256
Plaintext Storage of a Password
CVE-2026-33810
Matching Score-8
Assigner-Go Project
ShareView Details
Matching Score-8
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-0.34% / 25.98%
||
7 Day CHG+0.08%
Published-08 Apr, 2026 | 01:06
Updated-03 Jul, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Case-sensitive excludedSubtrees name constraints cause Auth Bypass in crypto/x509

When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.

Action-Not Available
Vendor-Go standard libraryRed Hat, Inc.Go
Product-gocrypto/x509Cryostat 4 on RHEL 9Red Hat Openshift Data Foundation 4Zero Trust Workload Identity Manager - Tech PreviewRed Hat Quay 3Red Hat OpenShift distributed tracing 3.9.3Machine Deletion Remediation OperatorService Telemetry Framework 1.5mirror registry for Red Hat OpenShift 2Red Hat Developer HubMulticluster Engine for KubernetesDeployment Validation OperatorZero Trust Workload Identity ManagerLogging Subsystem for Red Hat OpenShift 6.4Red Hat OpenShift Builds 1.6.5Logging Subsystem for Red Hat OpenShift 6.0streams for Apache Kafka 3Multicluster Global Hub 1.5.4Red Hat 3scale API Management Platform 2Red Hat OpenShift GitOpsExternal Secrets Operator for Red Hat OpenShiftRed Hat OpenShift on AWSRed Hat Web Terminal 1.15Network Observability Operatorcert-manager Operator for Red Hat OpenShiftRed Hat OpenShift Cluster Manager CLIRed Hat Enterprise Linux 7Red Hat OpenShift Dev Spaces 3.28Red Hat OpenStack Platform 18.0Gatekeeper 3Custom Metric Autoscaler operator for Red Hat OpenshiftMigration Toolkit for ContainersRed Hat Enterprise Linux 10Red Hat OpenShift Dev Workspaces OperatorRed Hat Advanced Cluster Management for Kubernetes 2Node HealthCheck OperatorRed Hat Enterprise Linux 9OpenShift Service Mesh 3Red Hat Enterprise Linux 8Red Hat Ansible Automation Platform 2OpenShift ServerlessRed Hat Advanced Cluster Security 4Migration Toolkit for Applications 8OpenShift LightspeedPower monitoring for Red Hat OpenShiftRed Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat Ansible Automation Platform 2.6Red Hat Service Interconnect 2OpenShift Developer Tools and ServicesRed Hat OpenStack Platform 16.2Red Hat Web Terminal 1.14Red Hat Satellite 6.19 for RHEL 9ExternalDNS OperatorRed Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux AppStream (v. 10)OpenShift PipelinesFile Integrity OperatorSecurity Profiles OperatorRed Hat Certification Program for Red Hat Enterprise Linux 9Red Hat Web Terminal 1.11Red Hat Trusted Artifact Signer 1.3Red Hat Satellite 6OpenShift Compliance Operator 1Red Hat Enterprise Linux AppStream (v. 9)Red Hat Lightspeed (formerly Insights) for Runtimes 1Red Hat Web Terminal 1.13Red Hat OpenShift AI (RHOAI)Confidential Compute Attestationmirror registry for Red Hat OpenShiftRed Hat Edge Manager 1OpenShift Service Mesh 2Multicluster Global Hub 1.6.2Logical Volume Manager StorageRed Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Web Terminal 1.12Fence Agents Remediation OperatorMulticluster Global Hub 1.4.5Logging Subsystem for Red Hat OpenShiftRed Hat Enterprise Linux AI (RHEL AI) 3Red Hat Service Interconnect 1Red Hat OpenShift Builds 1.7.3OpenShift API for Data Protection 1.4OpenShift API for Data Protection 1.5Red Hat OpenShift Virtualization 4Red Hat OpenShift for Windows ContainersHawtIO HawtIO 4.4.0Red Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat Connectivity Link 1Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-1289
Improper Validation of Unsafe Equivalence in Input
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-40975
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-4.8||MEDIUM
EPSS-0.31% / 23.06%
||
7 Day CHG+0.10%
Published-27 Apr, 2026 | 23:32
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Values produced by ${random.value} are not suitable for use as secrets. ${random.uuid} is not affected. ${random.int} and ${random.long} should never be used for secrets as they are numeric values with a predictable range. Affected: Spring Boot 4.0.0–4.0.5 (fix 4.0.6), 3.5.0–3.5.13 (fix 3.5.14), 3.4.0–3.4.15 (fix 3.4.16), 3.3.0–3.3.18 (fix 3.3.19), 2.7.0–2.7.32 (fix 2.7.33); random value property source / weak PRNG for secrets. Versions that are no longer supported are also affected per vendor advisory.

Action-Not Available
Vendor-VMware (Broadcom Inc.)Red Hat, Inc.
Product-spring_bootSpring BootRed Hat build of Apache Camel 4.18.1 for Spring Boot 3.5.14Red Hat build of OptaPlanner 8Red Hat AMQ ClientsRed Hat AMQ Broker 7Red Hat Single Sign-On 7Red Hat JBoss Enterprise Application Platform 7Red Hat Data Grid 8.6.1Red Hat Enterprise Linux 9Red Hat Process Automation 7Red Hat Enterprise Linux 8Red Hat OpenShift Dev Spaces 3.28Red Hat Fuse 7Red Hat JBoss Enterprise Application Platform 8Red Hat JBoss Enterprise Application Platform Expansion PackHawtIO HawtIO 4.4.0
CWE ID-CWE-330
Use of Insufficiently Random Values
CWE ID-CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CVE-2026-40022
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-8.2||HIGH
EPSS-0.62% / 45.43%
||
7 Day CHG+0.17%
Published-27 Apr, 2026 | 09:40
Updated-30 Jun, 2026 | 03:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Camel Platform HTTP Main: Authentication Bypass on Non-Root Context Paths in camel main runtime

When authentication is enabled on the Apache Camel embedded HTTP server or embedded management server (camel-platform-http-main) and a non-root context path such as /api or /admin is configured via camel.server.path or camel.management.path, the BasicAuthenticationConfigurer and JWTAuthenticationConfigurer classes derive the authentication path from properties.getPath() when camel.server.authenticationPath / camel.management.authenticationPath is not explicitly set. Combined with the Vert.x sub-router mounting model - the sub-router is mounted at _path_* and the authentication handler is registered inside the sub-router at the resolved path - this causes the authentication handler to match only the exact configured context path, not its subpaths. Unauthenticated requests to subpaths such as /api/_route_ or /admin/observe/info therefore reach protected business routes and management endpoints without being challenged for credentials. The /observe/info endpoint can disclose runtime metadata such as the user, working directory, home directory, process ID, JVM and operating system information. This issue affects Apache Camel: from 4.14.1 before 4.14.6, from 4.18.0 before 4.18.2. Users are recommended to upgrade to version 4.20.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, they are suggested to upgrade to 4.14.6. If users are on the 4.18.x LTS releases stream, they are suggested to upgrade to 4.18.2.

Action-Not Available
Vendor-The Apache Software FoundationRed Hat, Inc.
Product-camelApache Camel Platform HTTP MainRed Hat build of Apache Camel 4.18.1 for Spring Boot 3.5.14Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat Single Sign-On 7Red Hat build of Apache Camel 4 for Quarkus 3Red Hat Process Automation 7Red Hat Fuse 7Red Hat JBoss Enterprise Application Platform 8OpenShift Serverless
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-551
Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
CVE-2026-28500
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-0.32% / 23.60%
||
7 Day CHG+0.06%
Published-18 Mar, 2026 | 01:15
Updated-30 Jun, 2026 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ONNX Untrusted Model Repository Warnings Suppressed by silent=True in onnx.hub.load() — Silent Supply-Chain Attack

Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass exists in onnx.hub.load() due to improper logic in the repository trust verification mechanism. While the function is designed to warn users when loading models from non-official sources, the use of the silent=True parameter completely suppresses all security warnings and confirmation prompts. This vulnerability transforms a standard model-loading function into a vector for Zero-Interaction Supply-Chain Attacks. When chained with file-system vulnerabilities, an attacker can silently exfiltrate sensitive files (SSH keys, cloud credentials) from the victim's machine the moment the model is loaded. As of time of publication, no known patched versions are available.

Action-Not Available
Vendor-onnxThe Linux FoundationRed Hat, Inc.
Product-onnxonnxRed Hat OpenShift AI 2.25Red Hat OpenShift AI (RHOAI)
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CWE ID-CWE-494
Download of Code Without Integrity Check
CWE ID-CWE-693
Protection Mechanism Failure
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2026-25580
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-0.58% / 43.42%
||
7 Day CHG+0.11%
Published-06 Feb, 2026 | 21:01
Updated-30 Jun, 2026 | 12:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Pydantic AI Affected by Server-Side Request Forgery (SSRF) in URL Download Handling

Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. From 0.0.26 to before 1.56.0, aServer-Side Request Forgery (SSRF) vulnerability exists in Pydantic AI's URL download functionality. When applications accept message history from untrusted sources, attackers can include malicious URLs that cause the server to make HTTP requests to internal network resources, potentially accessing internal services or cloud credentials. This vulnerability only affects applications that accept message history from external users. This vulnerability is fixed in 1.56.0.

Action-Not Available
Vendor-pydanticpydanticRed Hat, Inc.
Product-pydantic_aipydantic-aiRed Hat Enterprise Linux AI (RHEL AI) 3
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-0532
Matching Score-8
Assigner-Elastic
ShareView Details
Matching Score-8
Assigner-Elastic
CVSS Score-8.6||HIGH
EPSS-0.42% / 33.57%
||
7 Day CHG+0.11%
Published-14 Jan, 2026 | 10:14
Updated-30 Jun, 2026 | 12:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
External Control of File Name or Path and Server-Side Request Forgery (SSRF) in Kibana Google Gemini Connector

External Control of File Name or Path (CWE-73) combined with Server-Side Request Forgery (CWE-918) can allow an attacker to cause arbitrary file disclosure through a specially crafted credentials JSON payload in the Google Gemini connector configuration. This requires an attacker to have authenticated access with privileges sufficient to create or modify connectors (Alerts & Connectors: All). The server processes a configuration without proper validation, allowing for arbitrary network requests and for arbitrary file reads.

Action-Not Available
Vendor-Elasticsearch BVRed Hat, Inc.
Product-KibanaRed Hat OpenStack Platform 16.2Red Hat OpenShift distributed tracing 3Logging Subsystem for Red Hat OpenShiftRed Hat JBoss Enterprise Application Platform 8Red Hat JBoss Enterprise Application Platform Expansion Pack
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-59088
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.6||HIGH
EPSS-0.41% / 32.52%
||
7 Day CHG+0.01%
Published-12 Nov, 2025 | 16:35
Updated-30 Jun, 2026 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Python-kdcproxy: unauthenticated ssrf via realm‑controlled dns srv

If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request for a realm matching a DNS zone where they created SRV records pointing to arbitrary ports and hostnames (which may resolve to loopback or internal IP addresses). This vulnerability can be exploited to probe internal network topology and firewall rules, perform port scanning, and exfiltrate data. Deployments where the "use_dns" setting is explicitly set to false are not affected.

Action-Not Available
Vendor-latchsetRed Hat, Inc.
Product-Red Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionskdcproxyRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Update Services for SAP Solutions
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-3501
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.2||HIGH
EPSS-0.39% / 30.46%
||
7 Day CHG+0.02%
Published-29 Apr, 2025 | 20:45
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Org.keycloak.protocol.services: keycloak hostname verification

A flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is unintended.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat build of Keycloak 26.0Red Hat Single Sign-On 7Red Hat build of Keycloak 26Red Hat Build of KeycloakRed Hat build of Keycloak 26.2
CWE ID-CWE-297
Improper Validation of Certificate with Host Mismatch
CVE-2023-1183
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-65.69% / 99.17%
||
7 Day CHG~0.00%
Published-10 Jul, 2023 | 15:04
Updated-13 Feb, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary file write

A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker.

Action-Not Available
Vendor-libreofficen/aRed Hat, Inc.Fedora Project
Product-fedoralibreofficeenterprise_linuxRed Hat Enterprise Linux 6Red Hat Enterprise Linux 7FedoralibreofficeRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-32431
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-0.77% / 51.04%
||
7 Day CHG~0.00%
Published-21 Apr, 2025 | 15:34
Updated-25 Nov, 2025 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Traefik has a possible vulnerability with the path matchers

Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. In versions prior to 2.11.24, 3.3.6, and 3.4.0-rc2. There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a matcher based on the path, if the URL contains a /../ in its path, it’s possible to target a backend, exposed using another router, by-passing the middlewares chain. This issue has been patched in versions 2.11.24, 3.3.6, and 3.4.0-rc2. A workaround involves adding a `PathRegexp` rule to the matcher to prevent matching a route with a `/../` in the path.

Action-Not Available
Vendor-traefiktraefik
Product-traefiktraefik
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-4244
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.35% / 68.03%
||
7 Day CHG~0.00%
Published-25 Sep, 2023 | 19:20
Updated-05 May, 2025 | 14:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Codehaus-plexus: directory traversal

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.

Action-Not Available
Vendor-codehaus-plexusRed Hat, Inc.
Product-plexus-utilsintegration_camel_kRed Hat Software CollectionsA-MQ Clients 2Red Hat support for Spring BootRed Hat Process Automation 7Red Hat JBoss Fuse 7Red Hat A-MQ OnlineRed Hat JBoss Web Server 3Red Hat Enterprise Linux 9Red Hat Data Grid 8Red Hat JBoss Data Grid 7Red Hat build of Apache Camel for Spring BootRed Hat JBoss A-MQ 7Red Hat JBoss Fuse Service Works 6Red Hat OpenShift Application RuntimesRed Hat Enterprise Linux 8Red Hat Integration Service RegistryRed Hat Enterprise Linux 7Red Hat Integration Camel QuarkusRHPAM 7.13.1 asyncRed Hat JBoss Enterprise Application Platform Expansion PackRed Hat Integration Change Data CaptureRed Hat JBoss Enterprise Application Platform 7RHINT Camel-K-1.10.1Red Hat Decision Manager 7Red Hat JBoss Fuse 6Red Hat build of QuarkusRed Hat Single Sign-On 7Red Hat JBoss Web Server 5Red Hat JBoss Enterprise Application Platform 6
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-14366
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.36% / 68.36%
||
7 Day CHG~0.00%
Published-09 Nov, 2020 | 16:50
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw

Action-Not Available
Vendor-Red Hat, Inc.
Product-keycloakkeycloak
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-10691
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.2||MEDIUM
EPSS-0.36% / 27.82%
||
7 Day CHG~0.00%
Published-30 Apr, 2020 | 16:23
Updated-04 Aug, 2024 | 11:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system.

Action-Not Available
Vendor-Red Hat, Inc.
Product-ansible_engineansible_towerAnsible
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-10696
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-2.60% / 83.48%
||
7 Day CHG+0.02%
Published-31 Mar, 2020 | 21:01
Updated-04 Aug, 2024 | 11:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.

Action-Not Available
Vendor-buildah_projectRed Hat, Inc.
Product-openshift_container_platformbuildahenterprise_linuxbuildah
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-9083
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.52% / 40.26%
||
7 Day CHG+0.02%
Published-25 Jun, 2026 | 16:17
Updated-01 Jul, 2026 | 17:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keycloak: keycloak: information disclosure through arbitrary filesystem path probing

A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vulnerability by submitting an arbitrary filesystem path as a keystore parameter when creating a key provider component. This allows the administrator to probe arbitrary filesystem paths, determining which files exist and are readable by the Keycloak process. This information disclosure could be used to identify high-value targets for follow-on attacks.

Action-Not Available
Vendor-Red Hat, Inc.
Product-build_of_keycloakRed Hat build of Keycloak 26.4Red Hat build of Keycloak 26.6Red Hat build of Keycloak 26.4.13Red Hat build of Keycloak 26.6.4
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-15031
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.1||HIGH
EPSS-0.85% / 53.75%
||
7 Day CHG+0.14%
Published-18 Mar, 2026 | 22:06
Updated-30 Jun, 2026 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Path Traversal Vulnerability in mlflow/mlflow

A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improper handling of tar archive entries. Specifically, the use of `tarfile.extractall` without path validation enables crafted tar.gz files containing `..` or absolute paths to escape the intended extraction directory. This issue affects the latest version of MLflow and poses a high/critical risk in scenarios involving multi-tenant environments or ingestion of untrusted artifacts, as it can lead to arbitrary file overwrites and potential remote code execution.

Action-Not Available
Vendor-lfprojectsmlflowRed Hat, Inc.
Product-mlflowmlflow/mlflowRed Hat OpenShift AI (RHOAI)
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-15036
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-9.6||CRITICAL
EPSS-0.59% / 43.77%
||
7 Day CHG+0.04%
Published-30 Mar, 2026 | 01:16
Updated-30 Jun, 2026 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Path Traversal Vulnerability in mlflow/mlflow

A path traversal vulnerability exists in the `extract_archive_to_dir` function within the `mlflow/pyfunc/dbconnect_artifact_cache.py` file of the mlflow/mlflow repository. This vulnerability, present in versions before v3.7.0, arises due to the lack of validation of tar member paths during extraction. An attacker with control over the tar.gz file can exploit this issue to overwrite arbitrary files or gain elevated privileges, potentially escaping the sandbox directory in multi-tenant or shared cluster environments.

Action-Not Available
Vendor-lfprojectsmlflowRed Hat, Inc.
Product-mlflowmlflow/mlflowRed Hat OpenShift AI (RHOAI)
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-29
Path Traversal: '\..\filename'
CVE-2026-8643
Matching Score-6
Assigner-Python Software Foundation
ShareView Details
Matching Score-6
Assigner-Python Software Foundation
CVSS Score-4.1||MEDIUM
EPSS-0.32% / 23.83%
||
7 Day CHG+0.18%
Published-01 Jun, 2026 | 15:01
Updated-03 Jul, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
pip can extract console_scripts and gui_scripts outside installation directory

pip would treat console_scripts and gui_scripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory.

Action-Not Available
Vendor-pypaPython Packaging AuthorityRed Hat, Inc.
Product-pippipRed Hat Enterprise Linux 7Pen Drive Powered by Red Hat LightspeedRed Hat OpenShift Dev SpacesRed Hat AI Inference ServerRed Hat OpenShift AI 3.0Red Hat Quay 3Service Telemetry Framework 1.5Red Hat Enterprise Linux 10Red Hat Developer HubRed Hat OpenShift AI 3.3Red Hat Enterprise Linux AI (RHEL AI) 3Red Hat Enterprise Linux 9Red Hat Ansible Automation Platform 2.6Red Hat OpenShift Container Platform 4Red Hat Trusted Artifact SignerOpenShift Service Mesh 3Red Hat Ansible Automation Platform 2Red Hat Enterprise Linux 8Red Hat Satellite 6Exploit IntelligenceRed Hat Discovery 2Migration Toolkit for Applications 8OpenShift LightspeedRed Hat OpenShift AI 3.4Red Hat OpenShift AI 3.2Red Hat Hardened ImagesRed Hat OpenShift AI (RHOAI)Migration Toolkit for Virtualization
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-1485
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-8||HIGH
EPSS-0.94% / 56.66%
||
7 Day CHG~0.00%
Published-13 Feb, 2024 | 23:31
Updated-24 Mar, 2026 | 12:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Registry-support: decompress can delete files outside scope via relative paths

A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the `parent` or `plugin` keywords. This could download a malicious archive and cause the cleanup process to overwrite or delete files outside of the archive, which should not be allowed.

Action-Not Available
Vendor-devfileRed Hat, Inc.
Product-openshift_developer_tools_and_servicesopenshiftregistry-supportRed Hat OpenShift Container Platform 4OpenShift Developer Tools and Services
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-6855
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.1||HIGH
EPSS-0.16% / 5.89%
||
7 Day CHG~0.00%
Published-22 Apr, 2026 | 12:29
Updated-24 Apr, 2026 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Instructlab: instructlab: path traversal allows arbitrary directory creation and file write

A flaw was found in InstructLab. A local attacker could exploit a path traversal vulnerability in the chat session handler by manipulating the `logs_dir` parameter. This allows the attacker to create new directories and write files to arbitrary locations on the system, potentially leading to unauthorized data modification or disclosure.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux AI (RHEL AI) 3
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-57966
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.14% / 3.49%
||
7 Day CHG~0.00%
Published-29 Jun, 2026 | 07:53
Updated-29 Jun, 2026 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Spice-vdagent: path traversal in file transfer via unsanitized filename

A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on the guest operating system. This occurs because the filename provided by the SPICE host during file transfers is not properly sanitized before being used. An attacker could exploit this to write to sensitive locations with the privileges of the spice-vdagent process, typically the logged-in user. This issue requires the SPICE host to be untrusted or compromised for exploitation.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-5656
Matching Score-6
Assigner-GitLab Inc.
ShareView Details
Matching Score-6
Assigner-GitLab Inc.
CVSS Score-7||HIGH
EPSS-0.18% / 7.80%
||
7 Day CHG+0.01%
Published-30 Apr, 2026 | 23:03
Updated-30 Jun, 2026 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Wireshark

Profile import path traversal in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution

Action-Not Available
Vendor-Red Hat, Inc.Wireshark Foundation
Product-wiresharkWiresharkRed Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)Red Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream (v. 10)
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-0750
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.6||MEDIUM
EPSS-0.23% / 14.17%
||
7 Day CHG~0.00%
Published-28 Jan, 2025 | 09:29
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cri-o: cri-o path traversal in log handling functions allows arbitrary unmounting

A vulnerability was found in CRI-O. A path traversal issue in the log management functions (UnMountPodLogs and LinkContainerLogs) may allow an attacker with permissions to create and delete Pods to unmount arbitrary host paths, leading to node-level denial of service by unmounting critical system directories.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat OpenShift Container Platform 4.17Red Hat OpenShift Container Platform 4
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-52902
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.12% / 2.23%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 09:33
Updated-25 Jun, 2026 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Awxkit: path traversal via yaml !include directive

A path traversal vulnerability was found in awxkit, the CLI tool for AWX. The YAML !include directive does not sanitize file paths, allowing an attacker to craft a malicious YAML file that reads arbitrary YAML-formatted files from the local filesystem when a user imports it using "awx --conf.format yaml import". This is a client-side vulnerability requiring user interaction.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Ansible Automation Platform 2
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-28406
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-8.2||HIGH
EPSS-0.61% / 44.98%
||
7 Day CHG+0.05%
Published-27 Feb, 2026 | 21:20
Updated-30 Jun, 2026 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
kaniko has tar archive path traversal in build context extraction allows writing files outside destination directory

kaniko is a tool to build container images from a Dockerfile, inside a container or Kubernetes cluster. Starting in version 1.25.4 and prior to version 1.25.10, kaniko unpacks build context archives using `filepath.Join(dest, cleanedName)` without enforcing that the final path stays within `dest`. A tar entry like `../outside.txt` escapes the extraction root and writes files outside the destination directory. In environments with registry authentication, this can be chained with docker credential helpers to achieve code execution within the executor process. Version 1.25.10 uses securejoin for path resolution in tar extraction.

Action-Not Available
Vendor-chainguardchainguard-forksRed Hat, Inc.
Product-kanikokanikoOpenShift Serverless
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-9676
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.34% / 67.99%
||
7 Day CHG~0.00%
Published-15 Oct, 2024 | 15:27
Updated-24 Apr, 2026 | 15:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Podman: buildah: cri-o: symlink traversal vulnerability in the containers/storage library can cause denial of service (dos)

A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host.

Action-Not Available
Vendor-Red Hat, Inc.
Product-enterprise_linux_for_arm_64enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsopenshift_container_platform_for_linuxoneenterprise_linux_eusopenshift_container_platform_for_arm64enterprise_linux_for_arm_64_eusenterprise_linux_for_ibm_z_systems_eusenterprise_linux_server_ausenterprise_linux_for_power_little_endian_eusopenshift_container_platform_for_powerenterprise_linux_for_ibm_z_systemsenterprise_linux_for_power_little_endianenterprise_linuxopenshift_container_platformopenshift_container_platform_for_ibm_zRed Hat Enterprise Linux 10Red Hat OpenShift Container Platform 4Red Hat OpenShift Container Platform 4.13Red Hat OpenShift Container Platform 4.15Red Hat Quay 3Red Hat OpenShift Container Platform 4.14Red Hat OpenShift Container Platform 4.17Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9.4 Extended Update SupportRed Hat OpenShift Container Platform 4.12OpenShift Developer Tools and ServicesRed Hat OpenShift Container Platform 4.16Red Hat Enterprise Linux 9
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-9675
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.39% / 31.11%
||
7 Day CHG~0.00%
Published-09 Oct, 2024 | 14:32
Updated-29 Jun, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buildah: buildah allows arbitrary directory mount

A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.

Action-Not Available
Vendor-buildah_projectRed Hat, Inc.
Product-enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsenterprise_linux_for_arm_64buildahenterprise_linux_for_ibm_z_systemsenterprise_linux_for_power_little_endian_eusenterprise_linux_for_arm_64_eusenterprise_linuxenterprise_linux_for_power_little_endianenterprise_linux_update_services_for_sap_solutionsenterprise_linux_eusenterprise_linux_server_ausenterprise_linux_server_tusenterprise_linux_for_ibm_z_systems_eusopenshift_container_platformRed Hat Enterprise Linux 9.0 Extended Update SupportRed Hat OpenShift Container Platform 4.18Red Hat OpenShift Container Platform 4.16Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8.8 Extended Update SupportRed Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat OpenShift Container Platform 4.12Red Hat OpenShift Container Platform 4.15Red Hat Quay 3Red Hat OpenShift Container Platform 4.14Red Hat OpenShift Container Platform 4Red Hat OpenShift Container Platform 4.17Red Hat OpenShift Container Platform 4.13Red Hat Enterprise Linux 8Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceOpenShift Developer Tools and ServicesRed Hat Enterprise Linux 8.6 Update Services for SAP Solutions
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-6321
Matching Score-6
Assigner-ce714d77-add3-4f53-aff5-83d477b104bb
ShareView Details
Matching Score-6
Assigner-ce714d77-add3-4f53-aff5-83d477b104bb
CVSS Score-7.5||HIGH
EPSS-0.52% / 40.39%
||
7 Day CHG+0.12%
Published-04 May, 2026 | 19:31
Updated-02 Jul, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
fast-uri vulnerable to path traversal via percent-encoded dot segments

fast-uri decoded percent-encoded path separators and dot segments before applying dot-segment removal in its normalize() and equal() functions. Encoded path data was treated like real slashes and parent-directory references, so distinct URIs could collapse onto the same normalized path. Applications that normalize or compare attacker-controlled URLs to enforce path-based policy can be bypassed, with a path that appears confined under an allowed prefix normalizing to a different location. Versions <= 3.1.0 are affected. Update to 3.1.1 or later.

Action-Not Available
Vendor-fast-uriRed Hat, Inc.OpenJS Foundation
Product-fast-urifast-uriConfidential Compute AttestationRed Hat Developer Hub 1.8Red Hat OpenShift Dev Spaces 3.28Red Hat Openshift Data Foundation 4.16Network Observability (NETOBSERV) 1.12.0Red Hat Enterprise Linux 10Red Hat Satellite 6.18Red Hat Developer HubOpenShift PipelinesRed Hat Openshift Data Foundation 4.19Red Hat Enterprise Linux 9Red Hat Data Grid 8streams for Apache Kafka 3Red Hat Ansible Automation Platform 2Red Hat Ansible Automation Platform 2.5Red Hat Build of Podman DesktopCryostat 4Red Hat Build of Podman Desktop - Tech PreviewRed Hat Openshift Data Foundation 4.18Red Hat Satellite 6Red Hat Discovery 2streams for Apache Kafka 2Red Hat Developer Hub 1.9HawtIO HawtIO 4.4.0Cluster Observability Operator 1.5.0Red Hat Ansible Automation Platform 2.6Red Hat OpenShift AI 2.25Red Hat OpenShift AI (RHOAI)Red Hat OpenShift Container Platform 4
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-7631
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.46% / 36.98%
||
7 Day CHG~0.00%
Published-19 Mar, 2025 | 18:47
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Openshift-console: openshift console: path traversal

A flaw was found in the OpenShift Console, an endpoint for plugins to serve resources in multiple languages: /locales/resources.json. This endpoint's lng and ns parameters are used to construct a filepath in pkg/plugins/handlers unsafely.go#L112 Because of this unsafe filepath construction, an authenticated user can manipulate the path to retrieve any JSON files on the console's pod by using sequences of ../ and valid directory paths.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat OpenShift Container Platform 4Red Hat OpenShift Container Platform 3.11
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-4660
Matching Score-6
Assigner-HashiCorp Inc.
ShareView Details
Matching Score-6
Assigner-HashiCorp Inc.
CVSS Score-7.5||HIGH
EPSS-0.58% / 43.61%
||
7 Day CHG+0.16%
Published-09 Apr, 2026 | 13:47
Updated-30 Jun, 2026 | 12:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Go-getter may allow to arbitrary filesystem reads through git operations

HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This vulnerability, CVE-2026-4660, is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and package.

Action-Not Available
Vendor-HashiCorp, Inc.Red Hat, Inc.
Product-ToolingRed Hat Trusted Artifact SignerRed Hat Trusted Artifact Signer 1.3Red Hat OpenShift Container Platform 4
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-44017
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.48% / 37.87%
||
7 Day CHG+0.07%
Published-24 Jun, 2026 | 17:48
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Docling: Unsafe Zip Extraction in EasyOCR Model Download

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.91.0, the EasyOCR model download functionality extracted ZIP archives without validating member paths, enabling Zip Slip attacks. If an attacker could compromise the model download source (via supply chain attack, DNS spoofing, or MITM), they could write arbitrary files to any location writable by the process, potentially achieving remote code execution by overwriting Python files or system binaries, persistent backdoors by modifying startup scripts or SSH keys, and data corruption or system compromise. This vulnerability is fixed in 2.91.0.

Action-Not Available
Vendor-doclingdocling-projectRed Hat, Inc.
Product-doclingdoclingRed Hat OpenShift AI (RHOAI)
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-41140
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-0.6||LOW
EPSS-0.29% / 21.13%
||
7 Day CHG-0.04%
Published-24 Apr, 2026 | 17:10
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Poetry: Path traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4

Poetry is a dependency manager for Python. Prior to 2.3.4, the extractall() function in src/poetry/utils/helpers.py:410-426 extracts sdist tarballs without path traversal protection on Python versions where tarfile.data_filter is unavailable. Considering only Python versions which are still supported by Poetry, these are 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4. This vulnerability is fixed in 2.3.4.

Action-Not Available
Vendor-python-poetryRed Hat, Inc.
Product-poetryRed Hat Ansible Automation Platform 2Red Hat Ansible Automation Platform 2.6Red Hat OpenShift AI (RHOAI)Red Hat OpenShift Container Platform 4Red Hat Satellite 6
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found