Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-58015

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-30 Jun, 2026 | 13:02
Updated At-02 Jul, 2026 | 00:42
Rejected At-
Credits

Glib: path traversal in glib/gio/gdbusauthmechanismsha1.c via keyring_lookup_entry and mechanism_client_data_receive

A flaw was found in GLib. The D-Bus client-side implementation of the DBUS_COOKIE_SHA1 SASL authentication mechanism does not validate the cookie_context parameter received from the server. A malicious D-Bus server can supply a cookie_context containing path traversal sequences, causing the client to read an arbitrary file and exfiltrate sensitive data by verifying guessed file contents against a generated hash.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:30 Jun, 2026 | 13:02
Updated At:02 Jul, 2026 | 00:42
Rejected At:
â–¼CVE Numbering Authority (CNA)
Glib: path traversal in glib/gio/gdbusauthmechanismsha1.c via keyring_lookup_entry and mechanism_client_data_receive

A flaw was found in GLib. The D-Bus client-side implementation of the DBUS_COOKIE_SHA1 SASL authentication mechanism does not validate the cookie_context parameter received from the server. A malicious D-Bus server can supply a cookie_context containing path traversal sequences, causing the client to read an arbitrary file and exfiltrate sensitive data by verifying guessed file contents against a generated hash.

Affected Products
Vendor
The GNOME ProjectGNOME
Product
GLib
Collection URL
https://gitlab.gnome.org/GNOME/glib/
Package Name
GLib
Default Status
unaffected
Versions
Affected
  • From 0 before 2.88.1 (semver)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 10
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
glib2
CPEs
  • cpe:/o:redhat:enterprise_linux:10
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 10
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
mingw-glib2
CPEs
  • cpe:/o:redhat:enterprise_linux:10
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 6
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
glib2
CPEs
  • cpe:/o:redhat:enterprise_linux:6
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 7
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
glib2
CPEs
  • cpe:/o:redhat:enterprise_linux:7
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
glib2
CPEs
  • cpe:/o:redhat:enterprise_linux:8
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
mingw-glib2
CPEs
  • cpe:/o:redhat:enterprise_linux:8
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
glib2
CPEs
  • cpe:/o:redhat:enterprise_linux:9
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
mingw-glib2
CPEs
  • cpe:/o:redhat:enterprise_linux:9
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Hardened Images
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
glib2
CPEs
  • cpe:/a:redhat:hummingbird:1
Default Status
unaffected
Metrics
VersionBase scoreBase severityVector
3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Red Hat severity rating
value:
Moderate
namespace:
https://access.redhat.com/security/updates/classification/
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

To mitigate this vulnerability, ensure that applications only connect to trusted D-Bus servers and operate within secure, isolated networks to prevent man-in-the-middle (MitM) attacks. If feasible, configuring the D-Bus connection to strictly require the EXTERNAL authentication mechanism and disabling DBUS_COOKIE_SHA1 will completely neutralize this issue.

Exploits

Credits

Red Hat would like to thank Thepwnisher for reporting this issue.
Timeline
EventDate
Reported to Red Hat.2026-06-24 17:22:00
Made public.2026-04-08 00:00:00
Event: Reported to Red Hat.
Date: 2026-06-24 17:22:00
Event: Made public.
Date: 2026-04-08 00:00:00
Replaced By

Rejected Reason

References
HyperlinkResource
https://access.redhat.com/security/cve/CVE-2026-58015
vdb-entry
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2492256
issue-tracking
x_refsource_REDHAT
https://gitlab.gnome.org/GNOME/glib/-/issues/3931
N/A
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-58015
Resource:
vdb-entry
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2492256
Resource:
issue-tracking
x_refsource_REDHAT
Hyperlink: https://gitlab.gnome.org/GNOME/glib/-/issues/3931
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-22CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Type: CWE
CWE ID: CWE-22
Description: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:30 Jun, 2026 | 13:19
Updated At:02 Jul, 2026 | 02:16

A flaw was found in GLib. The D-Bus client-side implementation of the DBUS_COOKIE_SHA1 SASL authentication mechanism does not validate the cookie_context parameter received from the server. A malicious D-Bus server can supply a cookie_context containing path traversal sequences, causing the client to read an arbitrary file and exfiltrate sensitive data by verifying guessed file contents against a generated hash.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
N/A
Type: Secondary
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

The GNOME Project
gnome
>>glib>>Versions before 2.88.1(exclusive)
cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>6.0
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>7.0
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>8.0
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>9.0
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>10.0
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-22Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-22
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://access.redhat.com/security/cve/CVE-2026-58015secalert@redhat.com
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2492256secalert@redhat.com
Issue Tracking
Third Party Advisory
https://gitlab.gnome.org/GNOME/glib/-/issues/3931secalert@redhat.com
Exploit
Issue Tracking
Vendor Advisory
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-58015
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2492256
Source: secalert@redhat.com
Resource:
Issue Tracking
Third Party Advisory
Hyperlink: https://gitlab.gnome.org/GNOME/glib/-/issues/3931
Source: secalert@redhat.com
Resource:
Exploit
Issue Tracking
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1461Records found

CVE-2016-0752
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-95.54% / 99.86%
||
7 Day CHG~0.00%
Published-16 Feb, 2016 | 02:00
Updated-22 Apr, 2026 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-15||Apply updates per vendor instructions.

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.

Action-Not Available
Vendor-n/aopenSUSERed Hat, Inc.Ruby on RailsSUSEDebian GNU/Linux
Product-debian_linuxrailssoftware_collectionsleaplinux_enterprise_module_for_containersopensusen/aRuby on Rails
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-27489
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.59% / 44.03%
||
7 Day CHG+0.07%
Published-01 Apr, 2026 | 17:33
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ONNX: Path Traversal via Symlink

Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, a path traversal vulnerability via symlink allows to read arbitrary files outside model or user-provided directory. This issue has been patched in version 1.21.0.

Action-Not Available
Vendor-onnxThe Linux FoundationRed Hat, Inc.
Product-onnxonnxRed Hat OpenShift AI 2.25Red Hat OpenShift AI (RHOAI)
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-23
Relative Path Traversal
CWE ID-CWE-61
UNIX Symbolic Link (Symlink) Following
CVE-2026-2614
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-0.70% / 48.48%
||
7 Day CHG-0.04%
Published-11 May, 2026 | 19:02
Updated-02 Jul, 2026 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary File Read via Prompt Tag Source Validation Bypass in mlflow/mlflow

A vulnerability in the `_create_model_version()` handler of `mlflow/server/handlers.py` in mlflow/mlflow versions 3.9.0 and earlier allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem. The issue arises when a `CreateModelVersion` request includes the tag `mlflow.prompt.is_prompt`, which bypasses source path validation. This enables an attacker to store an arbitrary local filesystem path as the model version source. The `get_model_version_artifact_handler()` function later uses this source to serve files without verifying the model version's prompt status, leading to a complete confidentiality compromise. This issue is fixed in version 3.10.0.

Action-Not Available
Vendor-lfprojectsmlflowRed Hat, Inc.
Product-mlflowmlflow/mlflowRed Hat OpenShift AI 3.4Red Hat OpenShift AI (RHOAI)
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-25965
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-0.67% / 47.50%
||
7 Day CHG-0.08%
Published-24 Feb, 2026 | 01:20
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ImageMagick's policy bypass through path traversal allows reading restricted content despite secured policy

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick’s path security policy is enforced on the raw filename string before the filesystem resolves it. As a result, a policy rule such as /etc/* can be bypassed by a path traversal. The OS resolves the traversal and opens the sensitive file, but the policy matcher only sees the unnormalized path and therefore allows the read. This enables local file disclosure (LFI) even when policy-secure.xml is applied. Actions to prevent reading from files have been taken in versions .7.1.2-15 and 6.9.13-40 But it make sure writing is also not possible the following should be added to one's policy. This will also be included in ImageMagick's more secure policies by default.

Action-Not Available
Vendor-ImageMagick Studio LLCRed Hat, Inc.
Product-imagemagickImageMagickRed Hat Enterprise Linux Server Optional (v. 7 ELS)Red Hat Enterprise Linux Server (v. 7 ELS)Red Hat Enterprise Linux 6
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-23536
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.59% / 44.08%
||
7 Day CHG-0.07%
Published-20 Mar, 2026 | 21:58
Updated-30 Jun, 2026 | 12:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Feast: unauthenticated arbitrary file read

A security issue was discovered in the Feast Feature Server's `/read-document` endpoint that allows an unauthenticated remote attacker to read any file accessible to the server process. By sending a specially crafted HTTP POST request, an attacker can bypass intended access restrictions to potentially retrieve sensitive system files, application configurations, and credentials.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat OpenShift AI (RHOAI)Red Hat OpenShift AI (RHOAI)
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-22860
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.66% / 47.24%
||
7 Day CHG+0.11%
Published-18 Feb, 2026 | 18:45
Updated-30 Jun, 2026 | 12:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rack has a Directory Traversal via Rack:Directory

Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, `Rack::Directory`’s path check used a string prefix match on the expanded path. A request like `/../root_example/` can escape the configured root if the target path starts with the root string, allowing directory listing outside the intended root. Versions 2.2.22, 3.1.20, and 3.2.5 fix the issue.

Action-Not Available
Vendor-rackrackRed Hat, Inc.
Product-rackrackRed Hat 3scale API Management Platform 2Red Hat Enterprise Linux 7Logging Subsystem for Red Hat OpenShiftRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-548
Exposure of Information Through Directory Listing
CVE-2026-54293
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.38% / 29.80%
||
7 Day CHG-0.06%
Published-22 Jun, 2026 | 17:25
Updated-02 Jul, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NLTK: URL-Encoded Path Traversal in nltk.data.load() Allows Arbitrary Local File Read

NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.load() in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments when using the nltk: URL scheme. The unsafe-path regex check is performed before url2pathname() decodes the %xx sequences (a classic decode-after-check / TOCTOU-style flaw), allowing an attacker to bypass the protection documented in NLTK's SECURITY.md and read arbitrary files from the filesystem. While literal traversal strings such as ../../../etc/passwd are correctly blocked, encoded variants such as %2fetc%2fpasswd, %2e%2e%2f..., and ..%2f..%2f slip past the regex and are subsequently decoded into a real filesystem path. This vulnerability is fixed in 3.10.0-rc1.

Action-Not Available
Vendor-nltknltkRed Hat, Inc.
Product-nltknltkOpenShift LightspeedRed Hat OpenShift AI (RHOAI)Exploit IntelligenceRed Hat Ansible Automation Platform 2
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-4660
Matching Score-10
Assigner-HashiCorp Inc.
ShareView Details
Matching Score-10
Assigner-HashiCorp Inc.
CVSS Score-7.5||HIGH
EPSS-0.58% / 43.61%
||
7 Day CHG+0.16%
Published-09 Apr, 2026 | 13:47
Updated-30 Jun, 2026 | 12:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Go-getter may allow to arbitrary filesystem reads through git operations

HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This vulnerability, CVE-2026-4660, is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and package.

Action-Not Available
Vendor-HashiCorp, Inc.Red Hat, Inc.
Product-ToolingRed Hat Trusted Artifact SignerRed Hat Trusted Artifact Signer 1.3Red Hat OpenShift Container Platform 4
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-4244
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.35% / 68.02%
||
7 Day CHG~0.00%
Published-25 Sep, 2023 | 19:20
Updated-05 May, 2025 | 14:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Codehaus-plexus: directory traversal

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.

Action-Not Available
Vendor-codehaus-plexusRed Hat, Inc.
Product-plexus-utilsintegration_camel_kRed Hat Software CollectionsA-MQ Clients 2Red Hat support for Spring BootRed Hat Process Automation 7Red Hat JBoss Fuse 7Red Hat A-MQ OnlineRed Hat JBoss Web Server 3Red Hat Enterprise Linux 9Red Hat Data Grid 8Red Hat JBoss Data Grid 7Red Hat build of Apache Camel for Spring BootRed Hat JBoss A-MQ 7Red Hat JBoss Fuse Service Works 6Red Hat OpenShift Application RuntimesRed Hat Enterprise Linux 8Red Hat Integration Service RegistryRed Hat Enterprise Linux 7Red Hat Integration Camel QuarkusRHPAM 7.13.1 asyncRed Hat JBoss Enterprise Application Platform Expansion PackRed Hat Integration Change Data CaptureRed Hat JBoss Enterprise Application Platform 7RHINT Camel-K-1.10.1Red Hat Decision Manager 7Red Hat JBoss Fuse 6Red Hat build of QuarkusRed Hat Single Sign-On 7Red Hat JBoss Web Server 5Red Hat JBoss Enterprise Application Platform 6
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-0847
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-0.92% / 56.03%
||
7 Day CHG+0.18%
Published-04 Mar, 2026 | 18:25
Updated-30 Jun, 2026 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Path Traversal in nltk/nltk

A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properly sanitize or validate file paths, enabling attackers to traverse directories and access sensitive files on the server. This issue is particularly critical in scenarios where user-controlled file inputs are processed, such as in machine learning APIs, chatbots, or NLP pipelines. Exploitation of this vulnerability can lead to unauthorized access to sensitive files, including system files, SSH private keys, and API tokens, and may potentially escalate to remote code execution when combined with other vulnerabilities.

Action-Not Available
Vendor-nltknltkRed Hat, Inc.
Product-nltknltk/nltkRed Hat Ansible Automation Platform 2Red Hat OpenShift AI (RHOAI)Red Hat OpenShift AI 3.3Red Hat OpenShift AI 2.25OpenShift LightspeedLightspeed Core
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-34070
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-1.18% / 63.77%
||
7 Day CHG+0.10%
Published-31 Mar, 2026 | 02:01
Updated-30 Jun, 2026 | 12:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LangChain Core has Path Traversal vulnerabilites in legacy `load_prompt` functions

LangChain is a framework for building agents and LLM-powered applications. Prior to version 1.2.22, multiple functions in langchain_core.prompts.loading read files from paths embedded in deserialized config dicts without validating against directory traversal or absolute path injection. When an application passes user-influenced prompt configurations to load_prompt() or load_prompt_from_config(), an attacker can read arbitrary files on the host filesystem, constrained only by file-extension checks (.txt for templates, .json/.yaml for examples). This issue has been patched in version 1.2.22.

Action-Not Available
Vendor-langchainlangchain-aiRed Hat, Inc.
Product-langchain_corelangchainOpenShift LightspeedRed Hat Ansible Automation Platform 2Red Hat OpenShift AI (RHOAI)Red Hat Ansible Automation Platform 2.5
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2014-0130
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-53.70% / 98.87%
||
7 Day CHG~0.00%
Published-07 May, 2014 | 10:00
Updated-21 Apr, 2026 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-15||Apply updates per vendor instructions.

Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request.

Action-Not Available
Vendor-n/aRed Hat, Inc.Ruby on Rails
Product-enterprise_linux_serverrailssubscription_asset_managern/aRuby on Rails
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-68428
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-9.2||CRITICAL
EPSS-2.06% / 78.98%
||
7 Day CHG+0.78%
Published-05 Jan, 2026 | 21:43
Updated-30 Jun, 2026 | 12:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
jsPDF has Local File Inclusion/Path Traversal vulnerability

jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.0.0, user control of the first argument of the loadFile method in the node.js build allows local file inclusion/path traversal. If given the possibility to pass unsanitized paths to the loadFile method, a user can retrieve file contents of arbitrary files in the local file system the node process is running in. The file contents are included verbatim in the generated PDFs. Other affected methods are `addImage`, `html`, and `addFont`. Only the node.js builds of the library are affected, namely the `dist/jspdf.node.js` and `dist/jspdf.node.min.js` files. The vulnerability has been fixed in jsPDF@4.0.0. This version restricts file system access per default. This semver-major update does not introduce other breaking changes. Some workarounds areavailable. With recent node versions, jsPDF recommends using the `--permission` flag in production. The feature was introduced experimentally in v20.0.0 and is stable since v22.13.0/v23.5.0/v24.0.0. For older node versions, sanitize user-provided paths before passing them to jsPDF.

Action-Not Available
Vendor-parallparallaxRed Hat, Inc.
Product-jspdfjsPDFRed Hat Advanced Cluster Security for Kubernetes 4.8Red Hat Advanced Cluster Security 4Red Hat Advanced Cluster Security for Kubernetes 4.9
CWE ID-CWE-35
Path Traversal: '.../...//'
CWE ID-CWE-73
External Control of File Name or Path
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-1699
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.09% / 79.35%
||
7 Day CHG~0.00%
Published-21 Apr, 2020 | 15:27
Updated-04 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0. An unauthenticated attacker could use this flaw to cause information disclosure on the host machine running the Ceph dashboard.

Action-Not Available
Vendor-The Ceph ProjectRed Hat, Inc.The Linux Foundation
Product-ceph_storagecephceph
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-14366
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.36% / 68.35%
||
7 Day CHG~0.00%
Published-09 Nov, 2020 | 16:50
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw

Action-Not Available
Vendor-Red Hat, Inc.
Product-keycloakkeycloak
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-5418
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-98.51% / 99.91%
||
7 Day CHG~0.00%
Published-27 Mar, 2019 | 13:38
Updated-30 Oct, 2025 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-07-28||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.

Action-Not Available
Vendor-openSUSERed Hat, Inc.Ruby on RailsFedora ProjectDebian GNU/Linux
Product-cloudformssoftware_collectionsdebian_linuxfedorarailsleaphttps://github.com/rails/railsRuby on Rails
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-3816
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-14.74% / 96.26%
||
7 Day CHG~0.00%
Published-14 Mar, 2019 | 00:00
Updated-04 Aug, 2024 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server.

Action-Not Available
Vendor-openwsman_project[UNKNOWN]Red Hat, Inc.openSUSEFedora Project
Product-enterprise_linux_serverenterprise_linux_server_eusenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxfedoraopenwsmanenterprise_linux_eusenterprise_linux_server_tusenterprise_linux_desktopleapopenwsman
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-45691
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.53% / 41.11%
||
7 Day CHG+0.02%
Published-05 Mar, 2026 | 00:00
Updated-30 Jun, 2026 | 03:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrieved_contexts parameter when handling multimodal inputs.

Action-Not Available
Vendor-vibrantlabsain/aRed Hat, Inc.
Product-ragasn/aRed Hat OpenShift AI (RHOAI)
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2018-1048
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.60% / 72.83%
||
7 Day CHG~0.00%
Published-24 Jan, 2018 | 23:00
Updated-05 Aug, 2024 | 03:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOW_ENCODED_SLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbitrary local files.

Action-Not Available
Vendor-Red Hat, Inc.
Product-jboss_enterprise_application_platformundertow as shipped in Jboss EAP 7.1.0.GA
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-116
Improper Encoding or Escaping of Output
CVE-2026-32981
Matching Score-10
Assigner-VulnCheck
ShareView Details
Matching Score-10
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.93% / 56.20%
||
7 Day CHG+0.24%
Published-17 Mar, 2026 | 19:33
Updated-30 Jun, 2026 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ray Dashboard <= 2.8.0 Path Traversal Leading to Local File Disclosure

A path traversal vulnerability was identified in Ray Dashboard (default port 8265) in Ray versions prior to 2.8.1. Due to improper validation and sanitization of user-supplied paths in the static file handling mechanism, an attacker can use traversal sequences (e.g., ../) to access files outside the intended static directory, resulting in local file disclosure.

Action-Not Available
Vendor-anyscaleray-projectRed Hat, Inc.
Product-rayRayRed Hat OpenShift AI (RHOAI)Red Hat OpenShift AI 3.3Red Hat OpenShift AI 2.25Red Hat AI Inference Server 3.2Red Hat Enterprise Linux AI (RHEL AI) 3
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-1616
Matching Score-10
Assigner-74b3a70d-cca6-4d34-9789-e83b222ae3be
ShareView Details
Matching Score-10
Assigner-74b3a70d-cca6-4d34-9789-e83b222ae3be
CVSS Score-7.5||HIGH
EPSS-0.46% / 36.69%
||
7 Day CHG~0.00%
Published-29 Jan, 2026 | 13:38
Updated-10 Mar, 2026 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
osim: Path Traversal via query parameters in Nginx configuration

The $uri$args concatenation in nginx configuration file present in Open Security Issue Management (OSIM) prior v2025.9.0 allows path traversal attacks via query parameters.

Action-Not Available
Vendor-Red Hat, Inc.
Product-open_security_issue_managementosim
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2010-0013
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-12.50% / 95.73%
||
7 Day CHG~0.00%
Published-09 Jan, 2010 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon.

Action-Not Available
Vendor-adiumn/aopenSUSESUSERed Hat, Inc.Fedora ProjectPidgin
Product-adiumlinux_enterpriseopensuselinux_enterprise_serverfedorapidginenterprise_linuxn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-0846
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-0.43% / 34.40%
||
7 Day CHG+0.07%
Published-09 Mar, 2026 | 19:19
Updated-30 Jun, 2026 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary File Read via Absolute Path Input in nltk.util.filestring()

A vulnerability in the `filestring()` function of the `nltk.util` module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by providing absolute paths or traversal paths. This vulnerability can be exploited locally or remotely, particularly in scenarios where the function is used in web APIs or other interfaces that accept user-supplied input.

Action-Not Available
Vendor-nltknltkRed Hat, Inc.
Product-nltknltk/nltkRed Hat Ansible Automation Platform 2Red Hat OpenShift AI (RHOAI)Red Hat OpenShift AI 3.3Red Hat OpenShift AI 2.25OpenShift LightspeedLightspeed Core
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-36
Absolute Path Traversal
CVE-2023-4503
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.72% / 49.40%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 08:39
Updated-02 Aug, 2024 | 07:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Eap-galleon: custom provisioning creates unsecured http-invoker

An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server.

Action-Not Available
Vendor-Red Hat, Inc.
Product-jboss_enterprise_application_platformenterprise_linuxjboss_enterprise_application_platform_expansion_packRed Hat JBoss Enterprise Application Platform 7.4 on RHEL 7Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9Red Hat JBoss Enterprise Application Platform Expansion PackEAP 7.4.14
CWE ID-CWE-665
Improper Initialization
CVE-2012-1156
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.14% / 79.80%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 16:01
Updated-06 Aug, 2024 | 18:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Moodle before 2.2.2 has users' private files included in course backups

Action-Not Available
Vendor-Moodle Pty LtdRed Hat, Inc.Fedora Project
Product-enterprise_linuxfedoramoodleMoodle
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2015-5184
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.23% / 65.31%
||
7 Day CHG~0.00%
Published-25 Sep, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Console: CORS headers set to allow all in Red Hat AMQ.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-amqjboss_enterprise_web_servern/a
CVE-2010-4657
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.54% / 71.86%
||
7 Day CHG~0.00%
Published-13 Nov, 2019 | 20:06
Updated-07 Aug, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output.

Action-Not Available
Vendor-The PHP GroupRed Hat, Inc.Debian GNU/Linux
Product-phpdebian_linuxenterprise_linuxphp5
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2015-5183
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.20% / 80.38%
||
7 Day CHG~0.00%
Published-25 Sep, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-amqjboss_enterprise_web_serverjboss_a-mqn/a
CVE-2026-4424
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.88% / 54.74%
||
7 Day CHG~0.00%
Published-19 Mar, 2026 | 13:50
Updated-30 Jun, 2026 | 12:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing

A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.

Action-Not Available
Vendor-libarchiveRed Hat, Inc.
Product-openshift_container_platform_for_arm64enterprise_linuxlibarchiveenterprise_linux_server_ausopenshift_container_platform_for_poweropenshift_container_platformhardened_imagesRed Hat AI Inference Server 3.2RHEL-8 based Middleware ContainersRed Hat Hardened ImagesRed Hat Enterprise Linux 10Red Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 6Red Hat OpenShift Container Platform 4.12Red Hat OpenShift Container Platform 4.14Red Hat Update Infrastructure 5Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat OpenShift Container Platform 4.17Red Hat OpenShift Container Platform 4.13Red Hat Insights proxy 1.5Red Hat OpenShift Container Platform 4.19Red Hat OpenShift Container Platform 4.18Red Hat OpenShift Container Platform 4.16Red Hat Discovery 2Red Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 10.0 Extended Update SupportRed Hat OpenShift Container Platform 4.15Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat AI Inference Server 3.3Red Hat Enterprise Linux BaseOS AUS (v.8.6)Red Hat Enterprise Linux CRB (v. 8)Red Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux BaseOS E4S (v.8.6)Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat AI Inference Server 3.2Red Hat Enterprise Linux BaseOS E4S (v.8.8)Red Hat Hardened ImagesRed Hat Enterprise Linux BaseOS AUS (v. 8.2)Red Hat Enterprise Linux Server (v. 7 ELS)Red Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream (v. 10)Red Hat OpenShift Container Platform 4.12Red Hat Enterprise Linux BaseOS (v. 10)Red Hat Enterprise Linux Server Optional (v. 7 ELS)Red Hat OpenShift Container Platform 4.14Red Hat Update Infrastructure 5Red Hat Enterprise Linux BaseOS AUS (v.8.4)Middleware Containers for OpenShiftRed Hat OpenShift Container Platform 4.17Red Hat OpenShift Container Platform 4.13Red Hat Enterprise Linux BaseOS E4S (v.9.2)Red Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat Enterprise Linux BaseOS EUS (v.9.4)Red Hat Insights proxy 1.5Red Hat OpenShift Container Platform 4.19Red Hat Enterprise Linux BaseOS (v. 8)Red Hat OpenShift Container Platform 4.18Red Hat OpenShift Container Platform 4.16Red Hat Discovery 2Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux BaseOS E4S (v.9.0)Red Hat CodeReady Linux Builder EUS (v.9.4)Red Hat OpenShift Container Platform 4.15Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Enterprise Linux BaseOS EUS (v. 10.0)Red Hat Enterprise Linux BaseOS (v. 9)Red Hat Enterprise Linux BaseOS TUS (v.8.6)Red Hat Enterprise Linux BaseOS EUS (v.9.6)Red Hat Enterprise Linux BaseOS TUS (v.8.8)Red Hat Enterprise Linux AppStream E4S (v.9.0)Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)Red Hat AI Inference Server 3.3
CWE ID-CWE-125
Out-of-bounds Read
CVE-2015-5317
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-22.43% / 97.41%
||
7 Day CHG~0.00%
Published-25 Nov, 2015 | 20:00
Updated-22 Apr, 2026 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-06-02||Apply updates per vendor instructions.

The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request.

Action-Not Available
Vendor-n/aRed Hat, Inc.Jenkins
Product-jenkinsopenshiftn/aJenkins User Interface (UI)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-40975
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-4.8||MEDIUM
EPSS-0.31% / 23.06%
||
7 Day CHG+0.10%
Published-27 Apr, 2026 | 23:32
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Values produced by ${random.value} are not suitable for use as secrets. ${random.uuid} is not affected. ${random.int} and ${random.long} should never be used for secrets as they are numeric values with a predictable range. Affected: Spring Boot 4.0.0–4.0.5 (fix 4.0.6), 3.5.0–3.5.13 (fix 3.5.14), 3.4.0–3.4.15 (fix 3.4.16), 3.3.0–3.3.18 (fix 3.3.19), 2.7.0–2.7.32 (fix 2.7.33); random value property source / weak PRNG for secrets. Versions that are no longer supported are also affected per vendor advisory.

Action-Not Available
Vendor-VMware (Broadcom Inc.)Red Hat, Inc.
Product-spring_bootSpring BootRed Hat build of Apache Camel 4.18.1 for Spring Boot 3.5.14Red Hat build of OptaPlanner 8Red Hat AMQ ClientsRed Hat AMQ Broker 7Red Hat Single Sign-On 7Red Hat JBoss Enterprise Application Platform 7Red Hat Data Grid 8.6.1Red Hat Enterprise Linux 9Red Hat Process Automation 7Red Hat Enterprise Linux 8Red Hat OpenShift Dev Spaces 3.28Red Hat Fuse 7Red Hat JBoss Enterprise Application Platform 8Red Hat JBoss Enterprise Application Platform Expansion PackHawtIO HawtIO 4.4.0
CWE ID-CWE-330
Use of Insufficiently Random Values
CWE ID-CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CVE-2026-33216
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-0.36% / 28.53%
||
7 Day CHG+0.09%
Published-25 Mar, 2026 | 19:41
Updated-30 Jun, 2026 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NATS has MQTT plaintext password disclosure

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, for MQTT deployments using usercodes/passwords: MQTT passwords are incorrectly classified as a non-authenticating identity statement (JWT) and exposed via monitoring endpoints. Versions 2.11.14 and 2.12.6 contain a fix. As a workaround, ensure monitoring end-points are adequately secured. Best practice remains to not expose the monitoring endpoint to the Internet or other untrusted network users.

Action-Not Available
Vendor-nats-ioThe Linux FoundationRed Hat, Inc.
Product-nats-servernats-serverMulticluster Global Hub 1.4.5Multicluster Global Hub 1.6.2Red Hat OpenShift Container Platform 4Multicluster Global Hub 1.5.4
CWE ID-CWE-213
Exposure of Sensitive Information Due to Incompatible Policies
CWE ID-CWE-256
Plaintext Storage of a Password
CVE-2019-16056
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.37% / 91.66%
||
7 Day CHG~0.00%
Published-06 Sep, 2019 | 17:24
Updated-05 Aug, 2024 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSERed Hat, Inc.Python Software FoundationOracle CorporationDebian GNU/LinuxFedora Project
Product-ubuntu_linuxcommunications_operations_monitordebian_linuxpeoplesoft_enterprise_peopletoolssoftware_collectionssolarisfedorazfs_storage_appliance_kitpythonleapn/a
CVE-2017-15275
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-21.41% / 97.30%
||
7 Day CHG~0.00%
Published-27 Nov, 2017 | 22:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.

Action-Not Available
Vendor-n/aCanonical Ltd.SambaRed Hat, Inc.Debian GNU/Linux
Product-debian_linuxubuntu_linuxenterprise_linux_workstationenterprise_linux_serverenterprise_linux_desktopsamban/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2026-30951
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.42% / 34.01%
||
7 Day CHG+0.04%
Published-10 Mar, 2026 | 20:22
Updated-30 Jun, 2026 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sequelize v6 Vulnerable to SQL Injection via JSON Column Cast Type

Sequelize is a Node.js ORM tool. Prior to 6.37.8, there is SQL injection via unescaped cast type in JSON/JSONB where clause processing. The _traverseJSON() function splits JSON path keys on :: to extract a cast type, which is interpolated raw into CAST(... AS <type>) SQL. An attacker who controls JSON object keys can inject arbitrary SQL and exfiltrate data from any table. This vulnerability is fixed in 6.37.8.

Action-Not Available
Vendor-sequelizejssequelizeRed Hat, Inc.
Product-sequelizesequelizeRed Hat Satellite 6.18Red Hat Enterprise Linux 10Confidential Compute AttestationRed Hat Enterprise Linux 9
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-28905
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.41% / 32.94%
||
7 Day CHG+0.10%
Published-11 May, 2026 | 20:08
Updated-30 Jun, 2026 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.

Action-Not Available
Vendor-Red Hat, Inc.Apple Inc.
Product-tvosiphone_osmacosipadosvisionosSafarivisionOSmacOStvOSiOS and iPadOSRed Hat Enterprise Linux Server Optional (v. 7 ELS)Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Enterprise Linux 7Red Hat Enterprise Linux AppStream E4S (v.9.4)Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat Enterprise Linux AppStream E4S (v.8.8)Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux AppStream AUS (v.8.4)Red Hat Enterprise Linux Server (v. 7 ELS)Red Hat Enterprise Linux 6
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-3296
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.41% / 33.36%
||
7 Day CHG~0.00%
Published-04 Apr, 2024 | 13:47
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rust-openssl: timing based side-channel can lead to a bleichenbacher style attack

A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages for decryption. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 9Red Hat Enterprise Linux 8
CWE ID-CWE-208
Observable Timing Discrepancy
CVE-2022-1278
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.72% / 49.45%
||
7 Day CHG~0.00%
Published-13 Sep, 2022 | 13:38
Updated-02 Aug, 2024 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-single_sign-onintegration_service_registryintegration_camel_kjboss_enterprise_application_platform_expansion_packamqjboss_a-mqwildflyamq_onlineWildFly
CWE ID-CWE-1188
Initialization of a Resource with an Insecure Default
CVE-2017-10115
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-2.74% / 84.33%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle CorporationPhoenix Contact GmbH & Co. KGRed Hat, Inc.Debian GNU/LinuxNetApp, Inc.
Product-jrockitdebian_linuxfl_mguard_dmjreenterprise_linux_server_tusoncommand_performance_managerenterprise_linux_desktopstorage_replication_adapter_for_clustered_data_ontaponcommand_balancevasa_provider_for_clustered_data_ontapenterprise_linux_server_ausoncommand_unified_manageroncommand_insightplug-in_for_symantec_netbackupsteelstore_cloud_integrated_storageactive_iq_unified_managersnapmanagersatellitejdkenterprise_linux_serverenterprise_linux_workstationoncommand_shiftvirtual_storage_consolee-series_santricity_storage_managerenterprise_linux_euscloud_backupe-series_santricity_os_controllerelement_softwareJava
CVE-2026-24308
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-6.5||MEDIUM
EPSS-1.15% / 62.87%
||
7 Day CHG+0.04%
Published-07 Mar, 2026 | 08:51
Updated-03 Jul, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache ZooKeeper: Sensitive information disclosure in client configuration handling

Improper handling of configuration values in ZKConfig in Apache ZooKeeper 3.8.5 and 3.9.4 on all platforms allows an attacker to expose sensitive information stored in client configuration in the client's logfile. Configuration values are exposed at INFO level logging rendering potential production systems affected by the issue. Users are recommended to upgrade to version 3.8.6 or 3.9.5 which fixes this issue.

Action-Not Available
Vendor-Red Hat, Inc.The Apache Software Foundation
Product-zookeeperApache ZooKeeperRed Hat build of Debezium 2Red Hat Fuse 7Red Hat AMQ Broker 7.12.7Streams for Apache Kafka 2.9.4Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat build of Apache Camel for Spring Boot 4Red Hat Data Grid 8streams for Apache Kafka 3Red Hat build of Debezium 3Red Hat JBoss Enterprise Application Platform 7Red Hat AMQ Broker 7.14.0Red Hat AMQ Broker 7.13.5Red Hat OpenShift AI 2.25Red Hat Offline Knowledge PortalRed Hat JBoss Enterprise Application Platform 8Red Hat OpenShift AI (RHOAI)
CWE ID-CWE-117
Improper Output Neutralization for Logs
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2017-1002151
Matching Score-8
Assigner-Fedora Project
ShareView Details
Matching Score-8
Assigner-Fedora Project
CVSS Score-7.5||HIGH
EPSS-1.06% / 60.55%
||
7 Day CHG~0.00%
Published-14 Sep, 2017 | 13:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization

Action-Not Available
Vendor-Pagure ProjectRed Hat, Inc.
Product-pagurePagure
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-862
Missing Authorization
CVE-2016-9446
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
CVSS Score-7.5||HIGH
EPSS-3.57% / 87.95%
||
7 Day CHG~0.00%
Published-23 Jan, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas.

Action-Not Available
Vendor-gstreamern/aFedora ProjectRed Hat, Inc.
Product-enterprise_linux_serverenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktopgstreamerfedoraenterprise_linux_server_ausenterprise_linux_eusn/a
CWE ID-CWE-665
Improper Initialization
CVE-2014-6275
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-5.9||MEDIUM
EPSS-0.94% / 56.69%
||
7 Day CHG~0.00%
Published-02 Jan, 2020 | 21:13
Updated-06 Aug, 2024 | 12:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FusionForge before 5.3.2 use scripts that run under the shared Apache user, which is also used by project homepages by default. If project webpages are hosted on the same server than FusionForge, it can allow users to incorrectly access on-disk private data in FusionForge.

Action-Not Available
Vendor-fusionforgeDebian GNU/LinuxRed Hat, Inc.
Product-fusionforgedebian_linuxFusionForge
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-39176
Matching Score-8
Assigner-Fedora Project
ShareView Details
Matching Score-8
Assigner-Fedora Project
CVSS Score-5.8||MEDIUM
EPSS-0.66% / 47.17%
||
7 Day CHG~0.00%
Published-18 Nov, 2024 | 09:50
Updated-06 Aug, 2025 | 13:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel: ksmbd: transform header out-of-bounds read information disclosure vulnerability

A flaw was found within the parsing of SMB2 requests that have a transform header in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on affected installations of Linux. Only systems with ksmbd enabled are vulnerable to this CVE.

Action-Not Available
Vendor-Linux Kernel Organization, IncRed Hat, Inc.
Product-linux_kernelRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-2467
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.52% / 40.12%
||
7 Day CHG~0.00%
Published-25 Apr, 2024 | 16:45
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Perl-crypt-openssl-rsa: side-channel attack in pkcs#1 v1.5 padding mode (marvin attack)

A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 6openssl
CWE ID-CWE-208
Observable Timing Discrepancy
CVE-2016-6489
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-7.5||HIGH
EPSS-5.01% / 91.19%
||
7 Day CHG-0.04%
Published-14 Apr, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack.

Action-Not Available
Vendor-nettle_projectn/aCanonical Ltd.Red Hat, Inc.
Product-nettleubuntu_linuxenterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktopenterprise_linux_hpc_noden/a
CWE ID-CWE-203
Observable Discrepancy
CVE-2024-5148
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.57% / 42.96%
||
7 Day CHG~0.00%
Published-02 Sep, 2024 | 11:03
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gnome-remote-desktop: inadequate validation of session agents using d-bus methods may expose rdp tls certificate

A flaw was found in the gnome-remote-desktop package. The gnome-remote-desktop system daemon performs inadequate validation of session agents using D-Bus methods related to transitioning a client connection from the login screen to the user session. As a result, the system RDP TLS certificate and key can be exposed to unauthorized users. This flaw allows a malicious user on the system to take control of the RDP client connection during the login screen-to-user session transition.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9
CWE ID-CWE-488
Exposure of Data Element to Wrong Session
CVE-2026-22016
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.70% / 48.73%
||
7 Day CHG+0.34%
Published-21 Apr, 2026 | 20:35
Updated-30 Jun, 2026 | 12:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle CorporationRed Hat, Inc.
Product-graalvm_for_jdkjrejdkgraalvmOracle GraalVM for JDKOracle Java SEOracle GraalVM Enterprise EditionRed Hat Enterprise Linux CRB (v. 8)Red Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat OpenJDK 11 ELS for RHEL 9Red Hat Hardened ImagesRed Hat Enterprise Linux Supplementary (v. 10)Red Hat Enterprise Linux Server (v. 7 ELS)Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)Red Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream (v. 10)Red Hat Build of OpenJDK 21.0.11Red Hat Enterprise Linux Server Optional (v. 7 ELS)Temurin Build of OpenJDK 25.0.3Red Hat Enterprise Linux Supplementary EUS (v. 10.0)Red Hat OpenJDK 11 ELS for RHEL 7Red Hat Enterprise Linux AppStream TUS (v.8.6)Red Hat Enterprise Linux AppStream EUS (v.9.4)OPENJDK ELS 11.0.31Red Hat Build of OpenJDK 25.0.3Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)Red Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.6)Red Hat Enterprise Linux 7Red Hat Enterprise Linux Supplementary EUS (v.10.2)Red Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat OpenJDK 11 ELS for RHEL 8Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux AppStream (v. 9)Red Hat CodeReady Linux Builder EUS (v.9.4)Red Hat Build of OpenJDK 17.0.19Red Hat Build of OpenJDK 8u492Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Enterprise Linux AppStream AUS (v. 8.2)Red Hat Enterprise Linux Supplementary (v. 8)Red Hat Enterprise Linux AppStream E4S (v.8.8)Red Hat CodeReady Linux Builder EUS (v.9.6)Red Hat Build of OpenJDK 17.0.9Red Hat Enterprise Linux AppStream AUS (v.8.4)Red Hat Enterprise Linux AppStream E4S (v.9.0)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-502
Deserialization of Untrusted Data
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2024-5037
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.81% / 52.54%
||
7 Day CHG~0.00%
Published-05 Jun, 2024 | 18:03
Updated-30 Apr, 2026 | 10:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Openshift/telemeter: iss check during jwt authentication can be bypassed

A flaw was found in OpenShift's Telemeter. If certain conditions are in place, an attacker can use a forged token to bypass the issue ("iss") check during JSON web token (JWT) authentication.

Action-Not Available
Vendor-Red Hat, Inc.
Product-openshift_container_platformopenshift_distributed_tracingRed Hat OpenShift distributed tracing 3Red Hat OpenShift Container Platform 4.13Red Hat OpenShift Container Platform 4.15Logging Subsystem for Red Hat OpenShiftRed Hat OpenShift Container Platform 4.14Red Hat OpenShift distributed tracing 2Red Hat OpenShift Container Platform 4.12Red Hat OpenShift Container Platform 4.16
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2014-1487
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-2.33% / 81.50%
||
7 Day CHG~0.00%
Published-06 Feb, 2014 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSESUSERed Hat, Inc.Mozilla CorporationDebian GNU/LinuxFedora Project
Product-thunderbirdsuse_linux_enterprise_software_development_kitdebian_linuxubuntu_linuxseamonkeyenterprise_linux_server_tusenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_server_ausfedorafirefoxenterprise_linux_serverenterprise_linux_workstationsuse_linux_enterprise_serverenterprise_linux_eussuse_linux_enterprise_desktopopensusen/a
CWE ID-CWE-346
Origin Validation Error
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 29
  • 30
  • Next
Details not found