Red Hat

650 tracked vulnerabilities.

CVE-2026-9149 MEDIUM
Libsolv: heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file
May 21, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-9150 MEDIUM
Libsolv: stack-based buffer overflow in libsolv's debian metadata parser when handling sha384/sha512 checksums
May 20, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-9087 MEDIUM
Keycloak: cross-session email verification proof not bound to upstream identity in first-broker-login
May 20, 2026
CVSS 6.4
EPSS 0.00
CVE-2026-9064 HIGH
Red Hat Directory Server - LDAP Controls Denial of Service
May 20, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-7571 HIGH
Keycloak: keycloak: access token disclosure and implicit flow bypass via forged client data
May 19, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-7507 HIGH
Org.keycloak/keycloak-services: session fixation in oidc login flow that can lead to account takeover
May 19, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-7504 HIGH
Org.keycloak/keycloak-services: open redirect when using wildcard valid redirect uris in keycloak
May 19, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-7307 HIGH
Keycloak: keycloak: denial of service via specially crafted saml input
May 19, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-4630 MEDIUM
Keycloak: keycloak: unauthorized resource access and data modification via insecure direct object reference
May 19, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-37982 MEDIUM
Keycloak: org.keycloak.authentication: keycloak: unauthorized account takeover via webauthn token replay
May 19, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-37981 MEDIUM
Keycloak: org.keycloak.authorization: keycloak: information disclosure via broken access control in user lookup endpoint
May 19, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-37979 MEDIUM
Keycloak: keycloak: information disclosure via oidc token introspection endpoint audience bypass
May 19, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-37978 MEDIUM
Keycloak: org.keycloak.services: keycloak: information disclosure via evaluate-scopes admin api
May 19, 2026
CVSS 4.9
EPSS 0.00
CVE-2026-8922 MEDIUM
Org.keycloak/keycloak-services: keycloak: org.keycloak.protocol.oidc: security flaw in org.keycloak/keycloak-services
May 19, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-8830 MEDIUM
Keycloak: org.keycloak/keycloak-services: keycloak: policy bypass during webauthn credential registration via client-side javascript manipulation
May 19, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-42009 HIGH
Gnutls: gnutls: denial of service via dtls packet reordering vulnerability
May 18, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-4802 HIGH
Cockpit: cockpit: arbitrary command execution via crafted links in system logs ui
May 11, 2026
CVSS 8.0
EPSS 0.00
CVE-2026-42011 HIGH
Gnutls: gnutls: security bypass due to incorrect name constraint handling
May 07, 2026
CVSS 7.4
EPSS 0.00
CVE-2026-42010 HIGH
Gnutls: gnutls: authentication bypass via nul character in username
May 07, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-6420 MEDIUM
Keylime: keylime: security bypass due to hardcoded tpm quote nonce
May 06, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-34956 MEDIUM
Openvswitch: open vswitch: denial of service via malformed ftp epasv command
May 05, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-34002 MEDIUM
X.Org X Server Xwayland - XKB Modifier Map Out-of-Bounds Read
May 05, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-34000 MEDIUM
X.Org X Server Xwayland - XKB Geometry Out-of-Bounds Read
May 05, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-6266 HIGH
Aap-controller: aap-gateway: account hijacking and unauthorized access via unverified email linking
May 04, 2026
CVSS 8.3
EPSS 0.00
CVE-2026-33846 HIGH
Gnutls: gnutls: denial of service via heap buffer overflow in dtls handshake fragment reassembly
May 04, 2026
CVSS 7.5
EPSS 0.00
Products
Red Hat Enterprise Linux 9 370 Red Hat Enterprise Linux 8 363 Red Hat Enterprise Linux 10 309 Red Hat Enterprise Linux 7 286 Red Hat Enterprise Linux 6 279 Red Hat OpenShift Container Platform 4 147 Red Hat Enterprise Linux 9.4 Extended Update Support 104 Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support 91 Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions 88 Red Hat Enterprise Linux 8.6 Telecommunications Update Service 83 Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions 83 Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support 82 Red Hat Enterprise Linux 8.2 Advanced Update Support 81 Red Hat Enterprise Linux 7 Extended Lifecycle Support 65 Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions 64 Red Hat Hardened Images 62 Red Hat Enterprise Linux 9.2 Extended Update Support 60 Red Hat Build of Keycloak 59 Red Hat JBoss Enterprise Application Platform 8 58 Red Hat Enterprise Linux 8.8 Extended Update Support 53 Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions 52 Red Hat JBoss Enterprise Application Platform Expansion Pack 50 Red Hat Enterprise Linux 8.8 Telecommunications Update Service 49 Red Hat Single Sign-On 7 48 Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On 46 Red Hat build of Keycloak 26.4 41 Red Hat Enterprise Linux 8.4 Telecommunications Update Service 38 Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions 38 Red Hat OpenShift Container Platform 4.14 37 Red Hat OpenShift Container Platform 4.16 37
Quick Filters
Critical CVEs With Exploits In CISA KEV