Red Hat

917 tracked vulnerabilities.

CVE-2026-14164 HIGH
Libarchive RAR5 Reader - Double Free Denial of Service
Jun 30, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-13757 MEDIUM
P11-kit: stack exhaustion via unbounded recursion in rpc attribute parsing
Jun 29, 2026
CVSS 6.2
EPSS 0.00
CVE-2026-12912 HIGH
Libtiff: libtiff: heap-based buffer overflow via crafted pixarlog-compressed tiff image
Jun 29, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-12856 HIGH
Red Hat OpenShift Dev Spaces vscode-java Javadoc Hover - Command Injection
Jun 29, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-13601 HIGH
Yelp yelp-xsl - Host File Disclosure via Flatpak OpenURI
Jun 29, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-57966 MEDIUM
Spice-vdagent: path traversal in file transfer via unsanitized filename
Jun 29, 2026
CVSS 4.4
EPSS 0.00
CVE-2026-57965 MEDIUM
Spice-vdagent: integer overflow in udscs_write() leading to heap buffer overflow
Jun 29, 2026
CVSS 5.1
EPSS 0.00
CVE-2026-13595 MEDIUM
Util-linux: util-linux: heap use-after-free in libblkid nested partition probing
Jun 29, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-13434 MEDIUM
Red Hat OpenShift Virtualization KubeVirt - Multus Network Annotation Injection
Jun 26, 2026
CVSS 4.9
EPSS 0.00
CVE-2026-13325 HIGH
Virt-handler-rhel9: kubevirt: kubevirt: disabletls migration setting removes authentication, exposing unauthenticated virtqemud proxy on all interfaces
Jun 26, 2026
CVSS 8.5
EPSS 0.00
CVE-2026-13322 LOW
Kubevirt: virt-handler-rhel9: kubevirt: unbounded virtio-serial readline in virt-handler causes oom denial of service
Jun 26, 2026
CVSS 3.8
EPSS 0.00
CVE-2026-13318 MEDIUM
Virt-api-rhel9: kubevirt: kubevirt: ssrf in virt-api port-forward via unvalidated guest-agent-reported ip
Jun 26, 2026
CVSS 6.4
EPSS 0.00
CVE-2026-13218 MEDIUM
Kubevirt: kubevirt: symlink following in writetocachedfile allows host file overwrite from virt-launcher
Jun 26, 2026
CVSS 4.2
EPSS 0.00
CVE-2026-13083 MEDIUM
Pen-drive: pen-drive: stored xss via unescaped cluster data in html report
Jun 26, 2026
CVSS 6.9
EPSS 0.00
CVE-2026-12993 MEDIUM
Apicurio/apicurio-registry: apicurio-registry: xml entity-expansion denial of service via internal dtd subset
Jun 26, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-12992 HIGH
Apicurio/apicurio-registry: apicurio-registry: ssrf via wsdl4j import dereference in wsdl full validation
Jun 25, 2026
CVSS 7.4
EPSS 0.00
CVE-2026-12975 HIGH
Red Hat Apicurio Registry 3 - XML External Entity Server-Side Request Forgery
Jun 25, 2026
CVSS 8.5
EPSS 0.00
CVE-2026-11800 HIGH
Org.keycloak:keycloak-services: keycloak: authentication bypass via jwt algorithm confusion
Jun 25, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-9800 HIGH
Keycloak: keycloak policy enforcer: authorization bypass via incorrect uri comparison
Jun 25, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-9799 MEDIUM
Keycloak: keycloak: unauthorized access to resources via uma permission ticket bypass
Jun 25, 2026
CVSS 4.6
EPSS 0.00
CVE-2026-9705 MEDIUM
Keycloak: keycloak: attacker can re-enable and take over disabled clients via registration access token
Jun 25, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-9099 HIGH
Keycloak: group-admin escalation to realm-admin
Jun 25, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-9086 HIGH
Keycloak: keycloak: cross-site scripting (xss) via case-insensitive uri validation bypass
Jun 25, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-9083 MEDIUM
Keycloak: keycloak: information disclosure through arbitrary filesystem path probing
Jun 25, 2026
CVSS 4.9
EPSS 0.01
CVE-2026-13208 MEDIUM
Kubevirt: virt-handler-rhel9: kubevirt: virt-handler notify server trusts vmi identity from unauthenticated grpc request body
Jun 24, 2026
CVSS 6.5
EPSS 0.00
Products
Red Hat Enterprise Linux 9 539 Red Hat Enterprise Linux 8 537 Red Hat Enterprise Linux 10 455 Red Hat Enterprise Linux 7 448 Red Hat Enterprise Linux 6 408 Red Hat OpenShift Container Platform 4 209 Red Hat In-Vehicle Operating System 1 195 Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support 136 Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support 127 Red Hat Enterprise Linux 9.4 Extended Update Support 116 Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions 100 Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions 95 Red Hat Hardened Images 95 Red Hat Enterprise Linux 7 Extended Lifecycle Support 94 Red Hat Enterprise Linux 8.6 Telecommunications Update Service 93 Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions 93 Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions 93 Red Hat Enterprise Linux 8.8 Telecommunications Update Service 92 Red Hat Enterprise Linux 8.2 Advanced Update Support 89 Red Hat Build of Keycloak 87 Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On 83 Red Hat Enterprise Linux 9.6 Extended Update Support 70 Red Hat Enterprise Linux 10.0 Extended Update Support 68 Red Hat Enterprise Linux 9.2 Extended Update Support 67 Red Hat build of Keycloak 26.4 64 Red Hat Enterprise Linux 8.8 Extended Update Support 60 Red Hat JBoss Enterprise Application Platform 8 58 Red Hat JBoss Enterprise Application Platform Expansion Pack 58 Red Hat Single Sign-On 7 53 Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On 45