redhat

5,762 tracked vulnerabilities.

CVE-2026-13601 HIGH
Yelp yelp-xsl - Host File Disclosure via Flatpak OpenURI
Jun 29, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-57966 MEDIUM
Spice-vdagent: path traversal in file transfer via unsanitized filename
Jun 29, 2026
CVSS 4.4
EPSS 0.00
CVE-2026-57965 MEDIUM
Spice-vdagent: integer overflow in udscs_write() leading to heap buffer overflow
Jun 29, 2026
CVSS 5.1
EPSS 0.00
CVE-2026-13595 MEDIUM
Util-linux: util-linux: heap use-after-free in libblkid nested partition probing
Jun 29, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-13434 MEDIUM
Red Hat OpenShift Virtualization KubeVirt - Multus Network Annotation Injection
Jun 26, 2026
CVSS 4.9
EPSS 0.00
CVE-2026-13325 HIGH
Virt-handler-rhel9: kubevirt: kubevirt: disabletls migration setting removes authentication, exposing unauthenticated virtqemud proxy on all interfaces
Jun 26, 2026
CVSS 8.5
EPSS 0.00
CVE-2026-13322 LOW
Kubevirt: virt-handler-rhel9: kubevirt: unbounded virtio-serial readline in virt-handler causes oom denial of service
Jun 26, 2026
CVSS 3.8
EPSS 0.00
CVE-2026-13318 MEDIUM
Virt-api-rhel9: kubevirt: kubevirt: ssrf in virt-api port-forward via unvalidated guest-agent-reported ip
Jun 26, 2026
CVSS 6.4
EPSS 0.00
CVE-2026-13218 MEDIUM
Kubevirt: kubevirt: symlink following in writetocachedfile allows host file overwrite from virt-launcher
Jun 26, 2026
CVSS 4.2
EPSS 0.00
CVE-2026-13083 MEDIUM
Pen-drive: pen-drive: stored xss via unescaped cluster data in html report
Jun 26, 2026
CVSS 6.9
EPSS 0.00
CVE-2026-12993 MEDIUM
Apicurio/apicurio-registry: apicurio-registry: xml entity-expansion denial of service via internal dtd subset
Jun 26, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-12992 HIGH
Apicurio/apicurio-registry: apicurio-registry: ssrf via wsdl4j import dereference in wsdl full validation
Jun 25, 2026
CVSS 7.4
EPSS 0.00
CVE-2026-12975 HIGH
Red Hat Apicurio Registry 3 - XML External Entity Server-Side Request Forgery
Jun 25, 2026
CVSS 8.5
EPSS 0.00
CVE-2026-11800 HIGH
Org.keycloak:keycloak-services: keycloak: authentication bypass via jwt algorithm confusion
Jun 25, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-9800 HIGH
Keycloak: keycloak policy enforcer: authorization bypass via incorrect uri comparison
Jun 25, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-9799 MEDIUM
Keycloak: keycloak: unauthorized access to resources via uma permission ticket bypass
Jun 25, 2026
CVSS 4.6
EPSS 0.00
CVE-2026-9705 MEDIUM
Keycloak: keycloak: attacker can re-enable and take over disabled clients via registration access token
Jun 25, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-9099 HIGH
Keycloak: group-admin escalation to realm-admin
Jun 25, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-9086 HIGH
Keycloak: keycloak: cross-site scripting (xss) via case-insensitive uri validation bypass
Jun 25, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-9083 MEDIUM
Keycloak: keycloak: information disclosure through arbitrary filesystem path probing
Jun 25, 2026
CVSS 4.9
EPSS 0.01
CVE-2026-53153 HIGH
mm/list_lru: drain before clearing xarray entry on reparent
Jun 25, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-53145 HIGH
drm/gem: Try to fix change_handle ioctl, attempt 4
Jun 25, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-13208 MEDIUM
Kubevirt: virt-handler-rhel9: kubevirt: virt-handler notify server trusts vmi identity from unauthenticated grpc request body
Jun 24, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-13201 HIGH
OpenShift Virtualization KubeVirt safepath - Host File Metadata Modification
Jun 24, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-9073 MEDIUM
Foreman-mcp-server: mcp server: insecure sensitive http header sanitization
Jun 23, 2026
CVSS 6.2
EPSS 0.00