redhat

5,762 tracked vulnerabilities.

CVE-2026-40918 MEDIUM
Gimp: gimp: denial of service via crafted pvr image file
Apr 15, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-40917 MEDIUM
Gimp: gimp: application crashes or information disclosure via crafted icns image files
Apr 15, 2026
CVSS 5.0
EPSS 0.00
CVE-2026-40916 MEDIUM
Gimp: gimp: denial of service due to stack buffer overflow in tim image loader
Apr 15, 2026
CVSS 5.0
EPSS 0.00
CVE-2026-40915 MEDIUM
Gimp: gimp: heap buffer overflow due to integer overflow in fits image loader
Apr 15, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-37980 MEDIUM
Org.keycloak.forms.login: keycloak: keycloak: arbitrary code execution via stored cross-site scripting (xss) in organization selection login page
Apr 14, 2026
CVSS 6.9
EPSS 0.00
CVE-2026-1462 HIGH
Safe Mode Bypass in keras-team/keras
Apr 13, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-5483 HIGH
Odh-dashboard: odh dashboard kubernetes service account exposure
Apr 10, 2026
CVSS 8.5
EPSS 0.00
CVE-2026-1584 HIGH
Gnutls: gnutls: remote denial of service via crafted clienthello with invalid psk binder
Apr 09, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-4878 MEDIUM
Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()
Apr 09, 2026
CVSS 6.7
EPSS 0.00
CVE-2026-32591 MEDIUM
Mirror-registry: quay: server-side request forgery in proxy cache upstream registry configuration
Apr 08, 2026
CVSS 5.2
EPSS 0.00
CVE-2026-32590 HIGH
Mirror-registry: remote code execution using pickle deserialization
Apr 08, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-32589 HIGH
Mirror-registry: quay: insecure direct object reference in blobupload
Apr 08, 2026
CVSS 7.4
EPSS 0.00
CVE-2026-2377 MEDIUM
Mirror-registry: quay: quay: server-side request forgery via log export functionality
Apr 08, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-5745 MEDIUM
Libarchive: a null pointer dereference vulnerability exists in the acl parser of libarchive
Apr 07, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-4740 HIGH
Rhacm: open cluster management (ocm): cross-cluster privilege escalation via improper kubernetes client certificate renewal validation
Apr 07, 2026
CVSS 8.2
EPSS 0.00
CVE-2026-5704 MEDIUM
Tar: tar: hidden file injection via crafted archives
Apr 06, 2026
CVSS 5.0
EPSS 0.00
CVE-2026-5673 MEDIUM
Libtheora: libtheora: denial of service or information disclosure via malformed avi file processing
Apr 06, 2026
CVSS 5.6
EPSS 0.00
CVE-2026-37977 LOW
Keycloak: org.keycloak.protocol.oidc.grants.ciba: keycloak: information disclosure via cors header injection due to unvalidated jwt azp claim
Apr 06, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-3184 LOW
Util-linux: util-linux: access control bypass due to improper hostname canonicalization
Apr 03, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-2625 MEDIUM
Rust-rpm-sequoia: rust-rpm-sequoia: denial of service via crafted rpm file during signature verification
Apr 03, 2026
CVSS 4.0
EPSS 0.00
CVE-2026-4636 HIGH
Keycloak UMA Policy - Unauthorized Resource Access
Apr 02, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-4634 HIGH
Keycloak: keycloak: denial of service via excessive processing of openid connect scope parameters
Apr 02, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-4325 MEDIUM
Keycloak: keycloak: replay of action tokens via improper handling of single-use entries
Apr 02, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-4282 HIGH
Keycloak: keycloak: privilege escalation via forged authorization codes due to singleuseobjectprovider isolation flaw
Apr 02, 2026
CVSS 7.4
EPSS 0.00
CVE-2026-3872 HIGH
Red Hat Keycloak 26.2 and 26.4 - redirect_uri Access Token Disclosure
Apr 02, 2026
CVSS 7.3
EPSS 0.00