redhat

5,762 tracked vulnerabilities.

CVE-2026-1940 MEDIUM
Gstreamer: incomplete fix of cve-2026-1940
Mar 23, 2026
CVSS 5.1
EPSS 0.00
CVE-2026-4647 MEDIUM
Binutils: out-of-bounds read in xcoff relocation processing in gnu binutils bfd library
Mar 23, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-4633 LOW
Keycloak: keycloak: user enumeration via differential error messages
Mar 23, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-4628 MEDIUM
Keycloak: org.keycloak.authorization: keycloak: unauthorized resource modification due to improper access control
Mar 23, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-4426 MEDIUM
Libarchive: libarchive: denial of service via malformed iso file processing
Mar 19, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-4424 HIGH
Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing
Mar 19, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-4366 MEDIUM
Keycloak-services: blind server-side request forgery (ssrf) via http redirect handling in keycloak
Mar 18, 2026
CVSS 5.8
EPSS 0.00
CVE-2026-2575 MEDIUM
Keycloak: keycloak: denial of service due to excessive samlrequest decompression
Mar 18, 2026
CVSS 5.3
EPSS 0.01
CVE-2026-4271 MEDIUM
Libsoup: libsoup: denial of service via use-after-free in http/2 server
Mar 17, 2026
CVSS 5.3
EPSS 0.01
CVE-2026-3634 LOW
Libsoup: libsoup: http header injection and response splitting via crlf injection in content-type header
Mar 17, 2026
CVSS 3.9
EPSS 0.00
CVE-2026-3633 LOW
Libsoup: libsoup: header and http request injection via crlf injection
Mar 17, 2026
CVSS 3.9
EPSS 0.00
CVE-2026-3632 LOW
Libsoup: libsoup: http smuggling and server-side request forgery via malformed hostnames
Mar 17, 2026
CVSS 3.9
EPSS 0.00
CVE-2026-3442 MEDIUM
Red Hat Enterprise Linux 10 - Buffer Overflow
Mar 16, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-3441 MEDIUM
Binutils: gnu binutils: information disclosure via specially crafted xcoff object file
Mar 16, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-3497 HIGH
OpenSSH GSSAPI Patches in Ubuntu - Use of Uninitialized Resource via Unexpected GSSAPI Message
Mar 12, 2026
CVSS 7.5
EPSS 0.02
CVE-2026-2376 MEDIUM
mirror-registry - Redirect-Based Server-Side Request Forgery
Mar 12, 2026
CVSS 4.9
EPSS 0.00
CVE-2026-3099 MEDIUM
Red Hat Enterprise Linux - Digest Authentication Nonce Reuse
Mar 12, 2026
CVSS 5.8
EPSS 0.00
CVE-2026-3911 LOW
Keycloak - Authenticated Unauthorized User Attribute Exposure via UserResource Endpoint
Mar 11, 2026
CVSS 2.7
EPSS 0.00
CVE-2026-3047 HIGH
Keycloak SAML Broker - Authentication Bypass via Disabled IdP-Initiated Client
Mar 05, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-3009 HIGH
Keycloak < 26.5.5 - Incorrect Authorization via Disabled Identity Provider Bypass
Mar 05, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-0980 HIGH
rubyipmi < 0.13.0 - Authenticated Remote Code Execution via BMC Username Injection
Feb 27, 2026
CVSS 8.3
EPSS 0.01
CVE-2026-0871 MEDIUM
Keycloak < 26.5.2 - Incorrect Privilege Assignment via Unmanaged Attribute Bypass
Feb 27, 2026
CVSS 4.9
EPSS 0.00
CVE-2026-3118 MEDIUM
Red Hat Developer Hub - Authenticated Denial of Service via Orchestrator Plugin GraphQL Query Injection
Feb 25, 2026
CVSS 6.5
EPSS 0.01
CVE-2026-26104 MEDIUM
Red Hat Enterprise Linux - Unauthenticated LUKS Encryption Header Backup via udisks D-Bus Method
Feb 25, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-26103 HIGH
Red Hat Enterprise Linux - Unauthenticated Denial of Service via udisks LUKS Header Restoration
Feb 25, 2026
CVSS 7.1
EPSS 0.00