Export limit exceeded: 14119 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 23274 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (23274 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-6544 | 1 Redhat | 3 Build Keycloak, Red Hat Single Sign On, Rhosemc | 2026-04-15 | 5.4 Medium |
| A flaw was found in the Keycloak package. This issue occurs due to a permissive regular expression hardcoded for filtering which allows hosts to register a dynamic client. A malicious user with enough information about the environment could jeopardize an environment with this specific Dynamic Client Registration and TrustedDomain configuration previously unauthorized. | ||||
| CVE-2024-4027 | 1 Redhat | 17 Amq Streams, Apache Camel Hawtio, Build Keycloak and 14 more | 2026-04-15 | 7.5 High |
| A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames() can cause an OutOfMemoryError when the client sends a request with large parameter names. This issue can be exploited by an unauthorized user to cause a remote denial-of-service (DoS) attack. | ||||
| CVE-2024-2947 | 1 Redhat | 1 Enterprise Linux | 2026-04-15 | 7.3 High |
| A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affects Cockpit versions 270 and newer. | ||||
| CVE-2025-1391 | 1 Redhat | 1 Build Keycloak | 2026-04-15 | 5.4 Medium |
| A flaw was found in the Keycloak organization feature, which allows the incorrect assignment of an organization to a user if their username or email matches the organization’s domain pattern. This issue occurs at the mapper level, leading to misrepresentation in tokens. If an application relies on these claims for authorization, it may incorrectly assume a user belongs to an organization they are not a member of, potentially granting unauthorized access or privileges. | ||||
| CVE-2025-9615 | 1 Redhat | 2 Enterprise Linux, Openshift | 2026-04-15 | N/A |
| A flaw was found in NetworkManager. The NetworkManager package allows access to files that may belong to other users. NetworkManager allows non-root users to configure the system's network. The daemon runs with root privileges and can access files owned by users different from the one who added the connection. | ||||
| CVE-2024-6861 | 1 Redhat | 4 Satellite, Satellite Capsule, Satellite Maintenance and 1 more | 2026-04-15 | 7.5 High |
| A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin authentication keys which could result in a compromise of the entire product's API. | ||||
| CVE-2025-8067 | 1 Redhat | 7 Enterprise Linux, Rhel Aus, Rhel E4s and 4 more | 2026-04-15 | 8.5 High |
| A flaw was found in the Udisks daemon, where it allows unprivileged users to create loop devices using the D-BUS system. This is achieved via the loop device handler, which handles requests sent through the D-BUS interface. As two of the parameters of this handle, it receives the file descriptor list and index specifying the file where the loop device should be backed. The function itself validates the index value to ensure it isn't bigger than the maximum value allowed. However, it fails to validate the lower bound, allowing the index parameter to be a negative value. Under these circumstances, an attacker can cause the UDisks daemon to crash or perform a local privilege escalation by gaining access to files owned by privileged users. | ||||
| CVE-2025-12464 | 1 Redhat | 2 Enterprise Linux, Openshift | 2026-04-15 | 6.2 Medium |
| A stack-based buffer overflow was found in the QEMU e1000 network device. The code for padding short frames was dropped from individual network devices and moved to the net core code. The issue stems from the device's receive code still being able to process a short frame in loopback mode. This could lead to a buffer overrun in the e1000_receive_iov() function via the loopback code path. A malicious guest user could use this vulnerability to crash the QEMU process on the host, resulting in a denial of service. | ||||
| CVE-2025-8415 | 1 Redhat | 1 Cryostat | 2026-04-15 | 5.9 Medium |
| A vulnerability was found in the Cryostat HTTP API. Cryostat's HTTP API binds to all network interfaces, allowing possible external visibility and access to the API port if Network Policies are disabled, allowing an unauthenticated, malicious attacker to jeopardize the environment. | ||||
| CVE-2024-12397 | 1 Redhat | 13 Amq Streams, Apache Camel Hawtio, Build Keycloak and 10 more | 2026-04-15 | 7.4 High |
| A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity. | ||||
| CVE-2025-3416 | 1 Redhat | 5 Directory Server, Enterprise Linux, Openshift and 2 more | 2026-04-15 | 3.7 Low |
| A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string. | ||||
| CVE-2025-2487 | 1 Redhat | 4 Directory Server, Directory Server Eus, Enterprise Linux and 1 more | 2026-04-15 | 4.9 Medium |
| A flaw was found in the 389-ds-base LDAP Server. This issue occurs when issuing a Modify DN LDAP operation through the ldap protocol, when the function return value is not tested and a NULL pointer is dereferenced. If a privileged user performs a ldap MODDN operation after a failed operation, it could lead to a Denial of Service (DoS) or system crash. | ||||
| CVE-2024-1023 | 1 Redhat | 20 A Mq Clients, Amq Broker, Amq Streams and 17 more | 2026-04-15 | 6.5 Medium |
| A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak. | ||||
| CVE-2024-5148 | 1 Redhat | 1 Enterprise Linux | 2026-04-15 | 7.5 High |
| A flaw was found in the gnome-remote-desktop package. The gnome-remote-desktop system daemon performs inadequate validation of session agents using D-Bus methods related to transitioning a client connection from the login screen to the user session. As a result, the system RDP TLS certificate and key can be exposed to unauthorized users. This flaw allows a malicious user on the system to take control of the RDP client connection during the login screen-to-user session transition. | ||||
| CVE-2025-8556 | 1 Redhat | 23 Acm, Advanced Cluster Security, Ceph Storage and 20 more | 2026-04-15 | 3.7 Low |
| A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange. | ||||
| CVE-2024-3625 | 1 Redhat | 1 Mirror Registry | 2026-04-15 | 7.3 High |
| A flaw was found in Quay, where Quay's database is stored in plain text in mirror-registry on Jinja's config.yaml file. This issue leaves the possibility of a malicious actor with access to this file to gain access to Quay's Redis instance. | ||||
| CVE-2024-0450 | 2 Python, Redhat | 7 Cpython, Enterprise Linux, Rhel Aus and 4 more | 2026-04-15 | 6.2 Medium |
| An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive. | ||||
| CVE-2025-32803 | 1 Redhat | 1 Enterprise Linux | 2026-04-15 | 4 Medium |
| In some cases, Kea log files or lease files may be world-readable. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8. | ||||
| CVE-2024-21885 | 1 Redhat | 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more | 2026-04-15 | 7.8 High |
| A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remote code execution in SSH X11 forwarding environments. | ||||
| CVE-2025-32801 | 1 Redhat | 1 Enterprise Linux | 2026-04-15 | 7.8 High |
| Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8. | ||||