Export limit exceeded: 363142 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (23512 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-3653 1 Redhat 17 Amq Streams, Apache Camel Hawtio, Build Keycloak and 14 more 2026-04-15 5.3 Medium
A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the server is not subject to the attack. The attacker needs to be able to reach the server with a normal HTTP request.
CVE-2024-29415 2 Fedorindutny, Redhat 2 Ip, Openshift Devspaces 2026-04-15 8.1 High
The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282.
CVE-2025-14969 1 Redhat 4 Jboss Enterprise Application Platform, Jbosseapxp, Openshift Devspaces and 1 more 2026-04-15 4.3 Medium
A flaw was found in Hibernate Reactive. When an HTTP endpoint is exposed to perform database operations, a remote client can prematurely close the HTTP connection. This action may lead to leaking connections from the database connection pool, potentially causing a Denial of Service (DoS) by exhausting available database connections.
CVE-2024-24784 2 Go Standard Library, Redhat 14 Net\/mail, Advanced Cluster Security, Ceph Storage and 11 more 2026-04-15 7.5 High
The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers.
CVE-2025-5455 1 Redhat 1 Enterprise Linux 2026-04-15 5.3 Medium
An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that contained a "charset" parameter that lacked a value (such as "data:charset,"), and Qt was built with assertions enabled, then it would hit an assertion, resulting in a denial of service (abort). This impacts Qt up to 5.15.18, 6.0.0->6.5.8, 6.6.0->6.8.3 and 6.9.0. This has been fixed in 5.15.19, 6.5.9, 6.8.4 and 6.9.1.
CVE-2024-41184 2 Acassen, Redhat 3 Keepalived, Ceph Storage, Enterprise Linux 2026-04-15 9.8 Critical
In the vrrp_ipsets_handler handler (fglobal_parser.c) of keepalived through 2.3.1, an integer overflow can occur. NOTE: this CVE Record might not be worthwhile because an empty ipset name must be configured by the user.
CVE-2024-27281 2 Redhat, Ruby 2 Enterprise Linux, Rdoc 2026-04-15 4.5 Medium
An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdoc_options (used for configuration in RDoc) as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be restored. (When loading the documentation cache, object injection and resultant remote code execution are also possible if there were a crafted cache.) The main fixed version is 6.6.3.1. For Ruby 3.0 users, a fixed version is rdoc 6.3.4.1. For Ruby 3.1 users, a fixed version is rdoc 6.4.1.1. For Ruby 3.2 users, a fixed version is rdoc 6.5.1.1.
CVE-2024-6501 1 Redhat 2 Enterprise Linux, Openshift 2026-04-15 3.1 Low
A flaw was found in NetworkManager. When a system running NetworkManager with DEBUG logs enabled and an interface eth1 configured with LLDP enabled, a malicious user could inject a malformed LLDP packet. NetworkManager would crash, leading to a denial of service.
CVE-2025-12744 1 Redhat 1 Enterprise Linux 2026-04-15 8.8 High
A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them directly into a shell command (docker inspect %s) without proper validation. An unprivileged local user can craft a payload that injects shell metacharacters, causing the root-running ABRT process to execute attacker-controlled commands and ultimately gain full root privileges.
CVE-2024-12125 1 Redhat 1 Red Hat 3scale Amp 2026-04-15 7.5 High
A flaw was found in the 3scale Developer Portal. When creating or updating an account in the Developer Portal UI it is possible to modify fields explicitly configured as read-only or hidden, allowing an attacker to modify restricted information.
CVE-2024-31420 1 Redhat 1 Container Native Virtualization 2026-04-15 6.5 Medium
A NULL pointer dereference flaw was found in KubeVirt. This flaw allows an attacker who has access to a virtual machine guest on a node with DownwardMetrics enabled to cause a denial of service by issuing a high number of calls to vm-dump-metrics --virtio and then deleting the virtual machine.
CVE-2025-10622 1 Redhat 4 Satellite, Satellite Capsule, Satellite Maintenance and 1 more 2026-04-15 8 High
A flaw was found in Red Hat Satellite (Foreman component). This vulnerability allows an authenticated user with edit_settings permissions to achieve arbitrary command execution on the underlying operating system via insufficient server-side validation of command whitelisting.
CVE-2024-45336 1 Redhat 8 Acm, Ceph Storage, Enterprise Linux and 5 more 2026-04-15 6.1 Medium
The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.
CVE-2025-4673 1 Redhat 2 Enterprise Linux, Openshift Distributed Tracing 2026-04-15 6.8 Medium
Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.
CVE-2025-57848 1 Redhat 1 Container Native Virtualization 2026-04-15 6.4 Medium
A container privilege escalation flaw was found in certain Container-native Virtualization images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.
CVE-2024-4693 1 Redhat 2 Advanced Virtualization, Enterprise Linux 2026-04-15 5.5 Medium
A flaw was found in the QEMU Virtio PCI Bindings (hw/virtio/virtio-pci.c). An improper release and use of the irqfd for vector 0 during the boot process leads to a guest triggerable crash via vhost_net_stop(). This flaw allows a malicious guest to crash the QEMU process on the host.
CVE-2024-6861 1 Redhat 4 Satellite, Satellite Capsule, Satellite Maintenance and 1 more 2026-04-15 7.5 High
A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin authentication keys which could result in a compromise of the entire product's API.
CVE-2023-39368 1 Redhat 1 Enterprise Linux 2026-04-15 6.5 Medium
Protection mechanism failure of bus lock regulator for some Intel(R) Processors may allow an unauthenticated user to potentially enable denial of service via network access.
CVE-2024-2494 1 Redhat 2 Advanced Virtualization, Enterprise Linux 2026-04-15 6.2 Medium
A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash.
CVE-2024-42934 1 Redhat 2 Enterprise Linux, Rhel Eus 2026-04-15 5 Medium
OpenIPMI before 2.0.36 has an out-of-bounds array access (for authentication type) in the ipmi_sim simulator, resulting in denial of service or (with very low probability) authentication bypass or code execution.