Vulnerabilities in RED HAT
1,513 resultsCVE-2024-0607MEDIUMKernel: nf_tables: pointer math issue in nft_byteorder_eval()EPSS 0.2%CVE-2023-4237HIGHPlatform: ec2_key module prints out the private key directly to the standard outputEPSS 0.2%CVE-2026-12491MEDIUMVllm: vllm: image exif rotation & png trns transparency not normalized, causing mismatch between model input and expectationsEPSS 0.2%CVE-2025-5988MEDIUMAap-gateway: csrf origin checking is disabledEPSS 0.2%CVE-2023-3773MEDIUMKernel: xfrm: out-of-bounds read of xfrma_mtimer_thresh nlattrEPSS 0.2%CVE-2026-1539MEDIUMLibsoup: libsoup: credential leakage via http redirectsEPSS 0.2%CVE-2026-10609MEDIUMOpenshift/cluster-logging-operator: cluster logging operator creates and forwards serviceaccount tokens without verifying clf creator authorizationEPSS 0.2%CVE-2024-0340MEDIUMKernel: information disclosure in vhost/vhost.c:vhost_new_msg()EPSS 0.2%CVE-2026-1518LOWKeycloak: blind server-side request forgery (ssrf) via ciba backchannel notification endpoint in keycloakEPSS 0.2%CVE-2023-3180MEDIUMHeap buffer overflow in virtio_crypto_sym_op_helper()EPSS 0.2%CVE-2025-0750MEDIUMCri-o: cri-o path traversal in log handling functions allows arbitrary unmountingEPSS 0.2%CVE-2024-45781MEDIUMGrub2: fs/ufs: oob write in the heapEPSS 0.2%CVE-2024-45776MEDIUMGrub2: grub-core/gettext: integer overflow leads to heap oob write and read.EPSS 0.2%CVE-2025-12103MEDIUMOpenshift-ai: trusty ai grants all authenticated users to list pods in any namespaceEPSS 0.2%CVE-2023-5090MEDIUMKernel: kvm: svm: improper check in svm_set_x2apic_msr_interception allows direct access to host x2apic msrsEPSS 0.2%CVE-2025-66286MEDIUMWebkitgtk: authorization bypass through webpage::send-request signal handlerEPSS 0.2%CVE-2026-12388MEDIUMKeycloak-broker: keycloak: privilege escalation to realm administrator via improper authorization in identity provider mapperEPSS 0.2%CVE-2023-1476HIGHKpatch: mm/mremap.c: incomplete fix for cve-2022-41222EPSS 0.2%CVE-2026-7500MEDIUMOrg.keycloak.keycloak-services: improper access control on keycloak server when the account account api feature is disabledEPSS 0.2%CVE-2025-1272HIGHKernel: secure boot does not automatically enable kernel lockdownEPSS 0.2%