Vulnerabilities in RED HAT
1,518 resultsCVE-2025-7195MEDIUMOperator-sdk: privilege escalation due to incorrect permissions of /etc/passwdEPSS 0.2%CVE-2026-48864HIGHLibsolv: heap buffer overflow in libsolv repopagestore via unchecked decompression of malicious .solv page dataEPSS 0.2%CVE-2026-12726MEDIUMAwx: automation-controller: awx: github webhook second-order ssrf via unvalidated statuses_url exfiltrates pat credentialEPSS 0.2%CVE-2024-9979MEDIUMPyo3: risk of use-after-free in `borrowed` reads from python weak referencesEPSS 0.2%CVE-2024-45775MEDIUMGrub2: commands/extcmd: missing check for failed allocationEPSS 0.2%CVE-2025-9820MEDIUMGnutls: stack-based buffer overflow in gnutls_pkcs11_token_init() functionEPSS 0.2%CVE-2026-4628MEDIUMKeycloak: org.keycloak.authorization: keycloak: unauthorized resource modification due to improper access controlEPSS 0.2%CVE-2023-6725MEDIUMTripleo-ansible: bind keys are world readableEPSS 0.2%CVE-2023-3674LOWKeylime: attestation failure when the quote's signature does not validateEPSS 0.2%CVE-2024-8612LOWQemu-kvm: information leak in virtio devicesEPSS 0.2%CVE-2025-12150LOWOrg.keycloak/keycloak-services: webauthn attestation statement verification bypassEPSS 0.2%CVE-2026-55653MEDIUMOpenssh: double free in red hat enterprise linux versions of openssh dh-gex client path during fips known-group validation leads to client-side denial of serviceEPSS 0.2%CVE-2026-11986MEDIUMKeycloak-rest-admin-ui-ext: authorization bypass vulnerability in the admin-ui-ext bulk role-mapping-delete endpoints of keycloakEPSS 0.2%CVE-2023-6917MEDIUMPcp: unsafe use of directories allows pcp to root privilege escalationEPSS 0.2%CVE-2023-5158MEDIUMPossible dos from guest to host invringh_kiov_advance in vhost driver at drivers/vhost/vringh.cEPSS 0.2%CVE-2025-5417MEDIUMRhdh: red hat developer hub user permissionsEPSS 0.2%CVE-2025-49178MEDIUMXorg-x11-server-xwayland: xorg-x11-server: tigervnc: unprocessed client request due to bytes to ignoreEPSS 0.2%CVE-2025-46400MEDIUMXfig: fig2dev segmentation fault in read_arcobjectEPSS 0.2%CVE-2025-46399MEDIUMXfig: transfig: fig2dev segmentation fault vulnerabilityEPSS 0.2%CVE-2025-7777MEDIUMMirror-registry: host header injection in mirror-registryEPSS 0.2%