Vulnerabilities in RED HAT
1,518 resultsCVE-2026-54100HIGHWindows-machine-config-operator: windows-machine-config-operator: ssh host key not verified enables credential theftEPSS 0.2%CVE-2025-3359MEDIUMGnuplot: segmentation fault via io_str_init_static_internal functionEPSS 0.2%CVE-2025-4878LOWLibssh: use of uninitialized variable in privatekey_from_file()EPSS 0.2%CVE-2026-11800HIGHOrg.keycloak:keycloak-services: keycloak: authentication bypass via jwt algorithm confusionEPSS 0.2%CVE-2026-7309MEDIUMOpenshift-controller-manager: openshift container platform: information disclosure via environment variable injectionEPSS 0.2%CVE-2026-11785MEDIUM389-ds-base: 389-ds-base: partial stack address information leak via ber_printf type confusion in sso token handlerEPSS 0.2%CVE-2023-4732MEDIUMKernel: race between task migrating pages and another task calling exit_mmap to release those same pages getting invalid opcode bug in include/linux/swapops.hEPSS 0.2%CVE-2026-5673MEDIUMLibtheora: libtheora: denial of service or information disclosure via malformed avi file processingEPSS 0.2%CVE-2025-4877MEDIUMLibssh: write beyond bounds in binary to base64 conversion functionsEPSS 0.2%CVE-2026-11787MEDIUM389-ds-base: 389-ds-base: heap buffer over-read in ldap_utf8prev() via str2simple filter parsingEPSS 0.2%CVE-2025-53862LOWAap: aap-gateway: automation-hub: sensitive information disclosureEPSS 0.2%CVE-2025-14104MEDIUMUtil-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernamesEPSS 0.2%CVE-2026-3441MEDIUMBinutils: gnu binutils: information disclosure via specially crafted xcoff object fileEPSS 0.2%CVE-2025-13763MEDIUMLibopensc: opensc: multiple uses of uninitialized variableEPSS 0.2%CVE-2026-14324MEDIUMPipewire: raop rtsp null derefEPSS 0.2%CVE-2026-14209MEDIUMKeycloak-admin-ui: keycloak-admin-ui: keycloak: admin ui extension brute-force-user endpoint bypasses fgapv2 user view restrictionsEPSS 0.2%CVE-2026-13325HIGHVirt-handler-rhel9: kubevirt: kubevirt: disabletls migration setting removes authentication, exposing unauthenticated virtqemud proxy on all interfacesEPSS 0.2%CVE-2026-6846HIGHBinutils: binutils: arbitrary code execution via malformed xcoff object file processingEPSS 0.2%CVE-2025-48798HIGHGimp: multiple use after free in xcf parserEPSS 0.2%CVE-2026-4647MEDIUMBinutils: out-of-bounds read in xcoff relocation processing in gnu binutils bfd libraryEPSS 0.2%