{"resultsPerPage":165,"startIndex":0,"totalResults":165,"format":"NVD_CVE","version":"2.0","timestamp":"2026-07-17T23:50:35.606","vulnerabilities":[{"cve":{"id":"CVE-2024-58093","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-04-16T15:15:53.220","lastModified":"2026-07-16T12:16:43.480","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/ASPM: Fix link state exit during switch upstream function removal\n\nBefore 456d8aa37d0f (\"PCI/ASPM: Disable ASPM on MFD function removal to\navoid use-after-free\"), we would free the ASPM link only after the last\nfunction on the bus pertaining to the given link was removed.\n\nThat was too late. If function 0 is removed before sibling function,\nlink->downstream would point to free'd memory after.\n\nAfter above change, we freed the ASPM parent link state upon any function\nremoval on the bus pertaining to a given link.\n\nThat is too early. If the link is to a PCIe switch with MFD on the upstream\nport, then removing functions other than 0 first would free a link which\nstill remains parent_link to the remaining downstream ports.\n\nThe resulting GPFs are especially frequent during hot-unplug, because\npciehp removes devices on the link bus in reverse order.\n\nOn that switch, function 0 is the virtual P2P bridge to the internal bus.\nFree exactly when function 0 is removed -- before the parent link is\nobsolete, but after all subordinate links are gone.\n\n[kwilczynski: commit log]"},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: PCI/ASPM: Corrección de la salida del estado del enlace durante la eliminación de la función ascendente del conmutador. Antes de la versión 456d8aa37d0f (\"PCI/ASPM: Deshabilitar ASPM al eliminar la función MFD para evitar el use-after-free\"), liberábamos el enlace ASPM solo después de eliminar la última función del bus correspondiente al enlace en cuestión. Era demasiado tarde. Si la función 0 se elimina antes que la función hermana, enlace-&gt;descendente apuntaría a la memoria liberada después. Tras el cambio mencionado, liberábamos el estado del enlace principal ASPM al eliminar cualquier función del bus correspondiente a un enlace determinado. Era demasiado pronto. Si el enlace es a un conmutador PCIe con MFD en el puerto ascendente, eliminar primero las funciones distintas de la 0 liberaría un enlace que aún permanece como parent_link para los puertos descendentes restantes. Los GPF resultantes son especialmente frecuentes durante la desconexión en caliente, ya que pciehp elimina los dispositivos del bus de enlace en orden inverso. En ese conmutador, la función 0 es el puente P2P virtual al bus interno. Se libera exactamente cuando se elimina la función 0: antes de que el enlace principal quede obsoleto, pero después de que todos los enlaces subordinados desaparezcan. [kwilczynski: registro de confirmaciones]"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/pci/pcie/aspm.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"666e7f9d60cee23077ea3e6331f6f8a19f7ea03f","lessThan":"0a0f9aecf66b98959aab7fb5764b4b3e522f4f5b","versionType":"git","status":"affected"},{"version":"7badf4d6f49a358a01ab072bbff88d3ee886c33b","lessThan":"62db339ecc3d58d8fd83a9e4d80061cd943bb6e2","versionType":"git","status":"affected"},{"version":"9856c0de49052174ab474113f4ba40c02aaee086","lessThan":"e5cd58f61e9d8024ee11bd78c12c8916891d4077","versionType":"git","status":"affected"},{"version":"7aecdd47910c51707696e8b0e045b9f88bd4230f","lessThan":"cd4b07507794f7ad1a74e12eca75121d98187e66","versionType":"git","status":"affected"},{"version":"456d8aa37d0f56fc9e985e812496e861dcd6f2f2","lessThan":"8b930ddc2044e36866c41423e89889e0258695a3","versionType":"git","status":"affected"},{"version":"456d8aa37d0f56fc9e985e812496e861dcd6f2f2","lessThan":"f556b6ba0ac5f8353287ce6ed761228f0b4fafb7","versionType":"git","status":"affected"},{"version":"456d8aa37d0f56fc9e985e812496e861dcd6f2f2","lessThan":"ba4cdc14c0d4df00d3e99bff7fe545303db98183","versionType":"git","status":"affected"},{"version":"456d8aa37d0f56fc9e985e812496e861dcd6f2f2","lessThan":"4d96930239981f312821a4065db8cc0f8240a173","versionType":"git","status":"affected"},{"version":"456d8aa37d0f56fc9e985e812496e861dcd6f2f2","lessThan":"cbf937dcadfd571a434f8074d057b32cd14fbea5","versionType":"git","status":"affected"},{"version":"d51d2eeae4ce54d542909c4d9d07bf371a78592c","versionType":"git","status":"affected"},{"version":"4203722d51afe3d239e03f15cc73efdf023a7103","versionType":"git","status":"affected"},{"version":"5.4.251","lessThan":"5.4.292","versionType":"semver","status":"affected"},{"version":"5.10.188","lessThan":"5.10.236","versionType":"semver","status":"affected"},{"version":"5.15.121","lessThan":"5.15.180","versionType":"semver","status":"affected"},{"version":"6.1.39","lessThan":"6.1.134","versionType":"semver","status":"affected"},{"version":"6.3.13","lessThan":"6.4","versionType":"semver","status":"affected"},{"version":"6.4.4","lessThan":"6.5","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/pci/pcie/aspm.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.5","status":"affected"},{"version":"0","lessThan":"6.5","versionType":"semver","status":"unaffected"},{"version":"5.4.292","lessThanOrEqual":"5.4.*","versionType":"semver","status":"unaffected"},{"version":"5.10.236","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.180","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.134","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.87","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.23","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.13.11","lessThanOrEqual":"6.13.*","versionType":"semver","status":"unaffected"},{"version":"6.14.2","lessThanOrEqual":"6.14.*","versionType":"semver","status":"unaffected"},{"version":"6.15","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.251","versionEndExcluding":"5.5","matchCriteriaId":"44DA80F9-E53B-4731-AC41-BD9BAFB7661D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.188","versionEndExcluding":"5.11","matchCriteriaId":"6D42E8C7-CD33-432A-AC09-DC524C88ECE4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.121","versionEndExcluding":"5.16","matchCriteriaId":"F3AFFFEE-0707-48FE-B692-4AB92FDAA922"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.39","versionEndExcluding":"6.2","matchCriteriaId":"43B56BBD-C68E-4AF0-AEFF-3863C4B70AC2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.3.13","versionEndExcluding":"6.4","matchCriteriaId":"9058C05B-5440-4D83-834D-2E94FC46621C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.4","versionEndExcluding":"6.15","matchCriteriaId":"2C10C69F-6357-4624-ADB7-90D4E8729AD5"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0a0f9aecf66b98959aab7fb5764b4b3e522f4f5b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/4d96930239981f312821a4065db8cc0f8240a173","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/62db339ecc3d58d8fd83a9e4d80061cd943bb6e2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/8b930ddc2044e36866c41423e89889e0258695a3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/ba4cdc14c0d4df00d3e99bff7fe545303db98183","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/cbf937dcadfd571a434f8074d057b32cd14fbea5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cd4b07507794f7ad1a74e12eca75121d98187e66","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/e5cd58f61e9d8024ee11bd78c12c8916891d4077","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/f556b6ba0ac5f8353287ce6ed761228f0b4fafb7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-21721","sourceIdentifier":"security@grafana.com","published":"2026-01-27T09:15:48.640","lastModified":"2026-07-16T12:17:03.060","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions:* action. As a result, a user who has permission management rights on one dashboard can read and modify permissions on other dashboards. This is an organization‑internal privilege escalation."},{"lang":"es","value":"La API de permisos del panel no verifica el alcance del panel de destino y solo comprueba la acción dashboards.permissions:*. Como resultado, un usuario que tiene derechos de gestión de permisos en un panel puede leer y modificar permisos en otros paneles. Esto es una escalada de privilegios interna de la organización."}],"affected":[{"source":"security@grafana.com","affectedData":[{"vendor":"Grafana","product":"grafana/grafana","defaultStatus":"unaffected","versions":[{"version":"12.3.0","lessThan":"12.3.1","versionType":"semver","status":"affected"}]},{"vendor":"Grafana","product":"grafana/grafana","defaultStatus":"unaffected","versions":[{"version":"12.2.0","lessThan":"12.2.3","versionType":"semver","status":"affected"}]},{"vendor":"Grafana","product":"grafana/grafana","defaultStatus":"unaffected","versions":[{"version":"12.1.0","lessThan":"12.1.5","versionType":"semver","status":"affected"}]},{"vendor":"Grafana","product":"grafana/grafana","defaultStatus":"unaffected","versions":[{"version":"12.0.0","lessThan":"12.0.8","versionType":"semver","status":"affected"}]},{"vendor":"Grafana","product":"grafana/grafana","defaultStatus":"unaffected","versions":[{"version":"10.2.0","lessThan":"11.6.9","versionType":"semver","status":"affected"}]},{"vendor":"Grafana","product":"grafana/grafana-enterprise","defaultStatus":"unaffected","versions":[{"version":"10.2.0","lessThan":"11.6.9","versionType":"semver","status":"affected"}]},{"vendor":"Grafana","product":"grafana/grafana-enterprise","defaultStatus":"unaffected","versions":[{"version":"12.0.0","lessThan":"12.0.8","versionType":"semver","status":"affected"}]},{"vendor":"Grafana","product":"grafana/grafana-enterprise","defaultStatus":"unaffected","versions":[{"version":"12.1.0","lessThan":"12.1.5","versionType":"semver","status":"affected"}]},{"vendor":"Grafana","product":"grafana/grafana-enterprise","defaultStatus":"unaffected","versions":[{"version":"12.2.0","lessThan":"12.2.3","versionType":"semver","status":"affected"}]},{"vendor":"Grafana","product":"grafana/grafana-enterprise","defaultStatus":"unaffected","versions":[{"version":"12.3.0","lessThan":"12.3.1","versionType":"semver","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"grafana","cpes":["cpe:/o:redhat:enterprise_linux:10.1"],"versions":[{"version":"0:10.2.6-22.el10_1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10.0 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"grafana","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"],"versions":[{"version":"0:10.2.6-20.el10_0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"grafana","cpes":["cpe:/a:redhat:enterprise_linux:9"],"versions":[{"version":"0:10.2.6-18.el9_7","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.6 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"grafana","cpes":["cpe:/a:redhat:rhel_eus:9.6"],"versions":[{"version":"0:10.2.6-17.el9_6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.11","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhacm2/acm-grafana-rhel9","cpes":["cpe:/a:redhat:acm:2.11::el9"],"versions":[{"version":"1783578847","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.12","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhacm2/acm-grafana-rhel9","cpes":["cpe:/a:redhat:acm:2.12::el9"],"versions":[{"version":"1774002166","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.13","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhacm2/acm-grafana-rhel9","cpes":["cpe:/a:redhat:acm:2.13::el9"],"versions":[{"version":"1774950654","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Multicluster Global Hub","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"multicluster-globalhub/multicluster-globalhub-grafana-rhel9","cpes":["cpe:/a:redhat:multicluster_globalhub"]},{"vendor":"Red Hat","product":"Red Hat Ceph Storage 5","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhceph/grafana-rhel9","cpes":["cpe:/a:redhat:ceph_storage:5"]},{"vendor":"Red Hat","product":"Red Hat Ceph Storage 5","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhel8/grafana","cpes":["cpe:/a:redhat:ceph_storage:5"]},{"vendor":"Red Hat","product":"Red Hat Ceph Storage 5","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhel9/grafana","cpes":["cpe:/a:redhat:ceph_storage:5"]},{"vendor":"Red Hat","product":"Red Hat Ceph Storage 6","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhceph/grafana-rhel9","cpes":["cpe:/a:redhat:ceph_storage:6"]},{"vendor":"Red Hat","product":"Red Hat Ceph Storage 6","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhel8/grafana","cpes":["cpe:/a:redhat:ceph_storage:6"]},{"vendor":"Red Hat","product":"Red Hat Ceph Storage 6","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhel9/grafana","cpes":["cpe:/a:redhat:ceph_storage:6"]},{"vendor":"Red Hat","product":"Red Hat Ceph Storage 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhceph/grafana-rhel9","cpes":["cpe:/a:redhat:ceph_storage:8"]},{"vendor":"Red Hat","product":"Red Hat Ceph Storage 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhel8/grafana","cpes":["cpe:/a:redhat:ceph_storage:8"]},{"vendor":"Red Hat","product":"Red Hat Ceph Storage 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhel9/grafana","cpes":["cpe:/a:redhat:ceph_storage:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"grafana","cpes":["cpe:/o:redhat:enterprise_linux:8"]}]}],"metrics":{"cvssMetricV31":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-01-28T04:55:19.556498Z","id":"CVE-2026-21721","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.0","versionEndExcluding":"11.6.9","matchCriteriaId":"6F6E2185-5D9B-4519-BFE1-363489FDE5C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.0.0","versionEndExcluding":"12.0.8","matchCriteriaId":"0800CF3F-6B22-4AC9-B7A5-88F00162D7CF"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.1.0","versionEndExcluding":"12.1.5","matchCriteriaId":"B74E6E97-D985-4F8E-BFE9-DD40D99995D8"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*","versionStartIncluding":"12.2.0","versionEndExcluding":"12.2.3","matchCriteriaId":"FCC333B0-9BDE-4A2D-9648-C8017242DDC7"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:11.6.9:-:*:*:*:*:*:*","matchCriteriaId":"75C49C18-902A-447E-97F3-2679BD19B517"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.0.8:-:*:*:*:*:*:*","matchCriteriaId":"63A1D7CB-4839-4706-AB16-0D1609B62C1E"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.1.5:-:*:*:*:*:*:*","matchCriteriaId":"FCEFE43C-35EA-4163-A184-6FE2FF14B2BA"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.2.3:-:*:*:*:*:*:*","matchCriteriaId":"D5613D06-3180-477D-9272-CAF86A6D764D"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.3.0:*:*:*:*:*:*:*","matchCriteriaId":"D0226F9E-7B57-4F41-BC7D-234F17628970"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:12.3.1:-:*:*:*:*:*:*","matchCriteriaId":"B7B29640-D0AE-4B99-95F8-B1D84E3A17AA"}]}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-21721","source":"security@grafana.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:2914","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:2920","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:3078","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:3529","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:40138","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:5633","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:8229","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-21721","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2433242","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21721.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-25639","sourceIdentifier":"security-advisories@github.com","published":"2026-02-09T21:15:49.010","lastModified":"2026-07-16T12:17:05.443","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service. This vulnerability is fixed in versions 0.30.3 and 1.13.5."},{"lang":"es","value":"Axios es un cliente HTTP basado en promesas para el navegador y Node.js. Antes de la versión 1.13.5, la función mergeConfig en axios falla con un TypeError al procesar objetos de configuración que contienen __proto__ como propiedad propia. Un atacante puede desencadenar esto proporcionando un objeto de configuración malicioso creado a través de JSON.parse(), causando una denegación de servicio completa. Esta vulnerabilidad se corrigió en la versión 1.13.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"axios","product":"axios","versions":[{"version":">= 1.0.0, < 1.13.5","status":"affected"},{"version":"< 0.30.3","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.6 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"automation-platform-ui","cpes":["cpe:/a:redhat:ansible_automation_platform:2.6::el9"],"versions":[{"version":"0:2.6.7-1.el9ap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.10","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/console-mce-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.10::el9"],"versions":[{"version":"1777128790","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/console-mce-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.6::el9"],"versions":[{"version":"1776223790","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.7","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/console-mce-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.7::el9"],"versions":[{"version":"1773100128","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.8","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/console-mce-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.8::el9"],"versions":[{"version":"1775116156","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.9","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/console-mce-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.9::el9"],"versions":[{"version":"1777301444","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Network Observability (NETOBSERV) 1.11.2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"network-observability/network-observability-console-plugin-compat-rhel9","cpes":["cpe:/a:redhat:network_observ_optr:1.11::el9"],"versions":[{"version":"1774431392","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Network Observability (NETOBSERV) 1.11.2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"network-observability/network-observability-console-plugin-rhel9","cpes":["cpe:/a:redhat:network_observ_optr:1.11::el9"],"versions":[{"version":"1774431617","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.11","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhacm2/console-rhel9","cpes":["cpe:/a:redhat:acm:2.11::el9"],"versions":[{"version":"1783350952","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.12","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhacm2/console-rhel9","cpes":["cpe:/a:redhat:acm:2.12::el9"],"versions":[{"version":"1773259174","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.13","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhacm2/console-rhel9","cpes":["cpe:/a:redhat:acm:2.13::el9"],"versions":[{"version":"1775116130","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.14","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhacm2/console-rhel9","cpes":["cpe:/a:redhat:acm:2.14::el9"],"versions":[{"version":"1783451729","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.15","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhacm2/console-rhel9","cpes":["cpe:/a:redhat:acm:2.15::el9"],"versions":[{"version":"1776927126","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"ansible-automation-platform-25/lightspeed-rhel8","cpes":["cpe:/a:redhat:ansible_automation_platform:2.5::el8"],"versions":[{"version":"1774446874","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"ansible-automation-platform-26/gateway-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2.6::el9"],"versions":[{"version":"1774243862","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"ansible-automation-platform-26/lightspeed-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2.6::el9"],"versions":[{"version":"1774363040","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Developer Hub 1.8","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhdh/rhdh-hub-rhel9","cpes":["cpe:/a:redhat:rhdh:1.8::el9"],"versions":[{"version":"1774545605","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Developer Hub 1.9","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhdh/rhdh-hub-rhel9","cpes":["cpe:/a:redhat:rhdh:1.9::el9"],"versions":[{"version":"1775140647","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"discovery/discovery-ui-rhel9","cpes":["cpe:/a:redhat:discovery:2::el9"],"versions":[{"version":"1770913709","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Migration Toolkit 1.8","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhmtc/openshift-migration-ui-rhel8","cpes":["cpe:/a:redhat:rhmt:1.8::el8"],"versions":[{"version":"1780590717","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 2.16","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhoai/odh-dashboard-rhel8","cpes":["cpe:/a:redhat:openshift_ai:2.16::el8"],"versions":[{"version":"1774282136","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 2.25","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhoai/odh-dashboard-rhel9","cpes":["cpe:/a:redhat:openshift_ai:2.25::el9"],"versions":[{"version":"1776742021","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 2.25","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhoai/odh-mod-arch-model-registry-rhel9","cpes":["cpe:/a:redhat:openshift_ai:2.25::el9"],"versions":[{"version":"1776742141","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 3.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhoai/odh-dashboard-rhel9","cpes":["cpe:/a:redhat:openshift_ai:3.3::el9"],"versions":[{"version":"1779189627","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 3.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhoai/odh-mod-arch-gen-ai-rhel9","cpes":["cpe:/a:redhat:openshift_ai:3.3::el9"],"versions":[{"version":"1778473763","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 3.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhoai/odh-mod-arch-model-registry-rhel9","cpes":["cpe:/a:redhat:openshift_ai:3.3::el9"],"versions":[{"version":"1778666987","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.19","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift4/ose-monitoring-plugin-rhel9","cpes":["cpe:/a:redhat:openshift:4.19::el9"],"versions":[{"version":"1775577192","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift4/ose-monitoring-plugin-rhel9","cpes":["cpe:/a:redhat:openshift:4.20::el9"],"versions":[{"version":"1773746857","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.21","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift4/ose-monitoring-plugin-rhel9","cpes":["cpe:/a:redhat:openshift:4.21::el9"],"versions":[{"version":"1773849532","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Dev Spaces 3.27","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"devspaces/code-rhel9","cpes":["cpe:/a:redhat:openshift_devspaces:3.27::el9"],"versions":[{"version":"1774448966","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Dev Spaces 3.27","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"devspaces/dashboard-rhel9","cpes":["cpe:/a:redhat:openshift_devspaces:3.27::el9"],"versions":[{"version":"1774476526","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Dev Spaces 3.27","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"devspaces/traefik-rhel9","cpes":["cpe:/a:redhat:openshift_devspaces:3.27::el9"],"versions":[{"version":"1774227265","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Pipelines 1.21","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-pipelines/pipelines-operator-bundle","cpes":["cpe:/a:redhat:openshift_pipelines:1.21::el9"],"versions":[{"version":"1774871390","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Service Mesh 2.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-service-mesh/kiali-ossmc-rhel8","cpes":["cpe:/a:redhat:service_mesh:2.6::el8"],"versions":[{"version":"1771229736","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Service Mesh 2.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-service-mesh/kiali-rhel8","cpes":["cpe:/a:redhat:service_mesh:2.6::el8"],"versions":[{"version":"1771230055","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Service Mesh 3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-service-mesh/kiali-ossmc-rhel9","cpes":["cpe:/a:redhat:service_mesh:3.0::el9"],"versions":[{"version":"1771372940","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Service Mesh 3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-service-mesh/kiali-rhel9","cpes":["cpe:/a:redhat:service_mesh:3.0::el9"],"versions":[{"version":"1771373071","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Service Mesh 3.1","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-service-mesh/kiali-ossmc-rhel9","cpes":["cpe:/a:redhat:service_mesh:3.1::el9"],"versions":[{"version":"1771372942","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Service Mesh 3.1","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-service-mesh/kiali-rhel9","cpes":["cpe:/a:redhat:service_mesh:3.1::el9"],"versions":[{"version":"1771385160","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Service Mesh 3.2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-service-mesh/kiali-ossmc-rhel9","cpes":["cpe:/a:redhat:service_mesh:3.2::el9"],"versions":[{"version":"1771229583","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Service Mesh 3.2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-service-mesh/kiali-rhel9","cpes":["cpe:/a:redhat:service_mesh:3.2::el9"],"versions":[{"version":"1771385315","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Quay 3.10","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"quay/quay-rhel8","cpes":["cpe:/a:redhat:quay:3.10::el8"],"versions":[{"version":"1773971077","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Quay 3.12","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"quay/quay-rhel8","cpes":["cpe:/a:redhat:quay:3.12::el8"],"versions":[{"version":"1773771962","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Quay 3.15","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"quay/quay-rhel8","cpes":["cpe:/a:redhat:quay:3.15::el8"],"versions":[{"version":"1775169219","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Quay 3.16","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"quay/quay-rhel9","cpes":["cpe:/a:redhat:quay:3.16::el9"],"versions":[{"version":"1775069491","lessThan":"*","versionType":"rpm","status":"unaffected"},{"version":"1775169226","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Quay 3.9","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"quay/quay-rhel8","cpes":["cpe:/a:redhat:quay:3.9::el8"],"versions":[{"version":"1773936323","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Satellite 6.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"satellite/iop-advisor-frontend-rhel9","cpes":["cpe:/a:redhat:satellite:6.18::el9"],"versions":[{"version":"1776250950","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Satellite 6.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"satellite/iop-host-inventory-frontend-rhel9","cpes":["cpe:/a:redhat:satellite:6.18::el9"],"versions":[{"version":"1776216284","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Satellite 6.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"satellite/iop-vulnerability-frontend-rhel9","cpes":["cpe:/a:redhat:satellite:6.18::el9"],"versions":[{"version":"1776269713","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer 1.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhtas/rhtas-console-ui-rhel9","cpes":["cpe:/a:redhat:trusted_artifact_signer:1.3::el9"],"versions":[{"version":"1771324807","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cryostat 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"io.cryostat-cryostat","cpes":["cpe:/a:redhat:cryostat:4"]},{"vendor":"Red Hat","product":"Gatekeeper 3","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gatekeeper/gatekeeper-rhel9","cpes":["cpe:/a:redhat:gatekeeper:3"]},{"vendor":"Red Hat","product":"Logging Subsystem for Red Hat OpenShift","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-logging/elasticsearch6-rhel9","cpes":["cpe:/a:redhat:logging:5"]},{"vendor":"Red Hat","product":"Logging Subsystem for Red Hat OpenShift","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-logging/elasticsearch-operator-bundle","cpes":["cpe:/a:redhat:logging:5"]},{"vendor":"Red Hat","product":"Logging Subsystem for Red Hat OpenShift","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-logging/elasticsearch-proxy-rhel9","cpes":["cpe:/a:redhat:logging:5"]},{"vendor":"Red Hat","product":"Logging Subsystem for Red Hat OpenShift","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-logging/elasticsearch-rhel9-operator","cpes":["cpe:/a:redhat:logging:5"]},{"vendor":"Red Hat","product":"Logging Subsystem for Red Hat OpenShift","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-logging/kibana6-rhel8","cpes":["cpe:/a:redhat:logging:5"]},{"vendor":"Red Hat","product":"Logging Subsystem for Red Hat OpenShift","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-logging/logging-curator5-rhel9","cpes":["cpe:/a:redhat:logging:5"]},{"vendor":"Red Hat","product":"Migration Toolkit for Applications 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"mta/mta-ui-rhel9","cpes":["cpe:/a:redhat:migration_toolkit_applications:8"]},{"vendor":"Red Hat","product":"OpenShift Pipelines","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-pipelines/pipelines-hub-api-rhel8","cpes":["cpe:/a:redhat:openshift_pipelines:1"]},{"vendor":"Red Hat","product":"OpenShift Pipelines","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-pipelines/pipelines-hub-db-migration-rhel8","cpes":["cpe:/a:redhat:openshift_pipelines:1"]},{"vendor":"Red Hat","product":"OpenShift Pipelines","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-pipelines/pipelines-hub-ui-rhel9","cpes":["cpe:/a:redhat:openshift_pipelines:1"]},{"vendor":"Red Hat","product":"OpenShift Service Mesh 3","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-service-mesh/kiali-operator-bundle","cpes":["cpe:/a:redhat:service_mesh:3"]},{"vendor":"Red Hat","product":"OpenShift Service Mesh 3","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-service-mesh/kiali-rhel9-operator","cpes":["cpe:/a:redhat:service_mesh:3"]},{"vendor":"Red Hat","product":"Red Hat 3scale API Management Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"3scale-amp20/system","cpes":["cpe:/a:redhat:red_hat_3scale_amp:2"]},{"vendor":"Red Hat","product":"Red Hat 3scale API Management Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"3scale-amp21/system","cpes":["cpe:/a:redhat:red_hat_3scale_amp:2"]},{"vendor":"Red Hat","product":"Red Hat 3scale API Management Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"3scale-amp22/system","cpes":["cpe:/a:redhat:red_hat_3scale_amp:2"]},{"vendor":"Red Hat","product":"Red Hat 3scale API Management Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"3scale-amp24/system","cpes":["cpe:/a:redhat:red_hat_3scale_amp:2"]},{"vendor":"Red Hat","product":"Red Hat 3scale API Management Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"3scale-amp25/system","cpes":["cpe:/a:redhat:red_hat_3scale_amp:2"]},{"vendor":"Red Hat","product":"Red Hat 3scale API Management Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"3scale-amp26/system","cpes":["cpe:/a:redhat:red_hat_3scale_amp:2"]},{"vendor":"Red Hat","product":"Red Hat 3scale API Management Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"3scale-amp2/system-rhel7","cpes":["cpe:/a:redhat:red_hat_3scale_amp:2"]},{"vendor":"Red Hat","product":"Red Hat 3scale API Management Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"3scale-amp2/system-rhel8","cpes":["cpe:/a:redhat:red_hat_3scale_amp:2"]},{"vendor":"Red Hat","product":"Red Hat 3scale API Management Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"3scale-amp2/system-rhel9","cpes":["cpe:/a:redhat:red_hat_3scale_amp:2"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Security 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"advanced-cluster-security/rhacs-main-rhel8","cpes":["cpe:/a:redhat:advanced_cluster_security:4"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform/automation-dashboard-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-tech-preview/automation-dashboard-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"automation-controller","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"automation-gateway","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"automation-hub","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"python3.11-galaxy-ng","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"python3x-galaxy-ng","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"python-galaxy-ng","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat build of Apache Camel - HawtIO 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"io.hawt-project","cpes":["cpe:/a:redhat:apache_camel_hawtio:4"]},{"vendor":"Red Hat","product":"Red Hat build of Apicurio Registry 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"io.apicurio-apicurio-registry","cpes":["cpe:/a:redhat:service_registry:2"]},{"vendor":"Red Hat","product":"Red Hat Build of Kueue","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kueue/kueue-must-gather-rhel9","cpes":["cpe:/a:redhat:kueue_operator:1"]},{"vendor":"Red Hat","product":"Red Hat Build of Kueue","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kueue/kueue-operator-bundle","cpes":["cpe:/a:redhat:kueue_operator:1"]},{"vendor":"Red Hat","product":"Red Hat Build of Kueue","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kueue/kueue-rhel9","cpes":["cpe:/a:redhat:kueue_operator:1"]},{"vendor":"Red Hat","product":"Red Hat Build of Kueue","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kueue/kueue-rhel9-operator","cpes":["cpe:/a:redhat:kueue_operator:1"]},{"vendor":"Red Hat","product":"Red Hat Build of Podman Desktop - Tech Preview","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhdesktop/rh-podman-desktop-ext-openshift-local-rhel10","cpes":["cpe:/a:redhat:podman_desktop:0"]},{"vendor":"Red Hat","product":"Red Hat Data Grid 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"org.infinispan-infinispan-console","cpes":["cpe:/a:redhat:jboss_data_grid:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"grafana","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"grafana","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhelai3/bootc-cuda-rhel9","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhelai3/disk-image-cuda-rhel9","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"Red Hat Fuse 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"io.apicurio-apicurito","cpes":["cpe:/a:redhat:jboss_fuse:7"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-kf-notebook-controller-rhel8","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-notebook-controller-rhel8","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-agent-installer-ui-rhel9","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-console","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-console-rhel9","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Dev Spaces","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"devspaces/code-sshd-rhel9","cpes":["cpe:/a:redhat:openshift_devspaces:3"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Virtualization 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"container-native-virtualization/kubevirt-console-plugin","cpes":["cpe:/a:redhat:container_native_virtualization:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Virtualization 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"container-native-virtualization/kubevirt-console-plugin-rhel9","cpes":["cpe:/a:redhat:container_native_virtualization:4"]},{"vendor":"Red Hat","product":"Red Hat Process Automation 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"org.kie-process-migration-service","cpes":["cpe:/a:redhat:jboss_enterprise_bpms_platform:7"]},{"vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhtas/createtree-rhel9","cpes":["cpe:/a:redhat:trusted_artifact_signer:1"]},{"vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhtas/trillian-database-rhel9","cpes":["cpe:/a:redhat:trusted_artifact_signer:1"]},{"vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhtas/trillian-logserver-rhel9","cpes":["cpe:/a:redhat:trusted_artifact_signer:1"]},{"vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhtas/trillian-logsigner-rhel9","cpes":["cpe:/a:redhat:trusted_artifact_signer:1"]},{"vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhtas/trillian-redis-rhel9","cpes":["cpe:/a:redhat:trusted_artifact_signer:1"]},{"vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhtas/updatetree-rhel9","cpes":["cpe:/a:redhat:trusted_artifact_signer:1"]},{"vendor":"Red Hat","product":"Red Hat Trusted Profile Analyzer","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhtpa/rhtpa-trustification-service-rhel9","cpes":["cpe:/a:redhat:trusted_profile_analyzer:2"]},{"vendor":"Red Hat","product":"Self-service automation portal 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform/automation-portal","cpes":["cpe:/a:redhat:ansible_portal:2"]},{"vendor":"Red Hat","product":"streams for Apache Kafka 2","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"com.github.streamshub-console","cpes":["cpe:/a:redhat:amq_streams:2"]},{"vendor":"Red Hat","product":"streams for Apache Kafka 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"com.github.streamshub-console","cpes":["cpe:/a:redhat:amq_streams:3"]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-02-10T15:39:46.394625Z","id":"CVE-2026-25639","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-754"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-1287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:axios:axios:*:*:*:*:*:node.js:*:*","versionEndExcluding":"0.30.3","matchCriteriaId":"019BC980-929D-424C-8242-D0A874945DCE"},{"vulnerable":true,"criteria":"cpe:2.3:a:axios:axios:*:*:*:*:*:node.js:*:*","versionStartIncluding":"1.0.0","versionEndExcluding":"1.13.5","matchCriteriaId":"FDF4603C-A077-48CC-A144-EEBE1FE4611D"}]}]}],"references":[{"url":"https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/axios/axios/commit/d7ff1409c68168d3057fc3891f911b2b92616f9e","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/axios/axios/pull/7369","source":"security-advisories@github.com","tags":["Issue Tracking"]},{"url":"https://github.com/axios/axios/pull/7388","source":"security-advisories@github.com","tags":["Issue Tracking"]},{"url":"https://github.com/axios/axios/releases/tag/v0.30.3","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/axios/axios/releases/tag/v1.13.5","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:10184","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:11414","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:13542","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:13548","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:19712","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:25041","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:2694","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:3087","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:3105","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:3106","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:3107","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:3109","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36882","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:40138","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:4942","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:5142","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:5168","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:5174","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:5633","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:5636","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:5665","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:5807","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:6170","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:6174","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:6192","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:6277","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:6308","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:6309","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:6428","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:6497","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:6567","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:6568","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:6802","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:7249","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:8218","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:8229","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:8499","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:8500","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:8501","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:9848","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-25639","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438237","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25639.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-26278","sourceIdentifier":"security-advisories@github.com","published":"2026-02-19T20:25:43.717","lastModified":"2026-07-16T12:17:15.640","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.1.3 through 5.3.5, the XML parser can be forced to do an unlimited amount of entity expansion. With a very small XML input, it’s possible to make the parser spend seconds or even minutes processing a single request, effectively freezing the application. Version 5.3.6 fixes the issue. As a workaround, avoid using DOCTYPE parsing by `processEntities: false` option."},{"lang":"es","value":"fast-xml-parser permite a los usuarios validar XML, analizar XML a objeto JS, o construir XML desde objeto JS sin bibliotecas basadas en C/C++ y sin callback. En las versiones 4.1.3 a 5.3.5, el analizador XML puede ser forzado a realizar una cantidad ilimitada de expansión de entidades. Con una entrada XML muy pequeña, es posible hacer que el analizador dedique segundos o incluso minutos a procesar una única solicitud, congelando efectivamente la aplicación. La versión 5.3.6 corrige el problema. Como solución alternativa, evite usar el análisis de DOCTYPE mediante la opción 'processEntities: false'."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"NaturalIntelligence","product":"fast-xml-parser","versions":[{"version":">= 5.0.0, < 5.3.6","status":"affected"},{"version":">= 4.1.3, < 4.5.4","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Security for Kubernetes 4.8","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"advanced-cluster-security/rhacs-main-rhel8","cpes":["cpe:/a:redhat:advanced_cluster_security:4.8::el8"],"versions":[{"version":"1775594119","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Security for Kubernetes 4.9","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"advanced-cluster-security/rhacs-main-rhel8","cpes":["cpe:/a:redhat:advanced_cluster_security:4.9::el8"],"versions":[{"version":"1775594284","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Developer Hub 1.8","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhdh/rhdh-hub-rhel9","cpes":["cpe:/a:redhat:rhdh:1.8::el9"],"versions":[{"version":"1774545605","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Developer Hub 1.9","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhdh/rhdh-hub-rhel9","cpes":["cpe:/a:redhat:rhdh:1.9::el9"],"versions":[{"version":"1775140647","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/cephcsi-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1783667125","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/cephcsi-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1783666755","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/mcg-core-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1784054598","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/mcg-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1784055387","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-client-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1784055726","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-client-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1783667517","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-metrics-exporter-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1783667577","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1783667611","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-cli-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1784055020","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-cloudnative-pg-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1783667641","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1784055586","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-cosi-sidecar-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1783667790","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-csi-addons-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1783667859","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-csi-addons-sidecar-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1783667875","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-external-snapshotter-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1783667869","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-external-snapshotter-sidecar-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1783667877","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-multicluster-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1784055576","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-multicluster-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1784055244","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-must-gather-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1784055382","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1783668266","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odr-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1783668288","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/rook-ceph-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1783669219","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Migration Toolkit for Applications 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"mta/mta-ui-rhel9","cpes":["cpe:/a:redhat:migration_toolkit_applications:8"]},{"vendor":"Red Hat","product":"Red Hat OpenShift GitOps","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-gitops-1/argocd-rhel8","cpes":["cpe:/a:redhat:openshift_gitops:1"]},{"vendor":"Red Hat","product":"Red Hat OpenShift GitOps","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-gitops-1/argocd-rhel9","cpes":["cpe:/a:redhat:openshift_gitops:1"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Virtualization 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"container-native-virtualization/kubevirt-console-plugin","cpes":["cpe:/a:redhat:container_native_virtualization:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Virtualization 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"container-native-virtualization/kubevirt-console-plugin-rhel9","cpes":["cpe:/a:redhat:container_native_virtualization:4"]},{"vendor":"Red Hat","product":"Red Hat Satellite 6","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"satellite/iop-host-inventory-frontend-rhel9","cpes":["cpe:/a:redhat:satellite:6"]},{"vendor":"Red Hat","product":"Red Hat Satellite 6","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"satellite/iop-vulnerability-frontend-rhel9","cpes":["cpe:/a:redhat:satellite:6"]},{"vendor":"Red Hat","product":"Self-service automation portal 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform/automation-portal","cpes":["cpe:/a:redhat:ansible_portal:2"]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-02-19T20:58:40.378859Z","id":"CVE-2026-26278","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-776"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-776"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:naturalintelligence:fast-xml-parser:*:*:*:*:*:*:*:*","versionStartIncluding":"4.1.3","versionEndExcluding":"5.3.6","matchCriteriaId":"36BABE8E-2E99-48E8-8F1D-2B1CC69D5BB2"}]}]}],"references":[{"url":"https://github.com/NaturalIntelligence/fast-xml-parser/commit/910dae5be2de2955e968558fadf6e8f74f117a77","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.3.6","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-jmr7-xgp7-cmfj","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:40984","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:6174","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:6802","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:7110","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:7128","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-26278","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2441120","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-26278.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-25896","sourceIdentifier":"security-advisories@github.com","published":"2026-02-20T21:19:27.470","lastModified":"2026-07-16T12:17:15.267","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. From 4.1.3to before 5.3.5, a dot (.) in a DOCTYPE entity name is treated as a regex wildcard during entity replacement, allowing an attacker to shadow built-in XML entities (&lt;, &gt;, &amp;, &quot;, &apos;) with arbitrary values. This bypasses entity encoding and leads to XSS when parsed output is rendered. This vulnerability is fixed in 5.3.5."},{"lang":"es","value":"fast-xml-parser permite a los usuarios validar XML, analizar XML a objeto JS, o construir XML desde objeto JS sin librerías basadas en C/C++ y sin callback. Desde la versión 4.1.3 hasta antes de la 5.3.5, un punto (.) en un nombre de entidad DOCTYPE es tratado como un comodín de expresión regular durante el reemplazo de entidades, permitiendo a un atacante sombrear entidades XML incorporadas (&lt;, &gt;, &amp;, \", ') con valores arbitrarios. Esto omite la codificación de entidades y conduce a XSS cuando la salida analizada es renderizada. Esta vulnerabilidad se corrige en la versión 5.3.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"NaturalIntelligence","product":"fast-xml-parser","versions":[{"version":">= 5.0.0, < 5.3.5","status":"affected"},{"version":">= 4.1.3, < 4.5.4","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Security for Kubernetes 4.8","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"advanced-cluster-security/rhacs-main-rhel8","cpes":["cpe:/a:redhat:advanced_cluster_security:4.8::el8"],"versions":[{"version":"1775594119","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Security for Kubernetes 4.9","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"advanced-cluster-security/rhacs-main-rhel8","cpes":["cpe:/a:redhat:advanced_cluster_security:4.9::el8"],"versions":[{"version":"1775594284","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Developer Hub 1.8","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhdh/rhdh-hub-rhel9","cpes":["cpe:/a:redhat:rhdh:1.8::el9"],"versions":[{"version":"1774545605","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Developer Hub 1.9","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhdh/rhdh-hub-rhel9","cpes":["cpe:/a:redhat:rhdh:1.9::el9"],"versions":[{"version":"1775140647","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/cephcsi-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1783667125","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/cephcsi-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1783666755","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/mcg-core-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1784054598","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/mcg-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1784055387","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-client-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1784055726","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-client-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1783667517","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-metrics-exporter-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1783667577","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1783667611","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-cli-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1784055020","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-cloudnative-pg-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1783667641","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1784055586","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-cosi-sidecar-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1783667790","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-csi-addons-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1783667859","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-csi-addons-sidecar-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1783667875","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-external-snapshotter-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1783667869","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-external-snapshotter-sidecar-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1783667877","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-multicluster-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1784055576","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-multicluster-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1784055244","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-must-gather-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1784055382","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1783668266","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odr-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1783668288","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/rook-ceph-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1783669219","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Migration Toolkit for Applications 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"mta/mta-ui-rhel9","cpes":["cpe:/a:redhat:migration_toolkit_applications:8"]},{"vendor":"Red Hat","product":"Red Hat OpenShift GitOps","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-gitops-1/argocd-rhel8","cpes":["cpe:/a:redhat:openshift_gitops:1"]},{"vendor":"Red Hat","product":"Red Hat OpenShift GitOps","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-gitops-1/argocd-rhel9","cpes":["cpe:/a:redhat:openshift_gitops:1"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Virtualization 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"container-native-virtualization/kubevirt-console-plugin","cpes":["cpe:/a:redhat:container_native_virtualization:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Virtualization 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"container-native-virtualization/kubevirt-console-plugin-rhel9","cpes":["cpe:/a:redhat:container_native_virtualization:4"]},{"vendor":"Red Hat","product":"Red Hat Satellite 6","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"satellite/iop-host-inventory-frontend-rhel9","cpes":["cpe:/a:redhat:satellite:6"]},{"vendor":"Red Hat","product":"Red Hat Satellite 6","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"satellite/iop-vulnerability-frontend-rhel9","cpes":["cpe:/a:redhat:satellite:6"]},{"vendor":"Red Hat","product":"Self-service automation portal 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform/automation-portal","cpes":["cpe:/a:redhat:ansible_portal:2"]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.7},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-02-23T19:26:46.154155Z","id":"CVE-2026-25896","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-185"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:naturalintelligence:fast-xml-parser:*:*:*:*:*:*:*:*","versionStartIncluding":"4.1.3","versionEndExcluding":"5.3.5","matchCriteriaId":"CC7C6F3C-019C-4D48-A09F-D926B57DC0BC"}]}]}],"references":[{"url":"https://github.com/NaturalIntelligence/fast-xml-parser/commit/943ef0eb1b2d3284e72dd74f44a042ee9f07026e","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/NaturalIntelligence/fast-xml-parser/commit/ddcd0acf26ddd682cb0dc15a2bd6aa3b96bb1e69","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.3.5","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-m7jm-9gc2-mpf2","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:40984","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:6174","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:6802","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:7110","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:7128","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-25896","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2441501","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25896.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2025-67030","sourceIdentifier":"cve@mitre.org","published":"2026-03-25T18:16:25.880","lastModified":"2026-07-16T12:16:58.357","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code"},{"lang":"es","value":"Vulnerabilidad de salto de directorio en el método extractFile de org.codehaus.plexus.util.Expand en plexus-utils anterior a 6d780b3378829318ba5c2d29547e0012d5b29642. Esto permite a un atacante ejecutar código arbitrario"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat build of Apache Camel 4.18.1 for Spring Boot 3.5.14","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"plexus-utils","cpes":["cpe:/a:redhat:apache_camel_spring_boot:4.18"]},{"vendor":"Red Hat","product":"Red Hat build of Quarkus 3.20.6","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"plexus-utils","cpes":["cpe:/a:redhat:quarkus:3.20::el8"]},{"vendor":"Red Hat","product":"Red Hat build of Quarkus 3.27.3","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"plexus-utils","cpes":["cpe:/a:redhat:quarkus:3.27::el8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"plexus-utils","cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"versions":[{"version":"0:3.5.1-9.el10_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10.0 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"plexus-utils","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"],"versions":[{"version":"0:3.5.1-8.el10_0.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"maven:3.8","cpes":["cpe:/a:redhat:enterprise_linux:8"],"versions":[{"version":"8100020260520141024.b249b32d","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Telecommunications Update Service","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"maven:3.8","cpes":["cpe:/a:redhat:rhel_tus:8.8"],"versions":[{"version":"8080020260615155417.a1d5b3e2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"maven:3.8","cpes":["cpe:/a:redhat:rhel_e4s:8.8"],"versions":[{"version":"8080020260615155417.a1d5b3e2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"maven:3.9","cpes":["cpe:/a:redhat:enterprise_linux:9"],"versions":[{"version":"9080020260520135357.470dcefd","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"plexus-utils","cpes":["cpe:/a:redhat:enterprise_linux:9"],"versions":[{"version":"0:3.3.0-14.el9_8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"plexus-utils","cpes":["cpe:/a:redhat:rhel_e4s:9.2"],"versions":[{"version":"0:3.3.0-10.el9_2.2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"plexus-utils","cpes":["cpe:/a:redhat:rhel_e4s:9.4"],"versions":[{"version":"0:3.3.0-10.el9_4.2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.6 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"plexus-utils","cpes":["cpe:/a:redhat:rhel_eus:9.6"],"versions":[{"version":"0:3.3.0-13.el9_6.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.6 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"maven:3.9","cpes":["cpe:/a:redhat:rhel_eus:9.6"],"versions":[{"version":"9060020260612145814.470dcefd","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"plexus-utils","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-activemq-artemis","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"versions":[{"version":"0:2.40.0-6.redhat_00012.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-angus","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"versions":[{"version":"0:2.0.5-1.redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-angus-activation","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"versions":[{"version":"0:2.0.3-1.redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-bouncycastle","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"versions":[{"version":"0:1.84.0-1.redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-eap-product-conf-parent","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"versions":[{"version":"0:801.6.0-1.GA_redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-guava-failureaccess","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"versions":[{"version":"0:1.0.3-1.redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-guava-libraries","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"versions":[{"version":"0:33.0.0-3.jre_redhat_00004.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-hal-console","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"versions":[{"version":"0:3.7.19-1.Final_redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-hibernate","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"versions":[{"version":"0:6.6.48-1.Final_redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-hibernate-search","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"versions":[{"version":"0:7.2.6-1.Final_redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-jakarta-activation","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"versions":[{"version":"0:2.1.4-1.redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-jboss-logging","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"versions":[{"version":"0:3.6.2-1.Final_redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-jboss-metadata","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"versions":[{"version":"0:16.1.0-1.Final_redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-jctools","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"versions":[{"version":"0:4.0.6-1.redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-netty","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"versions":[{"version":"0:4.1.132-1.Final_redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-netty-transport-native-epoll","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"versions":[{"version":"0:4.1.132-1.Final_redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-plexus-utils","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"versions":[{"version":"0:3.6.1-1.redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-reactivex-rxjava","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"versions":[{"version":"0:3.1.12-1.redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-reactivex-rxjava2","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"versions":[{"version":"0:2.2.21-5.redhat_00003.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-wildfly","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"versions":[{"version":"0:8.1.6-5.GA_redhat_00007.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-wildfly-client-config","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"versions":[{"version":"0:1.0.1-4.Final_redhat_00002.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-wildfly-http-client","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"versions":[{"version":"0:2.1.4-1.Final_redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-wildfly-javadocs","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"versions":[{"version":"0:8.1.1-10.GA_redhat_00017.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-wildfly-openssl","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"versions":[{"version":"0:2.3.0-1.Final_redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-wildfly-openssl-el8-x86_64","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"versions":[{"version":"0:2.3.0-1.Final.redhat.00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-yasson","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"versions":[{"version":"0:3.0.4-5.redhat_00007.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-activemq-artemis","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:2.40.0-6.redhat_00012.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-angus","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:2.0.5-1.redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-angus-activation","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:2.0.3-1.redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-bouncycastle","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:1.84.0-1.redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-eap-product-conf-parent","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:801.6.0-1.GA_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-guava-failureaccess","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:1.0.3-1.redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-guava-libraries","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:33.0.0-3.jre_redhat_00004.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-hal-console","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:3.7.19-1.Final_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-hibernate","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:6.6.48-1.Final_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-hibernate-search","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:7.2.6-1.Final_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-jakarta-activation","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:2.1.4-1.redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-jboss-logging","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:3.6.2-1.Final_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-jboss-metadata","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:16.1.0-1.Final_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-jctools","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:4.0.6-1.redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-netty","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:4.1.132-1.Final_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-netty-transport-native-epoll","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:4.1.132-1.Final_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-plexus-utils","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:3.6.1-1.redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-reactivex-rxjava","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:3.1.12-1.redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-reactivex-rxjava2","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:2.2.21-5.redhat_00003.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-wildfly","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:8.1.6-5.GA_redhat_00007.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-wildfly-client-config","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:1.0.1-4.Final_redhat_00002.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-wildfly-http-client","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:2.1.4-1.Final_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-wildfly-javadocs","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:8.1.1-10.GA_redhat_00017.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-wildfly-openssl","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:2.3.0-1.Final_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-wildfly-openssl-el9-x86_64","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:2.3.0-1.Final_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-yasson","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:3.0.4-5.redhat_00007.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cryostat 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"plexus-utils","cpes":["cpe:/a:redhat:cryostat:4"]},{"vendor":"Red Hat","product":"OpenShift Developer Tools and Services","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"jenkins-2-plugins","cpes":["cpe:/a:redhat:ocp_tools"]},{"vendor":"Red Hat","product":"OpenShift Developer Tools and Services","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ocp-tools-4/jenkins-rhel8","cpes":["cpe:/a:redhat:ocp_tools"]},{"vendor":"Red Hat","product":"OpenShift Developer Tools and Services","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ocp-tools-4/jenkins-rhel9","cpes":["cpe:/a:redhat:ocp_tools"]},{"vendor":"Red Hat","product":"OpenShift Serverless","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-serverless-1/kn-eventing-integrations-aws-ddb-streams-source-rhel9","cpes":["cpe:/a:redhat:serverless:1"]},{"vendor":"Red Hat","product":"OpenShift Serverless","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-serverless-1/kn-eventing-integrations-aws-s3-sink-rhel9","cpes":["cpe:/a:redhat:serverless:1"]},{"vendor":"Red Hat","product":"OpenShift Serverless","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-serverless-1/kn-eventing-integrations-aws-s3-source-rhel9","cpes":["cpe:/a:redhat:serverless:1"]},{"vendor":"Red Hat","product":"OpenShift Serverless","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-serverless-1/kn-eventing-integrations-aws-sns-sink-rhel9","cpes":["cpe:/a:redhat:serverless:1"]},{"vendor":"Red Hat","product":"OpenShift Serverless","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-serverless-1/kn-eventing-integrations-aws-sqs-sink-rhel9","cpes":["cpe:/a:redhat:serverless:1"]},{"vendor":"Red Hat","product":"OpenShift Serverless","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-serverless-1/kn-eventing-integrations-aws-sqs-source-rhel9","cpes":["cpe:/a:redhat:serverless:1"]},{"vendor":"Red Hat","product":"OpenShift Serverless","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-serverless-1/kn-eventing-integrations-log-sink-rhel9","cpes":["cpe:/a:redhat:serverless:1"]},{"vendor":"Red Hat","product":"OpenShift Serverless","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-serverless-1/kn-eventing-integrations-timer-source-rhel9","cpes":["cpe:/a:redhat:serverless:1"]},{"vendor":"Red Hat","product":"Red Hat AMQ Broker 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"plexus-utils","cpes":["cpe:/a:redhat:amq_broker:7"]},{"vendor":"Red Hat","product":"Red Hat AMQ Clients","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"plexus-utils","cpes":["cpe:/a:redhat:amq_clients:2023"]},{"vendor":"Red Hat","product":"Red Hat build of Apicurio Registry 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"plexus-utils","cpes":["cpe:/a:redhat:service_registry:2"]},{"vendor":"Red Hat","product":"Red Hat build of Apicurio Registry 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"plexus-utils","cpes":["cpe:/a:redhat:apicurio_registry:3"]},{"vendor":"Red Hat","product":"Red Hat build of Debezium 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"plexus-utils","cpes":["cpe:/a:redhat:debezium:3"]},{"vendor":"Red Hat","product":"Red Hat build of Quarkus Native builder","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"plexus-utils","cpes":["cpe:/a:redhat:quarkus:3"]},{"vendor":"Red Hat","product":"Red Hat Data Grid 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"plexus-utils","cpes":["cpe:/a:redhat:jboss_data_grid:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javacc","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"moditect","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"sisu","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"sisu-mojos","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"qpid-cpp","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"qpid-qmf","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"exec-maven-plugin","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"maven","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"maven2","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"maven-archiver","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"maven-assembly-plugin","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"maven-changes-plugin","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"maven-clean-plugin","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"maven-common-artifact-filters","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"maven-dependency-analyzer","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"maven-deploy-plugin","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"maven-doxia","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"maven-doxia-sitetools","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"maven-doxia-tools","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"maven-enforcer","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"maven-filtering","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"maven-gpg-plugin","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"maven-install-plugin","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"maven-invoker","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"maven-invoker-plugin","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"maven-jarsigner-plugin","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"maven-javadoc-plugin","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"maven-jxr","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"maven-plugin-tools","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"maven-project-info-reports-plugin","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"maven-release","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"maven-remote-resources-plugin","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"maven-scm","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"maven-script-interpreter","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"maven-shade-plugin","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"maven-surefire","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"maven-wagon","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"modello","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"velocity","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xbean","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/exec-maven-plugin","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/hawtjni","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/javacc","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/javacc-maven-plugin","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/maven","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/maven2","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/maven-antrun-plugin","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/maven-archiver","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/maven-artifact-transfer","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/maven-assembly-plugin","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/maven-compiler-plugin","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/maven-dependency-analyzer","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/maven-dependency-plugin","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/maven-doxia","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/maven-doxia-sitetools","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/maven-enforcer","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/maven-file-management","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/maven-filtering","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/maven-install-plugin","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/maven-invoker","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/maven-invoker-plugin","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/maven-jar-plugin","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/maven-plugin-bundle","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/maven-plugin-testing","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/maven-plugin-tools","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/maven-remote-resources-plugin","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/maven-reporting-impl","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/maven-resolver","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/maven-resources-plugin","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/maven-script-interpreter","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/maven-shade-plugin","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/maven-shared-io","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/maven-source-plugin","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/maven-surefire","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/maven-wagon","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/modello","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/os-maven-plugin","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/plexus-ant-factory","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/plexus-archiver","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/plexus-bsh-factory","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/plexus-build-api","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/plexus-cli","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/plexus-compiler","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/plexus-components-pom","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/plexus-containers","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/plexus-i18n","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/plexus-interactivity","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/plexus-io","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/plexus-resources","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/plexus-utils","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/sonatype-plugins-parent","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/spice-parent","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"javapackages-tools:201801/xbean","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ceph","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"jmc","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"maven","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"maven-artifact-transfer","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"maven-enforcer","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"maven-jar-plugin","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"maven-plugin-testing","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"maven-plugin-tools","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"maven-resolver","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"maven-wagon","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"sisu","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xbean","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Fuse 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"plexus-utils","cpes":["cpe:/a:redhat:jboss_fuse:7"]},{"vendor":"Red Hat","product":"Red Hat JBoss Core Services","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"plexus-utils","cpes":["cpe:/a:redhat:jboss_core_services:1"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"plexus-utils","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"plexus-utils","cpes":["cpe:/a:redhat:jbosseapxp"]},{"vendor":"Red Hat","product":"Red Hat JBoss Web Server 5","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"plexus-utils","cpes":["cpe:/a:redhat:jboss_enterprise_web_server:5"]},{"vendor":"Red Hat","product":"Red Hat JBoss Web Server 6","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"plexus-utils","cpes":["cpe:/a:redhat:jboss_enterprise_web_server:6"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-trustyai-service-rhel8","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-trustyai-service-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat Process Automation 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"plexus-utils","cpes":["cpe:/a:redhat:jboss_enterprise_bpms_platform:7"]},{"vendor":"Red Hat","product":"Red Hat Satellite 6","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"candlepin","cpes":["cpe:/a:redhat:satellite:6"]},{"vendor":"Red Hat","product":"Red Hat Satellite 6","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"satellite:el8/candlepin","cpes":["cpe:/a:redhat:satellite:6"]},{"vendor":"Red Hat","product":"Red Hat Single Sign-On 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"plexus-utils","cpes":["cpe:/a:redhat:red_hat_single_sign_on:7"]},{"vendor":"Red Hat","product":"streams for Apache Kafka 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"plexus-utils","cpes":["cpe:/a:redhat:amq_streams:2"]},{"vendor":"Red Hat","product":"streams for Apache Kafka 3","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"plexus-utils","cpes":["cpe:/a:redhat:amq_streams:3"]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-27T19:33:16.549505Z","id":"CVE-2025-67030","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:codehaus-plexus:plexus-utils:*:*:*:*:*:*:*:*","versionEndExcluding":"3.6.1","matchCriteriaId":"642FD06A-559F-4234-BCC3-63AFFD47A41C"},{"vulnerable":true,"criteria":"cpe:2.3:a:codehaus-plexus:plexus-utils:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.0.3","matchCriteriaId":"29C552CC-D882-4EDF-AF4B-7AA02D7B70AE"}]}]}],"references":[{"url":"https://gist.github.com/weaver4VD/3216dac645220f8c9b488362f61241ec","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://github.com/codehaus-plexus/plexus-utils/commit/6d780b3378829318ba5c2d29547e0012d5b29642","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/codehaus-plexus/plexus-utils/issues/294","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://github.com/codehaus-plexus/plexus-utils/pull/295","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/codehaus-plexus/plexus-utils/pull/296","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://access.redhat.com/errata/RHSA-2026:17668","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:18054","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:18055","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:18059","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35990","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35991","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35992","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35996","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35997","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36012","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:38500","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:38514","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:38796","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:40841","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:7109","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:7380","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2025-67030","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451409","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-67030.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-34986","sourceIdentifier":"security-advisories@github.com","published":"2026-04-06T17:17:11.870","lastModified":"2026-07-16T12:17:33.313","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption (JWE) object will panic if the alg field indicates a key wrapping algorithm (one ending in KW, with the exception of A128GCMKW, A192GCMKW, and A256GCMKW) and the encrypted_key field is empty. The panic happens when cipher.KeyUnwrap() in key_wrap.go attempts to allocate a slice with a zero or negative length based on the length of the encrypted_key. This code path is reachable from ParseEncrypted() / ParseEncryptedJSON() / ParseEncryptedCompact() followed by Decrypt() on the resulting object. Note that the parse functions take a list of accepted key algorithms. If the accepted key algorithms do not include any key wrapping algorithms, parsing will fail and the application will be unaffected. This panic is also reachable by calling cipher.KeyUnwrap() directly with any ciphertext parameter less than 16 bytes long, but calling this function directly is less common. Panics can lead to denial of service. This vulnerability is fixed in 4.1.4 and 3.0.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"go-jose","product":"go-jose","versions":[{"version":">= 4.0.0, < 4.1.4","status":"affected"},{"version":"< 3.0.5","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Cryostat 4 on RHEL 9","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"cryostat/cryostat-storage-rhel9","cpes":["cpe:/a:redhat:cryostat:4::el9"],"versions":[{"version":"4.2.0-13","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"podman","cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"versions":[{"version":"7:5.8.2-1.el10_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"opentelemetry-collector","cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"versions":[{"version":"0:0.144.0-2.el10_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"osbuild-composer","cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"versions":[{"version":"0:165.1-2.el10_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"image-builder","cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"versions":[{"version":"0:52.1-1.el10_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10.0 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"skopeo","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"],"versions":[{"version":"2:1.18.1-3.el10_0.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10.0 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"podman","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"],"versions":[{"version":"6:5.4.0-15.el10_0.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10.0 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"opentelemetry-collector","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"],"versions":[{"version":"0:0.144.0-2.el10_0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10.0 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"buildah","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"],"versions":[{"version":"2:1.39.9-1.el10_0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10.0 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"osbuild-composer","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"],"versions":[{"version":"0:134.1-9.el10_0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"container-tools:rhel8","cpes":["cpe:/a:redhat:enterprise_linux:8"],"versions":[{"version":"8100020260520103055.afee755d","lessThan":"*","versionType":"rpm","status":"unaffected"},{"version":"8100020260701102925.afee755d","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"buildah","cpes":["cpe:/a:redhat:enterprise_linux:9"],"versions":[{"version":"2:1.41.8-3.el9_7","lessThan":"*","versionType":"rpm","status":"unaffected"},{"version":"2:1.43.1-1.el9_8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"podman","cpes":["cpe:/a:redhat:enterprise_linux:9"],"versions":[{"version":"6:5.8.2-1.el9_8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"opentelemetry-collector","cpes":["cpe:/a:redhat:enterprise_linux:9"],"versions":[{"version":"0:0.144.0-2.el9_8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"osbuild-composer","cpes":["cpe:/a:redhat:enterprise_linux:9"],"versions":[{"version":"0:165.1-2.el9_8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"image-builder","cpes":["cpe:/a:redhat:enterprise_linux:9"],"versions":[{"version":"0:52.1-1.el9_8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"podman","cpes":["cpe:/a:redhat:rhel_e4s:9.2"],"versions":[{"version":"2:4.4.1-22.el9_2.11","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"skopeo","cpes":["cpe:/a:redhat:rhel_e4s:9.2"],"versions":[{"version":"2:1.11.4-0.1.el9_2.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"buildah","cpes":["cpe:/a:redhat:rhel_e4s:9.2"],"versions":[{"version":"1:1.29.7-1.el9_2.5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.4 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"opentelemetry-collector","cpes":["cpe:/a:redhat:rhel_eus:9.4"],"versions":[{"version":"0:0.144.0-2.el9_4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"osbuild-composer","cpes":["cpe:/a:redhat:rhel_e4s:9.4"],"versions":[{"version":"0:101.3-4.el9_4.2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"buildah","cpes":["cpe:/a:redhat:rhel_e4s:9.4"],"versions":[{"version":"2:1.33.15-1.el9_4.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"podman","cpes":["cpe:/a:redhat:rhel_e4s:9.4"],"versions":[{"version":"4:4.9.4-20.el9_4.3","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"skopeo","cpes":["cpe:/a:redhat:rhel_e4s:9.4"],"versions":[{"version":"2:1.14.6-1.el9_4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.6 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"podman","cpes":["cpe:/a:redhat:rhel_eus:9.6"],"versions":[{"version":"5:5.4.0-20.el9_6.3","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.6 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"opentelemetry-collector","cpes":["cpe:/a:redhat:rhel_eus:9.6"],"versions":[{"version":"0:0.144.0-2.el9_6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.6 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"buildah","cpes":["cpe:/a:redhat:rhel_eus:9.6"],"versions":[{"version":"2:1.39.9-1.el9_6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.6 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"skopeo","cpes":["cpe:/a:redhat:rhel_eus:9.6"],"versions":[{"version":"2:1.18.1-5.el9_6.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.6 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"osbuild-composer","cpes":["cpe:/a:redhat:rhel_eus:9.6"],"versions":[{"version":"0:132.2-8.el9_6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Custom Metric Autoscaler 2.19","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9","cpes":["cpe:/a:redhat:openshift_custom_metrics_autoscaler:2.19::el9"],"versions":[{"version":"1780101236","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Custom Metric Autoscaler 2.19","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel9","cpes":["cpe:/a:redhat:openshift_custom_metrics_autoscaler:2.19::el9"],"versions":[{"version":"1780101226","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Custom Metric Autoscaler 2.19","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9","cpes":["cpe:/a:redhat:openshift_custom_metrics_autoscaler:2.19::el9"],"versions":[{"version":"1780101239","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Custom Metric Autoscaler 2.19","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9-operator","cpes":["cpe:/a:redhat:openshift_custom_metrics_autoscaler:2.19::el9"],"versions":[{"version":"1779953535","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Logging Subsystem for Red Hat OpenShift 6.0","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-logging/lokistack-gateway-rhel9","cpes":["cpe:/a:redhat:logging:6.0::el9"],"versions":[{"version":"1781192909","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Logging Subsystem for Red Hat OpenShift 6.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-logging/cluster-logging-rhel9-operator","cpes":["cpe:/a:redhat:logging:6.4::el9"],"versions":[{"version":"1782412815","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Logging Subsystem for Red Hat OpenShift 6.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-logging/lokistack-gateway-rhel9","cpes":["cpe:/a:redhat:logging:6.4::el9"],"versions":[{"version":"1782392961","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.10","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/assisted-installer-agent-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.10::el9"],"versions":[{"version":"1776351169","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.10","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/assisted-service-9-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.10::el9"],"versions":[{"version":"1779135478","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.11","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/assisted-service-9-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.11::el9"],"versions":[{"version":"1778892370","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/assisted-installer-controller-rhel8","cpes":["cpe:/a:redhat:multicluster_engine:2.6::el8"],"versions":[{"version":"1778507267","lessThan":"*","versionType":"rpm","status":"unaffected"},{"version":"1782204403","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/assisted-installer-rhel8","cpes":["cpe:/a:redhat:multicluster_engine:2.6::el8"],"versions":[{"version":"1778507253","lessThan":"*","versionType":"rpm","status":"unaffected"},{"version":"1782204381","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/assisted-service-8-rhel8","cpes":["cpe:/a:redhat:multicluster_engine:2.6::el8"],"versions":[{"version":"1778476004","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/assisted-installer-agent-rhel8","cpes":["cpe:/a:redhat:multicluster_engine:2.6::el8"],"versions":[{"version":"1782203505","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/assisted-service-9-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.6::el9"],"versions":[{"version":"1778476002","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.7","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/assisted-installer-agent-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.7::el9"],"versions":[{"version":"1777360597","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.8","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/assisted-service-8-rhel8","cpes":["cpe:/a:redhat:multicluster_engine:2.8::el8"],"versions":[{"version":"1778288655","lessThan":"*","versionType":"rpm","status":"unaffected"},{"version":"1779910504","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.8","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/assisted-installer-agent-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.8::el9"],"versions":[{"version":"1778503377","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.8","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/assisted-installer-controller-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.8::el9"],"versions":[{"version":"1778503196","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.8","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/assisted-installer-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.8::el9"],"versions":[{"version":"1778503297","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.8","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/assisted-service-9-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.8::el9"],"versions":[{"version":"1778288646","lessThan":"*","versionType":"rpm","status":"unaffected"},{"version":"1779910129","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.8","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/must-gather-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.8::el9"],"versions":[{"version":"1782158798","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.9","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/assisted-service-8-rhel8","cpes":["cpe:/a:redhat:multicluster_engine:2.9::el8"],"versions":[{"version":"1778464111","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.9","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/assisted-service-9-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.9::el9"],"versions":[{"version":"1778464072","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Multicluster Global Hub 1.3.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-globalhub/multicluster-globalhub-grafana-rhel9","cpes":["cpe:/a:redhat:multicluster_globalhub:1.3::el9"],"versions":[{"version":"1779212259","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Multicluster Global Hub 1.4.5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-globalhub/multicluster-globalhub-grafana-rhel9","cpes":["cpe:/a:redhat:multicluster_globalhub:1.4::el9"],"versions":[{"version":"1779579439","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Multicluster Global Hub 1.5.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-globalhub/multicluster-globalhub-grafana-rhel9","cpes":["cpe:/a:redhat:multicluster_globalhub:1.5::el9"],"versions":[{"version":"1778867753","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Multicluster Global Hub 1.6.2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-globalhub/multicluster-globalhub-grafana-rhel9","cpes":["cpe:/a:redhat:multicluster_globalhub:1.6::el9"],"versions":[{"version":"1780167118","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"OpenShift API for Data Protection 1.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"oadp/oadp-mustgather-rhel9","cpes":["cpe:/a:redhat:openshift_api_data_protection:1.4::el9"],"versions":[{"version":"1779770049","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"OpenShift API for Data Protection 1.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"oadp/oadp-velero-plugin-rhel9","cpes":["cpe:/a:redhat:openshift_api_data_protection:1.4::el9"],"versions":[{"version":"1779243793","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"OpenShift API for Data Protection 1.5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"oadp/oadp-mustgather-rhel9","cpes":["cpe:/a:redhat:openshift_api_data_protection:1.5::el9"],"versions":[{"version":"1779770057","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"OpenShift API for Data Protection 1.5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"oadp/oadp-velero-plugin-rhel9","cpes":["cpe:/a:redhat:openshift_api_data_protection:1.5::el9"],"versions":[{"version":"1779245274","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.14","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhacm2/submariner-rhel9-operator","cpes":["cpe:/a:redhat:acm:2.14::el9"],"versions":[{"version":"1780204322","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Security for Kubernetes 4.10","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"advanced-cluster-security/rhacs-main-rhel8","cpes":["cpe:/a:redhat:advanced_cluster_security:4.10::el8"],"versions":[{"version":"1777976489","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Security for Kubernetes 4.8","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"advanced-cluster-security/rhacs-main-rhel8","cpes":["cpe:/a:redhat:advanced_cluster_security:4.8::el8"],"versions":[{"version":"1777307791","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Security for Kubernetes 4.8","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"advanced-cluster-security/rhacs-roxctl-rhel8","cpes":["cpe:/a:redhat:advanced_cluster_security:4.8::el8"],"versions":[{"version":"1777307791","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Security for Kubernetes 4.8","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"advanced-cluster-security/rhacs-scanner-rhel8","cpes":["cpe:/a:redhat:advanced_cluster_security:4.8::el8"],"versions":[{"version":"1776727747","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Security for Kubernetes 4.8","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"advanced-cluster-security/rhacs-scanner-slim-rhel8","cpes":["cpe:/a:redhat:advanced_cluster_security:4.8::el8"],"versions":[{"version":"1776727747","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Security for Kubernetes 4.8","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"advanced-cluster-security/rhacs-scanner-v4-rhel8","cpes":["cpe:/a:redhat:advanced_cluster_security:4.8::el8"],"versions":[{"version":"1777307791","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Security for Kubernetes 4.9","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"advanced-cluster-security/rhacs-main-rhel8","cpes":["cpe:/a:redhat:advanced_cluster_security:4.9::el8"],"versions":[{"version":"1777986630","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Security for Kubernetes 4.9","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"advanced-cluster-security/rhacs-roxctl-rhel8","cpes":["cpe:/a:redhat:advanced_cluster_security:4.9::el8"],"versions":[{"version":"1777986630","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Security for Kubernetes 4.9","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"advanced-cluster-security/rhacs-scanner-v4-rhel8","cpes":["cpe:/a:redhat:advanced_cluster_security:4.9::el8"],"versions":[{"version":"1777986630","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 2.25","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhoai/odh-model-controller-rhel9","cpes":["cpe:/a:redhat:openshift_ai:2.25::el9"],"versions":[{"version":"1780069381","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 3.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhoai/odh-kube-auth-proxy-rhel9","cpes":["cpe:/a:redhat:openshift_ai:3.3::el9"],"versions":[{"version":"1778696221","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 3.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhoai/odh-model-controller-rhel9","cpes":["cpe:/a:redhat:openshift_ai:3.3::el9"],"versions":[{"version":"1778578758","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.17","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift4/ose-telemeter-rhel9","cpes":["cpe:/a:redhat:openshift:4.17::el9"],"versions":[{"version":"1778711679","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.17","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift4/ose-oauth-server-rhel9","cpes":["cpe:/a:redhat:openshift:4.17::el9"],"versions":[{"version":"1782185551","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift4/ose-telemeter-rhel9","cpes":["cpe:/a:redhat:openshift:4.18::el9"],"versions":[{"version":"1778152595","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift4/ose-oauth-server-rhel9","cpes":["cpe:/a:redhat:openshift:4.18::el9"],"versions":[{"version":"1781612340","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.19","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift4/ose-telemeter-rhel9","cpes":["cpe:/a:redhat:openshift:4.19::el9"],"versions":[{"version":"1779253452","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.19","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift4/ose-oauth-server-rhel9","cpes":["cpe:/a:redhat:openshift:4.19::el9"],"versions":[{"version":"1781528081","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift4/ose-telemeter-rhel9","cpes":["cpe:/a:redhat:openshift:4.20::el9"],"versions":[{"version":"1778139790","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift4/ose-cli-rhel9","cpes":["cpe:/a:redhat:openshift:4.20::el9"],"versions":[{"version":"1779775173","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift4/ose-olm-catalogd-rhel9","cpes":["cpe:/a:redhat:openshift:4.20::el9"],"versions":[{"version":"1779776767","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift4/ose-olm-operator-controller-rhel9","cpes":["cpe:/a:redhat:openshift:4.20::el9"],"versions":[{"version":"1779777382","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift4/ose-operator-framework-tools-rhel9","cpes":["cpe:/a:redhat:openshift:4.20::el9"],"versions":[{"version":"1779778558","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift4/ose-operator-lifecycle-manager-rhel9","cpes":["cpe:/a:redhat:openshift:4.20::el9"],"versions":[{"version":"1779775521","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift4/ose-operator-registry-rhel9","cpes":["cpe:/a:redhat:openshift:4.20::el9"],"versions":[{"version":"1779776141","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift4/ose-cloud-credential-rhel9-operator","cpes":["cpe:/a:redhat:openshift:4.20::el9"],"versions":[{"version":"1780992173","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift4/ose-kube-state-metrics-rhel9","cpes":["cpe:/a:redhat:openshift:4.20::el9"],"versions":[{"version":"1780991067","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift4/ose-machine-config-rhel9-operator","cpes":["cpe:/a:redhat:openshift:4.20::el9"],"versions":[{"version":"1781095245","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift4/oc-mirror-plugin-rhel9","cpes":["cpe:/a:redhat:openshift:4.20::el9"],"versions":[{"version":"1781196942","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.21","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift4/ose-telemeter-rhel9","cpes":["cpe:/a:redhat:openshift:4.21::el9"],"versions":[{"version":"1778004922","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.21","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift4/ose-machine-config-rhel9-operator","cpes":["cpe:/a:redhat:openshift:4.21::el9"],"versions":[{"version":"1779258037","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.21","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift4/ose-olm-catalogd-rhel9","cpes":["cpe:/a:redhat:openshift:4.21::el9"],"versions":[{"version":"1779264135","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.21","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift4/ose-olm-operator-controller-rhel9","cpes":["cpe:/a:redhat:openshift:4.21::el9"],"versions":[{"version":"1779263963","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.21","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift4/ose-operator-framework-tools-rhel9","cpes":["cpe:/a:redhat:openshift:4.21::el9"],"versions":[{"version":"1779256521","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.21","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift4/ose-operator-lifecycle-manager-rhel9","cpes":["cpe:/a:redhat:openshift:4.21::el9"],"versions":[{"version":"1779260263","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.21","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift4/ose-operator-registry-rhel9","cpes":["cpe:/a:redhat:openshift:4.21::el9"],"versions":[{"version":"1779265022","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.21","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift4/ose-cli-rhel9","cpes":["cpe:/a:redhat:openshift:4.21::el9"],"versions":[{"version":"1779775977","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.21","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift4/ose-cloud-credential-rhel9-operator","cpes":["cpe:/a:redhat:openshift:4.21::el9"],"versions":[{"version":"1780402732","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.21","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift4/ose-kube-state-metrics-rhel9","cpes":["cpe:/a:redhat:openshift:4.21::el9"],"versions":[{"version":"1780402633","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.21","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift4/oc-mirror-plugin-rhel9","cpes":["cpe:/a:redhat:openshift:4.21::el9"],"versions":[{"version":"1780984236","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.21","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift4/ose-oauth-server-rhel9","cpes":["cpe:/a:redhat:openshift:4.21::el9"],"versions":[{"version":"1781023907","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.21","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift4/ose-installer-artifacts-rhel9","cpes":["cpe:/a:redhat:openshift:4.21::el9"],"versions":[{"version":"1781129269","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.22","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift4/ose-installer-artifacts-rhel9","cpes":["cpe:/a:redhat:openshift:4.22::el9"],"versions":[{"version":"1781010151","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.22","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift4/ose-oauth-server-rhel9","cpes":["cpe:/a:redhat:openshift:4.22::el9"],"versions":[{"version":"1780943933","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.22","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift4/ose-agent-installer-node-agent-rhel9","cpes":["cpe:/a:redhat:openshift:4.22::el9"],"versions":[{"version":"1782879990","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.17","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/cephcsi-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.17::el9"],"versions":[{"version":"1778049594","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.17","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/cephcsi-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.17::el9"],"versions":[{"version":"1778049298","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.17","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/mcg-core-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.17::el9"],"versions":[{"version":"1778049745","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.17","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/mcg-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.17::el9"],"versions":[{"version":"1778049753","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.17","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-client-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.17::el9"],"versions":[{"version":"1778050558","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.17","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-client-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.17::el9"],"versions":[{"version":"1778049818","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.17","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-metrics-exporter-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.17::el9"],"versions":[{"version":"1778049878","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.17","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.17::el9"],"versions":[{"version":"1778049920","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.17","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-cli-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.17::el9"],"versions":[{"version":"1778049945","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.17","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.17::el9"],"versions":[{"version":"1778060364","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.17","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-cosi-sidecar-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.17::el9"],"versions":[{"version":"1778050037","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.17","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-csi-addons-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.17::el9"],"versions":[{"version":"1778050035","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.17","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-csi-addons-sidecar-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.17::el9"],"versions":[{"version":"1778050048","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.17","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-multicluster-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.17::el9"],"versions":[{"version":"1778050508","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.17","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-multicluster-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.17::el9"],"versions":[{"version":"1778050119","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.17","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-must-gather-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.17::el9"],"versions":[{"version":"1778050290","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.17","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.17::el9"],"versions":[{"version":"1778059723","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.17","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odr-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.17::el9"],"versions":[{"version":"1778050352","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.17","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/rook-ceph-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.17::el9"],"versions":[{"version":"1778050482","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/cephcsi-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"1778045210","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/cephcsi-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"1778044961","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/mcg-core-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"1778045359","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/mcg-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"1778045374","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-client-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"1778045891","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-client-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"1778045472","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-metrics-exporter-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"1778045534","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"1778045524","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-cli-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"1778045587","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"1778046067","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-cosi-sidecar-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"1778045627","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-csi-addons-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"1778045731","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-csi-addons-sidecar-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"1778045700","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-multicluster-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"1778046234","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-multicluster-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"1778045792","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-must-gather-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"1778045858","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"1778045945","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odr-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"1778045931","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/rook-ceph-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"1778046079","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.19","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/cephcsi-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.19::el9"],"versions":[{"version":"1776079019","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.19","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/cephcsi-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.19::el9"],"versions":[{"version":"1776706744","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.19","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/mcg-core-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.19::el9"],"versions":[{"version":"1776707205","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.19","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/mcg-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.19::el9"],"versions":[{"version":"1776707231","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.19","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-client-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.19::el9"],"versions":[{"version":"1776707760","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.19","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-client-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.19::el9"],"versions":[{"version":"1776707301","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.19","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-metrics-exporter-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.19::el9"],"versions":[{"version":"1776079295","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.19","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.19::el9"],"versions":[{"version":"1776707362","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.19","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-cli-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.19::el9"],"versions":[{"version":"1776707418","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.19","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-cloudnative-pg-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.19::el9"],"versions":[{"version":"1776707377","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.19","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.19::el9"],"versions":[{"version":"1776707947","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.19","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-cosi-sidecar-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.19::el9"],"versions":[{"version":"1776707456","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.19","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-csi-addons-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.19::el9"],"versions":[{"version":"1776707526","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.19","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-csi-addons-sidecar-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.19::el9"],"versions":[{"version":"1776707526","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.19","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-multicluster-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.19::el9"],"versions":[{"version":"1776707945","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.19","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-multicluster-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.19::el9"],"versions":[{"version":"1776707569","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.19","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-must-gather-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.19::el9"],"versions":[{"version":"1776707724","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.19","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.19::el9"],"versions":[{"version":"1776707763","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.19","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odr-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.19::el9"],"versions":[{"version":"1776707771","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.19","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/rook-ceph-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.19::el9"],"versions":[{"version":"1776079774","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/cephcsi-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1775822432","lessThan":"*","versionType":"rpm","status":"unaffected"},{"version":"1783667125","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/cephcsi-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1776403457","lessThan":"*","versionType":"rpm","status":"unaffected"},{"version":"1783666755","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/mcg-core-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1776403991","lessThan":"*","versionType":"rpm","status":"unaffected"},{"version":"1784054598","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/mcg-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1776404009","lessThan":"*","versionType":"rpm","status":"unaffected"},{"version":"1784055387","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-client-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1776404539","lessThan":"*","versionType":"rpm","status":"unaffected"},{"version":"1784055726","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-client-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1776404060","lessThan":"*","versionType":"rpm","status":"unaffected"},{"version":"1783667517","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-metrics-exporter-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1775822689","lessThan":"*","versionType":"rpm","status":"unaffected"},{"version":"1783667577","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1776404131","lessThan":"*","versionType":"rpm","status":"unaffected"},{"version":"1783667611","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-cli-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1776406225","lessThan":"*","versionType":"rpm","status":"unaffected"},{"version":"1784055020","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-cloudnative-pg-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1776406131","lessThan":"*","versionType":"rpm","status":"unaffected"},{"version":"1783667641","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1776406770","lessThan":"*","versionType":"rpm","status":"unaffected"},{"version":"1784055586","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-cosi-sidecar-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1776406247","lessThan":"*","versionType":"rpm","status":"unaffected"},{"version":"1783667790","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-csi-addons-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1776406286","lessThan":"*","versionType":"rpm","status":"unaffected"},{"version":"1783667859","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-csi-addons-sidecar-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1776406291","lessThan":"*","versionType":"rpm","status":"unaffected"},{"version":"1783667875","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-external-snapshotter-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1776406284","lessThan":"*","versionType":"rpm","status":"unaffected"},{"version":"1783667869","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-external-snapshotter-sidecar-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1776406291","lessThan":"*","versionType":"rpm","status":"unaffected"},{"version":"1783667877","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-multicluster-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1776406771","lessThan":"*","versionType":"rpm","status":"unaffected"},{"version":"1784055576","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-multicluster-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1776406384","lessThan":"*","versionType":"rpm","status":"unaffected"},{"version":"1784055244","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-must-gather-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1776406540","lessThan":"*","versionType":"rpm","status":"unaffected"},{"version":"1784055382","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1776406595","lessThan":"*","versionType":"rpm","status":"unaffected"},{"version":"1783668266","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odr-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1776406594","lessThan":"*","versionType":"rpm","status":"unaffected"},{"version":"1783668288","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/rook-ceph-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"],"versions":[{"version":"1775823207","lessThan":"*","versionType":"rpm","status":"unaffected"},{"version":"1783669219","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.22","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/cephcsi-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.22::el9"],"versions":[{"version":"1782932114","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.22","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/cephcsi-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.22::el9"],"versions":[{"version":"1782931768","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.22","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/devicefinder-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.22::el9"],"versions":[{"version":"1782932104","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.22","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/mcg-core-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.22::el9"],"versions":[{"version":"1783536000","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.22","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/mcg-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.22::el9"],"versions":[{"version":"1783535989","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.22","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-client-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.22::el9"],"versions":[{"version":"1783536515","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.22","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-client-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.22::el9"],"versions":[{"version":"1782932521","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.22","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-metrics-exporter-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.22::el9"],"versions":[{"version":"1783018461","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.22","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.22::el9"],"versions":[{"version":"1783018421","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.22","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-blackbox-exporter-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.22::el9"],"versions":[{"version":"1782932812","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.22","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-cli-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.22::el9"],"versions":[{"version":"1783537001","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.22","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-cloudnative-pg-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.22::el9"],"versions":[{"version":"1782932919","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.22","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.22::el9"],"versions":[{"version":"1783537586","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.22","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-cosi-sidecar-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.22::el9"],"versions":[{"version":"1782932969","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.22","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-csi-addons-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.22::el9"],"versions":[{"version":"1782933015","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.22","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-csi-addons-sidecar-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.22::el9"],"versions":[{"version":"1782933042","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.22","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-drbd-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.22::el9"],"versions":[{"version":"1783537392","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.22","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-external-snapshotter-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.22::el9"],"versions":[{"version":"1782933235","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.22","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-external-snapshotter-sidecar-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.22::el9"],"versions":[{"version":"1782933251","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.22","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-multicluster-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.22::el9"],"versions":[{"version":"1783537955","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.22","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-multicluster-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.22::el9"],"versions":[{"version":"1782933417","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.22","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-must-gather-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.22::el9"],"versions":[{"version":"1783537742","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.22","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.22::el9"],"versions":[{"version":"1782933602","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.22","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odr-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.22::el9"],"versions":[{"version":"1783019377","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.22","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odr-volsync-plugin-mover-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.22::el9"],"versions":[{"version":"1782934054","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.22","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odr-volsync-plugin-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.22::el9"],"versions":[{"version":"1782934036","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.22","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/rook-ceph-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.22::el9"],"versions":[{"version":"1782934284","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Dev Spaces 3.27","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"devspaces/traefik-rhel9","cpes":["cpe:/a:redhat:openshift_devspaces:3.27::el9"],"versions":[{"version":"1776718585","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Dev Spaces 3.29","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"devspaces/udi-base-rhel10","cpes":["cpe:/a:redhat:openshift_devspaces:3.29::el9"],"versions":[{"version":"1782987430","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift distributed tracing 3.9.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhosdt/tempo-gateway-rhel9","cpes":["cpe:/a:redhat:openshift_distributed_tracing:3.9::el9"],"versions":[{"version":"1776435643","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift distributed tracing 3.9.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhosdt/tempo-query-rhel9","cpes":["cpe:/a:redhat:openshift_distributed_tracing:3.9::el9"],"versions":[{"version":"1776435613","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift distributed tracing 3.9.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhosdt/tempo-rhel9","cpes":["cpe:/a:redhat:openshift_distributed_tracing:3.9::el9"],"versions":[{"version":"1776435680","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift distributed tracing 3.9.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhosdt/opentelemetry-collector-rhel9","cpes":["cpe:/a:redhat:openshift_distributed_tracing:3.9::el9"],"versions":[{"version":"1776185379","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift GitOps 1.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-gitops-1/dex-rhel8","cpes":["cpe:/a:redhat:openshift_gitops:1.18::el8"],"versions":[{"version":"1779116359","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Pipelines 1.2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9","cpes":["cpe:/a:redhat:openshift_pipelines:1.20::el9"],"versions":[{"version":"1779865001","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Pipelines 1.2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-pipelines/pipelines-operator-bundle","cpes":["cpe:/a:redhat:openshift_pipelines:1.20::el9"],"versions":[{"version":"1780044955","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Pipelines 1.21","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"serve-tkn-cli-1-21-serve-tkn","cpes":["cpe:/a:redhat:openshift_pipelines:1.21::el9"],"versions":[{"version":"cli-1.21.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Service Mesh 2.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-service-mesh/istio-cni-rhel8","cpes":["cpe:/a:redhat:service_mesh:2.6::el8"],"versions":[{"version":"1777374598","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Service Mesh 2.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-service-mesh/pilot-rhel8","cpes":["cpe:/a:redhat:service_mesh:2.6::el8"],"versions":[{"version":"1777319850","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Service Mesh 3.1","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-service-mesh/kiali-rhel9","cpes":["cpe:/a:redhat:service_mesh:3.1::el9"],"versions":[{"version":"1776151270","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Service Mesh 3.1","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-service-mesh/istio-cni-rhel9","cpes":["cpe:/a:redhat:service_mesh:3.1::el9"],"versions":[{"version":"1776238635","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Service Mesh 3.1","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-service-mesh/istio-pilot-rhel9","cpes":["cpe:/a:redhat:service_mesh:3.1::el9"],"versions":[{"version":"1776256858","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Service Mesh 3.2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-service-mesh/kiali-rhel9","cpes":["cpe:/a:redhat:service_mesh:3.2::el9"],"versions":[{"version":"1776149682","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Service Mesh 3.2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-service-mesh/istio-cni-rhel9","cpes":["cpe:/a:redhat:service_mesh:3.2::el9"],"versions":[{"version":"1776178280","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Service Mesh 3.2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-service-mesh/istio-pilot-rhel9","cpes":["cpe:/a:redhat:service_mesh:3.2::el9"],"versions":[{"version":"1776178059","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Service Mesh 3.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-service-mesh/kiali-rhel9","cpes":["cpe:/a:redhat:service_mesh:3.3::el9"],"versions":[{"version":"1776151277","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Quay 3.10","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"quay/quay-rhel8","cpes":["cpe:/a:redhat:quay:3.10::el8"],"versions":[{"version":"1776736910","lessThan":"*","versionType":"rpm","status":"unaffected"},{"version":"1779822261","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Quay 3.12","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"quay/quay-rhel8","cpes":["cpe:/a:redhat:quay:3.12::el8"],"versions":[{"version":"1776752646","lessThan":"*","versionType":"rpm","status":"unaffected"},{"version":"1779811412","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Quay 3.14","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"quay/quay-rhel8","cpes":["cpe:/a:redhat:quay:3.14::el8"],"versions":[{"version":"1779689392","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Quay 3.15","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"quay/quay-rhel8","cpes":["cpe:/a:redhat:quay:3.15::el8"],"versions":[{"version":"1780891395","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Quay 3.16","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"quay/quay-rhel9","cpes":["cpe:/a:redhat:quay:3.16::el9"],"versions":[{"version":"1779204086","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Quay 3.17","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"quay/quay-rhel9","cpes":["cpe:/a:redhat:quay:3.17::el9"],"versions":[{"version":"1779922205","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Quay 3.9","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"quay/quay-rhel8","cpes":["cpe:/a:redhat:quay:3.9::el8"],"versions":[{"version":"1776782369","lessThan":"*","versionType":"rpm","status":"unaffected"},{"version":"1779811473","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer 1.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhtas/client-server-rhel9","cpes":["cpe:/a:redhat:trusted_artifact_signer:1.3::el9"],"versions":[{"version":"1776339099","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer 1.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhtas/cosign-rhel9","cpes":["cpe:/a:redhat:trusted_artifact_signer:1.3::el9"],"versions":[{"version":"1776329867","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer 1.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhtas/rhtas-console-rhel9","cpes":["cpe:/a:redhat:trusted_artifact_signer:1.3::el9"],"versions":[{"version":"1780386299","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer 1.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhtas/createtree-rhel9","cpes":["cpe:/a:redhat:trusted_artifact_signer:1.3::el9"],"versions":[{"version":"1780053572","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer 1.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhtas/rekor-monitor-rhel9","cpes":["cpe:/a:redhat:trusted_artifact_signer:1.3::el9"],"versions":[{"version":"1780046753","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer 1.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhtas/fulcio-rhel9","cpes":["cpe:/a:redhat:trusted_artifact_signer:1.3::el9"],"versions":[{"version":"1780046765","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer 1.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhtas/rekor-backfill-redis-rhel9","cpes":["cpe:/a:redhat:trusted_artifact_signer:1.3::el9"],"versions":[{"version":"1780049214","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer 1.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhtas/rekor-server-rhel9","cpes":["cpe:/a:redhat:trusted_artifact_signer:1.3::el9"],"versions":[{"version":"1780049214","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer 1.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhtas/timestamp-authority-rhel9","cpes":["cpe:/a:redhat:trusted_artifact_signer:1.3::el9"],"versions":[{"version":"1780051354","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer 1.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhtas/trillian-database-rhel9","cpes":["cpe:/a:redhat:trusted_artifact_signer:1.3::el9"],"versions":[{"version":"1780053572","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer 1.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhtas/trillian-logserver-rhel9","cpes":["cpe:/a:redhat:trusted_artifact_signer:1.3::el9"],"versions":[{"version":"1780053572","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer 1.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhtas/trillian-logsigner-rhel9","cpes":["cpe:/a:redhat:trusted_artifact_signer:1.3::el9"],"versions":[{"version":"1780053572","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer 1.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhtas/fetch-tsa-certs-rhel9","cpes":["cpe:/a:redhat:trusted_artifact_signer:1.3::el9"],"versions":[{"version":"1780051354","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer 1.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhtas/gitsign-rhel9","cpes":["cpe:/a:redhat:trusted_artifact_signer:1.3::el9"],"versions":[{"version":"1780052587","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer 1.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhtas/rekor-cli-rhel9","cpes":["cpe:/a:redhat:trusted_artifact_signer:1.3::el9"],"versions":[{"version":"1780049214","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer 1.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhtas/updatetree-rhel9","cpes":["cpe:/a:redhat:trusted_artifact_signer:1.3::el9"],"versions":[{"version":"1780053572","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Assisted Installer for Red Hat OpenShift Container Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"assisted/agent-preinstall-image-builder-rhel9","cpes":["cpe:/a:redhat:assisted_installer:2"]},{"vendor":"Red Hat","product":"Assisted Installer for Red Hat OpenShift Container Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhai/assisted-installer-controller-rhel9","cpes":["cpe:/a:redhat:assisted_installer:2"]},{"vendor":"Red Hat","product":"Assisted Installer for Red Hat OpenShift Container Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhai/assisted-installer-rhel9","cpes":["cpe:/a:redhat:assisted_installer:2"]},{"vendor":"Red Hat","product":"cert-manager Operator for Red Hat OpenShift","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"cert-manager/cert-manager-istio-csr-rhel9","cpes":["cpe:/a:redhat:cert_manager:1"]},{"vendor":"Red Hat","product":"cert-manager Operator for Red Hat OpenShift","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"cert-manager/cert-manager-operator-bundle","cpes":["cpe:/a:redhat:cert_manager:1"]},{"vendor":"Red Hat","product":"cert-manager Operator for Red Hat OpenShift","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"cert-manager/cert-manager-operator-rhel9","cpes":["cpe:/a:redhat:cert_manager:1"]},{"vendor":"Red Hat","product":"cert-manager Operator for Red Hat OpenShift","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"cert-manager/jetstack-cert-manager-acmesolver-rhel9","cpes":["cpe:/a:redhat:cert_manager:1"]},{"vendor":"Red Hat","product":"cert-manager Operator for Red Hat OpenShift","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"cert-manager/jetstack-cert-manager-rhel9","cpes":["cpe:/a:redhat:cert_manager:1"]},{"vendor":"Red Hat","product":"Confidential Compute Attestation","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-sandboxed-containers/osc-must-gather-rhel9","cpes":["cpe:/a:redhat:confidential_compute_attestation:1"]},{"vendor":"Red Hat","product":"External Secrets Operator for Red Hat OpenShift","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"external-secrets-operator/bitwarden-sdk-server-rhel9","cpes":["cpe:/a:redhat:external_secrets_operator:1"]},{"vendor":"Red Hat","product":"External Secrets Operator for Red Hat OpenShift","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"external-secrets-operator/external-secrets-operator-bundle","cpes":["cpe:/a:redhat:external_secrets_operator:1"]},{"vendor":"Red Hat","product":"External Secrets Operator for Red Hat OpenShift","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"external-secrets-operator/external-secrets-operator-rhel9","cpes":["cpe:/a:redhat:external_secrets_operator:1"]},{"vendor":"Red Hat","product":"External Secrets Operator for Red Hat OpenShift","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"external-secrets-operator/external-secrets-rhel9","cpes":["cpe:/a:redhat:external_secrets_operator:1"]},{"vendor":"Red Hat","product":"Kernel Module Management Operator for Red Hat Openshift","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kmm/kernel-module-management-must-gather-rhel9","cpes":["cpe:/a:redhat:kernel_module_management:2"]},{"vendor":"Red Hat","product":"Logging Subsystem for Red Hat OpenShift","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-logging/cluster-logging-rhel9-operator","cpes":["cpe:/a:redhat:logging:5"]},{"vendor":"Red Hat","product":"Logging Subsystem for Red Hat OpenShift","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-logging/logging-loki-rhel9","cpes":["cpe:/a:redhat:logging:5"]},{"vendor":"Red Hat","product":"Logging Subsystem for Red Hat OpenShift","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-logging/loki-operator-bundle","cpes":["cpe:/a:redhat:logging:5"]},{"vendor":"Red Hat","product":"Logging Subsystem for Red Hat OpenShift","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-logging/loki-rhel9-operator","cpes":["cpe:/a:redhat:logging:5"]},{"vendor":"Red Hat","product":"Logging Subsystem for Red Hat OpenShift","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-logging/lokistack-gateway-rhel9","cpes":["cpe:/a:redhat:logging:5"]},{"vendor":"Red Hat","product":"Logging Subsystem for Red Hat OpenShift","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-logging/opa-openshift-rhel9","cpes":["cpe:/a:redhat:logging:5"]},{"vendor":"Red Hat","product":"Logical Volume Manager Storage","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"lvms4/lvms-must-gather-rhel9","cpes":["cpe:/a:redhat:lvms:4"]},{"vendor":"Red Hat","product":"Migration Toolkit for Containers","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhmtc/openshift-migration-controller-rhel8","cpes":["cpe:/a:redhat:rhmt:1"]},{"vendor":"Red Hat","product":"Migration Toolkit for Containers","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhmtc/openshift-migration-log-reader-rhel8","cpes":["cpe:/a:redhat:rhmt:1"]},{"vendor":"Red Hat","product":"Migration Toolkit for Containers","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhmtc/openshift-migration-must-gather-rhel8","cpes":["cpe:/a:redhat:rhmt:1"]},{"vendor":"Red Hat","product":"Migration Toolkit for Virtualization","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"migration-toolkit-virtualization/mtv-must-gather-rhel8","cpes":["cpe:/a:redhat:migration_toolkit_virtualization:2"]},{"vendor":"Red Hat","product":"Migration Toolkit for Virtualization","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"mtv-candidate/mtv-must-gather-rhel8","cpes":["cpe:/a:redhat:migration_toolkit_virtualization:2"]},{"vendor":"Red Hat","product":"Multicluster Engine for Kubernetes","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"multicluster-engine/cluster-api-provider-aws-rhel9","cpes":["cpe:/a:redhat:multicluster_engine"]},{"vendor":"Red Hat","product":"Multicluster Engine for Kubernetes","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"multicluster-engine/hive-rhel9","cpes":["cpe:/a:redhat:multicluster_engine"]},{"vendor":"Red Hat","product":"Multicluster Engine for Kubernetes","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"multicluster-engine/hypershift-rhel9-operator","cpes":["cpe:/a:redhat:multicluster_engine"]},{"vendor":"Red Hat","product":"Multicluster Engine for Kubernetes","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"multicluster-engine/image-based-install-rhel9","cpes":["cpe:/a:redhat:multicluster_engine"]},{"vendor":"Red Hat","product":"Multicluster Engine for Kubernetes","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"multicluster-engine/kube-rbac-proxy-mce-rhel9","cpes":["cpe:/a:redhat:multicluster_engine"]},{"vendor":"Red Hat","product":"Multicluster Global Hub","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"multicluster-globalhub/multicluster-globalhub-kessel-inventory-api-rhel9","cpes":["cpe:/a:redhat:multicluster_globalhub"]},{"vendor":"Red Hat","product":"Network Observability Operator","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"network-observability/network-observability-cli-rhel9","cpes":["cpe:/a:redhat:network_observ_optr:1"]},{"vendor":"Red Hat","product":"Node HealthCheck Operator","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"workload-availability/node-healthcheck-must-gather-rhel9","cpes":["cpe:/a:redhat:workload_availability_nhc:0"]},{"vendor":"Red Hat","product":"OpenShift Developer Tools and Services","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ocp-tools-4/jenkins-agent-base-rhel9","cpes":["cpe:/a:redhat:ocp_tools"]},{"vendor":"Red Hat","product":"OpenShift Developer Tools and Services","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ocp-tools-4/jenkins-rhel8","cpes":["cpe:/a:redhat:ocp_tools"]},{"vendor":"Red Hat","product":"OpenShift Developer Tools and Services","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ocp-tools-4/jenkins-rhel9","cpes":["cpe:/a:redhat:ocp_tools"]},{"vendor":"Red Hat","product":"OpenShift Developer Tools and Services","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-jenkins","cpes":["cpe:/a:redhat:ocp_tools"]},{"vendor":"Red Hat","product":"OpenShift Lightspeed","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-lightspeed/lightspeed-rhel9-operator","cpes":["cpe:/a:redhat:openshift_lightspeed"]},{"vendor":"Red Hat","product":"OpenShift Lightspeed","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-lightspeed/openshift-mcp-server-rhel9","cpes":["cpe:/a:redhat:openshift_lightspeed"]},{"vendor":"Red Hat","product":"OpenShift Pipelines","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-pipelines/pipelines-cache-rhel9","cpes":["cpe:/a:redhat:openshift_pipelines:1"]},{"vendor":"Red Hat","product":"OpenShift Pipelines","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-pipelines/pipelines-chains-controller-rhel9","cpes":["cpe:/a:redhat:openshift_pipelines:1"]},{"vendor":"Red Hat","product":"OpenShift Pipelines","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-pipelines/pipelines-cli-tkn-rhel9","cpes":["cpe:/a:redhat:openshift_pipelines:1"]},{"vendor":"Red Hat","product":"OpenShift Pipelines","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-pipelines/pipelines-controller-rhel9","cpes":["cpe:/a:redhat:openshift_pipelines:1"]},{"vendor":"Red Hat","product":"OpenShift Pipelines","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-pipelines/pipelines-opc-rhel9","cpes":["cpe:/a:redhat:openshift_pipelines:1"]},{"vendor":"Red Hat","product":"OpenShift Pipelines","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-pipelines/pipelines-results-api-rhel9","cpes":["cpe:/a:redhat:openshift_pipelines:1"]},{"vendor":"Red Hat","product":"OpenShift Pipelines","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-pipelines/pipelines-results-watcher-rhel9","cpes":["cpe:/a:redhat:openshift_pipelines:1"]},{"vendor":"Red Hat","product":"OpenShift Pipelines","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-pipelines/pipelines-rhel9-operator","cpes":["cpe:/a:redhat:openshift_pipelines:1"]},{"vendor":"Red Hat","product":"OpenShift Pipelines","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-pipelines/pipelines-sidecarlogresults-rhel9","cpes":["cpe:/a:redhat:openshift_pipelines:1"]},{"vendor":"Red Hat","product":"OpenShift Serverless","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-serverless-1/kn-backstage-plugins-eventmesh-rhel9","cpes":["cpe:/a:redhat:serverless:1"]},{"vendor":"Red Hat","product":"OpenShift Serverless","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-serverless-1/kn-ekb-dispatcher-rhel9","cpes":["cpe:/a:redhat:serverless:1"]},{"vendor":"Red Hat","product":"OpenShift Serverless","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-serverless-1/kn-ekb-kafka-controller-rhel9","cpes":["cpe:/a:redhat:serverless:1"]},{"vendor":"Red Hat","product":"OpenShift Serverless","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-serverless-1/kn-ekb-receiver-rhel9","cpes":["cpe:/a:redhat:serverless:1"]},{"vendor":"Red Hat","product":"OpenShift Serverless","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-serverless-1/kn-eventing-apiserver-receive-adapter-rhel9","cpes":["cpe:/a:redhat:serverless:1"]},{"vendor":"Red Hat","product":"OpenShift Serverless","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-serverless-1/kn-eventing-channel-controller-rhel9","cpes":["cpe:/a:redhat:serverless:1"]},{"vendor":"Red Hat","product":"OpenShift Serverless","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-serverless-1/kn-eventing-channel-dispatcher-rhel9","cpes":["cpe:/a:redhat:serverless:1"]},{"vendor":"Red Hat","product":"OpenShift Serverless","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-serverless-1/kn-eventing-controller-rhel9","cpes":["cpe:/a:redhat:serverless:1"]},{"vendor":"Red Hat","product":"OpenShift Serverless","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-serverless-1/kn-eventing-filter-rhel9","cpes":["cpe:/a:redhat:serverless:1"]},{"vendor":"Red Hat","product":"OpenShift Serverless","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-serverless-1/kn-eventing-ingress-rhel9","cpes":["cpe:/a:redhat:serverless:1"]},{"vendor":"Red Hat","product":"OpenShift Serverless","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-serverless-1/kn-eventing-jobsink-rhel9","cpes":["cpe:/a:redhat:serverless:1"]},{"vendor":"Red Hat","product":"OpenShift Serverless","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-serverless-1/kn-eventing-mtchannel-broker-rhel9","cpes":["cpe:/a:redhat:serverless:1"]},{"vendor":"Red Hat","product":"OpenShift Serverless","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-serverless-1/kn-eventing-mtping-rhel9","cpes":["cpe:/a:redhat:serverless:1"]},{"vendor":"Red Hat","product":"OpenShift Serverless","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-serverless-1/kn-eventing-webhook-rhel9","cpes":["cpe:/a:redhat:serverless:1"]},{"vendor":"Red Hat","product":"OpenShift Serverless","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-serverless-1/kn-plugin-event-sender-rhel9","cpes":["cpe:/a:redhat:serverless:1"]},{"vendor":"Red Hat","product":"OpenShift Serverless","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-serverless-1/serverless-must-gather-rhel9","cpes":["cpe:/a:redhat:serverless:1"]},{"vendor":"Red Hat","product":"OpenShift Service Mesh 2","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-service-mesh/istio-must-gather-rhel9","cpes":["cpe:/a:redhat:service_mesh:2"]},{"vendor":"Red Hat","product":"OpenShift Service Mesh 2","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-service-mesh/proxyv2-rhel9","cpes":["cpe:/a:redhat:service_mesh:2"]},{"vendor":"Red Hat","product":"OpenShift Service Mesh 3","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-service-mesh/istio-must-gather-rhel9","cpes":["cpe:/a:redhat:service_mesh:3"]},{"vendor":"Red Hat","product":"OpenShift Service Mesh 3","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-service-mesh/istio-proxyv2-rhel9","cpes":["cpe:/a:redhat:service_mesh:3"]},{"vendor":"Red Hat","product":"OpenShift Service Mesh 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-service-mesh/kiali-operator-bundle","cpes":["cpe:/a:redhat:service_mesh:3"]},{"vendor":"Red Hat","product":"OpenShift Service Mesh 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-service-mesh/kiali-rhel9-operator","cpes":["cpe:/a:redhat:service_mesh:3"]},{"vendor":"Red Hat","product":"Power monitoring for Red Hat OpenShift","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-power-monitoring/power-monitoring-rhel9-operator","cpes":["cpe:/a:redhat:openshift_power_monitoring"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhacm2/acm-grafana-rhel9","cpes":["cpe:/a:redhat:acm:2"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhacm2/acm-multicluster-observability-addon-rhel9","cpes":["cpe:/a:redhat:acm:2"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhacm2/acm-must-gather-rhel9","cpes":["cpe:/a:redhat:acm:2"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhacm2/kube-rbac-proxy-rhel9","cpes":["cpe:/a:redhat:acm:2"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhacm2/kube-state-metrics-rhel9","cpes":["cpe:/a:redhat:acm:2"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhacm2/submariner-operator-bundle","cpes":["cpe:/a:redhat:acm:2"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Security 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"advanced-cluster-security/rhacs-rhel8-operator","cpes":["cpe:/a:redhat:advanced_cluster_security:4"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-25/aap-must-gather-rhel8","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-26/aap-must-gather-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-on-clouds/aoc-azure-aap-installer-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Build of Kueue","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kueue/kueue-must-gather-rhel9","cpes":["cpe:/a:redhat:kueue_operator:1"]},{"vendor":"Red Hat","product":"Red Hat Build of Podman Desktop","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"podman-desktop-macos-1-0","cpes":["cpe:/a:redhat:podman_desktop:1"]},{"vendor":"Red Hat","product":"Red Hat Build of Podman Desktop","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"podman-desktop-windows-1-0","cpes":["cpe:/a:redhat:podman_desktop:1"]},{"vendor":"Red Hat","product":"Red Hat Build of Podman Desktop - Tech Preview","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhdesktop/rh-podman-desktop-ext-bootc-rhel10","cpes":["cpe:/a:redhat:podman_desktop:0"]},{"vendor":"Red Hat","product":"Red Hat Build of Podman Desktop - Tech Preview","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhdesktop/rh-podman-desktop-ext-rhel-rhel10","cpes":["cpe:/a:redhat:podman_desktop:0"]},{"vendor":"Red Hat","product":"Red Hat Connectivity Link 1","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcl-1/authorino-rhel9","cpes":["cpe:/a:redhat:connectivity_link:1"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"buildah","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"grafana","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ignition","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhel10/bootc-image-builder","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhel10-eus/rhel-10.0-bootc-image-builder","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"skopeo","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"osbuild-composer","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"grafana","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ignition","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhel9/bootc-image-builder","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhel9-eus/rhel-9.6-bootc-image-builder","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"skopeo","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-cli-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-data-science-pipelines-argo-argoexec-rhel8","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-data-science-pipelines-argo-argoexec-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-maas-api-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-ml-pipelines-api-server-v2-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-ml-pipelines-driver-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-ml-pipelines-launcher-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-mod-arch-model-registry-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-model-registry-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-must-gather-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-pipeline-runtime-datascience-cpu-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-pipeline-runtime-minimal-cpu-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-pipeline-runtime-pytorch-cuda-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-pipeline-runtime-pytorch-llmcompressor-cuda-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-pipeline-runtime-pytorch-rocm-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-pipeline-runtime-tensorflow-cuda-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-pipeline-runtime-tensorflow-rocm-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-workbench-codeserver-datascience-cpu-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-workbench-jupyter-datascience-cpu-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-workbench-jupyter-minimal-cpu-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-workbench-jupyter-minimal-cuda-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-workbench-jupyter-minimal-rocm-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-workbench-jupyter-pytorch-cuda-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-workbench-jupyter-pytorch-llmcompressor-cuda-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-workbench-jupyter-pytorch-rocm-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-workbench-jupyter-tensorflow-cuda-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-workbench-jupyter-tensorflow-rocm-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-workbench-jupyter-trustyai-cpu-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/rhai-cli-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Cluster Manager CLI","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ocm-cli-clients/ocm-cli-rhel9","cpes":["cpe:/a:redhat:openshift_cluster_manager_cli:1"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"cri-o","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"lvms4/lvms-must-gather-rhel9","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/cnf-tests-rhel8","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/cnf-tests-rhel9","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/kube-compare-artifacts-rhel9","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/lifecycle-agent-rhel9-operator","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/network-tools-rhel9","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/numaresources-must-gather-rhel9","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-agent-installer-api-server-rhel9","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-agent-installer-csr-approver-rhel9","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-agent-installer-orchestrator-rhel9","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-aws-cluster-api-controllers-rhel9","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-aws-pod-identity-webhook-rhel9","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-azure-workload-identity-webhook-rhel9","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-baremetal-installer-rhel9","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-cli-artifacts-rhel9","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-csi-driver-shared-resource-mustgather-rhel9","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-deployer-rhel9","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-docker-builder","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-docker-builder-rhel9","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-helm-rhel9-operator","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-hypershift-rhel9","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-installer-rhel9","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-local-storage-mustgather-rhel9","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-machine-os-images-rhel9","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-must-gather-rhel9","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-ovn-kubernetes-microshift-rhel9","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-ovn-kubernetes-rhel9","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-secrets-store-csi-mustgather-rhel9","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-tests-rhel9","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-tools-rhel9","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ptp-must-gather-rhel9","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-clients","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-kni/commatrix","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"podman","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"redhat/redhat-operator-index","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"skopeo","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"odf4/mcg-cli-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Dev Spaces","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"devspaces/oauth2-proxy-rhel9","cpes":["cpe:/a:redhat:openshift_devspaces:3"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Dev Spaces","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"devspaces/udi-base-rhel9","cpes":["cpe:/a:redhat:openshift_devspaces:3"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Dev Spaces","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"devspaces/udi-rhel9","cpes":["cpe:/a:redhat:openshift_devspaces:3"]},{"vendor":"Red Hat","product":"Red Hat OpenShift for Windows Containers","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4-wincw/windows-machine-config-operator-bundle","cpes":["cpe:/a:redhat:windows_machine_config"]},{"vendor":"Red Hat","product":"Red Hat OpenShift for Windows Containers","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4-wincw/windows-machine-config-rhel9-operator","cpes":["cpe:/a:redhat:windows_machine_config"]},{"vendor":"Red Hat","product":"Red Hat OpenShift GitOps","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-gitops-1/argocd-agent-rhel8","cpes":["cpe:/a:redhat:openshift_gitops:1"]},{"vendor":"Red Hat","product":"Red Hat OpenShift GitOps","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-gitops-1/argocd-rhel8","cpes":["cpe:/a:redhat:openshift_gitops:1"]},{"vendor":"Red Hat","product":"Red Hat OpenShift GitOps","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-gitops-1/argocd-rhel9","cpes":["cpe:/a:redhat:openshift_gitops:1"]},{"vendor":"Red Hat","product":"Red Hat OpenShift GitOps","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-gitops-1/must-gather-rhel8","cpes":["cpe:/a:redhat:openshift_gitops:1"]},{"vendor":"Red Hat","product":"Red Hat OpenShift on AWS","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rosa","cpes":["cpe:/a:redhat:openshift_service_on_aws:1"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Virtualization 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"container-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9","cpes":["cpe:/a:redhat:container_native_virtualization:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Virtualization 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9","cpes":["cpe:/a:redhat:container_native_virtualization:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Virtualization 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"container-native-virtualization/virt-cdi-apiserver-rhel9","cpes":["cpe:/a:redhat:container_native_virtualization:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Virtualization 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"container-native-virtualization/virt-cdi-cloner-rhel9","cpes":["cpe:/a:redhat:container_native_virtualization:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Virtualization 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"container-native-virtualization/virt-cdi-controller-rhel9","cpes":["cpe:/a:redhat:container_native_virtualization:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Virtualization 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"container-native-virtualization/virt-cdi-importer-rhel9","cpes":["cpe:/a:redhat:container_native_virtualization:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Virtualization 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"container-native-virtualization/virt-cdi-operator-rhel9","cpes":["cpe:/a:redhat:container_native_virtualization:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Virtualization 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"container-native-virtualization/virt-cdi-uploadproxy-rhel9","cpes":["cpe:/a:redhat:container_native_virtualization:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Virtualization 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"container-native-virtualization/virt-cdi-uploadserver-rhel9","cpes":["cpe:/a:redhat:container_native_virtualization:4"]},{"vendor":"Red Hat","product":"Red Hat OpenStack Platform 18.0","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoso-operators/openstack-operator-bundle","cpes":["cpe:/a:redhat:openstack:18.0"]},{"vendor":"Red Hat","product":"Red Hat OpenStack Platform 18.0","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoso-operators/openstack-rhel9-operator","cpes":["cpe:/a:redhat:openstack:18.0"]},{"vendor":"Red Hat","product":"Red Hat OpenStack Platform 18.0","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoso-operators/prometheus-podman-exporter-rhel9","cpes":["cpe:/a:redhat:openstack:18.0"]},{"vendor":"Red Hat","product":"Red Hat Quay 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"quay/clair-rhel8","cpes":["cpe:/a:redhat:quay:3"]},{"vendor":"Red Hat","product":"Red Hat Quay 3","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"quay/clair-rhel9","cpes":["cpe:/a:redhat:quay:3"]},{"vendor":"Red Hat","product":"Red Hat Quay 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"quay/quay-builder-rhel8","cpes":["cpe:/a:redhat:quay:3"]},{"vendor":"Red Hat","product":"Red Hat Quay 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"quay/quay-builder-rhel9","cpes":["cpe:/a:redhat:quay:3"]},{"vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhtas/certificate-transparency-rhel9","cpes":["cpe:/a:redhat:trusted_artifact_signer:1"]},{"vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhtas/ec-rhel9","cpes":["cpe:/a:redhat:trusted_artifact_signer:1"]},{"vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhtas/model-transparency-cli-rhel9","cpes":["cpe:/a:redhat:trusted_artifact_signer:1"]},{"vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhtas/policy-controller-rhel9","cpes":["cpe:/a:redhat:trusted_artifact_signer:1"]},{"vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhtas/policy-controller-rhel9-operator","cpes":["cpe:/a:redhat:trusted_artifact_signer:1"]},{"vendor":"Red Hat","product":"Security Profiles Operator","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"compliance/openshift-security-profiles-operator-bundle","cpes":["cpe:/a:redhat:openshift_security_profiles_operator:1"]},{"vendor":"Red Hat","product":"Security Profiles Operator","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"compliance/openshift-security-profiles-rhel8-operator","cpes":["cpe:/a:redhat:openshift_security_profiles_operator:1"]},{"vendor":"Red Hat","product":"Zero Trust Workload Identity Manager","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"zero-trust-workload-identity-manager/spiffe-spire-agent-rhel9","cpes":["cpe:/a:redhat:zero_trust_workload_identity_manager:1"]},{"vendor":"Red Hat","product":"Zero Trust Workload Identity Manager","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"zero-trust-workload-identity-manager/spiffe-spire-controller-manager-rhel9","cpes":["cpe:/a:redhat:zero_trust_workload_identity_manager:1"]},{"vendor":"Red Hat","product":"Zero Trust Workload Identity Manager","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"zero-trust-workload-identity-manager/spiffe-spire-oidc-discovery-provider-rhel9","cpes":["cpe:/a:redhat:zero_trust_workload_identity_manager:1"]},{"vendor":"Red Hat","product":"Zero Trust Workload Identity Manager","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"zero-trust-workload-identity-manager/spiffe-spire-server-rhel9","cpes":["cpe:/a:redhat:zero_trust_workload_identity_manager:1"]},{"vendor":"Red Hat","product":"Zero Trust Workload Identity Manager","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"zero-trust-workload-identity-manager/zero-trust-workload-identity-manager-rhel9","cpes":["cpe:/a:redhat:zero_trust_workload_identity_manager:1"]},{"vendor":"Red Hat","product":"Zero Trust Workload Identity Manager - Tech Preview","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"zero-trust-workload-identity-manager/spiffe-spire-agent-rhel9","cpes":["cpe:/a:redhat:zero_trust_workload_identity_manager:0"]},{"vendor":"Red Hat","product":"Zero Trust Workload Identity Manager - Tech Preview","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"zero-trust-workload-identity-manager/spiffe-spire-oidc-discovery-provider-rhel9","cpes":["cpe:/a:redhat:zero_trust_workload_identity_manager:0"]},{"vendor":"Red Hat","product":"Zero Trust Workload Identity Manager - Tech Preview","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"zero-trust-workload-identity-manager/spiffe-spire-server-rhel9","cpes":["cpe:/a:redhat:zero_trust_workload_identity_manager:0"]},{"vendor":"Red Hat","product":"Zero Trust Workload Identity Manager - Tech Preview","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"zero-trust-workload-identity-manager/zero-trust-workload-identity-manager-operator-bundle","cpes":["cpe:/a:redhat:zero_trust_workload_identity_manager:0"]},{"vendor":"Red Hat","product":"Zero Trust Workload Identity Manager - Tech Preview","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"zero-trust-workload-identity-manager/zero-trust-workload-identity-manager-rhel9","cpes":["cpe:/a:redhat:zero_trust_workload_identity_manager:0"]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-07T14:21:42.477191Z","id":"CVE-2026-34986","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-248"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-131"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:go-jose_project:go-jose:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.0.5","matchCriteriaId":"C8F16FC9-40BA-4C17-9ABD-614143E86BFE"},{"vulnerable":true,"criteria":"cpe:2.3:a:go-jose_project:go-jose:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.1.4","matchCriteriaId":"DC2FEC8C-1ECF-40EA-A074-86B4C7688B60"}]}]}],"references":[{"url":"https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants","source":"security-advisories@github.com","tags":["Product","Technical Description"]},{"url":"https://access.redhat.com/errata/RHSA-2026:10125","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:10130","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:10135","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:10175","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:11070","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:11217","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:11512","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:11688","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:11856","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:11916","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:11996","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:12116","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:12277","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:12279","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:13791","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:13829","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:16696","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:17040","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:17121","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:17123","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:17287","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:17448","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:17458","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:17459","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:17468","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:17474","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:17547","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:17550","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:17598","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:17789","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:18584","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:18585","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:19017","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:19099","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:19108","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:19135","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:19173","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:19186","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:19353","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:19375","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:19712","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:19719","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:19720","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:19721","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:20034","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:20041","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:20569","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:20607","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:20609","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:20946","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:21017","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:21703","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:21709","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:21769","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:21931","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:21932","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:22258","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:22260","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:22347","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:22423","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:22450","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:22465","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:22629","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:22714","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:22840","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:22937","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:23228","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:23241","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:23345","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:23361","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:24471","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:24475","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:24477","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:24479","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:24482","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:24484","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:24853","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:24977","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:25127","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:25187","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:25194","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:25206","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:25248","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:25250","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:25252","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:26054","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:26568","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:26585","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:26636","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:27001","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:27004","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:27044","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:27063","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:27856","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:28198","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:29854","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:30650","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:32991","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33722","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34099","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34192","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34196","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34197","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34364","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34794","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35833","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36820","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:37387","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:40984","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:8490","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:8491","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:8493","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:9385","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:9388","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:9448","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:9453","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-34986","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455470","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34986.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-4878","sourceIdentifier":"secalert@redhat.com","published":"2026-04-09T16:16:31.987","lastModified":"2026-07-16T12:18:05.490","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libcap","cpes":["cpe:/o:redhat:enterprise_linux:10.1"],"versions":[{"version":"0:2.69-7.el10_1.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libcap","cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"versions":[{"version":"0:2.69-7.el10_2.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10.0 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libcap","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"],"versions":[{"version":"0:2.69-7.el10_0.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libcap","cpes":["cpe:/o:redhat:enterprise_linux:8::baseos"],"versions":[{"version":"0:2.48-6.el8_10.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libcap","cpes":["cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"],"versions":[{"version":"0:2.48-4.el8_6.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libcap","cpes":["cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"],"versions":[{"version":"0:2.48-4.el8_6.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Telecommunications Update Service","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libcap","cpes":["cpe:/o:redhat:rhel_e4s:8.8::baseos","cpe:/o:redhat:rhel_tus:8.8::baseos"],"versions":[{"version":"0:2.48-5.el8_8.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libcap","cpes":["cpe:/o:redhat:rhel_e4s:8.8::baseos","cpe:/o:redhat:rhel_tus:8.8::baseos"],"versions":[{"version":"0:2.48-5.el8_8.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libcap","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/o:redhat:enterprise_linux:9::baseos"],"versions":[{"version":"0:2.48-10.el9_7.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libcap","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/o:redhat:enterprise_linux:9::baseos"],"versions":[{"version":"0:2.48-10.el9_8.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libcap","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/o:redhat:enterprise_linux:9::baseos"],"versions":[{"version":"0:2.48-10.el9_7.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libcap","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/o:redhat:enterprise_linux:9::baseos"],"versions":[{"version":"0:2.48-10.el9_8.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libcap","cpes":["cpe:/a:redhat:rhel_e4s:9.2::appstream","cpe:/o:redhat:rhel_e4s:9.2::baseos"],"versions":[{"version":"0:2.48-9.el9_2.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.4 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libcap","cpes":["cpe:/a:redhat:rhel_eus:9.4::appstream","cpe:/o:redhat:rhel_eus:9.4::baseos"],"versions":[{"version":"0:2.48-9.el9_4.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.6 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libcap","cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream","cpe:/o:redhat:rhel_eus:9.6::baseos"],"versions":[{"version":"0:2.48-9.el9_6.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.13","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4.13::el9"],"versions":[{"version":"413.92.202606160406-0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.14","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4.14::el9"],"versions":[{"version":"414.92.202606231112-0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.15","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4.15::el9"],"versions":[{"version":"415.92.202606030318-0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.16","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4.16::el9"],"versions":[{"version":"416.94.202606051757-0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.17","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4.17::el9"],"versions":[{"version":"417.94.202606250942-0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.18","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4.18::el9"],"versions":[{"version":"418.94.202606051320-0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.19","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4.19::el9"],"versions":[{"version":"4.19.9.6.202606031700-0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cost Management 4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"costmanagement/costmanagement-metrics-rhel9-operator","cpes":["cpe:/a:redhat:cost_management:4::el9"],"versions":[{"version":"1780946239","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cost Management 4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"costmanagement/costmanagement-metrics-rhel9-operator","cpes":["cpe:/a:redhat:cost_management:4::el9"],"versions":[{"version":"1783539156","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server 3.2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhaiis/model-opt-cuda-rhel9","cpes":["cpe:/a:redhat:ai_inference_server:3.2::el9"],"versions":[{"version":"1780681984","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server 3.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhaiis/model-opt-cuda-rhel9","cpes":["cpe:/a:redhat:ai_inference_server:3.3::el9"],"versions":[{"version":"1782352950","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server 3.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhaiis/vllm-spyre-rhel9","cpes":["cpe:/a:redhat:ai_inference_server:3.3::el9"],"versions":[{"version":"1782352919","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server 3.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhaiis/vllm-rocm-rhel9","cpes":["cpe:/a:redhat:ai_inference_server:3.3::el9"],"versions":[{"version":"1782353093","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server 3.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhaiis/vllm-cuda-rhel9","cpes":["cpe:/a:redhat:ai_inference_server:3.3::el9"],"versions":[{"version":"1782352847","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"discovery/discovery-server-rhel9","cpes":["cpe:/a:redhat:discovery:2::el9"],"versions":[{"version":"1778101579","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"discovery/discovery-ui-rhel9","cpes":["cpe:/a:redhat:discovery:2::el9"],"versions":[{"version":"1778156756","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"discovery/discovery-server-rhel9","cpes":["cpe:/a:redhat:discovery:2::el9"],"versions":[{"version":"1782159791","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"discovery/discovery-ui-rhel9","cpes":["cpe:/a:redhat:discovery:2::el9"],"versions":[{"version":"1782166952","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"libcap-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"2.78-1.1.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Insights proxy 1.5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"insights-proxy/insights-proxy-container-rhel9","cpes":["cpe:/a:redhat:insights_proxy:1.5::el9"],"versions":[{"version":"1780420428","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift distributed tracing 3.9.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhosdt/opentelemetry-collector-rhel9","cpes":["cpe:/a:redhat:openshift_distributed_tracing:3.9::el9"],"versions":[{"version":"1778056267","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift distributed tracing 3.9.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhosdt/opentelemetry-rhel9-operator","cpes":["cpe:/a:redhat:openshift_distributed_tracing:3.9::el9"],"versions":[{"version":"1778056233","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift distributed tracing 3.9.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhosdt/opentelemetry-target-allocator-rhel9","cpes":["cpe:/a:redhat:openshift_distributed_tracing:3.9::el9"],"versions":[{"version":"1778056245","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/cds-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1779798159","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/haproxy-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1779798164","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/installer-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1779798165","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/rhua-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1779798222","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"compat-libcap1","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libcap","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"compat-libcap1","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libcap","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-hypershift-rhel9","cpes":["cpe:/a:redhat:openshift:4"]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libcap","cpes":["cpe:/o:redhat:enterprise_linux:10.1","cpe:/o:redhat:enterprise_linux:10.2"],"versions":[{"version":"0:2.69-7.el10_1.1","lessThan":"*","versionType":"rpm","status":"unaffected"},{"version":"0:2.69-7.el10_2.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10.0 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libcap","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"],"versions":[{"version":"0:2.69-7.el10_0.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libcap","cpes":["cpe:/o:redhat:enterprise_linux:8"],"versions":[{"version":"0:2.48-6.el8_10.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libcap","cpes":["cpe:/o:redhat:rhel_aus:8.6"],"versions":[{"version":"0:2.48-4.el8_6.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libcap","cpes":["cpe:/o:redhat:rhel_eus_long_life:8.6"],"versions":[{"version":"0:2.48-4.el8_6.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Telecommunications Update Service","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libcap","cpes":["cpe:/o:redhat:rhel_tus:8.8"],"versions":[{"version":"0:2.48-5.el8_8.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libcap","cpes":["cpe:/o:redhat:rhel_e4s:8.8"],"versions":[{"version":"0:2.48-5.el8_8.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libcap","cpes":["cpe:/a:redhat:enterprise_linux:9","cpe:/o:redhat:enterprise_linux:9"],"versions":[{"version":"0:2.48-10.el9_7.1","lessThan":"*","versionType":"rpm","status":"unaffected"},{"version":"0:2.48-10.el9_8.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libcap","cpes":["cpe:/a:redhat:rhel_e4s:9.2"],"versions":[{"version":"0:2.48-9.el9_2.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.4 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libcap","cpes":["cpe:/a:redhat:rhel_eus:9.4"],"versions":[{"version":"0:2.48-9.el9_4.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.6 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libcap","cpes":["cpe:/a:redhat:rhel_eus:9.6"],"versions":[{"version":"0:2.48-9.el9_6.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.13","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4.13::el9"],"versions":[{"version":"413.92.202606160406-0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.14","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4.14::el9"],"versions":[{"version":"414.92.202606231112-0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.15","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4.15::el9"],"versions":[{"version":"415.92.202606030318-0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.16","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4.16::el9"],"versions":[{"version":"416.94.202606051757-0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.17","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4.17::el9"],"versions":[{"version":"417.94.202606250942-0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.18","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4.18::el9"],"versions":[{"version":"418.94.202606051320-0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.19","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4.19::el9"],"versions":[{"version":"4.19.9.6.202606031700-0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cost Management 4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"costmanagement/costmanagement-metrics-rhel9-operator","cpes":["cpe:/a:redhat:cost_management:4::el9"],"versions":[{"version":"1780946239","lessThan":"*","versionType":"rpm","status":"unaffected"},{"version":"1783539156","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server 3.2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhaiis/model-opt-cuda-rhel9","cpes":["cpe:/a:redhat:ai_inference_server:3.2::el9"],"versions":[{"version":"1780681984","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server 3.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhaiis/model-opt-cuda-rhel9","cpes":["cpe:/a:redhat:ai_inference_server:3.3::el9"],"versions":[{"version":"1782352950","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server 3.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhaiis/vllm-spyre-rhel9","cpes":["cpe:/a:redhat:ai_inference_server:3.3::el9"],"versions":[{"version":"1782352919","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server 3.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhaiis/vllm-rocm-rhel9","cpes":["cpe:/a:redhat:ai_inference_server:3.3::el9"],"versions":[{"version":"1782353093","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server 3.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhaiis/vllm-cuda-rhel9","cpes":["cpe:/a:redhat:ai_inference_server:3.3::el9"],"versions":[{"version":"1782352847","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"discovery/discovery-server-rhel9","cpes":["cpe:/a:redhat:discovery:2::el9"],"versions":[{"version":"1778101579","lessThan":"*","versionType":"rpm","status":"unaffected"},{"version":"1782159791","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"discovery/discovery-ui-rhel9","cpes":["cpe:/a:redhat:discovery:2::el9"],"versions":[{"version":"1778156756","lessThan":"*","versionType":"rpm","status":"unaffected"},{"version":"1782166952","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libcap-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"2.78-1.1.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Insights proxy 1.5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"insights-proxy/insights-proxy-container-rhel9","cpes":["cpe:/a:redhat:insights_proxy:1.5::el9"],"versions":[{"version":"1780420428","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift distributed tracing 3.9.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhosdt/opentelemetry-collector-rhel9","cpes":["cpe:/a:redhat:openshift_distributed_tracing:3.9::el9"],"versions":[{"version":"1778056267","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift distributed tracing 3.9.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhosdt/opentelemetry-rhel9-operator","cpes":["cpe:/a:redhat:openshift_distributed_tracing:3.9::el9"],"versions":[{"version":"1778056233","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift distributed tracing 3.9.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhosdt/opentelemetry-target-allocator-rhel9","cpes":["cpe:/a:redhat:openshift_distributed_tracing:3.9::el9"],"versions":[{"version":"1778056245","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/cds-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1779798159","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/haproxy-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1779798164","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/installer-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1779798165","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/rhua-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1779798222","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"compat-libcap1","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libcap","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"compat-libcap1","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libcap","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-hypershift-rhel9","cpes":["cpe:/a:redhat:openshift:4"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-09T00:00:00+00:00","id":"CVE-2026-4878","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-367"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-367"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libcap_project:libcap:-:*:*:*:*:*:*:*","matchCriteriaId":"B5642B48-2305-41CC-9D9D-110EAC065B08"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*","matchCriteriaId":"932D137F-528B-4526-9A89-CD59FA1AB0FE"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:12423","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:12441","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:13285","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:14162","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:14937","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19130","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19346","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19456","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:19458","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20595","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:21254","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:21275","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:22634","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:22957","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:23233","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:23245","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:24346","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:25044","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:25096","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:25181","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:26542","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:27998","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:28887","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:29197","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30078","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30087","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30088","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30089","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:34098","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:39981","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:7473","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/security/cve/CVE-2026-4878","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2447554","source":"secalert@redhat.com","tags":["Permissions Required"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451615","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/04/07/14","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/04/07/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/04/08/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/04/09/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/04/09/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:12423","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:12441","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:13285","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:14162","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:14937","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:19130","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:19346","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:19456","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:19458","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:20595","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:21254","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:21275","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:22634","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:22957","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:23233","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:23245","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:24346","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:25044","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:25096","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:25181","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:26542","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:27998","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:28887","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:29197","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:30078","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:30087","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:30088","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:30089","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34098","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:39981","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:7473","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/security/cve/CVE-2026-4878","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451615","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4878.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2025-14813","sourceIdentifier":"91579145-5d7b-4cc5-b925-a0262ff19630","published":"2026-04-15T10:16:38.243","lastModified":"2026-07-16T12:16:46.063","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":": Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (core modules).\n\n This vulnerability is associated with program files G3413CTRBlockCipher.\n\n\n\nThis issue affects BC-JAVA: from 1.59 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84."}],"affected":[{"source":"91579145-5d7b-4cc5-b925-a0262ff19630","affectedData":[{"vendor":"Legion of the Bouncy Castle Inc.","product":"BC-JAVA","defaultStatus":"unaffected","collectionURL":"https://www.bouncycastle.org/download/bouncy-castle-java/","packageName":"bcprov","modules":["core"],"platforms":["all"],"programFiles":["G3413CTRBlockCipher"],"repo":"https://github.com/bcgit/bc-java","versions":[{"version":"1.59","lessThan":"1.80.2","versionType":"maven","status":"affected"},{"version":"1.81","lessThan":"1.81.1","versionType":"maven","status":"affected"},{"version":"1.82","lessThan":"1.84","versionType":"maven","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat AMQ Broker 7.12.7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk18on","cpes":["cpe:/a:redhat:amq_broker:7.12"]},{"vendor":"Red Hat","product":"Red Hat AMQ Broker 7.13.5","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk18on","cpes":["cpe:/a:redhat:amq_broker:7.13"]},{"vendor":"Red Hat","product":"Red Hat Build of Apache Camel 4.14 for Quarkus 3.27","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk18on","cpes":["cpe:/a:redhat:apache_camel_quarkus:3.27"]},{"vendor":"Red Hat","product":"Red Hat build of Apache Camel 4.18.1 for Spring Boot 3.5.14","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov","cpes":["cpe:/a:redhat:apache_camel_spring_boot:4.18"],"versions":[{"version":"debug-jdk15on","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Apache Camel 4.18.1 for Spring Boot 3.5.14","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk15on","cpes":["cpe:/a:redhat:apache_camel_spring_boot:4.18"]},{"vendor":"Red Hat","product":"Red Hat build of Apache Camel 4.18.1 for Spring Boot 3.5.14","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk18on","cpes":["cpe:/a:redhat:apache_camel_spring_boot:4.18"]},{"vendor":"Red Hat","product":"Red Hat build of Apache Camel 4.18.1 for Spring Boot 3.5.14","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-lts8on","cpes":["cpe:/a:redhat:apache_camel_spring_boot:4.18"]},{"vendor":"Red Hat","product":"Red Hat build of Quarkus 3.20.6.SP1","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk18on","cpes":["cpe:/a:redhat:quarkus:3.20::el8"]},{"vendor":"Red Hat","product":"Red Hat build of Quarkus 3.27.3.SP1","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk18on","cpes":["cpe:/a:redhat:quarkus:3.27::el8"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"ext-jdk15on","lessThan":"*","versionType":"rpm","status":"unaffected"},{"version":"ext-jdk18on","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk12","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk15","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk15on","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk15to18","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk18on","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-bouncycastle","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"versions":[{"version":"0:1.84.0-1.redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-bouncycastle","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:1.84.0-1.redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 2.25","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhoai/odh-modelmesh-rhel9","cpes":["cpe:/a:redhat:openshift_ai:2.25::el9"],"versions":[{"version":"1780069506","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Dev Spaces 3.28","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"devspaces/openvsx-rhel9","cpes":["cpe:/a:redhat:openshift_devspaces:3.28::el9"],"versions":[{"version":"1779528224","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Dev Spaces 3.28","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"devspaces/pluginregistry-rhel9","cpes":["cpe:/a:redhat:openshift_devspaces:3.28::el9"],"versions":[{"version":"1779359423","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cryostat 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk18on","cpes":["cpe:/a:redhat:cryostat:4"]},{"vendor":"Red Hat","product":"OpenShift Developer Tools and Services","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"jenkins","cpes":["cpe:/a:redhat:ocp_tools"]},{"vendor":"Red Hat","product":"OpenShift Developer Tools and Services","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"jenkins-2-plugins","cpes":["cpe:/a:redhat:ocp_tools"]},{"vendor":"Red Hat","product":"OpenShift Developer Tools and Services","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ocp-tools-4/jenkins-rhel8","cpes":["cpe:/a:redhat:ocp_tools"]},{"vendor":"Red Hat","product":"OpenShift Developer Tools and Services","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ocp-tools-4/jenkins-rhel9","cpes":["cpe:/a:redhat:ocp_tools"]},{"vendor":"Red Hat","product":"Red Hat AMQ Broker 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk15on","cpes":["cpe:/a:redhat:amq_broker:7"]},{"vendor":"Red Hat","product":"Red Hat AMQ Clients","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk15on","cpes":["cpe:/a:redhat:amq_clients:2023"]},{"vendor":"Red Hat","product":"Red Hat AMQ Clients","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk18on","cpes":["cpe:/a:redhat:amq_clients:2023"]},{"vendor":"Red Hat","product":"Red Hat build of Apache Camel 4 for Quarkus 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk18on","cpes":["cpe:/a:redhat:camel_quarkus:3"]},{"vendor":"Red Hat","product":"Red Hat build of Apicurio Registry 3","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk18on","cpes":["cpe:/a:redhat:apicurio_registry:3"]},{"vendor":"Red Hat","product":"Red Hat build of Apicurio Registry 3","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-lts8on","cpes":["cpe:/a:redhat:apicurio_registry:3"]},{"vendor":"Red Hat","product":"Red Hat build of Debezium 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-ext-jdk15on","cpes":["cpe:/a:redhat:debezium:3"]},{"vendor":"Red Hat","product":"Red Hat build of Debezium 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk18on","cpes":["cpe:/a:redhat:debezium:3"]},{"vendor":"Red Hat","product":"Red Hat build of Debezium 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-lts8on","cpes":["cpe:/a:redhat:debezium:3"]},{"vendor":"Red Hat","product":"Red Hat Build of Keycloak","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk18on","cpes":["cpe:/a:redhat:build_keycloak:"]},{"vendor":"Red Hat","product":"Red Hat Data Grid 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk15","cpes":["cpe:/a:redhat:jboss_data_grid:8"]},{"vendor":"Red Hat","product":"Red Hat Data Grid 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk15on","cpes":["cpe:/a:redhat:jboss_data_grid:8"]},{"vendor":"Red Hat","product":"Red Hat Data Grid 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk15to18","cpes":["cpe:/a:redhat:jboss_data_grid:8"]},{"vendor":"Red Hat","product":"Red Hat Data Grid 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk18on","cpes":["cpe:/a:redhat:jboss_data_grid:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"pki-core:10.6/resteasy","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"pki-deps:10.6/resteasy","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"jmc","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"resteasy","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Fuse 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-debug-jdk18on","cpes":["cpe:/a:redhat:jboss_fuse:7"]},{"vendor":"Red Hat","product":"Red Hat Fuse 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-ext-jdk15on","cpes":["cpe:/a:redhat:jboss_fuse:7"]},{"vendor":"Red Hat","product":"Red Hat Fuse 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-ext-jdk18on","cpes":["cpe:/a:redhat:jboss_fuse:7"]},{"vendor":"Red Hat","product":"Red Hat Fuse 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk15","cpes":["cpe:/a:redhat:jboss_fuse:7"]},{"vendor":"Red Hat","product":"Red Hat Fuse 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk15on","cpes":["cpe:/a:redhat:jboss_fuse:7"]},{"vendor":"Red Hat","product":"Red Hat Fuse 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk15to18","cpes":["cpe:/a:redhat:jboss_fuse:7"]},{"vendor":"Red Hat","product":"Red Hat Fuse 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk16","cpes":["cpe:/a:redhat:jboss_fuse:7"]},{"vendor":"Red Hat","product":"Red Hat Fuse 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk18on","cpes":["cpe:/a:redhat:jboss_fuse:7"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk12","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk15","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk15on","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk18on","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-ext-jdk15on","cpes":["cpe:/a:redhat:jbosseapxp"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-ext-jdk18on","cpes":["cpe:/a:redhat:jbosseapxp"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk12","cpes":["cpe:/a:redhat:jbosseapxp"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk15","cpes":["cpe:/a:redhat:jbosseapxp"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk15on","cpes":["cpe:/a:redhat:jbosseapxp"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk15to18","cpes":["cpe:/a:redhat:jbosseapxp"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk18on","cpes":["cpe:/a:redhat:jbosseapxp"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk18on-1.83.0.redhat-00001.jar","cpes":["cpe:/a:redhat:jbosseapxp"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-modelmesh-rhel8","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat Process Automation 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk15on","cpes":["cpe:/a:redhat:jboss_enterprise_bpms_platform:7"]},{"vendor":"Red Hat","product":"Red Hat Process Automation 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk15to18","cpes":["cpe:/a:redhat:jboss_enterprise_bpms_platform:7"]},{"vendor":"Red Hat","product":"Red Hat Satellite 6","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"candlepin","cpes":["cpe:/a:redhat:satellite:6"]},{"vendor":"Red Hat","product":"Red Hat Satellite 6","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"satellite:el8/candlepin","cpes":["cpe:/a:redhat:satellite:6"]},{"vendor":"Red Hat","product":"Red Hat Single Sign-On 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk15on","cpes":["cpe:/a:redhat:red_hat_single_sign_on:7"]},{"vendor":"Red Hat","product":"streams for Apache Kafka 2","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk15on","cpes":["cpe:/a:redhat:amq_streams:2"]},{"vendor":"Red Hat","product":"streams for Apache Kafka 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk18on","cpes":["cpe:/a:redhat:amq_streams:2"]},{"vendor":"Red Hat","product":"streams for Apache Kafka 3","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk15on","cpes":["cpe:/a:redhat:amq_streams:3"]},{"vendor":"Red Hat","product":"streams for Apache Kafka 3","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk18on","cpes":["cpe:/a:redhat:amq_streams:3"]}]}],"metrics":{"cvssMetricV40":[{"source":"91579145-5d7b-4cc5-b925-a0262ff19630","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:M/U:Red","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"RED"}}],"cvssMetricV31":[{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-15T13:19:43.094033Z","id":"CVE-2025-14813","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"91579145-5d7b-4cc5-b925-a0262ff19630","type":"Secondary","description":[{"lang":"en","value":"CWE-327"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-327"}]}],"references":[{"url":"https://github.com/bcgit/bc-java/commit/701686cb0184cd9ae103c801b3581fdf95c6d4f3","source":"91579145-5d7b-4cc5-b925-a0262ff19630"},{"url":"https://github.com/bcgit/bc-java/commit/b42574345414e4b7c8051b16fa1fafe01c29871f","source":"91579145-5d7b-4cc5-b925-a0262ff19630"},{"url":"https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902025%E2%80%9014813","source":"91579145-5d7b-4cc5-b925-a0262ff19630"},{"url":"https://access.redhat.com/errata/RHSA-2026:11720","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:11721","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:13631","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:14272","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:14276","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:17668","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:18054","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:18055","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:18059","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:21772","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:24977","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2025-14813","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458640","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-14813.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-0636","sourceIdentifier":"91579145-5d7b-4cc5-b925-a0262ff19630","published":"2026-04-15T10:16:38.413","lastModified":"2026-07-16T12:17:00.170","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (prov modules).\n\n This vulnerability is associated with program files LDAPStoreHelper.\n\n\n\nThis issue affects BC-JAVA: from 1.74 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84."}],"affected":[{"source":"91579145-5d7b-4cc5-b925-a0262ff19630","affectedData":[{"vendor":"Legion of the Bouncy Castle Inc.","product":"BC-JAVA","defaultStatus":"unaffected","collectionURL":"https://www.bouncycastle.org/download/bouncy-castle-java/","packageName":"bcprov","modules":["prov"],"platforms":["all"],"programFiles":["LDAPStoreHelper"],"repo":"https://github.com/bcgit/bc-java","versions":[{"version":"1.74","lessThan":"1.80.2","versionType":"maven","status":"affected"},{"version":"1.81","lessThan":"1.81.1","versionType":"maven","status":"affected"},{"version":"1.82","lessThan":"1.84","versionType":"maven","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat AMQ Broker 7.12.7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk18on","cpes":["cpe:/a:redhat:amq_broker:7.12"]},{"vendor":"Red Hat","product":"Red Hat AMQ Broker 7.13.5","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk18on","cpes":["cpe:/a:redhat:amq_broker:7.13"]},{"vendor":"Red Hat","product":"Red Hat Build of Apache Camel 4.14 for Quarkus 3.27","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk18on","cpes":["cpe:/a:redhat:apache_camel_quarkus:3.27"]},{"vendor":"Red Hat","product":"Red Hat build of Apache Camel 4.18.1 for Spring Boot 3.5.14","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov","cpes":["cpe:/a:redhat:apache_camel_spring_boot:4.18"],"versions":[{"version":"debug-jdk15on","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Apache Camel 4.18.1 for Spring Boot 3.5.14","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk15on","cpes":["cpe:/a:redhat:apache_camel_spring_boot:4.18"]},{"vendor":"Red Hat","product":"Red Hat build of Apache Camel 4.18.1 for Spring Boot 3.5.14","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk18on","cpes":["cpe:/a:redhat:apache_camel_spring_boot:4.18"]},{"vendor":"Red Hat","product":"Red Hat build of Apache Camel 4.18.1 for Spring Boot 3.5.14","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-lts8on","cpes":["cpe:/a:redhat:apache_camel_spring_boot:4.18"]},{"vendor":"Red Hat","product":"Red Hat build of Quarkus 3.20.6.SP1","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk18on","cpes":["cpe:/a:redhat:quarkus:3.20::el8"]},{"vendor":"Red Hat","product":"Red Hat build of Quarkus 3.27.3.SP1","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk18on","cpes":["cpe:/a:redhat:quarkus:3.27::el8"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"ext-jdk15on","lessThan":"*","versionType":"rpm","status":"unaffected"},{"version":"ext-jdk18on","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk12","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk15","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk15on","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk15to18","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk18on","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-bouncycastle","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"versions":[{"version":"0:1.84.0-1.redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-bouncycastle","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:1.84.0-1.redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Dev Spaces 3.28","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"devspaces/openvsx-rhel9","cpes":["cpe:/a:redhat:openshift_devspaces:3.28::el9"],"versions":[{"version":"1779528224","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Dev Spaces 3.28","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"devspaces/pluginregistry-rhel9","cpes":["cpe:/a:redhat:openshift_devspaces:3.28::el9"],"versions":[{"version":"1779359423","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cryostat 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk18on","cpes":["cpe:/a:redhat:cryostat:4"]},{"vendor":"Red Hat","product":"OpenShift Developer Tools and Services","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"jenkins","cpes":["cpe:/a:redhat:ocp_tools"]},{"vendor":"Red Hat","product":"OpenShift Developer Tools and Services","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"jenkins-2-plugins","cpes":["cpe:/a:redhat:ocp_tools"]},{"vendor":"Red Hat","product":"OpenShift Developer Tools and Services","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ocp-tools-4/jenkins-rhel8","cpes":["cpe:/a:redhat:ocp_tools"]},{"vendor":"Red Hat","product":"OpenShift Developer Tools and Services","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ocp-tools-4/jenkins-rhel9","cpes":["cpe:/a:redhat:ocp_tools"]},{"vendor":"Red Hat","product":"Red Hat AMQ Broker 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk15on","cpes":["cpe:/a:redhat:amq_broker:7"]},{"vendor":"Red Hat","product":"Red Hat AMQ Clients","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk15on","cpes":["cpe:/a:redhat:amq_clients:2023"]},{"vendor":"Red Hat","product":"Red Hat AMQ Clients","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk18on","cpes":["cpe:/a:redhat:amq_clients:2023"]},{"vendor":"Red Hat","product":"Red Hat build of Apache Camel 4 for Quarkus 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk18on","cpes":["cpe:/a:redhat:camel_quarkus:3"]},{"vendor":"Red Hat","product":"Red Hat build of Apicurio Registry 3","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk18on","cpes":["cpe:/a:redhat:apicurio_registry:3"]},{"vendor":"Red Hat","product":"Red Hat build of Apicurio Registry 3","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-lts8on","cpes":["cpe:/a:redhat:apicurio_registry:3"]},{"vendor":"Red Hat","product":"Red Hat build of Debezium 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-ext-jdk15on","cpes":["cpe:/a:redhat:debezium:3"]},{"vendor":"Red Hat","product":"Red Hat build of Debezium 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk18on","cpes":["cpe:/a:redhat:debezium:3"]},{"vendor":"Red Hat","product":"Red Hat build of Debezium 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-lts8on","cpes":["cpe:/a:redhat:debezium:3"]},{"vendor":"Red Hat","product":"Red Hat Data Grid 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk15","cpes":["cpe:/a:redhat:jboss_data_grid:8"]},{"vendor":"Red Hat","product":"Red Hat Data Grid 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk15on","cpes":["cpe:/a:redhat:jboss_data_grid:8"]},{"vendor":"Red Hat","product":"Red Hat Data Grid 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk15to18","cpes":["cpe:/a:redhat:jboss_data_grid:8"]},{"vendor":"Red Hat","product":"Red Hat Data Grid 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk18on","cpes":["cpe:/a:redhat:jboss_data_grid:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"pki-core:10.6/resteasy","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"pki-deps:10.6/resteasy","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"jmc","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"resteasy","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Fuse 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-debug-jdk18on","cpes":["cpe:/a:redhat:jboss_fuse:7"]},{"vendor":"Red Hat","product":"Red Hat Fuse 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-ext-jdk15on","cpes":["cpe:/a:redhat:jboss_fuse:7"]},{"vendor":"Red Hat","product":"Red Hat Fuse 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-ext-jdk18on","cpes":["cpe:/a:redhat:jboss_fuse:7"]},{"vendor":"Red Hat","product":"Red Hat Fuse 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk15","cpes":["cpe:/a:redhat:jboss_fuse:7"]},{"vendor":"Red Hat","product":"Red Hat Fuse 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk15on","cpes":["cpe:/a:redhat:jboss_fuse:7"]},{"vendor":"Red Hat","product":"Red Hat Fuse 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk15to18","cpes":["cpe:/a:redhat:jboss_fuse:7"]},{"vendor":"Red Hat","product":"Red Hat Fuse 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk16","cpes":["cpe:/a:redhat:jboss_fuse:7"]},{"vendor":"Red Hat","product":"Red Hat Fuse 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk18on","cpes":["cpe:/a:redhat:jboss_fuse:7"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk12","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk15","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk15on","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk18on","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-ext-jdk15on","cpes":["cpe:/a:redhat:jbosseapxp"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-ext-jdk18on","cpes":["cpe:/a:redhat:jbosseapxp"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk12","cpes":["cpe:/a:redhat:jbosseapxp"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk15","cpes":["cpe:/a:redhat:jbosseapxp"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk15on","cpes":["cpe:/a:redhat:jbosseapxp"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk15to18","cpes":["cpe:/a:redhat:jbosseapxp"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk18on","cpes":["cpe:/a:redhat:jbosseapxp"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk18on-1.83.0.redhat-00001.jar","cpes":["cpe:/a:redhat:jbosseapxp"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-modelmesh-rhel8","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-modelmesh-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat Process Automation 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk15on","cpes":["cpe:/a:redhat:jboss_enterprise_bpms_platform:7"]},{"vendor":"Red Hat","product":"Red Hat Process Automation 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk15to18","cpes":["cpe:/a:redhat:jboss_enterprise_bpms_platform:7"]},{"vendor":"Red Hat","product":"Red Hat Satellite 6","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"candlepin","cpes":["cpe:/a:redhat:satellite:6"]},{"vendor":"Red Hat","product":"Red Hat Satellite 6","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"satellite:el8/candlepin","cpes":["cpe:/a:redhat:satellite:6"]},{"vendor":"Red Hat","product":"Red Hat Single Sign-On 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk15on","cpes":["cpe:/a:redhat:red_hat_single_sign_on:7"]},{"vendor":"Red Hat","product":"streams for Apache Kafka 2","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk15on","cpes":["cpe:/a:redhat:amq_streams:2"]},{"vendor":"Red Hat","product":"streams for Apache Kafka 2","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk18on","cpes":["cpe:/a:redhat:amq_streams:2"]},{"vendor":"Red Hat","product":"streams for Apache Kafka 3","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk15on","cpes":["cpe:/a:redhat:amq_streams:3"]},{"vendor":"Red Hat","product":"streams for Apache Kafka 3","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcprov-jdk18on","cpes":["cpe:/a:redhat:amq_streams:3"]}]}],"metrics":{"cvssMetricV40":[{"source":"91579145-5d7b-4cc5-b925-a0262ff19630","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:A/V:X/RE:M/U:Amber","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NEGLIGIBLE","Automatable":"YES","Recovery":"AUTOMATIC","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER"}}],"cvssMetricV31":[{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-15T13:12:14.838595Z","id":"CVE-2026-0636","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"91579145-5d7b-4cc5-b925-a0262ff19630","type":"Secondary","description":[{"lang":"en","value":"CWE-90"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-90"}]}],"references":[{"url":"https://github.com/bcgit/bc-java/commit/d20cdb8430e09224114fec0179a71859929fcbde","source":"91579145-5d7b-4cc5-b925-a0262ff19630"},{"url":"https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%900636","source":"91579145-5d7b-4cc5-b925-a0262ff19630"},{"url":"https://access.redhat.com/errata/RHSA-2026:11720","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:11721","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:13631","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:14272","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:14276","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:17668","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:18054","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:18055","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:18059","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:21772","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-0636","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458641","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0636.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-5588","sourceIdentifier":"91579145-5d7b-4cc5-b925-a0262ff19630","published":"2026-04-15T10:16:49.597","lastModified":"2026-07-16T12:18:07.347","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all (pkix modules), Legion of the Bouncy Castle Inc. BCPKIX-FIPS bcpkix on All (pkix modules), Legion of the Bouncy Castle Inc. BCPIX-LTS bcpkix on All (pkix modules).\n\n This vulnerability is associated with program files JcaContentVerifierProviderBuilder.Java, JcaContentVerfierProviderBuilder.Java.\n\n\n\nThis issue affects BC-JAVA: from 1.67 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84; BCPKIX-FIPS: from 2.0.6 before 2.0.11, from 2.1.7 before 2.1.11; BCPIX-LTS: from 2.73.7 before 2.73.11."}],"affected":[{"source":"91579145-5d7b-4cc5-b925-a0262ff19630","affectedData":[{"vendor":"Legion of the Bouncy Castle Inc.","product":"BC-JAVA","defaultStatus":"unaffected","collectionURL":"https://www.bouncycastle.org/download/bouncy-castle-java/","packageName":"bcpkix","modules":["pkix"],"platforms":["all"],"programFiles":["JcaContentVerifierProviderBuilder.java"],"repo":"https://github.com/bcgit/bc-java","versions":[{"version":"1.67","lessThan":"1.80.2","versionType":"maven","status":"affected"},{"version":"1.81","lessThan":"1.81.1","versionType":"maven","status":"affected"},{"version":"1.82","lessThan":"1.84","versionType":"maven","status":"affected"}]},{"vendor":"Legion of the Bouncy Castle Inc.","product":"BCPKIX-FIPS","defaultStatus":"unaffected","collectionURL":"https://www.bouncycastle.org/download/bouncy-castle-java-fips/","packageName":"bcpkix","modules":["pkix"],"platforms":["All"],"programFiles":["JcaContentVerifierProviderBuilder.java"],"repo":"https://repo1.maven.org/maven2/org/bouncycastle/bcpkix-fips/","versions":[{"version":"2.0.6","lessThan":"2.0.11","versionType":"maven","status":"affected"},{"version":"2.1.7","lessThan":"2.1.11","versionType":"maven","status":"affected"}]},{"vendor":"Legion of the Bouncy Castle Inc.","product":"BCPIX-LTS","defaultStatus":"unaffected","collectionURL":"https://www.bouncycastle.org/download/bouncy-castle-java-lts/","packageName":"bcpkix","modules":["pkix"],"platforms":["All"],"programFiles":["JcaContentVerfierProviderBuilder.java"],"repo":"https://repo1.maven.org/maven2/org/bouncycastle/bcpkix-lts8on/","versions":[{"version":"2.73.7","lessThan":"2.73.11","versionType":"maven","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat AMQ Broker 7.12.7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcpkix-jdk18on","cpes":["cpe:/a:redhat:amq_broker:7.12"]},{"vendor":"Red Hat","product":"Red Hat AMQ Broker 7.13.5","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcpkix-jdk18on","cpes":["cpe:/a:redhat:amq_broker:7.13"]},{"vendor":"Red Hat","product":"Red Hat Build of Apache Camel 4.14 for Quarkus 3.27","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcpkix-jdk18on","cpes":["cpe:/a:redhat:apache_camel_quarkus:3.27"]},{"vendor":"Red Hat","product":"Red Hat build of Apache Camel 4.18.1 for Spring Boot 3.5.14","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcpkix-jdk15on","cpes":["cpe:/a:redhat:apache_camel_spring_boot:4.18"]},{"vendor":"Red Hat","product":"Red Hat build of Apache Camel 4.18.1 for Spring Boot 3.5.14","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcpkix-jdk18on","cpes":["cpe:/a:redhat:apache_camel_spring_boot:4.18"]},{"vendor":"Red Hat","product":"Red Hat build of Quarkus 3.20.6.SP1","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcpkix-jdk18on","cpes":["cpe:/a:redhat:quarkus:3.20::el8"]},{"vendor":"Red Hat","product":"Red Hat build of Quarkus 3.27.3.SP1","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcpkix-jdk18on","cpes":["cpe:/a:redhat:quarkus:3.27::el8"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcpkix-fips","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcpkix-jdk15on","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcpkix-jdk15to18","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcpkix-jdk18on","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-bouncycastle","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"],"versions":[{"version":"0:1.84.0-1.redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-activemq-artemis","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:2.40.0-6.redhat_00012.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-angus","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:2.0.5-1.redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-angus-activation","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:2.0.3-1.redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-bouncycastle","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:1.84.0-1.redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-eap-product-conf-parent","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:801.6.0-1.GA_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-guava-failureaccess","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:1.0.3-1.redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-guava-libraries","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:33.0.0-3.jre_redhat_00004.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-hal-console","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:3.7.19-1.Final_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-hibernate","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:6.6.48-1.Final_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-hibernate-search","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:7.2.6-1.Final_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-jakarta-activation","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:2.1.4-1.redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-jboss-logging","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:3.6.2-1.Final_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-jboss-metadata","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:16.1.0-1.Final_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-jctools","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:4.0.6-1.redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-netty","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:4.1.132-1.Final_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-netty-transport-native-epoll","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:4.1.132-1.Final_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-plexus-utils","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:3.6.1-1.redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-reactivex-rxjava","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:3.1.12-1.redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-reactivex-rxjava2","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:2.2.21-5.redhat_00003.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-wildfly","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:8.1.6-5.GA_redhat_00007.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-wildfly-client-config","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:1.0.1-4.Final_redhat_00002.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-wildfly-http-client","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:2.1.4-1.Final_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-wildfly-javadocs","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:8.1.1-10.GA_redhat_00017.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-wildfly-openssl","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:2.3.0-1.Final_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-wildfly-openssl-el9-x86_64","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:2.3.0-1.Final_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-yasson","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"],"versions":[{"version":"0:3.0.4-5.redhat_00007.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Dev Spaces 3.28","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"devspaces/openvsx-rhel9","cpes":["cpe:/a:redhat:openshift_devspaces:3.28::el9"],"versions":[{"version":"1779528224","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Dev Spaces 3.28","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"devspaces/pluginregistry-rhel9","cpes":["cpe:/a:redhat:openshift_devspaces:3.28::el9"],"versions":[{"version":"1779359423","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cryostat 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcpkix-jdk18on","cpes":["cpe:/a:redhat:cryostat:4"]},{"vendor":"Red Hat","product":"OpenShift Developer Tools and Services","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"jenkins","cpes":["cpe:/a:redhat:ocp_tools"]},{"vendor":"Red Hat","product":"OpenShift Developer Tools and Services","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"jenkins-2-plugins","cpes":["cpe:/a:redhat:ocp_tools"]},{"vendor":"Red Hat","product":"OpenShift Developer Tools and Services","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ocp-tools-4/jenkins-rhel8","cpes":["cpe:/a:redhat:ocp_tools"]},{"vendor":"Red Hat","product":"OpenShift Developer Tools and Services","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ocp-tools-4/jenkins-rhel9","cpes":["cpe:/a:redhat:ocp_tools"]},{"vendor":"Red Hat","product":"Red Hat AMQ Broker 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcpkix-jdk15on","cpes":["cpe:/a:redhat:amq_broker:7"]},{"vendor":"Red Hat","product":"Red Hat build of Apache Camel 4 for Quarkus 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcpkix-jdk18on","cpes":["cpe:/a:redhat:camel_quarkus:3"]},{"vendor":"Red Hat","product":"Red Hat build of Apicurio Registry 3","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcpkix-jdk18on","cpes":["cpe:/a:redhat:apicurio_registry:3"]},{"vendor":"Red Hat","product":"Red Hat build of Debezium 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcpkix-jdk18on","cpes":["cpe:/a:redhat:debezium:3"]},{"vendor":"Red Hat","product":"Red Hat Data Grid 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcpkix-jdk15on","cpes":["cpe:/a:redhat:jboss_data_grid:8"]},{"vendor":"Red Hat","product":"Red Hat Data Grid 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcpkix-jdk15to18","cpes":["cpe:/a:redhat:jboss_data_grid:8"]},{"vendor":"Red Hat","product":"Red Hat Data Grid 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcpkix-jdk18on","cpes":["cpe:/a:redhat:jboss_data_grid:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"pki-core:10.6/resteasy","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"pki-deps:10.6/resteasy","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"resteasy","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Fuse 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcpkix-jdk15on","cpes":["cpe:/a:redhat:jboss_fuse:7"]},{"vendor":"Red Hat","product":"Red Hat Fuse 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcpkix-jdk15to18","cpes":["cpe:/a:redhat:jboss_fuse:7"]},{"vendor":"Red Hat","product":"Red Hat Fuse 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcpkix-jdk18on","cpes":["cpe:/a:redhat:jboss_fuse:7"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcpkix-jdk15on","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcpkix-jdk18on","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcpkix-fips","cpes":["cpe:/a:redhat:jbosseapxp"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcpkix-jdk15on","cpes":["cpe:/a:redhat:jbosseapxp"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcpkix-jdk15to18","cpes":["cpe:/a:redhat:jbosseapxp"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcpkix-jdk18on","cpes":["cpe:/a:redhat:jbosseapxp"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcpkix-jdk18on-1.83.0.redhat-00001.jar","cpes":["cpe:/a:redhat:jbosseapxp"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-modelmesh-rhel8","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-modelmesh-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat Process Automation 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcpkix-jdk15on","cpes":["cpe:/a:redhat:jboss_enterprise_bpms_platform:7"]},{"vendor":"Red Hat","product":"Red Hat Process Automation 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcpkix-jdk15to18","cpes":["cpe:/a:redhat:jboss_enterprise_bpms_platform:7"]},{"vendor":"Red Hat","product":"Red Hat Satellite 6","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"candlepin","cpes":["cpe:/a:redhat:satellite:6"]},{"vendor":"Red Hat","product":"Red Hat Satellite 6","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"satellite:el8/candlepin","cpes":["cpe:/a:redhat:satellite:6"]},{"vendor":"Red Hat","product":"Red Hat Single Sign-On 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcpkix-jdk15on","cpes":["cpe:/a:redhat:red_hat_single_sign_on:7"]},{"vendor":"Red Hat","product":"streams for Apache Kafka 2","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcpkix-jdk15on","cpes":["cpe:/a:redhat:amq_streams:2"]},{"vendor":"Red Hat","product":"streams for Apache Kafka 2","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcpkix-jdk18on","cpes":["cpe:/a:redhat:amq_streams:2"]},{"vendor":"Red Hat","product":"streams for Apache Kafka 3","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcpkix-jdk15on","cpes":["cpe:/a:redhat:amq_streams:3"]},{"vendor":"Red Hat","product":"streams for Apache Kafka 3","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bcpkix-jdk18on","cpes":["cpe:/a:redhat:amq_streams:3"]}]}],"metrics":{"cvssMetricV40":[{"source":"91579145-5d7b-4cc5-b925-a0262ff19630","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"AMBER"}}],"cvssMetricV31":[{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-15T19:35:32.235455Z","id":"CVE-2026-5588","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"91579145-5d7b-4cc5-b925-a0262ff19630","type":"Secondary","description":[{"lang":"en","value":"CWE-327"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-347"}]}],"references":[{"url":"https://github.com/bcgit/bc-java/commit/656bae0dbd9b1521f840521ff786e78749fe3057","source":"91579145-5d7b-4cc5-b925-a0262ff19630"},{"url":"https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%905588","source":"91579145-5d7b-4cc5-b925-a0262ff19630"},{"url":"https://access.redhat.com/errata/RHSA-2026:11720","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:11721","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:13631","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:14272","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:14276","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:17668","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:18054","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:18055","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:18059","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:21772","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-5588","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458634","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5588.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-42039","sourceIdentifier":"security-advisories@github.com","published":"2026-04-24T18:16:30.827","lastModified":"2026-07-16T12:17:46.370","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, toFormData recursively walks nested objects with no depth limit, so a deeply nested value passed as request data crashes the Node.js process with a RangeError. This vulnerability is fixed in 1.15.1 and 0.31.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"axios","product":"axios","versions":[{"version":">= 1.0.0, < 1.15.1","status":"affected"},{"version":"< 0.31.1","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"HawtIO HawtIO 4.4.0","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"axios","cpes":["cpe:/a:redhat:apache_camel_hawtio:4.4::el9"]},{"vendor":"Red Hat","product":"Red Hat Data Grid 8.6.1","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"axios","cpes":["cpe:/a:redhat:jboss_data_grid:8"]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.10","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/console-mce-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.10::el9"],"versions":[{"version":"1780917531","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.11","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/console-mce-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.11::el9"],"versions":[{"version":"1780910888","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/console-mce-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.6::el9"],"versions":[{"version":"1778511348","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.8","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/console-mce-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.8::el9"],"versions":[{"version":"1778383863","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"multicluster engine for Kubernetes 2.9","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"multicluster-engine/console-mce-rhel9","cpes":["cpe:/a:redhat:multicluster_engine:2.9::el9"],"versions":[{"version":"1778532610","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Network Observability (NETOBSERV) 1.11.2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"network-observability/network-observability-console-plugin-rhel9","cpes":["cpe:/a:redhat:network_observ_optr:1.11::el9"],"versions":[{"version":"1778510461","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Network Observability (NETOBSERV) 1.12.1","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"network-observability/network-observability-console-plugin-pf4-rhel9","cpes":["cpe:/a:redhat:network_observ_optr:1.12::el9"],"versions":[{"version":"1780920979","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.14","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhacm2/console-rhel9","cpes":["cpe:/a:redhat:acm:2.14::el9"],"versions":[{"version":"1783451729","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.15","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhacm2/console-rhel9","cpes":["cpe:/a:redhat:acm:2.15::el9"],"versions":[{"version":"1780876734","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2.16","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhacm2/console-rhel9","cpes":["cpe:/a:redhat:acm:2.16::el9"],"versions":[{"version":"1780600823","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Security for Kubernetes 4.10","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"advanced-cluster-security/rhacs-main-rhel8","cpes":["cpe:/a:redhat:advanced_cluster_security:4.10::el8"],"versions":[{"version":"1779293013","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Security for Kubernetes 4.9","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"advanced-cluster-security/rhacs-main-rhel8","cpes":["cpe:/a:redhat:advanced_cluster_security:4.9::el8"],"versions":[{"version":"1779371594","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Developer Hub 1.8","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhdh/rhdh-hub-rhel9","cpes":["cpe:/a:redhat:rhdh:1.8::el9"],"versions":[{"version":"1779841586","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Developer Hub 1.9","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhdh/rhdh-hub-rhel9","cpes":["cpe:/a:redhat:rhdh:1.9::el9"],"versions":[{"version":"1781187342","lessThan":"*","versionType":"rpm","status":"unaffected"},{"version":"1782761244","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"discovery/discovery-ui-rhel9","cpes":["cpe:/a:redhat:discovery:2::el9"],"versions":[{"version":"1778156756","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Migration Toolkit 1.8","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhmtc/openshift-migration-ui-rhel8","cpes":["cpe:/a:redhat:rhmt:1.8::el8"],"versions":[{"version":"1780590717","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 2.25","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhoai/odh-dashboard-rhel9","cpes":["cpe:/a:redhat:openshift_ai:2.25::el9"],"versions":[{"version":"1780467029","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 2.25","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhoai/odh-mod-arch-model-registry-rhel9","cpes":["cpe:/a:redhat:openshift_ai:2.25::el9"],"versions":[{"version":"1780467147","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.20","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift4/ose-agent-installer-ui-rhel9","cpes":["cpe:/a:redhat:openshift:4.20::el9"],"versions":[{"version":"1778645099","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.21","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift4/ose-agent-installer-ui-rhel9","cpes":["cpe:/a:redhat:openshift:4.21::el9"],"versions":[{"version":"1778539338","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Dev Spaces 3.28","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"devspaces/code-rhel9","cpes":["cpe:/a:redhat:openshift_devspaces:3.28::el9"],"versions":[{"version":"1779814592","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Dev Spaces 3.28","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"devspaces/dashboard-rhel9","cpes":["cpe:/a:redhat:openshift_devspaces:3.28::el9"],"versions":[{"version":"1779341289","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Service Mesh 2.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-service-mesh/kiali-ossmc-rhel8","cpes":["cpe:/a:redhat:service_mesh:2.6::el8"],"versions":[{"version":"1778191473","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Service Mesh 2.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-service-mesh/kiali-rhel8","cpes":["cpe:/a:redhat:service_mesh:2.6::el8"],"versions":[{"version":"1778191378","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Service Mesh 3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-service-mesh/kiali-ossmc-rhel9","cpes":["cpe:/a:redhat:service_mesh:3.0::el9"],"versions":[{"version":"1778163785","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Service Mesh 3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-service-mesh/kiali-rhel9","cpes":["cpe:/a:redhat:service_mesh:3.0::el9"],"versions":[{"version":"1778164208","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Service Mesh 3.1","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-service-mesh/kiali-ossmc-rhel9","cpes":["cpe:/a:redhat:service_mesh:3.1::el9"],"versions":[{"version":"1778163935","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Service Mesh 3.1","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-service-mesh/kiali-rhel9","cpes":["cpe:/a:redhat:service_mesh:3.1::el9"],"versions":[{"version":"1778164042","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Service Mesh 3.2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-service-mesh/kiali-ossmc-rhel9","cpes":["cpe:/a:redhat:service_mesh:3.2::el9"],"versions":[{"version":"1778163792","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Service Mesh 3.2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-service-mesh/kiali-rhel9","cpes":["cpe:/a:redhat:service_mesh:3.2::el9"],"versions":[{"version":"1778163909","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Service Mesh 3.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-service-mesh/kiali-ossmc-rhel9","cpes":["cpe:/a:redhat:service_mesh:3.3::el9"],"versions":[{"version":"1778163785","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Service Mesh 3.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-service-mesh/kiali-rhel9","cpes":["cpe:/a:redhat:service_mesh:3.3::el9"],"versions":[{"version":"1778163986","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Quay 3.10","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"quay/quay-rhel8","cpes":["cpe:/a:redhat:quay:3.10::el8"],"versions":[{"version":"1779822261","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Quay 3.12","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"quay/quay-rhel8","cpes":["cpe:/a:redhat:quay:3.12::el8"],"versions":[{"version":"1779811412","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Quay 3.14","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"quay/quay-rhel8","cpes":["cpe:/a:redhat:quay:3.14::el8"],"versions":[{"version":"1779689392","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Quay 3.15","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"quay/quay-rhel8","cpes":["cpe:/a:redhat:quay:3.15::el8"],"versions":[{"version":"1780891395","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Quay 3.16","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"quay/quay-rhel9","cpes":["cpe:/a:redhat:quay:3.16::el9"],"versions":[{"version":"1779204086","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Quay 3.17","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"quay/quay-rhel9","cpes":["cpe:/a:redhat:quay:3.17::el9"],"versions":[{"version":"1779922205","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Quay 3.9","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"quay/quay-rhel8","cpes":["cpe:/a:redhat:quay:3.9::el8"],"versions":[{"version":"1779811473","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Satellite 6.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"satellite/iop-advisor-frontend-rhel9","cpes":["cpe:/a:redhat:satellite:6.18::el9"],"versions":[{"version":"1781181673","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Satellite 6.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"satellite/iop-vulnerability-frontend-rhel9","cpes":["cpe:/a:redhat:satellite:6.18::el9"],"versions":[{"version":"1781032495","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cryostat 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"axios","cpes":["cpe:/a:redhat:cryostat:4"]},{"vendor":"Red Hat","product":"Gatekeeper 3","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gatekeeper/gatekeeper-rhel9","cpes":["cpe:/a:redhat:gatekeeper:3"]},{"vendor":"Red Hat","product":"Migration Toolkit for Applications 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"mta/mta-ui-rhel8","cpes":["cpe:/a:redhat:migration_toolkit_applications:8"]},{"vendor":"Red Hat","product":"Migration Toolkit for Applications 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"mta/mta-ui-rhel9","cpes":["cpe:/a:redhat:migration_toolkit_applications:8"]},{"vendor":"Red Hat","product":"Network Observability Operator","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"network-observability/network-observability-console-plugin-compat-rhel9","cpes":["cpe:/a:redhat:network_observ_optr:1"]},{"vendor":"Red Hat","product":"OpenShift Pipelines","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-pipelines/pipelines-hub-ui-rhel8","cpes":["cpe:/a:redhat:openshift_pipelines:1"]},{"vendor":"Red Hat","product":"OpenShift Pipelines","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-pipelines/pipelines-hub-ui-rhel9","cpes":["cpe:/a:redhat:openshift_pipelines:1"]},{"vendor":"Red Hat","product":"OpenShift Service Mesh 3","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-service-mesh/kiali-operator-bundle","cpes":["cpe:/a:redhat:service_mesh:3"]},{"vendor":"Red Hat","product":"OpenShift Service Mesh 3","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-service-mesh/kiali-rhel9-operator","cpes":["cpe:/a:redhat:service_mesh:3"]},{"vendor":"Red Hat","product":"Red Hat 3scale API Management Platform 2","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"3scale-amp21/system","cpes":["cpe:/a:redhat:red_hat_3scale_amp:2"]},{"vendor":"Red Hat","product":"Red Hat 3scale API Management Platform 2","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"3scale-amp22/system","cpes":["cpe:/a:redhat:red_hat_3scale_amp:2"]},{"vendor":"Red Hat","product":"Red Hat 3scale API Management Platform 2","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"3scale-amp2/system-rhel7","cpes":["cpe:/a:redhat:red_hat_3scale_amp:2"]},{"vendor":"Red Hat","product":"Red Hat 3scale API Management Platform 2","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"3scale-amp2/system-rhel8","cpes":["cpe:/a:redhat:red_hat_3scale_amp:2"]},{"vendor":"Red Hat","product":"Red Hat 3scale API Management Platform 2","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"3scale-amp2/system-rhel9","cpes":["cpe:/a:redhat:red_hat_3scale_amp:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-26/gateway-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform/automation-dashboard-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"automation-controller","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"automation-gateway","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"automation-hub","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"automation-platform-ui","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"python3.11-galaxy-ng","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"python3.12-galaxy-ng","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"python3x-galaxy-ng","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"python-galaxy-ng","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat build of Apicurio Registry 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"axios","cpes":["cpe:/a:redhat:service_registry:2"]},{"vendor":"Red Hat","product":"Red Hat build of Apicurio Registry 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"apicurio/apicurio-registry-ui-rhel8","cpes":["cpe:/a:redhat:apicurio_registry:3"]},{"vendor":"Red Hat","product":"Red Hat build of Apicurio Registry 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"apicurio/apicurio-registry-ui-rhel9","cpes":["cpe:/a:redhat:apicurio_registry:3"]},{"vendor":"Red Hat","product":"Red Hat Build of Podman Desktop - Tech Preview","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhdesktop/rh-podman-desktop-ext-openshift-local-rhel10","cpes":["cpe:/a:redhat:podman_desktop:0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"grafana","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"grafana","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhelai3/bootc-cuda-rhel9","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhelai3/bootc-rocm-rhel9","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhelai3/disk-image-cuda-rhel9","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"Red Hat Fuse 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"axios","cpes":["cpe:/a:redhat:jboss_fuse:7"]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"boost","cpes":["cpe:/a:redhat:hummingbird:1"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-dashboard-rhel8","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-mod-arch-gen-ai-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-mod-arch-maas-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift3/ose-console","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-console","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-console-rhel9","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-monitoring-plugin-rhel9","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Virtualization 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"container-native-virtualization/kubevirt-console-plugin","cpes":["cpe:/a:redhat:container_native_virtualization:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Virtualization 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"container-native-virtualization/kubevirt-console-plugin-rhel9","cpes":["cpe:/a:redhat:container_native_virtualization:4"]},{"vendor":"Red Hat","product":"Red Hat Process Automation 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"axios","cpes":["cpe:/a:redhat:jboss_enterprise_bpms_platform:7"]},{"vendor":"Red Hat","product":"Red Hat Satellite 6","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"satellite/iop-host-inventory-frontend-rhel9","cpes":["cpe:/a:redhat:satellite:6"]},{"vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhtas/rhtas-console-ui-rhel9","cpes":["cpe:/a:redhat:trusted_artifact_signer:1"]},{"vendor":"Red Hat","product":"Red Hat Trusted Profile Analyzer","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhtpa/rhtpa-trustification-service-rhel9","cpes":["cpe:/a:redhat:trusted_profile_analyzer:2"]},{"vendor":"Red Hat","product":"Self-service automation portal 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform/automation-portal","cpes":["cpe:/a:redhat:ansible_portal:2"]},{"vendor":"Red Hat","product":"streams for Apache Kafka 2","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"axios","cpes":["cpe:/a:redhat:amq_streams:2"]},{"vendor":"Red Hat","product":"streams for Apache Kafka 3","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"axios","cpes":["cpe:/a:redhat:amq_streams:3"]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-24T18:14:11.509943Z","id":"CVE-2026-42039","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-674"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:axios:axios:*:*:*:*:*:node.js:*:*","versionEndExcluding":"0.31.1","matchCriteriaId":"7D2B28C9-026E-4CD6-BD17-7EDD42108106"},{"vulnerable":true,"criteria":"cpe:2.3:a:axios:axios:*:*:*:*:*:node.js:*:*","versionStartIncluding":"1.0.0","versionEndExcluding":"1.15.1","matchCriteriaId":"3EC1EF30-EBB8-410B-90FB-1F18A3545C2E"}]}]}],"references":[{"url":"https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:14937","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:16476","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:16532","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:16534","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:16535","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:16542","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:16874","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:17468","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:17474","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:17657","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:17699","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:19109","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:19375","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:20889","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:20938","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:21017","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:21338","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:21772","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:22465","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:22619","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:22629","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:22840","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:23361","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:24473","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:24536","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:24539","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:24853","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:24977","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:25041","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:25089","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:25271","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:25273","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:26214","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:26225","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:26234","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33574","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36882","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-42039","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461630","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42039.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-6321","sourceIdentifier":"ce714d77-add3-4f53-aff5-83d477b104bb","published":"2026-05-04T20:16:20.950","lastModified":"2026-07-16T12:18:07.853","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"fast-uri decoded percent-encoded path separators and dot segments before applying dot-segment removal in its normalize() and equal() functions. Encoded path data was treated like real slashes and parent-directory references, so distinct URIs could collapse onto the same normalized path. Applications that normalize or compare attacker-controlled URLs to enforce path-based policy can be bypassed, with a path that appears confined under an allowed prefix normalizing to a different location. Versions <= 3.1.0 are affected. Update to 3.1.1 or later."}],"affected":[{"source":"ce714d77-add3-4f53-aff5-83d477b104bb","affectedData":[{"vendor":"fast-uri","product":"fast-uri","defaultStatus":"unaffected","packageURL":"pkg:npm/fast-uri","versions":[{"version":"0","lessThan":"3.1.1","versionType":"semver","status":"affected"},{"version":"3.1.1","versionType":"semver","status":"unaffected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"HawtIO HawtIO 4.4.0","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"io.hawt-project","cpes":["cpe:/a:redhat:apache_camel_hawtio:4.4::el9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rh-podman-desktop","cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"versions":[{"version":"0:1.1.1-1.el10_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cluster Observability Operator 1.5.0","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"cluster-observability-operator/distributed-tracing-console-plugin-pf4-rhel9","cpes":["cpe:/a:redhat:cluster_observability_operator:1.5::el9"],"versions":[{"version":"1782840519","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cluster Observability Operator 1.5.0","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"cluster-observability-operator/distributed-tracing-console-plugin-pf5-rhel9","cpes":["cpe:/a:redhat:cluster_observability_operator:1.5::el9"],"versions":[{"version":"1782839981","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cluster Observability Operator 1.5.0","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"cluster-observability-operator/distributed-tracing-console-plugin-pf6-rhel9","cpes":["cpe:/a:redhat:cluster_observability_operator:1.5::el9"],"versions":[{"version":"1782839193","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cluster Observability Operator 1.5.0","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"cluster-observability-operator/distributed-tracing-console-plugin-rhel9","cpes":["cpe:/a:redhat:cluster_observability_operator:1.5::el9"],"versions":[{"version":"1782838753","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cluster Observability Operator 1.5.0","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"cluster-observability-operator/logging-console-plugin-pf4-rhel9","cpes":["cpe:/a:redhat:cluster_observability_operator:1.5::el9"],"versions":[{"version":"1782839279","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cluster Observability Operator 1.5.0","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"cluster-observability-operator/logging-console-plugin-pf5-rhel9","cpes":["cpe:/a:redhat:cluster_observability_operator:1.5::el9"],"versions":[{"version":"1782840539","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cluster Observability Operator 1.5.0","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"cluster-observability-operator/logging-console-plugin-rhel9","cpes":["cpe:/a:redhat:cluster_observability_operator:1.5::el9"],"versions":[{"version":"1782841925","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cluster Observability Operator 1.5.0","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"cluster-observability-operator/monitoring-console-plugin-rhel9","cpes":["cpe:/a:redhat:cluster_observability_operator:1.5::el9"],"versions":[{"version":"1782838476","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cluster Observability Operator 1.5.0","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"cluster-observability-operator/troubleshooting-panel-console-plugin-pf6-rhel9","cpes":["cpe:/a:redhat:cluster_observability_operator:1.5::el9"],"versions":[{"version":"1782839996","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cluster Observability Operator 1.5.0","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"cluster-observability-operator/troubleshooting-panel-console-plugin-rhel9","cpes":["cpe:/a:redhat:cluster_observability_operator:1.5::el9"],"versions":[{"version":"1782839494","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Network Observability (NETOBSERV) 1.12.1","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"network-observability/network-observability-console-plugin-rhel9","cpes":["cpe:/a:redhat:network_observ_optr:1.12::el9"],"versions":[{"version":"1780556069","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"ansible-automation-platform-25/lightspeed-rhel8","cpes":["cpe:/a:redhat:ansible_automation_platform:2.5::el8"],"versions":[{"version":"1780082949","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"ansible-automation-platform-26/lightspeed-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2.6::el9"],"versions":[{"version":"1779784904","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"ansible-automation-platform-tech-preview/mcp-server-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2.6::el9"],"versions":[{"version":"1779783248","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Developer Hub 1.8","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhdh/rhdh-hub-rhel9","cpes":["cpe:/a:redhat:rhdh:1.8::el9"],"versions":[{"version":"1779841586","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Developer Hub 1.9","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhdh/rhdh-hub-rhel9","cpes":["cpe:/a:redhat:rhdh:1.9::el9"],"versions":[{"version":"1781187342","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"discovery/discovery-ui-rhel9","cpes":["cpe:/a:redhat:discovery:2::el9"],"versions":[{"version":"1779395188","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 2.25","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhoai/odh-dashboard-rhel9","cpes":["cpe:/a:redhat:openshift_ai:2.25::el9"],"versions":[{"version":"1780467029","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 2.25","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhoai/odh-mod-arch-model-registry-rhel9","cpes":["cpe:/a:redhat:openshift_ai:2.25::el9"],"versions":[{"version":"1780467147","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.16","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/cephcsi-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.16::el9"],"versions":[{"version":"1781183284","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.16","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/mcg-core-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.16::el9"],"versions":[{"version":"1781183499","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.16","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/mcg-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.16::el9"],"versions":[{"version":"1780663368","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.16","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-client-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.16::el9"],"versions":[{"version":"1781184121","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.16","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-client-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.16::el9"],"versions":[{"version":"1780663596","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.16","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-metrics-exporter-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.16::el9"],"versions":[{"version":"1781183713","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.16","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.16::el9"],"versions":[{"version":"1780663548","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.16","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-cli-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.16::el9"],"versions":[{"version":"1781183811","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.16","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.16::el9"],"versions":[{"version":"1781184611","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.16","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-cosi-sidecar-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.16::el9"],"versions":[{"version":"1780663638","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.16","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-csi-addons-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.16::el9"],"versions":[{"version":"1780663861","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.16","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-csi-addons-sidecar-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.16::el9"],"versions":[{"version":"1780663920","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.16","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-multicluster-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.16::el9"],"versions":[{"version":"1781184484","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.16","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-multicluster-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.16::el9"],"versions":[{"version":"1780663886","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.16","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-must-gather-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.16::el9"],"versions":[{"version":"1781184239","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.16","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.16::el9"],"versions":[{"version":"1780664089","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.16","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odr-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.16::el9"],"versions":[{"version":"1780664140","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.16","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/rook-ceph-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.16::el9"],"versions":[{"version":"1781184468","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/cephcsi-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"1781555717","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/cephcsi-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"1781554936","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/mcg-core-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"1781555645","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/mcg-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"1781556009","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-client-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"1781558423","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-client-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"1781555708","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-metrics-exporter-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"1781557202","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"1781555679","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-cli-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"1781557189","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"1781556534","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-cosi-sidecar-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"1781556085","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-csi-addons-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"1781555971","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-csi-addons-sidecar-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"1781557158","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-multicluster-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"1781556690","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-multicluster-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"1781558326","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-must-gather-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"1781556544","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"1781556958","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odr-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"1781556901","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/rook-ceph-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.18::el9"],"versions":[{"version":"1781557496","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.19","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/cephcsi-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.19::el9"],"versions":[{"version":"1778576707","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.19","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/cephcsi-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.19::el9"],"versions":[{"version":"1778576350","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.19","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/mcg-core-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.19::el9"],"versions":[{"version":"1778769574","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.19","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/mcg-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.19::el9"],"versions":[{"version":"1778576929","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.19","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-client-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.19::el9"],"versions":[{"version":"1778770148","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.19","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-client-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.19::el9"],"versions":[{"version":"1778576957","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.19","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-metrics-exporter-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.19::el9"],"versions":[{"version":"1779093256","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.19","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.19::el9"],"versions":[{"version":"1778577150","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.19","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-cli-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.19::el9"],"versions":[{"version":"1778577175","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.19","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-cloudnative-pg-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.19::el9"],"versions":[{"version":"1778577083","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.19","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.19::el9"],"versions":[{"version":"1778770362","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.19","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-cosi-sidecar-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.19::el9"],"versions":[{"version":"1778577169","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.19","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-csi-addons-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.19::el9"],"versions":[{"version":"1778577201","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.19","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-csi-addons-sidecar-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.19::el9"],"versions":[{"version":"1778577489","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.19","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-multicluster-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.19::el9"],"versions":[{"version":"1778770439","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.19","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-multicluster-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.19::el9"],"versions":[{"version":"1778577548","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.19","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-must-gather-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4.19::el9"],"versions":[{"version":"1778770127","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.19","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.19::el9"],"versions":[{"version":"1778577523","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.19","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odr-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.19::el9"],"versions":[{"version":"1778577519","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.19","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/rook-ceph-rhel9-operator","cpes":["cpe:/a:redhat:openshift_data_foundation:4.19::el9"],"versions":[{"version":"1778577696","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Dev Spaces 3.28","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"devspaces/dashboard-rhel9","cpes":["cpe:/a:redhat:openshift_devspaces:3.28::el9"],"versions":[{"version":"1780685176","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Satellite 6.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"satellite/iop-advisor-frontend-rhel9","cpes":["cpe:/a:redhat:satellite:6.18::el9"],"versions":[{"version":"1781181673","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Confidential Compute Attestation","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-sandboxed-containers/osc-pccs","cpes":["cpe:/a:redhat:confidential_compute_attestation:1"]},{"vendor":"Red Hat","product":"Cryostat 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"cryostat-openshift-console-plugin-npm","cpes":["cpe:/a:redhat:cryostat:4"]},{"vendor":"Red Hat","product":"OpenShift Pipelines","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-pipelines/pipelines-console-plugin-rhel8","cpes":["cpe:/a:redhat:openshift_pipelines:1"]},{"vendor":"Red Hat","product":"OpenShift Pipelines","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-pipelines/pipelines-console-plugin-rhel9","cpes":["cpe:/a:redhat:openshift_pipelines:1"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-26/gateway-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform/automation-dashboard-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"automation-gateway","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"automation-platform-ui","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Build of Podman Desktop","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"podman-desktop-macos-1-0","cpes":["cpe:/a:redhat:podman_desktop:1"]},{"vendor":"Red Hat","product":"Red Hat Build of Podman Desktop","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"podman-desktop-windows-1-0","cpes":["cpe:/a:redhat:podman_desktop:1"]},{"vendor":"Red Hat","product":"Red Hat Build of Podman Desktop - Tech Preview","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhdesktop/rh-podman-desktop-ext-bootc-rhel10","cpes":["cpe:/a:redhat:podman_desktop:0"]},{"vendor":"Red Hat","product":"Red Hat Data Grid 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"org.infinispan-infinispan-console","cpes":["cpe:/a:redhat:jboss_data_grid:8"]},{"vendor":"Red Hat","product":"Red Hat Developer Hub","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhdh/backstage-community-plugin-catalog-backend-module-scaffolder-relation-processor","cpes":["cpe:/a:redhat:rhdh:1"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"linux-sgx","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"linux-sgx","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-dashboard-rhel8","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-mlflow-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-mod-arch-gen-ai-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-mod-arch-maas-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-pipeline-runtime-datascience-cpu-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-pipeline-runtime-minimal-cpu-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-pipeline-runtime-pytorch-cuda-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-pipeline-runtime-pytorch-llmcompressor-cuda-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-pipeline-runtime-pytorch-rocm-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-pipeline-runtime-tensorflow-cuda-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-pipeline-runtime-tensorflow-rocm-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-workbench-codeserver-datascience-cpu-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-workbench-jupyter-datascience-cpu-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-workbench-jupyter-minimal-cpu-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-workbench-jupyter-minimal-cuda-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-workbench-jupyter-minimal-rocm-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-workbench-jupyter-pytorch-cuda-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-workbench-jupyter-pytorch-llmcompressor-cuda-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-workbench-jupyter-pytorch-rocm-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-workbench-jupyter-tensorflow-cuda-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-workbench-jupyter-tensorflow-rocm-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-workbench-jupyter-trustyai-cpu-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-monitoring-plugin-rhel9","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat Satellite 6","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs-compression-webpack-plugin","cpes":["cpe:/a:redhat:satellite:6"]},{"vendor":"Red Hat","product":"Red Hat Satellite 6","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs-mini-css-extract-plugin","cpes":["cpe:/a:redhat:satellite:6"]},{"vendor":"Red Hat","product":"Red Hat Satellite 6","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs-webpack","cpes":["cpe:/a:redhat:satellite:6"]},{"vendor":"Red Hat","product":"streams for Apache Kafka 2","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"com.github.streamshub-console","cpes":["cpe:/a:redhat:amq_streams:2"]},{"vendor":"Red Hat","product":"streams for Apache Kafka 3","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"com.github.streamshub-console","cpes":["cpe:/a:redhat:amq_streams:3"]}]}],"metrics":{"cvssMetricV31":[{"source":"ce714d77-add3-4f53-aff5-83d477b104bb","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-05T12:44:27.336265Z","id":"CVE-2026-6321","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ce714d77-add3-4f53-aff5-83d477b104bb","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openjsf:fast-uri:*:*:*:*:*:node.js:*:*","versionEndExcluding":"3.1.1","matchCriteriaId":"7F2ECF8E-70DB-4CD4-95E1-7DC2A622A8B8"}]}]}],"references":[{"url":"https://cna.openjsf.org/security-advisories.html","source":"ce714d77-add3-4f53-aff5-83d477b104bb","tags":["Vendor Advisory"]},{"url":"https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6","source":"ce714d77-add3-4f53-aff5-83d477b104bb","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:19238","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:20338","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:21338","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:24473","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:24766","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:24866","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:24977","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:25089","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:25123","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:26214","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:26234","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:26416","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:26420","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34342","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:37385","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-6321","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2466582","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6321.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-23479","sourceIdentifier":"security-advisories@github.com","published":"2026-05-05T17:17:02.577","lastModified":"2026-07-16T12:17:04.390","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from `processCommandAndResetClient` when re-executing a blocked command. If a blocked client is evicted during this flow, an authenticated attacker can trigger a use-after-free that may lead to remote code execution. This has been patched in version 8.6.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"redis","product":"redis","versions":[{"version":">= 7.2.0, < 8.6.3","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"valkey","cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"versions":[{"version":"0:8.0.9-1.el10_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10.0 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"valkey","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"],"versions":[{"version":"0:8.0.9-1.el10_0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"redis:7","cpes":["cpe:/a:redhat:enterprise_linux:9"],"versions":[{"version":"9080020260521083756.9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"valkey","cpes":["cpe:/a:redhat:enterprise_linux:9"],"versions":[{"version":"0:8.0.9-1.el9_8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.6 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"redis:7","cpes":["cpe:/a:redhat:rhel_eus:9.6"],"versions":[{"version":"9060020260602115714.9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"valkey-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"9.0.4-0.1.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"boost-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"1.90.0-7.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"redis:6/redis","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"redis","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-05T00:00:00+00:00","id":"CVE-2026-23479","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndExcluding":"8.6.3","matchCriteriaId":"55566536-4FD7-4A12-864D-AD60A97EDB68"}]}]}],"references":[{"url":"https://github.com/redis/redis/releases/tag/8.6.3","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/redis/redis/security/advisories/GHSA-93m2-935m-8rj3","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:14316","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:25216","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:25219","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:25925","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:26306","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:26540","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:7662","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-23479","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2466780","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-23479.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-23631","sourceIdentifier":"security-advisories@github.com","published":"2026-05-05T17:17:03.503","lastModified":"2026-07-16T12:17:04.890","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-after-free on replicas where replica-read-only is disabled or can be disabled, which may lead to remote code execution. A workaround is to prevent users from executing Lua scripts or avoid using replicas where replica-read-only is disabled. This is patched in version 8.6.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"redis","product":"redis","versions":[{"version":"< 8.6.3","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"valkey","cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"versions":[{"version":"0:8.0.9-1.el10_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10.0 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"valkey","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"],"versions":[{"version":"0:8.0.9-1.el10_0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"redis:7","cpes":["cpe:/a:redhat:enterprise_linux:9"],"versions":[{"version":"9080020260521083756.9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"valkey","cpes":["cpe:/a:redhat:enterprise_linux:9"],"versions":[{"version":"0:8.0.9-1.el9_8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"redis:7","cpes":["cpe:/a:redhat:rhel_e4s:9.4"],"versions":[{"version":"9040020260625094332.9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.6 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"redis:7","cpes":["cpe:/a:redhat:rhel_eus:9.6"],"versions":[{"version":"9060020260602115714.9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"valkey-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"9.0.4-0.1.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"redis:6/redis","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"redis","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"boost","cpes":["cpe:/a:redhat:hummingbird:1"]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-06T03:56:10.112246Z","id":"CVE-2026-23631","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*","versionEndExcluding":"8.6.3","matchCriteriaId":"D27823C5-96F2-4D85-89CF-9C5DEAC584E3"}]}]}],"references":[{"url":"https://github.com/redis/redis/releases/tag/8.6.3","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/redis/redis/security/advisories/GHSA-8ghh-qpmp-7826","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:14316","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:25216","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:25219","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:25925","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:26306","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:26540","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33444","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-23631","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2466788","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-23631.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-25243","sourceIdentifier":"security-advisories@github.com","published":"2026-05-05T17:17:03.667","lastModified":"2026-07-16T12:17:05.137","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values. An authenticated attacker with permission to execute RESTORE can supply a crafted serialized payload that triggers invalid memory access and may lead to remote code execution. A workaround is to restrict access to the RESTORE command with ACL rules. This is patched in version 8.6.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"redis","product":"redis","versions":[{"version":"< 8.6.3","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"valkey","cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"versions":[{"version":"0:8.0.9-1.el10_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10.0 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"valkey","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"],"versions":[{"version":"0:8.0.9-1.el10_0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"redis:6","cpes":["cpe:/a:redhat:enterprise_linux:8"],"versions":[{"version":"8100020260522105353.489197e6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"redis:6","cpes":["cpe:/a:redhat:rhel_aus:8.4"],"versions":[{"version":"8040020260618162855.522a0ee4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"redis:6","cpes":["cpe:/a:redhat:rhel_eus_long_life:8.4"],"versions":[{"version":"8040020260618162855.522a0ee4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"redis:6","cpes":["cpe:/a:redhat:rhel_aus:8.6"],"versions":[{"version":"8060020260623095617.ad008a3a","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"redis:6","cpes":["cpe:/a:redhat:rhel_eus_long_life:8.6"],"versions":[{"version":"8060020260623095617.ad008a3a","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Telecommunications Update Service","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"redis:6","cpes":["cpe:/a:redhat:rhel_tus:8.8"],"versions":[{"version":"8080020260626132343.63b34585","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"redis:6","cpes":["cpe:/a:redhat:rhel_e4s:8.8"],"versions":[{"version":"8080020260626132343.63b34585","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"redis","cpes":["cpe:/a:redhat:enterprise_linux:9"],"versions":[{"version":"0:6.2.22-1.el9_8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"redis:7","cpes":["cpe:/a:redhat:enterprise_linux:9"],"versions":[{"version":"9080020260521083756.9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"valkey","cpes":["cpe:/a:redhat:enterprise_linux:9"],"versions":[{"version":"0:8.0.9-1.el9_8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"redis","cpes":["cpe:/a:redhat:rhel_e4s:9.2"],"versions":[{"version":"0:6.2.7-1.el9_2.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"redis","cpes":["cpe:/a:redhat:rhel_e4s:9.4"],"versions":[{"version":"0:6.2.7-1.el9_4.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"redis:7","cpes":["cpe:/a:redhat:rhel_e4s:9.4"],"versions":[{"version":"9040020260618054637.9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.6 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"redis","cpes":["cpe:/a:redhat:rhel_eus:9.6"],"versions":[{"version":"0:6.2.22-1.el9_6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.6 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"redis:7","cpes":["cpe:/a:redhat:rhel_eus:9.6"],"versions":[{"version":"9060020260602115714.9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"valkey-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"9.0.4-0.1.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"boost","cpes":["cpe:/a:redhat:hummingbird:1"]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-06T03:56:11.272472Z","id":"CVE-2026-25243","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*","versionEndExcluding":"8.6.3","matchCriteriaId":"D27823C5-96F2-4D85-89CF-9C5DEAC584E3"}]}]}],"references":[{"url":"https://github.com/redis/redis/releases/tag/8.6.3","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/redis/redis/security/advisories/GHSA-c8h9-259x-jff4","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:14316","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:23229","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:25216","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:25219","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:25925","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:26008","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:26233","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:26306","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:26540","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:27716","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:27787","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:28139","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:28142","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:29817","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33427","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-25243","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2466828","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25243.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-42258","sourceIdentifier":"security-advisories@github.com","published":"2026-05-09T20:16:28.623","lastModified":"2026-07-16T12:17:48.950","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol arguments passed to IMAP commands. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"ruby","product":"net-imap","versions":[{"version":"< 0.4.24","status":"affected"},{"version":">= 0.5.0, < 0.5.14","status":"affected"},{"version":">= 0.6.0, < 0.6.4","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ruby4.0","cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"versions":[{"version":"0:4.0.3-35.el10_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ruby","cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"versions":[{"version":"0:3.3.10-13.el10_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10.0 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ruby","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"],"versions":[{"version":"0:3.3.10-11.el10_0.2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7 Extended Lifecycle Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ruby","cpes":["cpe:/o:redhat:rhel_els:7"],"versions":[{"version":"0:2.0.0.648-39.el7_9.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ruby:2.5","cpes":["cpe:/a:redhat:enterprise_linux:8"],"versions":[{"version":"8100020260615131019.489197e6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ruby:3.3","cpes":["cpe:/a:redhat:enterprise_linux:8"],"versions":[{"version":"8100020260615131010.489197e6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ruby:2.5","cpes":["cpe:/a:redhat:rhel_aus:8.4"],"versions":[{"version":"8040020260630124058.522a0ee4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ruby:2.5","cpes":["cpe:/a:redhat:rhel_eus_long_life:8.4"],"versions":[{"version":"8040020260630124058.522a0ee4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ruby:2.5","cpes":["cpe:/a:redhat:rhel_aus:8.6"],"versions":[{"version":"8060020260630123825.ad008a3a","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ruby:2.5","cpes":["cpe:/a:redhat:rhel_eus_long_life:8.6"],"versions":[{"version":"8060020260630123825.ad008a3a","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Telecommunications Update Service","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ruby:2.5","cpes":["cpe:/a:redhat:rhel_tus:8.8"],"versions":[{"version":"8080020260625114827.63b34585","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ruby:2.5","cpes":["cpe:/a:redhat:rhel_e4s:8.8"],"versions":[{"version":"8080020260625114827.63b34585","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ruby","cpes":["cpe:/a:redhat:enterprise_linux:9"],"versions":[{"version":"0:3.0.7-167.el9_8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ruby:3.3","cpes":["cpe:/a:redhat:enterprise_linux:9"],"versions":[{"version":"9080020260615131001.9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ruby:4.0","cpes":["cpe:/a:redhat:enterprise_linux:9"],"versions":[{"version":"9080020260619130154.9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ruby","cpes":["cpe:/a:redhat:rhel_e4s:9.2"],"versions":[{"version":"0:3.0.4-161.el9_2.3","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ruby","cpes":["cpe:/a:redhat:rhel_e4s:9.4"],"versions":[{"version":"0:3.0.7-162.el9_4.3","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ruby:3.3","cpes":["cpe:/a:redhat:rhel_e4s:9.4"],"versions":[{"version":"9040020260630065449.9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.6 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ruby","cpes":["cpe:/a:redhat:rhel_eus:9.6"],"versions":[{"version":"0:3.0.7-165.el9_6.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.6 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ruby:3.3","cpes":["cpe:/a:redhat:rhel_eus:9.6"],"versions":[{"version":"9060020260630075016.9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ruby3-4-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"3.4.9-31.4.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat 3scale API Management Platform 2","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"3scale-amp21/system","cpes":["cpe:/a:redhat:red_hat_3scale_amp:2"]},{"vendor":"Red Hat","product":"Red Hat 3scale API Management Platform 2","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"3scale-amp21/zync","cpes":["cpe:/a:redhat:red_hat_3scale_amp:2"]},{"vendor":"Red Hat","product":"Red Hat 3scale API Management Platform 2","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"3scale-amp22/system","cpes":["cpe:/a:redhat:red_hat_3scale_amp:2"]},{"vendor":"Red Hat","product":"Red Hat 3scale API Management Platform 2","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"3scale-amp22/zync","cpes":["cpe:/a:redhat:red_hat_3scale_amp:2"]},{"vendor":"Red Hat","product":"Red Hat 3scale API Management Platform 2","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"3scale-amp2/system-rhel7","cpes":["cpe:/a:redhat:red_hat_3scale_amp:2"]},{"vendor":"Red Hat","product":"Red Hat 3scale API Management Platform 2","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"3scale-amp2/system-rhel8","cpes":["cpe:/a:redhat:red_hat_3scale_amp:2"]},{"vendor":"Red Hat","product":"Red Hat 3scale API Management Platform 2","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"3scale-amp2/system-rhel9","cpes":["cpe:/a:redhat:red_hat_3scale_amp:2"]},{"vendor":"Red Hat","product":"Red Hat 3scale API Management Platform 2","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"3scale-amp2/zync-rhel8","cpes":["cpe:/a:redhat:red_hat_3scale_amp:2"]},{"vendor":"Red Hat","product":"Red Hat 3scale API Management Platform 2","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"3scale-amp2/zync-rhel9","cpes":["cpe:/a:redhat:red_hat_3scale_amp:2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ruby","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ruby3.3","cpes":["cpe:/a:redhat:hummingbird:1"]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ruby4.0","cpes":["cpe:/a:redhat:hummingbird:1"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-workbench-codeserver-datascience-cpu-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Dev Spaces","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"devspaces/code-rhel9","cpes":["cpe:/a:redhat:openshift_devspaces:3"]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.0,"impactScore":4.2},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-11T14:57:16.635329Z","id":"CVE-2026-42258","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-77"},{"lang":"en","value":"CWE-93"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-93"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ruby-lang:net\\:\\:imap:*:*:*:*:*:ruby:*:*","versionEndExcluding":"0.4.24","matchCriteriaId":"05DB8FF3-7546-470A-BBB4-4DCAEAD83D6F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ruby-lang:net\\:\\:imap:*:*:*:*:*:ruby:*:*","versionStartIncluding":"0.5.0","versionEndExcluding":"0.5.14","matchCriteriaId":"2CCEB891-1D8F-4431-A79C-2A7560A84F4E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ruby-lang:net\\:\\:imap:*:*:*:*:*:ruby:*:*","versionStartIncluding":"0.6.0","versionEndExcluding":"0.6.4","matchCriteriaId":"9A6D1995-BFA3-490F-967D-252CA7BE2264"}]}]}],"references":[{"url":"https://github.com/ruby/net-imap/releases/tag/v0.4.24","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/ruby/net-imap/releases/tag/v0.5.14","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/ruby/net-imap/releases/tag/v0.6.4","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/ruby/net-imap/security/advisories/GHSA-75xq-5h9v-w6px","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:33462","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33512","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33514","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33515","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33540","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33565","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33576","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33577","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33630","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34076","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35447","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35834","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35866","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35867","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35895","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36099","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:37238","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:37397","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-42258","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2468498","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42258.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-42338","sourceIdentifier":"security-advisories@github.com","published":"2026-05-12T20:16:41.130","lastModified":"2026-07-16T12:17:49.867","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group() and Address6.link() do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage (emitted by the Address6 constructor for invalid input) can contain unescaped attacker-controlled content in one branch. An application that (1) passes untrusted input to Address6 and (2) renders the output of these methods, or the thrown error's parseMessage, as HTML (e.g. via innerHTML) is vulnerable to cross-site scripting. This vulnerability is fixed in 10.1.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"beaugunderson","product":"ip-address","versions":[{"version":"< 10.1.1","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs24","cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"versions":[{"version":"1:24.18.0-1.el10_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs22","cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"versions":[{"version":"1:22.23.1-2.el10_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10.0 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs22","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"],"versions":[{"version":"1:22.23.1-2.el10_0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs:24","cpes":["cpe:/a:redhat:enterprise_linux:8"],"versions":[{"version":"8100020260630152626.6d880403","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs:24","cpes":["cpe:/a:redhat:enterprise_linux:9"],"versions":[{"version":"9080020260626074955.rhel9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs:22","cpes":["cpe:/a:redhat:enterprise_linux:9"],"versions":[{"version":"9080020260626075442.rhel9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"ansible-automation-platform-tech-preview/mcp-server-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2.6::el9"],"versions":[{"version":"1782721130","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Developer Hub 1.10","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhdh/rhdh-hub-rhel9","cpes":["cpe:/a:redhat:rhdh:1.10::el9"],"versions":[{"version":"1783448184","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Developer Hub 1.9","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhdh/rhdh-hub-rhel9","cpes":["cpe:/a:redhat:rhdh:1.9::el9"],"versions":[{"version":"1782761244","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Dev Spaces 3.29","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"devspaces/code-rhel9","cpes":["cpe:/a:redhat:openshift_devspaces:3.29::el9"],"versions":[{"version":"1782498475","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Dev Spaces 3.29","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"devspaces/dashboard-rhel9","cpes":["cpe:/a:redhat:openshift_devspaces:3.29::el9"],"versions":[{"version":"1782498792","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Service Mesh 2.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-service-mesh/kiali-ossmc-rhel8","cpes":["cpe:/a:redhat:service_mesh:2.6::el8"],"versions":[{"version":"1781937133","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Service Mesh 2.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-service-mesh/kiali-rhel8","cpes":["cpe:/a:redhat:service_mesh:2.6::el8"],"versions":[{"version":"1782287580","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Service Mesh 3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-service-mesh/kiali-ossmc-rhel9","cpes":["cpe:/a:redhat:service_mesh:3.0::el9"],"versions":[{"version":"1782201894","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Service Mesh 3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-service-mesh/kiali-rhel9","cpes":["cpe:/a:redhat:service_mesh:3.0::el9"],"versions":[{"version":"1782201833","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Service Mesh 3.1","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-service-mesh/kiali-ossmc-rhel9","cpes":["cpe:/a:redhat:service_mesh:3.1::el9"],"versions":[{"version":"1782201696","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Service Mesh 3.1","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-service-mesh/kiali-rhel9","cpes":["cpe:/a:redhat:service_mesh:3.1::el9"],"versions":[{"version":"1782201537","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Service Mesh 3.2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-service-mesh/kiali-ossmc-rhel9","cpes":["cpe:/a:redhat:service_mesh:3.2::el9"],"versions":[{"version":"1782201851","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Service Mesh 3.2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-service-mesh/kiali-rhel9","cpes":["cpe:/a:redhat:service_mesh:3.2::el9"],"versions":[{"version":"1782201812","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Service Mesh 3.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-service-mesh/kiali-ossmc-rhel9","cpes":["cpe:/a:redhat:service_mesh:3.3::el9"],"versions":[{"version":"1782231869","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Service Mesh 3.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-service-mesh/kiali-rhel9","cpes":["cpe:/a:redhat:service_mesh:3.3::el9"],"versions":[{"version":"1782201466","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Confidential Compute Attestation","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-sandboxed-containers/osc-pccs","cpes":["cpe:/a:redhat:confidential_compute_attestation:1"]},{"vendor":"Red Hat","product":"Cryostat 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"cryostat/cryostat-openshift-console-plugin-rhel9","cpes":["cpe:/a:redhat:cryostat:4"]},{"vendor":"Red Hat","product":"Cryostat 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"cryostat-openshift-console-plugin-npm","cpes":["cpe:/a:redhat:cryostat:4"]},{"vendor":"Red Hat","product":"Exploit Intelligence","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"exploit-intelligence-tech-preview/vulnerability-analysis-rhel9","cpes":["cpe:/a:redhat:exploit_intelligence:0"]},{"vendor":"Red Hat","product":"Migration Toolkit for Containers","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhmtc/openshift-migration-ui-rhel8","cpes":["cpe:/a:redhat:rhmt:1"]},{"vendor":"Red Hat","product":"Multicluster Engine for Kubernetes","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"multicluster-engine/console-mce-rhel9","cpes":["cpe:/a:redhat:multicluster_engine"]},{"vendor":"Red Hat","product":"OpenShift Pipelines","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-pipelines/pipelines-console-plugin-rhel8","cpes":["cpe:/a:redhat:openshift_pipelines:1"]},{"vendor":"Red Hat","product":"OpenShift Pipelines","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-pipelines/pipelines-console-plugin-rhel9","cpes":["cpe:/a:redhat:openshift_pipelines:1"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhacm2/console-rhel9","cpes":["cpe:/a:redhat:acm:2"]},{"vendor":"Red Hat","product":"Red Hat AMQ Broker 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ip-address","cpes":["cpe:/a:redhat:amq_broker:7"]},{"vendor":"Red Hat","product":"Red Hat build of Apache Camel for Spring Boot 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ip-address","cpes":["cpe:/a:redhat:camel_spring_boot:4"]},{"vendor":"Red Hat","product":"Red Hat build of Apache Camel - HawtIO 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ip-address","cpes":["cpe:/a:redhat:apache_camel_hawtio:4"]},{"vendor":"Red Hat","product":"Red Hat Build of Podman Desktop","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rh-podman-desktop.git","cpes":["cpe:/a:redhat:podman_desktop:1"]},{"vendor":"Red Hat","product":"Red Hat Build of Podman Desktop - Tech Preview","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhdesktop/rh-podman-desktop-ext-sandbox-rhel10","cpes":["cpe:/a:redhat:podman_desktop:0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rust","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rust","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhelai3/bootc-cuda-rhel9","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhelai3/bootc-gaudi-rhel9","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhelai3/bootc-rocm-rhel9","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhelai3/disk-image-cuda-rhel9","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rust","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rust","cpes":["cpe:/a:redhat:hummingbird:1"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-workbench-codeserver-datascience-cpu-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-agent-installer-ui-rhel9","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-console-rhel9","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Dev Spaces","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"devspaces/openvsx-rhel9","cpes":["cpe:/a:redhat:openshift_devspaces:3"]},{"vendor":"Red Hat","product":"Red Hat Satellite 6","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"satellite/iop-remediations-rhel9","cpes":["cpe:/a:redhat:satellite:6"]},{"vendor":"Red Hat","product":"Self-service automation portal 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform/automation-portal","cpes":["cpe:/a:redhat:ansible_portal:2"]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-13T14:46:11.633277Z","id":"CVE-2026-42338","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:beaugunderson:ip-address:*:*:*:*:*:node.js:*:*","versionEndExcluding":"10.1.1","matchCriteriaId":"2A574108-EE16-449B-8729-B727C061036B"}]}]}],"references":[{"url":"https://github.com/beaugunderson/ip-address/security/advisories/GHSA-v2v4-37r5-5v8g","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:33155","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33160","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33163","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33173","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33183","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33574","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34374","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35841","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35842","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35891","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35892","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36754","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36820","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:39246","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:39868","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-42338","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2476810","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://github.com/beaugunderson/ip-address/security/advisories/GHSA-v2v4-37r5-5v8g","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42338.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-44573","sourceIdentifier":"security-advisories@github.com","published":"2026-05-13T17:16:22.627","lastModified":"2026-07-16T12:17:57.917","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, Applications using the Pages Router with i18n configured and middleware/proxy-based authorization can allow unauthorized access to protected page data through locale-less /_next/data/<buildId>/<page>.json requests. In affected configurations, middleware does not run for the unprefixed data route, allowing an attacker to retrieve SSR JSON for protected pages without passing the intended authorization checks. This vulnerability is fixed in 15.5.16 and 16.2.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"vercel","product":"next.js","versions":[{"version":">= 12.2.0, < 15.5.16","status":"affected"},{"version":">= 16.0.0, < 16.2.5","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Streams for Apache Kafka 2.9.4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"next","cpes":["cpe:/a:redhat:amq_streams:2.9::el9"]},{"vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer 1.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhtas/rekor-search-ui-rhel9","cpes":["cpe:/a:redhat:trusted_artifact_signer:1.3::el9"],"versions":[{"version":"1783958622","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer 1.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhtas/rekor-search-ui-rhel9","cpes":["cpe:/a:redhat:trusted_artifact_signer:1.4::el9"],"versions":[{"version":"1783327185","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"firefox","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"thunderbird","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"firefox","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"firefox","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"thunderbird","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"firefox","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"thunderbird","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhelai3/bootc-cuda-rhel9","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhelai3/bootc-gaudi-rhel9","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhelai3/bootc-rocm-rhel9","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhelai3/disk-image-cuda-rhel9","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"streams for Apache Kafka 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"next","cpes":["cpe:/a:redhat:amq_streams:3"]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-13T18:10:30.422168Z","id":"CVE-2026-44573","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-551"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*","versionStartIncluding":"12.2.0","versionEndExcluding":"15.5.16","matchCriteriaId":"31A12CFA-9A52-4285-B5F3-E5FAD69DF477"},{"vulnerable":true,"criteria":"cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*","versionStartIncluding":"16.0.0","versionEndExcluding":"16.2.5","matchCriteriaId":"27C5CF7A-7A33-4BE4-B8FD-10BFD813204A"}]}]}],"references":[{"url":"https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:34608","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:37272","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:40974","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-44573","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477199","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44573.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-44574","sourceIdentifier":"security-advisories@github.com","published":"2026-05-13T17:16:22.767","lastModified":"2026-07-16T12:17:58.150","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Next.js is a React framework for building full-stack web applications. From 15.4.0 to before 15.5.16 and 16.2.5, applications that rely on middleware to protect dynamic routes can be vulnerable to authorization bypass. In affected deployments, specially crafted query parameters can alter the dynamic route value seen by the page while leaving the visible path unchanged, which can allow protected content to be rendered without passing the expected middleware check. This vulnerability is fixed in 15.5.16 and 16.2.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"vercel","product":"next.js","versions":[{"version":">= 15.4.0, < 15.5.16","status":"affected"},{"version":">= 16.0.0, < 16.2.5","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Streams for Apache Kafka 2.9.4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"next","cpes":["cpe:/a:redhat:amq_streams:2.9::el9"]},{"vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer 1.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhtas/rekor-search-ui-rhel9","cpes":["cpe:/a:redhat:trusted_artifact_signer:1.3::el9"],"versions":[{"version":"1783958622","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer 1.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhtas/rekor-search-ui-rhel9","cpes":["cpe:/a:redhat:trusted_artifact_signer:1.4::el9"],"versions":[{"version":"1783327185","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"firefox","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"thunderbird","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"firefox","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"firefox","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"thunderbird","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"firefox","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"thunderbird","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhelai3/bootc-cuda-rhel9","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhelai3/bootc-gaudi-rhel9","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhelai3/bootc-rocm-rhel9","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhelai3/disk-image-cuda-rhel9","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"streams for Apache Kafka 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"next","cpes":["cpe:/a:redhat:amq_streams:3"]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-14T03:56:41.192368Z","id":"CVE-2026-44574","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-288"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-551"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*","versionStartIncluding":"15.4.0","versionEndExcluding":"15.5.16","matchCriteriaId":"A54845B2-F643-440A-B0E6-7619A18429FB"},{"vulnerable":true,"criteria":"cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*","versionStartIncluding":"16.0.0","versionEndExcluding":"16.2.5","matchCriteriaId":"27C5CF7A-7A33-4BE4-B8FD-10BFD813204A"}]}]}],"references":[{"url":"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:34608","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:37272","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:40974","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-44574","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477207","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44574.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-44575","sourceIdentifier":"security-advisories@github.com","published":"2026-05-13T17:16:22.907","lastModified":"2026-07-16T12:17:58.380","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.16 and 16.2.5, App Router applications that rely on middleware or proxy-based checks for authorization can allow unauthorized access through transport-specific route variants used for segment prefetching. In affected configurations, specially crafted .rsc and segment-prefetch URLs can resolve to the same page without being matched by the intended middleware rule, which can allow protected content to be reached without the expected authorization check. This vulnerability is fixed in 15.5.16 and 16.2.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"vercel","product":"next.js","versions":[{"version":">= 16.0.0, < 16.2.5","status":"affected"},{"version":">= 15.2.0, < 15.5.16","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Streams for Apache Kafka 2.9.4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"next","cpes":["cpe:/a:redhat:amq_streams:2.9::el9"]},{"vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer 1.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhtas/rekor-search-ui-rhel9","cpes":["cpe:/a:redhat:trusted_artifact_signer:1.3::el9"],"versions":[{"version":"1783958622","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer 1.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhtas/rekor-search-ui-rhel9","cpes":["cpe:/a:redhat:trusted_artifact_signer:1.4::el9"],"versions":[{"version":"1783327185","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"firefox","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"thunderbird","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"firefox","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"firefox","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"thunderbird","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"firefox","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"thunderbird","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhelai3/bootc-cuda-rhel9","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhelai3/bootc-gaudi-rhel9","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhelai3/bootc-rocm-rhel9","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhelai3/disk-image-cuda-rhel9","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"streams for Apache Kafka 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"next","cpes":["cpe:/a:redhat:amq_streams:3"]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-13T17:48:53.731472Z","id":"CVE-2026-44575","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-288"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-551"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*","versionStartIncluding":"15.2.0","versionEndExcluding":"15.5.16","matchCriteriaId":"1FD97234-D521-4480-A0DA-785AAEFA8629"},{"vulnerable":true,"criteria":"cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*","versionStartIncluding":"16.0.0","versionEndExcluding":"16.2.5","matchCriteriaId":"27C5CF7A-7A33-4BE4-B8FD-10BFD813204A"}]}]}],"references":[{"url":"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:34608","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:37272","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:40974","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-44575","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477188","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44575.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-44577","sourceIdentifier":"security-advisories@github.com","published":"2026-05-13T17:16:23.173","lastModified":"2026-07-16T12:17:58.623","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Next.js is a React framework for building full-stack web applications. From 10.0.0 to before 15.5.16 and 16.2.5, when self-hosting Next.js with the default image loader, the Image Optimization API fetches local images entirely into memory without enforcing a maximum size limit. An attacker could cause out-of-memory conditions by requesting large local assets from the /_next/image endpoint that match the images.localPatterns configuration (by default, all patterns are allowed). This vulnerability is fixed in 15.5.16 and 16.2.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"vercel","product":"next.js","versions":[{"version":">= 10.0.0, < 15.5.16","status":"affected"},{"version":">= 16.0.0, < 16.2.5","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Streams for Apache Kafka 2.9.4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"next","cpes":["cpe:/a:redhat:amq_streams:2.9::el9"]},{"vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer 1.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhtas/rekor-search-ui-rhel9","cpes":["cpe:/a:redhat:trusted_artifact_signer:1.4::el9"],"versions":[{"version":"1783327185","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"firefox","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"thunderbird","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"firefox","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"firefox","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"thunderbird","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"firefox","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"thunderbird","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhelai3/bootc-cuda-rhel9","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhelai3/bootc-gaudi-rhel9","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhelai3/bootc-rocm-rhel9","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhelai3/disk-image-cuda-rhel9","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"streams for Apache Kafka 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"next","cpes":["cpe:/a:redhat:amq_streams:3"]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":3.6},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-14T18:33:40.553243Z","id":"CVE-2026-44577","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*","versionStartIncluding":"10.0.0","versionEndExcluding":"15.5.16","matchCriteriaId":"1285DDF1-644C-49F3-8418-2615C467B282"},{"vulnerable":true,"criteria":"cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*","versionStartIncluding":"16.0.0","versionEndExcluding":"16.2.5","matchCriteriaId":"27C5CF7A-7A33-4BE4-B8FD-10BFD813204A"}]}]}],"references":[{"url":"https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:34608","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:37272","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:40974","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-44577","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477194","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44577.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-44578","sourceIdentifier":"security-advisories@github.com","published":"2026-05-13T18:16:17.990","lastModified":"2026-07-16T12:17:58.840","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Next.js is a React framework for building full-stack web applications. From 13.4.13 to before 15.5.16 and 16.2.5, self-hosted applications using the built-in Node.js server can be vulnerable to server-side request forgery through crafted WebSocket upgrade requests. An attacker can cause the server to proxy requests to arbitrary internal or external destinations, which may expose internal services or cloud metadata endpoints. Vercel-hosted deployments are not affected. This vulnerability is fixed in 15.5.16 and 16.2.5."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"vercel","product":"next.js","versions":[{"version":">= 16.0.0, < 16.2.5","status":"affected"},{"version":">= 13.4.13, < 15.5.16","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Streams for Apache Kafka 2.9.4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"next","cpes":["cpe:/a:redhat:amq_streams:2.9::el9"]},{"vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer 1.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhtas/rekor-search-ui-rhel9","cpes":["cpe:/a:redhat:trusted_artifact_signer:1.4::el9"],"versions":[{"version":"1783327185","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"firefox","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"thunderbird","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"firefox","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"firefox","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"thunderbird","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"firefox","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"thunderbird","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhelai3/bootc-cuda-rhel9","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhelai3/bootc-gaudi-rhel9","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhelai3/bootc-rocm-rhel9","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhelai3/disk-image-cuda-rhel9","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"streams for Apache Kafka 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"next","cpes":["cpe:/a:redhat:amq_streams:3"]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.0},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-13T18:09:06.506507Z","id":"CVE-2026-44578","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*","versionStartIncluding":"13.4.13","versionEndExcluding":"15.5.16","matchCriteriaId":"9845CDE5-B999-458E-9FCE-E1D0F63B8AC6"},{"vulnerable":true,"criteria":"cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*","versionStartIncluding":"16.0.0","versionEndExcluding":"16.2.5","matchCriteriaId":"27C5CF7A-7A33-4BE4-B8FD-10BFD813204A"}]}]}],"references":[{"url":"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:34608","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:37272","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:40974","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-44578","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477187","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44578.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-45109","sourceIdentifier":"security-advisories@github.com","published":"2026-05-13T18:16:19.283","lastModified":"2026-07-16T12:17:59.310","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.18 and 16.2.6, it was found that the fix addressing CVE-2026-44575 did not apply to middleware.ts with Turbopack. This vulnerability is fixed in 15.5.18 and 16.2.6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"vercel","product":"next.js","versions":[{"version":">= 15.2.0, < 15.5.17","status":"affected"},{"version":">= 16.0.0, < 16.2.6","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Streams for Apache Kafka 2.9.4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"next","cpes":["cpe:/a:redhat:amq_streams:2.9::el9"]},{"vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer 1.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhtas/rekor-search-ui-rhel9","cpes":["cpe:/a:redhat:trusted_artifact_signer:1.4::el9"],"versions":[{"version":"1783327185","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"firefox","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"thunderbird","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"firefox","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"firefox","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"thunderbird","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"firefox","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"thunderbird","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhelai3/bootc-cuda-rhel9","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhelai3/bootc-gaudi-rhel9","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhelai3/bootc-rocm-rhel9","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhelai3/disk-image-cuda-rhel9","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"streams for Apache Kafka 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"next","cpes":["cpe:/a:redhat:amq_streams:3"]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-13T18:39:20.946868Z","id":"CVE-2026-45109","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-288"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-358"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*","versionStartIncluding":"15.2.0","versionEndExcluding":"15.5.18","matchCriteriaId":"555F170D-C56B-4A2E-9684-67E8F2AFD5FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*","versionStartIncluding":"16.0.0","versionEndExcluding":"16.2.6","matchCriteriaId":"FA3ADAD4-2BBF-4905-9276-A24A758EB4C8"}]}]}],"references":[{"url":"https://github.com/vercel/next.js/security/advisories/GHSA-26hh-7cqf-hhc6","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:34608","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:37272","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:40974","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-45109","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477190","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-45109.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-42587","sourceIdentifier":"security-advisories@github.com","published":"2026-05-13T19:17:24.460","lastModified":"2026-07-16T12:17:52.323","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpContentDecompressor accepts a maxAllocation parameter to limit decompression buffer size and prevent decompression bomb attacks. This limit is correctly enforced for gzip and deflate encodings via ZlibDecoder, but is silently ignored when the content encoding is br (Brotli), zstd, or snappy. An attacker can bypass the configured decompression limit by sending a compressed payload with Content-Encoding: br instead of Content-Encoding: gzip, causing unbounded memory allocation and out-of-memory denial of service. The same vulnerability exists in DelegatingDecompressorFrameListener for HTTP/2 connections. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"netty","product":"netty","versions":[{"version":">= 4.2.0.Alpha1, < 4.2.13.Final","status":"affected"},{"version":"< 4.1.133.Final","status":"affected"}]},{"vendor":"io.netty","product":"netty-codec-http","versions":[{"version":">= 4.2.0.Alpha1, < 4.2.13.Final","status":"affected"},{"version":"< 4.1.133.Final","status":"affected"}]},{"vendor":"io.netty","product":"netty-codec-http2","versions":[{"version":">= 4.2.0.Alpha1, < 4.2.13.Final","status":"affected"},{"version":"< 4.1.133.Final","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Cryostat 4 on RHEL 9","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"cryostat/cryostat-reports-rhel9","cpes":["cpe:/a:redhat:cryostat:4::el9"],"versions":[{"version":"4.2.0-10","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cryostat 4 on RHEL 9","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"cryostat/cryostat-rhel9","cpes":["cpe:/a:redhat:cryostat:4::el9"],"versions":[{"version":"4.2.0-10","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cryostat 4 on RHEL 9","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"cryostat/jfr-datasource-rhel9","cpes":["cpe:/a:redhat:cryostat:4::el9"],"versions":[{"version":"4.2.0-10","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Apache Camel 4.18.1.P1 for Spring Boot 3.5.16","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"netty","cpes":["cpe:/a:redhat:apache_camel_spring_boot:4.18"],"versions":[{"version":"codec-http","lessThan":"*","versionType":"rpm","status":"unaffected"},{"version":"codec-http2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Quarkus 3.27.4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"netty","cpes":["cpe:/a:redhat:quarkus:3.27::el8"],"versions":[{"version":"codec-http","lessThan":"*","versionType":"rpm","status":"unaffected"},{"version":"codec-http2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat build of Quarkus 3.33.2","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:quarkus:3.33::el8"]},{"vendor":"Red Hat","product":"Streams for Apache Kafka 2.9.4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"netty","cpes":["cpe:/a:redhat:amq_streams:2.9::el9"],"versions":[{"version":"codec-http2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Dev Spaces 3.28","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"devspaces/openvsx-rhel9","cpes":["cpe:/a:redhat:openshift_devspaces:3.28::el9"],"versions":[{"version":"1780948325","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Dev Spaces 3.28","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"devspaces/pluginregistry-rhel9","cpes":["cpe:/a:redhat:openshift_devspaces:3.28::el9"],"versions":[{"version":"1780696380","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Dev Spaces 3.28","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"devspaces/server-rhel9","cpes":["cpe:/a:redhat:openshift_devspaces:3.28::el9"],"versions":[{"version":"1780694994","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Dev Spaces 3.29","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"devspaces/multicluster-redirector-rhel9","cpes":["cpe:/a:redhat:openshift_devspaces:3.29::el9"],"versions":[{"version":"1782989027","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cryostat 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"netty-codec-http2","cpes":["cpe:/a:redhat:cryostat:4"]},{"vendor":"Red Hat","product":"OpenShift Serverless","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-serverless-1/kn-ekb-dispatcher-rhel9","cpes":["cpe:/a:redhat:serverless:1"]},{"vendor":"Red Hat","product":"OpenShift Serverless","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-serverless-1/kn-ekb-receiver-rhel9","cpes":["cpe:/a:redhat:serverless:1"]},{"vendor":"Red Hat","product":"OpenShift Serverless","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-serverless-1/kn-eventing-integrations-aws-ddb-streams-source-rhel9","cpes":["cpe:/a:redhat:serverless:1"]},{"vendor":"Red Hat","product":"OpenShift Serverless","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-serverless-1/kn-eventing-integrations-aws-s3-sink-rhel9","cpes":["cpe:/a:redhat:serverless:1"]},{"vendor":"Red Hat","product":"OpenShift Serverless","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-serverless-1/kn-eventing-integrations-aws-s3-source-rhel9","cpes":["cpe:/a:redhat:serverless:1"]},{"vendor":"Red Hat","product":"OpenShift Serverless","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-serverless-1/kn-eventing-integrations-aws-sns-sink-rhel9","cpes":["cpe:/a:redhat:serverless:1"]},{"vendor":"Red Hat","product":"OpenShift Serverless","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-serverless-1/kn-eventing-integrations-aws-sqs-sink-rhel9","cpes":["cpe:/a:redhat:serverless:1"]},{"vendor":"Red Hat","product":"OpenShift Serverless","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-serverless-1/kn-eventing-integrations-aws-sqs-source-rhel9","cpes":["cpe:/a:redhat:serverless:1"]},{"vendor":"Red Hat","product":"OpenShift Serverless","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-serverless-1/kn-eventing-integrations-log-sink-rhel9","cpes":["cpe:/a:redhat:serverless:1"]},{"vendor":"Red Hat","product":"OpenShift Serverless","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-serverless-1/kn-eventing-integrations-timer-source-rhel9","cpes":["cpe:/a:redhat:serverless:1"]},{"vendor":"Red Hat","product":"Red Hat AMQ Broker 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"netty-codec-http","cpes":["cpe:/a:redhat:amq_broker:7"]},{"vendor":"Red Hat","product":"Red Hat AMQ Broker 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"netty-codec-http2","cpes":["cpe:/a:redhat:amq_broker:7"]},{"vendor":"Red Hat","product":"Red Hat AMQ Clients","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"netty-codec-http","cpes":["cpe:/a:redhat:amq_clients:2023"]},{"vendor":"Red Hat","product":"Red Hat build of Apache Camel 4 for Quarkus 3","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"netty-codec-http","cpes":["cpe:/a:redhat:camel_quarkus:3"]},{"vendor":"Red Hat","product":"Red Hat build of Apache Camel 4 for Quarkus 3","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"netty-codec-http2","cpes":["cpe:/a:redhat:camel_quarkus:3"]},{"vendor":"Red Hat","product":"Red Hat build of Apicurio Registry 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"netty-codec-http","cpes":["cpe:/a:redhat:service_registry:2"]},{"vendor":"Red Hat","product":"Red Hat build of Apicurio Registry 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"netty-codec-http2","cpes":["cpe:/a:redhat:service_registry:2"]},{"vendor":"Red Hat","product":"Red Hat build of Apicurio Registry 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"netty-codec-http","cpes":["cpe:/a:redhat:apicurio_registry:3"]},{"vendor":"Red Hat","product":"Red Hat build of Apicurio Registry 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"netty-codec-http2","cpes":["cpe:/a:redhat:apicurio_registry:3"]},{"vendor":"Red Hat","product":"Red Hat build of Debezium 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"netty-codec-http","cpes":["cpe:/a:redhat:debezium:3"]},{"vendor":"Red Hat","product":"Red Hat build of Debezium 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"netty-codec-http2","cpes":["cpe:/a:redhat:debezium:3"]},{"vendor":"Red Hat","product":"Red Hat Build of Keycloak","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"netty-codec-http","cpes":["cpe:/a:redhat:build_keycloak:"]},{"vendor":"Red Hat","product":"Red Hat Build of Keycloak","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"netty-codec-http2","cpes":["cpe:/a:redhat:build_keycloak:"]},{"vendor":"Red Hat","product":"Red Hat Build of Keycloak","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk/keycloak-rhel9","cpes":["cpe:/a:redhat:build_keycloak:"]},{"vendor":"Red Hat","product":"Red Hat Build of Keycloak","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk/keycloak-rhel9-operator","cpes":["cpe:/a:redhat:build_keycloak:"]},{"vendor":"Red Hat","product":"Red Hat Build of Keycloak","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk-openshift-rhel9/rhbk-openshift-rhel9","cpes":["cpe:/a:redhat:build_keycloak:"]},{"vendor":"Red Hat","product":"Red Hat Build of Keycloak","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhbk-rhel9-operator/rhbk-rhel9-operator","cpes":["cpe:/a:redhat:build_keycloak:"]},{"vendor":"Red Hat","product":"Red Hat build of OptaPlanner 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"netty-codec-http","cpes":["cpe:/a:redhat:optaplanner:::el6"]},{"vendor":"Red Hat","product":"Red Hat build of OptaPlanner 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"netty-codec-http2","cpes":["cpe:/a:redhat:optaplanner:::el6"]},{"vendor":"Red Hat","product":"Red Hat Data Grid 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"netty-codec-http","cpes":["cpe:/a:redhat:jboss_data_grid:8"]},{"vendor":"Red Hat","product":"Red Hat Data Grid 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"netty-codec-http2","cpes":["cpe:/a:redhat:jboss_data_grid:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bazel6","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bazel7","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"bazel8","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"Red Hat Fuse 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"netty-codec-http","cpes":["cpe:/a:redhat:jboss_fuse:7"]},{"vendor":"Red Hat","product":"Red Hat Fuse 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"netty-codec-http2","cpes":["cpe:/a:redhat:jboss_fuse:7"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"netty-codec-http","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"netty-codec-http2","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"netty-codec-http","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"netty-codec-http","cpes":["cpe:/a:redhat:jbosseapxp"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"netty-codec-http2","cpes":["cpe:/a:redhat:jbosseapxp"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-modelmesh-rhel8","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-modelmesh-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-spark-operator-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-th06-cpu-torch210-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-th06-cpu-torch291-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-th06-cuda130-torch210-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-th06-cuda130-torch291-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-th06-rocm64-torch291-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-trustyai-service-rhel8","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-trustyai-service-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat Process Automation 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"netty-codec-http","cpes":["cpe:/a:redhat:jboss_enterprise_bpms_platform:7"]},{"vendor":"Red Hat","product":"Red Hat Process Automation 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"netty-codec-http2","cpes":["cpe:/a:redhat:jboss_enterprise_bpms_platform:7"]},{"vendor":"Red Hat","product":"Red Hat Satellite 6","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"candlepin","cpes":["cpe:/a:redhat:satellite:6"]},{"vendor":"Red Hat","product":"Red Hat Satellite 6","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"satellite:el8/candlepin","cpes":["cpe:/a:redhat:satellite:6"]},{"vendor":"Red Hat","product":"Red Hat Single Sign-On 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"netty-codec-http","cpes":["cpe:/a:redhat:red_hat_single_sign_on:7"]},{"vendor":"Red Hat","product":"Red Hat Single Sign-On 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"netty-codec-http2","cpes":["cpe:/a:redhat:red_hat_single_sign_on:7"]},{"vendor":"Red Hat","product":"streams for Apache Kafka 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"netty-codec-http","cpes":["cpe:/a:redhat:amq_streams:2"]},{"vendor":"Red Hat","product":"streams for Apache Kafka 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"netty-codec-http","cpes":["cpe:/a:redhat:amq_streams:3"]},{"vendor":"Red Hat","product":"streams for Apache Kafka 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"netty-codec-http2","cpes":["cpe:/a:redhat:amq_streams:3"]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-13T18:43:31.138358Z","id":"CVE-2026-42587","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*","versionEndExcluding":"4.1.133","matchCriteriaId":"DFE205A5-2C43-40C9-A2FF-CF6759B8D861"},{"vulnerable":true,"criteria":"cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*","versionStartIncluding":"4.2.0","versionEndExcluding":"4.2.13","matchCriteriaId":"D94A720F-9CED-4BE9-8C37-FD9E2FD28472"}]}]}],"references":[{"url":"https://github.com/netty/netty/security/advisories/GHSA-f6hv-jmp6-3vwv","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:23808","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:24502","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:25123","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:28010","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34608","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36820","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:37390","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-42587","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477220","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://github.com/netty/netty/security/advisories/GHSA-f6hv-jmp6-3vwv","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42587.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-44216","sourceIdentifier":"security-advisories@github.com","published":"2026-05-14T15:16:47.793","lastModified":"2026-07-16T12:17:53.107","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Wasmtime is a runtime for WebAssembly. From 30.0.0 to 36.0.8, 43.0.2, and 44.0.1, Wasmtime's allocation logic for a WebAssembly table contained checked arithmetic which panicked on overflow. This overflow is possible to trigger, and thus panic, when a table with an extremely large size is allocated. This is possible with the WebAssembly memory64 proposal where tables can have sizes in the 64-bit range as opposed to the previous 32-bit range which would not overflow. The panic happens when attempting to create a very large table, such as when instantiating a WebAssembly module or component. This vulnerability is fixed in 36.0.8, 43.0.2, and 44.0.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"bytecodealliance","product":"wasmtime","versions":[{"version":">= 30.0.0, < 36.0.8","status":"affected"},{"version":">= 37.0.0, < 43.0.2","status":"affected"},{"version":"44.0.0","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"virt-firmware-rs","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rust","cpes":["cpe:/a:redhat:hummingbird:1"]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-15T19:08:36.553275Z","id":"CVE-2026-44216","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:bytecodealliance:wasmtime:*:*:*:*:*:rust:*:*","versionStartIncluding":"30.0.0","versionEndExcluding":"36.0.8","matchCriteriaId":"FC71EC0C-3848-4378-9539-1372F0A6B5CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:bytecodealliance:wasmtime:*:*:*:*:*:rust:*:*","versionStartIncluding":"37.0.0","versionEndExcluding":"43.0.2","matchCriteriaId":"722F0716-9EA2-49E9-BB60-8DEFA9036849"},{"vulnerable":true,"criteria":"cpe:2.3:a:bytecodealliance:wasmtime:44.0.0:*:*:*:*:rust:*:*","matchCriteriaId":"95732121-6E52-4797-B686-DBC8A7C3817A"}]}]}],"references":[{"url":"https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-p8xm-42r7-89xg","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://access.redhat.com/security/cve/CVE-2026-44216","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477467","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44216.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-41292","sourceIdentifier":"sep@nlnetlabs.nl","published":"2026-05-20T10:16:27.327","lastModified":"2026-07-16T12:17:45.200","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to a degradation of service attack related to parsing long lists of incoming EDNS options. An adversary sending queries with too many EDNS options can hold Unbound threads hostage while they are parsing and creating internal data structures for the options. Coordinated attacks can result in degradation and/or denial of service. Unbound 1.25.1 contains a patch with a fix to limit acceptable incoming EDNS options (100)."}],"affected":[{"source":"sep@nlnetlabs.nl","affectedData":[{"vendor":"NLnet Labs","product":"Unbound","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.25.1","versionType":"semver","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"unbound-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"1.25.1-2.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Data Grid 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"unboundid-ldapsdk","cpes":["cpe:/a:redhat:jboss_data_grid:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"unbound","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"unbound","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"unbound","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"unbound","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"unbound","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"unboundid-ldapsdk","cpes":["cpe:/a:redhat:jbosseapxp"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenStack Platform 16.2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhosp-rhel8-tech-preview/openstack-unbound","cpes":["cpe:/a:redhat:openstack:16.2"]},{"vendor":"Red Hat","product":"Red Hat OpenStack Platform 17.1","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhosp-rhel9/openstack-unbound","cpes":["cpe:/a:redhat:openstack:17.1"]},{"vendor":"Red Hat","product":"Red Hat OpenStack Platform 18.0","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoso/openstack-unbound-rhel9","cpes":["cpe:/a:redhat:openstack:18.0"]},{"vendor":"Red Hat","product":"Red Hat OpenStack Platform 18.0","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoso-operators/designate-rhel9-operator","cpes":["cpe:/a:redhat:openstack:18.0"]}]}],"metrics":{"cvssMetricV40":[{"source":"sep@nlnetlabs.nl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Red","baseScore":6.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"RED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-20T12:11:12.511786Z","id":"CVE-2026-41292","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"sep@nlnetlabs.nl","type":"Secondary","description":[{"lang":"en","value":"CWE-407"},{"lang":"en","value":"CWE-770"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-1050"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*","versionEndExcluding":"1.25.1","matchCriteriaId":"45EC9AEF-23EC-4ECC-A769-18DF07B2CAEC"}]}]}],"references":[{"url":"https://www.nlnetlabs.nl/downloads/unbound/CVE-2026-41292.txt","source":"sep@nlnetlabs.nl","tags":["Mitigation","Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:24013","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-41292","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2480125","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41292.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-42534","sourceIdentifier":"sep@nlnetlabs.nl","published":"2026-05-20T10:16:27.477","lastModified":"2026-07-16T12:17:51.873","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the jostle logic that could defeat its purpose and degrade resolution performance. Retransmits of the same query could renew the age of slow running queries and not allow the jostle logic to see them as aged and potential targets for replacement with new queries. An adversary who can query a vulnerable Unbound and who can control a domain name server that replies slowly and/or maliciously to Unbound's queries can exploit the vulnerability and degrade the resolution performance of Unbound. When Unbound's 'num-queries-per-thread' reaches its limit, the jostle logic kicks in. When a new query comes in, half of the available queries that are also slow to resolve are candidates for replacement. The vulnerability then happens because duplicate queries that need resolution would skew the aging result by using the timestamp of the latest duplicate query instead of the original one that started the resolution effort. Cache and local data response performance remains unaffected. Coordinated attacks could raise this to a denial of resolution service. Unbound 1.25.1 contains a patch with a fix to attach an initial, non-updatable start time for incoming queries that allow the jostle logic to work as intended."}],"affected":[{"source":"sep@nlnetlabs.nl","affectedData":[{"vendor":"NLnet Labs","product":"Unbound","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.25.1","versionType":"semver","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"unbound-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"1.25.1-2.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"unbound","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"unbound","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"unbound","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"unbound","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"unbound","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4"]}]}],"metrics":{"cvssMetricV40":[{"source":"sep@nlnetlabs.nl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"AMBER"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-20T12:10:33.391042Z","id":"CVE-2026-42534","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"sep@nlnetlabs.nl","type":"Secondary","description":[{"lang":"en","value":"CWE-440"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-911"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*","versionEndExcluding":"1.25.1","matchCriteriaId":"45EC9AEF-23EC-4ECC-A769-18DF07B2CAEC"}]}]}],"references":[{"url":"https://www.nlnetlabs.nl/downloads/unbound/CVE-2026-42534.txt","source":"sep@nlnetlabs.nl","tags":["Mitigation","Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:24013","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-42534","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2480131","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42534.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-44390","sourceIdentifier":"sep@nlnetlabs.nl","published":"2026-05-20T10:16:28.183","lastModified":"2026-07-16T12:17:53.310","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability when handling replies with very large RRsets that Unbound needs to perform name compression for. Malicious upstream responses with very large RRsets with records that don't share a suffix above the root can cause Unbound to spend a considerable time applying name compression to downstream replies. This can lead to degraded performance and eventually denial of service in well orchestrated attacks. An adversary can exploit the vulnerability by querying Unbound for the specially crafted contents of a malicious zone with very large RRsets. Before Unbound replies to the query it will try to apply name compression which was an unbounded operation that could lock the CPU until the whole packet was complete. A compression limit was introduced in 1.21.1 for this but it didn't account for the case where records would not share any suffix above the root. That causes Unbound to go in a different code path because of the compression tree lookup failure and eventually not increment the compression counter for those operations. Unbound 1.25.1 contains a patch with a fix that increments the compression counter regardless of the compression tree lookup. This is a complement fix to CVE-2024-8508."}],"affected":[{"source":"sep@nlnetlabs.nl","affectedData":[{"vendor":"NLnet Labs","product":"Unbound","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.25.1","versionType":"semver","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"unbound-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"1.25.1-2.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"unbound","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"unbound","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"unbound","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"unbound","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"unbound","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4"]}]}],"metrics":{"cvssMetricV40":[{"source":"sep@nlnetlabs.nl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"AMBER"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-20T12:55:48.767374Z","id":"CVE-2026-44390","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"sep@nlnetlabs.nl","type":"Secondary","description":[{"lang":"en","value":"CWE-407"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-1050"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*","versionEndExcluding":"1.25.1","matchCriteriaId":"45EC9AEF-23EC-4ECC-A769-18DF07B2CAEC"}]}]}],"references":[{"url":"https://www.nlnetlabs.nl/downloads/unbound/CVE-2026-44390.txt","source":"sep@nlnetlabs.nl","tags":["Mitigation","Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:24013","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-44390","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2480130","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44390.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-40033","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-26T15:16:34.480","lastModified":"2026-07-16T12:17:44.960","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdi_CacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16_MAX but performs copy operations using unclamped cache entry dimensions, enabling malicious RDP servers to trigger large out-of-bounds writes and potentially achieve remote code execution or client crash."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"FreeRDP","product":"FreeRDP","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"3.26.0","versionType":"semver","status":"affected"},{"version":"3.26.0","versionType":"semver","status":"unaffected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"freerdp","cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"versions":[{"version":"2:3.10.3-12.el10_2.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"freerdp","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"freerdp","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"freerdp","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"freerdp","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-26T00:00:00+00:00","id":"CVE-2026-40033","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*","versionEndExcluding":"3.26.0","matchCriteriaId":"186FAA8A-CF9D-40F3-8509-DAC168BFDA2F"}]}]}],"references":[{"url":"https://github.com/FreeRDP/FreeRDP/commit/d7508ebcd82842a691ae4941e5104d14240a89ae","source":"disclosure@vulncheck.com"},{"url":"https://github.com/FreeRDP/FreeRDP/pull/12713","source":"disclosure@vulncheck.com"},{"url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-p6r2-4hgm-m6ff","source":"disclosure@vulncheck.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/freerdp-heap-buffer-overflow-in-gdi-cachetosurface-via-rectangle-validation-bypass","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:36203","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-40033","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2481473","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-p6r2-4hgm-m6ff","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40033.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-46092","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:30.757","lastModified":"2026-07-16T12:17:59.887","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: check for PCI upstream bridge existence\n\npci_upstream_bridge() returns NULL if the device is on a root bus.  If\n8821CE is installed in the system with such a PCI topology, the probing\nroutine will crash.  This has probably been unnoticed as 8821CE is mostly\nsupplied in laptops where there is a PCI-to-PCI bridge located upstream\nfrom the device.  However the card might be installed on a system with\ndifferent configuration.\n\nCheck if the bridge does exist for the specific workaround to be applied.\n\nFound by Linux Verification Center (linuxtesting.org) with Svace static\nanalysis tool."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/wireless/realtek/rtw88/pci.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"617339466fda09916c4b4151fa5e6a9c1fdae353","lessThan":"959c13da6c36167ce1016d400a6104d2367f686e","versionType":"git","status":"affected"},{"version":"24f5e38a13b5ae2b6105cda8bb47c19108e62a9a","lessThan":"3b89b4c095804c478d50376285e66700cf3c045f","versionType":"git","status":"affected"},{"version":"24f5e38a13b5ae2b6105cda8bb47c19108e62a9a","lessThan":"cc9b6303e7ea91bc360b42c7edc1fe9ceb2f47fe","versionType":"git","status":"affected"},{"version":"24f5e38a13b5ae2b6105cda8bb47c19108e62a9a","lessThan":"6c53d68e3bcfc8faccdd76c3383a9232b05c9ae6","versionType":"git","status":"affected"},{"version":"24f5e38a13b5ae2b6105cda8bb47c19108e62a9a","lessThan":"000134a20bbf89b1152520a2eef71f91fdb83a5b","versionType":"git","status":"affected"},{"version":"24f5e38a13b5ae2b6105cda8bb47c19108e62a9a","lessThan":"3bbbb56204f7359ce2139a9341b43b52a186261c","versionType":"git","status":"affected"},{"version":"24f5e38a13b5ae2b6105cda8bb47c19108e62a9a","lessThan":"eb101d2abdcccb514ca4fccd3b278dd8267374f6","versionType":"git","status":"affected"},{"version":"f21e8cb927fa9da49490b74ddda3856a828b82d6","versionType":"git","status":"affected"},{"version":"5.15.17","lessThan":"5.15.210","versionType":"semver","status":"affected"},{"version":"5.16.3","lessThan":"5.17","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/wireless/realtek/rtw88/pci.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.17","status":"affected"},{"version":"0","lessThan":"5.17","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.86","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.17","versionEndExcluding":"5.16","matchCriteriaId":"FE141E86-782B-4D36-B214-2FB7AC66A083"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16.3","versionEndExcluding":"7.1","matchCriteriaId":"CAC20C0C-87B8-47F3-B448-0970CEFDDB6E"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/000134a20bbf89b1152520a2eef71f91fdb83a5b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/3b89b4c095804c478d50376285e66700cf3c045f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/3bbbb56204f7359ce2139a9341b43b52a186261c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/6c53d68e3bcfc8faccdd76c3383a9232b05c9ae6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/959c13da6c36167ce1016d400a6104d2367f686e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/cc9b6303e7ea91bc360b42c7edc1fe9ceb2f47fe","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/eb101d2abdcccb514ca4fccd3b278dd8267374f6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46189","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:34.540","lastModified":"2026-07-16T12:18:00.043","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path\n\nSashiko points out that pvrdma_uar_free() is already called within\npvrdma_dealloc_ucontext(), so calling it before triggers a double free."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/infiniband/hw/vmw_pvrdma/pvrdma_verbs.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"29c8d9eba550c6d73d17cc1618a9f5f2a7345aa1","lessThan":"269967d7693304e1f06ed2dff4ebbbeeb397cda4","versionType":"git","status":"affected"},{"version":"29c8d9eba550c6d73d17cc1618a9f5f2a7345aa1","lessThan":"1df5711121cdc11e76b889408fdbe459feba1d39","versionType":"git","status":"affected"},{"version":"29c8d9eba550c6d73d17cc1618a9f5f2a7345aa1","lessThan":"3a231c34c5bc3d3cfc850b877758ec9fdaa8a483","versionType":"git","status":"affected"},{"version":"29c8d9eba550c6d73d17cc1618a9f5f2a7345aa1","lessThan":"ecc36a82ecfcfdf3c6606d209f22ec5543c410e0","versionType":"git","status":"affected"},{"version":"29c8d9eba550c6d73d17cc1618a9f5f2a7345aa1","lessThan":"45d25e3ec17900bf5a9d6876ff16ceee31c4c0e0","versionType":"git","status":"affected"},{"version":"29c8d9eba550c6d73d17cc1618a9f5f2a7345aa1","lessThan":"0c63333ff97bd1275294fd12840a0efe9d7a4c59","versionType":"git","status":"affected"},{"version":"29c8d9eba550c6d73d17cc1618a9f5f2a7345aa1","lessThan":"935ee27d0904aa944cbcc979094c20e5ef62eead","versionType":"git","status":"affected"},{"version":"29c8d9eba550c6d73d17cc1618a9f5f2a7345aa1","lessThan":"e38e86995df27f1f854063dab1f0c6a513db3faf","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/infiniband/hw/vmw_pvrdma/pvrdma_verbs.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.10","status":"affected"},{"version":"0","lessThan":"4.10","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel","cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"versions":[{"version":"0:6.12.0-211.29.1.el10_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel-rt","cpes":["cpe:/a:redhat:enterprise_linux:8::nfv"],"versions":[{"version":"0:4.18.0-553.139.1.rt7.480.el8_10","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel","cpes":["cpe:/o:redhat:enterprise_linux:8"],"versions":[{"version":"0:4.18.0-553.139.1.el8_10","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel","cpes":["cpe:/o:redhat:rhel_aus:8.6"],"versions":[{"version":"0:4.18.0-372.201.1.el8_6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel","cpes":["cpe:/o:redhat:rhel_eus_long_life:8.6"],"versions":[{"version":"0:4.18.0-372.201.1.el8_6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Telecommunications Update Service","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel","cpes":["cpe:/o:redhat:rhel_tus:8.8"],"versions":[{"version":"0:4.18.0-477.152.1.el8_8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel","cpes":["cpe:/o:redhat:rhel_e4s:8.8"],"versions":[{"version":"0:4.18.0-477.152.1.el8_8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel","cpes":["cpe:/a:redhat:enterprise_linux:9","cpe:/o:redhat:enterprise_linux:9"],"versions":[{"version":"0:5.14.0-687.19.1.el9_8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel","cpes":["cpe:/a:redhat:rhel_e4s:9.2"],"versions":[{"version":"0:5.14.0-284.179.1.el9_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel-rt","cpes":["cpe:/a:redhat:rhel_e4s:9.2::nfv"],"versions":[{"version":"0:5.14.0-284.179.1.rt14.464.el9_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel","cpes":["cpe:/a:redhat:rhel_e4s:9.4"],"versions":[{"version":"0:5.14.0-427.136.1.el9_4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.6 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel","cpes":["cpe:/a:redhat:rhel_eus:9.6"],"versions":[{"version":"0:5.14.0-570.127.1.el9_6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel-rt","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel-rt","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-415"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-1341"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10","versionEndExcluding":"5.10.258","matchCriteriaId":"CE5B9066-4DF6-4452-B9C5-B22E69A91B92"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.88","matchCriteriaId":"5AFBE0EC-CCDF-4207-AE92-ABF958125CA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0c63333ff97bd1275294fd12840a0efe9d7a4c59","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1df5711121cdc11e76b889408fdbe459feba1d39","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/269967d7693304e1f06ed2dff4ebbbeeb397cda4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3a231c34c5bc3d3cfc850b877758ec9fdaa8a483","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/45d25e3ec17900bf5a9d6876ff16ceee31c4c0e0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/935ee27d0904aa944cbcc979094c20e5ef62eead","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e38e86995df27f1f854063dab1f0c6a513db3faf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ecc36a82ecfcfdf3c6606d209f22ec5543c410e0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://access.redhat.com/errata/RHSA-2026:30848","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33685","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33743","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35904","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36049","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36073","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36767","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:38902","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:40068","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:40760","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-46189","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2482588","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46189.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-44422","sourceIdentifier":"security-advisories@github.com","published":"2026-05-29T20:16:24.660","lastModified":"2026-07-16T12:17:53.523","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's RDPEAR NDR parser accepts one non-null NDR pointer ref-id for multiple logical pointer fields without tracking the pointed object's expected NDR type or ownership. When the same ref-id is reused across two pointer fields, the parser assigns the same heap object to both output fields. The generic destructor later walks each field independently and destroys/frees both pointers. This causes a malicious-server-triggerable heap use-after-free / double-free in the FreeRDP client's RDPEAR authentication-redirection path. This vulnerability is fixed in 3.26.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"FreeRDP","product":"FreeRDP","versions":[{"version":"< 3.26.0","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"freerdp","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"freerdp","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"freerdp","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"freerdp","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 10)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"freerdp-2:3.10.3-12.el10_2.6.aarch64","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"freerdp-debugsource-2:3.10.3-12.el10_2.6.aarch64","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-01T00:00:00+00:00","id":"CVE-2026-44422","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-415"},{"lang":"en","value":"CWE-416"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-825"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*","versionEndExcluding":"3.26.0","matchCriteriaId":"186FAA8A-CF9D-40F3-8509-DAC168BFDA2F"}]}]}],"references":[{"url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-j9q5-7g8m-jc9v","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:36203","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-44422","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2483467","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-j9q5-7g8m-jc9v","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44422.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-46243","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-01T17:17:34.173","lastModified":"2026-07-16T12:18:00.367","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: reject userspace cifs.spnego descriptions\n\ncifs.spnego key descriptions contain authority-bearing fields such as\npid, uid, creduid, and upcall_target that cifs.upcall treats as\nkernel-originating inputs. However, userspace can also create keys of\nthis type through request_key(2) or add_key(2), allowing those fields to\nbe supplied without CIFS origin.\n\nOnly accept cifs.spnego descriptions while CIFS is using its private\nspnego_cred to request the key."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/smb/client/cifs_spnego.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"f1d662a7d5e5322e583aad6b3cfec03d8f27b435","lessThan":"7713bd320ed4fc3d08a227cd8e41242219a16981","versionType":"git","status":"affected"},{"version":"f1d662a7d5e5322e583aad6b3cfec03d8f27b435","lessThan":"9544559e59438a4b609b2fdfa0763d8360572824","versionType":"git","status":"affected"},{"version":"f1d662a7d5e5322e583aad6b3cfec03d8f27b435","lessThan":"cf20038657d6d4974349556a34e08fe0490bebbc","versionType":"git","status":"affected"},{"version":"f1d662a7d5e5322e583aad6b3cfec03d8f27b435","lessThan":"2035acfb17221729b1b8ac335e941868a04ca079","versionType":"git","status":"affected"},{"version":"f1d662a7d5e5322e583aad6b3cfec03d8f27b435","lessThan":"a3bbda6502a9398b816fa2e71c9a3f955f58013d","versionType":"git","status":"affected"},{"version":"f1d662a7d5e5322e583aad6b3cfec03d8f27b435","lessThan":"91f89c1d83e80417629791fcef6af8140d7d01c8","versionType":"git","status":"affected"},{"version":"f1d662a7d5e5322e583aad6b3cfec03d8f27b435","lessThan":"0aece6685fc80a8de492688ca2315fb86ec379c7","versionType":"git","status":"affected"},{"version":"f1d662a7d5e5322e583aad6b3cfec03d8f27b435","lessThan":"3da1fdf4efbc490041eb4f836bf596201203f8f2","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/smb/client/cifs_spnego.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.24","status":"affected"},{"version":"0","lessThan":"2.6.24","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.142","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.92","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.34","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.11","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"NVIDIA for RHEL 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel","cpes":["cpe:/a:redhat:enterprise_linux_nvidia:10::el10"],"versions":[{"version":"0:6.12.0-212.9.el10nv","lessThan":"*","versionType":"rpm","status":"unaffected"},{"version":"0:6.12.0-231.12.el10nv","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel","cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"versions":[{"version":"0:6.12.0-211.20.1.el10_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kpatch-patch","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10.0 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"],"versions":[{"version":"0:6.12.0-55.79.1.el10_0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6 Extended Lifecycle Support  - EXTENSION","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel","cpes":["cpe:/o:redhat:rhel_els:6"],"versions":[{"version":"0:2.6.32-754.61.1.el6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7 Extended Lifecycle Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel","cpes":["cpe:/o:redhat:rhel_els:7"],"versions":[{"version":"0:3.10.0-1160.153.1.el7","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel-rt","cpes":["cpe:/a:redhat:enterprise_linux:8::nfv"],"versions":[{"version":"0:4.18.0-553.129.1.rt7.470.el8_10","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel","cpes":["cpe:/o:redhat:enterprise_linux:8"],"versions":[{"version":"0:4.18.0-553.129.1.el8_10","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kpatch-patch","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel","cpes":["cpe:/o:redhat:rhel_aus:8.4"],"versions":[{"version":"0:4.18.0-305.194.1.el8_4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel","cpes":["cpe:/o:redhat:rhel_eus_long_life:8.4"],"versions":[{"version":"0:4.18.0-305.194.1.el8_4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel","cpes":["cpe:/o:redhat:rhel_aus:8.6"],"versions":[{"version":"0:4.18.0-372.196.1.el8_6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel","cpes":["cpe:/o:redhat:rhel_eus_long_life:8.6"],"versions":[{"version":"0:4.18.0-372.196.1.el8_6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Telecommunications Update Service","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel","cpes":["cpe:/o:redhat:rhel_tus:8.8"],"versions":[{"version":"0:4.18.0-477.147.1.el8_8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel","cpes":["cpe:/o:redhat:rhel_e4s:8.8"],"versions":[{"version":"0:4.18.0-477.147.1.el8_8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kpatch-patch","cpes":["cpe:/o:redhat:rhel_e4s:8.8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel","cpes":["cpe:/a:redhat:enterprise_linux:9","cpe:/o:redhat:enterprise_linux:9"],"versions":[{"version":"0:5.14.0-687.13.1.el9_8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kpatch-patch","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel","cpes":["cpe:/a:redhat:rhel_e4s:9.2"],"versions":[{"version":"0:5.14.0-284.176.1.el9_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel-rt","cpes":["cpe:/a:redhat:rhel_e4s:9.2::nfv"],"versions":[{"version":"0:5.14.0-284.176.1.rt14.461.el9_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kpatch-patch","cpes":["cpe:/o:redhat:rhel_e4s:9.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel","cpes":["cpe:/a:redhat:rhel_e4s:9.4"],"versions":[{"version":"0:5.14.0-427.132.1.el9_4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kpatch-patch","cpes":["cpe:/o:redhat:rhel_e4s:9.4"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.6 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kernel","cpes":["cpe:/a:redhat:rhel_eus:9.6"],"versions":[{"version":"0:5.14.0-570.123.1.el9_6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.6 Extended Update Support","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"kpatch-patch","cpes":["cpe:/o:redhat:rhel_eus:9.6"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.12","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4.12::el8"],"versions":[{"version":"412.86.202606251120-0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.14","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4.14::el9"],"versions":[{"version":"414.92.202606231112-0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.15","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4.15::el9"],"versions":[{"version":"415.92.202606200237-0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.18","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4.18::el9"],"versions":[{"version":"418.94.202606250458-0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.19","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4.19::el9"],"versions":[{"version":"4.19.9.6.202606302000-0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.20","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4.20::el9"],"versions":[{"version":"4.20.9.6.202607010620-0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.21","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4.21::el9"],"versions":[{"version":"4.21.9.6.202607011303-0","lessThan":"*","versionType":"rpm","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":5.2},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-01T00:00:00+00:00","id":"CVE-2026-46243","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-825"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.24.1","versionEndExcluding":"5.10.258","matchCriteriaId":"3E43C0F1-F2DB-4268-8DB8-64602E14F05D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.142","matchCriteriaId":"FBFF77B0-526A-4AF1-84D0-ED7187624A67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.92","matchCriteriaId":"9CB90BD9-95B7-4D7F-9F17-4ECE6CFB66C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.34","matchCriteriaId":"A4B1EF6D-18D7-4838-BC37-7499D5DCC3C0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.11","matchCriteriaId":"0520D091-FC52-4A50-AF07-70AE7D08B750"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.24:-:*:*:*:*:*:*","matchCriteriaId":"6F3E61F3-1CF1-4176-94CD-89A408BCFC96"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.24:rc3:*:*:*:*:*:*","matchCriteriaId":"FF6588E7-F4FA-40F5-8945-FC7B6094376E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.24:rc4:*:*:*:*:*:*","matchCriteriaId":"AE87E13E-ACF7-4F74-8938-729F3B0D694C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.24:rc5:*:*:*:*:*:*","matchCriteriaId":"D4965A12-1BBA-4494-A5C1-43E0C0F48C14"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.24:rc6:*:*:*:*:*:*","matchCriteriaId":"B7A18909-B468-4A5C-8DCC-2690F1F1D6C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.24:rc7:*:*:*:*:*:*","matchCriteriaId":"AEFCCCBD-B3EA-4A78-BEF9-6BD4793AAE10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.24:rc8:*:*:*:*:*:*","matchCriteriaId":"F8AF0C46-6BF2-46A3-8AD8-1E521E736169"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0aece6685fc80a8de492688ca2315fb86ec379c7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2035acfb17221729b1b8ac335e941868a04ca079","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3da1fdf4efbc490041eb4f836bf596201203f8f2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7713bd320ed4fc3d08a227cd8e41242219a16981","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/91f89c1d83e80417629791fcef6af8140d7d01c8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9544559e59438a4b609b2fdfa0763d8360572824","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a3bbda6502a9398b816fa2e71c9a3f955f58013d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cf20038657d6d4974349556a34e08fe0490bebbc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"http://www.openwall.com/lists/oss-security/2026/06/01/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:23258","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:23259","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:23329","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:23395","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:24381","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:25908","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:26462","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:26515","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:26535","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:26563","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:26570","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:27708","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:27719","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:27729","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:27735","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:28887","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:28962","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33219","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33220","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33221","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33222","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33223","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33224","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33225","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33486","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34048","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34757","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34764","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34788","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34815","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36620","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-46243","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2481486","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://github.com/manizada/CIFSwitch","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Third Party Advisory"]},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46243.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-8643","sourceIdentifier":"cna@python.org","published":"2026-06-01T17:17:35.770","lastModified":"2026-07-16T12:18:09.540","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"pip would treat console_scripts and gui_scripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory."}],"affected":[{"source":"cna@python.org","affectedData":[{"vendor":"Python Packaging Authority","product":"pip","defaultStatus":"unaffected","collectionURL":"https://pypi.org/project/pip","packageName":"pip","repo":"https://github.com/pypa/pip","versions":[{"version":"24.0","lessThan":"26.1.2","versionType":"python","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"python3.14-pip","cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"versions":[{"version":"0:25.2-3.el10_2.5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"python3.14-pip","cpes":["cpe:/a:redhat:enterprise_linux:9"],"versions":[{"version":"0:25.2-3.el9_8.5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"ansible-automation-platform-26/de-minimal-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2.6::el9"],"versions":[{"version":"1782711769","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"ansible-automation-platform-26/de-supported-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2.6::el9"],"versions":[{"version":"1782713671","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"ansible-automation-platform-26/gateway-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2.6::el9"],"versions":[{"version":"1782761510","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"discovery/discovery-server-rhel9","cpes":["cpe:/a:redhat:discovery:2::el9"],"versions":[{"version":"1782763840","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"python-pip-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"26.1.1-3.1.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"},{"version":"26.1.2-1.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 3.0","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhai/base-image-cpu-rhel9","cpes":["cpe:/a:redhat:openshift_ai:3.0::el9"],"versions":[{"version":"1782929133","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 3.0","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhai/base-image-spyre-rhel9","cpes":["cpe:/a:redhat:openshift_ai:3.0::el9"],"versions":[{"version":"1782928984","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 3.0","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhai/base-image-tpu-rhel9","cpes":["cpe:/a:redhat:openshift_ai:3.0::el9"],"versions":[{"version":"1782968171","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 3.0","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhai/base-image-cuda-rhel9","cpes":["cpe:/a:redhat:openshift_ai:3.0::el9"],"versions":[{"version":"1782929069","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 3.0","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhai/base-image-rocm-rhel9","cpes":["cpe:/a:redhat:openshift_ai:3.0::el9"],"versions":[{"version":"1782928977","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 3.2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhai/base-image-cpu-rhel9","cpes":["cpe:/a:redhat:openshift_ai:3.2::el9"],"versions":[{"version":"1782915416","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 3.2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhai/base-image-cuda-rhel9","cpes":["cpe:/a:redhat:openshift_ai:3.2::el9"],"versions":[{"version":"1782915184","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 3.2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhai/base-image-spyre-rhel9","cpes":["cpe:/a:redhat:openshift_ai:3.2::el9"],"versions":[{"version":"1782914833","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 3.2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhai/base-image-rocm-rhel9","cpes":["cpe:/a:redhat:openshift_ai:3.2::el9"],"versions":[{"version":"1782914721","lessThan":"*","versionType":"rpm","status":"unaffected"},{"version":"1782914751","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 3.2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhai/base-image-tpu-rhel9","cpes":["cpe:/a:redhat:openshift_ai:3.2::el9"],"versions":[{"version":"1782914629","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 3.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhai/base-image-neuron-rhel9","cpes":["cpe:/a:redhat:openshift_ai:3.3::el9"],"versions":[{"version":"1782915056","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 3.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhai/base-image-spyre-rhel9","cpes":["cpe:/a:redhat:openshift_ai:3.3::el9"],"versions":[{"version":"1782916020","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 3.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhai/base-image-cuda-12.9-rhel9","cpes":["cpe:/a:redhat:openshift_ai:3.3::el9"],"versions":[{"version":"1782914960","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 3.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhai/base-image-rocm-6.4-rhel9","cpes":["cpe:/a:redhat:openshift_ai:3.3::el9"],"versions":[{"version":"1782914644","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 3.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhai/base-image-rocm-7.0-rhel9","cpes":["cpe:/a:redhat:openshift_ai:3.3::el9"],"versions":[{"version":"1782914706","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 3.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhai/base-image-cuda-13.0-rhel9","cpes":["cpe:/a:redhat:openshift_ai:3.3::el9"],"versions":[{"version":"1782915015","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 3.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhai/base-image-cpu-rhel9","cpes":["cpe:/a:redhat:openshift_ai:3.3::el9"],"versions":[{"version":"1782914779","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 3.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhai/base-image-tpu-rhel9","cpes":["cpe:/a:redhat:openshift_ai:3.3::el9"],"versions":[{"version":"1782914653","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 3.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhoai/odh-kserve-storage-initializer-rhel9","cpes":["cpe:/a:redhat:openshift_ai:3.3::el9"],"versions":[{"version":"1783010225","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 3.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhoai/odh-mlserver-rhel9","cpes":["cpe:/a:redhat:openshift_ai:3.3::el9"],"versions":[{"version":"1782887848","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 3.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhoai/odh-training-cuda121-torch24-py311-rhel9","cpes":["cpe:/a:redhat:openshift_ai:3.3::el9"],"versions":[{"version":"1782471555","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 3.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhoai/odh-training-cuda124-torch25-py311-rhel9","cpes":["cpe:/a:redhat:openshift_ai:3.3::el9"],"versions":[{"version":"1782471579","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 3.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhoai/odh-training-cuda128-torch28-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai:3.3::el9"],"versions":[{"version":"1783073038","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 3.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhoai/odh-training-cuda128-torch29-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai:3.3::el9"],"versions":[{"version":"1782991170","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 3.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhoai/odh-training-rocm62-torch24-py311-rhel9","cpes":["cpe:/a:redhat:openshift_ai:3.3::el9"],"versions":[{"version":"1782471656","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 3.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhoai/odh-training-rocm62-torch25-py311-rhel9","cpes":["cpe:/a:redhat:openshift_ai:3.3::el9"],"versions":[{"version":"1782471663","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 3.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhoai/odh-training-rocm64-torch28-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai:3.3::el9"],"versions":[{"version":"1783069204","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 3.3","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhoai/odh-training-rocm64-torch29-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai:3.3::el9"],"versions":[{"version":"1782991170","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 3.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhoai/odh-kserve-storage-initializer-rhel9","cpes":["cpe:/a:redhat:openshift_ai:3.4::el9"],"versions":[{"version":"1782133213","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 3.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhoai/odh-mlserver-rhel9","cpes":["cpe:/a:redhat:openshift_ai:3.4::el9"],"versions":[{"version":"1782726504","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 3.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhoai/odh-th06-cpu-torch210-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai:3.4::el9"],"versions":[{"version":"1782135464","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 3.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhoai/odh-th06-cuda130-torch210-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai:3.4::el9"],"versions":[{"version":"1782136276","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 3.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhoai/odh-th06-rocm64-torch291-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai:3.4::el9"],"versions":[{"version":"1782135346","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 3.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhoai/odh-training-cuda121-torch24-py311-rhel9","cpes":["cpe:/a:redhat:openshift_ai:3.4::el9"],"versions":[{"version":"1782132167","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 3.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhoai/odh-training-cuda124-torch25-py311-rhel9","cpes":["cpe:/a:redhat:openshift_ai:3.4::el9"],"versions":[{"version":"1782132207","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 3.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhoai/odh-training-cuda128-torch28-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai:3.4::el9"],"versions":[{"version":"1782132237","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 3.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhoai/odh-training-cuda128-torch29-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai:3.4::el9"],"versions":[{"version":"1782132240","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 3.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhoai/odh-training-rocm62-torch24-py311-rhel9","cpes":["cpe:/a:redhat:openshift_ai:3.4::el9"],"versions":[{"version":"1782132286","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 3.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhoai/odh-training-rocm62-torch25-py311-rhel9","cpes":["cpe:/a:redhat:openshift_ai:3.4::el9"],"versions":[{"version":"1782132236","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 3.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhoai/odh-training-rocm64-torch28-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai:3.4::el9"],"versions":[{"version":"1782132163","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI 3.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhoai/odh-training-rocm64-torch29-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai:3.4::el9"],"versions":[{"version":"1782132297","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer 1.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhtas/model-transparency-rhel9","cpes":["cpe:/a:redhat:trusted_artifact_signer:1.4::el9"],"versions":[{"version":"1782485441","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Exploit Intelligence","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"exploit-intelligence-tech-preview/vulnerability-analysis-rhel9","cpes":["cpe:/a:redhat:exploit_intelligence:0"]},{"vendor":"Red Hat","product":"Migration Toolkit for Applications 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"mta/mta-rhel9-operator","cpes":["cpe:/a:redhat:migration_toolkit_applications:8"]},{"vendor":"Red Hat","product":"Migration Toolkit for Virtualization","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"migration-toolkit-virtualization/mtv-rhel9-operator","cpes":["cpe:/a:redhat:migration_toolkit_virtualization:2"]},{"vendor":"Red Hat","product":"Migration Toolkit for Virtualization","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"mtv-candidate/mtv-rhel9-operator","cpes":["cpe:/a:redhat:migration_toolkit_virtualization:2"]},{"vendor":"Red Hat","product":"OpenShift Lightspeed","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-lightspeed/lightspeed-service-api-rhel9","cpes":["cpe:/a:redhat:openshift_lightspeed"]},{"vendor":"Red Hat","product":"OpenShift Lightspeed","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-lightspeed-tech-preview/lightspeed-rag-tool-rhel9","cpes":["cpe:/a:redhat:openshift_lightspeed"]},{"vendor":"Red Hat","product":"OpenShift Service Mesh 3","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-service-mesh/kiali-rhel9-operator","cpes":["cpe:/a:redhat:service_mesh:3"]},{"vendor":"Red Hat","product":"Pen Drive Powered by Red Hat Lightspeed","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"pen-drive/pen-drive-scanner-rhel9","cpes":["cpe:/a:redhat:pdrive_lightspeed:0","cpe:/a:redhat:pdrive_lightspeed:1"]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhaii/model-opt-cuda-rhel9","cpes":["cpe:/a:redhat:ai_inference_server:3"]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhaiis/model-opt-cuda-rhel9","cpes":["cpe:/a:redhat:ai_inference_server:3"]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhaiis/vllm-cpu-rhel9","cpes":["cpe:/a:redhat:ai_inference_server:3"]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhaiis/vllm-cuda-rhel9","cpes":["cpe:/a:redhat:ai_inference_server:3"]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhaiis/vllm-neuron-rhel9","cpes":["cpe:/a:redhat:ai_inference_server:3"]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhaiis/vllm-rocm-rhel9","cpes":["cpe:/a:redhat:ai_inference_server:3"]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhaiis/vllm-spyre-rhel9","cpes":["cpe:/a:redhat:ai_inference_server:3"]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhaiis/vllm-tpu-rhel9","cpes":["cpe:/a:redhat:ai_inference_server:3"]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhaii/vllm-cpu-rhel9","cpes":["cpe:/a:redhat:ai_inference_server:3"]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhaii/vllm-cuda-rhel9","cpes":["cpe:/a:redhat:ai_inference_server:3"]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhaii/vllm-gaudi-rhel9","cpes":["cpe:/a:redhat:ai_inference_server:3"]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhaii/vllm-neuron-rhel9","cpes":["cpe:/a:redhat:ai_inference_server:3"]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhaii/vllm-rocm-rhel9","cpes":["cpe:/a:redhat:ai_inference_server:3"]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhaii/vllm-spyre-rhel9","cpes":["cpe:/a:redhat:ai_inference_server:3"]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhaii/vllm-tpu-rhel9","cpes":["cpe:/a:redhat:ai_inference_server:3"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-24/controller-rhel8","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-25/controller-rhel8","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-26/controller-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-26/controller-rhel9-operator","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-26/eda-controller-rhel9-operator","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-26/gateway-rhel9-operator","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-26/hub-rhel9-operator","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-26/lightspeed-rhel9-operator","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-26/platform-resource-rhel9-operator","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-27/aap-cloud-billing-operator-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform/automation-dashboard-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-tech-preview/metrics-service-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform-tech-preview/metrics-service-rhel9-operator","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"automation-controller","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Developer Hub","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhdh/rhdh-hub-rhel9","cpes":["cpe:/a:redhat:rhdh:1"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"python-pip","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhel10/python-312-minimal","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"python-pip","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"python3.12-pip","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"python-pip","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ubi8/python-311","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ubi8/python-312","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ubi8/python-36","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ubi8/python-39","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"python3.12-pip","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"python-pip","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhel9/python-311","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhel9/python-39","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ubi9/python-312","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ubi9/python-312-minimal","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhelai3/bootc-aws-cuda-rhel9","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhelai3/bootc-azure-cuda-rhel9","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhelai3/bootc-azure-rocm-rhel9","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhelai3/bootc-cuda-rhel9","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhelai3/bootc-gaudi-rhel9","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhelai3/bootc-gcp-cuda-rhel9","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhelai3/bootc-rocm-rhel9","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhelai3/disk-image-cuda-rhel9","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhai/base-image-gaudi-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhai/base-image-rocm-7.1-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-automl-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-autorag-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-built-in-detector-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-caikit-nlp-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-caikit-tgis-serving-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-feature-server-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-guardrails-detector-huggingface-runtime-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-kserve-autogluon-server-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-llama-stack-core-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-llm-d-kv-cache-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-modelmesh-runtime-adapter-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-model-registry-job-async-upload-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-pipeline-runtime-datascience-cpu-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-pipeline-runtime-minimal-cpu-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-pipeline-runtime-pytorch-cuda-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-pipeline-runtime-pytorch-llmcompressor-cuda-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-pipeline-runtime-pytorch-rocm-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-pipeline-runtime-tensorflow-cuda-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-pipeline-runtime-tensorflow-rocm-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-pipelines-components-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-spark-operator-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-ta-lmes-job-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-th06-cpu-torch291-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-th06-cuda130-torch291-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-trustyai-nemo-guardrails-server-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-vllm-cuda-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-vllm-rocm-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-workbench-codeserver-datascience-cpu-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-workbench-jupyter-datascience-cpu-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-workbench-jupyter-minimal-cpu-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-workbench-jupyter-minimal-cuda-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-workbench-jupyter-minimal-rocm-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-workbench-jupyter-pytorch-cuda-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-workbench-jupyter-pytorch-llmcompressor-cuda-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-workbench-jupyter-pytorch-rocm-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-workbench-jupyter-tensorflow-cuda-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-workbench-jupyter-tensorflow-rocm-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-workbench-jupyter-trustyai-cpu-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-ansible-rhel9-operator","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Dev Spaces","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"devspaces/udi-rhel9","cpes":["cpe:/a:redhat:openshift_devspaces:3"]},{"vendor":"Red Hat","product":"Red Hat Quay 3","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"quay/quay-rhel8","cpes":["cpe:/a:redhat:quay:3"]},{"vendor":"Red Hat","product":"Red Hat Quay 3","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"quay/quay-rhel9","cpes":["cpe:/a:redhat:quay:3"]},{"vendor":"Red Hat","product":"Red Hat Satellite 6","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"satellite/foreman-mcp-server-rhel9","cpes":["cpe:/a:redhat:satellite:6"]},{"vendor":"Red Hat","product":"Red Hat Satellite 6","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"satellite/iop-advisor-backend-rhel9","cpes":["cpe:/a:redhat:satellite:6"]},{"vendor":"Red Hat","product":"Red Hat Satellite 6","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"satellite/iop-advisor-engine-rhel9","cpes":["cpe:/a:redhat:satellite:6"]},{"vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhtas/segment-reporting-rhel9","cpes":["cpe:/a:redhat:trusted_artifact_signer:1"]},{"vendor":"Red Hat","product":"Service Telemetry Framework 1.5","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"stf/prometheus-webhook-snmp-rhel9","cpes":["cpe:/a:redhat:stf:1.5"]},{"vendor":"Red Hat","product":"Service Telemetry Framework 1.5","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"stf/service-telemetry-rhel9-operator","cpes":["cpe:/a:redhat:stf:1.5"]},{"vendor":"Red Hat","product":"Service Telemetry Framework 1.5","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"stf/smart-gateway-rhel9-operator","cpes":["cpe:/a:redhat:stf:1.5"]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@python.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-01T18:57:40.345155Z","id":"CVE-2026-8643","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pypa:pip:*:*:*:*:*:*:*:*","versionEndExcluding":"26.1.2","matchCriteriaId":"EEEE9A28-2696-4CFA-8AE6-85027112F7F3"}]}]}],"references":[{"url":"https://github.com/pypa/pip/pull/14000","source":"cna@python.org","tags":["Issue Tracking","Patch"]},{"url":"https://mail.python.org/archives/list/security-announce@python.org/thread/YV63UET5D3OOJY7O4M5XCVYO2YM4NBYJ/","source":"cna@python.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/06/01/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:33313","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34374","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34456","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34739","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34740","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34741","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34748","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34749","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34750","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34752","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34756","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34758","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34760","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34765","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34772","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34773","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34774","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34775","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34776","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34777","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34778","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34780","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34891","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36193","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36315","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:37275","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:37283","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-8643","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460927","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-8643.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-34355","sourceIdentifier":"security@apache.org","published":"2026-06-08T16:16:38.387","lastModified":"2026-07-16T12:17:33.080","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A buffer overflow in mod_proxy_html in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend.\nUsers are recommended to upgrade to version 2.4.68, which fixes this issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache HTTP Server","defaultStatus":"unaffected","versions":[{"version":"2.4.0","lessThanOrEqual":"2.4.67","versionType":"semver","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"httpd","cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"versions":[{"version":"0:2.4.63-13.el10_2.4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"httpd-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"2.4.68-1.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"httpd","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"httpd","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"httpd","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"httpd","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-08T18:11:57.581951Z","id":"CVE-2026-34355","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-120"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","versionStartIncluding":"2.4.0","versionEndExcluding":"2.4.68","matchCriteriaId":"03F07E89-F9BF-4913-8250-F79447AA6EBD"}]}]}],"references":[{"url":"https://httpd.apache.org/security/vulnerabilities_24.html","source":"security@apache.org","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/06/08/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"https://access.redhat.com/errata/RHSA-2026:25042","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34109","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-34355","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2486414","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34355.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-42536","sourceIdentifier":"security@apache.org","published":"2026-06-08T16:16:39.263","lastModified":"2026-07-16T12:17:52.103","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Heap-based Buffer Overflow vulnerability in Apache HTTP Server with mod_xml2enc, xml2StartParse, and untrusted content\n\nThis issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.\n\nUsers are recommended to upgrade to version 2.4.68, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache HTTP Server","defaultStatus":"unaffected","versions":[{"version":"2.4.0","lessThanOrEqual":"2.4.67","versionType":"semver","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"httpd","cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"versions":[{"version":"0:2.4.63-13.el10_2.4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"httpd-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"2.4.68-1.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"httpd","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"httpd","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"httpd","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"httpd","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-08T18:09:39.478431Z","id":"CVE-2026-42536","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-120"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","versionStartIncluding":"2.4.0","versionEndExcluding":"2.4.68","matchCriteriaId":"03F07E89-F9BF-4913-8250-F79447AA6EBD"}]}]}],"references":[{"url":"https://httpd.apache.org/security/vulnerabilities_24.html","source":"security@apache.org","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/06/08/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:25042","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34109","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-42536","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2486411","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42536.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-44185","sourceIdentifier":"security@apache.org","published":"2026-06-08T16:16:40.327","lastModified":"2026-07-16T12:17:52.900","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server\n\nThis issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.\n\nUsers are recommended to upgrade to version 2.4.68, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache HTTP Server","defaultStatus":"unaffected","versions":[{"version":"2.4.0","lessThanOrEqual":"2.4.67","versionType":"semver","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"httpd","cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"versions":[{"version":"0:2.4.63-13.el10_2.4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"httpd-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"2.4.68-1.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"httpd","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"httpd","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"httpd","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"httpd","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-08T18:10:50.653826Z","id":"CVE-2026-44185","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-126"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","versionStartIncluding":"2.4.0","versionEndExcluding":"2.4.68","matchCriteriaId":"03F07E89-F9BF-4913-8250-F79447AA6EBD"}]}]}],"references":[{"url":"https://httpd.apache.org/security/vulnerabilities_24.html","source":"security@apache.org","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/06/08/12","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:25042","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34109","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-44185","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2486397","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44185.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-9698","sourceIdentifier":"9b29abf9-4ab0-4765-b253-1875cd9b441e","published":"2026-06-09T08:16:29.190","lastModified":"2026-07-16T12:18:10.747","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"DBI versions before 1.648 for Perl saved errors in a limited-sized buffer.\n\nError messages that were returned when RaiseError, PrintError or HandleError were set were written to a 200-byte buffer without a length limit.\n\nAttackers that can influence the error text in an application can trigger a buffer overflow."}],"affected":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","affectedData":[{"vendor":"HMBRAND","product":"DBI","defaultStatus":"unaffected","collectionURL":"https://cpan.org/modules","packageName":"DBI","programFiles":["DBI.xs"],"repo":"https://github.com/perl5-dbi/dbi","versions":[{"version":"0","lessThan":"1.648","versionType":"custom","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"perl-DBI","cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"versions":[{"version":"0:1.643-26.el10_2.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"perl-DBI:1.641","cpes":["cpe:/a:redhat:enterprise_linux:8"],"versions":[{"version":"8100020260624081239.69ef70f8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"perl-DBI","cpes":["cpe:/a:redhat:enterprise_linux:9"],"versions":[{"version":"0:1.643-9.el9_8.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"perl-DBI","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"perl-DBI","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"perl-DBI","cpes":["cpe:/o:redhat:enterprise_linux:8"]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-09T15:44:04.195929Z","id":"CVE-2026-9698","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-120"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:perl:dbi:*:*:*:*:*:*:*:*","versionEndExcluding":"1.648","matchCriteriaId":"5C23D2D0-3FFA-4C49-952A-FD8FE4684AF5"}]}]}],"references":[{"url":"https://github.com/perl5-dbi/dbi/commit/bfe5d73c162d2d1f761a639a0aa33aad6a9eb54e.patch","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":["Patch"]},{"url":"https://metacpan.org/release/HMBRAND/DBI-1.648/changes","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":["Release Notes"]},{"url":"http://www.openwall.com/lists/oss-security/2026/06/09/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:38512","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:38513","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:38901","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-9698","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2486734","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-9698.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-42530","sourceIdentifier":"f5sirt@f5.com","published":"2026-06-17T15:16:50.630","lastModified":"2026-07-16T12:17:51.630","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"NGINX Open Source has a vulnerability in the ngx_http_v3_module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen a QPACK encoder stream. This may cause a Use-after-Free in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR.  \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}],"affected":[{"source":"f5sirt@f5.com","affectedData":[{"vendor":"F5","product":"NGINX Open Source","defaultStatus":"unknown","modules":["ngx_http_v3_module"],"versions":[{"version":"1.31.0","lessThan":"1.31.2","versionType":"custom","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nginx-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"1.30.2-1.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nginx","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nginx","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nginx:1.24/nginx","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nginx","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nginx:1.24/nginx","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nginx:1.26/nginx","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Lightspeed proxy 1","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"insights-proxy/insights-proxy-container-rhel9","cpes":["cpe:/a:redhat:insights_proxy:1"]}]}],"metrics":{"cvssMetricV40":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T00:00:00+00:00","id":"CVE-2026-42530","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"f5sirt@f5.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:nginx_gateway_fabric:*:*:*:*:*:*:*:*","versionStartIncluding":"1.3.0","versionEndIncluding":"1.6.2","matchCriteriaId":"15B7F1FD-0C49-460F-9CB8-23DA730EC4BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:nginx_gateway_fabric:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.6.4","matchCriteriaId":"8495C4C7-3BFA-49CD-B527-7E1EE9827634"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5.0","versionEndIncluding":"3.7.2","matchCriteriaId":"10D5B143-4C1E-4626-8B49-3EA7160E9256"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndExcluding":"5.5.1","matchCriteriaId":"965E7D6E-288B-438E-A2A8-A25802E34933"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:nginx_ingress_controller:4.0.0:*:*:*:*:*:*:*","matchCriteriaId":"896F495E-50C2-4A10-8FE8-F4D0AD52F6FF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:nginx_ingress_controller:4.0.1:*:*:*:*:*:*:*","matchCriteriaId":"0ACDA17B-D0AB-46C1-9D58-21DF6ED5479E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:nginx_instance_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"2.17.0","versionEndIncluding":"2.22.0","matchCriteriaId":"BCFCE3FC-61E0-4749-8F09-EEB4B09B1218"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*","versionStartIncluding":"1.31.0","versionEndExcluding":"1.31.2","matchCriteriaId":"2C3B90C4-D305-4F5F-B4B2-CD09918D1C94"}]}]}],"references":[{"url":"https://my.f5.com/manage/s/article/K000161616","source":"f5sirt@f5.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:20351","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-42530","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2489872","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42530.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-12151","sourceIdentifier":"ce714d77-add3-4f53-aff5-83d477b104bb","published":"2026-06-17T17:16:42.370","lastModified":"2026-07-16T12:17:01.680","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Impact:\nThe undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a message but does not enforce a limit on the number of fragments. A malicious WebSocket server can stream many small or empty continuation frames that each pass per-frame and cumulative-size validation, collectively causing unbounded memory growth in the client process. The result is memory exhaustion and a denial of service.\n\nAffected applications are those using the undici WebSocket client (new WebSocket(...)) or the WebSocketStream API that can be induced to connect to an attacker-controlled or compromised WebSocket endpoint.\n\nAll releases starting at undici 6.17.0 are affected.\n\nPatches: Upgrade to undici >= 6.26.0, >= 7.28.0, or >= 8.5.0. Workarounds:\nNo workaround is available. The fix must be applied through an upgrade."}],"affected":[{"source":"ce714d77-add3-4f53-aff5-83d477b104bb","affectedData":[{"vendor":"undici","product":"undici","defaultStatus":"unaffected","packageURL":"pkg:npm/undici","versions":[{"version":"0","lessThan":"6.26.0","versionType":"semver","status":"affected"},{"version":"6.26.0","versionType":"semver","status":"unaffected"},{"version":"7.0.0","lessThan":"7.28.0","versionType":"semver","status":"affected"},{"version":"7.28.0","versionType":"semver","status":"unaffected"},{"version":"8.0.0","lessThan":"8.5.0","versionType":"semver","status":"affected"},{"version":"8.5.0","versionType":"semver","status":"unaffected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs24","cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"versions":[{"version":"1:24.18.0-1.el10_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs22","cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"versions":[{"version":"1:22.23.1-2.el10_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10.0 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs22","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"],"versions":[{"version":"1:22.23.1-2.el10_0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs:24","cpes":["cpe:/a:redhat:enterprise_linux:8"],"versions":[{"version":"8100020260630152626.6d880403","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs:24","cpes":["cpe:/a:redhat:enterprise_linux:9"],"versions":[{"version":"9080020260626074955.rhel9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs:22","cpes":["cpe:/a:redhat:enterprise_linux:9"],"versions":[{"version":"9080020260626075442.rhel9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cluster Observability Operator 1.5.0","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"cluster-observability-operator/distributed-tracing-console-plugin-pf4-rhel9","cpes":["cpe:/a:redhat:cluster_observability_operator:1.5::el9"],"versions":[{"version":"1782840519","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cluster Observability Operator 1.5.0","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"cluster-observability-operator/distributed-tracing-console-plugin-pf5-rhel9","cpes":["cpe:/a:redhat:cluster_observability_operator:1.5::el9"],"versions":[{"version":"1782839981","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cluster Observability Operator 1.5.0","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"cluster-observability-operator/distributed-tracing-console-plugin-pf6-rhel9","cpes":["cpe:/a:redhat:cluster_observability_operator:1.5::el9"],"versions":[{"version":"1782839193","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cluster Observability Operator 1.5.0","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"cluster-observability-operator/distributed-tracing-console-plugin-rhel9","cpes":["cpe:/a:redhat:cluster_observability_operator:1.5::el9"],"versions":[{"version":"1782838753","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cluster Observability Operator 1.5.0","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"cluster-observability-operator/logging-console-plugin-pf4-rhel9","cpes":["cpe:/a:redhat:cluster_observability_operator:1.5::el9"],"versions":[{"version":"1782839279","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cluster Observability Operator 1.5.0","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"cluster-observability-operator/logging-console-plugin-pf5-rhel9","cpes":["cpe:/a:redhat:cluster_observability_operator:1.5::el9"],"versions":[{"version":"1782840539","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cluster Observability Operator 1.5.0","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"cluster-observability-operator/logging-console-plugin-rhel9","cpes":["cpe:/a:redhat:cluster_observability_operator:1.5::el9"],"versions":[{"version":"1782841925","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cluster Observability Operator 1.5.0","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"cluster-observability-operator/monitoring-console-plugin-pf5-rhel9","cpes":["cpe:/a:redhat:cluster_observability_operator:1.5::el9"],"versions":[{"version":"1782844225","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cluster Observability Operator 1.5.0","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"cluster-observability-operator/monitoring-console-plugin-pf6-rhel9","cpes":["cpe:/a:redhat:cluster_observability_operator:1.5::el9"],"versions":[{"version":"1782839658","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cluster Observability Operator 1.5.0","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"cluster-observability-operator/monitoring-console-plugin-rhel9","cpes":["cpe:/a:redhat:cluster_observability_operator:1.5::el9"],"versions":[{"version":"1782838476","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cluster Observability Operator 1.5.0","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"cluster-observability-operator/troubleshooting-panel-console-plugin-pf6-rhel9","cpes":["cpe:/a:redhat:cluster_observability_operator:1.5::el9"],"versions":[{"version":"1782839996","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cluster Observability Operator 1.5.0","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"cluster-observability-operator/troubleshooting-panel-console-plugin-rhel9","cpes":["cpe:/a:redhat:cluster_observability_operator:1.5::el9"],"versions":[{"version":"1782839494","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Developer Hub 1.10","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhdh/rhdh-hub-rhel9","cpes":["cpe:/a:redhat:rhdh:1.10::el9"],"versions":[{"version":"1783448184","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs26-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"26.5.0-1.3.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs24-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"24.18.0-0.3.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.16","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift4/ose-monitoring-plugin-rhel9","cpes":["cpe:/a:redhat:openshift:4.16::el9"],"versions":[{"version":"1783306396","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Dev Spaces 3.29","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"devspaces/dashboard-rhel9","cpes":["cpe:/a:redhat:openshift_devspaces:3.29::el9"],"versions":[{"version":"1782498792","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Dev Spaces 3.29","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"devspaces/openvsx-rhel9","cpes":["cpe:/a:redhat:openshift_devspaces:3.29::el9"],"versions":[{"version":"1783007534","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Dev Spaces 3.29","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"devspaces/pluginregistry-rhel9","cpes":["cpe:/a:redhat:openshift_devspaces:3.29::el9"],"versions":[{"version":"1782989367","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cryostat 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"cryostat-openshift-console-plugin-npm","cpes":["cpe:/a:redhat:cryostat:4"]},{"vendor":"Red Hat","product":"Cryostat 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"grafana-infinity-datasource-npm","cpes":["cpe:/a:redhat:cryostat:4"]},{"vendor":"Red Hat","product":"Cryostat 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"undici","cpes":["cpe:/a:redhat:cryostat:4"]},{"vendor":"Red Hat","product":"OpenShift Pipelines","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-pipelines/pipelines-console-plugin-pf5-rhel9","cpes":["cpe:/a:redhat:openshift_pipelines:1"]},{"vendor":"Red Hat","product":"OpenShift Pipelines","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-pipelines/pipelines-console-plugin-rhel8","cpes":["cpe:/a:redhat:openshift_pipelines:1"]},{"vendor":"Red Hat","product":"OpenShift Pipelines","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-pipelines/pipelines-console-plugin-rhel9","cpes":["cpe:/a:redhat:openshift_pipelines:1"]},{"vendor":"Red Hat","product":"Red Hat AMQ Broker 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"undici","cpes":["cpe:/a:redhat:amq_broker:7"]},{"vendor":"Red Hat","product":"Red Hat Build of Podman Desktop","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rh-podman-desktop.git","cpes":["cpe:/a:redhat:podman_desktop:1"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs:22/nodejs","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs25","cpes":["cpe:/a:redhat:hummingbird:1"]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rust","cpes":["cpe:/a:redhat:hummingbird:1"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-dashboard-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-mod-arch-automl-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-mod-arch-autorag-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-mod-arch-eval-hub-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-mod-arch-gen-ai-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-mod-arch-maas-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-mod-arch-mlflow-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-mod-arch-model-registry-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-workbench-codeserver-datascience-cpu-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-agent-installer-ui-rhel9","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-console-rhel9","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"odf4/ocs-client-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4"]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"odf4/odf-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4"]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"odf4/odf-multicluster-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Dev Spaces","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"devspaces/code-rhel9","cpes":["cpe:/a:redhat:openshift_devspaces:3"]},{"vendor":"Red Hat","product":"Self-service automation portal 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform/automation-portal","cpes":["cpe:/a:redhat:ansible_portal:2"]},{"vendor":"Red Hat","product":"Self-service automation portal 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform/bootc-automation-portal-rhel9","cpes":["cpe:/a:redhat:ansible_portal:2"]}]}],"metrics":{"cvssMetricV31":[{"source":"ce714d77-add3-4f53-aff5-83d477b104bb","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T17:29:57.305732Z","id":"CVE-2026-12151","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ce714d77-add3-4f53-aff5-83d477b104bb","type":"Secondary","description":[{"lang":"en","value":"CWE-400"},{"lang":"en","value":"CWE-770"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:undici:*:*:*:*:*:node.js:*:*","versionStartIncluding":"6.17.0","versionEndExcluding":"6.27.0","matchCriteriaId":"7DA00D4B-2ABC-49EC-A803-82DAC769A362"},{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:undici:*:*:*:*:*:node.js:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.28.0","matchCriteriaId":"0C34D757-BB16-4E28-95D8-7D3FAC851B69"},{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:undici:*:*:*:*:*:node.js:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.5.0","matchCriteriaId":"37F3655C-C7AE-4B13-A5EB-6FE0A9566124"}]}]}],"references":[{"url":"https://cna.openjsf.org/security-advisories.html","source":"ce714d77-add3-4f53-aff5-83d477b104bb","tags":["Vendor Advisory"]},{"url":"https://github.com/nodejs/undici/security/advisories/GHSA-vxpw-j846-p89q","source":"ce714d77-add3-4f53-aff5-83d477b104bb","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:34342","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35841","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35842","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35891","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35892","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36621","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36754","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36820","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:38009","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:38236","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:39246","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:39868","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-12151","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2489980","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-12151.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-6734","sourceIdentifier":"ce714d77-add3-4f53-aff5-83d477b104bb","published":"2026-06-17T18:18:05.617","lastModified":"2026-07-16T12:18:09.120","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Impact:\nWhen using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination.\n\nThis causes cross-origin request routing: credentials and request data intended for origin B are sent to origin A, responses from the wrong origin are trusted, and HTTPS requests may be silently downgraded to HTTP.\n\nImpacted users are applications that use Socks5ProxyAgent (directly or via setGlobalDispatcher) and make requests to more than one origin.\n\nThis was introduced in undici 7.23.0 via PR #4385 and affects all versions through 8.1.0.\n\nPatches:\nUpgrade to undici v7.26.0 or v8.2.0.\n\nWorkarounds:\nUse a separate Socks5ProxyAgent instance per origin, or avoid using Socks5ProxyAgent with multiple origins."}],"affected":[{"source":"ce714d77-add3-4f53-aff5-83d477b104bb","affectedData":[{"vendor":"undici","product":"undici","defaultStatus":"unaffected","packageURL":"pkg:npm/undici","versions":[{"version":"7.23.0","lessThan":"7.26.0","versionType":"semver","status":"affected"},{"version":"7.26.0","versionType":"semver","status":"unaffected"},{"version":"8.0.0","lessThan":"8.2.0","versionType":"semver","status":"affected"},{"version":"8.2.0","versionType":"semver","status":"unaffected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs24","cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"versions":[{"version":"1:24.18.0-1.el10_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs:24","cpes":["cpe:/a:redhat:enterprise_linux:8"],"versions":[{"version":"8100020260630152626.6d880403","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs:24","cpes":["cpe:/a:redhat:enterprise_linux:9"],"versions":[{"version":"9080020260626074955.rhel9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cluster Observability Operator 1.5.0","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"cluster-observability-operator/distributed-tracing-console-plugin-pf4-rhel9","cpes":["cpe:/a:redhat:cluster_observability_operator:1.5::el9"],"versions":[{"version":"1782840519","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cluster Observability Operator 1.5.0","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"cluster-observability-operator/distributed-tracing-console-plugin-pf5-rhel9","cpes":["cpe:/a:redhat:cluster_observability_operator:1.5::el9"],"versions":[{"version":"1782839981","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cluster Observability Operator 1.5.0","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"cluster-observability-operator/distributed-tracing-console-plugin-pf6-rhel9","cpes":["cpe:/a:redhat:cluster_observability_operator:1.5::el9"],"versions":[{"version":"1782839193","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cluster Observability Operator 1.5.0","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"cluster-observability-operator/distributed-tracing-console-plugin-rhel9","cpes":["cpe:/a:redhat:cluster_observability_operator:1.5::el9"],"versions":[{"version":"1782838753","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cluster Observability Operator 1.5.0","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"cluster-observability-operator/logging-console-plugin-rhel9","cpes":["cpe:/a:redhat:cluster_observability_operator:1.5::el9"],"versions":[{"version":"1782841925","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cluster Observability Operator 1.5.0","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"cluster-observability-operator/monitoring-console-plugin-pf5-rhel9","cpes":["cpe:/a:redhat:cluster_observability_operator:1.5::el9"],"versions":[{"version":"1782844225","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cluster Observability Operator 1.5.0","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"cluster-observability-operator/monitoring-console-plugin-pf6-rhel9","cpes":["cpe:/a:redhat:cluster_observability_operator:1.5::el9"],"versions":[{"version":"1782839658","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cluster Observability Operator 1.5.0","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"cluster-observability-operator/monitoring-console-plugin-rhel9","cpes":["cpe:/a:redhat:cluster_observability_operator:1.5::el9"],"versions":[{"version":"1782838476","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cluster Observability Operator 1.5.0","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"cluster-observability-operator/troubleshooting-panel-console-plugin-rhel9","cpes":["cpe:/a:redhat:cluster_observability_operator:1.5::el9"],"versions":[{"version":"1782839494","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Developer Hub 1.10","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhdh/rhdh-hub-rhel9","cpes":["cpe:/a:redhat:rhdh:1.10::el9"],"versions":[{"version":"1783448184","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs26-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"26.3.0-1.2.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rust-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"1.96.0-1.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs24-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"24.18.0-0.3.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs25-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"25.9.0-1.1.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Dev Spaces 3.29","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"devspaces/dashboard-rhel9","cpes":["cpe:/a:redhat:openshift_devspaces:3.29::el9"],"versions":[{"version":"1782498792","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Dev Spaces 3.29","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"devspaces/openvsx-rhel9","cpes":["cpe:/a:redhat:openshift_devspaces:3.29::el9"],"versions":[{"version":"1783007534","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Dev Spaces 3.29","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"devspaces/pluginregistry-rhel9","cpes":["cpe:/a:redhat:openshift_devspaces:3.29::el9"],"versions":[{"version":"1782989367","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cryostat 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"cryostat-openshift-console-plugin-npm","cpes":["cpe:/a:redhat:cryostat:4"]},{"vendor":"Red Hat","product":"Cryostat 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"grafana-infinity-datasource-npm","cpes":["cpe:/a:redhat:cryostat:4"]},{"vendor":"Red Hat","product":"Cryostat 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"undici","cpes":["cpe:/a:redhat:cryostat:4"]},{"vendor":"Red Hat","product":"OpenShift Pipelines","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-pipelines/pipelines-console-plugin-pf5-rhel9","cpes":["cpe:/a:redhat:openshift_pipelines:1"]},{"vendor":"Red Hat","product":"OpenShift Pipelines","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-pipelines/pipelines-console-plugin-rhel8","cpes":["cpe:/a:redhat:openshift_pipelines:1"]},{"vendor":"Red Hat","product":"OpenShift Pipelines","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-pipelines/pipelines-console-plugin-rhel9","cpes":["cpe:/a:redhat:openshift_pipelines:1"]},{"vendor":"Red Hat","product":"Red Hat AMQ Broker 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"undici","cpes":["cpe:/a:redhat:amq_broker:7"]},{"vendor":"Red Hat","product":"Red Hat Build of Podman Desktop","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rh-podman-desktop.git","cpes":["cpe:/a:redhat:podman_desktop:1"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs22","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs:22/nodejs","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs:22/nodejs","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-dashboard-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-mod-arch-automl-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-mod-arch-autorag-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-mod-arch-eval-hub-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-mod-arch-gen-ai-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-mod-arch-maas-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-mod-arch-mlflow-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-mod-arch-model-registry-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-workbench-codeserver-datascience-cpu-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-agent-installer-ui-rhel9","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-console-rhel9","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-monitoring-plugin-rhel9","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"odf4/ocs-client-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4"]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"odf4/odf-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4"]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"odf4/odf-multicluster-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Dev Spaces","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"devspaces/code-rhel9","cpes":["cpe:/a:redhat:openshift_devspaces:3"]},{"vendor":"Red Hat","product":"Self-service automation portal 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform/automation-portal","cpes":["cpe:/a:redhat:ansible_portal:2"]},{"vendor":"Red Hat","product":"Self-service automation portal 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform/bootc-automation-portal-rhel9","cpes":["cpe:/a:redhat:ansible_portal:2"]}]}],"metrics":{"cvssMetricV31":[{"source":"ce714d77-add3-4f53-aff5-83d477b104bb","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T00:00:00+00:00","id":"CVE-2026-6734","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ce714d77-add3-4f53-aff5-83d477b104bb","type":"Secondary","description":[{"lang":"en","value":"CWE-346"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-940"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:undici:*:*:*:*:*:node.js:*:*","versionStartIncluding":"7.23.0","versionEndExcluding":"7.28.0","matchCriteriaId":"470B6F0F-0441-4D55-A4A1-5DCBECF32E6F"},{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:undici:*:*:*:*:*:node.js:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.2.0","matchCriteriaId":"DF2B7ECC-9B86-40B8-BA07-0D9ADBC4203E"}]}]}],"references":[{"url":"https://cna.openjsf.org/security-advisories.html","source":"ce714d77-add3-4f53-aff5-83d477b104bb","tags":["Vendor Advisory"]},{"url":"https://github.com/nodejs/undici/security/advisories/GHSA-hm92-r4w5-c3mj","source":"ce714d77-add3-4f53-aff5-83d477b104bb","tags":["Mitigation","Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:22380","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:22934","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34342","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35841","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35891","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36754","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36820","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:38236","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:39868","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:7378","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-6734","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2490024","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6734.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-9697","sourceIdentifier":"ce714d77-add3-4f53-aff5-83d477b104bb","published":"2026-06-17T18:18:06.473","lastModified":"2026-07-16T12:18:10.337","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Impact:\nundici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI (socks5:// or socks://). The target HTTPS connection through the SOCKS5 tunnel falls back to Node's default trust store, ignoring user-configured ca, cert, key, rejectUnauthorized, and servername settings.\n\nApplications that pin to an internal or corporate CA via requestTls.ca will, when their proxy URI is SOCKS5, get the default Mozilla CA bundle as the trust anchor instead. Any cert signed by any publicly-trusted CA for the target hostname is accepted, breaking the intended pin and enabling MITM read and tamper of the HTTPS exchange.\n\nAffected applications are those that use undici's ProxyAgent (or Socks5ProxyAgent directly) with SOCKS5 AND rely on requestTls for TLS scope restriction. The bug was introduced in undici 7.23.0 when SOCKS5 support was added.\n\nPatches:\nUpgrade to undici v7.28.0 or v8.5.0.\n\nWorkarounds:\nNo workaround is available within the SOCKS5 path. If a SOCKS5 proxy with TLS scope restriction is required and an upgrade is not yet possible, route the traffic through an HTTP-proxy ProxyAgent instead, where requestTls is honored correctly."}],"affected":[{"source":"ce714d77-add3-4f53-aff5-83d477b104bb","affectedData":[{"vendor":"undici","product":"undici","defaultStatus":"unaffected","packageURL":"pkg:npm/undici","versions":[{"version":"7.23.0","lessThan":"7.28.0","versionType":"semver","status":"affected"},{"version":"7.28.0","versionType":"semver","status":"unaffected"},{"version":"8.0.0","lessThan":"8.5.0","versionType":"semver","status":"affected"},{"version":"8.5.0","versionType":"semver","status":"unaffected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs24","cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"versions":[{"version":"1:24.18.0-1.el10_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs:24","cpes":["cpe:/a:redhat:enterprise_linux:8"],"versions":[{"version":"8100020260630152626.6d880403","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs:24","cpes":["cpe:/a:redhat:enterprise_linux:9"],"versions":[{"version":"9080020260626074955.rhel9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cluster Observability Operator 1.5.0","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"cluster-observability-operator/distributed-tracing-console-plugin-pf4-rhel9","cpes":["cpe:/a:redhat:cluster_observability_operator:1.5::el9"],"versions":[{"version":"1782840519","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cluster Observability Operator 1.5.0","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"cluster-observability-operator/distributed-tracing-console-plugin-pf5-rhel9","cpes":["cpe:/a:redhat:cluster_observability_operator:1.5::el9"],"versions":[{"version":"1782839981","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cluster Observability Operator 1.5.0","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"cluster-observability-operator/distributed-tracing-console-plugin-pf6-rhel9","cpes":["cpe:/a:redhat:cluster_observability_operator:1.5::el9"],"versions":[{"version":"1782839193","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cluster Observability Operator 1.5.0","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"cluster-observability-operator/distributed-tracing-console-plugin-rhel9","cpes":["cpe:/a:redhat:cluster_observability_operator:1.5::el9"],"versions":[{"version":"1782838753","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cluster Observability Operator 1.5.0","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"cluster-observability-operator/logging-console-plugin-rhel9","cpes":["cpe:/a:redhat:cluster_observability_operator:1.5::el9"],"versions":[{"version":"1782841925","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cluster Observability Operator 1.5.0","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"cluster-observability-operator/monitoring-console-plugin-pf5-rhel9","cpes":["cpe:/a:redhat:cluster_observability_operator:1.5::el9"],"versions":[{"version":"1782844225","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cluster Observability Operator 1.5.0","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"cluster-observability-operator/monitoring-console-plugin-pf6-rhel9","cpes":["cpe:/a:redhat:cluster_observability_operator:1.5::el9"],"versions":[{"version":"1782839658","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cluster Observability Operator 1.5.0","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"cluster-observability-operator/monitoring-console-plugin-rhel9","cpes":["cpe:/a:redhat:cluster_observability_operator:1.5::el9"],"versions":[{"version":"1782838476","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cluster Observability Operator 1.5.0","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"cluster-observability-operator/troubleshooting-panel-console-plugin-rhel9","cpes":["cpe:/a:redhat:cluster_observability_operator:1.5::el9"],"versions":[{"version":"1782839494","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Developer Hub 1.10","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhdh/rhdh-hub-rhel9","cpes":["cpe:/a:redhat:rhdh:1.10::el9"],"versions":[{"version":"1783448184","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs26-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"26.3.0-1.2.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rust-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"1.96.0-1.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs24-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"24.18.0-0.3.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs25-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"25.9.0-1.1.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.16","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift4/ose-monitoring-plugin-rhel9","cpes":["cpe:/a:redhat:openshift:4.16::el9"],"versions":[{"version":"1783306396","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Dev Spaces 3.29","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"devspaces/dashboard-rhel9","cpes":["cpe:/a:redhat:openshift_devspaces:3.29::el9"],"versions":[{"version":"1782498792","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Dev Spaces 3.29","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"devspaces/openvsx-rhel9","cpes":["cpe:/a:redhat:openshift_devspaces:3.29::el9"],"versions":[{"version":"1783007534","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Dev Spaces 3.29","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"devspaces/pluginregistry-rhel9","cpes":["cpe:/a:redhat:openshift_devspaces:3.29::el9"],"versions":[{"version":"1782989367","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Cryostat 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"cryostat-openshift-console-plugin-npm","cpes":["cpe:/a:redhat:cryostat:4"]},{"vendor":"Red Hat","product":"Cryostat 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"grafana-infinity-datasource-npm","cpes":["cpe:/a:redhat:cryostat:4"]},{"vendor":"Red Hat","product":"Cryostat 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"undici","cpes":["cpe:/a:redhat:cryostat:4"]},{"vendor":"Red Hat","product":"OpenShift Pipelines","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-pipelines/pipelines-console-plugin-pf5-rhel9","cpes":["cpe:/a:redhat:openshift_pipelines:1"]},{"vendor":"Red Hat","product":"OpenShift Pipelines","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-pipelines/pipelines-console-plugin-rhel8","cpes":["cpe:/a:redhat:openshift_pipelines:1"]},{"vendor":"Red Hat","product":"OpenShift Pipelines","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-pipelines/pipelines-console-plugin-rhel9","cpes":["cpe:/a:redhat:openshift_pipelines:1"]},{"vendor":"Red Hat","product":"Red Hat AMQ Broker 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"undici","cpes":["cpe:/a:redhat:amq_broker:7"]},{"vendor":"Red Hat","product":"Red Hat Build of Podman Desktop","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rh-podman-desktop.git","cpes":["cpe:/a:redhat:podman_desktop:1"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs22","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs:22/nodejs","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs:22/nodejs","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-dashboard-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-mod-arch-automl-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-mod-arch-autorag-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-mod-arch-eval-hub-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-mod-arch-gen-ai-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-mod-arch-maas-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-mod-arch-mlflow-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-mod-arch-model-registry-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-workbench-codeserver-datascience-cpu-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-agent-installer-ui-rhel9","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-console-rhel9","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"odf4/ocs-client-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4"]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"odf4/odf-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4"]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"odf4/odf-multicluster-console-rhel9","cpes":["cpe:/a:redhat:openshift_data_foundation:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Dev Spaces","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"devspaces/code-rhel9","cpes":["cpe:/a:redhat:openshift_devspaces:3"]},{"vendor":"Red Hat","product":"Self-service automation portal 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform/automation-portal","cpes":["cpe:/a:redhat:ansible_portal:2"]},{"vendor":"Red Hat","product":"Self-service automation portal 2","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"ansible-automation-platform/bootc-automation-portal-rhel9","cpes":["cpe:/a:redhat:ansible_portal:2"]}]}],"metrics":{"cvssMetricV31":[{"source":"ce714d77-add3-4f53-aff5-83d477b104bb","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":5.2},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T00:00:00+00:00","id":"CVE-2026-9697","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ce714d77-add3-4f53-aff5-83d477b104bb","type":"Secondary","description":[{"lang":"en","value":"CWE-295"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-295"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:undici:*:*:*:*:*:node.js:*:*","versionStartIncluding":"7.23.0","versionEndExcluding":"7.28.0","matchCriteriaId":"470B6F0F-0441-4D55-A4A1-5DCBECF32E6F"},{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:undici:*:*:*:*:*:node.js:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.5.0","matchCriteriaId":"37F3655C-C7AE-4B13-A5EB-6FE0A9566124"}]}]}],"references":[{"url":"https://cna.openjsf.org/security-advisories.html","source":"ce714d77-add3-4f53-aff5-83d477b104bb","tags":["Vendor Advisory"]},{"url":"https://github.com/nodejs/undici/security/advisories/GHSA-vmh5-mc38-953g","source":"ce714d77-add3-4f53-aff5-83d477b104bb","tags":["Mitigation","Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:22380","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:22934","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34342","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35841","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35891","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36621","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36754","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36820","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:38236","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:39868","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:7378","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-9697","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2490018","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-9697.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-11807","sourceIdentifier":"secalert@redhat.com","published":"2026-06-23T21:16:54.350","lastModified":"2026-07-16T12:17:00.603","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A missing authorization vulnerability was found in the Event-Driven Ansible (EDA) websocket API. The /api/eda/ws/ansible-rulebook endpoint does not verify user permissions when processing Worker messages. Any authenticated user can send a forged message with an arbitrary activation_id to receive plaintext credentials associated with that activation, including OAuth tokens, vault passwords, and SSH keys."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.5 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"automation-eda-controller","cpes":["cpe:/a:redhat:ansible_automation_platform:2.5::el8","cpe:/a:redhat:ansible_automation_platform:2.5::el9"],"versions":[{"version":"0:1.1.19-1.el8ap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.5 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"automation-eda-controller","cpes":["cpe:/a:redhat:ansible_automation_platform:2.5::el8","cpe:/a:redhat:ansible_automation_platform:2.5::el9"],"versions":[{"version":"0:1.1.19-1.el9ap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.6 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"automation-eda-controller","cpes":["cpe:/a:redhat:ansible_automation_platform:2.6::el9"],"versions":[{"version":"0:1.2.9-2.el9ap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"ansible-automation-platform-25/eda-controller-rhel8","cpes":["cpe:/a:redhat:ansible_automation_platform:2.5::el8"],"versions":[{"version":"1781741251","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"ansible-automation-platform-26/eda-controller-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2.6::el9"],"versions":[{"version":"1781732675","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.7","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"ansible-automation-platform-27/eda-controller-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2.7::el9"],"versions":[{"version":"1781730525","lessThan":"*","versionType":"rpm","status":"unaffected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.5 for RHEL 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"automation-eda-controller","cpes":["cpe:/a:redhat:ansible_automation_platform:2.5::el8"],"versions":[{"version":"0:1.1.19-1.el8ap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.5 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"automation-eda-controller","cpes":["cpe:/a:redhat:ansible_automation_platform:2.5::el9"],"versions":[{"version":"0:1.1.19-1.el9ap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.6 for RHEL 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"automation-eda-controller","cpes":["cpe:/a:redhat:ansible_automation_platform:2.6::el9"],"versions":[{"version":"0:1.2.9-2.el9ap","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"ansible-automation-platform-25/eda-controller-rhel8","cpes":["cpe:/a:redhat:ansible_automation_platform:2.5::el8"],"versions":[{"version":"1781741251","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.6","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"ansible-automation-platform-26/eda-controller-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2.6::el9"],"versions":[{"version":"1781732675","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.7","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"ansible-automation-platform-27/eda-controller-rhel9","cpes":["cpe:/a:redhat:ansible_automation_platform:2.7::el9"],"versions":[{"version":"1781730525","lessThan":"*","versionType":"rpm","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":5.8},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":5.8}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T18:22:21.415124Z","id":"CVE-2026-11807","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:28376","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:28377","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:28440","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:28492","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:28497","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-11807","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2487036","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:28376","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:28377","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:28440","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:28492","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:28497","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-11807","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2487036","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-11807.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-12112","sourceIdentifier":"secalert@redhat.com","published":"2026-06-23T21:16:54.823","lastModified":"2026-07-16T12:17:00.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack active administrative sessions due to an improper cache of authenticated client connections, by trusting a non-secret session ID without re-validating authentication tokens and by logging all newly created session IDs to standard logs. This issue can result in privilege escalation and infrastructure-wide code execution."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Satellite 6.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"satellite/foreman-mcp-server-rhel9","cpes":["cpe:/a:redhat:satellite:6.18::el9"],"versions":[{"version":"1782228427","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Satellite 6.19","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"satellite/foreman-mcp-server-rhel9","cpes":["cpe:/a:redhat:satellite:6.19::el9"],"versions":[{"version":"1782228692","lessThan":"*","versionType":"rpm","status":"unaffected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Satellite 6.18","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"satellite/foreman-mcp-server-rhel9","cpes":["cpe:/a:redhat:satellite:6.18::el9"],"versions":[{"version":"1782228427","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Satellite 6.19","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"satellite/foreman-mcp-server-rhel9","cpes":["cpe:/a:redhat:satellite:6.19::el9"],"versions":[{"version":"1782228692","lessThan":"*","versionType":"rpm","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-25T12:46:05.913416Z","id":"CVE-2026-12112","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:satellite:6.19:*:*:*:*:*:*:*","matchCriteriaId":"BCFB23DD-F6A0-4CDB-98E8-E072C104ED4B"},{"vulnerable":true,"criteria":"cpe:2.3:a:theforeman:foreman:-:*:*:*:*:*:*:*","matchCriteriaId":"FD7E727C-BF9F-4A86-BCBE-1CE6E1108181"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:28405","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:28438","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/security/cve/CVE-2026-12112","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2488031","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:28405","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:28438","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/security/cve/CVE-2026-12112","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2488031","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-12112.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-53232","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:41.107","lastModified":"2026-07-16T12:18:07.027","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: clean the sfp upstream if phy probing fails\n\nSashiko reported that we don't call sfp_bus_del_upstream() in the probe\nfailure path, so let's add it, otherwise the sfp-bus is left with a\ndangling 'upstream' field, that may be used later on during SFP events.\n\nThis issue existed before the generic phylib sfp support, back when\ndrivers were calling phy_sfp_probe themselves."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/phy/phy_device.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"298e54fa810e027f1b0800d789eb862592721f08","lessThan":"12fb84dc4dc8eb47ebe2b27f7de6255a4a205e1b","versionType":"git","status":"affected"},{"version":"298e54fa810e027f1b0800d789eb862592721f08","lessThan":"9326b654f90a09eadeb796c82801a5609d57f0c8","versionType":"git","status":"affected"},{"version":"298e54fa810e027f1b0800d789eb862592721f08","lessThan":"3a254779c169954fe23328a1db51f67be374f913","versionType":"git","status":"affected"},{"version":"298e54fa810e027f1b0800d789eb862592721f08","lessThan":"0b27701ce93161d7bbf4b25fa20ca59963b0e20c","versionType":"git","status":"affected"},{"version":"298e54fa810e027f1b0800d789eb862592721f08","lessThan":"48774e87bbaa0056819d4b52301e4692e50e3252","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/phy/phy_device.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.5","status":"affected"},{"version":"0","lessThan":"5.5","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"7.1","matchCriteriaId":"6F0D8DAC-6E14-4C87-8E08-01985E0990CC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc7:*:*:*:*:*:*","matchCriteriaId":"1039E95A-8CC3-4C88-8FF9-5C08EEB861C9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0b27701ce93161d7bbf4b25fa20ca59963b0e20c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/12fb84dc4dc8eb47ebe2b27f7de6255a4a205e1b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/3a254779c169954fe23328a1db51f67be374f913","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/48774e87bbaa0056819d4b52301e4692e50e3252","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9326b654f90a09eadeb796c82801a5609d57f0c8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-48618","sourceIdentifier":"support@hackerone.com","published":"2026-06-26T02:16:52.397","lastModified":"2026-07-16T12:18:02.600","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat.\r\n\r\nThis can lead to confidentiality impact or bypass of the intended security boundary under affected configurations.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**."}],"affected":[{"source":"support@hackerone.com","affectedData":[{"vendor":"nodejs","product":"node","defaultStatus":"unaffected","versions":[{"version":"22.22.3","lessThanOrEqual":"22.22.3","versionType":"semver","status":"affected"},{"version":"24.16.0","lessThanOrEqual":"24.16.0","versionType":"semver","status":"affected"},{"version":"26.3.0","lessThanOrEqual":"26.3.0","versionType":"semver","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs24","cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"versions":[{"version":"1:24.18.0-1.el10_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs22","cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"versions":[{"version":"1:22.23.1-2.el10_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10.0 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs22","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"],"versions":[{"version":"1:22.23.1-2.el10_0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs:24","cpes":["cpe:/a:redhat:enterprise_linux:8"],"versions":[{"version":"8100020260630152626.6d880403","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs:24","cpes":["cpe:/a:redhat:enterprise_linux:9"],"versions":[{"version":"9080020260626074955.rhel9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs:22","cpes":["cpe:/a:redhat:enterprise_linux:9"],"versions":[{"version":"9080020260626075442.rhel9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs22-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"22.23.1-1.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs24-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"24.18.0-0.1.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs26-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"26.4.0-1.2.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs25-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"25.9.0-1.1.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs20-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"20.20.2-1.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs:22/nodejs","cpes":["cpe:/o:redhat:enterprise_linux:8"]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}],"cvssMetricV30":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T15:10:27.583362Z","id":"CVE-2026-48618","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-176"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-289"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:node.js:22.22.3:*:*:*:-:*:*:*","matchCriteriaId":"3C0C5080-5F99-4651-9855-2DE03C9070C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:node.js:24.16.0:*:*:*:-:*:*:*","matchCriteriaId":"3B912C84-1AA5-4D74-AB1A-64162C80A33B"},{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:node.js:26.3.0:*:*:*:-:*:*:*","matchCriteriaId":"8152ACE6-3CAF-4CA0-8B19-D4753811EB44"}]}]}],"references":[{"url":"https://nodejs.org/en/blog/vulnerability/june-2026-security-releases","source":"support@hackerone.com","tags":["Patch","Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:28727","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:29012","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:30172","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35841","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35842","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35891","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35892","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:39246","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:39868","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:7378","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:9455","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-48618","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2493337","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-48618.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-48933","sourceIdentifier":"support@hackerone.com","published":"2026-06-26T02:16:52.833","lastModified":"2026-07-16T12:18:03.690","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw in Node.js WebCrypto implementation can crash the process if the input of `subtle.encrypt()` is a multiple of 2GiB.\r\n\r\nThis vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**."}],"affected":[{"source":"support@hackerone.com","affectedData":[{"vendor":"nodejs","product":"node","defaultStatus":"unaffected","versions":[{"version":"22.22.3","lessThanOrEqual":"22.22.3","versionType":"semver","status":"affected"},{"version":"24.16.0","lessThanOrEqual":"24.16.0","versionType":"semver","status":"affected"},{"version":"26.3.0","lessThanOrEqual":"26.3.0","versionType":"semver","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs24","cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"versions":[{"version":"1:24.18.0-1.el10_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs22","cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"versions":[{"version":"1:22.23.1-2.el10_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10.0 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs22","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"],"versions":[{"version":"1:22.23.1-2.el10_0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs:24","cpes":["cpe:/a:redhat:enterprise_linux:8"],"versions":[{"version":"8100020260630152626.6d880403","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs:24","cpes":["cpe:/a:redhat:enterprise_linux:9"],"versions":[{"version":"9080020260626074955.rhel9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs:22","cpes":["cpe:/a:redhat:enterprise_linux:9"],"versions":[{"version":"9080020260626075442.rhel9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs22-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"22.23.1-1.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs24-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"24.18.0-0.1.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs26-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"26.4.0-1.2.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs25-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"25.9.0-1.1.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs20-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"20.20.2-1.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"nodejs:22/nodejs","cpes":["cpe:/o:redhat:enterprise_linux:8"]}]}],"metrics":{"cvssMetricV31":[{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV30":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T15:05:58.547904Z","id":"CVE-2026-48933","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:node.js:22.22.3:*:*:*:-:*:*:*","matchCriteriaId":"3C0C5080-5F99-4651-9855-2DE03C9070C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:node.js:24.16.0:*:*:*:-:*:*:*","matchCriteriaId":"3B912C84-1AA5-4D74-AB1A-64162C80A33B"},{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:node.js:26.3.0:*:*:*:-:*:*:*","matchCriteriaId":"8152ACE6-3CAF-4CA0-8B19-D4753811EB44"}]}]}],"references":[{"url":"https://nodejs.org/en/blog/vulnerability/june-2026-security-releases","source":"support@hackerone.com","tags":["Patch","Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:28727","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:29012","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:30172","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35841","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35842","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35891","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35892","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:39246","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:39868","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:7378","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:9455","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-48933","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2493331","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-48933.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-14544","sourceIdentifier":"secalert@redhat.com","published":"2026-07-03T08:16:24.433","lastModified":"2026-07-16T12:17:02.597","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in HPLIP (HP Linux Imaging and Printing Software). This vulnerability, an incomplete fix for CVE-2026-8631, may allow a remote attacker to escalate privileges or achieve arbitrary code execution. This can occur through an integer overflow in the hpcups processing path when handling specially crafted print data."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"hplip","cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"versions":[{"version":"0:3.23.12-10.el10_2.5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"hplip","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream"],"versions":[{"version":"0:3.18.4-14.el8_10","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"hplip","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"],"versions":[{"version":"0:3.21.2-6.el9_8.5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"hplip","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"hplip","cpes":["cpe:/o:redhat:enterprise_linux:7"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-09T00:00:00+00:00","id":"CVE-2026-14544","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:39976","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:40831","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:40894","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-14544","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2496772","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-58384","sourceIdentifier":"secalert@redhat.com","published":"2026-07-07T09:16:30.003","lastModified":"2026-07-16T14:16:55.733","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in GIMP's PSD parser. An integer overflow in read_RLE_channel() can cause an undersized heap allocation for the RLE row-length table, after which subsequent per-row writes corrupt heap memory. This could lead to memory corruption, potentially resulting in denial of service or arbitrary code execution."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"],"versions":[{"version":"2:3.0.4-4.el9_8.7","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gimp:2.8/gimp","cpes":["cpe:/o:redhat:enterprise_linux:8"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:30:05.659315Z","id":"CVE-2026-58384","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gimp:gimp:3.2.4:*:*:*:*:*:*:*","matchCriteriaId":"6F076B19-3582-4EC8-9625-D2E716652890"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:40751","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-58384","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2497431","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://gitlab.gnome.org/GNOME/gimp/-/commit/da29e217","source":"secalert@redhat.com","tags":["Broken Link"]},{"url":"https://gitlab.gnome.org/GNOME/gimp/-/issues/16216","source":"secalert@redhat.com","tags":["Exploit","Issue Tracking","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-31309","sourceIdentifier":"cve@mitre.org","published":"2026-07-08T22:17:13.840","lastModified":"2026-07-16T13:16:30.707","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper authorization in the /tequilapi/config/user endpoint of Mysterium Node from v1.21.1-rc0 before v1.36.0 allows an unauthenticated attacker to arbitrarily overwrite the node's configuration and achieve a full node takeover via a crafted POST request."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T12:21:33.505406Z","id":"CVE-2026-31309","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/mysteriumnetwork/node/","source":"cve@mitre.org"},{"url":"https://github.com/mysteriumnetwork/node/commit/bc099fcaff59fee9c8a8f8e07ffff5b3c5df2bb9","source":"cve@mitre.org"},{"url":"https://github.com/sch8ill/CVE-2026-31309","source":"cve@mitre.org"},{"url":"https://github.com/sch8ill/CVE-2026-31309","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-0278","sourceIdentifier":"psirt@paloaltonetworks.com","published":"2026-07-09T20:16:24.983","lastModified":"2026-07-16T14:17:04.030","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention (DLP) component for Windows allow a local user to bypass DLP policy enforcement controls.\n\n\n\nThe Prisma Access Agent on macOS is not affected."}],"affected":[{"source":"psirt@paloaltonetworks.com","affectedData":[{"vendor":"Palo Alto Networks","product":"Prisma Access Agent","defaultStatus":"unaffected","platforms":["Windows"],"versions":[{"version":"24.0","lessThan":"26.2.1","versionType":"custom","status":"affected","changes":[{"at":"26.2.1","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Prisma Access Agent","defaultStatus":"unaffected","platforms":["macOS"],"versions":[{"version":"All","versionType":"custom","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:C/RE:H/U:Amber","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"AUTOMATIC","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"HIGH","providerUrgency":"AMBER"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T00:00:00+00:00","id":"CVE-2026-0278","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-693"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:paloaltonetworks:prisma_access_agent:*:*:*:*:*:*:*:*","versionEndExcluding":"26.2.1","matchCriteriaId":"55CDB450-F60C-4E24-9580-6E9B787B1FB1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2026-0278","source":"psirt@paloaltonetworks.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54063","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T17:16:58.440","lastModified":"2026-07-16T14:11:27.260","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the checkSheet() function in github.com/xuri/excelize/v2 uses an attacker-controlled <row r=\"N\"> XML attribute value directly as the length argument to make([]xlsxRow, row) without validating it against the Excel row limit (TotalRows = 1,048,576). A specially crafted XLSX file can trigger two denial-of-service variants: (A) an out-of-memory process kill when r=2147483647 forces a ~16 GB allocation attempt, and (B) a runtime panic via out-of-bounds slice indexing when r=-1. Any service that opens attacker-supplied XLSX files and calls GetCellValue is affected. No authentication is required. This issue is fixed in version 2.11.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"qax-os","product":"excelize","versions":[{"version":"< 2.11.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T18:39:45.896640Z","id":"CVE-2026-54063","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:excelize:excelize:*:*:*:*:*:go:*:*","versionEndExcluding":"2.11.0","matchCriteriaId":"3109CFB1-75AF-4979-A10A-21F859C5D249"}]}]}],"references":[{"url":"https://github.com/qax-os/excelize/releases/tag/v2.11.0","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/qax-os/excelize/security/advisories/GHSA-h69g-9hx6-f3v4","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/qax-os/excelize/security/advisories/GHSA-h69g-9hx6-f3v4","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-59161","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T17:17:02.250","lastModified":"2026-07-16T14:10:24.880","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the streaming worksheet reader used by Rows and GetRows does not enforce the TotalRows limit on the row r attribute, allowing a small XLSX file with a row number above 1048576 and no cell coordinate to make GetRows append empty rows up to the attacker-controlled index and consume excessive memory and CPU. This issue is fixed in version 2.11.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"qax-os","product":"excelize","versions":[{"version":"< 2.11.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-14T01:54:56.568240Z","id":"CVE-2026-59161","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"},{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:excelize:excelize:*:*:*:*:*:go:*:*","versionEndExcluding":"2.11.0","matchCriteriaId":"3109CFB1-75AF-4979-A10A-21F859C5D249"}]}]}],"references":[{"url":"https://github.com/qax-os/excelize/commit/93f0b3caed37f21ef5079e3259c6c21dcfe68453","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/qax-os/excelize/pull/2331","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/qax-os/excelize/releases/tag/v2.11.0","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/qax-os/excelize/security/advisories/GHSA-q5j5-6p94-4gwc","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/qax-os/excelize/security/advisories/GHSA-q5j5-6p94-4gwc","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-59162","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T17:17:02.377","lastModified":"2026-07-16T13:44:56.260","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, Excelize parses shared-string cell values with strconv.Atoi and checks only the upper bound before indexing the shared string slice, allowing an XLSX file containing a shared-string cell with -1 to trigger sharedStrings[-1] and panic when read through GetCellValue or GetRows. This issue is fixed in version 2.11.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"qax-os","product":"excelize","versions":[{"version":"< 2.11.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T18:40:21.218933Z","id":"CVE-2026-59162","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-248"},{"lang":"en","value":"CWE-755"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:excelize:excelize:*:*:*:*:*:go:*:*","versionEndExcluding":"2.11.0","matchCriteriaId":"3109CFB1-75AF-4979-A10A-21F859C5D249"}]}]}],"references":[{"url":"https://github.com/qax-os/excelize/commit/93f0b3caed37f21ef5079e3259c6c21dcfe68453","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/qax-os/excelize/pull/2331","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/qax-os/excelize/releases/tag/v2.11.0","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/qax-os/excelize/security/advisories/GHSA-fx5j-qcqg-grpf","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/qax-os/excelize/security/advisories/GHSA-fx5j-qcqg-grpf","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-53448","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T19:17:23.930","lastModified":"2026-07-16T13:35:10.613","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.12.0, the coturn HTTPS admin panel passes HTTP query parameters directly into SQL queries via snprintf string interpolation without sanitization. The is_secure_string filter that protects the STUN protocol path is not applied to the admin panel's delete-user, delete-secret, and delete-IP operations, so an authenticated admin can inject arbitrary SQL through the du, ds, and dip parameters, gaining full database control and potentially OS-level access via PostgreSQL COPY TO PROGRAM. This issue is fixed in version 4.12.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coturn","product":"coturn","versions":[{"version":"< 4.12.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-14T00:00:00+00:00","id":"CVE-2026-53448","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:coturn_project:coturn:*:*:*:*:*:*:*:*","versionEndExcluding":"4.12.0","matchCriteriaId":"C93A46B0-5ABC-4E88-A9A7-AEF1B2606751"}]}]}],"references":[{"url":"https://github.com/coturn/coturn/commit/b84dbab1d1aa6e2bf0211a1cdbb250d6de2a0d09","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/coturn/coturn/pull/1924","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/coturn/coturn/releases/tag/4.12.0","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coturn/coturn/security/advisories/GHSA-v8hj-2xx7-xmp5","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/coturn/coturn/security/advisories/GHSA-v8hj-2xx7-xmp5","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-53449","sourceIdentifier":"security-advisories@github.com","published":"2026-07-10T19:17:24.073","lastModified":"2026-07-16T13:30:39.483","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, the psd print sessions dump CLI command in coturn takes a filename argument and directly passes it to fopen with no path validation. An authenticated admin with CLI access can overwrite arbitrary files writable by the coturn process because the command string is used as-is after stripping the psd prefix and leading spaces, allowing truncation and overwrite with session dump data. This issue is fixed in version 4.13.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coturn","product":"coturn","versions":[{"version":"< 4.13.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:23:37.703271Z","id":"CVE-2026-53449","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-73"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:coturn_project:coturn:*:*:*:*:*:*:*:*","versionEndExcluding":"4.13.0","matchCriteriaId":"FD1C31C5-9686-46F0-81FF-3441C00D22DE"}]}]}],"references":[{"url":"https://github.com/coturn/coturn/commit/e72930f571beba3bc7a9f97661af2614aae92a55","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/coturn/coturn/releases/tag/4.13.0","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coturn/coturn/security/advisories/GHSA-jj76-vwjw-w34r","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/coturn/coturn/security/advisories/GHSA-jj76-vwjw-w34r","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-15474","sourceIdentifier":"cna@vuldb.com","published":"2026-07-12T03:16:10.700","lastModified":"2026-07-16T13:16:28.720","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A security flaw has been discovered in Eleveo Call Recording Software 9.7.0. Impacted is an unknown function of the file /callrec/audio.jsp of the component Call Recording Handler. The manipulation of the argument callId results in improper authorization. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"Eleveo","product":"Call Recording Software","cpes":["cpe:2.3:a:eleveo:call_recording_software:*:*:*:*:*:*:*:*"],"modules":["Call Recording Handler"],"versions":[{"version":"9.7.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-13T18:05:30.196637Z","id":"CVE-2026-15474","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"},{"lang":"en","value":"CWE-285"}]}],"references":[{"url":"https://github.com/omarelshopky/cves/tree/main/eleveo/call-recording-software/CVE-2026-15474","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15474","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/797469","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377779","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/377779/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-3014","sourceIdentifier":"cf45122d-9d50-442a-9b23-e05cde9943d8","published":"2026-07-14T10:16:32.917","lastModified":"2026-07-16T13:16:31.513","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Milestone\nhas released a new version of XProtect® (and several cumulative patch updates)\nwhich fix security vulnerability in Management Server API.\n\n\n\nThe vulnerability\ncauses users with edit permissions to the Management Server to be able to\nexecute arbitrary code in context of the Management Server Service."}],"affected":[{"source":"cf45122d-9d50-442a-9b23-e05cde9943d8","affectedData":[{"vendor":"Milestone Systems","product":"XProtect Management Server","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"25.3","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cf45122d-9d50-442a-9b23-e05cde9943d8","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cf45122d-9d50-442a-9b23-e05cde9943d8","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-14T12:08:38.312691Z","id":"CVE-2026-3014","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cf45122d-9d50-442a-9b23-e05cde9943d8","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://doc.milestonesys.com/en-US/bundle/sec1504_latest/page/milestone_security_advisory_CVE-2026-3014_potential_remote_code_execution_by_admin_user_on_Management_Server.html","source":"cf45122d-9d50-442a-9b23-e05cde9943d8"},{"url":"https://support.milestonesys.com/article/CVE-2026-3014-potential-remote-code-execution-by-admin-user-on-Management-Server","source":"cf45122d-9d50-442a-9b23-e05cde9943d8"}]}},{"cve":{"id":"CVE-2026-50333","sourceIdentifier":"secure@microsoft.com","published":"2026-07-14T17:16:59.860","lastModified":"2026-07-16T14:08:32.483","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Missing authentication for critical function in Windows Spaceport.sys allows an authorized attacker to elevate privileges locally."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Windows 10 Version 1607","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"10.0.14393.0","lessThan":"10.0.14393.9339","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 1809","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 21H2","platforms":["32-bit Systems","ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.19044.0","lessThan":"10.0.19044.7548","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 22H2","platforms":["32-bit Systems","ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.19045.0","lessThan":"10.0.19045.7548","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 24H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 25H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26200.0","lessThan":"10.0.26200.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 version 26H1","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.28000.0","lessThan":"10.0.28000.2269","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2016","platforms":["x64-based Systems"],"versions":[{"version":"10.0.14393.0","lessThan":"10.0.14393.9339","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2016 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.14393.0","lessThan":"10.0.14393.9339","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2019","platforms":["x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2019 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2022","platforms":["x64-based Systems"],"versions":[{"version":"10.0.20348.0","lessThan":"10.0.20348.5386","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-14T17:25:57.930526Z","id":"CVE-2026-50333","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.14393.9339","matchCriteriaId":"1A8DB50E-7571-4925-A293-CAB93ECD0EBF"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.14393.9339","matchCriteriaId":"A9DC4EC9-4E72-4CBC-BA0B-39CCC45DB8CE"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.17763.9020","matchCriteriaId":"643F21D8-3A5B-477D-AFFC-2451DDC472CC"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.17763.9020","matchCriteriaId":"A68E51D8-C76C-4C9E-9CBD-C7D4D4BCDFAA"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.19044.7548","matchCriteriaId":"038B4A9C-95B9-440A-83A2-AF10BC24590C"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.19044.7548","matchCriteriaId":"FCA35115-58F4-4015-9CA2-C33F45605AA6"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.19044.7548","matchCriteriaId":"02C2F9D5-439A-45D2-98EB-08DB85673712"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.19045.7548","matchCriteriaId":"80F87C10-5D02-4EC9-B1A4-8FD7F6CFE758"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.19045.7548","matchCriteriaId":"048B08D3-1959-47C0-A592-FCF0DCCD65A4"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.19045.7548","matchCriteriaId":"A41562FD-04BC-4FC3-B847-D87D164A9C15"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.26100.8875","matchCriteriaId":"6D55C01A-5908-4CFC-BEB6-BBF3B6F0C5AF"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26100.8875","matchCriteriaId":"740B730D-AEC5-4735-A122-B1CF8B3C364C"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.26200.8875","matchCriteriaId":"E26E96B6-1469-46AE-9CB5-AB7A0372C398"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26200.8875","matchCriteriaId":"DDBCA9E4-7BFB-423A-B7A7-9CBF5625053D"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.28000.2269","matchCriteriaId":"8967AF79-CAD0-4F87-85A5-95D031C9FEFA"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.28000.2525","matchCriteriaId":"8E90830B-0BD1-4D01-9C7D-0F0E1828A0F5"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.14393.9339","matchCriteriaId":"34D1270A-7D50-46CC-87EE-0A4E25F9C800"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.17763.9020","matchCriteriaId":"D0E1AB94-0B38-4BB7-94EB-988EA266D6D5"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.20348.5386","matchCriteriaId":"9E9A0C18-3AD2-4E59-97AF-A2343E466929"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.26100.33158","matchCriteriaId":"22BE2FE9-37B9-4FF2-B43A-60A3518E0F08"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50333","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-50342","sourceIdentifier":"secure@microsoft.com","published":"2026-07-14T17:17:00.140","lastModified":"2026-07-16T14:05:11.077","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper access control in Windows MIDI Service Module allows an authorized attacker to elevate privileges locally."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Windows 11 Version 24H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 25H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26200.0","lessThan":"10.0.26100.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 version 26H1","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.28000.0","lessThan":"10.0.28000.2269","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-15T16:19:20.374291Z","id":"CVE-2026-50342","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.26100.8875","matchCriteriaId":"6D55C01A-5908-4CFC-BEB6-BBF3B6F0C5AF"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26100.8875","matchCriteriaId":"740B730D-AEC5-4735-A122-B1CF8B3C364C"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.26200.8875","matchCriteriaId":"E26E96B6-1469-46AE-9CB5-AB7A0372C398"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26200.8875","matchCriteriaId":"DDBCA9E4-7BFB-423A-B7A7-9CBF5625053D"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.28000.2269","matchCriteriaId":"8967AF79-CAD0-4F87-85A5-95D031C9FEFA"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.28000.2525","matchCriteriaId":"8E90830B-0BD1-4D01-9C7D-0F0E1828A0F5"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50342","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-50350","sourceIdentifier":"secure@microsoft.com","published":"2026-07-14T17:17:00.260","lastModified":"2026-07-16T14:03:08.810","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Exposure of sensitive information to an unauthorized actor in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Windows 10 Version 21H2","platforms":["32-bit Systems","ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.19044.0","lessThan":"10.0.19044.7548","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 22H2","platforms":["32-bit Systems","ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.19045.0","lessThan":"10.0.19045.7548","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 24H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 25H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26200.0","lessThan":"10.0.26200.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 version 26H1","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.28000.0","lessThan":"10.0.28000.2269","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-15T14:12:55.880744Z","id":"CVE-2026-50350","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.19044.7548","matchCriteriaId":"038B4A9C-95B9-440A-83A2-AF10BC24590C"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.19044.7548","matchCriteriaId":"FCA35115-58F4-4015-9CA2-C33F45605AA6"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.19044.7548","matchCriteriaId":"02C2F9D5-439A-45D2-98EB-08DB85673712"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.19045.7548","matchCriteriaId":"80F87C10-5D02-4EC9-B1A4-8FD7F6CFE758"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.19045.7548","matchCriteriaId":"048B08D3-1959-47C0-A592-FCF0DCCD65A4"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.19045.7548","matchCriteriaId":"A41562FD-04BC-4FC3-B847-D87D164A9C15"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.26100.8875","matchCriteriaId":"6D55C01A-5908-4CFC-BEB6-BBF3B6F0C5AF"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26100.8875","matchCriteriaId":"740B730D-AEC5-4735-A122-B1CF8B3C364C"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.26200.8875","matchCriteriaId":"E26E96B6-1469-46AE-9CB5-AB7A0372C398"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26200.8875","matchCriteriaId":"DDBCA9E4-7BFB-423A-B7A7-9CBF5625053D"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.28000.2269","matchCriteriaId":"8967AF79-CAD0-4F87-85A5-95D031C9FEFA"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.28000.2525","matchCriteriaId":"8E90830B-0BD1-4D01-9C7D-0F0E1828A0F5"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.26100.33158","matchCriteriaId":"22BE2FE9-37B9-4FF2-B43A-60A3518E0F08"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50350","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-50354","sourceIdentifier":"secure@microsoft.com","published":"2026-07-14T17:17:00.563","lastModified":"2026-07-16T13:50:36.357","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Windows 10 Version 1607","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"10.0.14393.0","lessThan":"10.0.14393.9339","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 1809","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 21H2","platforms":["32-bit Systems","ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.19044.0","lessThan":"10.0.19044.7548","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 22H2","platforms":["32-bit Systems","ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.19045.0","lessThan":"10.0.19045.7548","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 24H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 25H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26200.0","lessThan":"10.0.26200.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 version 26H1","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.28000.0","lessThan":"10.0.28000.2269","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2016","platforms":["x64-based Systems"],"versions":[{"version":"10.0.14393.0","lessThan":"10.0.14393.9339","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2016 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.14393.0","lessThan":"10.0.14393.9339","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2019","platforms":["x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2019 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2022","platforms":["x64-based Systems"],"versions":[{"version":"10.0.20348.0","lessThan":"10.0.20348.5386","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T00:00:00+00:00","id":"CVE-2026-50354","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.14393.9339","matchCriteriaId":"1A8DB50E-7571-4925-A293-CAB93ECD0EBF"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.14393.9339","matchCriteriaId":"A9DC4EC9-4E72-4CBC-BA0B-39CCC45DB8CE"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.17763.9020","matchCriteriaId":"643F21D8-3A5B-477D-AFFC-2451DDC472CC"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.17763.9020","matchCriteriaId":"A68E51D8-C76C-4C9E-9CBD-C7D4D4BCDFAA"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.19044.7548","matchCriteriaId":"038B4A9C-95B9-440A-83A2-AF10BC24590C"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.19044.7548","matchCriteriaId":"FCA35115-58F4-4015-9CA2-C33F45605AA6"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.19044.7548","matchCriteriaId":"02C2F9D5-439A-45D2-98EB-08DB85673712"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.19045.7548","matchCriteriaId":"80F87C10-5D02-4EC9-B1A4-8FD7F6CFE758"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.19045.7548","matchCriteriaId":"048B08D3-1959-47C0-A592-FCF0DCCD65A4"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.19045.7548","matchCriteriaId":"A41562FD-04BC-4FC3-B847-D87D164A9C15"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.26100.8875","matchCriteriaId":"6D55C01A-5908-4CFC-BEB6-BBF3B6F0C5AF"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26100.8875","matchCriteriaId":"740B730D-AEC5-4735-A122-B1CF8B3C364C"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.26200.8875","matchCriteriaId":"E26E96B6-1469-46AE-9CB5-AB7A0372C398"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26200.8875","matchCriteriaId":"DDBCA9E4-7BFB-423A-B7A7-9CBF5625053D"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.28000.2269","matchCriteriaId":"8967AF79-CAD0-4F87-85A5-95D031C9FEFA"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.28000.2525","matchCriteriaId":"8E90830B-0BD1-4D01-9C7D-0F0E1828A0F5"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.14393.9339","matchCriteriaId":"34D1270A-7D50-46CC-87EE-0A4E25F9C800"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.17763.9020","matchCriteriaId":"D0E1AB94-0B38-4BB7-94EB-988EA266D6D5"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.20348.5386","matchCriteriaId":"9E9A0C18-3AD2-4E59-97AF-A2343E466929"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.26100.33158","matchCriteriaId":"22BE2FE9-37B9-4FF2-B43A-60A3518E0F08"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50354","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-50356","sourceIdentifier":"secure@microsoft.com","published":"2026-07-14T17:17:00.717","lastModified":"2026-07-16T13:48:00.750","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Windows App Store allows an authorized attacker to elevate privileges locally."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Windows 10 Version 1607","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"10.0.14393.0","lessThan":"10.0.14393.9339","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 1809","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 21H2","platforms":["32-bit Systems","ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.19044.0","lessThan":"10.0.19044.7548","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 22H2","platforms":["32-bit Systems","ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.19045.0","lessThan":"10.0.19045.7548","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 24H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 25H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26200.0","lessThan":"10.0.26200.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 version 26H1","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.28000.0","lessThan":"10.0.28000.2269","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2016","platforms":["x64-based Systems"],"versions":[{"version":"10.0.14393.0","lessThan":"10.0.14393.9339","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2016 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.14393.0","lessThan":"10.0.14393.9339","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2019","platforms":["x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2019 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2022","platforms":["x64-based Systems"],"versions":[{"version":"10.0.20348.0","lessThan":"10.0.20348.5386","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-14T17:16:17.414680Z","id":"CVE-2026-50356","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-362"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.14393.9339","matchCriteriaId":"1A8DB50E-7571-4925-A293-CAB93ECD0EBF"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.14393.9339","matchCriteriaId":"A9DC4EC9-4E72-4CBC-BA0B-39CCC45DB8CE"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.17763.9020","matchCriteriaId":"643F21D8-3A5B-477D-AFFC-2451DDC472CC"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.17763.9020","matchCriteriaId":"A68E51D8-C76C-4C9E-9CBD-C7D4D4BCDFAA"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.19044.7548","matchCriteriaId":"038B4A9C-95B9-440A-83A2-AF10BC24590C"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.19044.7548","matchCriteriaId":"FCA35115-58F4-4015-9CA2-C33F45605AA6"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.19044.7548","matchCriteriaId":"02C2F9D5-439A-45D2-98EB-08DB85673712"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.19045.7548","matchCriteriaId":"80F87C10-5D02-4EC9-B1A4-8FD7F6CFE758"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.19045.7548","matchCriteriaId":"048B08D3-1959-47C0-A592-FCF0DCCD65A4"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.19045.7548","matchCriteriaId":"A41562FD-04BC-4FC3-B847-D87D164A9C15"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.26100.8875","matchCriteriaId":"6D55C01A-5908-4CFC-BEB6-BBF3B6F0C5AF"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26100.8875","matchCriteriaId":"740B730D-AEC5-4735-A122-B1CF8B3C364C"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.26200.8875","matchCriteriaId":"E26E96B6-1469-46AE-9CB5-AB7A0372C398"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26200.8875","matchCriteriaId":"DDBCA9E4-7BFB-423A-B7A7-9CBF5625053D"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.28000.2269","matchCriteriaId":"8967AF79-CAD0-4F87-85A5-95D031C9FEFA"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.28000.2525","matchCriteriaId":"8E90830B-0BD1-4D01-9C7D-0F0E1828A0F5"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.14393.9339","matchCriteriaId":"34D1270A-7D50-46CC-87EE-0A4E25F9C800"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.17763.9020","matchCriteriaId":"D0E1AB94-0B38-4BB7-94EB-988EA266D6D5"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.20348.5386","matchCriteriaId":"9E9A0C18-3AD2-4E59-97AF-A2343E466929"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.26100.33158","matchCriteriaId":"22BE2FE9-37B9-4FF2-B43A-60A3518E0F08"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50356","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-50364","sourceIdentifier":"secure@microsoft.com","published":"2026-07-14T17:17:00.897","lastModified":"2026-07-16T13:46:32.370","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper link resolution before file access ('link following') in Windows Server Backup allows an authorized attacker to elevate privileges locally."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Windows 10 Version 21H2","platforms":["32-bit Systems","ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.19044.0","lessThan":"10.0.19044.7548","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 22H2","platforms":["32-bit Systems","ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.19045.0","lessThan":"10.0.19045.7548","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 24H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 25H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26200.0","lessThan":"10.0.26200.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 version 26H1","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.28000.0","lessThan":"10.0.28000.2269","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-15T00:00:00+00:00","id":"CVE-2026-50364","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-59"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.19044.7548","matchCriteriaId":"038B4A9C-95B9-440A-83A2-AF10BC24590C"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.19044.7548","matchCriteriaId":"FCA35115-58F4-4015-9CA2-C33F45605AA6"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.19044.7548","matchCriteriaId":"02C2F9D5-439A-45D2-98EB-08DB85673712"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.19045.7548","matchCriteriaId":"80F87C10-5D02-4EC9-B1A4-8FD7F6CFE758"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.19045.7548","matchCriteriaId":"048B08D3-1959-47C0-A592-FCF0DCCD65A4"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.19045.7548","matchCriteriaId":"A41562FD-04BC-4FC3-B847-D87D164A9C15"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.26100.8875","matchCriteriaId":"6D55C01A-5908-4CFC-BEB6-BBF3B6F0C5AF"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26100.8875","matchCriteriaId":"740B730D-AEC5-4735-A122-B1CF8B3C364C"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.26200.8875","matchCriteriaId":"E26E96B6-1469-46AE-9CB5-AB7A0372C398"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26200.8875","matchCriteriaId":"DDBCA9E4-7BFB-423A-B7A7-9CBF5625053D"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.28000.2269","matchCriteriaId":"8967AF79-CAD0-4F87-85A5-95D031C9FEFA"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.28000.2525","matchCriteriaId":"8E90830B-0BD1-4D01-9C7D-0F0E1828A0F5"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50364","source":"secure@microsoft.com","tags":["Vendor Advisory","Patch"]}]}},{"cve":{"id":"CVE-2026-50381","sourceIdentifier":"secure@microsoft.com","published":"2026-07-14T17:17:01.027","lastModified":"2026-07-16T13:45:02.280","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Access of resource using incompatible type ('type confusion') in Composite Image File System Driver allows an authorized attacker to disclose information locally."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Windows 10 Version 21H2","platforms":["32-bit Systems","ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.19044.0","lessThan":"10.0.19044.7548","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 22H2","platforms":["32-bit Systems","ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.19045.0","lessThan":"10.0.19045.7548","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 24H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 25H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26200.0","lessThan":"10.0.26200.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 version 26H1","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.28000.0","lessThan":"10.0.28000.2269","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2022","platforms":["x64-based Systems"],"versions":[{"version":"10.0.20348.0","lessThan":"10.0.20348.5386","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-15T16:23:45.392594Z","id":"CVE-2026-50381","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-843"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.19044.7548","matchCriteriaId":"038B4A9C-95B9-440A-83A2-AF10BC24590C"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.19044.7548","matchCriteriaId":"FCA35115-58F4-4015-9CA2-C33F45605AA6"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.19044.7548","matchCriteriaId":"02C2F9D5-439A-45D2-98EB-08DB85673712"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.19045.7548","matchCriteriaId":"80F87C10-5D02-4EC9-B1A4-8FD7F6CFE758"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.19045.7548","matchCriteriaId":"048B08D3-1959-47C0-A592-FCF0DCCD65A4"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.19045.7548","matchCriteriaId":"A41562FD-04BC-4FC3-B847-D87D164A9C15"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.26100.8875","matchCriteriaId":"6D55C01A-5908-4CFC-BEB6-BBF3B6F0C5AF"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26100.8875","matchCriteriaId":"740B730D-AEC5-4735-A122-B1CF8B3C364C"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.26200.8875","matchCriteriaId":"E26E96B6-1469-46AE-9CB5-AB7A0372C398"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26200.8875","matchCriteriaId":"DDBCA9E4-7BFB-423A-B7A7-9CBF5625053D"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.28000.2269","matchCriteriaId":"8967AF79-CAD0-4F87-85A5-95D031C9FEFA"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.28000.2525","matchCriteriaId":"8E90830B-0BD1-4D01-9C7D-0F0E1828A0F5"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.20348.5386","matchCriteriaId":"9E9A0C18-3AD2-4E59-97AF-A2343E466929"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.26100.33158","matchCriteriaId":"22BE2FE9-37B9-4FF2-B43A-60A3518E0F08"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50381","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-50384","sourceIdentifier":"secure@microsoft.com","published":"2026-07-14T17:17:01.160","lastModified":"2026-07-16T13:43:46.893","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Clip Service allows an authorized attacker to elevate privileges locally."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Windows 10 Version 1809","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 21H2","platforms":["32-bit Systems","ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.19044.0","lessThan":"10.0.19044.7548","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 22H2","platforms":["32-bit Systems","ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.19045.0","lessThan":"10.0.19045.7548","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 24H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 25H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26200.0","lessThan":"10.0.26200.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 version 26H1","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.28000.0","lessThan":"10.0.28000.2269","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2019","platforms":["x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2019 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2022","platforms":["x64-based Systems"],"versions":[{"version":"10.0.20348.0","lessThan":"10.0.20348.5386","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-15T00:00:00+00:00","id":"CVE-2026-50384","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-362"},{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.17763.9020","matchCriteriaId":"643F21D8-3A5B-477D-AFFC-2451DDC472CC"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.17763.9020","matchCriteriaId":"A68E51D8-C76C-4C9E-9CBD-C7D4D4BCDFAA"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.19044.7548","matchCriteriaId":"038B4A9C-95B9-440A-83A2-AF10BC24590C"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.19044.7548","matchCriteriaId":"FCA35115-58F4-4015-9CA2-C33F45605AA6"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.19044.7548","matchCriteriaId":"02C2F9D5-439A-45D2-98EB-08DB85673712"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.19045.7548","matchCriteriaId":"80F87C10-5D02-4EC9-B1A4-8FD7F6CFE758"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.19045.7548","matchCriteriaId":"048B08D3-1959-47C0-A592-FCF0DCCD65A4"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.19045.7548","matchCriteriaId":"A41562FD-04BC-4FC3-B847-D87D164A9C15"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.26100.8875","matchCriteriaId":"6D55C01A-5908-4CFC-BEB6-BBF3B6F0C5AF"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26100.8875","matchCriteriaId":"740B730D-AEC5-4735-A122-B1CF8B3C364C"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.26200.8875","matchCriteriaId":"E26E96B6-1469-46AE-9CB5-AB7A0372C398"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26200.8875","matchCriteriaId":"DDBCA9E4-7BFB-423A-B7A7-9CBF5625053D"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.28000.2269","matchCriteriaId":"8967AF79-CAD0-4F87-85A5-95D031C9FEFA"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.28000.2525","matchCriteriaId":"8E90830B-0BD1-4D01-9C7D-0F0E1828A0F5"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.17763.9020","matchCriteriaId":"D0E1AB94-0B38-4BB7-94EB-988EA266D6D5"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.20348.5386","matchCriteriaId":"9E9A0C18-3AD2-4E59-97AF-A2343E466929"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.26100.33158","matchCriteriaId":"22BE2FE9-37B9-4FF2-B43A-60A3518E0F08"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50384","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-50694","sourceIdentifier":"secure@microsoft.com","published":"2026-07-14T17:17:02.327","lastModified":"2026-07-16T12:45:57.170","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in Windows Secure Socket Tunneling Protocol (SSTP) allows an unauthorized attacker to execute code over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Windows 10 Version 1607","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"10.0.14393.0","lessThan":"10.0.14393.9339","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 1809","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 21H2","platforms":["32-bit Systems","ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.19044.0","lessThan":"10.0.19044.7548","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 22H2","platforms":["32-bit Systems","ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.19045.0","lessThan":"10.0.19045.7548","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 24H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 25H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26200.0","lessThan":"10.0.26200.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 version 26H1","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.28000.0","lessThan":"10.0.28000.2269","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2012","platforms":["x64-based Systems"],"versions":[{"version":"6.2.9200.0","lessThan":"6.2.9200.26226","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2012 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"6.2.9200.0","lessThan":"6.2.9200.26226","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2012 R2","platforms":["x64-based Systems"],"versions":[{"version":"6.3.9600.0","lessThan":"6.3.9600.23291","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2012 R2 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"6.3.9600.0","lessThan":"6.3.9600.23291","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2016","platforms":["x64-based Systems"],"versions":[{"version":"10.0.14393.0","lessThan":"10.0.14393.9339","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2016 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.14393.0","lessThan":"10.0.14393.9339","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2019","platforms":["x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2019 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2022","platforms":["x64-based Systems"],"versions":[{"version":"10.0.20348.0","lessThan":"10.0.20348.5386","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-15T03:58:58.129603Z","id":"CVE-2026-50694","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.14393.9339","matchCriteriaId":"1A8DB50E-7571-4925-A293-CAB93ECD0EBF"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.14393.9339","matchCriteriaId":"A9DC4EC9-4E72-4CBC-BA0B-39CCC45DB8CE"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.17763.9020","matchCriteriaId":"643F21D8-3A5B-477D-AFFC-2451DDC472CC"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.17763.9020","matchCriteriaId":"A68E51D8-C76C-4C9E-9CBD-C7D4D4BCDFAA"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.19044.7548","matchCriteriaId":"038B4A9C-95B9-440A-83A2-AF10BC24590C"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.19044.7548","matchCriteriaId":"FCA35115-58F4-4015-9CA2-C33F45605AA6"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.19044.7548","matchCriteriaId":"02C2F9D5-439A-45D2-98EB-08DB85673712"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.19045.7548","matchCriteriaId":"80F87C10-5D02-4EC9-B1A4-8FD7F6CFE758"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.19045.7548","matchCriteriaId":"048B08D3-1959-47C0-A592-FCF0DCCD65A4"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.19045.7548","matchCriteriaId":"A41562FD-04BC-4FC3-B847-D87D164A9C15"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.26100.8875","matchCriteriaId":"6D55C01A-5908-4CFC-BEB6-BBF3B6F0C5AF"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26100.8875","matchCriteriaId":"740B730D-AEC5-4735-A122-B1CF8B3C364C"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.26200.8875","matchCriteriaId":"E26E96B6-1469-46AE-9CB5-AB7A0372C398"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26200.8875","matchCriteriaId":"DDBCA9E4-7BFB-423A-B7A7-9CBF5625053D"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.28000.2269","matchCriteriaId":"8967AF79-CAD0-4F87-85A5-95D031C9FEFA"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.28000.2525","matchCriteriaId":"8E90830B-0BD1-4D01-9C7D-0F0E1828A0F5"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*","matchCriteriaId":"A7DF96F8-BA6A-4780-9CA3-F719B3F81074"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*","matchCriteriaId":"DB18C4CE-5917-401E-ACF7-2747084FD36E"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.14393.9339","matchCriteriaId":"34D1270A-7D50-46CC-87EE-0A4E25F9C800"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.17763.9020","matchCriteriaId":"D0E1AB94-0B38-4BB7-94EB-988EA266D6D5"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.20348.5386","matchCriteriaId":"9E9A0C18-3AD2-4E59-97AF-A2343E466929"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.26100.33158","matchCriteriaId":"22BE2FE9-37B9-4FF2-B43A-60A3518E0F08"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50694","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-50695","sourceIdentifier":"secure@microsoft.com","published":"2026-07-14T17:17:02.493","lastModified":"2026-07-16T12:33:54.633","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Stack-based buffer overflow in Active Directory Federation Services allows an unauthorized attacker to deny service over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Windows 10 Version 1607","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"10.0.14393.0","lessThan":"10.0.14393.9339","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 1809","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 21H2","platforms":["32-bit Systems","ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.19044.0","lessThan":"10.0.19044.7548","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 22H2","platforms":["32-bit Systems","ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.19045.0","lessThan":"10.0.19045.7548","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 24H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 25H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26200.0","lessThan":"10.0.26200.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 version 26H1","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.28000.0","lessThan":"10.0.28000.2269","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2012","platforms":["x64-based Systems"],"versions":[{"version":"6.2.9200.0","lessThan":"6.2.9200.26226","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2012 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"6.2.9200.0","lessThan":"6.2.9200.26226","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2012 R2","platforms":["x64-based Systems"],"versions":[{"version":"6.3.9600.0","lessThan":"6.3.9600.23291","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2012 R2 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"6.3.9600.0","lessThan":"6.3.9600.23291","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2016","platforms":["x64-based Systems"],"versions":[{"version":"10.0.14393.0","lessThan":"10.0.14393.9339","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2016 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.14393.0","lessThan":"10.0.14393.9339","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2019","platforms":["x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2019 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2022","platforms":["x64-based Systems"],"versions":[{"version":"10.0.20348.0","lessThan":"10.0.20348.5386","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-14T20:38:12.762277Z","id":"CVE-2026-50695","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.14393.9339","matchCriteriaId":"1A8DB50E-7571-4925-A293-CAB93ECD0EBF"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.14393.9339","matchCriteriaId":"A9DC4EC9-4E72-4CBC-BA0B-39CCC45DB8CE"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.17763.9020","matchCriteriaId":"643F21D8-3A5B-477D-AFFC-2451DDC472CC"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.17763.9020","matchCriteriaId":"A68E51D8-C76C-4C9E-9CBD-C7D4D4BCDFAA"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.19044.7548","matchCriteriaId":"038B4A9C-95B9-440A-83A2-AF10BC24590C"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.19044.7548","matchCriteriaId":"FCA35115-58F4-4015-9CA2-C33F45605AA6"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.19044.7548","matchCriteriaId":"02C2F9D5-439A-45D2-98EB-08DB85673712"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.19045.7548","matchCriteriaId":"80F87C10-5D02-4EC9-B1A4-8FD7F6CFE758"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.19045.7548","matchCriteriaId":"048B08D3-1959-47C0-A592-FCF0DCCD65A4"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.19045.7548","matchCriteriaId":"A41562FD-04BC-4FC3-B847-D87D164A9C15"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.26100.8875","matchCriteriaId":"6D55C01A-5908-4CFC-BEB6-BBF3B6F0C5AF"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26100.8875","matchCriteriaId":"740B730D-AEC5-4735-A122-B1CF8B3C364C"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.26200.8875","matchCriteriaId":"E26E96B6-1469-46AE-9CB5-AB7A0372C398"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26200.8875","matchCriteriaId":"DDBCA9E4-7BFB-423A-B7A7-9CBF5625053D"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.28000.2269","matchCriteriaId":"8967AF79-CAD0-4F87-85A5-95D031C9FEFA"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.28000.2525","matchCriteriaId":"8E90830B-0BD1-4D01-9C7D-0F0E1828A0F5"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*","matchCriteriaId":"A7DF96F8-BA6A-4780-9CA3-F719B3F81074"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*","matchCriteriaId":"DB18C4CE-5917-401E-ACF7-2747084FD36E"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.14393.9339","matchCriteriaId":"34D1270A-7D50-46CC-87EE-0A4E25F9C800"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.17763.9020","matchCriteriaId":"D0E1AB94-0B38-4BB7-94EB-988EA266D6D5"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.20348.5386","matchCriteriaId":"9E9A0C18-3AD2-4E59-97AF-A2343E466929"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.26100.33158","matchCriteriaId":"22BE2FE9-37B9-4FF2-B43A-60A3518E0F08"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50695","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-50696","sourceIdentifier":"secure@microsoft.com","published":"2026-07-14T17:17:02.670","lastModified":"2026-07-16T12:26:03.497","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Heap-based buffer overflow in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Windows 10 Version 1809","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 21H2","platforms":["32-bit Systems","ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.19044.0","lessThan":"10.0.19044.7548","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 22H2","platforms":["32-bit Systems","ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.19045.0","lessThan":"10.0.19045.7548","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 24H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 25H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26200.0","lessThan":"10.0.26200.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 version 26H1","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.28000.0","lessThan":"10.0.28000.2525","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2019","platforms":["x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2019 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2022","platforms":["x64-based Systems"],"versions":[{"version":"10.0.20348.0","lessThan":"10.0.20348.5386","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-14T20:38:01.013283Z","id":"CVE-2026-50696","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.17763.9020","matchCriteriaId":"643F21D8-3A5B-477D-AFFC-2451DDC472CC"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.17763.9020","matchCriteriaId":"A68E51D8-C76C-4C9E-9CBD-C7D4D4BCDFAA"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.19044.7548","matchCriteriaId":"038B4A9C-95B9-440A-83A2-AF10BC24590C"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.19044.7548","matchCriteriaId":"FCA35115-58F4-4015-9CA2-C33F45605AA6"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.19044.7548","matchCriteriaId":"02C2F9D5-439A-45D2-98EB-08DB85673712"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.19045.7548","matchCriteriaId":"80F87C10-5D02-4EC9-B1A4-8FD7F6CFE758"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.19045.7548","matchCriteriaId":"048B08D3-1959-47C0-A592-FCF0DCCD65A4"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.19045.7548","matchCriteriaId":"A41562FD-04BC-4FC3-B847-D87D164A9C15"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.26100.8875","matchCriteriaId":"6D55C01A-5908-4CFC-BEB6-BBF3B6F0C5AF"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26100.8875","matchCriteriaId":"740B730D-AEC5-4735-A122-B1CF8B3C364C"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.26200.8875","matchCriteriaId":"E26E96B6-1469-46AE-9CB5-AB7A0372C398"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26200.8875","matchCriteriaId":"DDBCA9E4-7BFB-423A-B7A7-9CBF5625053D"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.28000.2525","matchCriteriaId":"8E90830B-0BD1-4D01-9C7D-0F0E1828A0F5"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.28000.2525","matchCriteriaId":"D335CB65-70DC-4DB1-9519-AF9243EC2FDF"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.17763.9020","matchCriteriaId":"D0E1AB94-0B38-4BB7-94EB-988EA266D6D5"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.20348.5386","matchCriteriaId":"9E9A0C18-3AD2-4E59-97AF-A2343E466929"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.26100.33158","matchCriteriaId":"22BE2FE9-37B9-4FF2-B43A-60A3518E0F08"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50696","source":"secure@microsoft.com","tags":["Vendor Advisory","Patch"]}]}},{"cve":{"id":"CVE-2026-54114","sourceIdentifier":"secure@microsoft.com","published":"2026-07-14T17:17:04.267","lastModified":"2026-07-16T12:24:38.757","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Windows 10 Version 1809","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 21H2","platforms":["32-bit Systems","ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.19044.0","lessThan":"10.0.19044.7548","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 22H2","platforms":["32-bit Systems","ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.19045.0","lessThan":"10.0.19045.7548","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 24H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 25H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26200.0","lessThan":"10.0.26200.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 version 26H1","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.28000.0","lessThan":"10.0.28000.2269","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2019","platforms":["x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2019 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2022","platforms":["x64-based Systems"],"versions":[{"version":"10.0.20348.0","lessThan":"10.0.20348.5386","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-15T03:58:27.219846Z","id":"CVE-2026-54114","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.17763.9020","matchCriteriaId":"643F21D8-3A5B-477D-AFFC-2451DDC472CC"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.17763.9020","matchCriteriaId":"A68E51D8-C76C-4C9E-9CBD-C7D4D4BCDFAA"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.19044.7548","matchCriteriaId":"038B4A9C-95B9-440A-83A2-AF10BC24590C"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.19044.7548","matchCriteriaId":"FCA35115-58F4-4015-9CA2-C33F45605AA6"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.19044.7548","matchCriteriaId":"02C2F9D5-439A-45D2-98EB-08DB85673712"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.19045.7548","matchCriteriaId":"80F87C10-5D02-4EC9-B1A4-8FD7F6CFE758"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.19045.7548","matchCriteriaId":"048B08D3-1959-47C0-A592-FCF0DCCD65A4"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.19045.7548","matchCriteriaId":"A41562FD-04BC-4FC3-B847-D87D164A9C15"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.26100.8875","matchCriteriaId":"6D55C01A-5908-4CFC-BEB6-BBF3B6F0C5AF"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26100.8875","matchCriteriaId":"740B730D-AEC5-4735-A122-B1CF8B3C364C"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.26200.8875","matchCriteriaId":"E26E96B6-1469-46AE-9CB5-AB7A0372C398"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26200.8875","matchCriteriaId":"DDBCA9E4-7BFB-423A-B7A7-9CBF5625053D"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.28000.2269","matchCriteriaId":"8967AF79-CAD0-4F87-85A5-95D031C9FEFA"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.28000.2525","matchCriteriaId":"8E90830B-0BD1-4D01-9C7D-0F0E1828A0F5"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.17763.9020","matchCriteriaId":"D0E1AB94-0B38-4BB7-94EB-988EA266D6D5"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.20348.5386","matchCriteriaId":"9E9A0C18-3AD2-4E59-97AF-A2343E466929"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.26100.33158","matchCriteriaId":"22BE2FE9-37B9-4FF2-B43A-60A3518E0F08"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-54114","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54119","sourceIdentifier":"secure@microsoft.com","published":"2026-07-14T17:17:04.660","lastModified":"2026-07-16T12:14:35.503","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Loop with unreachable exit condition ('infinite loop') in Windows Active Directory allows an unauthorized attacker to deny service over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Windows 10 Version 1607","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"10.0.14393.0","lessThan":"10.0.14393.9339","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 1809","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 21H2","platforms":["32-bit Systems","ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.19044.0","lessThan":"10.0.19044.7548","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 22H2","platforms":["32-bit Systems","ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.19045.0","lessThan":"10.0.19045.7548","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 24H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 25H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26200.0","lessThan":"10.0.26200.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 version 26H1","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.28000.0","lessThan":"10.0.28000.2269","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2012","platforms":["x64-based Systems"],"versions":[{"version":"6.2.9200.0","lessThan":"6.2.9200.26226","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2012 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"6.2.9200.0","lessThan":"6.2.9200.26226","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2012 R2","platforms":["x64-based Systems"],"versions":[{"version":"6.3.9600.0","lessThan":"6.3.9600.23291","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2012 R2 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"6.3.9600.0","lessThan":"6.3.9600.23291","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2016","platforms":["x64-based Systems"],"versions":[{"version":"10.0.14393.0","lessThan":"10.0.14393.9339","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2016 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.14393.0","lessThan":"10.0.14393.9339","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2019","platforms":["x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2019 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2022","platforms":["x64-based Systems"],"versions":[{"version":"10.0.20348.0","lessThan":"10.0.20348.5386","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-14T20:37:50.288596Z","id":"CVE-2026-54119","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-835"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.14393.9339","matchCriteriaId":"1A8DB50E-7571-4925-A293-CAB93ECD0EBF"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.14393.9339","matchCriteriaId":"A9DC4EC9-4E72-4CBC-BA0B-39CCC45DB8CE"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.17763.9020","matchCriteriaId":"643F21D8-3A5B-477D-AFFC-2451DDC472CC"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.17763.9020","matchCriteriaId":"A68E51D8-C76C-4C9E-9CBD-C7D4D4BCDFAA"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.19044.7548","matchCriteriaId":"038B4A9C-95B9-440A-83A2-AF10BC24590C"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.19044.7548","matchCriteriaId":"FCA35115-58F4-4015-9CA2-C33F45605AA6"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.19044.7548","matchCriteriaId":"02C2F9D5-439A-45D2-98EB-08DB85673712"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.19045.7548","matchCriteriaId":"80F87C10-5D02-4EC9-B1A4-8FD7F6CFE758"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.19045.7548","matchCriteriaId":"048B08D3-1959-47C0-A592-FCF0DCCD65A4"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.19045.7548","matchCriteriaId":"A41562FD-04BC-4FC3-B847-D87D164A9C15"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.26100.8875","matchCriteriaId":"6D55C01A-5908-4CFC-BEB6-BBF3B6F0C5AF"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26100.8875","matchCriteriaId":"740B730D-AEC5-4735-A122-B1CF8B3C364C"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.26200.8875","matchCriteriaId":"E26E96B6-1469-46AE-9CB5-AB7A0372C398"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26200.8875","matchCriteriaId":"DDBCA9E4-7BFB-423A-B7A7-9CBF5625053D"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.28000.2269","matchCriteriaId":"8967AF79-CAD0-4F87-85A5-95D031C9FEFA"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.28000.2525","matchCriteriaId":"8E90830B-0BD1-4D01-9C7D-0F0E1828A0F5"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*","matchCriteriaId":"A7DF96F8-BA6A-4780-9CA3-F719B3F81074"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*","matchCriteriaId":"DB18C4CE-5917-401E-ACF7-2747084FD36E"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.14393.9339","matchCriteriaId":"34D1270A-7D50-46CC-87EE-0A4E25F9C800"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.17763.9020","matchCriteriaId":"D0E1AB94-0B38-4BB7-94EB-988EA266D6D5"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.20348.5386","matchCriteriaId":"9E9A0C18-3AD2-4E59-97AF-A2343E466929"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.26100.33158","matchCriteriaId":"22BE2FE9-37B9-4FF2-B43A-60A3518E0F08"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-54119","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54122","sourceIdentifier":"secure@microsoft.com","published":"2026-07-14T17:17:04.833","lastModified":"2026-07-16T12:06:17.827","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code locally."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Windows 10 Version 1607","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"10.0.14393.0","lessThan":"10.0.14393.9339","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 1809","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 21H2","platforms":["32-bit Systems","ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.19044.0","lessThan":"10.0.19044.7548","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 22H2","platforms":["32-bit Systems","ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.19045.0","lessThan":"10.0.19045.7548","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 24H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 25H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26200.0","lessThan":"10.0.26200.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 version 26H1","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.28000.0","lessThan":"10.0.28000.2525","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2012","platforms":["x64-based Systems"],"versions":[{"version":"6.2.9200.0","lessThan":"6.2.9200.26226","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2012 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"6.2.9200.0","lessThan":"6.2.9200.26226","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2012 R2","platforms":["x64-based Systems"],"versions":[{"version":"6.3.9600.0","lessThan":"6.3.9600.23291","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2012 R2 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"6.3.9600.0","lessThan":"6.3.9600.23291","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2016","platforms":["x64-based Systems"],"versions":[{"version":"10.0.14393.0","lessThan":"10.0.14393.9339","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2016 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.14393.0","lessThan":"10.0.14393.9339","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2019","platforms":["x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2019 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2022","platforms":["x64-based Systems"],"versions":[{"version":"10.0.20348.0","lessThan":"10.0.20348.5386","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-15T00:00:00+00:00","id":"CVE-2026-54122","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.14393.9339","matchCriteriaId":"1A8DB50E-7571-4925-A293-CAB93ECD0EBF"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.14393.9339","matchCriteriaId":"A9DC4EC9-4E72-4CBC-BA0B-39CCC45DB8CE"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.17763.9020","matchCriteriaId":"643F21D8-3A5B-477D-AFFC-2451DDC472CC"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.17763.9020","matchCriteriaId":"A68E51D8-C76C-4C9E-9CBD-C7D4D4BCDFAA"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.19044.7548","matchCriteriaId":"038B4A9C-95B9-440A-83A2-AF10BC24590C"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.19044.7548","matchCriteriaId":"FCA35115-58F4-4015-9CA2-C33F45605AA6"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.19044.7548","matchCriteriaId":"02C2F9D5-439A-45D2-98EB-08DB85673712"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.19045.7548","matchCriteriaId":"80F87C10-5D02-4EC9-B1A4-8FD7F6CFE758"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.19045.7548","matchCriteriaId":"048B08D3-1959-47C0-A592-FCF0DCCD65A4"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*","versionEndExcluding":"10.0.19045.7548","matchCriteriaId":"A41562FD-04BC-4FC3-B847-D87D164A9C15"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.26100.8875","matchCriteriaId":"6D55C01A-5908-4CFC-BEB6-BBF3B6F0C5AF"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26100.8875","matchCriteriaId":"740B730D-AEC5-4735-A122-B1CF8B3C364C"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.26200.8875","matchCriteriaId":"E26E96B6-1469-46AE-9CB5-AB7A0372C398"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26200.8875","matchCriteriaId":"DDBCA9E4-7BFB-423A-B7A7-9CBF5625053D"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.28000.2525","matchCriteriaId":"8E90830B-0BD1-4D01-9C7D-0F0E1828A0F5"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.28000.2525","matchCriteriaId":"D335CB65-70DC-4DB1-9519-AF9243EC2FDF"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*","matchCriteriaId":"A7DF96F8-BA6A-4780-9CA3-F719B3F81074"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*","matchCriteriaId":"DB18C4CE-5917-401E-ACF7-2747084FD36E"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.14393.9339","matchCriteriaId":"34D1270A-7D50-46CC-87EE-0A4E25F9C800"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.17763.9020","matchCriteriaId":"D0E1AB94-0B38-4BB7-94EB-988EA266D6D5"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.20348.5386","matchCriteriaId":"9E9A0C18-3AD2-4E59-97AF-A2343E466929"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.26100.33158","matchCriteriaId":"22BE2FE9-37B9-4FF2-B43A-60A3518E0F08"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-54122","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54127","sourceIdentifier":"secure@microsoft.com","published":"2026-07-14T17:17:04.993","lastModified":"2026-07-16T12:04:44.317","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Windows 11 Version 24H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 25H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26200.0","lessThan":"10.0.26100.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 version 26H1","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.28000.0","lessThan":"10.0.28000.2525","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2022","platforms":["x64-based Systems"],"versions":[{"version":"10.0.20348.0","lessThan":"10.0.20348.5386","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.4,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-15T00:00:00+00:00","id":"CVE-2026-54127","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.26100.8875","matchCriteriaId":"6D55C01A-5908-4CFC-BEB6-BBF3B6F0C5AF"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26100.8875","matchCriteriaId":"740B730D-AEC5-4735-A122-B1CF8B3C364C"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.26200.8875","matchCriteriaId":"E26E96B6-1469-46AE-9CB5-AB7A0372C398"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26200.8875","matchCriteriaId":"DDBCA9E4-7BFB-423A-B7A7-9CBF5625053D"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.28000.2525","matchCriteriaId":"8E90830B-0BD1-4D01-9C7D-0F0E1828A0F5"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.28000.2525","matchCriteriaId":"D335CB65-70DC-4DB1-9519-AF9243EC2FDF"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.20348.5386","matchCriteriaId":"9E9A0C18-3AD2-4E59-97AF-A2343E466929"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.26100.33158","matchCriteriaId":"22BE2FE9-37B9-4FF2-B43A-60A3518E0F08"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-54127","source":"secure@microsoft.com","tags":["Vendor Advisory","Patch"]}]}},{"cve":{"id":"CVE-2026-50389","sourceIdentifier":"secure@microsoft.com","published":"2026-07-14T18:17:40.753","lastModified":"2026-07-16T14:16:52.723","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Windows 10 Version 1607","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"10.0.14393.0","lessThan":"10.0.14393.9339","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 1809","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 21H2","platforms":["32-bit Systems","ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.19044.0","lessThan":"10.0.19044.7548","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 22H2","platforms":["32-bit Systems","ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.19045.0","lessThan":"10.0.19045.7548","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 24H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 25H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26200.0","lessThan":"10.0.26200.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 version 26H1","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.28000.0","lessThan":"10.0.28000.2269","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2016","platforms":["x64-based Systems"],"versions":[{"version":"10.0.14393.0","lessThan":"10.0.14393.9339","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2016 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.14393.0","lessThan":"10.0.14393.9339","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2019","platforms":["x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2019 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2022","platforms":["x64-based Systems"],"versions":[{"version":"10.0.20348.0","lessThan":"10.0.20348.5386","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T13:51:36.627556Z","id":"CVE-2026-50389","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50389","source":"secure@microsoft.com"}]}},{"cve":{"id":"CVE-2026-50420","sourceIdentifier":"secure@microsoft.com","published":"2026-07-14T18:17:45.290","lastModified":"2026-07-16T14:16:52.867","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to disclose information locally."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Windows 11 Version 24H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 25H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26200.0","lessThan":"10.0.26200.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 version 26H1","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.28000.0","lessThan":"10.0.28000.2269","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.5,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T13:54:29.557900Z","id":"CVE-2026-50420","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50420","source":"secure@microsoft.com"}]}},{"cve":{"id":"CVE-2026-50465","sourceIdentifier":"secure@microsoft.com","published":"2026-07-14T18:17:51.850","lastModified":"2026-07-16T14:16:52.970","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Improper access control in Microsoft Windows DNS allows an authorized attacker to perform tampering locally."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Windows 11 Version 24H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 25H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26200.0","lessThan":"10.0.26200.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 version 26H1","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.28000.0","lessThan":"10.0.28000.2269","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T13:46:06.339565Z","id":"CVE-2026-50465","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50465","source":"secure@microsoft.com"}]}},{"cve":{"id":"CVE-2026-50478","sourceIdentifier":"secure@microsoft.com","published":"2026-07-14T18:17:53.710","lastModified":"2026-07-16T14:16:53.067","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Windows 10 Version 1809","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 21H2","platforms":["32-bit Systems","ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.19044.0","lessThan":"10.0.19044.7548","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 22H2","platforms":["32-bit Systems","ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.19045.0","lessThan":"10.0.19045.7548","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 24H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 25H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26200.0","lessThan":"10.0.26200.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 version 26H1","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.28000.0","lessThan":"10.0.28000.2269","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2019","platforms":["x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2019 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2022","platforms":["x64-based Systems"],"versions":[{"version":"10.0.20348.0","lessThan":"10.0.20348.5386","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T13:55:10.457912Z","id":"CVE-2026-50478","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50478","source":"secure@microsoft.com"}]}},{"cve":{"id":"CVE-2026-50491","sourceIdentifier":"secure@microsoft.com","published":"2026-07-14T18:17:55.463","lastModified":"2026-07-16T14:16:53.193","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Out-of-bounds read in Code Integrity DLL (ci.dll) allows an authorized attacker to elevate privileges locally."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Windows 10 Version 1607","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"10.0.14393.0","lessThan":"10.0.14393.9339","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 1809","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 21H2","platforms":["32-bit Systems","ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.19044.0","lessThan":"10.0.19044.7548","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 22H2","platforms":["32-bit Systems","ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.19045.0","lessThan":"10.0.19045.7548","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 24H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 25H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26200.0","lessThan":"10.0.26200.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 version 26H1","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.28000.0","lessThan":"10.0.28000.2525","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2012","platforms":["x64-based Systems"],"versions":[{"version":"6.2.9200.0","lessThan":"6.2.9200.26226","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2012 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"6.2.9200.0","lessThan":"6.2.9200.26226","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2012 R2","platforms":["x64-based Systems"],"versions":[{"version":"6.3.9600.0","lessThan":"6.3.9600.23291","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2012 R2 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"6.3.9600.0","lessThan":"6.3.9600.23291","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2016","platforms":["x64-based Systems"],"versions":[{"version":"10.0.14393.0","lessThan":"10.0.14393.9339","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2016 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.14393.0","lessThan":"10.0.14393.9339","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2019","platforms":["x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2019 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2022","platforms":["x64-based Systems"],"versions":[{"version":"10.0.20348.0","lessThan":"10.0.20348.5386","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T13:55:56.542246Z","id":"CVE-2026-50491","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"},{"lang":"en","value":"CWE-843"}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50491","source":"secure@microsoft.com"}]}},{"cve":{"id":"CVE-2026-50497","sourceIdentifier":"secure@microsoft.com","published":"2026-07-14T18:17:56.437","lastModified":"2026-07-16T14:16:53.373","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Off-by-one error in Windows Remote Desktop Protocol allows an unauthorized attacker to disclose information over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Windows 10 Version 1607","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"10.0.14393.0","lessThan":"10.0.14393.9339","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 1809","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 21H2","platforms":["32-bit Systems","ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.19044.0","lessThan":"10.0.19044.7548","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 Version 22H2","platforms":["32-bit Systems","ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.19045.0","lessThan":"10.0.19045.7548","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 24H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 25H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26200.0","lessThan":"10.0.26200.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 version 26H1","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.28000.0","lessThan":"10.0.28000.2269","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2012","platforms":["x64-based Systems"],"versions":[{"version":"6.2.9200.0","lessThan":"6.2.9200.26226","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2012 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"6.2.9200.0","lessThan":"6.2.9200.26226","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2012 R2","platforms":["x64-based Systems"],"versions":[{"version":"6.3.9600.0","lessThan":"6.3.9600.23291","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2012 R2 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"6.3.9600.0","lessThan":"6.3.9600.23291","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2016","platforms":["x64-based Systems"],"versions":[{"version":"10.0.14393.0","lessThan":"10.0.14393.9339","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2016 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.14393.0","lessThan":"10.0.14393.9339","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2019","platforms":["x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2019 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.17763.0","lessThan":"10.0.17763.9020","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2022","platforms":["x64-based Systems"],"versions":[{"version":"10.0.20348.0","lessThan":"10.0.20348.5386","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T13:56:35.390452Z","id":"CVE-2026-50497","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-193"},{"lang":"en","value":"CWE-908"}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50497","source":"secure@microsoft.com"}]}},{"cve":{"id":"CVE-2026-55039","sourceIdentifier":"secure@microsoft.com","published":"2026-07-14T18:18:15.257","lastModified":"2026-07-16T14:18:09.780","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Microsoft 365 Apps for Enterprise","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"16.0.1","lessThan":"https://aka.ms/OfficeSecurityReleases","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft Excel 2016","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"16.0.0.0","lessThan":"16.0.5561.1001","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft Office 2019","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"19.0.0","lessThan":"https://aka.ms/OfficeSecurityReleases","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft Office 365 for Mac","versions":[{"version":"1.0.0","lessThan":"16.111.26071215","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft Office LTSC 2021","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"16.0.1","lessThan":"https://aka.ms/OfficeSecurityReleases","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft Office LTSC 2024","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"16.0.0","lessThan":"https://aka.ms/OfficeSecurityReleases","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft Office LTSC for Mac 2021","versions":[{"version":"16.0.1","lessThan":"16.111.26071215","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft Office LTSC for Mac 2024","versions":[{"version":"16.0.0","lessThan":"16.111.26071215","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Office Online Server","versions":[{"version":"16.0.0.0","lessThan":"16.0.10417.20175","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T00:00:00+00:00","id":"CVE-2026-55039","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"},{"lang":"en","value":"CWE-191"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*","matchCriteriaId":"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*","matchCriteriaId":"CD25F492-9272-4836-832C-8439EBE64CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:*","matchCriteriaId":"CD88F667-6773-4DB7-B6C3-9C7B769C0808"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:*","matchCriteriaId":"B342EF98-B414-44D0-BAFB-FCA24294EECE"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:microsoft_365:-:*:*:*:*:macos:*:*","matchCriteriaId":"12418BDE-FA2E-4BBF-8E47-45C505399898"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_2019:-:*:*:*:*:*:x64:*","matchCriteriaId":"241CDE2B-ABD0-4EFF-8D73-1766E32FA20F"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_2019:-:*:*:*:*:*:x86:*","matchCriteriaId":"14D63E3F-A431-4DD8-979F-811E8DAC423D"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_2021:-:*:*:*:ltsc:-:x64:*","matchCriteriaId":"1D518075-3362-4D15-93B1-0E6C61518D16"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_2021:-:*:*:*:ltsc:-:x86:*","matchCriteriaId":"1059BEC6-C30B-4F0F-A878-5267A21CBD85"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_2021:-:*:*:*:ltsc:macos:-:*","matchCriteriaId":"0DB3EBBF-E0C4-4D5A-8D22-107463AD1DE4"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_2024:-:*:*:*:ltsc:-:x64:*","matchCriteriaId":"55A9AFDA-D77B-4CC7-ACE5-3A2ABDA257D8"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_2024:-:*:*:*:ltsc:-:x86:*","matchCriteriaId":"8887D177-26A3-4008-89B6-50A9E9830F13"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_2024:-:*:*:*:ltsc:macos:-:*","matchCriteriaId":"589B470B-9C2E-41E2-A44D-D8CCB4D2F933"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_online_server:*:*:*:*:*:*:*:*","versionEndExcluding":"16.0.10417.20175","matchCriteriaId":"746CEA14-C3AC-4256-A71D-BCA3A43459F8"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55039","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55132","sourceIdentifier":"secure@microsoft.com","published":"2026-07-14T18:18:19.850","lastModified":"2026-07-16T13:39:21.353","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Double free in Microsoft Office Word allows an unauthorized attacker to execute code locally."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Microsoft 365 Apps for Enterprise","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"16.0.1","lessThan":"https://aka.ms/OfficeSecurityReleases","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft Office 2019","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"19.0.0","lessThan":"https://aka.ms/OfficeSecurityReleases","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft Office 365 for Mac","versions":[{"version":"1.0.0","lessThan":"16.111.26071215","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft Office LTSC 2021","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"16.0.1","lessThan":"https://aka.ms/OfficeSecurityReleases","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft Office LTSC 2024","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"16.0.0","lessThan":"https://aka.ms/OfficeSecurityReleases","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft Office LTSC for Mac 2021","versions":[{"version":"16.0.1","lessThan":"16.111.26071215","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft Office LTSC for Mac 2024","versions":[{"version":"16.0.0","lessThan":"16.111.26071215","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft SharePoint Enterprise Server 2016","platforms":["x64-based Systems"],"versions":[{"version":"16.0.0","lessThan":"16.0.5561.1001","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft SharePoint Server 2019","platforms":["x64-based Systems"],"versions":[{"version":"16.0.0","lessThan":"16.0.10417.20175","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft SharePoint Server Subscription Edition","platforms":["x64-based Systems"],"versions":[{"version":"16.0.0","lessThan":"16.0.19725.20434","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft Word 2016","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"16.0.1","lessThan":"16.0.5561.1000","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T00:00:00+00:00","id":"CVE-2026-55132","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-415"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*","matchCriteriaId":"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*","matchCriteriaId":"CD25F492-9272-4836-832C-8439EBE64CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:microsoft_365:-:*:*:*:*:macos:*:*","matchCriteriaId":"12418BDE-FA2E-4BBF-8E47-45C505399898"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_2019:-:*:*:*:*:*:x64:*","matchCriteriaId":"241CDE2B-ABD0-4EFF-8D73-1766E32FA20F"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_2019:-:*:*:*:*:*:x86:*","matchCriteriaId":"14D63E3F-A431-4DD8-979F-811E8DAC423D"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_2021:-:*:*:*:ltsc:-:x64:*","matchCriteriaId":"1D518075-3362-4D15-93B1-0E6C61518D16"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_2021:-:*:*:*:ltsc:-:x86:*","matchCriteriaId":"1059BEC6-C30B-4F0F-A878-5267A21CBD85"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_2021:-:*:*:*:ltsc:macos:-:*","matchCriteriaId":"0DB3EBBF-E0C4-4D5A-8D22-107463AD1DE4"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_2024:-:*:*:*:ltsc:-:x64:*","matchCriteriaId":"55A9AFDA-D77B-4CC7-ACE5-3A2ABDA257D8"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_2024:-:*:*:*:ltsc:-:x86:*","matchCriteriaId":"8887D177-26A3-4008-89B6-50A9E9830F13"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_2024:-:*:*:*:ltsc:macos:-:*","matchCriteriaId":"589B470B-9C2E-41E2-A44D-D8CCB4D2F933"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*","versionEndExcluding":"16.0.19725.20434","matchCriteriaId":"5FA63EA8-B225-4E35-A6A3-DBDECF5AC4C8"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*","matchCriteriaId":"F815EF1D-7B60-47BE-9AC2-2548F99F10E4"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*","matchCriteriaId":"6122D014-5BF1-4AF4-8B4D-80205ED7785E"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:x64:*","matchCriteriaId":"E1FE9E95-4874-46EF-AC93-9E485F7A2AC0"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:x86:*","matchCriteriaId":"38479B5D-66F9-4260-A18A-F6E3D9B6991E"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55132","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55134","sourceIdentifier":"secure@microsoft.com","published":"2026-07-14T18:18:20.163","lastModified":"2026-07-16T13:40:01.447","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Stack-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Microsoft 365 Apps for Enterprise","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"16.0.1","lessThan":"https://aka.ms/OfficeSecurityReleases","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft Office 2019","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"19.0.0","lessThan":"https://aka.ms/OfficeSecurityReleases","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft Office 365 for Mac","versions":[{"version":"1.0.0","lessThan":"16.111.26071215","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft Office LTSC 2021","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"16.0.1","lessThan":"https://aka.ms/OfficeSecurityReleases","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft Office LTSC 2024","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"16.0.0","lessThan":"https://aka.ms/OfficeSecurityReleases","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft Office LTSC for Mac 2021","versions":[{"version":"16.0.1","lessThan":"16.111.26071215","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft Office LTSC for Mac 2024","versions":[{"version":"16.0.0","lessThan":"16.111.26071215","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft SharePoint Enterprise Server 2016","platforms":["x64-based Systems"],"versions":[{"version":"16.0.0","lessThan":"16.0.5561.1001","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft SharePoint Server 2019","platforms":["x64-based Systems"],"versions":[{"version":"16.0.0","lessThan":"16.0.10417.20175","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft SharePoint Server Subscription Edition","platforms":["x64-based Systems"],"versions":[{"version":"16.0.0","lessThan":"16.0.19725.20434","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft Word 2016","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"16.0.1","lessThan":"16.0.5561.1000","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-15T03:57:01.477674Z","id":"CVE-2026-55134","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*","matchCriteriaId":"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*","matchCriteriaId":"CD25F492-9272-4836-832C-8439EBE64CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:microsoft_365:-:*:*:*:*:macos:*:*","matchCriteriaId":"12418BDE-FA2E-4BBF-8E47-45C505399898"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_2019:-:*:*:*:*:*:x64:*","matchCriteriaId":"241CDE2B-ABD0-4EFF-8D73-1766E32FA20F"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_2019:-:*:*:*:*:*:x86:*","matchCriteriaId":"14D63E3F-A431-4DD8-979F-811E8DAC423D"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_2021:-:*:*:*:ltsc:-:x64:*","matchCriteriaId":"1D518075-3362-4D15-93B1-0E6C61518D16"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_2021:-:*:*:*:ltsc:-:x86:*","matchCriteriaId":"1059BEC6-C30B-4F0F-A878-5267A21CBD85"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_2021:-:*:*:*:ltsc:macos:-:*","matchCriteriaId":"0DB3EBBF-E0C4-4D5A-8D22-107463AD1DE4"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_2024:-:*:*:*:ltsc:-:x64:*","matchCriteriaId":"55A9AFDA-D77B-4CC7-ACE5-3A2ABDA257D8"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_2024:-:*:*:*:ltsc:-:x86:*","matchCriteriaId":"8887D177-26A3-4008-89B6-50A9E9830F13"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_2024:-:*:*:*:ltsc:macos:-:*","matchCriteriaId":"589B470B-9C2E-41E2-A44D-D8CCB4D2F933"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*","versionEndExcluding":"16.0.19725.20434","matchCriteriaId":"5FA63EA8-B225-4E35-A6A3-DBDECF5AC4C8"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*","matchCriteriaId":"F815EF1D-7B60-47BE-9AC2-2548F99F10E4"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*","matchCriteriaId":"6122D014-5BF1-4AF4-8B4D-80205ED7785E"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:x64:*","matchCriteriaId":"E1FE9E95-4874-46EF-AC93-9E485F7A2AC0"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:x86:*","matchCriteriaId":"38479B5D-66F9-4260-A18A-F6E3D9B6991E"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55134","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55142","sourceIdentifier":"secure@microsoft.com","published":"2026-07-14T18:18:21.273","lastModified":"2026-07-16T13:40:07.760","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Numeric truncation error in Microsoft Office Word allows an unauthorized attacker to disclose information locally."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Microsoft 365 Apps for Enterprise","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"16.0.1","lessThan":"https://aka.ms/OfficeSecurityReleases","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft Office 2019","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"19.0.0","lessThan":"https://aka.ms/OfficeSecurityReleases","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft Office 365 for Mac","versions":[{"version":"1.0.0","lessThan":"16.111.26071215","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft Office LTSC 2021","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"16.0.1","lessThan":"https://aka.ms/OfficeSecurityReleases","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft Office LTSC 2024","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"16.0.0","lessThan":"https://aka.ms/OfficeSecurityReleases","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft SharePoint Enterprise Server 2016","platforms":["x64-based Systems"],"versions":[{"version":"16.0.0","lessThan":"16.0.5561.1001","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft SharePoint Server 2019","platforms":["x64-based Systems"],"versions":[{"version":"16.0.0","lessThan":"16.0.10417.20175","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft SharePoint Server Subscription Edition","platforms":["x64-based Systems"],"versions":[{"version":"16.0.0","lessThan":"16.0.19725.20434","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft Word 2016","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"16.0.1","lessThan":"16.0.5561.1000","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-14T19:00:16.518724Z","id":"CVE-2026-55142","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-197"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*","matchCriteriaId":"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*","matchCriteriaId":"CD25F492-9272-4836-832C-8439EBE64CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:microsoft_365:-:*:*:*:*:macos:*:*","matchCriteriaId":"12418BDE-FA2E-4BBF-8E47-45C505399898"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_2019:-:*:*:*:*:*:x64:*","matchCriteriaId":"241CDE2B-ABD0-4EFF-8D73-1766E32FA20F"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_2019:-:*:*:*:*:*:x86:*","matchCriteriaId":"14D63E3F-A431-4DD8-979F-811E8DAC423D"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_2021:-:*:*:*:ltsc:-:x64:*","matchCriteriaId":"1D518075-3362-4D15-93B1-0E6C61518D16"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_2021:-:*:*:*:ltsc:-:x86:*","matchCriteriaId":"1059BEC6-C30B-4F0F-A878-5267A21CBD85"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_2024:-:*:*:*:ltsc:-:x64:*","matchCriteriaId":"55A9AFDA-D77B-4CC7-ACE5-3A2ABDA257D8"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_2024:-:*:*:*:ltsc:-:x86:*","matchCriteriaId":"8887D177-26A3-4008-89B6-50A9E9830F13"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*","versionEndExcluding":"16.0.19725.20434","matchCriteriaId":"5FA63EA8-B225-4E35-A6A3-DBDECF5AC4C8"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*","matchCriteriaId":"F815EF1D-7B60-47BE-9AC2-2548F99F10E4"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*","matchCriteriaId":"6122D014-5BF1-4AF4-8B4D-80205ED7785E"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:x64:*","matchCriteriaId":"E1FE9E95-4874-46EF-AC93-9E485F7A2AC0"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:x86:*","matchCriteriaId":"38479B5D-66F9-4260-A18A-F6E3D9B6991E"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55142","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-56195","sourceIdentifier":"secure@microsoft.com","published":"2026-07-14T18:18:29.937","lastModified":"2026-07-16T13:40:15.753","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Microsoft 365 Apps for Enterprise","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"16.0.1","lessThan":"https://aka.ms/OfficeSecurityReleases","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft Office 2016","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"16.0.0","lessThan":"16.0.5561.1000","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft Office 2019","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"19.0.0","lessThan":"https://aka.ms/OfficeSecurityReleases","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft Office 365 for Mac","versions":[{"version":"1.0.0","lessThan":"16.111.26071215","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft Office LTSC 2021","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"16.0.1","lessThan":"https://aka.ms/OfficeSecurityReleases","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft Office LTSC 2024","platforms":["32-bit Systems","x64-based Systems"],"versions":[{"version":"16.0.0","lessThan":"https://aka.ms/OfficeSecurityReleases","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft Office LTSC for Mac 2021","versions":[{"version":"16.0.1","lessThan":"16.111.26071215","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Microsoft Office LTSC for Mac 2024","versions":[{"version":"16.0.0","lessThan":"16.111.26071215","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-14T18:55:55.565282Z","id":"CVE-2026-56195","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*","matchCriteriaId":"3259EBFE-AE2D-48B8-BE9A-E22BBDB31378"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*","matchCriteriaId":"CD25F492-9272-4836-832C-8439EBE64CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:microsoft_365:-:*:*:*:*:macos:*:*","matchCriteriaId":"12418BDE-FA2E-4BBF-8E47-45C505399898"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_2016:-:*:*:*:-:*:x64:*","matchCriteriaId":"45A9ECE7-F173-47AB-A420-0B6F64A04D21"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_2016:-:*:*:*:-:*:x86:*","matchCriteriaId":"BF3B9F15-3077-4BC5-9EC5-7416A9FBDC70"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_2019:-:*:*:*:*:*:x64:*","matchCriteriaId":"241CDE2B-ABD0-4EFF-8D73-1766E32FA20F"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_2019:-:*:*:*:*:*:x86:*","matchCriteriaId":"14D63E3F-A431-4DD8-979F-811E8DAC423D"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_2021:-:*:*:*:ltsc:-:x64:*","matchCriteriaId":"1D518075-3362-4D15-93B1-0E6C61518D16"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_2021:-:*:*:*:ltsc:-:x86:*","matchCriteriaId":"1059BEC6-C30B-4F0F-A878-5267A21CBD85"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_2021:-:*:*:*:ltsc:macos:-:*","matchCriteriaId":"0DB3EBBF-E0C4-4D5A-8D22-107463AD1DE4"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_2024:-:*:*:*:ltsc:-:x64:*","matchCriteriaId":"55A9AFDA-D77B-4CC7-ACE5-3A2ABDA257D8"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_2024:-:*:*:*:ltsc:-:x86:*","matchCriteriaId":"8887D177-26A3-4008-89B6-50A9E9830F13"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_2024:-:*:*:*:ltsc:macos:-:*","matchCriteriaId":"589B470B-9C2E-41E2-A44D-D8CCB4D2F933"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-56195","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-58529","sourceIdentifier":"secure@microsoft.com","published":"2026-07-14T18:18:39.550","lastModified":"2026-07-16T13:45:02.420","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Out-of-bounds read in Active Directory Federation Services (AD FS) allows an authorized attacker to disclose information over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Windows 11 version 26H1","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.28000.0","lessThan":"10.0.28000.2525","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-14T17:45:21.909471Z","id":"CVE-2026-58529","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.28000.2525","matchCriteriaId":"8E90830B-0BD1-4D01-9C7D-0F0E1828A0F5"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.28000.2525","matchCriteriaId":"D335CB65-70DC-4DB1-9519-AF9243EC2FDF"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58529","source":"secure@microsoft.com","tags":["Vendor Advisory","Patch"]}]}},{"cve":{"id":"CVE-2026-58544","sourceIdentifier":"secure@microsoft.com","published":"2026-07-14T18:18:42.400","lastModified":"2026-07-16T13:54:23.263","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Windows 11 Version 24H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 Version 25H2","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.26200.0","lessThan":"10.0.26100.8875","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 version 26H1","platforms":["ARM64-based Systems","x64-based Systems"],"versions":[{"version":"10.0.28000.0","lessThan":"10.0.28000.2525","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows Server 2025 (Server Core installation)","platforms":["x64-based Systems"],"versions":[{"version":"10.0.26100.0","lessThan":"10.0.26100.33158","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-14T00:00:00+00:00","id":"CVE-2026-58544","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.26100.8875","matchCriteriaId":"6D55C01A-5908-4CFC-BEB6-BBF3B6F0C5AF"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26100.8875","matchCriteriaId":"740B730D-AEC5-4735-A122-B1CF8B3C364C"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.26200.8875","matchCriteriaId":"E26E96B6-1469-46AE-9CB5-AB7A0372C398"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26200.8875","matchCriteriaId":"DDBCA9E4-7BFB-423A-B7A7-9CBF5625053D"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:arm64:*","versionEndExcluding":"10.0.28000.2525","matchCriteriaId":"8E90830B-0BD1-4D01-9C7D-0F0E1828A0F5"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.28000.2525","matchCriteriaId":"D335CB65-70DC-4DB1-9519-AF9243EC2FDF"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*","versionEndExcluding":"10.0.26100.33158","matchCriteriaId":"CB74F035-459D-4608-9A22-DEED9559A2A0"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58544","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-52865","sourceIdentifier":"f5sirt@f5.com","published":"2026-07-15T15:16:44.587","lastModified":"2026-07-16T14:02:35.633","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"When NGINX Ingress Controller processes Ingress or TransportServer resources, an authenticated, remote attacker with permission to create or modify Ingress or TransportServer resources can cause the NGINX Ingress Controller process to terminate. \n\n\n\nImpact:\nThe NGINX Ingress Controller control plane process terminates and enters a persistent crash loop while the malformed Ingress or TransportServer resource remains in the cluster. This vulnerability allows a remote, authenticated attacker with at least Ingress or TransportServer resource write access to cause a denial-of-service (DoS) on the NGINX Ingress Controller system. There is no data plane exposure; this is a control plane issue only.\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}],"affected":[{"source":"f5sirt@f5.com","affectedData":[{"vendor":"F5","product":"NGINX Ingress Controller","defaultStatus":"unknown","modules":["Ingress","TransportServer"],"versions":[{"version":"5.0.0","lessThan":"5.5.2","versionType":"custom","status":"affected"},{"version":"2026-lts-r1","lessThan":"2026-lts-r3","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-15T15:36:49.413847Z","id":"CVE-2026-52865","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"f5sirt@f5.com","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5.0","versionEndIncluding":"3.7.2","matchCriteriaId":"10D5B143-4C1E-4626-8B49-3EA7160E9256"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndIncluding":"4.0.1","matchCriteriaId":"73A1CDBB-49F6-4AB6-AA67-542FD8017D6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndExcluding":"5.5.2","matchCriteriaId":"5D5C5B30-90A6-4F31-99BB-D8AC3C3A8425"}]}]}],"references":[{"url":"https://my.f5.com/manage/s/article/K000161834","source":"f5sirt@f5.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55723","sourceIdentifier":"f5sirt@f5.com","published":"2026-07-15T15:16:45.327","lastModified":"2026-07-16T14:02:51.580","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"When NGINX Ingress Controller is configured with Custom Resource Definitions (CRDs) or Ingress annotations, an injection vulnerability exists in the configuration generator of NGINX Ingress Controller. Multiple user-controllable fields are written into the generated NGINX configuration without sanitization. An authenticated attacker with permission to create or modify these CRDs or annotations may craft values that inject arbitrary NGINX configuration directives. \n\nImpact:\nAn authenticated attacker granted write access to NGINX Ingress Controller CRDs or Ingress annotations through the Kubernetes API may be able to inject arbitrary NGINX configuration directives, create or delete files, or disable services. There is no data plane exposure; this is a control plane issue only.\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}],"affected":[{"source":"f5sirt@f5.com","affectedData":[{"vendor":"F5","product":"NGINX Ingress Controller","defaultStatus":"unknown","modules":["Custom Resource Definitions","Ingress Annotations"],"versions":[{"version":"5.0.0","lessThan":"5.5.2","versionType":"custom","status":"affected"},{"version":"2026-lts-r1","lessThan":"2026-lts-r3","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"f5sirt@f5.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":5.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-15T00:00:00+00:00","id":"CVE-2026-55723","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"f5sirt@f5.com","type":"Secondary","description":[{"lang":"en","value":"CWE-76"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"3.6.0","versionEndIncluding":"3.7.2","matchCriteriaId":"63840F88-20FB-4B0A-8C8F-76AB29695C3F"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndIncluding":"4.0.1","matchCriteriaId":"73A1CDBB-49F6-4AB6-AA67-542FD8017D6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndExcluding":"5.5.2","matchCriteriaId":"5D5C5B30-90A6-4F31-99BB-D8AC3C3A8425"}]}]}],"references":[{"url":"https://my.f5.com/manage/s/article/K000161800","source":"f5sirt@f5.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-20146","sourceIdentifier":"psirt@cisco.com","published":"2026-07-15T17:16:46.970","lastModified":"2026-07-16T14:03:27.247","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker to perform path traversal attacks on the underlying operating system to either read or delete arbitrary files. To exploit this vulnerability, the attacker must have valid administrative credentials.&nbsp;\r\n\r\nThis vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to access sensitive files or delete arbitrary files on the affected system."}],"affected":[{"source":"psirt@cisco.com","affectedData":[{"vendor":"Cisco","product":"Cisco Identity Services Engine Software","defaultStatus":"unknown","versions":[{"version":"3.1.0","status":"affected"},{"version":"3.1.0 p1","status":"affected"},{"version":"3.1.0 p3","status":"affected"},{"version":"3.1.0 p2","status":"affected"},{"version":"3.2.0","status":"affected"},{"version":"3.1.0 p4","status":"affected"},{"version":"3.1.0 p5","status":"affected"},{"version":"3.2.0 p1","status":"affected"},{"version":"3.1.0 p6","status":"affected"},{"version":"3.2.0 p2","status":"affected"},{"version":"3.1.0 p7","status":"affected"},{"version":"3.3.0","status":"affected"},{"version":"3.2.0 p3","status":"affected"},{"version":"3.2.0 p4","status":"affected"},{"version":"3.1.0 p8","status":"affected"},{"version":"3.2.0 p5","status":"affected"},{"version":"3.2.0 p6","status":"affected"},{"version":"3.1.0 p9","status":"affected"},{"version":"3.3 Patch 2","status":"affected"},{"version":"3.3 Patch 1","status":"affected"},{"version":"3.3 Patch 3","status":"affected"},{"version":"3.4.0","status":"affected"},{"version":"3.2.0 p7","status":"affected"},{"version":"3.3 Patch 4","status":"affected"},{"version":"3.4 Patch 1","status":"affected"},{"version":"3.1.0 p10","status":"affected"},{"version":"3.3 Patch 5","status":"affected"},{"version":"3.3 Patch 6","status":"affected"},{"version":"3.4 Patch 2","status":"affected"},{"version":"3.3 Patch 7","status":"affected"},{"version":"3.4 Patch 3","status":"affected"},{"version":"3.5.0","status":"affected"},{"version":"3.4 Patch 4","status":"affected"},{"version":"3.3 Patch 8","status":"affected"},{"version":"3.2 Patch 8","status":"affected"},{"version":"3.5 Patch 1","status":"affected"},{"version":"3.3 Patch 9","status":"affected"},{"version":"3.2 Patch 9","status":"affected"},{"version":"3.4 Patch 5","status":"affected"},{"version":"3.5 Patch 3","status":"affected"},{"version":"3.5 Patch 2","status":"affected"},{"version":"3.3 Patch 10","status":"affected"}]},{"vendor":"Cisco","product":"Cisco ISE Passive Identity Connector","defaultStatus":"unknown","versions":[{"version":"3.2.0","status":"affected"},{"version":"3.1.0","status":"affected"},{"version":"3.3.0","status":"affected"},{"version":"3.4.0","status":"affected"},{"version":"3.5.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-15T17:58:07.078523Z","id":"CVE-2026-20146","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:*:*:*:*:*:*:*:*","versionEndExcluding":"3.3.0","matchCriteriaId":"E7F4D769-1845-41F0-8F15-B5D8AC15DFD9"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:-:*:*:*:*:*:*","matchCriteriaId":"3CA3315D-8A45-43F4-A0F0-094D325F285B"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch1:*:*:*:*:*:*","matchCriteriaId":"B3736136-9FD8-4B12-B119-EA15201224D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch10:*:*:*:*:*:*","matchCriteriaId":"FB15AE6D-F4EF-40AD-A88E-D22612AEF2A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch11:*:*:*:*:*:*","matchCriteriaId":"25B8E5EB-393A-40E8-9A0D-465ECCC2A4B8"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch2:*:*:*:*:*:*","matchCriteriaId":"654ED77E-22D3-4E76-9E6D-B1581F5982F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch3:*:*:*:*:*:*","matchCriteriaId":"A0648EE9-F042-479F-9AAB-C6B5DBC46511"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch4:*:*:*:*:*:*","matchCriteriaId":"83F3BA58-4F38-41C8-956F-38A2F44EECE4"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch5:*:*:*:*:*:*","matchCriteriaId":"6C30FA1D-91E2-48C5-B181-A88FDF668278"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch6:*:*:*:*:*:*","matchCriteriaId":"768215B1-80B7-40FF-8772-BA4C0B3913F5"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch7:*:*:*:*:*:*","matchCriteriaId":"40239DA8-43B6-466B-85B0-6D644D7027D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch8:*:*:*:*:*:*","matchCriteriaId":"9118B7ED-E678-47C3-9D17-F522D9362B2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch9:*:*:*:*:*:*","matchCriteriaId":"C2ED3257-CB9D-4FD5-A482-3648CF292128"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:-:*:*:*:*:*:*","matchCriteriaId":"CC0525FD-C4D7-4B48-BF35-1791391AB148"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:patch1:*:*:*:*:*:*","matchCriteriaId":"68C96F6B-51EE-4D03-9598-CBFD16DA22EF"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:patch2:*:*:*:*:*:*","matchCriteriaId":"62F25185-D19E-4EC5-8A68-7AB669B76E90"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:patch3:*:*:*:*:*:*","matchCriteriaId":"C457D2EC-FB63-49B7-A90E-CE67ED763BAE"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:patch4:*:*:*:*:*:*","matchCriteriaId":"6566330F-A048-44A1-9821-7A5844C82CEC"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:patch5:*:*:*:*:*:*","matchCriteriaId":"1154F196-2CB3-4AC2-BE00-11A8942EA999"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:patch6:*:*:*:*:*:*","matchCriteriaId":"7E30ECF6-5B1D-4280-AA02-123153E68F28"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.5.0:-:*:*:*:*:*:*","matchCriteriaId":"2A7003EB-C578-4C02-B768-F8C4C8421382"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.5.0:patch1:*:*:*:*:*:*","matchCriteriaId":"16B32F60-CEB7-4816-AA7C-3130D1053DC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.5.0:patch2:*:*:*:*:*:*","matchCriteriaId":"755761D7-8DDD-4219-8E37-FA535757710A"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.5.0:patch3:*:*:*:*:*:*","matchCriteriaId":"656248A2-92B4-40B8-8D81-1135A4F35D20"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:*:*:*:*:*:*:*:*","versionEndExcluding":"3.3.0","matchCriteriaId":"804C2F93-8ADC-454A-90DF-59F51FEF9E0A"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:-:*:*:*:*:*:*","matchCriteriaId":"F1B9C2C1-59A4-49A0-9B74-83CCB063E55D"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch1:*:*:*:*:*:*","matchCriteriaId":"DFD29A0B-0D75-4EAB-BCE0-79450EC75DD0"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch10:*:*:*:*:*:*","matchCriteriaId":"43F3A55D-D4FC-4D93-9513-94B64B21A2B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch11:*:*:*:*:*:*","matchCriteriaId":"F0F60A00-E952-400A-B553-BE96E7FF746F"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch2:*:*:*:*:*:*","matchCriteriaId":"E6C94CC4-CC08-4DAF-A606-FDAFC92720A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch3:*:*:*:*:*:*","matchCriteriaId":"BB069EA3-7B8C-42B5-8035-2EE5ED3F56E4"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch4:*:*:*:*:*:*","matchCriteriaId":"FF8B81A6-BF44-4E5F-B167-39F61DDCA026"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch5:*:*:*:*:*:*","matchCriteriaId":"56E0F0EC-3E66-4866-89F5-89B331F3F517"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch6:*:*:*:*:*:*","matchCriteriaId":"2E3E8937-2859-4A2A-91C0-05F674EF0466"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch7:*:*:*:*:*:*","matchCriteriaId":"D4B14684-EB9E-405B-85FA-B62E57CB292C"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch8:*:*:*:*:*:*","matchCriteriaId":"22B752D1-9E8F-4FB7-8EEB-F9234492372B"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch9:*:*:*:*:*:*","matchCriteriaId":"85A1CC7D-FE54-4AC0-B98F-972C4B1F3189"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:-:*:*:*:*:*:*","matchCriteriaId":"D23905E0-E525-49B1-8E5F-4EB42D186768"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch1:*:*:*:*:*:*","matchCriteriaId":"74509498-38EF-4345-9583-CEF5C26CA1D8"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch2:*:*:*:*:*:*","matchCriteriaId":"CD05FF93-7B8C-4283-9DB7-E03FE98FAADF"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch3:*:*:*:*:*:*","matchCriteriaId":"0F9B6A8E-E773-44A3-9266-878F0C58EB41"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch4:*:*:*:*:*:*","matchCriteriaId":"D3727619-E0CA-4CA9-BE35-0C732BCF1741"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch5:*:*:*:*:*:*","matchCriteriaId":"2CFB7565-3930-409C-B5DB-CE77E6ED7C42"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch6:*:*:*:*:*:*","matchCriteriaId":"A388D916-D6A1-4D3A-A48A-A150F387B755"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.5.0:-:*:*:*:*:*:*","matchCriteriaId":"2610FD35-BC4B-41B7-9C92-E6E5264FEE54"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.5.0:patch1:*:*:*:*:*:*","matchCriteriaId":"3FEE4377-B238-4442-9892-28CECFB2319E"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.5.0:patch2:*:*:*:*:*:*","matchCriteriaId":"6598563B-7E32-43FB-96A7-88C53E4CE226"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.5.0:patch3:*:*:*:*:*:*","matchCriteriaId":"719C8E82-269D-4F21-B2B4-4CD3033A17F9"}]}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-traversal-xNt7wb2Y","source":"psirt@cisco.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-33443","sourceIdentifier":"SecurityResponse@netmotionsoftware.com","published":"2026-07-15T20:16:56.780","lastModified":"2026-07-16T14:16:50.170","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"CVE-2026-33443 is a memory management error in\nSecure Access servers prior to 14.55. Attackers with an intimate knowledge of\nand total control over the tunnel protocol can create a persistent DoS against\nthe server."}],"affected":[{"source":"SecurityResponse@netmotionsoftware.com","affectedData":[{"vendor":"Absolute Security","product":"Secure Access","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"14.55","versionType":"Server","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"SecurityResponse@netmotionsoftware.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T13:10:56.161428Z","id":"CVE-2026-33443","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:*","versionEndExcluding":"14.55","matchCriteriaId":"1C42FF7C-EE2E-4412-9074-88FFB63A58CF"}]}]}],"references":[{"url":"https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-33443","source":"SecurityResponse@netmotionsoftware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-40952","sourceIdentifier":"SecurityResponse@netmotionsoftware.com","published":"2026-07-15T20:16:57.907","lastModified":"2026-07-16T14:16:51.250","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"CVE-2026-40952 is a privilege misconfiguration\nin the Secure Access installer for the Windows client and server prior to\nversion 14.55. Attackers with local access to the client or server can use it\nto elevate privileges to Administrator when Secure Access is installed in a\nnon-default location."}],"affected":[{"source":"SecurityResponse@netmotionsoftware.com","affectedData":[{"vendor":"Absolute Security","product":"Secure Access","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"14.55","versionType":"server","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"SecurityResponse@netmotionsoftware.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T13:05:54.727165Z","id":"CVE-2026-40952","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-276"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:*","versionEndExcluding":"14.55","matchCriteriaId":"1C42FF7C-EE2E-4412-9074-88FFB63A58CF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-40952","source":"SecurityResponse@netmotionsoftware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-40953","sourceIdentifier":"SecurityResponse@netmotionsoftware.com","published":"2026-07-15T20:16:58.077","lastModified":"2026-07-16T14:16:51.390","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"CVE-2026-40953 is a heap overflow in the\ncertificate parsing function of Secure Access clients prior to 14.55. Attackers\nwith local access and administrator permissions can create a denial of service\nattack against the client over which they have control."}],"affected":[{"source":"SecurityResponse@netmotionsoftware.com","affectedData":[{"vendor":"Absolute Security","product":"Secure Access","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"14.55","versionType":"Client","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"SecurityResponse@netmotionsoftware.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T13:15:31.920768Z","id":"CVE-2026-40953","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:*","versionEndExcluding":"14.55","matchCriteriaId":"1C42FF7C-EE2E-4412-9074-88FFB63A58CF"}]}]}],"references":[{"url":"https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-40953","source":"SecurityResponse@netmotionsoftware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-40954","sourceIdentifier":"SecurityResponse@netmotionsoftware.com","published":"2026-07-15T20:16:58.273","lastModified":"2026-07-16T14:16:51.547","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"CVE-2026-40954\nis an integer underflow vulnerability in the traffic parsing function of Secure\nAccess clients prior to 14.55. Attackers with intimate knowledge of and total\ncontrol over the tunnel protocol can create a non-persistent DoS against their\nclient"}],"affected":[{"source":"SecurityResponse@netmotionsoftware.com","affectedData":[{"vendor":"Absolute Security","product":"Secure Access","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"14.55","versionType":"Client","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"SecurityResponse@netmotionsoftware.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T13:14:53.484084Z","id":"CVE-2026-40954","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-191"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-191"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:*","versionEndExcluding":"14.55","matchCriteriaId":"1C42FF7C-EE2E-4412-9074-88FFB63A58CF"}]}]}],"references":[{"url":"https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-40954","source":"SecurityResponse@netmotionsoftware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-40955","sourceIdentifier":"SecurityResponse@netmotionsoftware.com","published":"2026-07-15T20:16:59.893","lastModified":"2026-07-16T14:16:51.683","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"CVE-2026-40955 is an integer underflow\nvulnerability in the traffic parsing function of Secure Access clients prior to\n14.55. Attackers with intimate knowledge of and total control over the tunnel\nprotocol can create a non-persistent DoS against their client."}],"affected":[{"source":"SecurityResponse@netmotionsoftware.com","affectedData":[{"vendor":"Absolute Security","product":"Secure Access","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"14.55","versionType":"Client","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"SecurityResponse@netmotionsoftware.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T13:12:55.536574Z","id":"CVE-2026-40955","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-191"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-191"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:*","versionEndExcluding":"14.55","matchCriteriaId":"1C42FF7C-EE2E-4412-9074-88FFB63A58CF"}]}]}],"references":[{"url":"https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-40955","source":"SecurityResponse@netmotionsoftware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-40956","sourceIdentifier":"SecurityResponse@netmotionsoftware.com","published":"2026-07-15T20:17:00.053","lastModified":"2026-07-16T14:16:51.810","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"CVE-2026-40956\nis a memory disclosure vulnerability in Secure Access client versions prior to 14.55.\nAttackers with intimate knowledge of and total control over the tunnel protocol\ncan cause a small amount of random memory to leak."}],"affected":[{"source":"SecurityResponse@netmotionsoftware.com","affectedData":[{"vendor":"Absolute Security","product":"Secure Access","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"14.55","versionType":"Client","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"SecurityResponse@netmotionsoftware.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T13:12:21.752569Z","id":"CVE-2026-40956","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:*","versionEndExcluding":"14.55","matchCriteriaId":"1C42FF7C-EE2E-4412-9074-88FFB63A58CF"}]}]}],"references":[{"url":"https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-40956","source":"SecurityResponse@netmotionsoftware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-40957","sourceIdentifier":"SecurityResponse@netmotionsoftware.com","published":"2026-07-15T20:17:00.210","lastModified":"2026-07-16T14:16:51.930","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"o  \nCVE-2026-40957 is a frameable content\nvulnerability in the Secure Access server login page prior to 14.55. Attackers\nwith control of a malicious web site could use it to potentially steal\ncredentials from an unwary administrator."}],"affected":[{"source":"SecurityResponse@netmotionsoftware.com","affectedData":[{"vendor":"Absolute Security","product":"Secure Access","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"14.55","versionType":"Server","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"SecurityResponse@netmotionsoftware.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T13:16:17.605043Z","id":"CVE-2026-40957","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-1021"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-1021"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:*","versionEndExcluding":"14.55","matchCriteriaId":"1C42FF7C-EE2E-4412-9074-88FFB63A58CF"}]}]}],"references":[{"url":"https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-40957","source":"SecurityResponse@netmotionsoftware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-40958","sourceIdentifier":"SecurityResponse@netmotionsoftware.com","published":"2026-07-15T20:17:00.503","lastModified":"2026-07-16T14:16:52.060","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"CVE-2026-40958\nis a input validation error in Secure Access clients prior to 14.55. Attackers\nwith intimate knowledge of and total control over the tunnel protocol can\ncreate a non-persistent DoS against their client."}],"affected":[{"source":"SecurityResponse@netmotionsoftware.com","affectedData":[{"vendor":"Absolute Security","product":"Secure Access","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"14.55","versionType":"Client","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"SecurityResponse@netmotionsoftware.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T13:11:32.690461Z","id":"CVE-2026-40958","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:*","versionEndExcluding":"14.55","matchCriteriaId":"1C42FF7C-EE2E-4412-9074-88FFB63A58CF"}]}]}],"references":[{"url":"https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-40958","source":"SecurityResponse@netmotionsoftware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-45534","sourceIdentifier":"security-advisories@github.com","published":"2026-07-15T20:17:04.593","lastModified":"2026-07-16T14:16:52.293","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase Redshift datasource connections can load attacker-controlled rsjdbc.ini configuration from System.getProperty(\"java.io.tmpdir\"), setting socketFactory=org.springframework.context.support.FileSystemXmlApplicationContext so com.amazon.redshift.Driver#connect, com.amazon.redshift.Driver#getJdbcIniFile, and com.amazon.redshift.util.ObjectFactory#instantiate execute a reflection-based remote code execution chain during a normal JDBC connection through io.dataease.datasource.type.Redshift. This issue is fixed in version 2.10.23."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"dataease","product":"dataease","versions":[{"version":"< 2.10.23","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T12:55:19.891049Z","id":"CVE-2026-45534","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/dataease/dataease/commit/3e58149f1e014b1a7ae2c12134b37ae438f676ac","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/releases/tag/v2.10.23","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-cv4c-8rpv-2x97","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-cv4c-8rpv-2x97","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-45535","sourceIdentifier":"security-advisories@github.com","published":"2026-07-15T20:17:04.723","lastModified":"2026-07-16T14:16:52.407","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase SQL-type datasets store attacker-controlled SQL variable defaultValue entries such as ${var} and SqlparserUtils.handleVariableDefaultValue() inserts them with String.replace() without escaping or parameterization, causing stored SQL injection whenever a user with dataset read permission accesses the dataset. This issue is fixed in version 2.10.23."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"dataease","product":"dataease","versions":[{"version":"< 2.10.23","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T13:04:15.867696Z","id":"CVE-2026-45535","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/dataease/dataease/commit/22930a493d900fe3d8084b3dd4c0125abdb2a847","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/releases/tag/v2.10.23","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-pv23-p64m-4pxf","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-pv23-p64m-4pxf","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-33684","sourceIdentifier":"security-advisories@github.com","published":"2026-07-15T21:16:36.323","lastModified":"2026-07-16T14:16:50.530","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"WWBN AVideo is an open source video platform. Prior to version 29.0, Privilege Escalation is possible through unguarded permission parameters in signUp API, which allows any user who can solve a CAPTCHA to self-grant elevated permissions during account registration. The set_api_signUp method in the API plugin accepts emailVerified, canUpload, canStream, and canCreateMeet parameters from user-supplied input and applies them to newly created accounts without verifying that the request was authenticated with a valid APISecret. By self-granting account attributes, attackers can mark their own accounts as email-verified without owning the address (bypassing email-gated functionality) and award themselves upload, streaming, and meeting-creation permissions, circumventing administrator access controls that intentionally restrict these capabilities for new users. This issue has been fixed in version 29.0"}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"WWBN","product":"AVideo","versions":[{"version":"< 29.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T12:54:09.239361Z","id":"CVE-2026-33684","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-8j8m-p79x-g4jm","source":"security-advisories@github.com"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-8j8m-p79x-g4jm","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-46339","sourceIdentifier":"security-advisories@github.com","published":"2026-07-15T21:16:50.067","lastModified":"2026-07-16T14:16:52.513","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"9Router is an AI router & token saver. From 0.4.30 until 0.4.37, 9Router's src/proxy.js middleware did not protect /api/cli-tools/* and /api/mcp/*, allowing unauthenticated registration of customPlugins through src/app/api/cli-tools/cowork-settings/route.js and command execution through the MCP bridge. This vulnerability is fixed in 0.4.37."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"decolua","product":"9router","versions":[{"version":">= 0.4.30, < 0.4.37","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T12:55:18.873125Z","id":"CVE-2026-46339","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"},{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://github.com/decolua/9router/commit/992f4db4a0d858bcc86b4786f2abab117a6ccdf8","source":"security-advisories@github.com"},{"url":"https://github.com/decolua/9router/security/advisories/GHSA-fhh6-4qxv-rpqj","source":"security-advisories@github.com"},{"url":"https://github.com/decolua/9router/security/advisories/GHSA-fhh6-4qxv-rpqj","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-52887","sourceIdentifier":"security-advisories@github.com","published":"2026-07-15T21:16:54.543","lastModified":"2026-07-16T13:43:05.487","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to 2.0.61, NocoBase @nocobase/plugin-notification-in-app-message exposed GET /api/myInAppChannels:list, where the filter[latestMsgReceiveTimestamp][$lt] value was inserted into a Sequelize.literal() template string without escaping or parameter binding, allowing a signed-up authenticated user to run stacked PostgreSQL statements and potentially execute commands with COPY ... TO PROGRAM. This vulnerability is fixed in 2.0.61."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"nocobase","product":"nocobase","versions":[{"version":"< 2.0.61","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/nocobase/nocobase/commit/68d64e3fcfb8be2ae4f3bfc9e1ee3f85b87c89ce","source":"security-advisories@github.com"},{"url":"https://github.com/nocobase/nocobase/releases/tag/v2.0.61","source":"security-advisories@github.com"},{"url":"https://github.com/nocobase/nocobase/security/advisories/GHSA-p849-8hwh-84j9","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-55410","sourceIdentifier":"security-advisories@github.com","published":"2026-07-15T21:16:55.183","lastModified":"2026-07-16T13:44:56.733","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to 2.1.19, NocoBase @nocobase/plugin-backups restored PostgreSQL backups by interpolating the database.schema value from _metadata.json into shell command strings executed with Node.js child_process.exec(), allowing a backup-management user restoring a crafted backup to execute commands as the NocoBase server process. This vulnerability is fixed in 2.1.19."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"nocobase","product":"nocobase","versions":[{"version":"< 2.1.19","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.5}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/nocobase/nocobase/commit/0e1aba1b7b112ffc841588963f7343c00edd9806","source":"security-advisories@github.com"},{"url":"https://github.com/nocobase/nocobase/releases/tag/v2.1.19","source":"security-advisories@github.com"},{"url":"https://github.com/nocobase/nocobase/security/advisories/GHSA-p853-83gj-wjj3","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-56678","sourceIdentifier":"security-advisories@github.com","published":"2026-07-15T21:16:55.430","lastModified":"2026-07-16T14:16:55.057","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"9Router is an AI router & token saver. Prior to 0.5.6, the Kiro API-key validation endpoint POST /api/oauth/kiro/api-key builds an upstream URL using a user-controlled region value, allowing an authenticated attacker to supply a crafted region such as kiro-canary.local:8443# and cause 9Router to send the Kiro validation request to an attacker-controlled host while forwarding the submitted Kiro API key as an Authorization header. This issue is fixed in version 0.5.6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"decolua","product":"9router","versions":[{"version":"< 0.5.6","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T12:53:08.213328Z","id":"CVE-2026-56678","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/decolua/9router/commit/126aa244c5b51b74ab8c7594e3418fcf4437bf6f","source":"security-advisories@github.com"},{"url":"https://github.com/decolua/9router/releases/tag/v0.5.6","source":"security-advisories@github.com"},{"url":"https://github.com/decolua/9router/security/advisories/GHSA-6mwv-4mrm-5p3m","source":"security-advisories@github.com"},{"url":"https://github.com/decolua/9router/security/advisories/GHSA-6mwv-4mrm-5p3m","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56679","sourceIdentifier":"security-advisories@github.com","published":"2026-07-15T21:16:55.560","lastModified":"2026-07-16T14:16:55.167","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"9Router is an AI router & token saver. Prior to 0.5.4, the PATCH /api/settings endpoint writes the entire request body to persistent settings without a field whitelist, allowing an authenticated user to set security-critical fields such as requireLogin and disable authentication for the whole application, exposing protected routes such as /api/keys and /api/providers to unauthenticated access. This issue is reported as fixed in version 0.5.4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"decolua","product":"9router","versions":[{"version":"< 0.5.4","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T13:00:02.844824Z","id":"CVE-2026-56679","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-915"}]}],"references":[{"url":"https://github.com/decolua/9router/security/advisories/GHSA-vmjq-hvgq-2wv4","source":"security-advisories@github.com"},{"url":"https://github.com/decolua/9router/security/advisories/GHSA-vmjq-hvgq-2wv4","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-15921","sourceIdentifier":"7ffcee3d-2c14-4c3e-b844-86c6a321a158","published":"2026-07-15T22:16:45.717","lastModified":"2026-07-16T14:16:49.230","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Node Version Manager (nvm) is a POSIX-compliant shell function for managing multiple node.js versions. In versions 0.32.1 through 0.40.5, `nvm ls-remote` (and other commands that refresh remote LTS aliases, such as `nvm install --lts`) parse the node.js mirror's `index.tab` and use each release's LTS codename field as an alias filename without validating it. A malicious, compromised, or man-in-the-middled mirror can return an LTS codename containing path-traversal sequences such as `../../../.bashrc`, causing nvm to write the associated version string to a path outside `$NVM_DIR/alias`. With the default layout (`$NVM_DIR` is `~/.nvm`), this can create or overwrite files in the user's home directory, including shell startup files, which can lead to code execution in a later shell session. Exploitation requires the victim to use a hostile mirror -- via a compromised mirror or CDN, a network man-in-the-middle, or a maliciously configured `NVM_NODEJS_ORG_MIRROR`/`NVM_IOJS_ORG_MIRROR` -- and to run an affected command. Version 0.40.6 validates remote LTS codenames as safe alias filenames and rejects `..` path components when writing alias files."}],"affected":[{"source":"7ffcee3d-2c14-4c3e-b844-86c6a321a158","affectedData":[{"vendor":"nvm-sh","product":"nvm","defaultStatus":"unaffected","repo":"https://github.com/nvm-sh/nvm","versions":[{"version":"0.32.1","lessThan":"0.40.6","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"7ffcee3d-2c14-4c3e-b844-86c6a321a158","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"7ffcee3d-2c14-4c3e-b844-86c6a321a158","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T12:53:15.866939Z","id":"CVE-2026-15921","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"7ffcee3d-2c14-4c3e-b844-86c6a321a158","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-73"}]}],"references":[{"url":"https://github.com/nvm-sh/nvm/commit/9275c5badda1d9d0cdad6f34598a111033eadb42","source":"7ffcee3d-2c14-4c3e-b844-86c6a321a158"},{"url":"https://github.com/nvm-sh/nvm/security/advisories/GHSA-4ghp-wxpw-rhpg","source":"7ffcee3d-2c14-4c3e-b844-86c6a321a158"},{"url":"https://github.com/nvm-sh/nvm/security/advisories/GHSA-4ghp-wxpw-rhpg","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-30618","sourceIdentifier":"cve@mitre.org","published":"2026-07-15T22:16:46.210","lastModified":"2026-07-16T14:16:49.860","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"xszyou Fay 4.3.1 contains a remote code execution vulnerability in its MCP STDIO server management and command execution handling. A remote attacker can access the publicly exposed MCP management interface and configure an MCP STDIO server with attacker-controlled commands and parameters, resulting in execution of arbitrary commands on the server. Successful exploitation allows arbitrary command execution within the context of the Fay service."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T13:23:35.490466Z","id":"CVE-2026-30618","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/xszyou/Fay","source":"cve@mitre.org"},{"url":"https://www.ox.security/blog/mcp-supply-chain-advisory-rce-vulnerabilities-across-the-ai-ecosystem/","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-30623","sourceIdentifier":"cve@mitre.org","published":"2026-07-15T22:16:46.317","lastModified":"2026-07-16T14:16:50.013","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"LiteLLM 1.18.10 contains a remote code execution vulnerability in its MCP server creation functionality. The application allows users to add MCP servers via a JSON configuration specifying arbitrary command and args values. LiteLLM executes these values on the host without validation, enabling attackers to run arbitrary operating system commands. Successful exploitation may result in remote code execution with the privileges of the LiteLLM process."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T13:19:11.300119Z","id":"CVE-2026-30623","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-77"}]}],"references":[{"url":"https://docs.litellm.ai/blog/mcp-stdio-command-injection-april-2026","source":"cve@mitre.org"},{"url":"https://github.com/BerriAI/litellm","source":"cve@mitre.org"},{"url":"https://www.ox.security/blog/mcp-supply-chain-advisory-rce-vulnerabilities-across-the-ai-ecosystem/","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-45313","sourceIdentifier":"security-advisories@github.com","published":"2026-07-15T22:16:48.873","lastModified":"2026-07-16T14:16:52.180","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Sandboxie-Plus is an open source sandbox-based isolation software for Windows. Prior to 1.17.6, GuiServer::WndHookRegisterSlave in Sandboxie/core/svc/GuiServer.cpp stores attacker-supplied hthread and hproc fields from a GUI_WND_HOOK_REGISTER request without validating that the thread belongs to the sandboxed process or that the function pointer is in the caller address space, and GuiServer::WndHookNotifySlave then calls OpenThread(THREAD_SET_CONTEXT, FALSE, whk->hthread) and QueueUserAPC((PAPCFUNC)whk->hproc, hThread, (ULONG_PTR)req->threadid) as SYSTEM, allowing a sandboxed process to execute arbitrary code in an unsandboxed host process. This issue is fixed in version 1.17.6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"sandboxie-plus","product":"Sandboxie","versions":[{"version":"< 1.17.6","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T12:52:19.807122Z","id":"CVE-2026-45313","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://github.com/sandboxie-plus/Sandboxie/releases/tag/v1.17.6","source":"security-advisories@github.com"},{"url":"https://github.com/sandboxie-plus/Sandboxie/security/advisories/GHSA-rmv3-fhg3-75xh","source":"security-advisories@github.com"},{"url":"https://github.com/sandboxie-plus/Sandboxie/security/advisories/GHSA-rmv3-fhg3-75xh","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-49279","sourceIdentifier":"security-advisories@github.com","published":"2026-07-15T22:16:52.163","lastModified":"2026-07-16T13:43:51.900","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"WWBN AVideo is an open source video platform. Versions 29.0 and below contain a Stored XSS vulnerability through the autoEvalCodeOnHTML parameter in the MessageSQLite WebSocket Handler. The MessageSQLite.php handler only strips autoEvalCodeOnHTML from $json['msg'], but msgToResourceId() reads from $msg['json'] with higher priority. An attacker can place the XSS payload in the json key instead of msg, bypassing the sanitization entirely. An authenticated attacker can execute arbitrary JavaScript in any connected user's browser session via the WebSocket messaging system, stealing session cookies and authentication tokens, taking over accounts through session hijacking, and chaining with CSRF to perform admin actions on the victim's behalf, in the default SQLite WebSocket backend configuration. This issue has a patch that has yet to be officially released, see https://github.com/WWBN/AVideo/commit/3e0b3ce2bfa766183ff0ae227439394db57b1a23."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"WWBN","product":"AVideo","versions":[{"version":"<= 29.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/WWBN/AVideo/commit/3e0b3ce2bfa766183ff0ae227439394db57b1a23","source":"security-advisories@github.com"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-2fhx-q92v-5fhv","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-50183","sourceIdentifier":"security-advisories@github.com","published":"2026-07-15T22:16:54.643","lastModified":"2026-07-16T14:16:52.617","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"WWBN AVideo is an open source video platform. Versions 29.0 and below contain a stored Cross-Site Scripting vulnerability in the YouTubeAPI plugin. The plugin renders the snippet.title field returned by the YouTube Data API into the homepage gallery markup with no HTML encoding. The title is set by the YouTube video uploader (anyone in the world) and is treated by AVideo as trusted content. A YouTube uploader who controls a video matching the operator's configured query injects HTML into the AVideo homepage by setting their video's title to a JavaScript-bearing string; the payload then executes in the browser of every visitor who loads any page that renders the gallery. When the visitor is an AVideo administrator, the injected JavaScript performs any admin action (create user, promote to admin, change configuration, install plugin) that uses cookie-based authentication without an additional CSRF token, escalating the bug into full administrative takeover. The payload persists for the duration of cacheTimeout (default 3600 seconds) after the malicious title is set on YouTube and survives YouTube removing the hostile video for the same window. This issue has been addressed by commit https://github.com/WWBN/AVideo/commit/7292129eaee5f609beae103b5cb387d55f17b877."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"WWBN","product":"AVideo","versions":[{"version":"<= 29.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T12:50:36.539962Z","id":"CVE-2026-50183","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/WWBN/AVideo/commit/7292129eaee5f609beae103b5cb387d55f17b877","source":"security-advisories@github.com"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-66q5-cj5g-wrfx","source":"security-advisories@github.com"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-66q5-cj5g-wrfx","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-52890","sourceIdentifier":"security-advisories@github.com","published":"2026-07-15T22:17:16.310","lastModified":"2026-07-16T14:16:53.827","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Wekan is open source kanban built with Meteor. Prior to 9.31, Wekan allows a logged-in board member to insert an attachment document through the /attachments/insert DDP method with attacker-controlled versions.original.path and versions.original.storage fields. The server/permissions/attachments.js insert rule checks only board write access, and FileStoreStrategyFilesystem.getReadStream() in models/lib/fileStoreStrategy.js streams the stored path without a storage-root containment check, allowing arbitrary file reads and denial of service through special files such as /dev/zero. This issue is fixed in version 9.31."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"wekan","product":"wekan","versions":[{"version":"< 9.31","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T12:59:05.040500Z","id":"CVE-2026-52890","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-400"}]}],"references":[{"url":"https://github.com/wekan/wekan/commit/fc92b342ceedcf38dbd614a0f7b50d6dc2b22eb8","source":"security-advisories@github.com"},{"url":"https://github.com/wekan/wekan/releases/tag/v9.31","source":"security-advisories@github.com"},{"url":"https://github.com/wekan/wekan/security/advisories/GHSA-g6vm-7757-pr88","source":"security-advisories@github.com"},{"url":"https://github.com/wekan/wekan/security/advisories/GHSA-g6vm-7757-pr88","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-52893","sourceIdentifier":"security-advisories@github.com","published":"2026-07-15T22:17:16.710","lastModified":"2026-07-16T13:43:05.487","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Wekan is open source kanban built with Meteor. Prior to 9.32, the Wekan Accounts.onCreateUser hook in server/models/users.js merges OIDC logins into existing accounts when the OIDC email or username matches an existing Wekan user, without verifying ownership or checking email_verified. An attacker using an OIDC provider account with a victim's email or username can cause Wekan to merge the attacker's OIDC credentials into the victim account and then log in as that account. This issue is fixed in version 9.32."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"wekan","product":"wekan","versions":[{"version":"< 9.32","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://github.com/wekan/wekan/commit/73204d4e0a7d77a1b186b3d76e8eaf2f3e7c9fd9","source":"security-advisories@github.com"},{"url":"https://github.com/wekan/wekan/releases/tag/v9.32","source":"security-advisories@github.com"},{"url":"https://github.com/wekan/wekan/security/advisories/GHSA-mp7g-hj5q-gxhq","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-53445","sourceIdentifier":"security-advisories@github.com","published":"2026-07-15T22:17:16.973","lastModified":"2026-07-16T14:16:53.950","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Wekan is open source kanban built with Meteor. Prior to 9.32, the Wekan copyBoard Meteor DDP method in server/publications/boards.js copies a board by caller-supplied board ID without checking this.userId, membership, or admin access. Any authenticated user can copy a private board they are not a member of, including its cards, checklists, custom fields, labels, and rules, while the REST POST /api/boards/:boardId/copy path correctly checks board admin access. This issue is fixed in version 9.32."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"wekan","product":"wekan","versions":[{"version":"< 9.32","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T12:51:54.585303Z","id":"CVE-2026-53445","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/wekan/wekan/commit/8940a103970c5da3f02b3615eef09fabfff421e3","source":"security-advisories@github.com"},{"url":"https://github.com/wekan/wekan/releases/tag/v9.32","source":"security-advisories@github.com"},{"url":"https://github.com/wekan/wekan/security/advisories/GHSA-7w2h-g83c-jqrp","source":"security-advisories@github.com"},{"url":"https://github.com/wekan/wekan/security/advisories/GHSA-7w2h-g83c-jqrp","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-53446","sourceIdentifier":"security-advisories@github.com","published":"2026-07-15T22:17:17.103","lastModified":"2026-07-16T14:16:54.083","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Wekan is open source kanban built with Meteor. Prior to 9.32, Wekan webhook integration URLs in models/integrations.js are stored from user input and later fetched by server/notifications/outgoing.js without applying the existing validateAttachmentUrl() private-network checks from models/lib/attachmentUrlValidation.js. A board administrator can configure webhook URLs that cause server-side requests to internal or metadata services. This issue is fixed in version 9.32."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"wekan","product":"wekan","versions":[{"version":"< 9.32","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T12:49:31.868839Z","id":"CVE-2026-53446","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/wekan/wekan/commit/0e5fef6f31164fd3de4db353d04173ee0490cd65","source":"security-advisories@github.com"},{"url":"https://github.com/wekan/wekan/releases/tag/v9.32","source":"security-advisories@github.com"},{"url":"https://github.com/wekan/wekan/security/advisories/GHSA-hc3x-hq3m-663q","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-55445","sourceIdentifier":"security-advisories@github.com","published":"2026-07-15T22:17:26.020","lastModified":"2026-07-16T13:52:58.290","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Qinglong is a timed task management platform supporting Python3, JavaScript, Shell, and Typescript. Prior to 2.20.1, the init guard middleware in back/loaders/express.ts checks /api/user/init but not /open/user/init, while rewrite('/open/*', '/api/$1') rewrites the whitelisted /open/* path after JWT authentication and the guard have passed; an unauthenticated attacker can send PUT /open/user/init to reset administrator credentials on an initialized instance. This issue is fixed in 2.20.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"whyour","product":"qinglong","versions":[{"version":"< 2.20.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://github.com/whyour/qinglong/commit/6bec52dca158481258315ba0fc2f11206df7b719","source":"security-advisories@github.com"},{"url":"https://github.com/whyour/qinglong/pull/2941","source":"security-advisories@github.com"},{"url":"https://github.com/whyour/qinglong/security/advisories/GHSA-v667-gc2r-2xm7","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-55576","sourceIdentifier":"security-advisories@github.com","published":"2026-07-15T22:17:26.157","lastModified":"2026-07-16T13:52:58.290","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"MaaAssistantArknights is a one-click tool for daily Arknights tasks. In the current dev-v2 workflow, .github/workflows/release-preparation.yml inlined attacker-controlled github.event.pull_request.title into a run: shell command during the pull_request opened, reopened, and ready_for_review events, so a non-draft fork PR whose title starts with Release v could execute shell commands on the ubuntu-latest runner during the generate-changelog job. This vulnerability is fixed by commit cafc3946059e6337d2089d4fec8b6885ba17c332."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"MaaAssistantArknights","product":"MaaAssistantArknights","versions":[{"version":"< cafc3946059e6337d2089d4fec8b6885ba17c332","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-78"},{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/MaaAssistantArknights/MaaAssistantArknights/commit/cafc3946059e6337d2089d4fec8b6885ba17c332","source":"security-advisories@github.com"},{"url":"https://github.com/MaaAssistantArknights/MaaAssistantArknights/security/advisories/GHSA-pqx2-5g66-f5w8","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-62314","sourceIdentifier":"security-advisories@github.com","published":"2026-07-15T22:17:38.050","lastModified":"2026-07-16T14:16:56.427","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Anubis is a Web AI Firewall Utility that challenges users' connections in order to protect upstream resources from scraper bots. From 1.22.0 until 1.26.0-pre1, lib/policy/checker.go PathChecker.Check() trusted the client-controlled X-Original-URI header before matching r.URL.Path, allowing an HTTP client to match default data/common/keep-internet-working.yaml ALLOW rules such as ^/\\.well-known/.*$ and bypass the Anubis challenge. This issue is fixed in version 1.26.0-pre1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"TecharoHQ","product":"anubis","versions":[{"version":">= 1.22.0, < 1.26.0-pre1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T12:47:54.706418Z","id":"CVE-2026-62314","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://github.com/TecharoHQ/anubis/commit/276b537776b281b1c4e01421435bc03ade3d8fc4","source":"security-advisories@github.com"},{"url":"https://github.com/TecharoHQ/anubis/pull/1630","source":"security-advisories@github.com"},{"url":"https://github.com/TecharoHQ/anubis/releases/tag/v1.26.0-pre1","source":"security-advisories@github.com"},{"url":"https://github.com/TecharoHQ/anubis/security/advisories/GHSA-6wcg-mqvh-fcvg","source":"security-advisories@github.com"},{"url":"https://github.com/TecharoHQ/anubis/security/advisories/GHSA-6wcg-mqvh-fcvg","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-63175","sourceIdentifier":"5a6e4751-2f3f-4070-9419-94fb35b644e8","published":"2026-07-15T22:17:38.193","lastModified":"2026-07-16T14:16:56.717","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"PlaywrightCapture stored capture-specific configuration and runtime data as mutable class-level variables rather than instance-level variables. Consequently, multiple Capture objects running within the same Python process could share state, including HTTP headers, cookies, browser storage, HTTP credentials, proxy configuration, user-agent settings, geolocation information, and captured request data.\n\nIn a multi-user or concurrent deployment, information supplied during one capture could therefore persist and be reused by a subsequent or parallel capture. This could result in the disclosure of authentication cookies, credentials, browser storage, or captured request data belonging to another user. It could also cause requests to be performed with another capture's authentication context, headers, or proxy configuration, potentially enabling unauthorized access to remote resources or interference with other capture operations.\n\nThe vulnerability is resolved by initializing all capture-specific settings and request data as instance variables in the Capture constructor, ensuring that state is isolated between capture operations."}],"affected":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","affectedData":[{"vendor":"Lookyloo","product":"PlaywrightCapture","defaultStatus":"unaffected","repo":"https://github.com/Lookyloo/PlaywrightCapture","versions":[{"version":"0","lessThanOrEqual":"v1.40.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T12:51:38.177871Z","id":"CVE-2026-63175","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","description":[{"lang":"en","value":"CWE-613"}]}],"references":[{"url":"https://github.com/Lookyloo/PlaywrightCapture/commit/1e354b9d8566f49dbb331410be24c7c295645d43","source":"5a6e4751-2f3f-4070-9419-94fb35b644e8"}]}},{"cve":{"id":"CVE-2026-15909","sourceIdentifier":"cna@vuldb.com","published":"2026-07-16T01:16:29.883","lastModified":"2026-07-16T14:16:49.093","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been found in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. Affected is an unknown function of the file proses/add.php. The manipulation of the argument kd_cs leads to authorization bypass. The attack is possible to be carried out remotely. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"RafyMrX","product":"TOKO-ONLINE-ROTI","cpes":["cpe:2.3:a:rafymrx:toko-online-roti:*:*:*:*:*:*:*:*"],"versions":[{"version":"ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T12:50:39.689094Z","id":"CVE-2026-15909","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-285"},{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://vuldb.com/cve/CVE-2026-15909","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/844299","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/379368","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/379368/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-23538","sourceIdentifier":"secalert@redhat.com","published":"2026-07-16T01:16:30.530","lastModified":"2026-07-16T14:16:49.493","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was identified in the Feast Feature Server's `/ws/chat` endpoint that allows remote attackers to establish persistent WebSocket connections without any authentication. By opening a large number of simultaneous connections, an attacker can exhaust server resources—such as memory, CPU, and file descriptors—leading to a complete denial of service for legitimate users."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Feast","product":"Feast Feature Server","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"0.59.0","versionType":"semver","status":"affected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-feature-server-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-pipeline-runtime-datascience-cpu-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-pipeline-runtime-pytorch-cuda-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-pipeline-runtime-pytorch-llmcompressor-cuda-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-pipeline-runtime-pytorch-rocm-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-pipeline-runtime-tensorflow-cuda-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-pipeline-runtime-tensorflow-rocm-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-workbench-codeserver-datascience-cpu-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-workbench-jupyter-datascience-cpu-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-workbench-jupyter-pytorch-cuda-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-workbench-jupyter-pytorch-llmcompressor-cuda-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-workbench-jupyter-pytorch-rocm-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-workbench-jupyter-tensorflow-cuda-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-workbench-jupyter-tensorflow-rocm-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-feature-server-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-pipeline-runtime-datascience-cpu-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-pipeline-runtime-pytorch-cuda-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-pipeline-runtime-pytorch-llmcompressor-cuda-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-pipeline-runtime-pytorch-rocm-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-pipeline-runtime-tensorflow-cuda-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-pipeline-runtime-tensorflow-rocm-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-workbench-codeserver-datascience-cpu-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-workbench-jupyter-datascience-cpu-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-workbench-jupyter-pytorch-cuda-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-workbench-jupyter-pytorch-llmcompressor-cuda-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-workbench-jupyter-pytorch-rocm-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-workbench-jupyter-tensorflow-cuda-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-workbench-jupyter-tensorflow-rocm-py312-rhel9","cpes":["cpe:/a:redhat:openshift_ai"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T13:51:47.243241Z","id":"CVE-2026-23538","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-23538","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2429311","source":"secalert@redhat.com"},{"url":"https://github.com/red-hat-data-services/feast/pull/192","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-23538","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2429311","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-23538.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-3842","sourceIdentifier":"patrick@puiterwijk.org","published":"2026-07-16T01:16:30.697","lastModified":"2026-07-16T13:51:12.157","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in QEMU. This vulnerability allows a local attacker within a guest virtual machine to write data beyond its allocated memory. This occurs when cpu_physical_memory_map() returns a shorter length than expected, leading to an out-of-bounds write. Successful exploitation could result in unauthorized access to guest memory or corruption of heap-allocated objects, potentially causing information disclosure, data integrity issues, or a denial of service."}],"affected":[{"source":"patrick@puiterwijk.org","affectedData":[{"defaultStatus":"unaffected","collectionURL":"https://gitlab.com/qemu-project/qemu","packageName":"qemu","versions":[{"version":"7.1.0","lessThan":"11.0.0","versionType":"semver","status":"affected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"qemu-kvm","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"qemu-kvm","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"qemu-kvm","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"qemu-kvm-ma","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"virt:rhel/qemu-kvm","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"qemu-kvm","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4"]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"qemu-kvm","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"qemu-kvm","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"qemu-kvm","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"qemu-kvm-ma","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"virt:rhel/qemu-kvm","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"qemu-kvm","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4"]}]}],"metrics":{"cvssMetricV31":[{"source":"patrick@puiterwijk.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T12:41:54.779080Z","id":"CVE-2026-3842","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"patrick@puiterwijk.org","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-3842","source":"patrick@puiterwijk.org"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458150","source":"patrick@puiterwijk.org"},{"url":"https://access.redhat.com/security/cve/CVE-2026-3842","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458150","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3842.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-48863","sourceIdentifier":"secalert@redhat.com","published":"2026-07-16T01:16:30.830","lastModified":"2026-07-16T13:47:43.027","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when copying EdDSA 's' MPI into a stack buffer. A remote attacker could craft a malicious Ed25519 PGP signature with mismatched MPI lengths. Processing this crafted signature could lead to a denial of service in automated package or repository processing workflows."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"OpenSUSE","product":"libsolv","defaultStatus":"unaffected","versions":[{"version":"0.6.4","lessThan":"0.7.38","versionType":"semver","status":"affected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libsolv","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libsolv","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libsolv","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libsolv","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libsolv","cpes":["cpe:/a:redhat:hummingbird:1"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat Satellite 6","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"satellite-capsule:el8/libsolv","cpes":["cpe:/a:redhat:satellite:6"]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 4 for Cloud Providers","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libsolv","cpes":["cpe:/a:redhat:rhui:4::el8"]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libsolv","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libsolv","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libsolv","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libsolv","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libsolv","cpes":["cpe:/a:redhat:hummingbird:1"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat Satellite 6","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"satellite-capsule:el8/libsolv","cpes":["cpe:/a:redhat:satellite:6"]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 4 for Cloud Providers","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libsolv","cpes":["cpe:/a:redhat:rhui:4::el8"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Primary","description":[{"lang":"en","value":"CWE-121"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-48863","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460975","source":"secalert@redhat.com"},{"url":"https://github.com/openSUSE/libsolv/commit/44f8c085045b1f771641091bbb2b810d12cff9e8#diff-309f245ec9b669ec78b8159c39e6f50130b4d4a0448f742685f7833d04bc4caaR592","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-48863","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460975","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-48863.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-12434","sourceIdentifier":"security@wordfence.com","published":"2026-07-16T04:17:15.847","lastModified":"2026-07-16T14:16:48.360","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The List category posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.95.0 via the sanitize_status. This makes it possible for authenticated attackers, with contributor-level access and above, to extract titles, full content, excerpts, dates, authors, and custom-field metadata of other users' pending-review, scheduled, and trashed posts by embedding a crafted [catlist] shortcode in their own draft and previewing it. This vulnerability is a bypass of the incomplete fix introduced for CVE-2025-11377 in version 0.93.0."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"fernandobt","product":"List category posts","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"0.95.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T13:39:23.739465Z","id":"CVE-2026-12434","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/list-category-posts/tags/0.95.0/include/lcp-catlist.php#L623","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/list-category-posts/tags/0.95.0/include/lcp-catlist.php#L94","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/list-category-posts/tags/0.95.0/include/lcp-parameters.php#L208","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/list-category-posts/tags/0.95.0/list-category-posts.php#L184","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3598587%40list-category-posts&new=3598587%40list-category-posts","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3477baf1-71ef-44f3-938f-3e7d710e9df6?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-12753","sourceIdentifier":"security@wordfence.com","published":"2026-07-16T04:17:16.073","lastModified":"2026-07-16T13:38:53.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Advance Product Search- Voice & Ajax Search for WooCommerce plugin for WordPress is vulnerable to generic SQL Injection via the 's' and 'match' parameter in all versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"themehunk","product":"Advance Product Search- Voice & Ajax Search for WooCommerce","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.4.4","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/th-advance-product-search/tags/1.4.4/inc/thaps-function.php#L125","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/th-advance-product-search/tags/1.4.4/inc/thaps-function.php#L34","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/th-advance-product-search/tags/1.4.4/inc/thaps-function.php#L86","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3582785%40th-advance-product-search&new=3582785%40th-advance-product-search","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4aa8342f-1f36-4eb5-8b69-ab90fd85e5cb?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-12941","sourceIdentifier":"security@wordfence.com","published":"2026-07-16T04:17:16.247","lastModified":"2026-07-16T14:16:48.467","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The MultiVendorX – WooCommerce Multivendor Marketplace AI Powered Solutions plugin for WordPress is vulnerable to generic SQL Injection via the 'order_by' parameter in all versions up to, and including, 5.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This vulnerability is exploitable by any authenticated subscriber-level user when the plugin's store approval setting is configured to automatically approve store owners (described as the default), as this allows any logged-in user to self-register as a store_owner via the public Stores REST endpoint, thereby obtaining the edit_stores capability required to reach the vulnerable transactions endpoint."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wcmp","product":"MultiVendorX – WooCommerce Multivendor Marketplace AI Powered Solutions","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"5.0.9","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T12:46:10.342438Z","id":"CVE-2026-12941","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/dc-woocommerce-multi-vendor/tags/5.0.8/classes/RestAPI/Controllers/Transactions.php#L113","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/dc-woocommerce-multi-vendor/tags/5.0.8/classes/RestAPI/Controllers/Transactions.php#L76","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/dc-woocommerce-multi-vendor/tags/5.0.8/classes/Transaction/Transaction.php#L274","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3606843%40dc-woocommerce-multi-vendor&new=3606843%40dc-woocommerce-multi-vendor","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c55bf5f5-20d5-4157-94d3-1a330cdc82df?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-14987","sourceIdentifier":"security@wordfence.com","published":"2026-07-16T04:17:19.400","lastModified":"2026-07-16T14:16:48.670","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'twitter_message' Sequoia Template Setting in all versions up to, and including, 4.16.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with give worker-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The injected script executes specifically when a donor clicks the Share on Twitter button on the Sequoia donation confirmation view, as that is when the unescaped twitter_message value is evaluated inside the JavaScript template literal."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"stellarwp","product":"GiveWP – Donation Plugin and Fundraising Platform","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.16.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T12:44:59.458512Z","id":"CVE-2026-14987","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/give/tags/4.14.5/includes/admin/forms/class-metabox-form-data.php#L1180","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/give/tags/4.14.5/includes/formatting.php#L768","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/give/tags/4.14.5/src/Views/Form/Templates/Sequoia/views/social-sharing.php#L41","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/give/tags/4.15.5/includes/admin/forms/class-metabox-form-data.php#L1180","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/give/tags/4.15.5/includes/formatting.php#L768","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/give/tags/4.15.5/src/Views/Form/Templates/Sequoia/views/social-sharing.php#L41","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3607718%40give&new=3607718%40give","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bdd0ba4b-56f1-4f4b-95f7-28c911c8de09?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15652","sourceIdentifier":"security@wordfence.com","published":"2026-07-16T04:17:25.463","lastModified":"2026-07-16T14:16:48.987","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Easy Accordion – AI-Powered FAQ & Accordion Blocks, Product FAQ plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'align' Block Attribute in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"shapedplugin","product":"Easy Accordion – AI-Powered FAQ & Accordion Blocks, Product FAQ","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.1.6","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T13:45:22.555331Z","id":"CVE-2026-15652","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/easy-accordion-free/tags/3.1.5/Blocks/Includes/ShortcodeBlock.php#L127","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/easy-accordion-free/tags/3.1.5/Blocks/Includes/ShortcodeBlock.php#L150","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/easy-accordion-free/tags/3.1.5/Blocks/Includes/ShortcodeBlock.php#L153","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3607006%40easy-accordion-free&new=3607006%40easy-accordion-free","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/eb0fb0a7-b9f7-42db-b826-fc09090bd817?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-21729","sourceIdentifier":"security@grafana.com","published":"2026-07-16T04:17:29.260","lastModified":"2026-07-16T14:16:49.383","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Loki queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy."}],"affected":[{"source":"security@grafana.com","affectedData":[{"vendor":"Grafana","product":"Loki","defaultStatus":"unaffected","platforms":["OnPrem","Cloud"],"versions":[{"version":"v3.0.0","lessThan":"v3.7.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@grafana.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T12:45:38.984777Z","id":"CVE-2026-21729","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://grafana.com/security/security-advisories/cve-2026-21729","source":"security@grafana.com"}]}},{"cve":{"id":"CVE-2026-13042","sourceIdentifier":"security@wordfence.com","published":"2026-07-16T05:16:17.780","lastModified":"2026-07-16T13:39:36.917","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The RPB Chessboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment Content in all versions up to, and including, 8.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. WordPress's save-time kses sanitization does not mitigate this issue because the crafted payload uses only kses-allowed tags and attributes (such as an &lt;a&gt; element with title and href), and the dangerous attribute-breaking HTML is synthesized entirely at render time by the plugin's own comment_text filter."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"yo35","product":"RPB Chessboard","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"8.1.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.7}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/rpb-chessboard/tags/8.1.0/php/abstractcontroller.php#L171","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/rpb-chessboard/tags/8.1.0/php/abstractcontroller.php#L190","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/rpb-chessboard/tags/8.1.0/php/abstractcontroller.php#L220","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/rpb-chessboard/tags/8.1.2/php/abstractcontroller.php#L171","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/rpb-chessboard/tags/8.1.2/php/abstractcontroller.php#L190","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/rpb-chessboard/tags/8.1.2/php/abstractcontroller.php#L220","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3604068%40rpb-chessboard&new=3604068%40rpb-chessboard","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/848b9c6d-e0db-43ad-ac6d-3674435339dd?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15013","sourceIdentifier":"security@wordfence.com","published":"2026-07-16T05:16:18.043","lastModified":"2026-07-16T13:38:53.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The SAML Single Sign On – SSO Login plugin for WordPress is vulnerable to Authentication Bypass via SAML Signature Algorithm Confusion in all versions up to, and including, 5.4.3. The vulnerability exists because `Mo_SAML_Utilities::mo_saml_cast_key()` reads the `SignatureMethod` Algorithm attribute directly from the attacker-controlled `SAMLResponse` parameter rather than enforcing the locally configured algorithm, causing the plugin to recast the IdP's RSA public key as an HMAC-SHA1 shared secret and validate the forged signature against it. This makes it possible for unauthenticated attackers to forge a SAML assertion targeting any WordPress account — including administrators — obtain valid WordPress authentication cookies, and achieve full administrator-level account takeover."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"cyberlord92","product":"SAML Single Sign On – SSO Login","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"5.4.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T12:45:07.848789Z","id":"CVE-2026-15013","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-347"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/miniorange-saml-20-single-sign-on/tags/5.4.3/class-mo-saml-login-validate.php#L119","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/miniorange-saml-20-single-sign-on/tags/5.4.3/class-mo-saml-utilities.php#L416","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/miniorange-saml-20-single-sign-on/tags/5.4.3/class-mo-saml-utilities.php#L444","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/miniorange-saml-20-single-sign-on/tags/5.4.3/class-mo-saml-utilities.php#L561","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/miniorange-saml-20-single-sign-on/tags/5.4.3/includes/lib/SAML2Core/class-mo-saml-xml-security-key.php#L722","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3601345%40miniorange-saml-20-single-sign-on&new=3601345%40miniorange-saml-20-single-sign-on","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ee95092d-6351-4612-872d-284165bc1201?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15445","sourceIdentifier":"security@wordfence.com","published":"2026-07-16T05:16:18.633","lastModified":"2026-07-16T13:38:53.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The SEO Booster plugin for WordPress is vulnerable to time-based SQL Injection via the 'orderby' parameter in all versions up to, and including, 7.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Although esc_sql() and sanitize_text_field() are applied, neither neutralizes SQL keywords, commas, parentheses, or subquery syntax in an unquoted ORDER BY context, leaving the clause fully attacker-controlled."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"cleverplugins","product":"SEO Booster","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"7.3.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T12:43:39.958567Z","id":"CVE-2026-15445","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/seo-booster/trunk/inc/SB_GSC_List_Table.php#L559","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/seo-booster/trunk/inc/SB_GSC_List_Table.php#L579","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/seo-booster/trunk/seo-booster-gsc.php#L27","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3606177%40seo-booster&new=3606177%40seo-booster","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/59f622ee-eccf-4b5b-8fa0-93a4405eb1e9?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-11371","sourceIdentifier":"contact@wpscan.com","published":"2026-07-16T07:16:46.480","lastModified":"2026-07-16T13:43:05.487","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The BetterDocs  WordPress plugin before 4.5.5 does not sanitise an AI-generated documentation summary before storing and outputting it, and the feature that generates it is exposed to unauthenticated users, allowing them to store a malicious payload via prompt injection that executes in the browser of any visitor who views the affected page, including administrators."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"BetterDocs","defaultStatus":"unaffected","versions":[{"version":"4.0.0","lessThan":"4.5.5","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T12:32:56.105303Z","id":"CVE-2026-11371","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://wpscan.com/vulnerability/db41e3db-74c2-4b94-bbff-bd1493295241/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-12869","sourceIdentifier":"contact@wpscan.com","published":"2026-07-16T07:16:47.300","lastModified":"2026-07-16T13:43:05.487","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Header Footer Builder for Elementor WordPress plugin before 1.2.1 does not require an administrative capability for its dashboard template-import action (it allows any edit_posts user), so a Contributor can import a template containing an Elementor HTML widget configured to display site-wide, injecting JavaScript that executes in the session of any visitor or administrator who loads the site."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"Header Footer Builder for Elementor","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.2.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T12:34:16.791057Z","id":"CVE-2026-12869","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://wpscan.com/vulnerability/3c6562d9-f55e-4d82-be95-60e82a6feecf/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-12978","sourceIdentifier":"contact@wpscan.com","published":"2026-07-16T07:16:47.577","lastModified":"2026-07-16T13:43:05.487","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The FunnelKit  WordPress plugin before 3.15.0.6 does not escape a user-supplied parameter before reflecting it into the HTML response of one of its page-builder AJAX actions, allowing unauthenticated attackers to perform Reflected Cross-Site Scripting against logged-in users who open a crafted page. The affected action is only registered when the Divi /builder is active."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"FunnelKit","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"3.15.0.6","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T12:42:51.584364Z","id":"CVE-2026-12978","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://wpscan.com/vulnerability/1b22645b-28cb-44f3-a5b9-c81a40175e59/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-12979","sourceIdentifier":"contact@wpscan.com","published":"2026-07-16T07:16:47.663","lastModified":"2026-07-16T13:43:05.487","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The FunnelKit  WordPress plugin before 3.15.0.6 does not validate a user-supplied path before deleting a file during a template-import operation, allowing users with administrator privileges to delete arbitrary .json files outside the intended directory through path traversal, which can disable other FunnelKit  WordPress plugin before 3.15.0.6 or  (denial of service)."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"FunnelKit","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"3.15.0.6","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T12:40:53.139979Z","id":"CVE-2026-12979","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-73"}]}],"references":[{"url":"https://wpscan.com/vulnerability/d81ca171-65eb-484d-917f-f41b0cd20351/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-15925","sourceIdentifier":"412d305a-227d-44f9-a262-a31ba44f2aea","published":"2026-07-16T07:16:47.957","lastModified":"2026-07-16T13:47:43.027","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Improper TLS hostname verification in Snowflake Connector for Python versions prior to 4.7.1 and 3.18.1 may have allowed a network-positioned attacker to bypass certificate hostname validation on HTTPS connections made by the connector. An attacker with on-path network access could exploit this by intercepting or redirecting network traffic and presenting a certificate signed by any trusted CA for any domain, causing the connector to accept connections without validating that the certificate matched the requested hostname. Successful exploitation requires an on-path traffic interception capability (e.g. ARP/DNS poisoning, rogue access point, BGP hijacking, or malicious proxy/exit node). This vulnerability may have exposed credentials, query data, and staged file contents to interception and tampering, and may have enabled the attacker to issue arbitrary SQL within the context of the victim's connector session. Impact is limited by the privileges of the affected Snowflake role. The fix is available in Snowflake Connector for Python versions 4.7.1 and 3.18.1. Users must manually upgrade."}],"affected":[{"source":"412d305a-227d-44f9-a262-a31ba44f2aea","affectedData":[{"vendor":"Snowflake","product":"Snowflake Connector for Python","defaultStatus":"unaffected","versions":[{"version":"3.17.4","lessThan":"3.18.1","versionType":"semver","status":"affected"},{"version":"4.0.0","lessThan":"4.7.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"412d305a-227d-44f9-a262-a31ba44f2aea","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T12:43:01.415022Z","id":"CVE-2026-15925","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"412d305a-227d-44f9-a262-a31ba44f2aea","type":"Secondary","description":[{"lang":"en","value":"CWE-297"}]}],"references":[{"url":"https://github.com/snowflakedb/snowflake-connector-python/releases/tag/v3.18.1","source":"412d305a-227d-44f9-a262-a31ba44f2aea"},{"url":"https://github.com/snowflakedb/snowflake-connector-python/releases/tag/v4.7.1","source":"412d305a-227d-44f9-a262-a31ba44f2aea"}]}},{"cve":{"id":"CVE-2026-13741","sourceIdentifier":"security@wordfence.com","published":"2026-07-16T09:16:16.553","lastModified":"2026-07-16T14:16:48.570","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Digits: WordPress Mobile Number Signup and Login plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 9.1.0.5. This is due to missing authorization and role validation in the `dig_update_wpwc_custom_fields()` function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to escalate their privileges to Administrator by submitting a forged `digits_reg_userrole` value during profile update, granted the site administrator has configured the built-in DIGITS User Role field."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"UnitedOver","product":"Digits: WordPress Mobile Number Signup and Login","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"9.1.0.5","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T13:41:48.688255Z","id":"CVE-2026-13741","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"references":[{"url":"https://digits.unitedover.com/changelog/","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/02a283b2-a369-4927-a54a-61f26bee6ace?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-13754","sourceIdentifier":"security@wordfence.com","published":"2026-07-16T09:16:16.693","lastModified":"2026-07-16T13:38:53.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 3.6.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with custom-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"tickera","product":"Tickera – Sell Tickets & Manage Events","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.6.0.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/tickera-event-ticketing-system/tags/3.6.0.0/includes/addons/better-attendees-and-tickets/index.php#L485","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/tickera-event-ticketing-system/tags/3.6.0.0/includes/addons/better-attendees-and-tickets/index.php#L50","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/tickera-event-ticketing-system/tags/3.6.0.0/includes/addons/better-attendees-and-tickets/index.php#L502","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3605637%40tickera-event-ticketing-system&new=3605637%40tickera-event-ticketing-system","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8113fd51-9e2b-45c4-a17b-b38072da0de9?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-13755","sourceIdentifier":"security@wordfence.com","published":"2026-07-16T09:16:16.827","lastModified":"2026-07-16T13:38:53.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'price_wrapper' Shortcode Attribute in all versions up to, and including, 3.6.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Successful execution of the injected script is limited to victims who have the referenced ticket ID present in their cart cookie, meaning the payload only fires for users who have previously added that ticket to their cart."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"tickera","product":"Tickera – Sell Tickets & Manage Events","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.6.0.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T12:37:06.507281Z","id":"CVE-2026-13755","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/tickera-event-ticketing-system/tags/3.6.0.0/includes/classes/class.shortcodes.php#L212","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/tickera-event-ticketing-system/tags/3.6.0.0/includes/classes/class.shortcodes.php#L232","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/tickera-event-ticketing-system/tags/3.6.0.0/includes/classes/class.shortcodes.php#L33","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3605637%40tickera-event-ticketing-system&new=3605637%40tickera-event-ticketing-system","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f266f9db-a25e-4f50-b3c8-3bea3a7e86ce?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15005","sourceIdentifier":"security@wordfence.com","published":"2026-07-16T09:16:17.060","lastModified":"2026-07-16T13:38:53.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Loco Translate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.5. This is due to missing or incorrect nonce validation on the execTemplate function. This makes it possible for unauthenticated attackers to execute arbitrary PHP code on the server by supplying a php://filter stream wrapper URI as the 'template' parameter, which bypasses path validation and is passed directly to the include sink in execTemplate() via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"timwhitlock","product":"Loco Translate","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.8.5","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T12:25:40.902679Z","id":"CVE-2026-15005","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/loco-translate/tags/2.8.3/src/mvc/AdminController.php#L38","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/loco-translate/tags/2.8.3/src/mvc/AdminRouter.php#L128","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/loco-translate/tags/2.8.3/src/mvc/View.php#L273","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/loco-translate/tags/2.8.3/src/mvc/View.php#L274","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/loco-translate/tags/2.8.5/src/mvc/AdminController.php#L38","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/loco-translate/tags/2.8.5/src/mvc/AdminRouter.php#L128","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/loco-translate/tags/2.8.5/src/mvc/View.php#L273","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/loco-translate/tags/2.8.5/src/mvc/View.php#L274","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3603894%40loco-translate&new=3603894%40loco-translate","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/241d7a82-5fa5-40e3-9336-823644ca17f0?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15021","sourceIdentifier":"security@wordfence.com","published":"2026-07-16T09:16:17.323","lastModified":"2026-07-16T14:16:48.777","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The wpForo Forum plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'location' Profile Field in all versions up to, and including, 3.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The sanitize_text_field() function applied at input does not encode double quotes, allowing attribute breakout via a payload that escapes the href attribute context and injects event handler attributes."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"tomdever","product":"wpForo Forum","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.1.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T13:40:42.462735Z","id":"CVE-2026-15021","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/wpforo/tags/3.0.5/classes/Forms.php#L1035","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wpforo/tags/3.0.5/classes/Forms.php#L1074","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wpforo/tags/3.0.5/classes/Members.php#L1031","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wpforo/tags/3.1.1/classes/Forms.php#L1035","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wpforo/tags/3.1.1/classes/Forms.php#L1074","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wpforo/tags/3.1.1/classes/Members.php#L1031","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3603849%40wpforo&new=3603849%40wpforo","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2cd364c5-c053-4c50-8232-bb47ab8e834b?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15022","sourceIdentifier":"security@wordfence.com","published":"2026-07-16T09:16:17.440","lastModified":"2026-07-16T13:39:36.917","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to generic SQL Injection via Stored Quiz Answer Array in all versions up to, and including, 4.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with custom-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The payload is stored at quiz-attempt time via the wp_ajax_tutor_quiz_abandon handler, but the injected SQL executes only when a privileged user or Tutor REST API key holder requests the /wp-json/tutor/v1/quiz-attempt-details/{id} endpoint, making this a second-order (stored) injection chain."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"themeum","product":"Tutor LMS – eLearning and online course solution","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.0.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.13/classes/Quiz.php#L442","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.13/classes/Quiz.php#L626","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.13/helpers/QueryHelper.php#L951","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.13/restapi/REST_Quiz.php#L286","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.13/restapi/REST_Quiz.php#L384","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.13/restapi/REST_Quiz.php#L415","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.9/classes/Quiz.php#L442","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.9/classes/Quiz.php#L626","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.9/helpers/QueryHelper.php#L951","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.9/restapi/REST_Quiz.php#L286","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.9/restapi/REST_Quiz.php#L384","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.9/restapi/REST_Quiz.php#L415","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8cd603aa-c4d4-488c-b134-6983240c3a18?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15099","sourceIdentifier":"security@wordfence.com","published":"2026-07-16T09:16:17.557","lastModified":"2026-07-16T13:38:53.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Delicious Recipes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'steps' block attribute in versions up to, and including, 1.10.2. This is due to insufficient input sanitization and output escaping in the wrap_direction_text() function, which interpolates the user-supplied href value from nested link nodes ($node['props']['href']) directly into an anchor tag via sprintf() at line 1627 without esc_url() or any URL scheme validation. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts (including javascript: URIs) in pages that will execute whenever a user (such as an editor or administrator previewing the pending post) accesses an injected page and clicks the malicious link."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wpdelicious","product":"WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes)","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.10.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T12:36:06.301075Z","id":"CVE-2026-15099","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/delicious-recipes/tags/1.10.2/src/blocks/dynamic-blocks/class-delicious-dynamic-recipe-card.php#L1288","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/delicious-recipes/tags/1.10.2/src/blocks/dynamic-blocks/class-delicious-dynamic-recipe-card.php#L1627","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/delicious-recipes/tags/1.10.2/src/blocks/dynamic-blocks/class-delicious-dynamic-recipe-card.php#L363","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3605415/delicious-recipes","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4a89c812-a643-47c0-bd33-cfb2389a7646?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15106","sourceIdentifier":"security@wordfence.com","published":"2026-07-16T09:16:17.800","lastModified":"2026-07-16T13:38:53.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 8.5.6. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to delete arbitrary chat session records from the wpbot_user and wpbot_conversation tables, including chat history and conversation logs, by supplying a crafted userid value."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"quantumcloud","product":"WPBot – AI ChatBot for Live Support, Lead Generation, AI Services","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"8.5.6","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T12:38:08.472952Z","id":"CVE-2026-15106","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/chatbot/tags/8.4.9/includes/chat-sessions/wpbot-chat-sessions.php#L372","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/chatbot/tags/8.4.9/includes/chat-sessions/wpbot-chat-sessions.php#L391","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/chatbot/tags/8.4.9/includes/chat-sessions/wpbot-chat-sessions.php#L393","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/chatbot/tags/8.5.0/includes/chat-sessions/wpbot-chat-sessions.php#L372","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/chatbot/tags/8.5.0/includes/chat-sessions/wpbot-chat-sessions.php#L391","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/chatbot/tags/8.5.0/includes/chat-sessions/wpbot-chat-sessions.php#L393","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3608558%40chatbot&new=3608558%40chatbot","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/dc36ee53-81a9-416e-8e74-31d9c8802d6c?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15350","sourceIdentifier":"security@wordfence.com","published":"2026-07-16T09:16:18.047","lastModified":"2026-07-16T14:16:48.880","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The The Cache Purger plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.3.20. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to permanently truncate the plugin's cache-purge audit log (wp-content/purge.log), destroying the entire cache-purge audit history. The tcp_log_purge nonce is rendered in the admin bar on frontend pages accessible to all authenticated users including subscribers, meaning any authenticated user possesses the nonce required to trigger the deletion."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"kevp75","product":"The Cache Purger","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.3.20","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T13:44:28.384244Z","id":"CVE-2026-15350","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/the-cache-purger/tags/2.3.03/work/inc/kp-cache-purge-admin.php#L132","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/the-cache-purger/tags/2.3.03/work/inc/kp-cache-purge-common.php#L223","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/the-cache-purger/tags/2.3.03/work/inc/kp-cache-purge-common.php#L242","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/the-cache-purger/tags/2.3.03/work/inc/kp-cache-purge-common.php#L99","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3603867%40the-cache-purger&new=3603867%40the-cache-purger","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5a9943b5-0f6d-4fbd-97eb-df61acd0c297?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15407","sourceIdentifier":"security@wordfence.com","published":"2026-07-16T09:16:18.163","lastModified":"2026-07-16T13:38:53.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Themify Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 7.7.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to overwrite or delete the generated CSS stylesheet file of arbitrary posts, including private and draft posts owned by other users, and modify plugin-scoped font options. The required CSRF nonce (tf_nonce) is emitted on public front-end builder pages via wp_localize_script, making it trivially obtainable by any authenticated user visiting such a page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"themifyme","product":"Themify Builder","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"7.7.7","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/themify-builder/tags/7.7.5/classes/class-themify-builder-stylesheet.php#L160","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/themify-builder/tags/7.7.5/classes/class-themify-builder-stylesheet.php#L17","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/themify-builder/tags/7.7.5/classes/class-themify-builder-stylesheet.php#L313","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/themify-builder/tags/7.7.5/classes/class-themify-builder-stylesheet.php#L69","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/themify-builder/tags/7.7.7/classes/class-themify-builder-stylesheet.php#L160","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/themify-builder/tags/7.7.7/classes/class-themify-builder-stylesheet.php#L17","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/themify-builder/tags/7.7.7/classes/class-themify-builder-stylesheet.php#L313","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/themify-builder/tags/7.7.7/classes/class-themify-builder-stylesheet.php#L69","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3607906%40themify-builder&new=3607906%40themify-builder","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b59e2773-31f0-4c19-b066-30982761bc44?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15610","sourceIdentifier":"security@wordfence.com","published":"2026-07-16T09:16:18.280","lastModified":"2026-07-16T13:38:53.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 8.5.6. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to trigger arbitrary re-embedding of stored RAG documents, modifying the rag_documents table and consuming the site owner's paid third-party AI API credits (OpenAI, Gemini, OpenRouter, or xAI)."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"quantumcloud","product":"WPBot – AI ChatBot for Live Support, Lead Generation, AI Services","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"8.5.6","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T12:36:39.621686Z","id":"CVE-2026-15610","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/chatbot/tags/8.4.9/includes/class-qcld-bot-rag.php#L27","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/chatbot/tags/8.4.9/includes/class-qcld-bot-rag.php#L791","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/chatbot/tags/8.4.9/qcld-wpwbot.php#L608","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/chatbot/tags/8.5.5/includes/class-qcld-bot-rag.php#L27","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/chatbot/tags/8.5.5/includes/class-qcld-bot-rag.php#L791","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/chatbot/tags/8.5.5/qcld-wpwbot.php#L608","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3608558%40chatbot&new=3608558%40chatbot","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e905d146-66bf-4d6d-b2f5-fd3f862101af?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15727","sourceIdentifier":"security@wordfence.com","published":"2026-07-16T09:16:18.510","lastModified":"2026-07-16T13:38:53.050","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The WP Bulk Delete plugin for WordPress is vulnerable to generic SQL Injection via the 'delete_user_roles' parameter in all versions up to, and including, 1.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. wp_unslash() is applied to the raw POST body before parse_str() decomposes it, stripping WordPress magic-quotes protection and leaving attacker-controlled values fully unescaped prior to reaching the SQL sink."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"xylus","product":"WP Bulk Delete","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.4.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T12:23:15.338871Z","id":"CVE-2026-15727","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/wp-bulk-delete/tags/1.4.1/includes/ajax-delete-handler.php#L118","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-bulk-delete/tags/1.4.1/includes/ajax-delete-handler.php#L36","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-bulk-delete/tags/1.4.1/includes/class-delete-api.php#L1071","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-bulk-delete/tags/1.4.1/includes/class-delete-api.php#L1113","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-bulk-delete/tags/1.4.2/includes/ajax-delete-handler.php#L118","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-bulk-delete/tags/1.4.2/includes/ajax-delete-handler.php#L36","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-bulk-delete/tags/1.4.2/includes/class-delete-api.php#L1071","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-bulk-delete/tags/1.4.2/includes/class-delete-api.php#L1113","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3608270/wp-bulk-delete/trunk/includes/class-delete-api.php","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/39d325d4-073c-47b6-8ea4-30637417f0d7?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-58078","sourceIdentifier":"security@joomla.org","published":"2026-07-16T09:16:19.140","lastModified":"2026-07-16T13:55:15.293","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Joomla extension Quix Page Builder Pro is vulnerable to an unauthenticated SQL injection."}],"affected":[{"source":"security@joomla.org","affectedData":[{"vendor":"themexpert.com","product":"Quix Page Builder Pro extension for Joomla","defaultStatus":"unaffected","versions":[{"version":"1.0-6.2.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@joomla.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T12:31:48.017624Z","id":"CVE-2026-58078","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@joomla.org","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://mysites.guru/blog/quix-sql-injection-disclosure/","source":"security@joomla.org"},{"url":"https://www.themexpert.com/quix-pagebuilder","source":"security@joomla.org"}]}},{"cve":{"id":"CVE-2026-6423","sourceIdentifier":"security@eset.com","published":"2026-07-16T09:16:19.273","lastModified":"2026-07-16T13:49:40.270","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A local privilege escalation vulnerability in ESET Inspect Connector. \nThe vulnerability was caused by improper authentication in an IPC channel."}],"affected":[{"source":"security@eset.com","affectedData":[{"vendor":"ESET, spol. s.r.o.","product":"ESET Inspect Connector","defaultStatus":"unaffected","platforms":["Windows"],"versions":[{"version":"0","lessThanOrEqual":"3.0.5775.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@eset.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T12:34:20.351046Z","id":"CVE-2026-6423","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@eset.com","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"references":[{"url":"https://support.eset.com/en/ca8970-eset-customer-advisory-local-privilege-escalation-via-unauthenticated-alpc-in-eset-inspect-connector-for-windows-fixed","source":"security@eset.com"}]}},{"cve":{"id":"CVE-2026-6424","sourceIdentifier":"security@eset.com","published":"2026-07-16T09:16:19.403","lastModified":"2026-07-16T13:49:40.270","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Use-after-free vulnerability in ESET Linux products potentially allowed an attacker to trigger kernel panic on the system"}],"affected":[{"source":"security@eset.com","affectedData":[{"vendor":"ESET, spol. s.r.o.","product":"ESET Endpoint Antivirus for Linux","defaultStatus":"unaffected","platforms":["Linux"],"versions":[{"version":"13.1","lessThanOrEqual":"13.1.3.0","versionType":"custom","status":"affected","changes":[{"at":"13.1.5.0","status":"unaffected"}]},{"version":"13.0","lessThanOrEqual":"13.0.3.0","versionType":"custom","status":"affected","changes":[{"at":"13.0.5.0","status":"unaffected"}]},{"version":"12.2","lessThanOrEqual":"12.2.8.0","versionType":"custom","status":"affected","changes":[{"at":"12.2.9.0","status":"unaffected"}]},{"version":"12.1","lessThanOrEqual":"12.1.1.0","versionType":"custom","status":"affected","changes":[{"at":"12.1.2.0","status":"unaffected"}]},{"version":"12.0","lessThanOrEqual":"12.0.13.0","versionType":"custom","status":"affected","changes":[{"at":"12.0.14.0","status":"unaffected"}]},{"version":"13.2.3.0","status":"unaffected"}]},{"vendor":"ESET, spol. s.r.o.","product":"ESET Server Security for Linux","defaultStatus":"unaffected","platforms":["Linux"],"versions":[{"version":"13.1","lessThanOrEqual":"13.1.116.0","versionType":"custom","status":"affected","changes":[{"at":"13.1.118.0","status":"unaffected"}]},{"version":"13.0","lessThanOrEqual":"13.0.34.0","versionType":"custom","status":"affected","changes":[{"at":"13.0.36.0","status":"unaffected"}]},{"version":"12.2","lessThanOrEqual":"12.2.72.0","versionType":"custom","status":"affected","changes":[{"at":"12.2.73.0","status":"unaffected"}]},{"version":"12.1","lessThanOrEqual":"12.1.406.0","versionType":"custom","status":"affected","changes":[{"at":"12.1.407.0","status":"unaffected"}]},{"version":"12.0","lessThanOrEqual":"12.0.287.0","versionType":"custom","status":"affected","changes":[{"at":"12.0.292.0","status":"unaffected"}]},{"version":"13.2.53.0","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@eset.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T12:17:24.495540Z","id":"CVE-2026-6424","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@eset.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"references":[{"url":"https://support.eset.com/en/ca8972-eset-customer-advisory-use-after-free-vulnerability-in-eset-security-products-for-linux-fixed","source":"security@eset.com"}]}},{"cve":{"id":"CVE-2026-22752","sourceIdentifier":"security@vmware.com","published":"2026-07-16T10:16:24.767","lastModified":"2026-07-16T13:47:43.027","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Authentication bypass by primary weakness vulnerability in Spring Security Spring Authorization Server.\n\nThis issue affects Spring Authorization Server: from 7.0.0 through 7.0.4, from 1.5.0 through 1.5.6, from 1.4.0 through 1.4.9, from 1.3.0 through 1.3.10."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring Security","product":"Spring Authorization Server","defaultStatus":"unaffected","versions":[{"version":"7.0.0","lessThanOrEqual":"7.0.4","versionType":"custom","status":"affected"},{"version":"1.5.0","lessThanOrEqual":"1.5.6","versionType":"custom","status":"affected"},{"version":"1.4.0","lessThanOrEqual":"1.4.9","versionType":"custom","status":"affected"},{"version":"1.3.0","lessThanOrEqual":"1.3.10","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":5.8}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T12:15:31.051109Z","id":"CVE-2026-22752","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://spring.io/security/cve-2026-22752","source":"security@vmware.com"}]}},{"cve":{"id":"CVE-2023-49899","sourceIdentifier":"info@cert.vde.com","published":"2026-07-16T11:16:35.597","lastModified":"2026-07-16T13:50:59.307","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An unauthenticated remote attacker can execute any command on the affected device due to not correctly verifying the origin of a communication channel."}],"affected":[{"source":"info@cert.vde.com","affectedData":[{"vendor":"X-Rite","product":"MA-T6","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"v2.33","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"info@cert.vde.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"info@cert.vde.com","type":"Primary","description":[{"lang":"en","value":"CWE-346"}]}],"references":[{"url":"https://claroty.com/team82/disclosure-dashboard/cve-2023-49899","source":"info@cert.vde.com"}]}},{"cve":{"id":"CVE-2026-35146","sourceIdentifier":"psirt@hcl.com","published":"2026-07-16T12:17:35.493","lastModified":"2026-07-16T13:47:43.027","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"HCL DFXServer is affected by an Unencrypted Communication vulnerability. The application permits users to establish connections over unencrypted channels via the HTTP protocol, which could allow a remote attacker to intercept network traffic and expose sensitive data transmitted between the user and the application."}],"affected":[{"source":"psirt@hcl.com","affectedData":[{"vendor":"HCLSoftware","product":"DFXServer","defaultStatus":"unaffected","versions":[{"version":"version 2.5 and below","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T12:12:56.726291Z","id":"CVE-2026-35146","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@hcl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-326"}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0131782","source":"psirt@hcl.com"}]}},{"cve":{"id":"CVE-2026-35147","sourceIdentifier":"psirt@hcl.com","published":"2026-07-16T12:17:35.617","lastModified":"2026-07-16T13:47:43.027","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"HCL DFXServer is affected by a Broken Authentication vulnerability via direct API access. The application fails to verify the user's authentication status when accessing specific API endpoints, allowing an unauthenticated attacker to interact with the APIs and perform unauthorized actions without valid credentials."}],"affected":[{"source":"psirt@hcl.com","affectedData":[{"vendor":"HCL Software","product":"DFXServer","defaultStatus":"unaffected","versions":[{"version":"version 2.5 and below","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T11:53:13.346076Z","id":"CVE-2026-35147","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@hcl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0131782","source":"psirt@hcl.com"}]}},{"cve":{"id":"CVE-2026-35148","sourceIdentifier":"psirt@hcl.com","published":"2026-07-16T12:17:35.733","lastModified":"2026-07-16T13:47:43.027","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"HCL DFXServer is affected by a Missing Access Control vulnerability. This vulnerability states that certain endpoints are accessible without any form of authentication in another browser. This allows any network user to invoke these APIs and interact with the application without verification of their identity or authorization level."}],"affected":[{"source":"psirt@hcl.com","affectedData":[{"vendor":"HCL Software","product":"DFXServer","defaultStatus":"unaffected","versions":[{"version":"version 2.5 and below","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T12:07:14.935323Z","id":"CVE-2026-35148","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@hcl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0131782","source":"psirt@hcl.com"}]}},{"cve":{"id":"CVE-2026-35149","sourceIdentifier":"psirt@hcl.com","published":"2026-07-16T12:17:35.870","lastModified":"2026-07-16T13:47:43.027","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"HCL DFXServer is affected by an Authentication Bypass vulnerability via server response manipulation. An unauthorized user without valid credentials can exploit this flaw by intercepting and altering the server's authentication responses, allowing them to gain unauthorized access to the application without verification."}],"affected":[{"source":"psirt@hcl.com","affectedData":[{"vendor":"HCL Software","product":"DFXServer","defaultStatus":"unaffected","versions":[{"version":"version 2.5 and below","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T12:06:27.976772Z","id":"CVE-2026-35149","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@hcl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-294"}]}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0131782","source":"psirt@hcl.com"}]}},{"cve":{"id":"CVE-2026-59249","sourceIdentifier":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","published":"2026-07-16T12:18:07.170","lastModified":"2026-07-16T13:49:40.270","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Inconsistent interpretation of HTTP requests (HTTP response smuggling) vulnerability in elixir-mint mint allows a malicious HTTP/1 server to desynchronize a strict intermediary and the Mint client on the same pooled connection, enabling response-queue poisoning against subsequent requests that share the connection.\n\nThe Mint.HTTP1.decode_body/5 function in lib/mint/http1.ex parses the chunk-size line of a Transfer-Encoding: chunked response with Integer.parse(data, 16). RFC 7230 defines chunk-size = 1*HEXDIG and forbids any sign prefix, but Integer.parse/2 accepts an optional leading + or -. A chunk-size line of +5 is accepted as a five-byte chunk; lines of +0 and -0 are accepted as the terminating zero-length chunk and end the message body early.\n\nAn RFC-strict intermediary in the response path rejects these forms, so the intermediary and the Mint client disagree on where one response ends and the next begins. On a pooled keep-alive connection, an attacker-influenced origin can inject bytes that the client attributes to the next legitimate response on the same connection, poisoning the response queue and corrupting the responses returned to unrelated in-flight requests.\n\nThis issue affects mint: from 0.1.0 before 1.9.3."}],"affected":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","affectedData":[{"vendor":"elixir-mint","product":"mint","defaultStatus":"unaffected","collectionURL":"https://repo.hex.pm","packageName":"mint","cpes":["cpe:2.3:a:elixir-mint:mint:*:*:*:*:*:*:*:*"],"modules":["'Elixir.Mint.HTTP1'"],"programFiles":["lib/mint/http1.ex"],"programRoutines":[{"name":"'Elixir.Mint.HTTP1':decode_body/5"}],"repo":"https://github.com/elixir-mint/mint","packageURL":"pkg:hex/mint","versions":[{"version":"0.1.0","lessThan":"1.9.3","versionType":"semver","status":"affected"}]},{"vendor":"elixir-mint","product":"mint","defaultStatus":"unaffected","collectionURL":"https://github.com","packageName":"elixir-mint/mint","cpes":["cpe:2.3:a:elixir-mint:mint:*:*:*:*:*:*:*:*"],"modules":["'Elixir.Mint.HTTP1'"],"programFiles":["lib/mint/http1.ex"],"programRoutines":[{"name":"'Elixir.Mint.HTTP1':decode_body/5"}],"repo":"https://github.com/elixir-mint/mint","packageURL":"pkg:github/elixir-mint/mint","versions":[{"version":"60089586ec7adc9fddb09f69a2f5919ba9ac7f33","lessThan":"fc7d16538db7e40b56ed489f08683225cb0197fa","versionType":"git","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T12:37:52.637521Z","id":"CVE-2026-59249","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","description":[{"lang":"en","value":"CWE-444"}]}],"references":[{"url":"https://cna.erlef.org/cves/CVE-2026-59249.html","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/elixir-mint/mint/commit/fc7d16538db7e40b56ed489f08683225cb0197fa","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/elixir-mint/mint/security/advisories/GHSA-x3x7-96vm-6h2w","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://osv.dev/vulnerability/EEF-CVE-2026-59249","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/elixir-mint/mint/security/advisories/GHSA-x3x7-96vm-6h2w","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2024-58360","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-16T13:16:23.000","lastModified":"2026-07-16T13:43:05.487","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"stoatchat versions before 0.7.8 fail to enforce account creation restrictions including invite-only mode, email verification, captcha, and shield verification. Attackers can create unlimited accounts with unverified email addresses, increasing denial-of-service risk and compromising service integrity."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"stoatchat","product":"stoatchat","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"0.7.8","versionType":"semver","status":"affected"},{"version":"0.7.8","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-1173"}]}],"references":[{"url":"https://github.com/stoatchat/stoatchat/commit/eda36436a862bcab92f7ac2cf1c2dd88c41e52a4","source":"disclosure@vulncheck.com"},{"url":"https://github.com/stoatchat/stoatchat/security/advisories/GHSA-f26h-rqjq-qqjq","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/stoatchat-before-unrestricted-account-creation","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2025-71377","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-16T13:16:24.057","lastModified":"2026-07-16T14:16:46.890","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"stoatchat (delta) versions before 20250210-1 (0.8.2) contain a logic error in the query messages route. When fetching messages 'nearby' another message, the database query can be given a message limit of zero, which the database interprets as 'no limit'. A remote unauthenticated attacker can craft nearby message fetch requests to download an entire channel's message history in a single expensive request, and can send many such requests in parallel, resulting in denial of service through resource exhaustion."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"stoatchat","product":"stoatchat","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"20250210-1 (0.8.2)","versionType":"semver","status":"affected"},{"version":"20250210-1 (0.8.2)","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T12:58:58.260798Z","id":"CVE-2025-71377","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1025"}]}],"references":[{"url":"https://github.com/stoatchat/stoatchat/commit/5f84daa9dba34c103cd83a2ee1f5e5ba900bfe94","source":"disclosure@vulncheck.com"},{"url":"https://github.com/stoatchat/stoatchat/security/advisories/GHSA-h7h6-7pxm-mc66","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/stoatchat-before-20250210-1-unrestricted-message-history-fetch","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-11386","sourceIdentifier":"security@ubuntu.com","published":"2026-07-16T13:16:24.770","lastModified":"2026-07-16T14:16:48.040","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An input validation and injection vulnerability exists in Canonical ubuntu-pro-client (formerly ubuntu-advantage-tools). The client constructs APT source files (such as /etc/apt/sources.list.d/ubuntu-.list or their DEB822 equivalents) using data received directly from the contract server response via the directives.suites[] and directives.aptURL fields. Because the client utilizes Python's str.format() to write these files without performing escaping, validation, or newline character filtering, a malicious or tampered contract response containing embedded newline (\\n) characters can successfully inject arbitrary, attacker-controlled deb configuration lines into root-owned APT sources. When combined with the unvalidated additionalPackages[] field—which is passed positionally into a root-executed apt-get install command—an attacker capable of spoofing or manipulating the contract response (e.g., via a compromised internal infrastructure, an intercepted connection utilizing a trusted CA, or local logical bugs) can force the client to fetch and install malicious packages. This ultimately leads to arbitrary code execution with root privileges on the affected system. This component is preinstalled on supported Ubuntu Server releases and auto-attaches by default on cloud provider Ubuntu Pro images."}],"affected":[{"source":"security@ubuntu.com","affectedData":[{"vendor":"Canonical","product":"ubuntu-pro-client (ubuntu-advantage-tools)","defaultStatus":"unaffected","collectionURL":"https://github.com/canonical/","packageName":"ubuntu-pro-client","platforms":["Linux"],"repo":"https://github.com/canonical/ubuntu-pro-client","versions":[{"version":"0","lessThan":"37.3","versionType":"python","status":"affected"}]},{"vendor":"Canonical","product":"Ubuntu 26.04 LTS","defaultStatus":"affected","collectionURL":"https://launchpad.net/ubuntu/resolute","packageName":"ubuntu-advantage-tools","platforms":["Linux"],"repo":"https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools","versions":[{"version":"37.2ubuntu0.1","versionType":"dpkg","status":"unaffected"}]},{"vendor":"Canonical","product":"Ubuntu 24.04 LTS","defaultStatus":"affected","collectionURL":"https://launchpad.net/ubuntu/noble","packageName":"ubuntu-advantage-tools","platforms":["Linux"],"repo":"https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools","versions":[{"version":"37.2ubuntu~24.04.1","versionType":"dpkg","status":"unaffected"}]},{"vendor":"Canonical","product":"Ubuntu 22.04 LTS","defaultStatus":"affected","collectionURL":"https://launchpad.net/ubuntu/jammy","packageName":"ubuntu-advantage-tools","platforms":["Linux"],"repo":"https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools","versions":[{"version":"37.2ubuntu~22.04.1","versionType":"dpkg","status":"unaffected"}]},{"vendor":"Canonical","product":"Ubuntu 20.04 LTS","defaultStatus":"affected","collectionURL":"https://launchpad.net/ubuntu/focal","packageName":"ubuntu-advantage-tools","platforms":["Linux"],"repo":"https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools","versions":[{"version":"37.1ubuntu0~20.04.1","versionType":"dpkg","status":"unaffected"}]},{"vendor":"Canonical","product":"Ubuntu 18.04 LTS","defaultStatus":"affected","collectionURL":"https://launchpad.net/ubuntu/bionic","packageName":"ubuntu-advantage-tools","platforms":["Linux"],"repo":"https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools","versions":[{"version":"37.1ubuntu0~18.04.1","versionType":"dpkg","status":"unaffected"}]},{"vendor":"Canonical","product":"Ubuntu 16.04 LTS","defaultStatus":"affected","collectionURL":"https://launchpad.net/ubuntu/xenial","packageName":"ubuntu-advantage-tools","platforms":["Linux"],"repo":"https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools","versions":[{"version":"37.1ubuntu0~16.04.1","versionType":"dpkg","status":"unaffected"}]},{"vendor":"Canonical","product":"Ubuntu 14.04 LTS","defaultStatus":"affected","collectionURL":"https://launchpad.net/ubuntu/trusty","packageName":"ubuntu-advantage-tools","platforms":["Linux"],"repo":"https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools","versions":[{"version":"19.7ubuntu0.1","versionType":"dpkg","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@ubuntu.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":9.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T13:30:45.443694Z","id":"CVE-2026-11386","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@ubuntu.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://ubuntu.com/security/CVE-2026-11386","source":"security@ubuntu.com"}]}},{"cve":{"id":"CVE-2026-12391","sourceIdentifier":"security@ubuntu.com","published":"2026-07-16T13:16:24.930","lastModified":"2026-07-16T14:16:48.203","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An insecure symlink following vulnerability exists in Canonical ubuntu-pro-client (formerly ubuntu-advantage-tools) within the pro collect-logs command framework. The utility creates or utilizes predictable temporary file paths or user-accessible log directories when gathering diagnostic information without verifying the file type or ownership. An unprivileged local attacker can exploit this behavior by creating a symbolic link (symlink) at a predictable destination path pointing to an arbitrary, root-readable file (such as /etc/shadow or private files within /root). When a root administrator or operator subsequently executes the pro collect-logs command, the tool follows the user-controlled symlink, reads the target file, and compresses its contents into the resulting diagnostic support archive. Because the output archive remains readable by the unprivileged user, the attacker can extract and read the sensitive root-owned files, leading to a complete information disclosure of system secrets."}],"affected":[{"source":"security@ubuntu.com","affectedData":[{"vendor":"Canonical","product":"ubuntu-pro-client (ubuntu-advantage-tools)","defaultStatus":"unaffected","collectionURL":"https://github.com/canonical/","packageName":"ubuntu-pro-client","platforms":["Linux"],"repo":"https://github.com/canonical/ubuntu-pro-client","versions":[{"version":"0","lessThan":"37.3","versionType":"python","status":"affected"}]},{"vendor":"Canonical","product":"Ubuntu 26.04 LTS","defaultStatus":"affected","collectionURL":"https://launchpad.net/ubuntu/resolute","packageName":"ubuntu-advantage-tools","platforms":["Linux"],"repo":"https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools","versions":[{"version":"37.2ubuntu0.1","versionType":"dpkg","status":"unaffected"}]},{"vendor":"Canonical","product":"Ubuntu 24.04 LTS","defaultStatus":"affected","collectionURL":"https://launchpad.net/ubuntu/noble","packageName":"ubuntu-advantage-tools","platforms":["Linux"],"repo":"https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools","versions":[{"version":"37.2ubuntu~24.04.1","versionType":"dpkg","status":"unaffected"}]},{"vendor":"Canonical","product":"Ubuntu 22.04 LTS","defaultStatus":"affected","collectionURL":"https://launchpad.net/ubuntu/jammy","packageName":"ubuntu-advantage-tools","platforms":["Linux"],"repo":"https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools","versions":[{"version":"37.2ubuntu~22.04.1","versionType":"dpkg","status":"unaffected"}]},{"vendor":"Canonical","product":"Ubuntu 20.04 LTS","defaultStatus":"affected","collectionURL":"https://launchpad.net/ubuntu/focal","packageName":"ubuntu-advantage-tools","platforms":["Linux"],"repo":"https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools","versions":[{"version":"37.1ubuntu0~20.04.1","versionType":"dpkg","status":"unaffected"}]},{"vendor":"Canonical","product":"Ubuntu 18.04 LTS","defaultStatus":"affected","collectionURL":"https://launchpad.net/ubuntu/bionic","packageName":"ubuntu-advantage-tools","platforms":["Linux"],"repo":"https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools","versions":[{"version":"37.1ubuntu0~18.04.1","versionType":"dpkg","status":"unaffected"}]},{"vendor":"Canonical","product":"Ubuntu 16.04 LTS","defaultStatus":"affected","collectionURL":"https://launchpad.net/ubuntu/xenial","packageName":"ubuntu-advantage-tools","platforms":["Linux"],"repo":"https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools","versions":[{"version":"37.1ubuntu0~16.04.1","versionType":"dpkg","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@ubuntu.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.3,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T13:20:30.714803Z","id":"CVE-2026-12391","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@ubuntu.com","type":"Secondary","description":[{"lang":"en","value":"CWE-59"}]}],"references":[{"url":"https://ubuntu.com/security/CVE-2026-12391","source":"security@ubuntu.com"}]}},{"cve":{"id":"CVE-2026-63306","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-16T13:16:33.597","lastModified":"2026-07-16T14:16:56.960","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"stoatchat before 0.13.5 contains an unauthenticated server-side request forgery vulnerability in the /proxy and /embed endpoints that accept arbitrary URLs without DNS resolution filtering or private IP range validation. Attackers can enumerate internal services, fingerprint applications, and reach instance metadata endpoints by supplying malicious URLs or leveraging redirect chains to access internal infrastructure."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"stoatchat","product":"stoatchat","defaultStatus":"unaffected","packageURL":"pkg:cargo/revolt-january","versions":[{"version":"0","lessThan":"0.13.5","versionType":"semver","status":"affected"},{"version":"0.13.5","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-16T13:17:07.146090Z","id":"CVE-2026-63306","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/stoatchat/stoatchat/security/advisories/GHSA-xhww-5g9p-vvq5","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/stoatchat-before-unauthenticated-ssrf-via-proxy-and-embed-endpoints","source":"disclosure@vulncheck.com"},{"url":"https://github.com/stoatchat/stoatchat/security/advisories/GHSA-xhww-5g9p-vvq5","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}]}