Common Vulnerabilities and Exposures (CVE)

CVE-2025-9784

Nov 20, 2025 07:36:11 UTC

A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server ...

CVE-2025-2586

Nov 20, 2025 07:36:06 UTC

A flaw was found in the OpenShift Lightspeed Service, which is vulnerable to unauthenticated API request flooding. Repeated queries to non-existent endpoints inflate metrics storage and processing, consuming excessive resources. This issue ...

CVE-2024-9632

Nov 20, 2025 07:35:04 UTC

A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local ...

CVE-2024-9050

Nov 20, 2025 07:34:26 UTC

A flaw was found in the libreswan client plugin for NetworkManager (NetkworkManager-libreswan), where it fails to properly sanitize the VPN configuration from the local unprivileged user. In this configuration, composed by a key-value forma...

CVE-2024-8768

Nov 20, 2025 07:34:23 UTC

A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service.

CVE-2024-8698

Nov 20, 2025 07:34:21 UTC

A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of t...

CVE-2024-8509

Nov 20, 2025 07:34:11 UTC

A vulnerability was found in Forklift Controller.  There is no verification against the authorization header except to ensure it uses bearer authentication. Without an Authorization header and some form of a Bearer token, a 401 error occurs...

CVE-2024-7557

Nov 20, 2025 07:33:14 UTC

A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation across models within the same namespace. When deploying AI models, the UI provides the option to protect models with authentication. Ho...

CVE-2024-6861

Nov 20, 2025 07:31:26 UTC

A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin authentication keys which could result in a compromise of...

CVE-2024-4438

Nov 20, 2025 07:31:01 UTC

The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2023-39325/CVE-2023-44487, known as Rapid Reset. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://gol...

CVE-2024-4437

Nov 20, 2025 07:30:50 UTC

The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2021-44716. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the on...

CVE-2025-2877

Nov 20, 2025 07:27:35 UTC

A flaw was found in the Ansible Automation Platform's Event-Driven Ansible. In configurations where verbosity is set to "debug", inventory passwords are exposed in plain text when starting a rulebook activation. This issue exists for any "d...

CVE-2025-3528

Nov 20, 2025 07:27:03 UTC

A flaw was found in the Mirror Registry. The quay-app container shipped as part of the Mirror Registry for OpenShift has write access to the `/etc/passwd`. This flaw allows a malicious actor with access to the container to modify the passwd...

CVE-2025-3501

Nov 20, 2025 07:27:01 UTC

A flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is unintended.

CVE-2025-2241

Nov 20, 2025 07:26:22 UTC

A flaw was found in Hive, a component of Multicluster Engine (MCE) and Advanced Cluster Management (ACM). This vulnerability causes VCenter credentials to be exposed in the ClusterProvision object after provisioning a VSphere cluster. Users...