| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-14777 | Keycloak: keycloak idor in realm client creating/deleting | Red Hat | Red Hat build of Keycloak 26.4 | Medium | 6.0 | 2025-12-16 05:02:42 | Deep Dive |
| CVE-2025-11393 | Insights-runtimes-tech-preview/runtimes-inventory-rhel8-operator: improper proxy configuration allows unauthorized administrative commands | Red Hat | Red Hat Lightspeed (formerly Insights) for Runtimes 1 | High | 8.7 | 2025-12-15 17:03:45 | Deep Dive |
| CVE-2025-13888 | Openshift-gitops-operator: openshift gitops: namespace admin cluster takeover via privileged jobs | redhat-developer | gitops-operator | Critical | 9.1 | 2025-12-15 15:36:49 | Deep Dive |
| CVE-2025-14523 | Libsoup: libsoup: duplicate host header handling causes host-parsing discrepancy (first- vs last-value wins) | Red Hat | Red Hat Enterprise Linux 10 | High | 8.2 | 2025-12-11 12:30:59 | Deep Dive |
| CVE-2025-14512 | Glib: integer overflow in glib gio attribute escaping causes heap buffer overflow | GNOME | glib | Medium | 6.5 | 2025-12-11 07:11:02 | Deep Dive |
| CVE-2025-14082 | Keycloak-services: keycloak admin rest api: improper access control leads to sensitive role metadata information disclosure | Red Hat | Red Hat build of Keycloak 26.4 | Low | 2.7 | 2025-12-10 09:04:51 | Deep Dive |
| CVE-2025-14087 | Glib: glib: buffer underflow in gvariant parser leads to heap corruption | GNOME | glib | Medium | 5.6 | 2025-12-10 09:01:34 | Deep Dive |
| CVE-2025-14104 | Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames | util-linux | util-linux | Medium | 6.1 | 2025-12-05 16:22:09 | Deep Dive |
| CVE-2025-66287 | Webkitgtk: processing maliciously crafted web content may lead to an unexpected process crash | The WebKitGTK Team | WebKitGTK | High | 8.8 | 2025-12-04 16:48:31 | Deep Dive |
| CVE-2025-14010 | Ansible-collection-community-general: ansible-collection-community-general: keycloak user module leaks credentials in verbose output | ansible-collections | Ansible Community General Collection | Medium | 5.5 | 2025-12-04 09:51:56 | Deep Dive |
| CVE-2024-3884 | Undertow: outofmemory when parsing form data encoding with application/x-www-form-urlencoded | Red Hat | Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 | High | 7.5 | 2025-12-03 18:40:26 | Deep Dive |
| CVE-2025-13947 | Webkit: webkitgtk: remote user-assisted information disclosure via file drag-and-drop | The WebKitGTK Team | webkitgtk | High | 7.4 | 2025-12-03 09:46:00 | Deep Dive |
| CVE-2025-12744 | Abrt: command-injection in abrt leading to local privilege escalation | - | - | High | 8.8 | 2025-12-03 08:33:07 | Deep Dive |
| CVE-2025-57850 | Codeready-ws: privilege escalation via excessive /etc/passwd permissions | Red Hat | Red Hat OpenShift Dev Spaces | Medium | 6.4 | 2025-12-02 18:53:36 | Deep Dive |
| CVE-2021-4472 | Python-mistralclient: mistral-dashboard: local file inclusion through the 'create workbook' feature | Red Hat | Red Hat OpenStack Platform 13 (Queens) | Medium | 6.5 | 2025-11-26 18:31:10 | Deep Dive |
| CVE-2025-13601 | Glib: integer overflow in in g_escape_uri_string() | - | - | High | 7.7 | 2025-11-26 14:44:23 | Deep Dive |
| CVE-2025-13467 | Org.keycloak.storage.ldap: keycloak: deserialization of untrusted data in ldap user federation | Keycloak | Keycloak | Medium | 5.5 | 2025-11-25 16:02:21 | Deep Dive |
| CVE-2025-13502 | Webkit: webkitgtk / wpe webkit: out-of-bounds read and integer underflow vulnerability leading to dos | The WebKitGTK Team | webkitgtk | High | 7.5 | 2025-11-25 08:02:26 | Deep Dive |
| CVE-2025-13609 | Keylime: keylime: registrar allows identity takeover via duplicate uuid registration | Keylime Project | keylime | High | 8.2 | 2025-11-24 18:08:56 | Deep Dive |
| CVE-2025-54770 | Grub2: use-after-free in net_set_vlan | GNU | grub2 | Medium | 4.9 | 2025-11-18 18:30:10 | Deep Dive |