Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Red Hat — Vulnerabilities & Security Advisories 676

Browse all 676 CVE security advisories affecting Red Hat. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Red Hat:Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6AnsibleRed Hat Enterprise Linux 9keycloakRed Hat build of Keycloak 26.4Red Hat Enterprise Linux 7glusterfsRed Hat Build of KeycloakkernelRed Hat Hardened ImagesRed Hat build of Keycloak 26.2newlibmirror registry for Red Hat OpenShiftRed Hat Single Sign-On 7OpenShiftundertowRed Hat Ansible Automation Platform 2.5 for RHEL 8sambaRed Hat Quay 3Red Hat Ansible Automation Platform 2wildflyipacloudformsRed Hat Advanced Cluster Security 4.2Red Hat Ansible Automation Platform 2.4 for RHEL 8cfmeRed Hat Satellite 6.16 for RHEL 8Red Hat build of Apache Camel for Spring Boot 4
CVE IDTitleCVSSSeverityPublished
CVE-2026-1530 Fog-kubevirt: fog-kubevirt: man-in-the-middle vulnerability due to disabled certificate validation — Red Hat Satellite 6.16 for RHEL 8CWE-295 8.1 High2026-02-02
CVE-2026-1531 Foreman-kubevirt: foreman_kubevirt: man-in-the-middle due to insecure default ssl verification — Red Hat Satellite 6.16 for RHEL 8CWE-295 8.1 High2026-02-02
CVE-2025-13881 Org.keycloak.services.resources.admin: keycloak: limited administrator can retrieve sensitive user attributes via admin api — Red Hat build of Keycloak 26.4CWE-266 2.7 Low2026-02-02
CVE-2024-4027 Undertow: outofmemoryerror in httpservletrequestimpl.getparameternames() can cause remote dos attacks — OpenShift ServerlessCWE-20 7.5 High2026-01-30
CVE-2026-1616 osim: Path Traversal via query parameters in Nginx configuration — osimCWE-22 7.5 High2026-01-29
CVE-2026-1539 Libsoup: libsoup: credential leakage via http redirects — Red Hat Enterprise Linux 10CWE-201 5.8 Medium2026-01-28
CVE-2026-1536 Libsoup: libsoup: http header injection or response splitting via crlf injection in content-disposition header — Red Hat Enterprise Linux 10CWE-93 5.8 Medium2026-01-28
CVE-2026-1489 Glib: glib: memory corruption via integer overflow in unicode case conversion — Red Hat Enterprise Linux 10CWE-787 5.4 Medium2026-01-27
CVE-2026-1485 Glib: glib: local denial of service via buffer underflow in content type parsing — Red Hat Enterprise Linux 10CWE-124 2.8 Low2026-01-27
CVE-2026-1484 Glib: integer overflow leading to buffer underflow and out-of-bounds write in glib g_base64_encode() — Red Hat Enterprise Linux 10CWE-787 4.2 Medium2026-01-27
CVE-2026-1467 Libsoup: libsoup: http header injection via specially crafted urls when an http proxy is configured — Red Hat Enterprise Linux 10CWE-93 5.8 Medium2026-01-27
CVE-2025-9820 Gnutls: stack-based buffer overflow in gnutls_pkcs11_token_init() function — Red Hat Enterprise Linux 10CWE-121 4.0 Medium2026-01-26
CVE-2025-9615 Networkmanager: networkmanager file access — Red Hat Enterprise Linux 10CWE-281 8.1AIHighAI2026-01-26
CVE-2026-1190 Org.keycloak/keycloak-services: keycloak saml brokering: response delay due to unchecked notonorafter in subjectconfirmationdata — Red Hat build of Keycloak 26.4CWE-112 3.1 Low2026-01-26
CVE-2025-14525 Kubevirt: kubevirt: vm administration denial of service via guest agent — Red Hat OpenShift Virtualization 4CWE-770 6.4 Medium2026-01-26
CVE-2025-14969 Hibernate-reactive-core: hibernate reactive: denial of service due to connection leak on http client disconnect — Red Hat build of Quarkus 3.27.2CWE-772 4.3 Medium2026-01-26
CVE-2025-14459 Virt-cdi-controller: unauthorized pvc cloning via dataimportcron — RHEL-9-CNV-4.19CWE-639 8.5 High2026-01-26
CVE-2025-14083 Keycloak-server: keycloak: improper access control in admin rest api leads to information disclosure — Red Hat build of Keycloak 26.4CWE-284 2.7 Low2026-01-21
CVE-2026-0988 Glib: glib: denial of service via integer overflow in g_buffered_input_stream_peek() — Red Hat Hardened ImagesCWE-190 3.7 Low2026-01-21
CVE-2025-14559 Org.keycloak/keycloak-services: keycloak keycloak-services: business logic flaw allows unauthorized token issuance for disabled users — Red Hat build of Keycloak 26.4CWE-840 6.5 Medium2026-01-21
CVE-2026-1035 Org.keycloak.protocol.oidc: keycloak refresh token reuse bypass via toctou race condition — Red Hat build of Keycloak 26.4CWE-367 3.1 Low2026-01-21
CVE-2026-1180 Org.keycloak.protocol.oidc: blind server-side request forgery (ssrf) in keycloak oidc dynamic client registration via jwks_uri — Red Hat build of Keycloak 26.4CWE-918 5.8 Medium2026-01-20
CVE-2026-0992 Libxml2: libxml2: denial of service via crafted xml catalogs — Red Hat Hardened ImagesCWE-400 2.9 Low2026-01-15
CVE-2026-0989 Libxml2: unbounded relaxng include recursion leading to stack overflow — Red Hat Hardened ImagesCWE-674 3.7 Low2026-01-15
CVE-2026-0990 Libxml2: libxml2: denial of service via uncontrolled recursion in xml catalog processing — Red Hat Hardened ImagesCWE-674 5.9 Medium2026-01-15
CVE-2026-0976 Org.keycloak/keycloak-quarkus-server: keycloak: proxy bypass due to improper handling of matrix parameters in url paths — Red Hat Build of KeycloakCWE-20 3.7 Low2026-01-15
CVE-2025-14242 Vsftpd: vsftpd: denial of service via integer overflow in ls command parameter parsing — Red Hat Enterprise Linux 10CWE-190 6.5 Medium2026-01-14
CVE-2026-0716 Libsoup: out-of-bounds read in libsoup websocket frame processing — Red Hat Enterprise Linux 10CWE-805 4.8 Medium2026-01-13
CVE-2025-12548 Github.com/che-incubator/che-code: eclipse che — unauthenticated rce and secret exfiltration via tcp/3333 — Red Hat OpenShift Dev Spaces (RHOSDS) 3.22CWE-306 9.0 Critical2026-01-13
CVE-2025-14025 Ansible-automation-platform/aap-gateway: aap-gateway: read-only personal access token (pat) bypasses write restrictions — Red Hat Ansible Automation Platform 2.5 for RHEL 8CWE-279 8.5 High2026-01-08

This page lists every published CVE security advisory associated with Red Hat. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.