Red Hat

Quarkus Vertx HTTP versions < 3.20.6.1, >= 3.21.0 and < 3.27.3.1, >= 3.30.0 and < 3.33.1.1, and >= 3.34.0 and < 3.35.1.1 are vulnerable to an authorization bypass where appending a semicolon and arbitrary text to the request URL allows unauthorized access to protected resources.

CVE-2026-6266 allows a remote attacker to hijack user accounts in AAP gateway by manipulating the IDP-provided email during the user auto-linking process, potentially gaining unauthorized access, including administrative privileges.

The 'Copy Fail' vulnerability (CVE-2026-31431) in the Linux kernel allows a local attacker to escalate privileges to root, potentially leading to container breakout and lateral movement in cloud environments.

A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read, potentially causing information disclosure or denial of service.

A local privilege escalation vulnerability, dubbed 'Copy Fail' (CVE-2026-31431), affects Linux kernels released since 2017, allowing an unprivileged local attacker to gain root permissions by exploiting a logic bug in the authencesn cryptographic template.

A remote, anonymous attacker can exploit multiple vulnerabilities in Fast Datapath for Red Hat Enterprise Linux to perform a denial-of-service attack or disclose sensitive information.

Multiple vulnerabilities in the Red Hat Linux kernel allow for arbitrary code execution, privilege escalation, and remote denial of service.

Multiple vulnerabilities in Red Hat Enterprise Linux's LibRaw component allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.

InstructLab is vulnerable to arbitrary code execution because the `linux_train.py` script hardcodes `trust_remote_code=True` when loading models from HuggingFace, allowing remote attackers to execute code by convincing a user to load a malicious model.