{"url":"http://public2.vulnerablecode.io/api/packages/86856?format=json","purl":"pkg:rpm/redhat/python-pulp-rpm@3.27.10-2?arch=el9pc","type":"rpm","namespace":"redhat","name":"python-pulp-rpm","version":"3.27.10-2","qualifiers":{"arch":"el9pc"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/21504?format=json","vulnerability_id":"VCID-28g3-ubx6-ebff","summary":"Django has Inefficient Algorithmic Complexity\nAn issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.\n\n`django.utils.text.Truncator.chars()` and `Truncator.words()` methods (with `html=True`) and the `truncatechars_html` and `truncatewords_html` template filters allow a remote attacker to cause a potential denial-of-service via crafted inputs containing a large number of unmatched HTML end tags. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\n\nDjango would like to thank Seokchan Yoon for reporting this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1285.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1285.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1285","reference_id":"","reference_type":"","scores":[{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20242","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20125","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20106","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20047","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20187","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19968","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20754","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20761","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20622","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20626","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20742","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20771","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20824","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20481","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20587","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1285"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1285","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1285"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/a33540b3e20b5d759aa8b2e4b9ca0e8edd285344","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/a33540b3e20b5d759aa8b2e4b9ca0e8edd285344"},{"reference_url":"https://groups.google.com/g/django-announce","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:22:30Z/"}],"url":"https://groups.google.com/g/django-announce"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1285","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1285"},{"reference_url":"https://www.djangoproject.com/weblog/2026/feb/03/security-releases","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2026/feb/03/security-releases"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914","reference_id":"1126914","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436340","reference_id":"2436340","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436340"},{"reference_url":"https://github.com/advisories/GHSA-4rrr-2h4v-f3j9","reference_id":"GHSA-4rrr-2h4v-f3j9","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4rrr-2h4v-f3j9"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2694","reference_id":"RHSA-2026:2694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3958","reference_id":"RHSA-2026:3958","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3958"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3959","reference_id":"RHSA-2026:3959","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3959"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6291","reference_id":"RHSA-2026:6291","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6291"},{"reference_url":"https://www.djangoproject.com/weblog/2026/feb/03/security-releases/","reference_id":"security-releases","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:22:30Z/"}],"url":"https://www.djangoproject.com/weblog/2026/feb/03/security-releases/"},{"reference_url":"https://usn.ubuntu.com/8009-1/","reference_id":"USN-8009-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8009-1/"}],"fixed_packages":[],"aliases":["CVE-2026-1285","GHSA-4rrr-2h4v-f3j9"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-28g3-ubx6-ebff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/21067?format=json","vulnerability_id":"VCID-4dyt-4yhc-p7cd","summary":"rubyipmi is vulnerable to OS Command Injection through malicious usernames\nA flaw was found in rubyipmi, a gem used in the Baseboard Management Controller (BMC) component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious username for the BMC interface. This could lead to remote code execution (RCE) on the system.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5968","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-27T16:50:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:5968"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5970","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-27T16:50:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:5970"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5971","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-27T16:50:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:5971"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0980.json","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0980.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-0980","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3","scoring_elements":""},{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-27T16:50:09Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-0980"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0980","reference_id":"","reference_type":"","scores":[{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.24781","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25012","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.2508","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25125","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.2514","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25099","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25046","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25056","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25048","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25019","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.24958","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.24947","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.24902","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25201","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25241","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0980"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2429874","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-27T16:50:09Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2429874"},{"reference_url":"https://github.com/logicminds/rubyipmi","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/logicminds/rubyipmi"},{"reference_url":"https://github.com/logicminds/rubyipmi/commit/252503a7b4dca68388165883b0322024e344a215","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/logicminds/rubyipmi/commit/252503a7b4dca68388165883b0322024e344a215"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubyipmi/CVE-2026-0980.yml","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubyipmi/CVE-2026-0980.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0980","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0980"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6","reference_id":"cpe:/a:redhat:satellite:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.16::el8","reference_id":"cpe:/a:redhat:satellite:6.16::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.16::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.16::el9","reference_id":"cpe:/a:redhat:satellite:6.16::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.16::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.17::el9","reference_id":"cpe:/a:redhat:satellite:6.17::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.17::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.18::el9","reference_id":"cpe:/a:redhat:satellite:6.18::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.18::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.16::el8","reference_id":"cpe:/a:redhat:satellite_capsule:6.16::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.16::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.16::el9","reference_id":"cpe:/a:redhat:satellite_capsule:6.16::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.16::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.17::el9","reference_id":"cpe:/a:redhat:satellite_capsule:6.17::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.17::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.18::el9","reference_id":"cpe:/a:redhat:satellite_capsule:6.18::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.18::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_maintenance:6.16::el9","reference_id":"cpe:/a:redhat:satellite_maintenance:6.16::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_maintenance:6.16::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_maintenance:6.17::el9","reference_id":"cpe:/a:redhat:satellite_maintenance:6.17::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_maintenance:6.17::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.16::el8","reference_id":"cpe:/a:redhat:satellite_utils:6.16::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.16::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.16::el9","reference_id":"cpe:/a:redhat:satellite_utils:6.16::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.16::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.17::el9","reference_id":"cpe:/a:redhat:satellite_utils:6.17::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.17::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.18::el9","reference_id":"cpe:/a:redhat:satellite_utils:6.18::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.18::el9"},{"reference_url":"https://github.com/advisories/GHSA-hfcp-477w-3wjw","reference_id":"GHSA-hfcp-477w-3wjw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hfcp-477w-3wjw"}],"fixed_packages":[],"aliases":["CVE-2026-0980","GHSA-hfcp-477w-3wjw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4dyt-4yhc-p7cd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20852?format=json","vulnerability_id":"VCID-8qu1-45n9-gyb1","summary":"Django has an SQL Injection issue\nAn issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.\n\n`FilteredRelation` is subject to SQL injection in column aliases via control characters, using a suitably crafted dictionary, with dictionary expansion, as the `**kwargs` passed to `QuerySet` methods `annotate()`, `aggregate()`, `extra()`, `values()`, `values_list()`, and `alias()`. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\n\nDjango would like to thank Solomon Kebede for reporting this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1287.json","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1287.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1287","reference_id":"","reference_type":"","scores":[{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01072","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01067","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01083","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01084","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01079","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01069","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01446","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01433","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01444","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01443","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01536","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01549","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01539","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01541","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01534","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1287"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1287","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1287"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/e891a84c7ef9962bfcc3b4685690219542f86a22","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/e891a84c7ef9962bfcc3b4685690219542f86a22"},{"reference_url":"https://groups.google.com/g/django-announce","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"8.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:26:40Z/"}],"url":"https://groups.google.com/g/django-announce"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1287","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1287"},{"reference_url":"https://www.djangoproject.com/weblog/2026/feb/03/security-releases","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2026/feb/03/security-releases"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914","reference_id":"1126914","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436339","reference_id":"2436339","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436339"},{"reference_url":"https://github.com/advisories/GHSA-gvg8-93h5-g6qq","reference_id":"GHSA-gvg8-93h5-g6qq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gvg8-93h5-g6qq"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2694","reference_id":"RHSA-2026:2694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3958","reference_id":"RHSA-2026:3958","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3958"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3959","reference_id":"RHSA-2026:3959","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3959"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3960","reference_id":"RHSA-2026:3960","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3960"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3962","reference_id":"RHSA-2026:3962","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3962"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6291","reference_id":"RHSA-2026:6291","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6291"},{"reference_url":"https://www.djangoproject.com/weblog/2026/feb/03/security-releases/","reference_id":"security-releases","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:26:40Z/"}],"url":"https://www.djangoproject.com/weblog/2026/feb/03/security-releases/"},{"reference_url":"https://usn.ubuntu.com/8009-1/","reference_id":"USN-8009-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8009-1/"}],"fixed_packages":[],"aliases":["CVE-2026-1287","GHSA-gvg8-93h5-g6qq"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8qu1-45n9-gyb1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/21807?format=json","vulnerability_id":"VCID-98pd-qdf5-17b1","summary":"foreman_kubevirt disables SSL verification if a Certificate Authority (CA) certificate is not explicitly set\nA flaw was found in foreman_kubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority (CA) certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and OpenShift, to perform a Man-in-the-Middle (MITM) attack. Such an attack could lead to the disclosure or alteration of sensitive information.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5968","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-02T16:26:15Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:5968"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5970","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-02T16:26:15Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:5970"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5971","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-02T16:26:15Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:5971"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1531.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1531.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-1531","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":""},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-02T16:26:15Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-1531"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1531","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01198","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01217","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01191","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01213","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01207","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01808","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01726","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01716","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01715","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01704","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01795","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01807","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01801","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01846","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1531"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2433786","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-02T16:26:15Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2433786"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/foreman_kubevirt/CVE-2026-1531.yml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/foreman_kubevirt/CVE-2026-1531.yml"},{"reference_url":"https://github.com/theforeman/foreman_kubevirt","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/theforeman/foreman_kubevirt"},{"reference_url":"https://github.com/theforeman/foreman_kubevirt/commit/6c9973ee59c6fbec65f165eb9ea9dd4ebb6eeef1","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/theforeman/foreman_kubevirt/commit/6c9973ee59c6fbec65f165eb9ea9dd4ebb6eeef1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1531","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1531"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6","reference_id":"cpe:/a:redhat:satellite:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.16::el8","reference_id":"cpe:/a:redhat:satellite:6.16::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.16::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.16::el9","reference_id":"cpe:/a:redhat:satellite:6.16::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.16::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.17::el9","reference_id":"cpe:/a:redhat:satellite:6.17::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.17::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.18::el9","reference_id":"cpe:/a:redhat:satellite:6.18::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.18::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.16::el8","reference_id":"cpe:/a:redhat:satellite_capsule:6.16::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.16::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.16::el9","reference_id":"cpe:/a:redhat:satellite_capsule:6.16::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.16::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.17::el9","reference_id":"cpe:/a:redhat:satellite_capsule:6.17::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.17::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.18::el9","reference_id":"cpe:/a:redhat:satellite_capsule:6.18::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.18::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_maintenance:6.16::el9","reference_id":"cpe:/a:redhat:satellite_maintenance:6.16::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_maintenance:6.16::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_maintenance:6.17::el9","reference_id":"cpe:/a:redhat:satellite_maintenance:6.17::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_maintenance:6.17::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.16::el8","reference_id":"cpe:/a:redhat:satellite_utils:6.16::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.16::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.16::el9","reference_id":"cpe:/a:redhat:satellite_utils:6.16::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.16::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.17::el9","reference_id":"cpe:/a:redhat:satellite_utils:6.17::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.17::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.18::el9","reference_id":"cpe:/a:redhat:satellite_utils:6.18::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.18::el9"},{"reference_url":"https://github.com/advisories/GHSA-2qxw-7fmx-gqfm","reference_id":"GHSA-2qxw-7fmx-gqfm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2qxw-7fmx-gqfm"}],"fixed_packages":[],"aliases":["CVE-2026-1531","GHSA-2qxw-7fmx-gqfm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-98pd-qdf5-17b1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/22199?format=json","vulnerability_id":"VCID-dc1m-rt7j-w3af","summary":"Scrapy is vulnerable to a denial of service (DoS) attack due to flaws in brotli decompression implementation\nScrapy versions up to 2.13.3 are vulnerable to a denial of service (DoS) attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occurs because brotli can achieve extremely high compression ratios for zero-filled data, leading to excessive memory consumption during decompression. Mitigation for this vulnerability needs security enhancement added in brotli v1.2.0.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6176.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6176.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6176","reference_id":"","reference_type":"","scores":[{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08092","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08068","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08008","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08047","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09795","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09719","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09632","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09762","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09605","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09633","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09747","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09763","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11087","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6176"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6176","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6176"},{"reference_url":"https://github.com/google/brotli","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/google/brotli"},{"reference_url":"https://github.com/google/brotli/commit/67d78bc41db1a0d03f2e763497748f2f69946627","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/google/brotli/commit/67d78bc41db1a0d03f2e763497748f2f69946627"},{"reference_url":"https://github.com/google/brotli/issues/1327","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/google/brotli/issues/1327"},{"reference_url":"https://github.com/google/brotli/issues/1375","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/google/brotli/issues/1375"},{"reference_url":"https://github.com/google/brotli/pull/1234","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/google/brotli/pull/1234"},{"reference_url":"https://github.com/google/brotli/releases/tag/v1.2.0","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/google/brotli/releases/tag/v1.2.0"},{"reference_url":"https://github.com/scrapy/scrapy/commit/14737e91edc513967f516fc839cc9c8a4f8d91da","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy/commit/14737e91edc513967f516fc839cc9c8a4f8d91da"},{"reference_url":"https://github.com/scrapy/scrapy/pull/7134","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/scrapy/scrapy/pull/7134"},{"reference_url":"https://huntr.com/bounties/2c26a886-5984-47ee-a421-0d5fe1344eb0","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-31T16:15:58Z/"}],"url":"https://huntr.com/bounties/2c26a886-5984-47ee-a421-0d5fe1344eb0"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2408762","reference_id":"2408762","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2408762"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-6176","reference_id":"CVE-2025-6176","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-6176"},{"reference_url":"https://github.com/advisories/GHSA-2qfp-q593-8484","reference_id":"GHSA-2qfp-q593-8484","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2qfp-q593-8484"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0008","reference_id":"RHSA-2026:0008","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0008"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0845","reference_id":"RHSA-2026:0845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2042","reference_id":"RHSA-2026:2042","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2042"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2226","reference_id":"RHSA-2026:2226","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2226"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2227","reference_id":"RHSA-2026:2227","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2227"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2228","reference_id":"RHSA-2026:2228","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2228"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2229","reference_id":"RHSA-2026:2229","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2229"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2389","reference_id":"RHSA-2026:2389","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2389"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2399","reference_id":"RHSA-2026:2399","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2399"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2400","reference_id":"RHSA-2026:2400","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2400"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2401","reference_id":"RHSA-2026:2401","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2401"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2455","reference_id":"RHSA-2026:2455","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2455"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2737","reference_id":"RHSA-2026:2737","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2737"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2800","reference_id":"RHSA-2026:2800","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2800"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2844","reference_id":"RHSA-2026:2844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2844"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2974","reference_id":"RHSA-2026:2974","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2974"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2976","reference_id":"RHSA-2026:2976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3392","reference_id":"RHSA-2026:3392","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3392"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3406","reference_id":"RHSA-2026:3406","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3406"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3415","reference_id":"RHSA-2026:3415","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3415"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3417","reference_id":"RHSA-2026:3417","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3417"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3861","reference_id":"RHSA-2026:3861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4419","reference_id":"RHSA-2026:4419","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4419"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4465","reference_id":"RHSA-2026:4465","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4465"}],"fixed_packages":[],"aliases":["CVE-2025-6176","GHSA-2qfp-q593-8484"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dc1m-rt7j-w3af"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63981?format=json","vulnerability_id":"VCID-dhq1-5etu-kqb5","summary":"forman: Foreman: Remote Code Execution via command injection in WebSocket proxy","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1961.json","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1961.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1961","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10743","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10724","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10787","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13535","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13642","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29489","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29529","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29532","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29488","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29436","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29456","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29428","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34494","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34466","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34362","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1961"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2437036","reference_id":"2437036","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-26T13:11:15Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2437036"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6","reference_id":"cpe:/a:redhat:satellite:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.16::el8","reference_id":"cpe:/a:redhat:satellite:6.16::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.16::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.16::el9","reference_id":"cpe:/a:redhat:satellite:6.16::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.16::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.17::el9","reference_id":"cpe:/a:redhat:satellite:6.17::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.17::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.18::el9","reference_id":"cpe:/a:redhat:satellite:6.18::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.18::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.16::el8","reference_id":"cpe:/a:redhat:satellite_capsule:6.16::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.16::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.16::el9","reference_id":"cpe:/a:redhat:satellite_capsule:6.16::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.16::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.17::el9","reference_id":"cpe:/a:redhat:satellite_capsule:6.17::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.17::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.18::el9","reference_id":"cpe:/a:redhat:satellite_capsule:6.18::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.18::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_maintenance:6.16::el9","reference_id":"cpe:/a:redhat:satellite_maintenance:6.16::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_maintenance:6.16::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_maintenance:6.17::el9","reference_id":"cpe:/a:redhat:satellite_maintenance:6.17::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_maintenance:6.17::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.16::el8","reference_id":"cpe:/a:redhat:satellite_utils:6.16::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.16::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.16::el9","reference_id":"cpe:/a:redhat:satellite_utils:6.16::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.16::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.17::el9","reference_id":"cpe:/a:redhat:satellite_utils:6.17::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.17::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.18::el9","reference_id":"cpe:/a:redhat:satellite_utils:6.18::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.18::el9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-1961","reference_id":"CVE-2026-1961","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-26T13:11:15Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-1961"}],"fixed_packages":[],"aliases":["CVE-2026-1961"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dhq1-5etu-kqb5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64682?format=json","vulnerability_id":"VCID-dp1t-v58b-43du","summary":"crypto/tls: Unexpected session resumption in crypto/tls","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68121.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68121.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-68121","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04012","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04026","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04029","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04044","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04049","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04068","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04041","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03999","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04541","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04583","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04353","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04361","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04493","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.0452","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-68121"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125916","reference_id":"1125916","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125916"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125917","reference_id":"1125917","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125917"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2437111","reference_id":"2437111","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2437111"},{"reference_url":"https://go.dev/cl/737700","reference_id":"737700","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-20T16:05:03Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-29T03:55:46Z/"}],"url":"https://go.dev/cl/737700"},{"reference_url":"https://go.dev/issue/77217","reference_id":"77217","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-20T16:05:03Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-29T03:55:46Z/"}],"url":"https://go.dev/issue/77217"},{"reference_url":"https://pkg.go.dev/vuln/GO-2026-4337","reference_id":"GO-2026-4337","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-20T16:05:03Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-29T03:55:46Z/"}],"url":"https://pkg.go.dev/vuln/GO-2026-4337"},{"reference_url":"https://groups.google.com/g/golang-announce/c/K09ubi9FQFk","reference_id":"K09ubi9FQFk","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-29T03:55:46Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-20T16:05:03Z/"}],"url":"https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10125","reference_id":"RHSA-2026:10125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10158","reference_id":"RHSA-2026:10158","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10158"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10225","reference_id":"RHSA-2026:10225","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10225"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10250","reference_id":"RHSA-2026:10250","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10250"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11331","reference_id":"RHSA-2026:11331","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11331"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11414","reference_id":"RHSA-2026:11414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11747","reference_id":"RHSA-2026:11747","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11747"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11749","reference_id":"RHSA-2026:11749","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11749"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12028","reference_id":"RHSA-2026:12028","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12028"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12029","reference_id":"RHSA-2026:12029","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12029"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12030","reference_id":"RHSA-2026:12030","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12030"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12031","reference_id":"RHSA-2026:12031","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12031"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12032","reference_id":"RHSA-2026:12032","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12032"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12033","reference_id":"RHSA-2026:12033","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12033"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13542","reference_id":"RHSA-2026:13542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13545","reference_id":"RHSA-2026:13545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13545"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13571","reference_id":"RHSA-2026:13571","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13571"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2706","reference_id":"RHSA-2026:2706","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2706"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2708","reference_id":"RHSA-2026:2708","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2708"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2709","reference_id":"RHSA-2026:2709","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2709"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2914","reference_id":"RHSA-2026:2914","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2914"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2920","reference_id":"RHSA-2026:2920","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2920"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3035","reference_id":"RHSA-2026:3035","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3035"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3040","reference_id":"RHSA-2026:3040","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3040"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3089","reference_id":"RHSA-2026:3089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3089"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3092","reference_id":"RHSA-2026:3092","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3092"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3186","reference_id":"RHSA-2026:3186","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3186"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3187","reference_id":"RHSA-2026:3187","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3187"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3188","reference_id":"RHSA-2026:3188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3192","reference_id":"RHSA-2026:3192","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3192"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3193","reference_id":"RHSA-2026:3193","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3193"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3291","reference_id":"RHSA-2026:3291","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3291"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3297","reference_id":"RHSA-2026:3297","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3297"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3298","reference_id":"RHSA-2026:3298","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3298"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3336","reference_id":"RHSA-2026:3336","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3336"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3337","reference_id":"RHSA-2026:3337","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3337"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3340","reference_id":"RHSA-2026:3340","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3340"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3341","reference_id":"RHSA-2026:3341","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3341"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3343","reference_id":"RHSA-2026:3343","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3343"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3459","reference_id":"RHSA-2026:3459","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3459"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3506","reference_id":"RHSA-2026:3506","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3506"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3556","reference_id":"RHSA-2026:3556","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3556"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3559","reference_id":"RHSA-2026:3559","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3559"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3752","reference_id":"RHSA-2026:3752","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3752"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3753","reference_id":"RHSA-2026:3753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3782","reference_id":"RHSA-2026:3782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3816","reference_id":"RHSA-2026:3816","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3816"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3817","reference_id":"RHSA-2026:3817","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3817"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3831","reference_id":"RHSA-2026:3831","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3831"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3833","reference_id":"RHSA-2026:3833","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3833"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3839","reference_id":"RHSA-2026:3839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3840","reference_id":"RHSA-2026:3840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3842","reference_id":"RHSA-2026:3842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3843","reference_id":"RHSA-2026:3843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3855","reference_id":"RHSA-2026:3855","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3855"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3864","reference_id":"RHSA-2026:3864","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3864"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3874","reference_id":"RHSA-2026:3874","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3874"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3884","reference_id":"RHSA-2026:3884","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3884"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3898","reference_id":"RHSA-2026:3898","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3898"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3928","reference_id":"RHSA-2026:3928","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3928"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3929","reference_id":"RHSA-2026:3929","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3929"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3970","reference_id":"RHSA-2026:3970","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3970"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3971","reference_id":"RHSA-2026:3971","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3971"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3977","reference_id":"RHSA-2026:3977","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3977"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3985","reference_id":"RHSA-2026:3985","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3985"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4164","reference_id":"RHSA-2026:4164","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4164"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4166","reference_id":"RHSA-2026:4166","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4166"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4170","reference_id":"RHSA-2026:4170","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4170"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4174","reference_id":"RHSA-2026:4174","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4174"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4177","reference_id":"RHSA-2026:4177","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4177"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4220","reference_id":"RHSA-2026:4220","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4220"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4256","reference_id":"RHSA-2026:4256","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4256"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4264","reference_id":"RHSA-2026:4264","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4264"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4267","reference_id":"RHSA-2026:4267","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4267"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4270","reference_id":"RHSA-2026:4270","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4270"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4466","reference_id":"RHSA-2026:4466","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4466"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4467","reference_id":"RHSA-2026:4467","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4467"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4498","reference_id":"RHSA-2026:4498","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4498"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4500","reference_id":"RHSA-2026:4500","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4500"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4672","reference_id":"RHSA-2026:4672","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4672"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4892","reference_id":"RHSA-2026:4892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4892"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4901","reference_id":"RHSA-2026:4901","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4901"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4907","reference_id":"RHSA-2026:4907","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4907"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4942","reference_id":"RHSA-2026:4942","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4942"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4952","reference_id":"RHSA-2026:4952","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4952"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5077","reference_id":"RHSA-2026:5077","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5077"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5110","reference_id":"RHSA-2026:5110","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5110"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5129","reference_id":"RHSA-2026:5129","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5129"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5130","reference_id":"RHSA-2026:5130","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5131","reference_id":"RHSA-2026:5131","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5131"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5132","reference_id":"RHSA-2026:5132","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5132"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5133","reference_id":"RHSA-2026:5133","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5133"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5146","reference_id":"RHSA-2026:5146","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5146"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5168","reference_id":"RHSA-2026:5168","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5168"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5394","reference_id":"RHSA-2026:5394","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5394"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5452","reference_id":"RHSA-2026:5452","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5452"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5549","reference_id":"RHSA-2026:5549","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5549"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5636","reference_id":"RHSA-2026:5636","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5636"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5645","reference_id":"RHSA-2026:5645","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5645"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5665","reference_id":"RHSA-2026:5665","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5665"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5851","reference_id":"RHSA-2026:5851","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5851"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5866","reference_id":"RHSA-2026:5866","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5866"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5876","reference_id":"RHSA-2026:5876","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5876"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5878","reference_id":"RHSA-2026:5878","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5878"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5907","reference_id":"RHSA-2026:5907","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5907"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5948","reference_id":"RHSA-2026:5948","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5948"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5950","reference_id":"RHSA-2026:5950","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5950"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5952","reference_id":"RHSA-2026:5952","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5952"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6192","reference_id":"RHSA-2026:6192","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6192"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6226","reference_id":"RHSA-2026:6226","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6226"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6277","reference_id":"RHSA-2026:6277","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6277"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6278","reference_id":"RHSA-2026:6278","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6278"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6428","reference_id":"RHSA-2026:6428","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6428"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6429","reference_id":"RHSA-2026:6429","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6429"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6497","reference_id":"RHSA-2026:6497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6552","reference_id":"RHSA-2026:6552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6567","reference_id":"RHSA-2026:6567","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6567"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6568","reference_id":"RHSA-2026:6568","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6568"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7052","reference_id":"RHSA-2026:7052","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7052"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7854","reference_id":"RHSA-2026:7854","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7854"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7885","reference_id":"RHSA-2026:7885","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7885"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8151","reference_id":"RHSA-2026:8151","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8151"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8167","reference_id":"RHSA-2026:8167","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8167"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8218","reference_id":"RHSA-2026:8218","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8218"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8337","reference_id":"RHSA-2026:8337","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8337"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8338","reference_id":"RHSA-2026:8338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8433","reference_id":"RHSA-2026:8433","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8433"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8483","reference_id":"RHSA-2026:8483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8483"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9097","reference_id":"RHSA-2026:9097","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9097"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9098","reference_id":"RHSA-2026:9098","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9098"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9108","reference_id":"RHSA-2026:9108","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9108"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9109","reference_id":"RHSA-2026:9109","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9109"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9385","reference_id":"RHSA-2026:9385","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9385"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9848","reference_id":"RHSA-2026:9848","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9848"}],"fixed_packages":[],"aliases":["CVE-2025-68121"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dp1t-v58b-43du"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/22251?format=json","vulnerability_id":"VCID-e9k9-1s9f-dbgv","summary":"Django has Inefficient Algorithmic Complexity\nAn issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.\n\n`ASGIRequest` allows a remote attacker to cause a potential denial-of-service via a crafted request with multiple duplicate headers.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\n\nDjango would like to thank Jiyong Yang for reporting this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14550.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14550.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14550","reference_id":"","reference_type":"","scores":[{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18621","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18717","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18771","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18487","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18568","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18625","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19132","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19142","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19244","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.1923","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19314","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.1909","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19259","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.18976","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19221","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14550"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/eb22e1d6d643360e952609ef562c139a100ea4eb","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/eb22e1d6d643360e952609ef562c139a100ea4eb"},{"reference_url":"https://groups.google.com/g/django-announce","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:27:25Z/"}],"url":"https://groups.google.com/g/django-announce"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-14550","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-14550"},{"reference_url":"https://www.djangoproject.com/weblog/2026/feb/03/security-releases","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2026/feb/03/security-releases"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914","reference_id":"1126914","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436341","reference_id":"2436341","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436341"},{"reference_url":"https://github.com/advisories/GHSA-33mw-q7rj-mjwj","reference_id":"GHSA-33mw-q7rj-mjwj","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-33mw-q7rj-mjwj"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13508","reference_id":"RHSA-2026:13508","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13508"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2694","reference_id":"RHSA-2026:2694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3958","reference_id":"RHSA-2026:3958","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3958"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3959","reference_id":"RHSA-2026:3959","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3959"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6291","reference_id":"RHSA-2026:6291","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6291"},{"reference_url":"https://www.djangoproject.com/weblog/2026/feb/03/security-releases/","reference_id":"security-releases","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:27:25Z/"}],"url":"https://www.djangoproject.com/weblog/2026/feb/03/security-releases/"},{"reference_url":"https://usn.ubuntu.com/8009-1/","reference_id":"USN-8009-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8009-1/"}],"fixed_packages":[],"aliases":["CVE-2025-14550","GHSA-33mw-q7rj-mjwj"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e9k9-1s9f-dbgv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/22292?format=json","vulnerability_id":"VCID-msge-1mfu-7qfa","summary":"Django has an SQL Injection issue\nAn issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.\n\n`.QuerySet.order_by()` is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in `FilteredRelation`. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\n\nDjango would like to thank Solomon Kebede for reporting this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1312.json","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1312.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1312","reference_id":"","reference_type":"","scores":[{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01069","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01067","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01083","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01084","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01079","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01072","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01446","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01444","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01433","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01443","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01536","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01549","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01539","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01541","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01534","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1312"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1312","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1312"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/005d60d97c4dfb117503bdb6f2facfcaf9315d84","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/005d60d97c4dfb117503bdb6f2facfcaf9315d84"},{"reference_url":"https://github.com/django/django/commit/69065ca869b0970dff8fdd8fafb390bf8b3bf222","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/69065ca869b0970dff8fdd8fafb390bf8b3bf222"},{"reference_url":"https://groups.google.com/g/django-announce","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:56:09Z/"}],"url":"https://groups.google.com/g/django-announce"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1312","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1312"},{"reference_url":"https://www.djangoproject.com/weblog/2026/feb/03/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2026/feb/03/security-releases"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914","reference_id":"1126914","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436342","reference_id":"2436342","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436342"},{"reference_url":"https://github.com/advisories/GHSA-6426-9fv3-65x8","reference_id":"GHSA-6426-9fv3-65x8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6426-9fv3-65x8"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2694","reference_id":"RHSA-2026:2694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3958","reference_id":"RHSA-2026:3958","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3958"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3959","reference_id":"RHSA-2026:3959","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3959"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3960","reference_id":"RHSA-2026:3960","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3960"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3962","reference_id":"RHSA-2026:3962","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3962"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6291","reference_id":"RHSA-2026:6291","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6291"},{"reference_url":"https://www.djangoproject.com/weblog/2026/feb/03/security-releases/","reference_id":"security-releases","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:56:09Z/"}],"url":"https://www.djangoproject.com/weblog/2026/feb/03/security-releases/"},{"reference_url":"https://usn.ubuntu.com/8009-1/","reference_id":"USN-8009-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8009-1/"}],"fixed_packages":[],"aliases":["CVE-2026-1312","GHSA-6426-9fv3-65x8"],"risk_score":3.9,"exploitability":"0.5","weighted_severity":"7.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-msge-1mfu-7qfa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/21750?format=json","vulnerability_id":"VCID-x3n2-krwh-7be9","summary":"fog-kubevirt allows remote attacker to perform MITM attack due to disabled certificate validation\nA flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle (MITM) attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive communications between Satellite and OpenShift, resulting in information disclosure and data integrity compromise.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5970","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-02T16:26:13Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:5970"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5971","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-02T16:26:13Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:5971"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1530.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1530.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-1530","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":""},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-02T16:26:13Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-1530"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1530","reference_id":"","reference_type":"","scores":[{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01107","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01101","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01093","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01096","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01588","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01501","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01493","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01494","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01482","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01496","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01584","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01592","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01589","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01603","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1530"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2433784","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-02T16:26:13Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2433784"},{"reference_url":"https://github.com/fog/fog-kubevirt","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/fog/fog-kubevirt"},{"reference_url":"https://github.com/fog/fog-kubevirt/blob/8adb03e07972d6e19a7713ecf2a827aa2cfe4b9e/CHANGELOG.md?plain=1#L11","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/fog/fog-kubevirt/blob/8adb03e07972d6e19a7713ecf2a827aa2cfe4b9e/CHANGELOG.md?plain=1#L11"},{"reference_url":"https://github.com/fog/fog-kubevirt/commit/8371e9ded99f9ec3e74caf2f283836109763e450","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/fog/fog-kubevirt/commit/8371e9ded99f9ec3e74caf2f283836109763e450"},{"reference_url":"https://github.com/fog/fog-kubevirt/commit/9603d79a239a0f68bedfc679cd1b65fbf6ec4753","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/fog/fog-kubevirt/commit/9603d79a239a0f68bedfc679cd1b65fbf6ec4753"},{"reference_url":"https://github.com/fog/fog-kubevirt/pull/168","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/fog/fog-kubevirt/pull/168"},{"reference_url":"https://github.com/fog/fog-kubevirt/releases/tag/v1.5.1","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/fog/fog-kubevirt/releases/tag/v1.5.1"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/fog-kubevirt/CVE-2026-1530.yml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/fog-kubevirt/CVE-2026-1530.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1530","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1530"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6","reference_id":"cpe:/a:redhat:satellite:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.16::el8","reference_id":"cpe:/a:redhat:satellite:6.16::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.16::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.16::el9","reference_id":"cpe:/a:redhat:satellite:6.16::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.16::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.17::el9","reference_id":"cpe:/a:redhat:satellite:6.17::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.17::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.16::el8","reference_id":"cpe:/a:redhat:satellite_capsule:6.16::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.16::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.16::el9","reference_id":"cpe:/a:redhat:satellite_capsule:6.16::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.16::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.17::el9","reference_id":"cpe:/a:redhat:satellite_capsule:6.17::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.17::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_maintenance:6.16::el9","reference_id":"cpe:/a:redhat:satellite_maintenance:6.16::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_maintenance:6.16::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_maintenance:6.17::el9","reference_id":"cpe:/a:redhat:satellite_maintenance:6.17::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_maintenance:6.17::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.16::el8","reference_id":"cpe:/a:redhat:satellite_utils:6.16::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.16::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.16::el9","reference_id":"cpe:/a:redhat:satellite_utils:6.16::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.16::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.17::el9","reference_id":"cpe:/a:redhat:satellite_utils:6.17::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.17::el9"},{"reference_url":"https://github.com/advisories/GHSA-m3hq-3qj8-c5fm","reference_id":"GHSA-m3hq-3qj8-c5fm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m3hq-3qj8-c5fm"}],"fixed_packages":[],"aliases":["CVE-2026-1530","GHSA-m3hq-3qj8-c5fm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x3n2-krwh-7be9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20914?format=json","vulnerability_id":"VCID-ysyp-h7ja-yff3","summary":"Django has an SQL Injection issue\nAn issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.\n\nRaster lookups on ``RasterField`` (only implemented on PostGIS) allows remote attackers to inject SQL via the band index parameter. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\n\nDjango would like to thank Tarek Nakkouch for reporting this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1207.json","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1207.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1207","reference_id":"","reference_type":"","scores":[{"value":"0.03841","scoring_system":"epss","scoring_elements":"0.88153","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03841","scoring_system":"epss","scoring_elements":"0.88146","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03841","scoring_system":"epss","scoring_elements":"0.88188","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03841","scoring_system":"epss","scoring_elements":"0.88178","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03841","scoring_system":"epss","scoring_elements":"0.88172","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04424","scoring_system":"epss","scoring_elements":"0.89037","published_at":"2026-04-12T12:55:00Z"},{"value":"0.04424","scoring_system":"epss","scoring_elements":"0.89035","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04424","scoring_system":"epss","scoring_elements":"0.8907","published_at":"2026-04-29T12:55:00Z"},{"value":"0.04424","scoring_system":"epss","scoring_elements":"0.89068","published_at":"2026-04-26T12:55:00Z"},{"value":"0.04424","scoring_system":"epss","scoring_elements":"0.89061","published_at":"2026-04-24T12:55:00Z"},{"value":"0.04424","scoring_system":"epss","scoring_elements":"0.89043","published_at":"2026-04-21T12:55:00Z"},{"value":"0.04424","scoring_system":"epss","scoring_elements":"0.89048","published_at":"2026-04-18T12:55:00Z"},{"value":"0.05126","scoring_system":"epss","scoring_elements":"0.8982","published_at":"2026-04-02T12:55:00Z"},{"value":"0.05295","scoring_system":"epss","scoring_elements":"0.90061","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1207"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1207","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1207"},{"reference_url":"https://docs.djangoproject.com/en/dev/releases/security","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.djangoproject.com/en/dev/releases/security"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/81aa5292967cd09319c45fe2c1a525ce7b6684d8","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/81aa5292967cd09319c45fe2c1a525ce7b6684d8"},{"reference_url":"https://groups.google.com/g/django-announce","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"8.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:21:06Z/"}],"url":"https://groups.google.com/g/django-announce"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1207","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1207"},{"reference_url":"https://www.djangoproject.com/weblog/2026/feb/03/security-releases","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.djangoproject.com/weblog/2026/feb/03/security-releases"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914","reference_id":"1126914","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126914"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436338","reference_id":"2436338","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436338"},{"reference_url":"https://github.com/advisories/GHSA-mwm9-4648-f68q","reference_id":"GHSA-mwm9-4648-f68q","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mwm9-4648-f68q"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2694","reference_id":"RHSA-2026:2694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3958","reference_id":"RHSA-2026:3958","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3958"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3959","reference_id":"RHSA-2026:3959","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3959"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3960","reference_id":"RHSA-2026:3960","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3960"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3962","reference_id":"RHSA-2026:3962","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3962"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6291","reference_id":"RHSA-2026:6291","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6291"},{"reference_url":"https://www.djangoproject.com/weblog/2026/feb/03/security-releases/","reference_id":"security-releases","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:21:06Z/"}],"url":"https://www.djangoproject.com/weblog/2026/feb/03/security-releases/"},{"reference_url":"https://usn.ubuntu.com/8009-1/","reference_id":"USN-8009-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8009-1/"}],"fixed_packages":[],"aliases":["CVE-2026-1207","GHSA-mwm9-4648-f68q"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ysyp-h7ja-yff3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/24513?format=json","vulnerability_id":"VCID-zqkc-zwfa-1qfx","summary":"Katello: Denial of Service and potential information disclosure via SQL injection\nA flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into the sort_by parameter of the /api/hosts/bootc_images API endpoint. This can lead to a Denial of Service (DoS) by triggering database errors, and potentially enable Boolean-based Blind SQL injection, which could allow an attacker to extract sensitive information from the database.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5968","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-17T14:26:51Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:5968"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5970","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-17T14:26:51Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:5970"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4324.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4324.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-4324","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-17T14:26:51Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-4324"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4324","reference_id":"","reference_type":"","scores":[{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23777","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23731","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23661","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23793","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23749","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23874","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23833","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23692","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23704","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.25662","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.25919","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.2589","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.25824","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.25819","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.25772","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4324"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2448349","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-17T14:26:51Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2448349"},{"reference_url":"https://github.com/Katello/katello","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Katello/katello"},{"reference_url":"https://github.com/Katello/katello/commit/a0a793b08d4f0a897ee985d79a687ad043f99e57","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Katello/katello/commit/a0a793b08d4f0a897ee985d79a687ad043f99e57"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4324","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4324"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6","reference_id":"cpe:/a:redhat:satellite:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.17::el9","reference_id":"cpe:/a:redhat:satellite:6.17::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.17::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.18::el9","reference_id":"cpe:/a:redhat:satellite:6.18::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6.18::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.17::el9","reference_id":"cpe:/a:redhat:satellite_capsule:6.17::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.17::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.18::el9","reference_id":"cpe:/a:redhat:satellite_capsule:6.18::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_capsule:6.18::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_maintenance:6.17::el9","reference_id":"cpe:/a:redhat:satellite_maintenance:6.17::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_maintenance:6.17::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.17::el9","reference_id":"cpe:/a:redhat:satellite_utils:6.17::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.17::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.18::el9","reference_id":"cpe:/a:redhat:satellite_utils:6.18::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite_utils:6.18::el9"},{"reference_url":"https://github.com/advisories/GHSA-fwj4-6wgp-mpxm","reference_id":"GHSA-fwj4-6wgp-mpxm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fwj4-6wgp-mpxm"}],"fixed_packages":[],"aliases":["CVE-2026-4324","GHSA-fwj4-6wgp-mpxm"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zqkc-zwfa-1qfx"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python-pulp-rpm@3.27.10-2%3Farch=el9pc"}