Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage

CVE-2025-62718 — axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization CVE-2026-4424 — libarchive: libarchive: Information disclosure via heap out-of-bounds read in RAR archive processing CVE-2026-4878 — libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file() CVE-2026-5121 — libarchive: libarchive: Arbitrary code execution via integer overflow in ISO9660 image processing CVE-2026-27135 — nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination CVE-2026-28390 — openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing CVE-2026-35385 — OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode CVE-2026-35386 — OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username CVE-2026-35387 — OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage CVE-2026-35388 — OpenSSH: OpenSSH: Low integrity impact from unconfirmed proxy-mode multiplexing sessions CVE-2026-35414 — OpenSSH: OpenSSH: Security bypass via mishandling of authorized_keys principals option CVE-2026-40175 — axios: Axios: Remote Code Execution via Prototype Pollution escalation CVE-2026-40895 — follow-redirects: follow-redirects: Information disclosure via cross-domain redirects CVE-2026-42033 — axios: Axios: HTTP Transport Hijacking via Prototype Pollution CVE-2026-42035 — axios: Axios: Arbitrary HTTP header injection via prototype pollution CVE-2026-42039 — axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data CVE-2026-42041 — axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling CVE-2026-42043 — axios: Axios: NO_PROXY bypass via crafted URL