| | CVE-2026-59269 | VMware | low | 3.8 | — | | A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially gain elev… | Jul 9, 2026 | Jul 9, 2026 |
| | CVE-2026-57111 | Apache | medium | — | — | | Permissive Cross-Origin Resource Sharing (CORS) in the REST API (helix-rest, org.apache.helix.rest.s… | Jul 9, 2026 | Jul 9, 2026 |
| | CVE-2026-55206 | Red Hat | medium | 6.5 | — | | A flaw was found in py7zr, a Python library for 7zip archives. A remote attacker could exploit this … | Jul 8, 2026 | Jul 8, 2026 |
| | CVE-2026-55195 | Red Hat | medium | 6.5 | — | | A flaw was found in py7zr, a Python library for 7zip archive handling. This vulnerability allows a r… | Jul 8, 2026 | Jul 8, 2026 |
| | CVE-2026-15154 | Red Hat | medium | 6.5 | — | | A flaw was found in `guardrails-detectors`, a component of Red Hat OpenShift AI. This vulnerability,… | Jul 8, 2026 | Jul 8, 2026 |
| | CVE-2026-54423 | Red Hat | medium | 6.5 | — | | A malicious user with access to deploy a node directly via Ironic can specify the IPMI send_raw depl… | Jul 8, 2026 | Jul 8, 2026 |
| | CVE-2026-44918 | Red Hat | high | 8.7 | — | | A flaw was found in OpenStack Ironic. An authenticated project manager can change the node associate… | Jul 8, 2026 | Jul 8, 2026 |
| | CVE-2026-41042 | Apache | medium | — | — | | Unauthenticated callers can supply a malicious H2 JDBC URL through the testConnection API, which exe… | Jul 8, 2026 | Jul 8, 2026 |
| | CVE-2026-15041 | Red Hat | low | 3.7 | — | | A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password verification function uses stan… | Jul 8, 2026 | Jul 8, 2026 |
| | CVE-2026-60002 | Red Hat | high | 7.7 | 0.3%
| | A flaw was found in OpenSSH. A remote attacker could exploit a use-after-free vulnerability on the c… | Jul 8, 2026 | Jul 8, 2026 |
| | CVE-2026-60001 | Red Hat | medium | 6.5 | 0.3%
| | A flaw was found in OpenSSH's SSH daemon (sshd). A remote attacker could exploit this vulnerability … | Jul 8, 2026 | Jul 8, 2026 |
| | CVE-2026-60000 | Red Hat | medium | 5.9 | 0.3%
| | A flaw was found in OpenSSH's Secure Shell Daemon (sshd). This vulnerability allows a remote attacke… | Jul 8, 2026 | Jul 8, 2026 |
| | CVE-2026-59999 | Red Hat | medium | 5.9 | 0.1%
| | A flaw was found in `sshd`, the OpenSSH server daemon. When `DisableForwarding=yes` is configured to… | Jul 8, 2026 | Jul 8, 2026 |
| | CVE-2026-59998 | Red Hat | medium | 4.8 | 0.2%
| | A flaw was found in OpenSSH. The sshd component has an undocumented security-relevant behavior where… | Jul 8, 2026 | Jul 8, 2026 |
| | CVE-2026-59997 | Red Hat | medium | 5.4 | 0.2%
| | A flaw was found in OpenSSH. The internal-sftp component within sshd incorrectly processes command-l… | Jul 8, 2026 | Jul 8, 2026 |
| | CVE-2026-59995 | Red Hat | medium | 5.4 | 0.2%
| | A flaw was found in OpenSSH. The `sftp` client, when used to download files from a malicious server … | Jul 8, 2026 | Jul 8, 2026 |
| | CVE-2026-55999 | Red Hat | high | 7.5 | 0.3%
| | A flaw was found in the glamor_font_get() function of the xorg-x11-server. This vulnerability, a hea… | Jul 8, 2026 | Jul 8, 2026 |
| | CVE-2026-56000 | Red Hat | high | 6.5 | 0.2%
| | A flaw was found in the X.org X11 server, specifically within the GLX (OpenGL Extension to the X Win… | Jul 8, 2026 | Jul 8, 2026 |
| | CVE-2026-56001 | Red Hat | high | 7.3 | 0.4%
| | A flaw was found in libXfont2. In the BitmapScaleBitmaps() function, an integer overflow can occur w… | Jul 8, 2026 | Jul 8, 2026 |
| | CVE-2026-56002 | Red Hat | high | 7.3 | 0.5%
| | A flaw was found in libXfont2. A specially crafted PCF (Portable Compiled Format) font file, when pr… | Jul 8, 2026 | Jul 8, 2026 |
| | CVE-2026-15044 | Red Hat | medium | 6.3 | — | | A flaw was found in the TrustyAI Service Operator. When deploying services like gorch or NemoGuardra… | Jul 8, 2026 | Jul 8, 2026 |
| | CVE-2026-15063 | Red Hat | medium | 6.3 | — | | A flaw was found in the gorch service template, which is part of the trustyai-service-operator. Even… | Jul 8, 2026 | Jul 8, 2026 |
| | CVE-2026-14969 | Red Hat | medium | 4.4 | — | | A flaw was found in 389-ds-base where the LDBM backend attribute encryption uses a hardcoded static … | Jul 7, 2026 | Jul 7, 2026 |
| | CVE-2026-14935 | Red Hat | low | 3.7 | — | | A logic vulnerability was found in GStreamer's webrtcbin component. The _check_sdp_crypto() function… | Jul 7, 2026 | Jul 7, 2026 |
| | CVE-2026-14940 | Red Hat | medium | 5.3 | — | | A heap-buffer-overflow flaw was found in 389 Directory Server (389-ds-base). When
normalizing a Dist… | Jul 7, 2026 | Jul 7, 2026 |
| | CVE-2026-49487 | Apache | medium | 6.5 | 0.4%
| | In Apache Airflow before 3.3.0, the REST API task-instance detail and list
endpoints returned a defe… | Jul 7, 2026 | Jul 9, 2026 |
| | CVE-2026-49296 | Apache | medium | 6.5 | 0.4%
| | Before apache-airflow 3.3.0, a user authorized to read one Dag could disclose the source of other Da… | Jul 7, 2026 | Jul 8, 2026 |
| | CVE-2026-48892 | Apache | medium | 6.5 | 0.4%
| | The Config API in Apache Airflow surfaced per-key secrets-backend overrides (environment variables l… | Jul 7, 2026 | Jul 9, 2026 |
| | CVE-2026-48891 | Apache | medium | 4.3 | 0.4%
| | A bug in Apache Airflow's `/ui/dependencies` scheduling graph endpoint applied the caller's readable… | Jul 7, 2026 | Jul 9, 2026 |
| | CVE-2026-48828 | Apache | medium | 6.5 | 0.4%
| | The Bulk Variables API in Apache Airflow called the redactor without passing the variable's key, so … | Jul 7, 2026 | Jul 8, 2026 |
| | CVE-2026-33264 | Apache | critical | 9.8 | 1.1%
| | A bug in `BaseSerialization.deserialize()` allowed unrestricted `import_string()` of attacker-contro… | Jul 7, 2026 | Jul 8, 2026 |
| | CVE-2025-12799 | Red Hat | medium | 6.5 | — | ✓ Fix | A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting (XSS) attack. If using a se… | Jul 7, 2026 | Jul 7, 2026 |
| | CVE-2026-43825 | Apache | high | 7.3 | 4.8%
| | Untrusted Java Deserialization in Apache OpenNLP SvmDoccatModel
Versions Affected:
before 3.0.0-M… | Jul 6, 2026 | Jul 8, 2026 |
| | CVE-2026-49297 | Apache | high | 8.1 | 0.6%
| | Apache Airflow's Google provider operators `GCSToSFTPOperator` and `GCSTimeSpanFileTransformOperator… | Jul 6, 2026 | Jul 8, 2026 |
| | CVE-2026-49042 | Apache | high | 7.3 | 0.2%
| | Improper Input Validation vulnerability in Apache Camel.
This issue affects Apache Camel: from 4.8.… | Jul 6, 2026 | Jul 8, 2026 |
| | CVE-2026-46588 | Apache | high | 7.3 | 0.2%
| | Improper Input Validation vulnerability in Apache Camel.
This issue affects Apache Camel: through 4… | Jul 6, 2026 | Jul 8, 2026 |
| | CVE-2026-46587 | Apache | high | 7.3 | 0.2%
| | Improper Input Validation vulnerability in Apache Camel.
This issue affects Apache Camel: through 4… | Jul 6, 2026 | Jul 8, 2026 |
| | CVE-2026-56140 | Apache | critical | 9.8 | 0.3%
| | Improper Input Validation vulnerability in Apache Camel AWS SNS component.
The camel-aws2-sns comp… | Jul 6, 2026 | Jul 9, 2026 |
| | CVE-2026-56139 | Apache | medium | 5.3 | 0.2%
| | Generation of Error Message Containing Sensitive Information vulnerability in Apache Camel Undertow … | Jul 6, 2026 | Jul 9, 2026 |
| | CVE-2026-55994 | Apache | high | 7.5 | 0.3%
| | Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side R… | Jul 6, 2026 | Jul 9, 2026 |
| | CVE-2026-55993 | Apache | high | 7.5 | 0.4%
| | Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side R… | Jul 6, 2026 | Jul 9, 2026 |
| | CVE-2026-53913 | Apache | critical | 9.8 | 0.6%
| | Improper Authentication, Missing Authentication for Critical Function, Not Failing Securely ('Failin… | Jul 6, 2026 | Jul 9, 2026 |
| | CVE-2026-49365 | Apache | medium | 5.3 | 0.2%
| | Generation of Error Message Containing Sensitive Information vulnerability in Apache Camel Netty HTT… | Jul 6, 2026 | Jul 9, 2026 |
| | CVE-2026-49099 | Apache | medium | 5.3 | 0.2%
| | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), … | Jul 6, 2026 | Jul 8, 2026 |
| | CVE-2026-49098 | Apache | medium | 5.3 | 0.2%
| | Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstrea… | Jul 6, 2026 | Jul 8, 2026 |
| | CVE-2026-49097 | Apache | medium | 6.5 | 0.2%
| | Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstrea… | Jul 6, 2026 | Jul 8, 2026 |
| | CVE-2026-49086 | Apache | medium | 6.5 | 0.2%
| | Improper Input Validation, Unintended Proxy or Intermediary ('Confused Deputy') vulnerability in Apa… | Jul 6, 2026 | Jul 8, 2026 |
| | CVE-2026-48206 | Apache | medium | 5.3 | 0.2%
| | Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache … | Jul 6, 2026 | Jul 8, 2026 |
| | CVE-2026-48205 | Apache | critical | 9.1 | 0.3%
| | Improper Input Validation, Server-Side Request Forgery (SSRF) vulnerability in Apache Camel DNS comp… | Jul 6, 2026 | Jul 8, 2026 |
| | CVE-2026-48204 | Apache | critical | 9.8 | 0.3%
| | Improper Input Validation, Improper Access Control vulnerability in Apache Camel in Camel Mongodb Gr… | Jul 6, 2026 | Jul 8, 2026 |