| | CVE-2025-41115 |  Grafana | critical | 10.0 | 0.0%
| | SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in April to improve how org… | Nov 21, 2025 | Apr 24, 2026 |
| | CVE-2025-64657 |  Microsoft | critical | 9.8 | 0.1%
| | Stack-based buffer overflow in Azure Application Gateway allows an unauthorized attacker to elevate … | Nov 26, 2025 | Feb 13, 2026 |
| | CVE-2025-54057 |  Apache | medium | 6.1 | 0.4%
| | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apach… | Nov 27, 2025 | Apr 13, 2026 |
| | CVE-2024-3884 | Apache | high | 7.5 | 0.8%
| | A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses t… | Dec 3, 2025 | Mar 30, 2026 |
| | CVE-2025-62631 |  Fortinet | medium | 5.3 | 0.0%
| | An insufficient session expiration vulnerability [CWE-613] vulnerability in Fortinet FortiOS 7.4.0, … | Dec 9, 2025 | May 12, 2026 |
| | CVE-2025-53679 | Fortinet | high | 7.2 | 0.3%
| | An improper neutralization of special elements used in an OS command ('OS Command Injection') vulner… | Dec 9, 2025 | Feb 5, 2026 |
| | CVE-2025-64666 | Microsoft | high | 7.5 | 0.1%
| | Improper input validation in Microsoft Exchange Server allows an authorized attacker to elevate priv… | Dec 9, 2025 | Jan 2, 2026 |
| | CVE-2025-64667 | Microsoft | medium | 5.3 | 0.0%
| | User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an… | Dec 9, 2025 | Jan 2, 2026 |
| | CVE-2025-11531 |  HPE | high | 8.8 | 0.1%
| | HP System Event Utility and Omen Gaming Hub might allow execution of
certain files outside of their… | Dec 9, 2025 | Jan 21, 2026 |
| | CVE-2025-14727 |  F5 | high | 8.3 | 0.2%
| | A vulnerability exists in NGINX Ingress Controller's nginx.org/rewrite-target annotation validation.… | Dec 17, 2025 | Jan 8, 2026 |
| | CVE-2025-20393 |  Cisco | critical | 10.0 | 6.3%
| ⚠ KEV | A vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gate… | Dec 17, 2025 | Jan 16, 2026 |
| | CVE-2025-64663 | Microsoft | critical | 9.9 | 0.1%
| | Custom Question Answering Elevation of Privilege Vulnerability | Dec 18, 2025 | Jan 16, 2026 |
| | CVE-2025-64676 | Microsoft | high | 7.2 | 0.1%
| | '.../...//' in Microsoft Purview allows an authorized attacker to execute code over a network. | Dec 18, 2025 | Feb 10, 2026 |
| | CVE-2025-64677 | Microsoft | high | 8.2 | 0.1%
| | Improper neutralization of input during web page generation ('cross-site scripting') in Office Out-o… | Dec 18, 2025 | Jan 16, 2026 |
| | CVE-2025-65037 | Microsoft | critical | 10.0 | 0.1%
| | Improper control of generation of code ('code injection') in Azure Container Apps allows an unauthor… | Dec 18, 2025 | Jan 15, 2026 |
| | CVE-2025-65041 | Microsoft | critical | 10.0 | 0.1%
| | Improper authorization in Microsoft Partner Center allows an unauthorized attacker to elevate privil… | Dec 18, 2025 | Jan 6, 2026 |
| | CVE-2025-65046 | Microsoft | low | 3.1 | 0.0%
| | Microsoft Edge (Chromium-based) Spoofing Vulnerability | Dec 18, 2025 | Feb 20, 2026 |
| | CVE-2025-64675 | Microsoft | high | 8.3 | 0.1%
| | Improper neutralization of input during web page generation ('cross-site scripting') in Azure Cosmos… | Dec 19, 2025 | Jan 16, 2026 |
| | CVE-2025-14847 |  Splunk | high | 7.5 | 71.2%
| ⚠ KEV | Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap … | Dec 19, 2025 | Jan 13, 2026 |
| | CVE-2025-69413 |  Red Hat | medium | 5.3 | 0.0%
| | In Gitea before 1.25.2, /api/v1/user has different responses for failed authentication depending on … | Jan 1, 2026 | Jan 1, 2026 |
| | CVE-2025-11157 | Red Hat | high | 7.8 | 0.1%
| | A high-severity remote code execution vulnerability exists in feast-dev/feast version 0.53.0, specif… | Jan 1, 2026 | Jan 1, 2026 |
| | CVE-2026-21428 | Red Hat | high | 8.7 | 0.0%
| | cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0… | Jan 1, 2026 | Jan 1, 2026 |
| | CVE-2025-15411 | Red Hat | medium | 7.1 | 0.0%
| | A weakness has been identified in WebAssembly wabt up to 1.0.39. This vulnerability affects the func… | Jan 1, 2026 | Jan 1, 2026 |
| | CVE-2025-15412 | Red Hat | medium | 7.1 | 0.0%
| | A security vulnerability has been detected in WebAssembly wabt up to 1.0.39. This issue affects the … | Jan 1, 2026 | Jan 1, 2026 |
| | CVE-2025-67268 | Red Hat | high | 7.5 | 0.1%
| ✓ Fix | gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/dr… | Jan 2, 2026 | Jan 2, 2026 |
| | CVE-2025-67269 | Red Hat | high | 7.5 | 0.1%
| ✓ Fix | An integer underflow vulnerability exists in the `nextstate()` function in `gpsd/packet.c` of gpsd v… | Jan 2, 2026 | Jan 2, 2026 |
| | CVE-2026-21444 | Red Hat | medium | 6.5 | 0.0%
| | libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in vers… | Jan 2, 2026 | Jan 2, 2026 |
| | CVE-2025-68757 | Red Hat | medium | 6.2 | 0.1%
| | In the Linux kernel, the following vulnerability has been resolved:
drm/vgem-fence: Fix potential de… | Jan 5, 2026 | Jan 5, 2026 |
| | CVE-2025-68752 | Red Hat | medium | 5.5 | 0.0%
| | In the Linux kernel, the following vulnerability has been resolved:
iavf: Implement settime64 with -… | Jan 5, 2026 | Jan 5, 2026 |
| | CVE-2025-68762 | Red Hat | low | 3.3 | 0.0%
| | In the Linux kernel, the following vulnerability has been resolved:
net: netpoll: initialize work qu… | Jan 5, 2026 | Jan 5, 2026 |
| | CVE-2025-68758 | Red Hat | low | 5.5 | 0.1%
| | In the Linux kernel, the following vulnerability has been resolved:
backlight: led-bl: Add devlink t… | Jan 5, 2026 | Jan 5, 2026 |
| | CVE-2025-68763 | Red Hat | medium | — | 0.0%
| | In the Linux kernel, the following vulnerability has been resolved:
crypto: starfive - Correctly han… | Jan 5, 2026 | Jan 5, 2026 |
| | CVE-2025-68759 | Red Hat | medium | — | 0.1%
| | In the Linux kernel, the following vulnerability has been resolved:
wifi: rtl818x: Fix potential mem… | Jan 5, 2026 | Jan 5, 2026 |
| | CVE-2025-68764 | Red Hat | medium | 6.1 | 0.1%
| | In the Linux kernel, the following vulnerability has been resolved:
NFS: Automounted filesystems sho… | Jan 5, 2026 | Jan 5, 2026 |
| | CVE-2025-68751 | Red Hat | low | 3.3 | 0.0%
| | In the Linux kernel, the following vulnerability has been resolved:
s390/fpu: Fix false-positive kms… | Jan 5, 2026 | Jan 5, 2026 |
| | CVE-2025-68755 | Red Hat | medium | — | 0.0%
| | In the Linux kernel, the following vulnerability has been resolved:
staging: most: remove broken i2c… | Jan 5, 2026 | Jan 5, 2026 |
| | CVE-2025-68765 | Red Hat | medium | — | 0.1%
| | In the Linux kernel, the following vulnerability has been resolved:
mt76: mt7615: Fix memory leak in… | Jan 5, 2026 | Jan 5, 2026 |
| | CVE-2025-68756 | Red Hat | medium | 5.5 | 0.0%
| | In the Linux kernel, the following vulnerability has been resolved:
block: Use RCU in blk_mq_[un]qui… | Jan 5, 2026 | Jan 5, 2026 |
| | CVE-2025-68753 | Red Hat | low | 5.5 | 0.1%
| | In the Linux kernel, the following vulnerability has been resolved:
ALSA: firewire-motu: add bounds … | Jan 5, 2026 | Jan 5, 2026 |
| | CVE-2025-68761 | Red Hat | medium | — | 0.0%
| | In the Linux kernel, the following vulnerability has been resolved:
hfs: fix potential use after fre… | Jan 5, 2026 | Jan 5, 2026 |
| | CVE-2025-68754 | Red Hat | medium | — | 0.0%
| | In the Linux kernel, the following vulnerability has been resolved:
rtc: amlogic-a4: fix double free… | Jan 5, 2026 | Jan 5, 2026 |
| | CVE-2025-68766 | Red Hat | medium | — | 0.1%
| | In the Linux kernel, the following vulnerability has been resolved:
irqchip/mchp-eic: Fix error code… | Jan 5, 2026 | Jan 5, 2026 |
| | CVE-2025-68760 | Red Hat | medium | — | 0.0%
| | In the Linux kernel, the following vulnerability has been resolved:
iommu/amd: Fix potential out-of-… | Jan 5, 2026 | Jan 5, 2026 |
| | CVE-2025-65110 | Red Hat | high | 8.1 | 0.1%
| | Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive … | Jan 5, 2026 | Jan 5, 2026 |
| | CVE-2025-66648 | Red Hat | high | 7.2 | 0.1%
| | vega-functions provides function implementations for the Vega expression language. Prior to version … | Jan 5, 2026 | Jan 5, 2026 |
| | CVE-2025-68428 | Red Hat | high | 8.6 | 0.0%
| ✓ Fix | jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.0.0, user control of the first… | Jan 5, 2026 | Jan 5, 2026 |
| | CVE-2025-69223 | Red Hat | high | 7.5 | 0.1%
| ✓ Fix | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and … | Jan 5, 2026 | Jan 5, 2026 |
| | CVE-2025-69224 | Red Hat | medium | 5.4 | 0.0%
| | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and … | Jan 5, 2026 | Jan 5, 2026 |
| | CVE-2025-69226 | Red Hat | medium | 5.3 | 0.1%
| | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and … | Jan 5, 2026 | Jan 5, 2026 |
| | CVE-2025-69225 | Red Hat | low | 5.4 | 0.0%
| | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and … | Jan 5, 2026 | Jan 5, 2026 |