| | CVE-2026-20080 |  Cisco | medium | 5.3 | 0.1%
| | A vulnerability in the SSH service of Cisco IEC6400 Wireless Backhaul Edge Compute Software could al… | Jan 21, 2026 | Jan 26, 2026 |
| | CVE-2026-20092 | Cisco | medium | 6.0 | 0.0%
| | A vulnerability in the read-only maintenance shell of Cisco Intersight Virtual Appliance could allow… | Jan 21, 2026 | Jan 26, 2026 |
| | CVE-2026-20109 | Cisco | medium | 4.8 | 0.0%
| | Multiple vulnerabilities in the web-based management interface of Cisco Packaged Contact Center Ente… | Jan 21, 2026 | Jan 26, 2026 |
| | CVE-2025-13465 |  Red Hat | high | 8.2 | 0.0%
| ✓ Fix | Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omi… | Jan 21, 2026 | Jan 21, 2026 |
| | CVE-2025-12781 | Red Hat | medium | 5.3 | 0.0%
| | When passing data to the b64decode(), standard_b64decode(), and urlsafe_b64decode() functions in the… | Jan 21, 2026 | Jan 21, 2026 |
| | CVE-2026-22807 | Red Hat | high | 8.8 | 0.1%
| ✓ Fix | vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1… | Jan 21, 2026 | Jan 21, 2026 |
| | CVE-2026-22822 | Red Hat | high | 8.8 | 0.0%
| | External Secrets Operator reads information from a third-party service and automatically injects the… | Jan 21, 2026 | Jan 21, 2026 |
| | CVE-2026-23960 | Red Hat | high | 7.1 | 0.1%
| | Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on… | Jan 21, 2026 | Jan 21, 2026 |
| | CVE-2026-24046 | Red Hat | high | 9.1 | 0.0%
| | Backstage is an open framework for building developer portals. Multiple Scaffolder actions and archi… | Jan 21, 2026 | Jan 21, 2026 |
| | CVE-2026-24047 | Red Hat | medium | 6.3 | 0.0%
| | Backstage is an open framework for building developer portals, and @backstage/cli-common provides co… | Jan 21, 2026 | Jan 21, 2026 |
| | CVE-2026-24048 | Red Hat | low | 3.5 | 0.0%
| | Backstage is an open framework for building developer portals, and @backstage/backend-defaults provi… | Jan 21, 2026 | Jan 21, 2026 |
| | CVE-2026-23736 | Red Hat | high | 7.3 | 0.2%
| | seroval facilitates JS value stringification, including complex structures beyond JSON.stringify cap… | Jan 21, 2026 | Jan 21, 2026 |
| | CVE-2026-23737 | Red Hat | high | 7.5 | 0.2%
| | seroval facilitates JS value stringification, including complex structures beyond JSON.stringify cap… | Jan 21, 2026 | Jan 21, 2026 |
| | CVE-2025-67221 | Red Hat | medium | 5.5 | 0.1%
| | The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON docu… | Jan 22, 2026 | Jan 22, 2026 |
| | CVE-2026-23893 | Red Hat | medium | 6.8 | 0.0%
| | openCryptoki is a PKCS#11 library and provides tooling for Linux and AIX. Versions 2.3.2 and above a… | Jan 22, 2026 | Jan 22, 2026 |
| | CVE-2026-23873 |  Microsoft | critical | 9.0 | 0.0%
| | hustoj is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. A… | Jan 22, 2026 | Feb 27, 2026 |
| | CVE-2026-23952 | Red Hat | medium | 6.5 | 0.0%
| | ImageMagick is free and open-source software used for editing and manipulating digital images. Versi… | Jan 22, 2026 | Jan 22, 2026 |
| | CVE-2026-23956 | Red Hat | high | 7.5 | 0.0%
| | seroval facilitates JS value stringification, including complex structures beyond JSON.stringify cap… | Jan 22, 2026 | Jan 22, 2026 |
| | CVE-2026-23957 | Red Hat | high | 7.5 | 0.1%
| | seroval facilitates JS value stringification, including complex structures beyond JSON.stringify cap… | Jan 22, 2026 | Jan 22, 2026 |
| | CVE-2026-23991 | Red Hat | medium | 5.9 | 0.0%
| | go-tuf is a Go implementation of The Update Framework (TUF). Starting in version 2.0.0 and prior to … | Jan 22, 2026 | Jan 22, 2026 |
| | CVE-2026-23992 | Red Hat | medium | 5.9 | 0.0%
| | go-tuf is a Go implementation of The Update Framework (TUF). Starting in version 2.0.0 and prior to … | Jan 22, 2026 | Jan 22, 2026 |
| | CVE-2026-24001 | Red Hat | high | 7.5 | 0.0%
| | jsdiff is a JavaScript text differencing implementation. Prior to versions 8.0.3, 5.2.2, 4.0.4, and … | Jan 22, 2026 | Jan 22, 2026 |
| | CVE-2026-24006 | Red Hat | high | 7.5 | 0.0%
| | Seroval facilitates JS value stringification, including complex structures beyond JSON.stringify cap… | Jan 22, 2026 | Jan 22, 2026 |
| | CVE-2026-24049 | Red Hat | high | 7.1 | 0.0%
| ✓ Fix | wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions… | Jan 22, 2026 | Jan 22, 2026 |
| | CVE-2025-71176 | Red Hat | medium | 6.8 | 0.0%
| | pytest through 9.0.2 on UNIX relies on directories with the /tmp/pytest-of-{user} name pattern, whic… | Jan 22, 2026 | Jan 22, 2026 |
| | CVE-2026-1225 | Red Hat | medium | 5.0 | 0.0%
| | ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including versi… | Jan 22, 2026 | Jan 22, 2026 |
| | CVE-2025-15523 | Red Hat | medium | 4.4 | 0.0%
| | MacOS version of Inkscape bundles a Python interpreter that inherits the Transparency, Consent, and … | Jan 22, 2026 | Jan 22, 2026 |
| | CVE-2026-1260 | Red Hat | high | 7.8 | 0.0%
| ✓ Fix | Invalid memory access in Sentencepiece versions less than 0.2.1 when using a vulnerable model file, … | Jan 22, 2026 | Jan 22, 2026 |
| | CVE-2025-22234 | Red Hat | medium | 5.3 | 0.0%
| | The fix applied in CVE-2025-22228 inadvertently broke the timing attack mitigation implemented in Da… | Jan 22, 2026 | Jan 22, 2026 |
| | CVE-2026-23831 | Red Hat | medium | 5.3 | 0.0%
| | Rekor is a software supply chain transparency log. In versions 1.4.3 and below, the entry implementa… | Jan 22, 2026 | Jan 22, 2026 |
| | CVE-2026-20750 | Red Hat | critical | 9.1 | 0.0%
| | Gitea does not properly validate project ownership in organization project operations. A user with p… | Jan 22, 2026 | Jan 22, 2026 |
| | CVE-2026-0798 | Red Hat | low | 3.5 | 0.0%
| | Gitea may send release notification emails for private repositories to users whose access has been r… | Jan 22, 2026 | Jan 22, 2026 |
| | CVE-2026-20736 | Red Hat | high | 7.5 | 0.0%
| | Gitea does not properly verify repository context when deleting attachments. A user who previously u… | Jan 22, 2026 | Jan 22, 2026 |
| | CVE-2026-20883 | Red Hat | medium | 6.5 | 0.0%
| | Gitea's stopwatch API does not re-validate repository access permissions. After a user's access to a… | Jan 22, 2026 | Jan 22, 2026 |
| | CVE-2026-20904 | Red Hat | medium | 6.5 | 0.0%
| | Gitea does not properly validate ownership when toggling OpenID URI visibility. An authenticated use… | Jan 22, 2026 | Jan 22, 2026 |
| | CVE-2026-20888 | Red Hat | medium | 4.3 | 0.0%
| | Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interf… | Jan 22, 2026 | Jan 22, 2026 |
| | CVE-2026-20897 | Red Hat | critical | 9.1 | 0.0%
| | Gitea does not properly validate repository ownership when deleting Git LFS locks. A user with write… | Jan 22, 2026 | Jan 22, 2026 |
| | CVE-2026-20912 | Red Hat | critical | 9.1 | 0.0%
| | Gitea does not properly validate repository ownership when linking attachments to releases. An attac… | Jan 22, 2026 | Jan 22, 2026 |
| | CVE-2026-24117 | Red Hat | medium | 5.3 | 0.0%
| | Rekor is a software supply chain transparency log. In versions 1.4.3 and below, attackers can trigge… | Jan 22, 2026 | Jan 22, 2026 |
| | CVE-2026-21227 | Microsoft | high | 8.2 | 0.1%
| | Improper limitation of a pathname to a restricted directory ('path traversal') in Azure Logic Apps a… | Jan 22, 2026 | Feb 3, 2026 |
| | CVE-2026-21264 | Microsoft | critical | 9.3 | 0.0%
| | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Ac… | Jan 22, 2026 | Feb 3, 2026 |
| | CVE-2026-21520 | Microsoft | high | 7.5 | 0.1%
| | Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticate… | Jan 22, 2026 | Feb 2, 2026 |
| | CVE-2026-21521 | Microsoft | high | 7.4 | 0.1%
| | Improper neutralization of escape, meta, or control sequences in Copilot allows an unauthorized atta… | Jan 22, 2026 | Feb 2, 2026 |
| | CVE-2026-21524 | Microsoft | high | 7.4 | 0.1%
| | Exposure of sensitive information to an unauthorized actor in Azure Data Explorer allows an unauthor… | Jan 22, 2026 | Feb 3, 2026 |
| | CVE-2026-24305 | Microsoft | critical | 9.3 | 0.1%
| | Azure Entra ID Elevation of Privilege Vulnerability | Jan 22, 2026 | Feb 3, 2026 |
| | CVE-2026-24306 | Microsoft | critical | 9.8 | 0.1%
| | Improper access control in Azure Front Door (AFD) allows an unauthorized attacker to elevate privile… | Jan 22, 2026 | Feb 27, 2026 |
| | CVE-2026-24307 | Microsoft | critical | 9.3 | 0.1%
| | Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to di… | Jan 22, 2026 | Feb 12, 2026 |
| | CVE-2026-22979 | Red Hat | low | 5.5 | 0.0%
| | In the Linux kernel, the following vulnerability has been resolved:
net: fix memory leak in skb_segm… | Jan 23, 2026 | Jan 23, 2026 |
| | CVE-2025-71161 | Red Hat | low | 5.5 | 0.0%
| | In the Linux kernel, the following vulnerability has been resolved:
dm-verity: disable recursive for… | Jan 23, 2026 | Jan 23, 2026 |
| | CVE-2026-22990 | Red Hat | medium | 7.1 | 0.0%
| | In the Linux kernel, the following vulnerability has been resolved:
libceph: replace overzealous BUG… | Jan 23, 2026 | Jan 23, 2026 |