| | CVE-2026-23009 |  Red Hat | low | 5.5 | 0.0%
| | In the Linux kernel, the following vulnerability has been resolved:
xhci: sideband: don't dereferenc… | Jan 25, 2026 | Jan 25, 2026 |
| | CVE-2026-23013 | Red Hat | medium | 4.4 | 0.0%
| | In the Linux kernel, the following vulnerability has been resolved:
net: octeon_ep_vf: fix free_irq … | Jan 25, 2026 | Jan 25, 2026 |
| | CVE-2026-22999 | Red Hat | medium | 5.5 | 0.0%
| | In the Linux kernel, the following vulnerability has been resolved:
net/sched: sch_qfq: do not free … | Jan 25, 2026 | Jan 25, 2026 |
| | CVE-2026-23002 | Red Hat | low | 4.7 | 0.0%
| | In the Linux kernel, the following vulnerability has been resolved:
lib/buildid: use __kernel_read()… | Jan 25, 2026 | Jan 25, 2026 |
| | CVE-2025-71162 | Red Hat | medium | — | 0.0%
| | In the Linux kernel, the following vulnerability has been resolved:
dmaengine: tegra-adma: Fix use-a… | Jan 25, 2026 | Jan 25, 2026 |
| | CVE-2026-23001 | Red Hat | medium | 7.8 | 0.0%
| ✓ Fix | In the Linux kernel, the following vulnerability has been resolved:
macvlan: fix possible UAF in mac… | Jan 25, 2026 | Jan 25, 2026 |
| | CVE-2026-22996 | Red Hat | medium | 5.5 | 0.0%
| | In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Don't store mlx5e_pri… | Jan 25, 2026 | Jan 25, 2026 |
| | CVE-2026-23004 | Red Hat | medium | 4.7 | 0.0%
| | In the Linux kernel, the following vulnerability has been resolved:
dst: fix races in rt6_uncached_l… | Jan 25, 2026 | Jan 25, 2026 |
| | CVE-2026-23012 | Red Hat | medium | — | 0.0%
| | In the Linux kernel, the following vulnerability has been resolved:
mm/damon/core: remove call_contr… | Jan 25, 2026 | Jan 25, 2026 |
| | CVE-2026-23005 | Red Hat | low | 5.5 | 0.0%
| | In the Linux kernel, the following vulnerability has been resolved:
x86/fpu: Clear XSTATE_BV[i] in g… | Jan 25, 2026 | Jan 25, 2026 |
| | CVE-2026-22997 | Red Hat | low | 5.5 | 0.0%
| | In the Linux kernel, the following vulnerability has been resolved:
net: can: j1939: j1939_xtp_rx_rt… | Jan 25, 2026 | Jan 25, 2026 |
| | CVE-2025-50537 | Red Hat | medium | 5.5 | 0.0%
| | Stack overflow vulnerability in eslint before 9.26.0 when serializing objects with circular referenc… | Jan 26, 2026 | Jan 26, 2026 |
| | CVE-2026-21509 |  Microsoft | high | 7.8 | 9.3%
| ⚠ KEV | Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attac… | Jan 26, 2026 | Feb 11, 2026 |
| | CVE-2026-23888 | Red Hat | medium | 6.5 | 0.0%
| | pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's binary… | Jan 26, 2026 | Jan 26, 2026 |
| | CVE-2025-59471 | Red Hat | medium | 5.9 | 0.0%
| | A denial of service vulnerability exists in self-hosted Next.js applications that have `remotePatter… | Jan 26, 2026 | Jan 26, 2026 |
| | CVE-2025-59472 | Red Hat | medium | 5.9 | 0.1%
| | A denial of service vulnerability exists in Next.js versions with Partial Prerendering (PPR) enabled… | Jan 26, 2026 | Jan 26, 2026 |
| | CVE-2026-23889 | Red Hat | medium | 6.5 | 0.0%
| | pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's tarbal… | Jan 26, 2026 | Jan 26, 2026 |
| | CVE-2026-23890 | Red Hat | medium | 6.5 | 0.0%
| | pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's bin li… | Jan 26, 2026 | Jan 26, 2026 |
| | CVE-2026-24056 | Red Hat | medium | 6.5 | 0.0%
| | pnpm is a package manager. Prior to version 10.28.2, when pnpm installs a `file:` (directory) or `gi… | Jan 26, 2026 | Jan 26, 2026 |
| | CVE-2026-24131 | Red Hat | medium | 6.5 | 0.0%
| | pnpm is a package manager. Prior to version 10.28.2, when pnpm processes a package's `directories.bi… | Jan 26, 2026 | Jan 26, 2026 |
| | CVE-2026-24400 | Red Hat | medium | 6.1 | 0.0%
| | AssertJ provides Fluent testing assertions for Java and the Java Virtual Machine (JVM). Starting in … | Jan 26, 2026 | Jan 26, 2026 |
| | CVE-2026-1504 | Red Hat | high | 6.5 | 0.0%
| | Inappropriate implementation in Background Fetch API in Google Chrome prior to 144.0.7559.110 allowe… | Jan 27, 2026 | Jan 27, 2026 |
| | CVE-2025-28162 | Red Hat | medium | 6.2 | 0.0%
| | Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of s… | Jan 27, 2026 | Jan 27, 2026 |
| | CVE-2025-28164 | Red Hat | medium | 5.0 | 0.0%
| | Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of s… | Jan 27, 2026 | Jan 27, 2026 |
| | CVE-2026-1489 | Red Hat | medium | 5.4 | 0.1%
| | A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implement… | Jan 27, 2026 | Jan 27, 2026 |
| | CVE-2026-1485 | Red Hat | low | 2.8 | 0.0%
| | A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs be… | Jan 27, 2026 | Jan 27, 2026 |
| | CVE-2026-1484 | Red Hat | medium | 4.2 | 0.1%
| | A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to i… | Jan 27, 2026 | Jan 27, 2026 |
| | CVE-2026-1467 | Red Hat | medium | 5.8 | 0.1%
| | A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF (Carriage Ret… | Jan 27, 2026 | Jan 27, 2026 |
| | CVE-2026-22796 | Red Hat | low | 5.9 | 0.1%
| ✓ Fix | Issue summary: A type confusion vulnerability exists in the signature
verification of signed PKCS#7 … | Jan 27, 2026 | Jan 27, 2026 |
| | CVE-2026-22795 | Red Hat | low | 5.5 | 0.0%
| ✓ Fix | Issue summary: An invalid or NULL pointer dereference can happen in
an application processing a malf… | Jan 27, 2026 | Jan 27, 2026 |
| | CVE-2025-69420 | Red Hat | low | 5.9 | 0.2%
| ✓ Fix | Issue summary: A type confusion vulnerability exists in the TimeStamp Response
verification code whe… | Jan 27, 2026 | Jan 27, 2026 |
| | CVE-2025-69421 | Red Hat | low | 6.5 | 0.1%
| ✓ Fix | Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer
dereference in the PKC… | Jan 27, 2026 | Jan 27, 2026 |
| | CVE-2025-69419 | Red Hat | medium | 7.4 | 0.1%
| ✓ Fix | Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously
crafted PKCS#12 file with… | Jan 27, 2026 | Jan 27, 2026 |
| | CVE-2025-69418 | Red Hat | low | 4.0 | 0.0%
| ✓ Fix | Issue summary: When using the low-level OCB API directly with AES-NI or<br>other hardware-accelerate… | Jan 27, 2026 | Jan 27, 2026 |
| | CVE-2025-68160 | Red Hat | low | 4.7 | 0.0%
| ✓ Fix | Issue summary: Writing large, newline-free data into a BIO chain using the
line-buffering filter whe… | Jan 27, 2026 | Jan 27, 2026 |
| | CVE-2025-66199 | Red Hat | low | 5.9 | 0.1%
| ✓ Fix | Issue summary: A TLS 1.3 connection using certificate compression can be
forced to allocate a large … | Jan 27, 2026 | Jan 27, 2026 |
| | CVE-2025-15469 | Red Hat | low | 5.5 | 0.0%
| ✓ Fix | Issue summary: The 'openssl dgst' command-line tool silently truncates input
data to 16MB when using… | Jan 27, 2026 | Jan 27, 2026 |
| | CVE-2025-15468 | Red Hat | low | 5.9 | 0.1%
| ✓ Fix | Issue summary: If an application using the SSL_CIPHER_find() function in
a QUIC protocol client or s… | Jan 27, 2026 | Jan 27, 2026 |
| | CVE-2025-11187 | Red Hat | medium | 6.1 | 0.0%
| ✓ Fix | Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation
which can trigger a stack-b… | Jan 27, 2026 | Jan 27, 2026 |
| | CVE-2026-24480 | Red Hat | high | 9.9 | 0.4%
| | QGIS is a free, open source, cross platform geographical information system (GIS) The repository con… | Jan 27, 2026 | Jan 27, 2026 |
| | CVE-2026-24486 | Red Hat | high | 8.6 | 0.0%
| ✓ Fix | Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Travers… | Jan 27, 2026 | Jan 27, 2026 |
| | CVE-2026-24686 | Red Hat | medium | 4.7 | 0.0%
| | go-tuf is a Go implementation of The Update Framework (TUF). go-tuf's TAP 4 Multirepo Client uses th… | Jan 27, 2026 | Jan 27, 2026 |
| | CVE-2026-24825 | Red Hat | medium | 5.3 | 0.1%
| | Missing Release of Memory after Effective Lifetime vulnerability in ydb-platform ydb (contrib/libs/y… | Jan 27, 2026 | Jan 27, 2026 |
| | CVE-2026-21720 |  Grafana | high | 7.5 | 0.0%
| | Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the re… | Jan 27, 2026 | Apr 24, 2026 |
| | CVE-2026-21721 | Grafana | high | 8.1 | 0.0%
| | The dashboard permissions API does not verify the target dashboard scope and only checks the dashboa… | Jan 27, 2026 | Apr 24, 2026 |
| | CVE-2025-13881 | Red Hat | low | 2.7 | 0.0%
| ✓ Fix | A flaw was found in Keycloak Admin API. This vulnerability allows an administrator with limited priv… | Jan 27, 2026 | Jan 27, 2026 |
| | CVE-2026-24868 | Red Hat | medium | 6.1 | 0.0%
| | Mitigation bypass in the Privacy: Anti-Tracking component. This vulnerability affects Firefox < 147.… | Jan 27, 2026 | Jan 27, 2026 |
| | CVE-2026-24869 | Red Hat | high | 7.5 | 0.0%
| | Use-after-free in the Layout: Scrolling and Overflow component. This vulnerability affects Firefox <… | Jan 27, 2026 | Jan 27, 2026 |
| | CVE-2025-15467 |  Fortinet | high | 8.8 | 1.0%
| | Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with
maliciously crafted AEAD … | Jan 27, 2026 | Mar 19, 2026 |
| | CVE-2026-0648 |  Check Point | high | 7.8 | 0.0%
| | The vulnerability stems from an incorrect error-checking logic in the CreateCounter() function (in t… | Jan 27, 2026 | Jan 29, 2026 |