| | CVE-2026-3304 |  Red Hat | high | 7.5 | 0.1%
| | Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior t… | Feb 27, 2026 | Feb 27, 2026 |
| | CVE-2026-2293 | Red Hat | high | 7.5 | 0.1%
| | A NestJS application using @nestjs/platform-fastify can allow bypass of authentication/authorization… | Feb 27, 2026 | Feb 27, 2026 |
| | CVE-2026-22716 |  VMware | medium | 5.0 | 0.0%
| | Out-of-bound write vulnerability in VMware Workstation 25H1 and below on any platform allows an acto… | Feb 27, 2026 | Mar 2, 2026 |
| | CVE-2026-22717 | VMware | low | 2.7 | 0.0%
| | Out-of-bound read vulnerability in VMware Workstation 25H1 and below on any platform allows an actor… | Feb 27, 2026 | Mar 2, 2026 |
| | CVE-2026-28351 | Red Hat | medium | 6.5 | 0.1%
| | pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.4, an attacker who use… | Feb 27, 2026 | Feb 27, 2026 |
| | CVE-2026-28406 | Red Hat | high | 8.5 | 0.1%
| | kaniko is a tool to build container images from a Dockerfile, inside a container or Kubernetes clust… | Feb 27, 2026 | Feb 27, 2026 |
| | CVE-2026-27167 | Red Hat | low | 3.7 | 0.1%
| | Gradio is an open-source Python package designed for quick prototyping. Starting in version 4.16.0 a… | Feb 27, 2026 | Feb 27, 2026 |
| | CVE-2026-28415 | Red Hat | medium | 4.3 | 0.0%
| | Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, the … | Feb 27, 2026 | Feb 27, 2026 |
| | CVE-2026-28416 | Red Hat | high | 8.2 | 0.0%
| | Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, a Se… | Feb 27, 2026 | Feb 27, 2026 |
| | CVE-2026-28417 | Red Hat | medium | 4.4 | 0.0%
| | Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection … | Feb 27, 2026 | Feb 27, 2026 |
| | CVE-2026-28418 | Red Hat | medium | 5.3 | 0.0%
| | Vim is an open source, command line text editor. Prior to version 9.2.0074, a heap-based buffer over… | Feb 27, 2026 | Feb 27, 2026 |
| | CVE-2026-28419 | Red Hat | medium | 5.3 | 0.0%
| | Vim is an open source, command line text editor. Prior to version 9.2.0075, a heap-based buffer unde… | Feb 27, 2026 | Feb 27, 2026 |
| | CVE-2026-28420 | Red Hat | medium | 4.4 | 0.0%
| | Vim is an open source, command line text editor. Prior to version 9.2.0076, a heap-based buffer over… | Feb 27, 2026 | Feb 27, 2026 |
| | CVE-2026-28421 | Red Hat | medium | 5.3 | 0.0%
| | Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overf… | Feb 27, 2026 | Feb 27, 2026 |
| | CVE-2026-28422 | Red Hat | low | 2.2 | 0.0%
| | Vim is an open source, command line text editor. Prior to version 9.2.0078, a stack-buffer-overflow … | Feb 27, 2026 | Feb 27, 2026 |
| | CVE-2026-3429 | Red Hat | medium | 4.2 | 0.0%
| | A flaw was identified in the Account REST API of Keycloak that allows a user authenticated at a lowe… | Mar 2, 2026 | Mar 2, 2026 |
| | CVE-2026-3442 | Red Hat | medium | 6.1 | — | | No description is available for this CVE. | Mar 2, 2026 | Mar 2, 2026 |
| | CVE-2026-3441 | Red Hat | medium | 6.1 | — | | No description is available for this CVE. | Mar 2, 2026 | Mar 2, 2026 |
| | CVE-2025-58107 |  Microsoft | high | 7.5 | 0.0%
| | In Microsoft Exchange through 2019, Exchange ActiveSync (EAS) configurations on on-premises servers … | Mar 2, 2026 | Mar 2, 2026 |
| | CVE-2026-23600 |  HPE | medium | — | 0.2%
| | A remote authentication bypass vulnerability
exists in HPE AutoPass License Server (APLS). | Mar 2, 2026 | Mar 2, 2026 |
| | CVE-2026-23865 | Red Hat | medium | 5.3 | 0.0%
| | An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in vers… | Mar 2, 2026 | Mar 2, 2026 |
| | CVE-2026-27631 | Red Hat | low | 5.3 | 0.0%
| | Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP … | Mar 2, 2026 | Mar 2, 2026 |
| | CVE-2026-27596 | Red Hat | low | 5.3 | 0.1%
| | Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP … | Mar 2, 2026 | Mar 2, 2026 |
| | CVE-2026-25884 | Red Hat | low | 5.3 | 0.0%
| | Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP … | Mar 2, 2026 | Mar 2, 2026 |
| | CVE-2026-2256 | Red Hat | medium | 6.5 | 2.3%
| | A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 and earlier exists, al… | Mar 2, 2026 | Mar 2, 2026 |
| | CVE-2026-3336 | Red Hat | high | 7.5 | 0.0%
| | Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass… | Mar 2, 2026 | Mar 2, 2026 |
| | CVE-2026-3337 | Red Hat | medium | 6.5 | 0.1%
| | Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to pote… | Mar 2, 2026 | Mar 2, 2026 |
| | CVE-2026-3338 | Red Hat | high | 7.5 | 0.0%
| | Improper signature validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass s… | Mar 2, 2026 | Mar 2, 2026 |
| | CVE-2026-3544 | Red Hat | high | 8.8 | 0.1%
| | Heap buffer overflow in WebCodecs in Google Chrome prior to 145.0.7632.159 allowed a remote attacker… | Mar 3, 2026 | Mar 3, 2026 |
| | CVE-2026-3543 | Red Hat | high | 8.8 | 0.1%
| | Inappropriate implementation in V8 in Google Chrome prior to 145.0.7632.159 allowed a remote attacke… | Mar 3, 2026 | Mar 3, 2026 |
| | CVE-2026-3539 | Red Hat | high | 8.8 | 0.0%
| | Object lifecycle issue in DevTools in Google Chrome prior to 145.0.7632.159 allowed an attacker who … | Mar 3, 2026 | Mar 3, 2026 |
| | CVE-2026-3541 | Red Hat | high | 8.8 | 0.1%
| | Inappropriate implementation in CSS in Google Chrome prior to 145.0.7632.159 allowed a remote attack… | Mar 3, 2026 | Mar 3, 2026 |
| | CVE-2026-3538 | Red Hat | high | 8.8 | 0.1%
| | Integer overflow in Skia in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to poten… | Mar 3, 2026 | Mar 3, 2026 |
| | CVE-2026-3542 | Red Hat | high | 8.8 | 0.1%
| | Inappropriate implementation in WebAssembly in Google Chrome prior to 145.0.7632.159 allowed a remot… | Mar 3, 2026 | Mar 3, 2026 |
| | CVE-2026-3545 | Red Hat | high | 8.8 | 0.1%
| | Insufficient data validation in Navigation in Google Chrome prior to 145.0.7632.159 allowed a remote… | Mar 3, 2026 | Mar 3, 2026 |
| | CVE-2026-3536 | Red Hat | high | 8.8 | 0.1%
| | Integer overflow in ANGLE in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to pote… | Mar 3, 2026 | Mar 3, 2026 |
| | CVE-2026-3540 | Red Hat | high | 8.8 | 0.1%
| | Inappropriate implementation in WebAudio in Google Chrome prior to 145.0.7632.159 allowed a remote a… | Mar 3, 2026 | Mar 3, 2026 |
| | CVE-2026-2628 | Microsoft | critical | 9.8 | 0.3%
| | The All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPress is vulnerable to a… | Mar 3, 2026 | Mar 3, 2026 |
| | CVE-2026-3449 | Red Hat | medium | 4.0 | 0.0%
| | Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scop… | Mar 3, 2026 | Mar 3, 2026 |
| | CVE-2026-25673 | Red Hat | high | 7.5 | 0.2%
| | An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29.
`URLField.to_… | Mar 3, 2026 | Mar 3, 2026 |
| | CVE-2026-25674 | Red Hat | low | 3.7 | 0.0%
| | An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29.
Race conditio… | Mar 3, 2026 | Mar 3, 2026 |
| | CVE-2025-15599 | Red Hat | medium | 6.1 | 0.0%
| | DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability t… | Mar 3, 2026 | Mar 3, 2026 |
| | CVE-2026-0540 | Red Hat | medium | 6.1 | 0.0%
| | DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in commit 729097f, contain a cross-site… | Mar 3, 2026 | Mar 3, 2026 |
| | CVE-2026-3494 | Red Hat | medium | 4.3 | 0.0%
| | In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_even… | Mar 3, 2026 | Mar 3, 2026 |
| | CVE-2026-2376 | Red Hat | medium | 4.9 | 0.0%
| | No description is available for this CVE. | Mar 3, 2026 | Mar 3, 2026 |
| | CVE-2026-2915 | HPE | high | 7.1 | 0.0%
| | HP System Event Utility might allow denial of service with elevated arbitrary file writes. This pote… | Mar 3, 2026 | Mar 9, 2026 |
| | CVE-2026-3224 | Microsoft | critical | 9.8 | 0.1%
| | Authentication bypass in the Microsoft Entra ID (Azure AD) authentication mode in Devolutions Server… | Mar 3, 2026 | Mar 5, 2026 |
| | CVE-2026-27601 | Red Hat | medium | 5.9 | 0.0%
| | Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the _.flatten and _.isEqual… | Mar 3, 2026 | Mar 3, 2026 |
| | CVE-2026-27622 | Red Hat | high | 7.4 | 0.0%
| | OpenEXR provides the specification and reference implementation of the EXR file format, an image sto… | Mar 3, 2026 | Mar 3, 2026 |
| | CVE-2025-71238 | Red Hat | medium | 7.3 | 0.0%
| | In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Fix bsg_done() ca… | Mar 4, 2026 | Mar 4, 2026 |