| | CVE-2026-4948 |  Red Hat | medium | 5.5 | — | | A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-autho… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33701 | Red Hat | high | 8.1 | 0.5%
| | OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation l… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33721 | Red Hat | high | 7.5 | — | | A flaw was found in MapServer, a system for developing web-based Geographic Information System (GIS)… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33747 | Red Hat | medium | 8.2 | — | | A flaw was found in BuildKit, a toolkit for converting source code to build artifacts. An untrusted … | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-34353 | Red Hat | medium | 5.9 | — | | A flaw was found in OCaml. An integer overflow vulnerability exists in the `Bigarray.reshape` functi… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-22738 |  VMware | critical | 9.8 | 0.1%
| | In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value … | Mar 27, 2026 | May 10, 2026 |
| | CVE-2026-22742 | VMware | high | 8.6 | 0.1%
| | Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery (SSRF) vulnerability i… | Mar 27, 2026 | May 10, 2026 |
| | CVE-2026-22743 | VMware | high | 7.5 | 0.1%
| | Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpr… | Mar 27, 2026 | Apr 16, 2026 |
| | CVE-2026-22744 | VMware | high | 7.5 | 0.0%
| | In RedisFilterExpressionConverter of spring-ai-redis-store, when a user-controlled string is passed … | Mar 27, 2026 | Apr 16, 2026 |
| | CVE-2025-59028 | Red Hat | medium | 5.3 | 0.1%
| | When sending invalid base64 SASL data, login process is disconnected from the auth server, causing a… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2025-59031 | Red Hat | medium | 4.3 | 0.0%
| | Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-0394 | Red Hat | medium | 5.3 | 0.0%
| | When dovecot has been configured to use per-domain passwd files, and they are placed one path compon… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-24031 | Red Hat | high | 7.7 | 0.1%
| | Dovecot SQL based authentication can be bypassed when auth_username_chars is cleared by admin. This … | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-27855 | Red Hat | medium | 6.8 | 0.0%
| | Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache i… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-27857 | Red Hat | high | 7.5 | 0.0%
| | Sending "NOOP (((...)))" command with 4000 parenthesis open+close results in ~1MB extra memory usage… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-27858 | Red Hat | high | 7.5 | 0.0%
| | Attacker can send a specifically crafted message before authentication that causes managesieve to al… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-27859 | Red Hat | medium | 5.3 | 0.0%
| | A mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much C… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-27860 | Red Hat | low | 3.7 | 0.0%
| | If auth_username_chars is empty, it is possible to inject arbitrary LDAP filter to Dovecot's LDAP au… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-32695 | Red Hat | high | 7.7 | 0.0%
| | Traefik is an HTTP reverse proxy and load balancer. Prior to versions 3.6.11 and 3.7.0-ea.2, Traefik… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33433 | Red Hat | high | 7.7 | 0.0%
| | Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.42, 3.6.11, and 3.7.0-ea.… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33757 | Red Hat | high | 9.6 | 0.1%
| | OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao … | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33758 | Red Hat | high | 9.6 | 0.1%
| | OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao … | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-27876 |  Grafana | critical | 9.1 | 0.1%
| | A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary … | Mar 27, 2026 | Apr 24, 2026 |
| | CVE-2026-28375 | Grafana | medium | 6.5 | 0.0%
| | A testdata data-source can be used to trigger out-of-memory crashes in Grafana. | Mar 27, 2026 | Apr 24, 2026 |
| | CVE-2026-27879 | Grafana | medium | 6.5 | 0.0%
| | A resample query can be used to trigger out-of-memory crashes in Grafana. | Mar 27, 2026 | Apr 24, 2026 |
| | CVE-2026-4980 | Red Hat | medium | 6.3 | 0.0%
| | A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-27877 | Grafana | medium | 6.5 | 0.0%
| | When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed… | Mar 27, 2026 | May 10, 2026 |
| | CVE-2026-27880 | Grafana | high | 7.5 | 0.0%
| | The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cau… | Mar 27, 2026 | May 10, 2026 |
| | CVE-2026-28368 |  Apache | high | 8.7 | 0.1%
| | A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially cra… | Mar 27, 2026 | Apr 8, 2026 |
| | CVE-2026-28367 | Apache | high | 8.7 | 0.0%
| | A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\r\r\r` a… | Mar 27, 2026 | Apr 8, 2026 |
| | CVE-2026-28369 | Apache | high | 8.7 | 0.1%
| | A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line sta… | Mar 27, 2026 | Apr 8, 2026 |
| | CVE-2026-33870 | Red Hat | high | 7.5 | 0.0%
| | Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.F… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33891 | Red Hat | high | 7.5 | 0.0%
| | Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScrip… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33894 | Red Hat | high | 7.5 | 0.0%
| | Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScrip… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33895 | Red Hat | high | 7.5 | 0.0%
| | Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScrip… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33896 | Red Hat | high | 7.4 | 0.0%
| | Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScrip… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33916 | Red Hat | medium | 4.7 | 0.0%
| | Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 thr… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33937 | Red Hat | high | 9.8 | 0.3%
| | Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 thr… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33938 | Red Hat | high | 8.1 | 0.1%
| | Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 thr… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33939 | Red Hat | high | 7.5 | 0.0%
| | Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 thr… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33940 | Red Hat | high | 8.1 | 0.0%
| | Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 thr… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33941 | Red Hat | high | 8.2 | 0.0%
| | Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 thr… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33943 | Red Hat | high | 8.8 | 0.1%
| | Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. In v… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-32187 |  Microsoft | medium | 4.2 | 0.1%
| | Microsoft Edge (Chromium-based) Defense in Depth Vulnerability | Mar 27, 2026 | Mar 31, 2026 |
| | CVE-2026-33996 | Red Hat | medium | 5.9 | 0.0%
| | LibJWT is a C JSON Web Token Library. Starting in version 3.0.0 and prior to version 3.3.0, the JWK … | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-23399 | Red Hat | low | 5.5 | 0.0%
| | In the Linux kernel, the following vulnerability has been resolved:
nf_tables: nft_dynset: fix possi… | Mar 28, 2026 | Mar 28, 2026 |
| | CVE-2026-23400 | Red Hat | medium | — | — | | A flaw was found in the Linux kernel's rust_binder component. A local user could potentially trigger… | Mar 29, 2026 | Mar 29, 2026 |
| | CVE-2025-15036 | Red Hat | high | 9.6 | 0.1%
| | A flaw was found in mlflow. A path traversal vulnerability exists in the `extract_archive_to_dir` fu… | Mar 30, 2026 | Mar 30, 2026 |
| | CVE-2026-5107 | Red Hat | medium | 4.2 | 0.0%
| | A flaw was found in frr package. This vulnerability, located in the EVPN Type-2 Route Handler functi… | Mar 30, 2026 | Mar 30, 2026 |
| | CVE-2026-5119 | Red Hat | medium | 5.9 | 0.0%
| | A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensit… | Mar 30, 2026 | Mar 30, 2026 |