| | CVE-2026-4926 | Red Hat | high | 7.5 | 0.0%
| ✓ Fix | Impact:
A bad regular expression is generated any time you have multiple sequential optional groups … | Mar 26, 2026 | Mar 26, 2026 |
| | CVE-2026-4923 | Red Hat | medium | 5.9 | 0.0%
| | Impact:
When using multiple wildcards, combined with at least one parameter, a regular expression ca… | Mar 26, 2026 | Mar 26, 2026 |
| | CVE-2026-32284 | Red Hat | medium | 5.9 | 0.1%
| | The msgpack decoder fails to properly validate the input buffer length when processing truncated fix… | Mar 26, 2026 | Mar 26, 2026 |
| | CVE-2026-32286 | Red Hat | high | 7.5 | 0.1%
| ✓ Fix | The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised Pos… | Mar 26, 2026 | Mar 26, 2026 |
| | CVE-2026-32285 | Red Hat | high | 7.5 | 0.0%
| ✓ Fix | The Delete function fails to properly validate offsets when processing malformed JSON input. This ca… | Mar 26, 2026 | Mar 26, 2026 |
| | CVE-2026-32287 | Red Hat | medium | 6.2 | 0.0%
| ✓ Fix | Boolean XPath expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, l… | Mar 26, 2026 | Mar 26, 2026 |
| | CVE-2026-33532 | Red Hat | medium | 6.5 | 0.0%
| | `yaml` is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of `ya… | Mar 26, 2026 | Mar 26, 2026 |
| | CVE-2026-33535 | Red Hat | low | 4.0 | 0.0%
| | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior… | Mar 26, 2026 | Mar 26, 2026 |
| | CVE-2026-33536 | Red Hat | medium | 5.0 | 0.0%
| | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior… | Mar 26, 2026 | Mar 26, 2026 |
| | CVE-2026-33375 | Grafana | medium | 6.5 | 0.4%
| | The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user (Viewer… | Mar 26, 2026 | Jun 17, 2026 |
| | CVE-2026-21724 | Grafana | medium | 5.4 | 0.2%
| | A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning… | Mar 26, 2026 | Jun 17, 2026 |
| | CVE-2026-33658 | Red Hat | medium | 7.5 | 0.0%
| | Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions… | Mar 26, 2026 | Mar 26, 2026 |
| | CVE-2026-3650 | Red Hat | medium | 6.5 | — | | A flaw was found in the Grassroots DICOM library (GDCM). This memory leak vulnerability occurs when … | Mar 26, 2026 | Mar 26, 2026 |
| | CVE-2026-1556 | Red Hat | high | 7.7 | — | | A flaw was found in Drupal File (Field) Paths. This information disclosure vulnerability allows auth… | Mar 26, 2026 | Mar 26, 2026 |
| | CVE-2026-33671 | Red Hat | medium | 6.5 | 0.0%
| | Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulner… | Mar 26, 2026 | Mar 26, 2026 |
| | CVE-2026-33672 | Red Hat | medium | 5.3 | 0.1%
| | Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulner… | Mar 26, 2026 | Mar 26, 2026 |
| | CVE-2026-28377 | Grafana | high | 7.5 | 0.2%
| | A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /statu… | Mar 26, 2026 | Jun 17, 2026 |
| | CVE-2026-34352 | Red Hat | medium | 6.3 | 0.0%
| ✓ Fix | In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the … | Mar 26, 2026 | Mar 26, 2026 |
| | CVE-2026-33542 | Red Hat | high | 8.5 | 0.0%
| | Incus is a system container and virtual machine manager. Prior to version 6.23.0, a lack of validati… | Mar 26, 2026 | Mar 26, 2026 |
| | CVE-2026-33711 | Red Hat | high | 8.8 | 0.0%
| | Incus is a system container and virtual machine manager. Incus provides an API to retrieve VM screen… | Mar 26, 2026 | Mar 26, 2026 |
| | CVE-2026-33743 | Red Hat | medium | 5.5 | 0.0%
| | Incus is a system container and virtual machine manager. Prior to version 6.23.0, a specially crafte… | Mar 26, 2026 | Mar 26, 2026 |
| | CVE-2026-33897 | Red Hat | high | 9.1 | 0.0%
| | Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template … | Mar 26, 2026 | Mar 26, 2026 |
| | CVE-2026-33898 | Red Hat | high | 8.2 | 0.0%
| | Incus is a system container and virtual machine manager. Prior to version 6.23.0, the web server spa… | Mar 26, 2026 | Mar 26, 2026 |
| | CVE-2026-33945 | Red Hat | critical | 9.6 | 0.0%
| | Incus is a system container and virtual machine manager. Incus instances have an option to provide c… | Mar 26, 2026 | Mar 26, 2026 |
| | CVE-2026-27893 | Red Hat | high | 8.8 | 0.0%
| ✓ Fix | vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1… | Mar 26, 2026 | Mar 26, 2026 |
| | CVE-2026-33699 | Red Hat | medium | 6.5 | 0.0%
| | pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.2 have a vulnerabilit… | Mar 26, 2026 | Mar 26, 2026 |
| | CVE-2026-4981 | Red Hat | medium | 5.4 | — | | A flaw was found in Red Hat Advanced Cluster Security (ACS). An unauthenticated remote attacker can … | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-4948 | Red Hat | medium | 5.5 | — | | A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-autho… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33701 | Red Hat | high | 8.1 | 0.5%
| | OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation l… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33721 | Red Hat | high | 7.5 | — | | A flaw was found in MapServer, a system for developing web-based Geographic Information System (GIS)… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33747 | Red Hat | medium | 8.2 | — | | A flaw was found in BuildKit, a toolkit for converting source code to build artifacts. An untrusted … | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-34353 | Red Hat | medium | 5.9 | — | | A flaw was found in OCaml. An integer overflow vulnerability exists in the `Bigarray.reshape` functi… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-22738 | VMware | critical | 9.8 | 0.1%
| | In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value … | Mar 27, 2026 | May 10, 2026 |
| | CVE-2026-22742 | VMware | high | 8.6 | 0.1%
| | Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery (SSRF) vulnerability i… | Mar 27, 2026 | May 10, 2026 |
| | CVE-2026-22743 | VMware | high | 7.5 | 0.1%
| | Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpr… | Mar 27, 2026 | Apr 16, 2026 |
| | CVE-2026-22744 | VMware | high | 7.5 | 0.1%
| | In RedisFilterExpressionConverter of spring-ai-redis-store, when a user-controlled string is passed … | Mar 27, 2026 | Jun 2, 2026 |
| | CVE-2025-59028 | Red Hat | medium | 5.3 | 0.1%
| | When sending invalid base64 SASL data, login process is disconnected from the auth server, causing a… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2025-59031 | Red Hat | medium | 4.3 | 0.0%
| | Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2025-59032 | Red Hat | high | 7.5 | 0.1%
| ✓ Fix | ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be us… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-0394 | Red Hat | medium | 5.3 | 0.0%
| | When dovecot has been configured to use per-domain passwd files, and they are placed one path compon… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-24031 | Red Hat | high | 7.7 | 0.1%
| | Dovecot SQL based authentication can be bypassed when auth_username_chars is cleared by admin. This … | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-27855 | Red Hat | medium | 6.8 | 0.0%
| | Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache i… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-27856 | Red Hat | high | 7.4 | 0.0%
| | Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attac… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-27857 | Red Hat | high | 7.5 | 0.0%
| | Sending "NOOP (((...)))" command with 4000 parenthesis open+close results in ~1MB extra memory usage… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-27858 | Red Hat | high | 7.5 | 0.0%
| | Attacker can send a specifically crafted message before authentication that causes managesieve to al… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-27859 | Red Hat | medium | 5.3 | 0.0%
| | A mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much C… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-27860 | Red Hat | low | 3.7 | 0.0%
| | If auth_username_chars is empty, it is possible to inject arbitrary LDAP filter to Dovecot's LDAP au… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-32695 | Red Hat | high | 7.7 | 0.0%
| | Traefik is an HTTP reverse proxy and load balancer. Prior to versions 3.6.11 and 3.7.0-ea.2, Traefik… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33433 | Red Hat | high | 7.7 | 0.0%
| | Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.42, 3.6.11, and 3.7.0-ea.… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33748 | Red Hat | medium | 6.5 | 0.0%
| ✓ Fix | BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and … | Mar 27, 2026 | Mar 27, 2026 |