| | CVE-2026-27877 | Grafana | medium | 6.5 | 0.3%
| | When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed… | Mar 27, 2026 | Jun 30, 2026 |
| | CVE-2026-33750 | Red Hat | medium | 6.5 | 0.0%
| | The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33757 | Red Hat | high | 9.6 | 0.1%
| | OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao … | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-27880 | Grafana | high | 7.5 | 0.8%
| | The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cau… | Mar 27, 2026 | Jun 30, 2026 |
| | CVE-2026-33758 | Red Hat | high | 9.6 | 0.1%
| | OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao … | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-27876 | Grafana | critical | 9.1 | 1.9%
| | A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary … | Mar 27, 2026 | Jun 30, 2026 |
| | CVE-2026-28375 | Grafana | medium | 6.5 | 0.4%
| | A testdata data-source can be used to trigger out-of-memory crashes in Grafana. | Mar 27, 2026 | Jun 17, 2026 |
| | CVE-2026-27879 | Grafana | medium | 6.5 | 0.4%
| | A resample query can be used to trigger out-of-memory crashes in Grafana. | Mar 27, 2026 | Jun 17, 2026 |
| | CVE-2026-4980 | Red Hat | medium | 6.3 | 0.0%
| | A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-28368 | Apache | high | 8.7 | 0.7%
| | A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially cra… | Mar 27, 2026 | Jun 29, 2026 |
| | CVE-2026-28367 | Apache | high | 8.7 | 0.7%
| | A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\r\r\r` a… | Mar 27, 2026 | Jun 29, 2026 |
| | CVE-2026-28369 | Apache | high | 8.7 | 0.1%
| | A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line sta… | Mar 27, 2026 | Apr 8, 2026 |
| | CVE-2025-15381 | Red Hat | high | 8.1 | 0.0%
| | In the latest version of mlflow/mlflow, when the `basic-auth` app is enabled, tracing and assessment… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-34475 | Red Hat | medium | 5.4 | 0.1%
| | Varnish Cache before 8.0.1 and Varnish Enterprise before 6.0.16r12, in certain unchecked req.url sce… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33870 | Red Hat | high | 7.5 | 0.0%
| | Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.F… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33871 | Red Hat | high | 7.5 | 0.0%
| ✓ Fix | Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.F… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33891 | Red Hat | high | 7.5 | 0.0%
| | Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScrip… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33894 | Red Hat | high | 7.5 | 0.0%
| | Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScrip… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33895 | Red Hat | high | 7.5 | 0.0%
| | Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScrip… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33896 | Red Hat | high | 7.4 | 0.0%
| | Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScrip… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33916 | Red Hat | medium | 4.7 | 0.0%
| | Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 thr… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33937 | Red Hat | high | 9.8 | 0.3%
| | Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 thr… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33938 | Red Hat | high | 8.1 | 0.1%
| | Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 thr… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33939 | Red Hat | high | 7.5 | 0.0%
| | Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 thr… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33940 | Red Hat | high | 8.1 | 0.0%
| | Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 thr… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33941 | Red Hat | high | 8.2 | 0.0%
| | Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 thr… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33943 | Red Hat | high | 8.8 | 0.1%
| | Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. In v… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-32187 | Microsoft | medium | 4.2 | 0.1%
| | Microsoft Edge (Chromium-based) Defense in Depth Vulnerability | Mar 27, 2026 | Mar 31, 2026 |
| | CVE-2026-34226 | Red Hat | high | 7.5 | 0.1%
| | Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Vers… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33936 | Red Hat | medium | 5.3 | 0.1%
| | The `ecdsa` PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with s… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33993 | Red Hat | medium | 5.3 | 0.1%
| | Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior … | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33994 | Red Hat | medium | 5.3 | 0.1%
| | Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Starti… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33996 | Red Hat | medium | 5.9 | 0.0%
| | LibJWT is a C JSON Web Token Library. Starting in version 3.0.0 and prior to version 3.3.0, the JWK … | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-23399 | Red Hat | low | 5.5 | 0.0%
| | In the Linux kernel, the following vulnerability has been resolved:
nf_tables: nft_dynset: fix possi… | Mar 28, 2026 | Mar 28, 2026 |
| | CVE-2026-28871 | Red Hat | medium | 4.3 | 0.0%
| ✓ Fix | A logic issue was addressed with improved checks. This issue is fixed in Safari 26.4, iOS 18.7.7 and… | Mar 28, 2026 | Mar 28, 2026 |
| | CVE-2026-28861 | Red Hat | high | 4.3 | 0.0%
| | A logic issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS … | Mar 28, 2026 | Mar 28, 2026 |
| | CVE-2026-28859 | Red Hat | high | 8.8 | 0.0%
| ✓ Fix | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 … | Mar 28, 2026 | Mar 28, 2026 |
| | CVE-2026-28857 | Red Hat | high | 8.8 | 0.0%
| ✓ Fix | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 … | Mar 28, 2026 | Mar 28, 2026 |
| | CVE-2026-20691 | Red Hat | medium | 4.3 | 0.0%
| ✓ Fix | An authorization issue was addressed with improved state management. This issue is fixed in Safari 2… | Mar 28, 2026 | Mar 28, 2026 |
| | CVE-2026-20665 | Red Hat | medium | 5.4 | 0.2%
| ✓ Fix | This issue was addressed through improved state management. This issue is fixed in Safari 26.4, iOS … | Mar 28, 2026 | Mar 28, 2026 |
| | CVE-2026-20664 | Red Hat | high | 8.8 | 0.0%
| ✓ Fix | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 … | Mar 28, 2026 | Mar 28, 2026 |
| | CVE-2026-20643 | Red Hat | medium | 5.4 | 0.0%
| ✓ Fix | A cross-origin issue in the Navigation API was addressed with improved input validation. This issue … | Mar 28, 2026 | Mar 28, 2026 |
| | CVE-2026-23400 | Red Hat | medium | — | — | | A flaw was found in the Linux kernel's rust_binder component. A local user could potentially trigger… | Mar 29, 2026 | Mar 29, 2026 |
| | CVE-2026-4176 | Red Hat | medium | 7.0 | 0.0%
| | Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9… | Mar 29, 2026 | Mar 29, 2026 |
| | CVE-2026-2370 | Red Hat | high | 8.1 | 0.0%
| | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.3 before 18.8.7, 18.9 … | Mar 29, 2026 | Mar 29, 2026 |
| | CVE-2025-15036 | Red Hat | high | 9.6 | 0.1%
| | A flaw was found in mlflow. A path traversal vulnerability exists in the `extract_archive_to_dir` fu… | Mar 30, 2026 | Mar 30, 2026 |
| | CVE-2026-5107 | Red Hat | medium | 4.2 | 0.0%
| | A flaw was found in frr package. This vulnerability, located in the EVPN Type-2 Route Handler functi… | Mar 30, 2026 | Mar 30, 2026 |
| | CVE-2026-5119 | Red Hat | medium | 5.9 | 0.0%
| | A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensit… | Mar 30, 2026 | Mar 30, 2026 |
| | CVE-2025-15379 | Red Hat | high | 9.0 | 0.3%
| | A command injection vulnerability exists in MLflow's model serving container initialization code, sp… | Mar 30, 2026 | Mar 30, 2026 |
| | CVE-2026-5121 | Red Hat | medium | — | 0.1%
| | A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the z… | Mar 30, 2026 | Mar 30, 2026 |