| | CVE-2026-32178 |  Microsoft | high | 7.5 | 0.0%
| | Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoof… | Apr 14, 2026 | May 7, 2026 |
| | CVE-2026-32184 | Microsoft | high | 7.8 | 0.5%
| | Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an authori… | Apr 14, 2026 | May 6, 2026 |
| | CVE-2026-32188 | Microsoft | high | 7.1 | 0.1%
| | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information… | Apr 14, 2026 | Apr 29, 2026 |
| | CVE-2026-32189 | Microsoft | high | 7.8 | 0.1%
| | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | Apr 14, 2026 | Apr 29, 2026 |
| | CVE-2026-32190 | Microsoft | high | 8.4 | 0.1%
| | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | Apr 14, 2026 | Apr 29, 2026 |
| | CVE-2026-32192 | Microsoft | high | 7.8 | 0.5%
| | Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate pr… | Apr 14, 2026 | May 7, 2026 |
| | CVE-2026-32196 | Microsoft | medium | 6.1 | 0.0%
| | Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admi… | Apr 14, 2026 | Apr 28, 2026 |
| | CVE-2026-32197 | Microsoft | high | 7.8 | 0.1%
| | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | Apr 14, 2026 | Apr 28, 2026 |
| | CVE-2026-32198 | Microsoft | high | 7.8 | 0.1%
| | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | Apr 14, 2026 | Apr 28, 2026 |
| | CVE-2026-32199 | Microsoft | high | 7.8 | 0.1%
| | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | Apr 14, 2026 | Apr 28, 2026 |
| | CVE-2026-32200 | Microsoft | high | 7.8 | 0.1%
| | Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locall… | Apr 14, 2026 | Apr 28, 2026 |
| | CVE-2026-32203 | Microsoft | high | 7.5 | 0.1%
| | Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny servic… | Apr 14, 2026 | May 6, 2026 |
| | CVE-2026-32226 | Microsoft | medium | 5.9 | 0.1%
| | Concurrent execution using shared resource with improper synchronization ('race condition') in .NET … | Apr 14, 2026 | May 6, 2026 |
| | CVE-2026-33095 | Microsoft | high | 7.8 | 0.1%
| | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | Apr 14, 2026 | Apr 29, 2026 |
| | CVE-2026-33103 | Microsoft | medium | 5.5 | 0.0%
| | Improper access control in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to dis… | Apr 14, 2026 | Apr 28, 2026 |
| | CVE-2026-33114 | Microsoft | high | 8.4 | 0.1%
| | Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute co… | Apr 14, 2026 | Apr 29, 2026 |
| | CVE-2026-33115 | Microsoft | high | 8.4 | 0.1%
| | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | Apr 14, 2026 | Apr 29, 2026 |
| | CVE-2026-33116 | Microsoft | high | 7.5 | 0.8%
| | Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows… | Apr 14, 2026 | May 6, 2026 |
| | CVE-2026-33120 | Microsoft | high | 8.8 | 0.1%
| | Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a net… | Apr 14, 2026 | May 6, 2026 |
| | CVE-2026-33822 | Microsoft | medium | 6.1 | 0.1%
| | Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information … | Apr 14, 2026 | Apr 29, 2026 |
| | CVE-2026-40688 |  Fortinet | high | 7.2 | 0.6%
| | An out-of-bounds write vulnerability [CWE-787] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.… | Apr 14, 2026 | Apr 20, 2026 |
| | CVE-2026-6319 |  Red Hat | medium | 9.6 | — | | An use after free flaw was found in the Payments component of the Chromium browser.
Upstream bug(s):… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-6360 | Red Hat | high | 9.6 | — | | An use after free flaw was found in the FileSystem component of the Chromium browser.
Upstream bug(s… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-6362 | Red Hat | high | 9.6 | — | | An use after free flaw was found in the Codecs component of the Chromium browser.
Upstream bug(s):
h… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-6307 | Red Hat | high | 8.8 | — | | A type confusion flaw was found in the Turbofan component of the Chromium browser.
Upstream bug(s):
… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-6298 | Red Hat | high | 7.4 | — | | A heap buffer overflow flaw was found in the Skia component of the Chromium browser.
Upstream bug(s)… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-6359 | Red Hat | high | 9.0 | — | | An use after free flaw was found in the Video component of the Chromium browser.
Upstream bug(s):
ht… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-6297 | Red Hat | high | 8.3 | — | | An use after free flaw was found in the Proxy component of the Chromium browser.
Upstream bug(s):
ht… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-6302 | Red Hat | high | 8.8 | — | | An use after free flaw was found in the Video component of the Chromium browser.
Upstream bug(s):
ht… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-6301 | Red Hat | high | 9.6 | — | | A type confusion flaw was found in the Turbofan component of the Chromium browser.
Upstream bug(s):
… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-6296 | Red Hat | high | 9.6 | — | | A heap buffer overflow flaw was found in the ANGLE component of the Chromium browser.
Upstream bug(s… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-6305 | Red Hat | high | 9.6 | — | | A heap buffer overflow flaw was found in the PDFium component of the Chromium browser.
Upstream bug(… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-6306 | Red Hat | high | 9.6 | — | | A heap buffer overflow flaw was found in the PDFium component of the Chromium browser.
Upstream bug(… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-6300 | Red Hat | high | 8.8 | — | | An use after free flaw was found in the CSS component of the Chromium browser.
Upstream bug(s):
http… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-6358 | Red Hat | high | 8.8 | — | | An use after free flaw was found in the XR component of the Chromium browser.
Upstream bug(s):
https… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-6318 | Red Hat | medium | 9.6 | — | | An use after free flaw was found in the Codecs component of the Chromium browser.
Upstream bug(s):
h… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-33806 | Red Hat | high | 7.5 | 0.0%
| | A flaw was found in Fastify. A remote attacker could exploit this vulnerability by prepending a spac… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2025-54550 |  Apache | high | 8.1 | 0.1%
| | The example example_xcom that was included in airflow documentation implemented unsafe pattern of re… | Apr 15, 2026 | Apr 17, 2026 |
| | CVE-2026-5088 | Apache | medium | — | 0.0%
| | Apache::API::Password versions through v0.5.2 for Perl can generate insecure random values for salts… | Apr 15, 2026 | Apr 16, 2026 |
| | CVE-2026-30778 | Apache | high | 7.5 | 0.0%
| | The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of M… | Apr 15, 2026 | Apr 20, 2026 |
| | CVE-2026-25219 | Apache | medium | 6.5 | 0.0%
| | The `access_key` and `connection_string` connection properties were not marked as sensitive names in… | Apr 15, 2026 | Apr 17, 2026 |
| | CVE-2025-12141 |  Grafana | medium | 6.5 | 0.0%
| | In Grafana's alerting system, users with edit permissions for a contact point, specifically the perm… | Apr 15, 2026 | Apr 20, 2026 |
| | CVE-2026-20202 |  Splunk | medium | 6.6 | 0.0%
| | In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform ve… | Apr 15, 2026 | Apr 17, 2026 |
| | CVE-2026-20203 | Splunk | medium | 4.3 | 0.0%
| | In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform ve… | Apr 15, 2026 | Apr 17, 2026 |
| | CVE-2026-20204 | Splunk | high | 7.1 | 0.1%
| | In Splunk Enterprise versions below 10.2.1, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform ve… | Apr 15, 2026 | Apr 17, 2026 |
| | CVE-2026-20059 |  Cisco | medium | 6.1 | 0.0%
| | A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unaut… | Apr 15, 2026 | Apr 28, 2026 |
| | CVE-2026-20060 | Cisco | medium | 4.7 | 0.0%
| | A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unaut… | Apr 15, 2026 | Apr 28, 2026 |
| | CVE-2026-20061 | Cisco | medium | 4.3 | 0.0%
| | A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authe… | Apr 15, 2026 | Apr 28, 2026 |
| | CVE-2026-20078 | Cisco | medium | 6.5 | 0.1%
| | Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker&nbs… | Apr 15, 2026 | Apr 28, 2026 |
| | CVE-2026-20081 | Cisco | medium | 6.5 | 0.1%
| | Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker&nbs… | Apr 15, 2026 | Apr 28, 2026 |