| | CVE-2026-20132 |  Cisco | medium | 4.8 | 0.0%
| | Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (IS… | Apr 15, 2026 | Apr 17, 2026 |
| | CVE-2026-20136 | Cisco | medium | 6.0 | 0.1%
| | A vulnerability in the CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identi… | Apr 15, 2026 | Apr 17, 2026 |
| | CVE-2026-20147 | Cisco | critical | 9.9 | 0.2%
| | A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to exec… | Apr 15, 2026 | Apr 17, 2026 |
| | CVE-2026-20148 | Cisco | medium | 4.9 | 0.0%
| | A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to perf… | Apr 15, 2026 | Apr 17, 2026 |
| | CVE-2026-20152 | Cisco | medium | 5.3 | 0.1%
| | A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web… | Apr 15, 2026 | Apr 17, 2026 |
| | CVE-2026-20161 | Cisco | medium | 5.5 | 0.0%
| | A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, loca… | Apr 15, 2026 | Apr 17, 2026 |
| | CVE-2026-20170 | Cisco | medium | 6.1 | 0.1%
| | A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center could have allowed … | Apr 15, 2026 | Apr 17, 2026 |
| | CVE-2026-20180 | Cisco | critical | 9.9 | 0.2%
| | A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacke… | Apr 15, 2026 | Apr 17, 2026 |
| | CVE-2026-20184 | Cisco | critical | 9.8 | 0.1%
| | A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services … | Apr 15, 2026 | Apr 17, 2026 |
| | CVE-2026-20186 | Cisco | critical | 9.9 | 0.2%
| | A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacke… | Apr 15, 2026 | Apr 17, 2026 |
| | CVE-2026-6383 |  Red Hat | medium | 5.4 | — | | A flaw was found in KubeVirt's Role-Based Access Control (RBAC) evaluation logic. The authorization … | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-6245 | Red Hat | medium | 5.5 | — | | A flaw was found in the System Security Services Daemon (SSSD). The pam_passkey_child_read_data() fu… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-6384 | Red Hat | high | 7.3 | — | | A flaw was found in gimp. This buffer overflow vulnerability in the GIF image loading component's `R… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-40919 | Red Hat | medium | 6.1 | — | | A flaw was found in GIMP. This vulnerability, a buffer overflow in the `file-seattle-filmworks` plug… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-40918 | Red Hat | medium | 5.5 | — | | A flaw was found in GIMP. Processing a specially crafted PVR image file with large dimensions can le… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-40917 | Red Hat | medium | 5.0 | — | | A flaw was found in GIMP. This vulnerability, a heap buffer over-read in the `icns_slurp()` function… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-40916 | Red Hat | medium | 5.0 | — | | A flaw was found in GIMP. A stack buffer overflow vulnerability in the TIM image loader's 4BPP decod… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-40915 | Red Hat | medium | 5.5 | — | | A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability in the F… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-21727 |  Grafana | low | 3.3 | 0.0%
| | ---
title: Cross-Tenant Legacy Correlation Disclosure and Deletion
draft: false
hero:
image: /stat… | Apr 15, 2026 | Apr 24, 2026 |
| | CVE-2026-6385 | Red Hat | medium | 6.5 | — | | A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specia… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2025-41118 | Grafana | critical | 9.1 | 0.0%
| | Pyroscope is an open-source continuous profiling database. The database supports various storage bac… | Apr 15, 2026 | Apr 24, 2026 |
| | CVE-2026-21726 | Grafana | medium | 5.3 | 0.0%
| | The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single… | Apr 15, 2026 | Apr 24, 2026 |
| | CVE-2026-6388 | Red Hat | high | 9.1 | — | | A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-30656 | Red Hat | medium | 5.5 | — | | A flaw was found in fio (Flexible I/O Tester). A local user could exploit this vulnerability by prov… | Apr 16, 2026 | Apr 16, 2026 |
| | CVE-2026-40962 | Red Hat | medium | 4.8 | 0.0%
| | A flaw was found in FFmpeg. This vulnerability, stemming from an integer overflow and a subsequent o… | Apr 16, 2026 | Apr 16, 2026 |
| | CVE-2026-6414 | Red Hat | medium | 5.9 | — | | A flaw was found in @fastify/static. A remote attacker can exploit this vulnerability by sending spe… | Apr 16, 2026 | Apr 16, 2026 |
| | CVE-2026-6410 | Red Hat | medium | 5.3 | — | | A flaw was found in @fastify/static. When directory listing is enabled, a remote unauthenticated att… | Apr 16, 2026 | Apr 16, 2026 |
| | CVE-2026-31987 |  Apache | high | 7.5 | 0.0%
| | JWT Tokens used by tasks were exposed in logs. This could allow UI users to act as Dag Authors.
Use… | Apr 16, 2026 | Apr 20, 2026 |
| | CVE-2026-41080 | Red Hat | low | 3.7 | — | | A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing a spec… | Apr 16, 2026 | Apr 16, 2026 |
| | CVE-2026-27820 | Red Hat | medium | 5.6 | — | | A flaw was found in zlib, a Ruby interface for the zlib compression/decompression library. The Zlib:… | Apr 16, 2026 | Apr 16, 2026 |
| | CVE-2026-6494 | Red Hat | medium | 5.3 | 0.0%
| | A flaw was found in the AAP MCP server. An unauthenticated remote attacker can exploit a log injecti… | Apr 17, 2026 | Apr 17, 2026 |
| | CVE-2026-3605 | Red Hat | high | 8.1 | 0.0%
| | A flaw was found in Vault. An authenticated user with access to a kvv2 path through a policy contain… | Apr 17, 2026 | Apr 17, 2026 |
| | CVE-2026-5052 | Red Hat | medium | 5.8 | 0.0%
| | A flaw was found in Vault’s PKI engine. The ACME (Automated Certificate Management Environment) vali… | Apr 17, 2026 | Apr 17, 2026 |
| | CVE-2026-4525 | Red Hat | high | 7.5 | 0.0%
| | A flaw was found in Vault. When a Vault authentication mount is configured to pass through the "Auth… | Apr 17, 2026 | Apr 17, 2026 |
| | CVE-2026-5807 | Red Hat | high | 7.5 | 0.0%
| | A flaw was found in Vault. An unauthenticated attacker can repeatedly initiate or cancel root token … | Apr 17, 2026 | Apr 17, 2026 |
| | CVE-2026-6507 | Red Hat | medium | 7.5 | 0.1%
| | A flaw was found in dnsmasq. A remote attacker could exploit an out-of-bounds write vulnerability by… | Apr 17, 2026 | Apr 17, 2026 |
| | CVE-2026-32107 | Red Hat | high | 7.0 | 0.0%
| | A flaw was found in xrdp, an open source Remote Desktop Protocol (RDP) server. The session execution… | Apr 17, 2026 | Apr 17, 2026 |
| | CVE-2026-32105 | Red Hat | medium | 5.9 | 0.0%
| | A flaw was found in xrdp, an open-source Remote Desktop Protocol (RDP) server. When using the "Class… | Apr 17, 2026 | Apr 17, 2026 |
| | CVE-2026-30898 | Apache | medium | — | 0.1%
| | An example of BashOperator in Airflow documentation suggested a way of passing dag_run.conf in the w… | Apr 18, 2026 | Apr 22, 2026 |
| | CVE-2026-25917 | Apache | high | 7.2 | 0.1%
| | Dag Authors, who normally should not be able to execute code in the webserver context could craft XC… | Apr 18, 2026 | Apr 22, 2026 |
| | CVE-2026-30912 | Apache | high | 7.5 | 0.0%
| | In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/expose_stack_… | Apr 18, 2026 | Apr 21, 2026 |
| | CVE-2026-32228 | Apache | high | 7.5 | 0.0%
| | UI / API User with asset materialize permission could trigger dags they had no access to.
Users are … | Apr 18, 2026 | Apr 21, 2026 |
| | CVE-2026-32690 | Apache | low | 3.7 | 0.0%
| | Secrets in Variables saved as JSON dictionaries were not properly redacted - in case thee variables … | Apr 18, 2026 | Apr 21, 2026 |
| | CVE-2026-40948 | Apache | medium | 5.4 | 0.0%
| | The Keycloak authentication manager in `apache-airflow-providers-keycloak` did not generate or valid… | Apr 18, 2026 | May 11, 2026 |
| | CVE-2026-31429 | Red Hat | medium | 6.6 | 0.0%
| | A flaw was found in the Linux kernel. When the Kernel Electric Fence (KFENCE), a memory safety error… | Apr 20, 2026 | Apr 20, 2026 |
| | CVE-2026-31430 | Red Hat | medium | 6.6 | 0.0%
| | A flaw was found in the Linux kernel. An unprivileged user can exploit this vulnerability by submitt… | Apr 20, 2026 | Apr 20, 2026 |
| | CVE-2026-6587 | Red Hat | high | 8.1 | 0.0%
| | A flaw was found in vibrantlabsai RAGAS. A remote attacker can exploit a server-side request forgery… | Apr 20, 2026 | Apr 20, 2026 |
| | CVE-2025-66335 | Apache | medium | 5.3 | 0.0%
| | Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw … | Apr 20, 2026 | Apr 22, 2026 |
| | CVE-2026-33557 | Apache | critical | 9.1 | 0.0%
| | A possible security vulnerability has been identified in Apache Kafka.
By default, the broker prope… | Apr 20, 2026 | Apr 22, 2026 |
| | CVE-2026-33558 | Apache | medium | 5.3 | 0.0%
| | Information exposure vulnerability has been identified in Apache Kafka.
The NetworkClient component… | Apr 20, 2026 | Apr 22, 2026 |