| | CVE-2025-62188 | Apache | high | 7.5 | 0.0%
| | An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache Dolphin… | Apr 9, 2026 | Apr 17, 2026 |
| | CVE-2026-34538 | Apache | medium | 6.5 | 0.0%
| | Apache Airflow versions 3.0.0 through 3.1.8 DagRun wait endpoint returns XCom result values even to … | Apr 9, 2026 | Apr 15, 2026 |
| | CVE-2025-57735 | Apache | critical | 9.1 | 0.0%
| | When user logged out, the JWT token the user had authtenticated with was not invalidated, which coul… | Apr 9, 2026 | Apr 17, 2026 |
| | CVE-2026-4660 | Red Hat | high | 7.5 | 0.0%
| | HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during … | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2025-62718 | Red Hat | high | 7.0 | 0.1%
| ✓ Fix | Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios … | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-34757 | Red Hat | medium | 4.4 | — | | A flaw was found in libpng, a library used for handling PNG (Portable Network Graphics) image files.… | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-40046 | Red Hat | medium | 5.4 | 0.1%
| | Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveM… | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-33005 | Apache | medium | 4.3 | 0.0%
| | Improper Handling of Insufficient Privileges vulnerability in Apache OpenMeetings.
Any registered u… | Apr 9, 2026 | Apr 15, 2026 |
| | CVE-2026-33266 | Apache | high | 7.5 | 0.0%
| | Use of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings.
The remember-me cookie en… | Apr 9, 2026 | Apr 15, 2026 |
| | CVE-2026-34020 | Apache | high | 7.5 | 0.0%
| | Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings.
The RE… | Apr 9, 2026 | Apr 15, 2026 |
| | CVE-2026-39983 | Red Hat | high | 8.6 | 2.0%
| ✓ Fix | A flaw was found in basic-ftp, an FTP client for Node.js. A remote attacker can exploit this vulnera… | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-34941 | Red Hat | medium | 5.3 | — | | A flaw was found in Wasmtime, a runtime for WebAssembly. When transcoding a UTF-16 string to the lat… | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-34942 | Red Hat | medium | 5.6 | — | | A flaw was found in Wasmtime, a runtime for WebAssembly. This vulnerability allows a malicious guest… | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-34943 | Red Hat | medium | 5.0 | — | | A flaw was found in Wasmtime, a runtime for WebAssembly. A malicious guest can exploit an issue wher… | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-34944 | Red Hat | medium | 4.7 | — | | A flaw was found in Wasmtime, a runtime for WebAssembly. On x86-64 platforms with SSE3 disabled, Was… | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-34945 | Red Hat | medium | 5.6 | — | | A flaw was found in Wasmtime's Winch compiler. This vulnerability, present in versions from 25.0.0 t… | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-34946 | Red Hat | medium | 5.3 | — | | A flaw was found in Wasmtime, a runtime for WebAssembly (Wasm) code. A malicious Wasm program, when … | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-34971 | Red Hat | high | 8.5 | — | | A flaw was found in Wasmtime, a runtime for WebAssembly. On aarch64 systems, a miscompilation bug in… | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-34983 | Red Hat | low | 2.5 | — | | A flaw was found in Wasmtime, a runtime for WebAssembly. This vulnerability allows for a use-after-f… | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-34987 | Red Hat | medium | 8.5 | — | | A flaw was found in Wasmtime, a runtime for WebAssembly. When using its non-default Winch compiler b… | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-34988 | Red Hat | medium | 5.6 | — | | A flaw was found in Wasmtime, a runtime for WebAssembly. When Wasmtime's pooling allocator is config… | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-35186 | Red Hat | medium | 6.9 | — | | A flaw was found in Wasmtime, a runtime for WebAssembly. The Winch compiler backend incorrectly hand… | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-35195 | Red Hat | medium | 6.3 | — | | A flaw was found in Wasmtime, a runtime for WebAssembly. A malicious guest component can exploit an … | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-34734 | F5 | high | 7.8 | 0.2%
| | HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-free was found in the … | Apr 9, 2026 | Jun 30, 2026 |
| | CVE-2026-39977 | Red Hat | medium | 6.3 | 0.0%
| | A flaw was found in flatpak-builder. A specially crafted manifest or source can bypass path restrict… | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-24880 | Red Hat | low | 4.3 | 0.2%
| ✓ Fix | Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Ap… | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-25854 | Red Hat | low | 4.3 | 0.0%
| ✓ Fix | Occasional URL redirection to untrusted Site ('Open Redirect') vulnerability in Apache Tomcat via th… | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-29129 | Red Hat | low | 6.5 | 0.0%
| | Configured cipher preference order not preserved vulnerability in Apache Tomcat.
This issue affects … | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-29145 | Red Hat | medium | 5.9 | 0.0%
| ✓ Fix | CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled v… | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-32990 | Red Hat | medium | 7.3 | 0.2%
| ✓ Fix | A flaw was found in Apache Tomcat. This improper input validation vulnerability stems from an incomp… | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-5194 | Red Hat | critical | 10.0 | — | | A flaw was found in wolfSSL. Missing hash/digest size and Object Identifier (OID) checks allow the a… | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-34483 | Red Hat | low | 5.4 | 0.1%
| ✓ Fix | Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache … | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-40087 | Red Hat | medium | 5.3 | 0.1%
| | LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.2… | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-34487 | Red Hat | low | 6.5 | 0.1%
| ✓ Fix | A flaw was found in Apache Tomcat. The cloud membership for clustering component was vulnerable to t… | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-34500 | Red Hat | medium | 5.9 | 0.2%
| ✓ Fix | A flaw was found in Apache Tomcat where OCSP-based certificate validation may incorrectly soft-fail … | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-5447 | Red Hat | medium | 5.3 | — | | A flaw was found in wolfSSL. A heap buffer overflow, a type of memory corruption vulnerability, occu… | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-29146 | Apache | high | 7.5 | 3.5%
| | Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration.
This… | Apr 9, 2026 | Jul 9, 2026 |
| | CVE-2026-34486 | Apache | high | 7.5 | 15.8%
| | Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-2914… | Apr 9, 2026 | Jul 9, 2026 |
| | CVE-2026-35206 | Red Hat | medium | 4.4 | 0.0%
| | Helm is a package manager for Charts for Kubernetes. In Helm versions <=3.20.1 and <=4.1.3, a specia… | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-6848 | Red Hat | medium | 5.4 | 0.0%
| | A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive … | Apr 10, 2026 | Apr 10, 2026 |
| | CVE-2026-40200 | Red Hat | high | 7.8 | 0.0%
| | An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur d… | Apr 10, 2026 | Apr 10, 2026 |
| | CVE-2026-31412 | Red Hat | medium | — | 0.0%
| | A flaw was found in the Linux kernel's USB mass storage gadget module (`usb-gadget-f_mass_storage`).… | Apr 10, 2026 | Apr 10, 2026 |
| | CVE-2026-22750 | VMware | high | 7.5 | 0.1%
| | When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.… | Apr 10, 2026 | Jun 5, 2026 |
| | CVE-2026-6042 | Red Hat | medium | 5.5 | 0.0%
| | A flaw was found in musl libc, specifically within the `iconv` function of the GB18030 4-byte Decode… | Apr 10, 2026 | Apr 10, 2026 |
| | CVE-2026-39304 | Apache | medium | — | 0.7%
| | Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker,… | Apr 10, 2026 | Jun 30, 2026 |
| | CVE-2026-6068 | Red Hat | medium | 6.8 | 0.0%
| | NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling … | Apr 10, 2026 | Apr 10, 2026 |
| | CVE-2026-40217 | Red Hat | high | 8.8 | 0.1%
| | LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting … | Apr 10, 2026 | Apr 10, 2026 |
| | CVE-2026-40223 | Red Hat | medium | 4.7 | 0.0%
| ✓ Fix | In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and U… | Apr 10, 2026 | Apr 10, 2026 |
| | CVE-2026-40224 | Red Hat | medium | 6.7 | 0.0%
| ✓ Fix | A flaw was found in systemd-machined, a component of systemd. A local attacker can exploit a vulnera… | Apr 10, 2026 | Apr 10, 2026 |
| | CVE-2026-40225 | Red Hat | medium | 6.4 | 0.0%
| ✓ Fix | In udev in systemd before 260, local root execution can occur via malicious hardware devices and uns… | Apr 10, 2026 | Apr 10, 2026 |