| | CVE-2026-31603 |  Red Hat | medium | — | 0.0%
| | A flaw was found in the Linux kernel's `sm750fb` framebuffer driver. A local user can exploit this v… | Apr 24, 2026 | Apr 24, 2026 |
| | CVE-2026-31632 | Red Hat | medium | 7.0 | 0.0%
| | A flaw was found in the Linux kernel's rxrpc component. The `rxgk_verify_response()` function fails … | Apr 24, 2026 | Apr 24, 2026 |
| | CVE-2026-31617 | Red Hat | high | 7.0 | 0.0%
| | A flaw was found in the Linux kernel's USB Network Control Model (NCM) gadget driver. A malicious US… | Apr 24, 2026 | Apr 24, 2026 |
| | CVE-2026-31604 | Red Hat | medium | 5.5 | 0.0%
| | A flaw was found in the Linux kernel's rtw88 Wi-Fi driver. This vulnerability occurs when the driver… | Apr 24, 2026 | Apr 24, 2026 |
| | CVE-2026-31576 | Red Hat | medium | — | 0.0%
| | A flaw was found in the Linux kernel's hackrf driver. A race condition exists where memory for the h… | Apr 24, 2026 | Apr 24, 2026 |
| | CVE-2026-31569 | Red Hat | medium | — | 0.0%
| | A flaw was found in the Linux kernel's Kernel-based Virtual Machine (KVM) component. When a specific… | Apr 24, 2026 | Apr 24, 2026 |
| | CVE-2026-31610 | Red Hat | medium | — | 0.0%
| | A flaw was found in ksmbd, a component of the Linux kernel. A remote, unauthenticated attacker could… | Apr 24, 2026 | Apr 24, 2026 |
| | CVE-2026-31609 | Red Hat | medium | 7.0 | 0.0%
| | A flaw was found in the Linux kernel's Server Message Block (SMB) client. This vulnerability, a doub… | Apr 24, 2026 | Apr 24, 2026 |
| | CVE-2026-31598 | Red Hat | medium | — | 0.0%
| | A flaw was found in the ocfs2 file system within the Linux kernel. A local user could potentially tr… | Apr 24, 2026 | Apr 24, 2026 |
| | CVE-2026-31627 | Red Hat | medium | — | 0.0%
| | No description is available for this CVE. | Apr 24, 2026 | Apr 24, 2026 |
| | CVE-2026-31572 | Red Hat | medium | 7.0 | 0.0%
| | A flaw was found in the Linux kernel's `i2c: designware: amdisp` component. A race condition exists … | Apr 24, 2026 | Apr 24, 2026 |
| | CVE-2026-31650 | Red Hat | medium | — | 0.0%
| | A flaw was found in the `vub300` driver within the Linux kernel. This vulnerability is a memory mana… | Apr 24, 2026 | Apr 24, 2026 |
| | CVE-2026-31584 | Red Hat | medium | — | 0.0%
| | A flaw was found in the MediaTek vcodec driver within the Linux kernel. This use-after-free vulnerab… | Apr 24, 2026 | Apr 24, 2026 |
| | CVE-2026-40254 | Red Hat | medium | 6.1 | 0.0%
| | A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A rogue Remote De… | Apr 24, 2026 | Apr 24, 2026 |
| | CVE-2026-41305 | Red Hat | medium | 6.1 | 0.0%
| | A flaw was found in PostCSS. This vulnerability allows a remote attacker to perform Cross-Site Scrip… | Apr 24, 2026 | Apr 24, 2026 |
| | CVE-2026-41316 | Red Hat | high | 8.1 | 0.1%
| | ERB is a templating system for Ruby. Ruby 2.7.0 (before ERB 2.2.0 was published on rubygems.org) int… | Apr 24, 2026 | Apr 24, 2026 |
| | CVE-2026-41324 | Red Hat | medium | 5.9 | 0.0%
| | A flaw was found in basic-ftp, an FTP client for Node.js. A malicious or compromised remote FTP serv… | Apr 24, 2026 | Apr 24, 2026 |
| | CVE-2026-21728 |  Grafana | high | 7.5 | — | | Tempo queries with large limits can cause large memory allocations which can impact the availability… | Apr 24, 2026 | Apr 24, 2026 |
| | CVE-2026-40466 |  Apache | medium | — | 0.2%
| | Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability i… | Apr 24, 2026 | Apr 28, 2026 |
| | CVE-2025-62233 | Apache | medium | 6.3 | 0.0%
| | Deserialization of Untrusted Data vulnerability in Apache DolphinScheduler RPC module.
This issue a… | Apr 24, 2026 | Apr 27, 2026 |
| | CVE-2026-41043 | Apache | medium | 6.5 | 0.0%
| | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apach… | Apr 24, 2026 | Apr 27, 2026 |
| | CVE-2026-41044 | Apache | high | 8.8 | 0.1%
| | Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability i… | Apr 24, 2026 | Apr 27, 2026 |
| | CVE-2026-23902 | Apache | high | 8.1 | 0.0%
| | Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with sys… | Apr 24, 2026 | Apr 27, 2026 |
| | CVE-2026-21515 |  Microsoft | critical | 9.9 | 0.1%
| | Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized… | Apr 24, 2026 | Apr 28, 2026 |
| | CVE-2026-38743 | Apache | medium | 4.3 | 0.0%
| | The authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-… | Apr 24, 2026 | Apr 27, 2026 |
| | CVE-2026-40690 | Apache | medium | 4.3 | 0.1%
| | The asset dependency graph did not restrict nodes by the viewer's DAG read permissions: a user with … | Apr 24, 2026 | Apr 27, 2026 |
| | CVE-2026-41140 | Red Hat | high | 8.7 | 0.1%
| | A flaw was found in Poetry, a dependency manager for Python. This vulnerability allows a remote atta… | Apr 24, 2026 | Apr 24, 2026 |
| | CVE-2026-31691 | Red Hat | medium | 5.5 | — | | A flaw was found in the Linux kernel's igb network driver. When an AF_XDP zero-copy application term… | Apr 27, 2026 | Apr 27, 2026 |
| | CVE-2026-31689 | Red Hat | medium | 5.5 | — | | A flaw was found in the EDAC/mc module of the Linux kernel. An error in the ordering of operations w… | Apr 27, 2026 | Apr 27, 2026 |
| | CVE-2026-31686 | Red Hat | medium | 7.0 | — | | A flaw was found in the Linux kernel. A double-free vulnerability exists in the Kernel Address Sanit… | Apr 27, 2026 | Apr 27, 2026 |
| | CVE-2026-31687 | Red Hat | medium | — | — | | A flaw was found in the Linux kernel's OMAP General Purpose Input/Output (GPIO) driver. The omap_mpu… | Apr 27, 2026 | Apr 27, 2026 |
| | CVE-2026-31688 | Red Hat | medium | 7.0 | — | | A flaw was found in the Linux kernel's driver core. An inconsistency in enforcing the `device_lock` … | Apr 27, 2026 | Apr 27, 2026 |
| | CVE-2026-3006 | Red Hat | high | 7.0 | 0.0%
| | A flaw was found in winfsp. A local attacker could exploit a race condition vulnerability, which may… | Apr 27, 2026 | Apr 27, 2026 |
| | CVE-2026-42371 | Red Hat | medium | 4.7 | 0.0%
| | A flaw was found in uriparser. This vulnerability occurs due to numeric truncation in text range com… | Apr 27, 2026 | Apr 27, 2026 |
| | CVE-2026-40473 | Apache | medium | — | 0.1%
| | The camel-mina component's MinaConverter.toObjectInput(IoBuffer) type converter wraps an IoBuffer in… | Apr 27, 2026 | Apr 29, 2026 |
| | CVE-2026-40048 | Apache | medium | — | 0.1%
| | The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of `<keyId>.key` files in… | Apr 27, 2026 | Apr 29, 2026 |
| | CVE-2026-40453 | Apache | critical | 9.9 | 0.2%
| | The fix for CVE-2025-27636 added setLowerCase(true) to HttpHeaderFilterStrategy so that case-variant… | Apr 27, 2026 | Apr 28, 2026 |
| | CVE-2026-40860 | Apache | critical | 9.8 | 0.4%
| | JmsBinding.extractBodyFromJms() in camel-jms, and the equivalent JmsBinding class in camel-sjms, des… | Apr 27, 2026 | Apr 28, 2026 |
| | CVE-2026-41635 | Apache | critical | 9.8 | 0.0%
| | Apache MINA's AbstractIoBuffer.resolveClass() contains two branches, one of them (for static classes… | Apr 27, 2026 | Apr 29, 2026 |
| | CVE-2026-33454 | Apache | critical | 9.4 | 0.0%
| | The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter s… | Apr 27, 2026 | Apr 28, 2026 |
| | CVE-2026-40022 | Apache | high | 8.2 | 0.1%
| | When authentication is enabled on the Apache Camel embedded HTTP server or embedded management serve… | Apr 27, 2026 | Apr 28, 2026 |
| | CVE-2026-40858 | Apache | high | 8.8 | 0.1%
| | The camel-infinispan component's ProtoStream-based remote aggregation repository deserializes data r… | Apr 27, 2026 | Apr 28, 2026 |
| | CVE-2026-41409 | Apache | critical | 9.8 | 0.0%
| | The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject() was incomplete. The classname… | Apr 27, 2026 | Apr 29, 2026 |
| | CVE-2026-27172 | Apache | high | 8.8 | 0.1%
| | The ConsulRegistry in the camel-consul component (class org.apache.camel.component.consul.ConsulRegi… | Apr 27, 2026 | Apr 28, 2026 |
| | CVE-2026-33453 | Apache | critical | 10.0 | 0.5%
| | Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Apac… | Apr 27, 2026 | Apr 28, 2026 |
| | CVE-2026-40557 | Apache | medium | 4.8 | 0.0%
| | Improper Certificate Validation via Global SSL Context Downgrade in Apache Storm Prometheus Reporter… | Apr 27, 2026 | May 5, 2026 |
| | CVE-2026-41081 | Apache | medium | 6.5 | 0.0%
| | Improper Handling of TLS Client Authentication Failure Leading to Anonymous Principal Assignment in … | Apr 27, 2026 | Apr 28, 2026 |
| | CVE-2026-40970 |  VMware | medium | 5.0 | 0.0%
| | When configured to use an SSL bundle, Spring Boot's Elasticsearch auto-configuration does not perfor… | Apr 27, 2026 | May 14, 2026 |
| | CVE-2026-40971 | VMware | medium | 5.0 | 0.0%
| | When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform hos… | Apr 27, 2026 | May 14, 2026 |
| | CVE-2026-7309 | Red Hat | medium | 4.3 | — | | A flaw was found in the OpenShift Container Platform build system. A user with the `edit` ClusterRol… | Apr 28, 2026 | Apr 28, 2026 |