| | CVE-2026-40355 |  Red Hat | medium | 5.9 | 0.1%
| | A flaw was found in MIT Kerberos 5 (krb5). An unauthenticated remote attacker can exploit a NULL poi… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-40356 | Red Hat | high | 5.9 | 0.1%
| | A flaw was found in MIT Kerberos 5 (krb5). An unauthenticated remote attacker can exploit an integer… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-40972 |  VMware | high | 7.5 | 0.1%
| | An attacker on the same network as the remote application may be able to utilize a timing attack to … | Apr 28, 2026 | Apr 30, 2026 |
| | CVE-2026-40973 | VMware | high | 7.0 | 0.0%
| | A local attacker on the same host as the application may be able to take control of the directory us… | Apr 28, 2026 | Apr 30, 2026 |
| | CVE-2026-40974 | VMware | medium | 5.0 | 0.0%
| | Spring Boot's Cassandra auto-configuration does not perform hostname verification when establishing … | Apr 28, 2026 | May 14, 2026 |
| | CVE-2026-40975 | VMware | medium | 4.8 | 0.0%
| | Values produced by ${random.value} are not suitable for use as secrets. ${random.uuid} is not affect… | Apr 28, 2026 | Apr 30, 2026 |
| | CVE-2026-40976 | VMware | critical | 9.1 | 0.0%
| | In certain circumstances, Spring Boot's default web security is ineffective allowing unauthorized ac… | Apr 28, 2026 | Apr 30, 2026 |
| | CVE-2026-40977 | VMware | medium | 4.7 | 0.0%
| | When an application is configured to use `ApplicationPidFileWriter`, a local attacker with write acc… | Apr 28, 2026 | Apr 30, 2026 |
| | CVE-2026-7233 | Red Hat | low | 3.3 | 0.0%
| | A flaw was found in Artifex MuPDF, specifically within its CFF Index Handler component. A local user… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-40967 | VMware | high | 8.6 | 0.0%
| | In Spring AI, various FilterExpressionConverter implementations accept a filter expression object an… | Apr 28, 2026 | Apr 29, 2026 |
| | CVE-2026-40966 | VMware | medium | 5.9 | 0.0%
| | In Spring AI, an attacker can bypass conversation isolation and exfiltrate sensitive memory from oth… | Apr 28, 2026 | Apr 29, 2026 |
| | CVE-2026-40978 | VMware | high | 8.8 | 0.0%
| | SQL injection vulnerability in Spring AI's `CosmosDBVectorStore` allows attackers to execute arbitra… | Apr 28, 2026 | Apr 29, 2026 |
| | CVE-2026-40979 | VMware | medium | 6.1 | 0.0%
| | In Spring AI, having access to a shared environment can expose the ONNX model used by the applicatio… | Apr 28, 2026 | Apr 29, 2026 |
| | CVE-2026-40980 | VMware | medium | 6.5 | 0.0%
| | In Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amoun… | Apr 28, 2026 | Apr 29, 2026 |
| | CVE-2025-48431 |  Apache | high | 7.5 | 0.0%
| | Mismatched Memory Management Routines vulnerability in Apache Thrift c_glib language bindings.
This… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-41602 | Apache | high | 7.5 | 0.0%
| | Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedTransport Go language implement… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-41603 | Apache | high | 7.4 | 0.0%
| | Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift.
This issue af… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-41604 | Apache | high | 8.2 | 0.0%
| | Out-of-bounds Read vulnerability in Apache Thrift.
This issue affects Apache Thrift: before 0.23.0.… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-41605 | Apache | high | 7.3 | 0.0%
| | Integer Overflow or Wraparound vulnerability in Apache Thrift.
This issue affects Apache Thrift: be… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-41606 | Apache | medium | 5.3 | 0.0%
| | Uncontrolled Recursion vulnerability in Apache Thrift.
This issue affects Apache Thrift: before 0.2… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-41607 | Apache | medium | 6.5 | 0.0%
| | Out-of-bounds Read vulnerability in Apache Thrift.
This issue affects Apache Thrift: before 0.23.0.… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-41636 | Apache | high | 7.5 | 0.0%
| | Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings
This issue affects Apache Th… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-5435 | Red Hat | medium | 5.9 | — | ✓ Fix | A flaw was found in glibc, the GNU C Library. Specifically, deprecated functions responsible for pri… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-5944 |  Cisco | medium | 6.7 | — | | An improper access control vulnerability exists in the Cisco Intersight Device Connector for Nutanix… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-40968 | VMware | medium | 4.2 | 0.0%
| | When an authenticated user is denied access to a gRPC method, their authenticated identity remains b… | Apr 28, 2026 | Apr 30, 2026 |
| | CVE-2026-40969 | VMware | low | 3.7 | 0.0%
| | The raw message of every server-side AuthenticationException is returned to the unauthenticated remo… | Apr 28, 2026 | Apr 30, 2026 |
| | CVE-2026-41873 | Apache | critical | 9.8 | — | | ** UNSUPPORTED WHEN ASSIGNED ** Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-22740 | VMware | medium | 6.5 | 0.0%
| | A WebFlux server application that processes multipart requests creates temp files for parts larger t… | Apr 29, 2026 | May 4, 2026 |
| | CVE-2026-22741 | VMware | low | 3.1 | 0.0%
| | Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resource… | Apr 29, 2026 | May 4, 2026 |
| | CVE-2026-22745 | VMware | medium | 5.3 | 0.0%
| | Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving stati… | Apr 29, 2026 | May 4, 2026 |
| | CVE-2026-7500 | Red Hat | medium | 5.4 | — | | When Keycloak is started with `--features-disabled=account,account-api`, the Account REST API is onl… | Apr 30, 2026 | Apr 30, 2026 |
| | CVE-2026-7376 | Red Hat | medium | 5.0 | — | | A flaw was found in sharkd, a component of Wireshark. This vulnerability allows a local user to trig… | Apr 30, 2026 | Apr 30, 2026 |
| | CVE-2026-7375 | Red Hat | medium | 6.5 | — | | A flaw was found in Wireshark. A remote attacker could exploit an infinite loop in the UDS (Unix Dom… | Apr 30, 2026 | Apr 30, 2026 |
| | CVE-2026-7378 | Red Hat | medium | 5.5 | — | | A flaw was found in sharkd, a component of Wireshark. This vulnerability allows a local attacker to … | Apr 30, 2026 | Apr 30, 2026 |
| | CVE-2026-6868 | Red Hat | medium | 5.5 | — | | A flaw was found in Wireshark. A local user could be tricked into opening a specially crafted networ… | Apr 30, 2026 | Apr 30, 2026 |
| | CVE-2026-41016 | Apache | medium | 5.9 | 0.0%
| | Apache Airflow's SMTP provider `SmtpHook` called Python's `smtplib.SMTP.starttls()` without an SSL c… | Apr 30, 2026 | May 1, 2026 |
| | CVE-2026-7163 | Red Hat | high | 6.1 | — | ✓ Fix | A vulnerability in the assisted-service REST API, an optional Assisted Installer (assisted-service) … | Apr 30, 2026 | Apr 30, 2026 |
| | CVE-2026-3833 | Red Hat | medium | 6.5 | — | | A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive compari… | Apr 30, 2026 | Apr 30, 2026 |
| | CVE-2026-33845 | Red Hat | high | 7.5 | — | | A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero off… | Apr 30, 2026 | Apr 30, 2026 |
| | CVE-2026-3832 | Red Hat | low | 3.7 | — | | A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a speci… | Apr 30, 2026 | Apr 30, 2026 |
| | CVE-2026-31694 | Red Hat | high | 7.0 | 0.0%
| | In the Linux kernel, the following vulnerability has been resolved:
fuse: reject oversized dirents i… | May 1, 2026 | May 1, 2026 |
| | CVE-2026-31772 | Red Hat | high | 7.0 | 0.0%
| | In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: hci_sync: fix stack b… | May 1, 2026 | May 1, 2026 |
| | CVE-2026-31741 | Red Hat | medium | — | 0.0%
| | A flaw was found in the Linux kernel's `rz-mtu3-cnt` counter module. A local user can exploit this b… | May 1, 2026 | May 1, 2026 |
| | CVE-2026-31764 | Red Hat | medium | — | 0.0%
| | A flaw was found in the Linux kernel's `st_lsm6dsx` Industrial I/O (IIO) Inertial Measurement Unit (… | May 1, 2026 | May 1, 2026 |
| | CVE-2026-31724 | Red Hat | medium | — | 0.0%
| | A flaw was found in the Linux kernel's USB gadget Ethernet Emulation Model (EEM) function. This issu… | May 1, 2026 | May 1, 2026 |
| | CVE-2026-43005 | Red Hat | medium | — | 0.0%
| | A flaw was found in the Linux kernel's tps53679 hwmon driver. When the `i2c_smbus_read_block_data()`… | May 1, 2026 | May 1, 2026 |
| | CVE-2026-31751 | Red Hat | medium | — | 0.0%
| | A flaw was found in the Linux kernel's comedi dt2815 driver. A local user can exploit this vulnerabi… | May 1, 2026 | May 1, 2026 |
| | CVE-2026-43023 | Red Hat | high | 7.0 | 0.0%
| | In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: SCO: fix race conditi… | May 1, 2026 | May 1, 2026 |
| | CVE-2026-31702 | Red Hat | medium | — | 0.0%
| | A flaw was found in the Linux kernel's F2FS (Flash-Friendly File System) component. A use-after-free… | May 1, 2026 | May 1, 2026 |
| | CVE-2026-43048 | Red Hat | medium | 7.0 | 0.0%
| | In the Linux kernel, the following vulnerability has been resolved:
HID: core: Mitigate potential OO… | May 1, 2026 | May 1, 2026 |