| | CVE-2026-43118 |  Red Hat | medium | 7.0 | 0.0%
| | A flaw was found in the Linux kernel's Btrfs filesystem. When a file is truncated to zero size and t… | May 6, 2026 | May 6, 2026 |
| | CVE-2026-43119 | Red Hat | medium | 7.0 | 0.0%
| | No description is available for this CVE. | May 6, 2026 | May 6, 2026 |
| | CVE-2026-43111 | Red Hat | medium | 7.0 | 0.0%
| | A flaw was found in the Linux kernel's roccat Human Interface Device (HID) driver. This vulnerabilit… | May 6, 2026 | May 6, 2026 |
| | CVE-2026-43106 | Red Hat | medium | 7.0 | 0.0%
| | A flaw was found in the Linux kernel's cachefiles module, which manages cached files. This vulnerabi… | May 6, 2026 | May 6, 2026 |
| | CVE-2026-43107 | Red Hat | medium | 5.5 | 0.0%
| | A flaw was found in the Linux kernel's xfrm subsystem. A remote attacker could send a specially craf… | May 6, 2026 | May 6, 2026 |
| | CVE-2026-43079 | Red Hat | medium | 7.0 | 0.0%
| | A flaw was found in the Linux kernel's `perf/x86/intel/uncore` component. This vulnerability occurs … | May 6, 2026 | May 6, 2026 |
| | CVE-2026-43097 | Red Hat | low | 5.5 | 0.0%
| | A flaw was found in the Linux kernel's PCI Hyper-V driver. During error handling, a specific resourc… | May 6, 2026 | May 6, 2026 |
| | CVE-2026-43102 | Red Hat | medium | — | 0.0%
| | A flaw was found in the Linux kernel's Airoha network driver. An error in the `airoha_qdma_rx_proces… | May 6, 2026 | May 6, 2026 |
| | CVE-2026-43091 | Red Hat | medium | 7.0 | 0.0%
| | No description is available for this CVE. | May 6, 2026 | May 6, 2026 |
| | CVE-2026-43088 | Red Hat | medium | 5.5 | 0.0%
| | A flaw was found in the Linux kernel's AF_KEY networking component. When handling PF_KEY export path… | May 6, 2026 | May 6, 2026 |
| | CVE-2026-43087 | Red Hat | medium | — | 0.0%
| | A flaw was found in the Linux kernel's `pinctrl` subsystem, specifically within the `mcp23s08` drive… | May 6, 2026 | May 6, 2026 |
| | CVE-2026-43075 | Red Hat | medium | — | 0.0%
| | A flaw was found in the Linux kernel's ocfs2 filesystem component. This vulnerability allows a local… | May 6, 2026 | May 6, 2026 |
| | CVE-2026-6420 | Red Hat | medium | 6.3 | 0.0%
| | A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where th… | May 6, 2026 | May 6, 2026 |
| | CVE-2026-40010 |  Apache | critical | 9.1 | 0.1%
| | Missing invocation of Servlet http web request method changeSessionId after session binding can be e… | May 6, 2026 | May 7, 2026 |
| | CVE-2026-42509 | Apache | medium | 6.1 | 0.2%
| | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i… | May 6, 2026 | May 7, 2026 |
| | CVE-2026-43646 | Apache | high | 7.5 | 0.0%
| | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Wicket.
This iss… | May 6, 2026 | May 6, 2026 |
| | CVE-2026-43975 | Apache | medium | 6.5 | 0.0%
| | FolderUploadsFileManager in Apache Wicket does not validate or sanitize the uploadFieldId parameter … | May 6, 2026 | May 6, 2026 |
| | CVE-2026-5081 | Apache | medium | — | — | | Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are inse… | May 6, 2026 | May 6, 2026 |
| | CVE-2026-20034 |  Cisco | high | 8.8 | — | | A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authe… | May 6, 2026 | May 7, 2026 |
| | CVE-2026-20035 | Cisco | high | 7.2 | — | | A vulnerability in the web UI of Cisco Unity Connection Web Inbox could allow an unauthenticated, re… | May 6, 2026 | May 6, 2026 |
| | CVE-2026-20167 | Cisco | high | 7.7 | — | | A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allo… | May 6, 2026 | May 6, 2026 |
| | CVE-2026-20168 | Cisco | medium | 6.5 | — | | A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allo… | May 6, 2026 | May 6, 2026 |
| | CVE-2026-20169 | Cisco | medium | 6.4 | — | | A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allo… | May 6, 2026 | May 6, 2026 |
| | CVE-2026-20172 | Cisco | medium | 4.3 | — | | A vulnerability in the Lite Agent feature of Cisco Enterprise Chat and Email (ECE) could allow an au… | May 6, 2026 | May 6, 2026 |
| | CVE-2026-20185 | Cisco | high | 7.7 | — | | A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco 350 Series … | May 6, 2026 | May 6, 2026 |
| | CVE-2026-20188 | Cisco | low | 0.0 | 0.1%
| | Following the initial publication of the Security Advisory about a denial of service (DoS) condition… | May 6, 2026 | May 14, 2026 |
| | CVE-2026-20189 | Cisco | medium | 4.3 | — | | A vulnerability in the log file download functionality of Cisco Prime Infrastructure could allow an&… | May 6, 2026 | May 6, 2026 |
| | CVE-2026-20193 | Cisco | medium | 4.3 | — | | A vulnerability in the RADIUS Policy API endpoints of Cisco ISE could allow an authenticated, r… | May 6, 2026 | May 6, 2026 |
| | CVE-2026-20195 | Cisco | medium | 5.3 | — | | A vulnerability in an identity management API endpoint of Cisco ISE could allow an unauthenticated, … | May 6, 2026 | May 6, 2026 |
| | CVE-2026-20219 | Cisco | medium | 5.4 | — | | A vulnerability in the REST API of Cisco Slido could have allowed an authenticated, remote attacker … | May 6, 2026 | May 6, 2026 |
| | CVE-2026-40981 |  VMware | high | 7.5 | 0.0%
| | When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft… | May 7, 2026 | May 12, 2026 |
| | CVE-2026-40982 | VMware | critical | 9.1 | 0.1%
| | Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-… | May 7, 2026 | May 12, 2026 |
| | CVE-2026-41002 | VMware | high | 7.2 | 0.0%
| | The base directory (`spring.cloud.config.server.git.basedir`) used by the Spring Cloud Config Server… | May 7, 2026 | May 12, 2026 |
| | CVE-2026-41004 | VMware | medium | 4.4 | 0.0%
| | When enabling trace logging in Spring Cloud Config Server sensitive information was placed in plain … | May 7, 2026 | May 12, 2026 |
| | CVE-2026-41139 | Red Hat | high | 8.8 | 0.1%
| | A flaw was found in math.js, an extensive math library for JavaScript and Node.js. This vulnerabilit… | May 7, 2026 | May 7, 2026 |
| | CVE-2026-26129 |  Microsoft | high | 7.5 | 0.1%
| | Improper neutralization of special elements in M365 Copilot allows an unauthorized attacker to discl… | May 7, 2026 | May 8, 2026 |
| | CVE-2026-26164 | Microsoft | high | 7.5 | 0.1%
| | Improper neutralization of special elements in output used by a downstream component ('injection') i… | May 7, 2026 | May 8, 2026 |
| | CVE-2026-32207 | Microsoft | high | 8.8 | 0.0%
| | Improper neutralization of input during web page generation ('cross-site scripting') in Azure Machin… | May 7, 2026 | May 8, 2026 |
| | CVE-2026-33109 | Microsoft | critical | 9.9 | 0.1%
| | Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker… | May 7, 2026 | May 8, 2026 |
| | CVE-2026-33111 | Microsoft | high | 7.5 | 0.1%
| | Improper neutralization of special elements used in a command ('command injection') in Copilot Chat … | May 7, 2026 | May 14, 2026 |
| | CVE-2026-33823 | Microsoft | critical | 9.6 | 0.1%
| | Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over… | May 7, 2026 | May 8, 2026 |
| | CVE-2026-33844 | Microsoft | critical | 9.0 | 0.1%
| | Improper input validation in Azure Managed Instance for Apache Cassandra allows an authorized attack… | May 7, 2026 | May 8, 2026 |
| | CVE-2026-34327 | Microsoft | high | 8.2 | 0.1%
| | Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows a… | May 7, 2026 | May 8, 2026 |
| | CVE-2026-35428 | Microsoft | critical | 9.6 | 0.1%
| | Improper neutralization of special elements used in a command ('command injection') in Azure Cloud S… | May 7, 2026 | May 8, 2026 |
| | CVE-2026-35435 | Microsoft | high | 8.6 | 0.0%
| | Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to… | May 7, 2026 | May 8, 2026 |
| | CVE-2026-41105 | Microsoft | high | 8.1 | 0.1%
| | Server-side request forgery (ssrf) in Azure Notification Service allows an authorized attacker to el… | May 7, 2026 | May 14, 2026 |
| | CVE-2026-42826 | Microsoft | critical | 10.0 | 0.1%
| | Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized at… | May 7, 2026 | May 8, 2026 |
| | CVE-2026-43387 | Red Hat | medium | — | 0.0%
| | A flaw was found in the Linux kernel's rtl8723bs Wi-Fi driver. This memory corruption vulnerability,… | May 8, 2026 | May 8, 2026 |
| | CVE-2026-43473 | Red Hat | medium | 7.0 | 0.0%
| | A flaw was found in the Linux kernel's mpi3mr SCSI driver. When the creation of reply or request que… | May 8, 2026 | May 8, 2026 |
| | CVE-2026-43422 | Red Hat | medium | — | 0.0%
| | A flaw was found in the Linux kernel's USB legacy NCM (Network Control Model) driver. This vulnerabi… | May 8, 2026 | May 8, 2026 |