| | CVE-2026-43308 |  Red Hat | low | 5.5 | 0.0%
| | A flaw was found in the Linux kernel's Btrfs filesystem. An unexpected delayed reference type in the… | May 8, 2026 | May 8, 2026 |
| | CVE-2026-43295 | Red Hat | medium | — | 0.0%
| | A flaw was found in the Linux kernel's rapidio subsystem. When memory allocation for `idtab` fails w… | May 8, 2026 | May 8, 2026 |
| | CVE-2025-71302 | Red Hat | medium | — | 0.0%
| | A flaw was found in the Linux kernel, specifically within the `drm/panthor` graphics driver. This vu… | May 8, 2026 | May 8, 2026 |
| | CVE-2026-43291 | Red Hat | medium | — | 0.0%
| | A flaw was found in the Linux kernel's Near Field Communication (NFC) NCI subsystem. Incorrect param… | May 8, 2026 | May 8, 2026 |
| | CVE-2026-43349 | Red Hat | medium | — | 0.0%
| | A flaw was found in the Linux kernel's Flash-Friendly File System (f2fs). This vulnerability allows … | May 8, 2026 | May 8, 2026 |
| | CVE-2026-43319 | Red Hat | medium | 5.5 | 0.0%
| | A flaw was found in the Linux kernel's spidev driver. A local user, by performing concurrent write a… | May 8, 2026 | May 8, 2026 |
| | CVE-2026-43347 | Red Hat | medium | — | 0.0%
| | A flaw was found in the Linux kernel. An issue with the system's firmware incorrectly identifying a … | May 8, 2026 | May 8, 2026 |
| | CVE-2026-43343 | Red Hat | medium | — | 0.0%
| | A flaw was found in the `usb: gadget: f_subset` module of the Linux kernel. The `geth_free()` functi… | May 8, 2026 | May 8, 2026 |
| | CVE-2026-43288 | Red Hat | medium | 5.5 | 0.0%
| | A flaw was found in the Linux kernel's ext4 filesystem. A local user can trigger a system panic, lea… | May 8, 2026 | May 8, 2026 |
| | CVE-2026-43304 | Red Hat | high | 7.0 | 0.0%
| | A flaw was found in the `libceph` component of the Linux kernel. This vulnerability occurs when the … | May 8, 2026 | May 8, 2026 |
| | CVE-2026-43299 | Red Hat | low | 5.5 | 0.0%
| | A flaw was found in the Linux kernel's btrfs filesystem. When the filesystem encounters an out-of-sp… | May 8, 2026 | May 8, 2026 |
| | CVE-2025-71296 | Red Hat | medium | 5.5 | 0.0%
| | A flaw was found in the Linux kernel's drm/shmem component. This vulnerability occurs when the reser… | May 8, 2026 | May 8, 2026 |
| | CVE-2025-71297 | Red Hat | medium | 5.5 | 0.0%
| | A flaw was found in the Linux kernel's `rtw88` and `rtw8822b` WiFi drivers. A local user can trigger… | May 8, 2026 | May 8, 2026 |
| | CVE-2026-43298 | Red Hat | medium | — | 0.0%
| | A flaw was found in the `amdgpu` graphics driver within the Linux kernel. During deinitialization, t… | May 8, 2026 | May 8, 2026 |
| | CVE-2026-43321 | Red Hat | medium | 7.0 | 0.0%
| | A flaw was found in the Linux kernel's Berkeley Packet Filter (BPF) subsystem. This vulnerability ar… | May 8, 2026 | May 8, 2026 |
| | CVE-2026-43285 | Red Hat | medium | — | 0.0%
| | A flaw was found in the Linux kernel. An inconsistent lock state within the `mm/slab` subsystem, spe… | May 8, 2026 | May 8, 2026 |
| | CVE-2026-43293 | Red Hat | medium | — | 0.0%
| | A flaw was found in the Linux kernel's wave5 media driver. During the removal of the wave5 module in… | May 8, 2026 | May 8, 2026 |
| | CVE-2026-43345 | Red Hat | medium | 5.5 | 0.0%
| | A flaw was found in the Linux kernel's ipa driver. This vulnerability, affecting IPA version 5.0 and… | May 8, 2026 | May 8, 2026 |
| | CVE-2026-43342 | Red Hat | medium | — | 0.0%
| | A flaw was found in the Linux kernel's USB gadget RNDIS (Remote Network Driver Interface Specificati… | May 8, 2026 | May 8, 2026 |
| | CVE-2026-43309 | Red Hat | low | 5.5 | 0.0%
| | A flaw was found in the Linux kernel's md raid and device-mapper (dm-raid) components. When a local … | May 8, 2026 | May 8, 2026 |
| | CVE-2026-43453 | Red Hat | medium | 5.5 | 0.0%
| | A flaw was found in the Linux kernel's netfilter component, specifically within the `nft_set_pipapo`… | May 8, 2026 | May 8, 2026 |
| | CVE-2013-10075 |  Apache | medium | — | — | | Apache::Session versions through 1.94 for Perl re-creates deleted sessions.
The session stores Apac… | May 8, 2026 | May 8, 2026 |
| | CVE-2025-66170 | Apache | medium | 6.5 | 0.0%
| | The CloudStack Backup plugin has an improper authorization logic in versions 4.21.0.0 and 4.22.0.0. … | May 8, 2026 | May 11, 2026 |
| | CVE-2025-66171 | Apache | medium | 6.5 | 0.0%
| | The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone … | May 8, 2026 | May 12, 2026 |
| | CVE-2025-66172 | Apache | high | 8.1 | 0.0%
| | The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone … | May 8, 2026 | May 12, 2026 |
| | CVE-2025-66467 | Apache | high | 8.0 | 0.0%
| | Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain access … | May 8, 2026 | May 11, 2026 |
| | CVE-2025-69233 | Apache | medium | 6.5 | 0.0%
| | Due to multiple time-of-check time-of-use race conditions in the resource count check and increment … | May 8, 2026 | May 9, 2026 |
| | CVE-2026-25077 | Apache | high | 8.8 | 0.0%
| | Account users are allowed by default to register templates to be downloaded directly to the primary … | May 8, 2026 | May 10, 2026 |
| | CVE-2026-25199 | Apache | critical | 9.1 | 0.0%
| | Instances deployed via the Proxmox extension allow unauthorized access to instances belonging to oth… | May 8, 2026 | May 9, 2026 |
| | CVE-2026-39816 | Apache | high | 8.8 | 0.0%
| | The optional extension component TinkerpopClientService is missing the Restricted annotation with th… | May 8, 2026 | May 9, 2026 |
| | CVE-2026-41705 |  VMware | high | 8.6 | 0.0%
| | Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injec… | May 9, 2026 | May 12, 2026 |
| | CVE-2026-43500 | Red Hat | high | 7.8 | 0.0%
| | A flaw was found in the Linux kernel's RxRPC networking subsystem. When a non-linear socket buffer c… | May 11, 2026 | May 11, 2026 |
| | CVE-2026-41018 | Apache | medium | 6.5 | 0.0%
| | The Elasticsearch logging provider, when configured with a `host` URL that embeds credentials (for e… | May 11, 2026 | May 13, 2026 |
| | CVE-2026-43826 | Apache | medium | 6.5 | 0.0%
| | The OpenSearch logging provider, when configured with a `host` URL that embeds credentials (for exam… | May 11, 2026 | May 13, 2026 |
| | CVE-2026-4802 | Red Hat | high | 8.0 | — | | A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary comman… | May 11, 2026 | May 11, 2026 |
| | CVE-2026-6402 | Red Hat | medium | 5.3 | 0.0%
| | A flaw was found in webpack-dev-server. When the development server operates over plain HTTP, a remo… | May 12, 2026 | May 12, 2026 |
| | CVE-2026-41712 | VMware | high | 7.5 | 0.0%
| | Spring AI's chat memory component contained a problematic default that, when not explicitly overridd… | May 12, 2026 | May 12, 2026 |
| | CVE-2026-41713 | VMware | high | 8.2 | 0.0%
| | A malicious user could craft input that is stored in conversation memory and later interpreted by th… | May 12, 2026 | May 12, 2026 |
| | CVE-2026-41284 | Apache | high | 7.5 | 0.0%
| | Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.
This issue aff… | May 12, 2026 | May 14, 2026 |
| | CVE-2026-42498 | Apache | high | 7.3 | 0.1%
| | Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerabi… | May 12, 2026 | May 14, 2026 |
| | CVE-2026-43514 | Apache | low | 3.7 | 0.0%
| | Observable Timing Discrepancy vulnerability when comparing AJP secret in Apache Tomcat.
This issue … | May 12, 2026 | May 14, 2026 |
| | CVE-2026-20794 | VMware | critical | 9.3 | — | | Buffer overflow for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version… | May 12, 2026 | May 13, 2026 |
| | CVE-2025-53844 |  Fortinet | high | 8.3 | — | | A out-of-bounds write vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7… | May 12, 2026 | May 13, 2026 |
| | CVE-2025-53681 | Fortinet | medium | 6.3 | — | | An improper neutralization of special elements used in an SQL Command ("SQL Injection&") vulnerabili… | May 12, 2026 | May 13, 2026 |
| | CVE-2025-53680 | Fortinet | medium | 6.1 | — | | An improper neutralization of special elements used in an OS command ("OS Command Injection") vulner… | May 12, 2026 | May 13, 2026 |
| | CVE-2025-53870 | Fortinet | medium | 6.5 | — | | An improper neutralization of special elements used in an os command ('os command injection') vulner… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-32204 |  Microsoft | high | 7.8 | — | | External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevat… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-32177 | Microsoft | high | 7.3 | — | | Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally. | May 12, 2026 | May 13, 2026 |
| | CVE-2026-21530 | Microsoft | medium | 6.7 | — | | Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally. | May 12, 2026 | May 13, 2026 |
| | CVE-2026-33117 | Microsoft | critical | 9.1 | — | | Improper authentication in Azure SDK allows an unauthorized attacker to bypass a security feature ov… | May 12, 2026 | May 13, 2026 |