| | CVE-2026-40973 | Red Hat | medium | 7.0 | 0.0%
| ✓ Fix | A flaw was found in Spring Boot. A local attacker on the same host as the application may be able to… | Apr 27, 2026 | Apr 27, 2026 |
| | CVE-2026-40974 | Red Hat | medium | 6.4 | 0.1%
| | A flaw was found in Spring Boot's Cassandra auto-configuration. This vulnerability allows an adjacen… | Apr 27, 2026 | Apr 27, 2026 |
| | CVE-2026-40977 | Red Hat | medium | 5.3 | 0.0%
| | A flaw was found in Spring Boot when an application is configured to use `ApplicationPidFileWriter`.… | Apr 27, 2026 | Apr 27, 2026 |
| | CVE-2026-42208 | Red Hat | critical | 9.8 | 54.3%
| ⚠ KEV | LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-7361 | Red Hat | high | 9.6 | 0.0%
| | Use after free in iOS in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentia… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-7337 | Red Hat | high | 8.8 | 0.0%
| | Type Confusion in V8 in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute a… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-7343 | Red Hat | high | 9.0 | 0.2%
| | Use after free in Views in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacke… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-7355 | Red Hat | medium | 8.8 | 0.0%
| | Use after free in Media in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execut… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-7333 | Red Hat | high | 9.6 | 0.0%
| | Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentia… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-7357 | Red Hat | high | 8.2 | 0.0%
| | Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had com… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-7342 | Red Hat | high | 9.6 | 0.0%
| | Use after free in WebView in Google Chrome on Android prior to 147.0.7727.138 allowed a remote attac… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-7354 | Red Hat | high | 9.6 | 0.0%
| | Out of bounds read and write in Angle in Google Chrome prior to 147.0.7727.138 allowed a remote atta… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-7350 | Red Hat | high | 9.0 | 0.0%
| | Use after free in WebMIDI in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-7344 | Red Hat | high | 9.0 | 0.0%
| | An use after free flaw was found in the Accessibility component of the Chromium browser.
Upstream bu… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-7335 | Red Hat | high | 8.8 | 0.0%
| | Use after free in media in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execut… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-7345 | Red Hat | high | 8.0 | 0.0%
| | Insufficient validation of untrusted input in Feedback in Google Chrome prior to 147.0.7727.138 allo… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-7346 | Red Hat | high | 8.8 | 0.0%
| | Inappropriate implementation in Tint in Google Chrome prior to 147.0.7727.138 allowed a remote attac… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-7349 | Red Hat | high | 8.8 | 0.0%
| | Use after free in Cast in Google Chrome prior to 147.0.7727.138 allowed an attacker on the local net… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-7363 | Red Hat | high | 9.6 | 0.0%
| | Use after free in Canvas in Google Chrome on Linux, ChromeOS prior to 147.0.7727.138 allowed a remot… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-7347 | Red Hat | high | 9.8 | 0.1%
| | Use after free in Chromoting in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to e… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-7360 | Red Hat | high | 8.7 | 0.0%
| | An insufficient validation of untrusted input flaw was found in the Compositing component of the Chr… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-7336 | Red Hat | high | 8.8 | 0.0%
| | Use after free in WebRTC in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execu… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-7348 | Red Hat | high | 8.8 | 0.0%
| | Use after free in Codecs in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execu… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-7359 | Red Hat | high | 9.0 | 0.0%
| | Use after free in ANGLE in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had c… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-7352 | Red Hat | high | 9.0 | 0.0%
| | Use after free in Media in Google Chrome on Android prior to 147.0.7727.138 allowed a remote attacke… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-7356 | Red Hat | high | 9.6 | 0.0%
| | Use after free in Navigation in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to e… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-7358 | Red Hat | high | 9.6 | 0.0%
| | Use after free in Animation in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to ex… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-7340 | Red Hat | medium | 5.4 | 0.0%
| | An integer overflow flaw was found in the ANGLE component of the Chromium browser.
Upstream bug(s):
… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-7334 | Red Hat | high | 8.8 | 0.0%
| | Use after free in Views in Google Chrome on Mac prior to 147.0.7727.138 allowed a remote attacker to… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-7338 | Red Hat | high | 8.8 | 0.0%
| | Use after free in Cast in Google Chrome prior to 147.0.7727.138 allowed an attacker on the local net… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-7341 | Red Hat | high | 8.8 | 0.0%
| | Use after free in WebRTC in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execu… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-7339 | Red Hat | medium | 8.8 | 0.0%
| | Heap buffer overflow in WebRTC in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-7353 | Red Hat | high | 8.2 | 0.0%
| | Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who … | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-7351 | Red Hat | high | 5.5 | 0.0%
| | A race flaw was found in the MHTML component of the Chromium browser.
Upstream bug(s):
https://code.… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-7309 | Red Hat | medium | 4.3 | — | | A flaw was found in the OpenShift Container Platform build system. A user with the `edit` ClusterRol… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-40355 | Red Hat | medium | 5.9 | 0.1%
| | A flaw was found in MIT Kerberos 5 (krb5). An unauthenticated remote attacker can exploit a NULL poi… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-40356 | Red Hat | high | 5.9 | 0.1%
| | A flaw was found in MIT Kerberos 5 (krb5). An unauthenticated remote attacker can exploit an integer… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-40975 | VMware | medium | 4.8 | 0.2%
| | Values produced by ${random.value} are not suitable for use as secrets. ${random.uuid} is not affect… | Apr 28, 2026 | Jun 30, 2026 |
| | CVE-2026-40976 | VMware | critical | 9.1 | 0.4%
| | In certain circumstances, Spring Boot's default web security is ineffective allowing unauthorized ac… | Apr 28, 2026 | Jun 30, 2026 |
| | CVE-2026-42510 | Red Hat | medium | 6.6 | 0.0%
| | OpenStack Ironic before 35.0.1 allows ipmitool execution in a non-default configuration that has a c… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-7233 | Red Hat | low | 3.3 | 0.0%
| | A flaw was found in Artifex MuPDF, specifically within its CFF Index Handler component. A local user… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-40967 | VMware | high | 8.6 | 0.0%
| | In Spring AI, various FilterExpressionConverter implementations accept a filter expression object an… | Apr 28, 2026 | Apr 29, 2026 |
| | CVE-2026-40966 | VMware | medium | 5.9 | 0.0%
| | In Spring AI, an attacker can bypass conversation isolation and exfiltrate sensitive memory from oth… | Apr 28, 2026 | Apr 29, 2026 |
| | CVE-2026-40978 | VMware | high | 8.8 | 0.0%
| | SQL injection vulnerability in Spring AI's `CosmosDBVectorStore` allows attackers to execute arbitra… | Apr 28, 2026 | Apr 29, 2026 |
| | CVE-2026-40979 | VMware | medium | 6.1 | 0.0%
| | In Spring AI, having access to a shared environment can expose the ONNX model used by the applicatio… | Apr 28, 2026 | Apr 29, 2026 |
| | CVE-2026-40980 | VMware | medium | 6.5 | 0.0%
| | In Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amoun… | Apr 28, 2026 | Apr 29, 2026 |
| | CVE-2026-41603 | Apache | medium | — | 0.6%
| | Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift.
This issue af… | Apr 28, 2026 | Jul 10, 2026 |
| | CVE-2026-41606 | Apache | medium | — | 1.1%
| | Uncontrolled Recursion vulnerability in Apache Thrift.
This issue affects Apache Thrift: before 0.2… | Apr 28, 2026 | Jul 10, 2026 |
| | CVE-2026-41636 | Red Hat | medium | 7.5 | 0.2%
| | No description is available for this CVE. | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2025-48431 | Apache | high | 7.5 | 1.1%
| | Mismatched Memory Management Routines vulnerability in Apache Thrift c_glib language bindings.
This… | Apr 28, 2026 | Jul 9, 2026 |