| | CVE-2026-40368 |  Microsoft | high | 8.0 | 0.3%
| | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to ex… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-41614 | Microsoft | medium | 6.2 | 0.0%
| | Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoof… | May 12, 2026 | May 14, 2026 |
| | CVE-2026-42823 | Microsoft | critical | 9.9 | 0.1%
| | Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over… | May 12, 2026 | May 14, 2026 |
| | CVE-2026-42830 | Microsoft | medium | 6.5 | 0.1%
| | Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges loc… | May 12, 2026 | May 14, 2026 |
| | CVE-2026-42833 | Microsoft | critical | 9.1 | 0.1%
| | Execution with unnecessary privileges in Microsoft Dynamics 365 (on-premises) allows an authorized a… | May 12, 2026 | May 14, 2026 |
| | CVE-2026-42838 | Microsoft | medium | 5.4 | 0.0%
| | Improper neutralization of special elements in output used by a downstream component ('injection') i… | May 12, 2026 | May 14, 2026 |
| | CVE-2026-42891 | Microsoft | medium | 6.5 | 0.0%
| | User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) all… | May 12, 2026 | May 14, 2026 |
| | CVE-2026-42893 | Microsoft | high | 7.4 | 0.0%
| | Improper neutralization of special elements used in a command ('command injection') in M365 Copilot … | May 12, 2026 | May 13, 2026 |
| | CVE-2026-42898 | Microsoft | critical | 9.9 | 0.1%
| | Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) al… | May 12, 2026 | May 14, 2026 |
| | CVE-2026-42899 | Microsoft | high | 7.5 | 0.0%
| | Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attack… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-44277 |  Fortinet | critical | 9.8 | 0.0%
| | A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0… | May 12, 2026 | May 15, 2026 |
| | CVE-2026-23820 |  HPE | high | 7.2 | — | | A vulnerability in the command line interface of Access Points running AOS-10 and AOS-8 Instant coul… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-23821 | HPE | high | 7.2 | — | | A vulnerability in the configuration processing logic of Access Points running AOS-10 could allow an… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-23823 | HPE | high | 7.2 | — | | A vulnerability in the command line interface of Access Points running AOS-10 could allow an authent… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-44867 | HPE | high | 7.2 | 0.2%
| | Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Op… | May 12, 2026 | May 14, 2026 |
| | CVE-2026-44868 | HPE | high | 7.2 | 0.2%
| | Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Op… | May 12, 2026 | May 14, 2026 |
| | CVE-2026-44869 | HPE | high | 7.2 | 0.2%
| | Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Op… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-44872 | HPE | high | 7.2 | 0.3%
| | A command injection vulnerability exists in the web-based management interface of AOS-8 and AOS-10 O… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-44871 | HPE | high | 7.2 | 0.1%
| | Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the … | May 12, 2026 | May 14, 2026 |
| | CVE-2026-41957 |  F5 | high | 8.8 | — | | An authenticated remote code execution vulnerability through undisclosed vectors exists in the BIG-I… | May 13, 2026 | May 14, 2026 |
| | CVE-2026-42919 | F5 | medium | 6.7 | — | | A vulnerability exists in BIG-IP systems that may allow an authenticated attacker with administrativ… | May 13, 2026 | May 14, 2026 |
| | CVE-2026-40061 | F5 | medium | 6.5 | — | | When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed iControl REST and BIG-IP TM… | May 13, 2026 | May 14, 2026 |
| | CVE-2026-42924 | F5 | high | 8.7 | — | | An authenticated attacker with the Resource Administrator or Administrator role can create SNMP conf… | May 13, 2026 | May 14, 2026 |
| | CVE-2026-40698 | F5 | high | 8.7 | — | | A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacke… | May 13, 2026 | May 14, 2026 |
| | CVE-2026-40631 | F5 | high | 8.7 | — | | An authenticated attacker with the Resource Administrator or Administrator role can modify configura… | May 13, 2026 | May 14, 2026 |
| | CVE-2026-41953 | F5 | high | 8.7 | — | | A vulnerability exists in BIG-IP systems where a highly privileged, authenticated attacker with at l… | May 13, 2026 | May 14, 2026 |
| | CVE-2026-39459 | F5 | high | 7.2 | — | | A vulnerability exists in iControl REST and the TMOS Shell (tmsh) where a highly privileged, authent… | May 13, 2026 | May 14, 2026 |
| | CVE-2026-41225 | F5 | high | 7.2 | — | | A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at le… | May 13, 2026 | May 14, 2026 |
| | CVE-2026-34176 | F5 | high | 8.7 | — | | When running in Appliance mode, an authenticated remote command injection vulnerability exists in an… | May 13, 2026 | May 14, 2026 |
| | CVE-2026-32673 | F5 | medium | 6.5 | — | | A vulnerability exists in BIG-IP scripted monitors that may allow an authenticated attacker with the… | May 13, 2026 | May 14, 2026 |
| | CVE-2026-32643 | F5 | high | 8.7 | — | | A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacke… | May 13, 2026 | May 14, 2026 |
| | CVE-2026-42058 | F5 | medium | 4.3 | — | | An authenticated attacker's undisclosed requests to BIG-IP iControl REST can lead to an information … | May 13, 2026 | May 14, 2026 |
| | CVE-2026-42406 | F5 | high | 8.7 | — | | A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacke… | May 13, 2026 | May 14, 2026 |
| | CVE-2026-42930 | F5 | high | 8.7 | — | | When running in Appliance mode, an authenticated attacker assigned the 'Administrator' role may be a… | May 13, 2026 | May 14, 2026 |
| | CVE-2026-42945 | F5 | high | 8.1 | — | | NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vu… | May 13, 2026 | May 14, 2026 |
| | CVE-2026-33376 |  Grafana | high | 7.4 | 0.0%
| | When using an IPv6 allow-list for the Auth Proxy feature, it defaults to /32 addresses. Addresses sp… | May 13, 2026 | May 14, 2026 |
| | CVE-2026-28383 | Grafana | medium | 6.5 | 0.0%
| | A request to the Grafana plugin resources endpoint can cause unbounded memory allocation by reading … | May 13, 2026 | May 14, 2026 |
| | CVE-2026-33378 | Grafana | medium | 6.5 | 0.0%
| | Using the $__timeGroup macro, one can achieve an OOM by overloading the server. This requires a SQL … | May 13, 2026 | May 14, 2026 |
| | CVE-2026-28374 | Grafana | medium | 4.3 | 0.0%
| | Editors could delete any annotation, even those they do not have read access to. The editor user can… | May 13, 2026 | May 14, 2026 |
| | CVE-2026-45205 |  Apache | medium | — | — | | Uncontrolled Recursion vulnerability in Apache Commons.
When processing an untrusted configuration … | May 14, 2026 | May 14, 2026 |
| | CVE-2026-20209 |  Cisco | medium | 5.4 | — | | A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow… | May 14, 2026 | May 15, 2026 |
| | CVE-2026-20210 | Cisco | medium | 5.4 | — | | A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow… | May 14, 2026 | May 15, 2026 |
| | CVE-2026-42897 | Microsoft | high | 8.1 | — | | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Ex… | May 14, 2026 | May 15, 2026 |
| | CVE-2026-41615 | Microsoft | critical | 9.6 | — | | Exposure of sensitive information to an unauthorized actor in Microsoft Authenticator allows an unau… | May 14, 2026 | May 15, 2026 |
| | CVE-2026-20182 | Cisco | critical | 10.0 | 1.6%
| ⚠ KEV | May 2026: This security advisory provides the details and fix information for a vulnerability that w… | May 14, 2026 | May 15, 2026 |
| | CVE-2026-20224 | Cisco | high | 8.6 | — | | A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow… | May 14, 2026 | May 14, 2026 |
| | CVE-2026-43490 |  Red Hat | medium | — | 0.0%
| | A flaw was found in ksmbd, a Linux kernel module that provides an in-kernel Server Message Block (SM… | May 15, 2026 | May 15, 2026 |
| | CVE-2026-41702 |  VMware | high | 7.8 | — | | VMware Fusion contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during an oper… | May 15, 2026 | May 15, 2026 |
| | CVE-2026-8503 | Apache | medium | — | — | | Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids.
Apac… | May 15, 2026 | May 15, 2026 |