| | CVE-2026-25700 | Apache | medium | — | 0.4%
| | Improper Restriction of Security Token Assignment vulnerability in Apache Answer.
This issue affect… | Jun 10, 2026 | Jun 19, 2026 |
| | CVE-2026-47838 | VMware | medium | 6.8 | 0.1%
| | SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN val… | Jun 10, 2026 | Jun 30, 2026 |
| | CVE-2026-41837 | VMware | medium | 5.3 | 0.2%
| | Spring Data REST's Querydsl integration accepts arbitrary persistent property paths as request-param… | Jun 10, 2026 | Jun 30, 2026 |
| | CVE-2026-41732 | VMware | high | 8.1 | 0.3%
| | JsonPulsarHeaderMapper matched type headers against trusted packages using a prefix check, meaning t… | Jun 10, 2026 | Jun 27, 2026 |
| | CVE-2026-41730 | VMware | medium | 5.3 | 0.2%
| | Spring Data REST serializes the full exception cause chain into HTTP error response bodies, potentia… | Jun 10, 2026 | Jun 30, 2026 |
| | CVE-2026-41729 | VMware | high | 8.1 | 0.3%
| | Spring Data REST is vulnerable to SpEL expression injection through map-typed properties when proces… | Jun 10, 2026 | Jun 22, 2026 |
| | CVE-2026-41728 | VMware | high | 7.5 | 0.3%
| | Spring Data REST's JSON Patch (application/json-patch+json) implementation does not apply the write-… | Jun 10, 2026 | Jun 30, 2026 |
| | CVE-2026-41727 | VMware | medium | 6.5 | 0.2%
| | Spring Kafka's retry topic infrastructure did not sufficiently validate user-controlled header value… | Jun 10, 2026 | Jun 27, 2026 |
| | CVE-2026-41717 | VMware | high | 8.1 | 0.3%
| | Spring Data MongoDB contains a SpEL (Spring Expression Language) expression injection vulnerability.… | Jun 10, 2026 | Jun 30, 2026 |
| | CVE-2026-41706 | VMware | medium | 6.1 | 0.2%
| | Spring Security's CookieRequestCache and CookieServerRequestCache store the pre-authentication reque… | Jun 10, 2026 | Jun 27, 2026 |
| | CVE-2026-41696 | VMware | medium | 5.9 | 0.3%
| | Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding … | Jun 10, 2026 | Jun 22, 2026 |
| | CVE-2026-41694 | VMware | low | 3.7 | 0.1%
| | Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and Lo… | Jun 10, 2026 | Jun 27, 2026 |
| | CVE-2026-41008 | VMware | medium | 6.1 | 0.2%
| | Spring Security Authorization Server's authorization endpoint performs insufficient validation of th… | Jun 10, 2026 | Jun 27, 2026 |
| | CVE-2026-41003 | VMware | high | 7.6 | 0.2%
| | An attacker able to influence values in RelyingPartyRegistration may be able to run arbitrary code o… | Jun 10, 2026 | Jun 27, 2026 |
| | CVE-2026-40993 | VMware | high | 7.3 | 0.2%
| | An attacker with write permissions to the database table managed by JdbcAssertingPartyMetadataReposi… | Jun 10, 2026 | Jun 27, 2026 |
| | CVE-2026-40988 | VMware | high | 7.5 | 0.3%
| | An application using spring-security-saml2-service-provider and the REDIRECT binding for SAML 2.0 Lo… | Jun 10, 2026 | Jun 27, 2026 |
| | CVE-2026-11837 | Red Hat | high | 7.3 | 0.0%
| | A local privilege escalation vulnerability was found in the ansible.posix authorized_key module. The… | Jun 10, 2026 | Jun 10, 2026 |
| | CVE-2026-41731 | Apache | high | 8.1 | 0.5%
| | JsonKafkaHeaderMapper and the deprecated DefaultKafkaHeaderMapper matched type headers against trust… | Jun 9, 2026 | Jun 30, 2026 |
| | CVE-2026-44963 | Veeam | critical | 9.4 | — | | A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain… | Jun 9, 2026 | Jun 10, 2026 |
| | CVE-2026-50512 | Microsoft | high | 7.8 | 0.3%
| | Missing authentication for critical function in Microsoft PC Manager allows an authorized attacker t… | Jun 9, 2026 | Jul 9, 2026 |
| | CVE-2026-50511 | Microsoft | high | 7.8 | 0.3%
| | Improper link resolution before file access ('link following') in Microsoft PC Manager allows an aut… | Jun 9, 2026 | Jun 15, 2026 |
| | CVE-2026-49161 | Microsoft | high | 7.8 | 0.0%
| | Improper access control in Microsoft PC Manager allows an authorized attacker to bypass a security f… | Jun 9, 2026 | Jun 12, 2026 |
| | CVE-2026-48569 | Microsoft | high | 7.1 | 0.1%
| | Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security… | Jun 9, 2026 | Jun 12, 2026 |
| | CVE-2026-48565 | Microsoft | high | 7.8 | 0.1%
| | Untrusted search path in Windows Narrator Braille allows an authorized attacker to elevate privilege… | Jun 9, 2026 | Jun 12, 2026 |
| | CVE-2026-48562 | Microsoft | medium | 4.6 | 0.1%
| | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of… | Jun 9, 2026 | Jun 12, 2026 |
| | CVE-2026-48560 | Microsoft | medium | 5.4 | 0.9%
| | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to pe… | Jun 9, 2026 | Jul 9, 2026 |
| | CVE-2026-47643 | Microsoft | critical | 9.8 | 0.5%
| | External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute… | Jun 9, 2026 | Jun 17, 2026 |
| | CVE-2026-47641 | Microsoft | medium | 4.6 | 0.5%
| | Improper input validation in Microsoft Office SharePoint allows an authorized attacker to perform sp… | Jun 9, 2026 | Jul 9, 2026 |
| | CVE-2026-47640 | Microsoft | medium | 4.6 | 0.1%
| | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of… | Jun 9, 2026 | Jun 10, 2026 |
| | CVE-2026-47639 | Microsoft | medium | 5.4 | 0.5%
| | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of… | Jun 9, 2026 | Jul 9, 2026 |
| | CVE-2026-47638 | Microsoft | medium | 4.6 | 0.1%
| | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of… | Jun 9, 2026 | Jun 10, 2026 |
| | CVE-2026-47637 | Microsoft | medium | 4.6 | 0.1%
| | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of… | Jun 9, 2026 | Jun 10, 2026 |
| | CVE-2026-47636 | Microsoft | medium | 5.4 | 0.5%
| | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of… | Jun 9, 2026 | Jul 9, 2026 |
| | CVE-2026-47635 | Microsoft | high | 8.4 | 0.3%
| | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code local… | Jun 9, 2026 | Jul 9, 2026 |
| | CVE-2026-47634 | Microsoft | high | 7.3 | 0.6%
| | Improper neutralization of special elements in output used by a downstream component ('injection') i… | Jun 9, 2026 | Jul 9, 2026 |
| | CVE-2026-47631 | Microsoft | high | 8.1 | 0.4%
| | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Ex… | Jun 9, 2026 | Jun 15, 2026 |
| | CVE-2026-47298 | Microsoft | high | 8.0 | 0.1%
| | Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code … | Jun 9, 2026 | Jun 12, 2026 |
| | CVE-2026-47293 | Microsoft | high | 7.0 | 0.2%
| | Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges … | Jun 9, 2026 | Jun 17, 2026 |
| | CVE-2026-47292 | Microsoft | high | 7.8 | 0.3%
| | Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorize… | Jun 9, 2026 | Jun 15, 2026 |
| | CVE-2026-47289 | Microsoft | high | 8.8 | 0.1%
| | Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code … | Jun 9, 2026 | Jun 12, 2026 |
| | CVE-2026-47287 | Microsoft | medium | 6.5 | 0.5%
| | Relative path traversal in Visual Studio Code allows an unauthorized attacker to perform tampering o… | Jun 9, 2026 | Jun 15, 2026 |
| | CVE-2026-47284 | Microsoft | medium | 6.5 | 0.6%
| | Exposure of sensitive information to an unauthorized actor in Visual Studio Code allows an unauthori… | Jun 9, 2026 | Jun 15, 2026 |
| | CVE-2026-47281 | Microsoft | critical | 9.6 | 0.6%
| | Missing authorization in Visual Studio Code allows an unauthorized attacker to elevate privileges ov… | Jun 9, 2026 | Jul 9, 2026 |
| | CVE-2026-45650 | Microsoft | medium | 4.3 | 0.5%
| | User interface (ui) misrepresentation of critical information in Microsoft Bing allows an unauthoriz… | Jun 9, 2026 | Jun 15, 2026 |
| | CVE-2026-45649 | Microsoft | high | 7.1 | 0.3%
| | Improper access control in Office for Android allows an unauthorized attacker to perform spoofing lo… | Jun 9, 2026 | Jun 19, 2026 |
| | CVE-2026-45647 | Microsoft | medium | 5.5 | 0.2%
| | Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Endpoint allows an autho… | Jun 9, 2026 | Jun 19, 2026 |
| | CVE-2026-45645 | Microsoft | high | 7.8 | 0.4%
| | Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code lo… | Jun 9, 2026 | Jul 9, 2026 |
| | CVE-2026-45644 | Microsoft | high | 8.0 | 0.4%
| | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Li… | Jun 9, 2026 | Jun 19, 2026 |
| | CVE-2026-45643 | Microsoft | high | 7.8 | 0.3%
| | Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute co… | Jun 9, 2026 | Jun 19, 2026 |
| | CVE-2026-45639 | Microsoft | high | 7.5 | 0.7%
| | Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a net… | Jun 9, 2026 | Jun 19, 2026 |