| | CVE-2026-43140 |  Red Hat | medium | 7.0 | — | | A flaw was found in the Linux kernel's HID (Human Interface Device) magicmouse driver. A local attac… | May 6, 2026 | May 6, 2026 |
| | CVE-2025-71286 | Red Hat | medium | 5.5 | — | | A flaw was found in the Linux kernel, specifically within the Advanced Linux Sound Architecture (ALS… | May 6, 2026 | May 6, 2026 |
| | CVE-2026-43177 | Red Hat | low | 5.5 | — | | A flaw was found in the Linux kernel's ipu6 driver. This issue occurs due to a runtime Power Managem… | May 6, 2026 | May 6, 2026 |
| | CVE-2026-43197 | Red Hat | medium | 5.5 | — | | A flaw was found in the Linux kernel's netconsole component. The system processes messages from the … | May 6, 2026 | May 6, 2026 |
| | CVE-2026-43201 | Red Hat | medium | 7.0 | — | | A flaw was found in the Linux kernel's Advanced Processor Error Interface (APEI) / Generic Hardware … | May 6, 2026 | May 6, 2026 |
| | CVE-2026-43223 | Red Hat | low | 5.5 | — | | A flaw was found in the Linux kernel's pvrusb2 media driver. When the `pvr2_send_request_ex()` funct… | May 6, 2026 | May 6, 2026 |
| | CVE-2026-43274 | Red Hat | medium | — | — | | A flaw was found in the Linux kernel's mailbox subsystem, specifically within the mchp-ipc-sbi compo… | May 6, 2026 | May 6, 2026 |
| | CVE-2026-28780 |  Apache | critical | 9.8 | 0.0%
| | Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server.
If mod_proxy_ajp co… | May 5, 2026 | May 6, 2026 |
| | CVE-2026-29168 | Apache | high | 7.3 | 0.1%
| | Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's mod_md v… | May 5, 2026 | May 6, 2026 |
| | CVE-2026-34002 | Red Hat | medium | 6.1 | — | | A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB (… | May 5, 2026 | May 5, 2026 |
| | CVE-2026-34000 | Red Hat | medium | 6.1 | — | | A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry pr… | May 5, 2026 | May 5, 2026 |
| | CVE-2026-43870 | Apache | high | 7.3 | 0.0%
| | Origin Validation Error, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversa… | May 5, 2026 | May 6, 2026 |
| | CVE-2026-43868 | Apache | medium | 5.3 | 0.0%
| | Memory Allocation with Excessive Size Value vulnerability in Apache Thrift.
This issue affects Apac… | May 5, 2026 | May 6, 2026 |
| | CVE-2026-43869 | Apache | high | 7.3 | 0.0%
| | Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift.
This issue af… | May 5, 2026 | May 6, 2026 |
| | CVE-2026-42812 | Apache | critical | 9.9 | 0.1%
| | In Apache Iceberg, the table's metadata files are control files: they tell readers
which data files … | May 4, 2026 | May 12, 2026 |
| | CVE-2026-42811 | Apache | critical | 9.9 | 0.1%
| | In plain terms, Apache Polaris is supposed to issue short-lived GCS credentials
that
only work for o… | May 4, 2026 | May 12, 2026 |
| | CVE-2026-42810 | Apache | critical | 9.9 | 0.1%
| | Apache Polaris accepts literal `*` characters in namespace and table names. When it
later builds tem… | May 4, 2026 | May 12, 2026 |
| | CVE-2026-42809 | Apache | critical | 9.9 | 0.1%
| | Apache Polaris can issue broad temporary ("vended") storage credentials during
staged
table creation… | May 4, 2026 | May 12, 2026 |
| | CVE-2026-42440 | Apache | high | 7.5 | 0.0%
| | OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReader
Version… | May 4, 2026 | May 6, 2026 |
| | CVE-2026-42027 | Apache | critical | 9.8 | 0.3%
| | Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader
Versions Aff… | May 4, 2026 | May 6, 2026 |
| | CVE-2026-40682 | Apache | critical | 9.1 | 0.0%
| | XML External Entity (XXE) via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersis… | May 4, 2026 | May 6, 2026 |
| | CVE-2026-40563 | Apache | high | 8.1 | 0.1%
| | Description:
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Atlas… | May 4, 2026 | May 6, 2026 |
| | CVE-2026-33523 | Apache | medium | 6.5 | — | | HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compr… | May 4, 2026 | May 4, 2026 |
| | CVE-2026-33007 | Apache | medium | 5.3 | — | | A NULL pointer dereference in the mod_authn_socache in Apache HTTP Server 2.4.66 and earlier allows … | May 4, 2026 | May 4, 2026 |
| | CVE-2026-33006 | Apache | medium | 4.8 | — | | A timing attack against mod_auth_digest in Apache HTTP Server 2.4.66 allows a bypass of Digest authe… | May 4, 2026 | May 4, 2026 |
| | CVE-2026-29169 | Apache | high | 7.5 | 0.3%
| | A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.66 and earlier may allow an att… | May 4, 2026 | May 5, 2026 |
| | CVE-2026-23918 | Apache | medium | — | — | | Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol.
This iss… | May 4, 2026 | May 5, 2026 |
| | CVE-2026-34032 | Apache | medium | 5.3 | — | | Improper Null Termination, Out-of-bounds Read vulnerability in Apache HTTP Server.
This issue affec… | May 4, 2026 | May 4, 2026 |
| | CVE-2026-33857 | Apache | medium | 5.3 | — | | Out-of-bounds Read vulnerability in mod_proxy_ajp of
Apache HTTP Server.
This issue affects Apach… | May 4, 2026 | May 4, 2026 |
| | CVE-2026-6266 | Red Hat | high | 8.3 | — | ✓ Fix | A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatical… | May 4, 2026 | May 4, 2026 |
| | CVE-2026-34059 | Apache | high | 7.5 | — | | Buffer Over-read vulnerability in Apache HTTP Server.
This issue affects Apache HTTP Server: throug… | May 4, 2026 | May 4, 2026 |
| | CVE-2026-24072 | Apache | medium | — | — | | An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .ht… | May 4, 2026 | May 5, 2026 |
| | CVE-2026-33846 | Red Hat | high | 7.5 | 0.1%
| | A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTL… | May 4, 2026 | May 4, 2026 |
| | CVE-2025-70072 | Red Hat | medium | 6.5 | — | | A flaw was found in Assimp. A remote attacker can exploit this vulnerability by manipulating the FBX… | May 4, 2026 | May 4, 2026 |
| | CVE-2025-70070 | Red Hat | medium | 6.5 | — | | A flaw was found in Assimp. A remote attacker can exploit this vulnerability by manipulating the FBX… | May 4, 2026 | May 4, 2026 |
| | CVE-2025-70069 | Red Hat | high | 7.5 | — | | A flaw was found in Assimp. A remote attacker can exploit this vulnerability by interacting with the… | May 4, 2026 | May 4, 2026 |
| | CVE-2025-70067 | Red Hat | medium | 5.6 | — | | A flaw was found in Assimp, an open-source asset import library, specifically within its FBX Importe… | May 4, 2026 | May 4, 2026 |
| | CVE-2025-70071 | Red Hat | high | 7.5 | — | | A flaw was found in Assimp. A remote attacker can exploit a vulnerability in the `FBXParser.cpp` fil… | May 4, 2026 | May 4, 2026 |
| | CVE-2026-42779 | Apache | critical | 9.8 | 0.1%
| | The fix for CVE-2026-41635 was not applied to the 2.1.X and 2.2.X branches. Here was the original is… | May 1, 2026 | May 1, 2026 |
| | CVE-2026-42778 | Apache | critical | 9.8 | 0.1%
| | The fix for CVE-2026-41409 was not applied to the 2.1.X and 2.2.X branches. Here was the original is… | May 1, 2026 | May 1, 2026 |
| | CVE-2026-42404 | Apache | medium | 6.5 | 0.0%
| | Apache Neethi does not impose any restrictions on URIs when manually fetching remote policy referenc… | May 1, 2026 | May 1, 2026 |
| | CVE-2026-42403 | Apache | high | 7.5 | 0.0%
| | Apache Neethi does not properly detect circular references in policy definitions. When a WS-Policy d… | May 1, 2026 | May 1, 2026 |
| | CVE-2026-42402 | Apache | high | 7.5 | 0.0%
| | Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy n… | May 1, 2026 | May 1, 2026 |
| | CVE-2026-43021 | Red Hat | medium | 7.0 | 0.0%
| | A flaw was found in the Bluetooth hci_sync component of the Linux kernel. When the hci_cmd_sync_queu… | May 1, 2026 | May 1, 2026 |
| | CVE-2026-31737 | Red Hat | medium | — | 0.0%
| | No description is available for this CVE. | May 1, 2026 | May 1, 2026 |
| | CVE-2026-31785 | Red Hat | medium | — | 0.0%
| | No description is available for this CVE. | May 1, 2026 | May 1, 2026 |
| | CVE-2026-43028 | Red Hat | medium | 5.5 | 0.0%
| | In the Linux kernel, the following vulnerability has been resolved:
netfilter: x_tables: ensure name… | May 1, 2026 | May 1, 2026 |
| | CVE-2026-31726 | Red Hat | medium | — | 0.0%
| | A flaw was found in the Linux kernel's USB Video Class (UVC) gadget driver. A race condition during … | May 1, 2026 | May 1, 2026 |
| | CVE-2026-43037 | Red Hat | high | 7.0 | 0.1%
| | In the Linux kernel, the following vulnerability has been resolved:
ip6_tunnel: clear skb2->cb[] in … | May 1, 2026 | May 1, 2026 |
| | CVE-2026-43052 | Red Hat | medium | 7.0 | 0.0%
| | No description is available for this CVE. | May 1, 2026 | May 1, 2026 |