| | CVE-2026-22740 |  VMware | medium | 6.5 | 0.0%
| | A WebFlux server application that processes multipart requests creates temp files for parts larger t… | Apr 29, 2026 | May 4, 2026 |
| | CVE-2026-41873 |  Apache | critical | 9.8 | — | | ** UNSUPPORTED WHEN ASSIGNED ** Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-40969 | VMware | low | 3.7 | 0.0%
| | The raw message of every server-side AuthenticationException is returned to the unauthenticated remo… | Apr 28, 2026 | Apr 30, 2026 |
| | CVE-2026-40968 | VMware | medium | 4.2 | 0.0%
| | When an authenticated user is denied access to a gRPC method, their authenticated identity remains b… | Apr 28, 2026 | Apr 30, 2026 |
| | CVE-2026-5944 |  Cisco | medium | 6.7 | — | | An improper access control vulnerability exists in the Cisco Intersight Device Connector for Nutanix… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-5435 |  Red Hat | medium | 5.9 | — | ✓ Fix | A flaw was found in glibc, the GNU C Library. Specifically, deprecated functions responsible for pri… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-41636 | Apache | high | 7.5 | 0.0%
| | Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings
This issue affects Apache Th… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-41607 | Apache | medium | 6.5 | 0.0%
| | Out-of-bounds Read vulnerability in Apache Thrift.
This issue affects Apache Thrift: before 0.23.0.… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-41606 | Apache | medium | 5.3 | 0.0%
| | Uncontrolled Recursion vulnerability in Apache Thrift.
This issue affects Apache Thrift: before 0.2… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-41605 | Apache | high | 7.3 | 0.0%
| | Integer Overflow or Wraparound vulnerability in Apache Thrift.
This issue affects Apache Thrift: be… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-41604 | Apache | high | 8.2 | 0.0%
| | Out-of-bounds Read vulnerability in Apache Thrift.
This issue affects Apache Thrift: before 0.23.0.… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-41603 | Apache | high | 7.4 | 0.0%
| | Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift.
This issue af… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-41602 | Apache | high | 7.5 | 0.0%
| | Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedTransport Go language implement… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2025-48431 | Apache | high | 7.5 | 0.0%
| | Mismatched Memory Management Routines vulnerability in Apache Thrift c_glib language bindings.
This… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-40980 | VMware | medium | 6.5 | 0.0%
| | In Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amoun… | Apr 28, 2026 | Apr 29, 2026 |
| | CVE-2026-40979 | VMware | medium | 6.1 | 0.0%
| | In Spring AI, having access to a shared environment can expose the ONNX model used by the applicatio… | Apr 28, 2026 | Apr 29, 2026 |
| | CVE-2026-40978 | VMware | high | 8.8 | 0.0%
| | SQL injection vulnerability in Spring AI's `CosmosDBVectorStore` allows attackers to execute arbitra… | Apr 28, 2026 | Apr 29, 2026 |
| | CVE-2026-40966 | VMware | medium | 5.9 | 0.0%
| | In Spring AI, an attacker can bypass conversation isolation and exfiltrate sensitive memory from oth… | Apr 28, 2026 | Apr 29, 2026 |
| | CVE-2026-40967 | VMware | high | 8.6 | 0.0%
| | In Spring AI, various FilterExpressionConverter implementations accept a filter expression object an… | Apr 28, 2026 | Apr 29, 2026 |
| | CVE-2026-7233 | Red Hat | low | 3.3 | 0.0%
| | A flaw was found in Artifex MuPDF, specifically within its CFF Index Handler component. A local user… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-40977 | VMware | medium | 4.7 | 0.0%
| | When an application is configured to use `ApplicationPidFileWriter`, a local attacker with write acc… | Apr 28, 2026 | Apr 30, 2026 |
| | CVE-2026-40976 | VMware | critical | 9.1 | 0.0%
| | In certain circumstances, Spring Boot's default web security is ineffective allowing unauthorized ac… | Apr 28, 2026 | Apr 30, 2026 |
| | CVE-2026-40975 | VMware | medium | 4.8 | 0.0%
| | Values produced by ${random.value} are not suitable for use as secrets. ${random.uuid} is not affect… | Apr 28, 2026 | Apr 30, 2026 |
| | CVE-2026-40973 | VMware | high | 7.0 | 0.0%
| | A local attacker on the same host as the application may be able to take control of the directory us… | Apr 28, 2026 | Apr 30, 2026 |
| | CVE-2026-40972 | VMware | high | 7.5 | 0.1%
| | An attacker on the same network as the remote application may be able to utilize a timing attack to … | Apr 28, 2026 | Apr 30, 2026 |
| | CVE-2026-40356 | Red Hat | high | 5.9 | 0.1%
| | A flaw was found in MIT Kerberos 5 (krb5). An unauthenticated remote attacker can exploit an integer… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-40355 | Red Hat | medium | 5.9 | 0.1%
| | A flaw was found in MIT Kerberos 5 (krb5). An unauthenticated remote attacker can exploit a NULL poi… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-7309 | Red Hat | medium | 4.3 | — | | A flaw was found in the OpenShift Container Platform build system. A user with the `edit` ClusterRol… | Apr 28, 2026 | Apr 28, 2026 |
| | CVE-2026-41081 | Apache | medium | 6.5 | 0.0%
| | Improper Handling of TLS Client Authentication Failure Leading to Anonymous Principal Assignment in … | Apr 27, 2026 | Apr 28, 2026 |
| | CVE-2026-40557 | Apache | medium | 4.8 | 0.0%
| | Improper Certificate Validation via Global SSL Context Downgrade in Apache Storm Prometheus Reporter… | Apr 27, 2026 | May 5, 2026 |
| | CVE-2026-33453 | Apache | critical | 10.0 | 0.5%
| | Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Apac… | Apr 27, 2026 | Apr 28, 2026 |
| | CVE-2026-27172 | Apache | high | 8.8 | 0.1%
| | The ConsulRegistry in the camel-consul component (class org.apache.camel.component.consul.ConsulRegi… | Apr 27, 2026 | Apr 28, 2026 |
| | CVE-2026-41409 | Apache | critical | 9.8 | 0.0%
| | The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject() was incomplete. The classname… | Apr 27, 2026 | Apr 29, 2026 |
| | CVE-2026-40858 | Apache | high | 8.8 | 0.1%
| | The camel-infinispan component's ProtoStream-based remote aggregation repository deserializes data r… | Apr 27, 2026 | Apr 28, 2026 |
| | CVE-2026-40022 | Apache | high | 8.2 | 0.1%
| | When authentication is enabled on the Apache Camel embedded HTTP server or embedded management serve… | Apr 27, 2026 | Apr 28, 2026 |
| | CVE-2026-33454 | Apache | critical | 9.4 | 0.0%
| | The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter s… | Apr 27, 2026 | Apr 28, 2026 |
| | CVE-2026-41635 | Apache | critical | 9.8 | 0.0%
| | Apache MINA's AbstractIoBuffer.resolveClass() contains two branches, one of them (for static classes… | Apr 27, 2026 | Apr 29, 2026 |
| | CVE-2026-40860 | Apache | critical | 9.8 | 0.4%
| | JmsBinding.extractBodyFromJms() in camel-jms, and the equivalent JmsBinding class in camel-sjms, des… | Apr 27, 2026 | Apr 28, 2026 |
| | CVE-2026-40453 | Apache | critical | 9.9 | 0.2%
| | The fix for CVE-2025-27636 added setLowerCase(true) to HttpHeaderFilterStrategy so that case-variant… | Apr 27, 2026 | Apr 28, 2026 |
| | CVE-2026-40048 | Apache | medium | — | 0.1%
| | The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of `<keyId>.key` files in… | Apr 27, 2026 | Apr 29, 2026 |
| | CVE-2026-40473 | Apache | medium | — | 0.1%
| | The camel-mina component's MinaConverter.toObjectInput(IoBuffer) type converter wraps an IoBuffer in… | Apr 27, 2026 | Apr 29, 2026 |
| | CVE-2026-42371 | Red Hat | medium | 4.7 | 0.0%
| | A flaw was found in uriparser. This vulnerability occurs due to numeric truncation in text range com… | Apr 27, 2026 | Apr 27, 2026 |
| | CVE-2026-3006 | Red Hat | high | 7.0 | 0.0%
| | A flaw was found in winfsp. A local attacker could exploit a race condition vulnerability, which may… | Apr 27, 2026 | Apr 27, 2026 |
| | CVE-2026-31688 | Red Hat | medium | 7.0 | — | | A flaw was found in the Linux kernel's driver core. An inconsistency in enforcing the `device_lock` … | Apr 27, 2026 | Apr 27, 2026 |
| | CVE-2026-31687 | Red Hat | medium | — | — | | A flaw was found in the Linux kernel's OMAP General Purpose Input/Output (GPIO) driver. The omap_mpu… | Apr 27, 2026 | Apr 27, 2026 |
| | CVE-2026-31686 | Red Hat | medium | 7.0 | — | | A flaw was found in the Linux kernel. A double-free vulnerability exists in the Kernel Address Sanit… | Apr 27, 2026 | Apr 27, 2026 |
| | CVE-2026-31689 | Red Hat | medium | 5.5 | — | | A flaw was found in the EDAC/mc module of the Linux kernel. An error in the ordering of operations w… | Apr 27, 2026 | Apr 27, 2026 |
| | CVE-2026-31691 | Red Hat | medium | 5.5 | — | | A flaw was found in the Linux kernel's igb network driver. When an AF_XDP zero-copy application term… | Apr 27, 2026 | Apr 27, 2026 |
| | CVE-2026-41140 | Red Hat | high | 8.7 | 0.1%
| | A flaw was found in Poetry, a dependency manager for Python. This vulnerability allows a remote atta… | Apr 24, 2026 | Apr 24, 2026 |
| | CVE-2026-40690 | Apache | medium | 4.3 | 0.1%
| | The asset dependency graph did not restrict nodes by the viewer's DAG read permissions: a user with … | Apr 24, 2026 | Apr 27, 2026 |