| | CVE-2026-46249 | Red Hat | low | 5.5 | — | | A flaw was found in the Linux kernel's octeontx2-af PF driver. This vulnerability occurs during a ke… | Jun 3, 2026 | Jun 3, 2026 |
| | CVE-2026-46259 | Red Hat | high | 7.0 | — | | A flaw was found in the Linux kernel's procfs component. When reading /proc/[pid]/stat, the do_task_… | Jun 3, 2026 | Jun 3, 2026 |
| | CVE-2026-46248 | Red Hat | low | 5.5 | — | | A flaw was found in the Linux kernel's `ath12k` Wi-Fi driver. When an `arvif` (Access Point Virtual … | Jun 3, 2026 | Jun 3, 2026 |
| | CVE-2026-46265 | Red Hat | medium | — | — | | A flaw was found in the Linux kernel's RDMA/hns component. When the sunrpc (Sun Remote Procedure Cal… | Jun 3, 2026 | Jun 3, 2026 |
| | CVE-2026-46272 | Red Hat | medium | — | — | | A flaw was found in the Linux kernel's Coresight Trace Memory Controller (TMC) Embedded Trace Router… | Jun 3, 2026 | Jun 3, 2026 |
| | CVE-2026-46263 | Red Hat | medium | — | — | | A flaw was found in the Linux kernel's `drm/amd/display` component. This vulnerability arises from a… | Jun 3, 2026 | Jun 3, 2026 |
| | CVE-2026-46255 | Red Hat | low | 5.5 | — | | A flaw was found in the Linux kernel's fsl-edma driver. This vulnerability occurs because the driver… | Jun 3, 2026 | Jun 3, 2026 |
| | CVE-2026-46718 | Apache | medium | 6.5 | 0.0%
| | Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in … | Jun 2, 2026 | Jun 3, 2026 |
| | CVE-2026-41115 | Apache | medium | 4.3 | 0.0%
| | An improper authorization vulnerability has been identified in Apache Kafka.
The implementation of … | Jun 2, 2026 | Jun 3, 2026 |
| | CVE-2026-1784 | Red Hat | high | 8.8 | 0.0%
| | The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through H… | Jun 2, 2026 | Jun 2, 2026 |
| | CVE-2026-28946 | Red Hat | high | 8.8 | 0.0%
| | A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari … | Jun 2, 2026 | Jun 2, 2026 |
| | CVE-2026-28847 | Red Hat | high | 8.8 | 0.0%
| | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.… | Jun 2, 2026 | Jun 2, 2026 |
| | CVE-2026-28883 | Red Hat | high | 8.8 | 0.0%
| | A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari … | Jun 2, 2026 | Jun 2, 2026 |
| | CVE-2026-28901 | Red Hat | high | 8.8 | 0.0%
| | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 … | Jun 2, 2026 | Jun 2, 2026 |
| | CVE-2026-28902 | Red Hat | high | 8.8 | 0.0%
| | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 … | Jun 2, 2026 | Jun 2, 2026 |
| | CVE-2026-28903 | Red Hat | high | 8.8 | 0.0%
| | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.… | Jun 2, 2026 | Jun 2, 2026 |
| | CVE-2026-28904 | Red Hat | high | 8.8 | 0.0%
| | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.… | Jun 2, 2026 | Jun 2, 2026 |
| | CVE-2026-28905 | Red Hat | high | 8.8 | 0.0%
| | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 … | Jun 2, 2026 | Jun 2, 2026 |
| | CVE-2026-28907 | Red Hat | medium | 6.5 | 0.1%
| | The issue was addressed with improved input validation. This issue is fixed in Safari 26.5, iOS 18.7… | Jun 2, 2026 | Jun 2, 2026 |
| | CVE-2026-28942 | Red Hat | high | 8.8 | 0.0%
| | A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari … | Jun 2, 2026 | Jun 2, 2026 |
| | CVE-2026-28947 | Red Hat | high | 8.8 | 0.0%
| | A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari … | Jun 2, 2026 | Jun 2, 2026 |
| | CVE-2026-28953 | Red Hat | high | 8.8 | 0.0%
| | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.… | Jun 2, 2026 | Jun 2, 2026 |
| | CVE-2026-28955 | Red Hat | high | 8.8 | 0.0%
| | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.… | Jun 2, 2026 | Jun 2, 2026 |
| | CVE-2026-28958 | Red Hat | medium | 6.5 | 0.0%
| | This issue was addressed with improved data protection. This issue is fixed in Safari 26.5, iOS 26.5… | Jun 2, 2026 | Jun 2, 2026 |
| | CVE-2026-43658 | Red Hat | high | 8.8 | 0.0%
| | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 … | Jun 2, 2026 | Jun 2, 2026 |
| | CVE-2026-43660 | Red Hat | medium | 6.5 | 0.1%
| | A validation issue was addressed with improved logic. This issue is fixed in Safari 26.5, iOS 18.7.9… | Jun 2, 2026 | Jun 2, 2026 |
| | CVE-2026-47294 | Microsoft | high | 8.0 | 0.6%
| | Improper neutralization of special elements used in an os command ('os command injection') in Micros… | Jun 1, 2026 | Jun 17, 2026 |
| | CVE-2026-40990 | VMware | medium | 5.7 | 0.0%
| | OOM error is possible while attempting to add infinite amount of functions to Function Registry.
Af… | Jun 1, 2026 | Jun 5, 2026 |
| | CVE-2026-40989 | VMware | medium | 5.7 | 0.0%
| | Under infinite recursion in the routing layer, request-handling can cause OOM error.
Affected Sprin… | Jun 1, 2026 | Jun 5, 2026 |
| | CVE-2026-49328 | Apache | medium | 5.3 | 0.0%
| | Server-Side Request Forgery (SSRF) in the UrlImageConverter component of Apache Fesod (Incubating) f… | Jun 1, 2026 | Jun 1, 2026 |
| | CVE-2026-49361 | Apache | high | 7.5 | 0.1%
| | Apache Fluss versions prior to 0.9.1 configure the Netty LengthFieldBasedFrameDecoder with Integer.M… | Jun 1, 2026 | Jun 1, 2026 |
| | CVE-2026-49298 | Apache | high | 8.8 | 0.0%
| | A bug in Apache Airflow's KubernetesExecutor caused JWT tokens used by worker pods to authenticate a… | Jun 1, 2026 | Jun 3, 2026 |
| | CVE-2026-49270 | Apache | medium | 5.9 | 0.0%
| | Exposure of Sensitive Information Through Metadata vulnerability in Apache ActiveMQ Broker, Apache A… | Jun 1, 2026 | Jun 1, 2026 |
| | CVE-2026-49267 | Apache | medium | 5.9 | 0.0%
| | Apache Airflow's EmailOperator and the underlying `airflow.utils.email` helpers established SMTP STA… | Jun 1, 2026 | Jun 3, 2026 |
| | CVE-2026-49157 | Apache | high | 8.8 | 0.0%
| | Incorrect Default Permissions vulnerability in Apache ActiveMQ.
This issue affects Apache ActiveMQ:… | Jun 1, 2026 | Jun 1, 2026 |
| | CVE-2026-48827 | Apache | high | 7.1 | 0.0%
| | Path traversal vulnerability in Apache MINA SSHD bundle sshd-git. Lack of path validation in git-upl… | Jun 1, 2026 | Jun 1, 2026 |
| | CVE-2026-48726 | Apache | medium | 6.5 | 0.0%
| | A bug in Apache Airflow's auth manager logout handling left previously-issued JWT tokens valid after… | Jun 1, 2026 | Jun 3, 2026 |
| | CVE-2026-46764 | Apache | medium | 4.3 | 0.0%
| | The Event Log detail endpoint `GET /api/v2/eventLogs/{event_log_id}` in Apache Airflow fetched audit… | Jun 1, 2026 | Jun 2, 2026 |
| | CVE-2026-46605 | Apache | medium | 4.3 | 0.0%
| | Incomplete authorization by Apache ActiveMQ server before versions v6.2.6 and v5.19.7 allows authent… | Jun 1, 2026 | Jun 1, 2026 |
| | CVE-2026-45426 | Apache | low | 3.1 | 0.0%
| | Exploitation requires the attacker to already be an authenticated Airflow worker holding a valid Log… | Jun 1, 2026 | Jun 1, 2026 |
| | CVE-2026-45360 | Apache | high | 7.3 | 0.0%
| | Apache Airflow's scheduler-side deadline-reference decoder (`SerializedCustomReference.deserialize_r… | Jun 1, 2026 | Jun 3, 2026 |
| | CVE-2026-42360 | Apache | medium | 6.5 | 0.0%
| | A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key masking (e.g.… | Jun 1, 2026 | Jun 1, 2026 |
| | CVE-2026-42359 | Apache | high | 8.8 | 0.0%
| | A bug in Apache Airflow's XCom PATCH endpoint `PATCH /api/v2/xcomEntries/{key}` allowed an authentic… | Jun 1, 2026 | Jun 3, 2026 |
| | CVE-2026-42358 | Apache | medium | 6.5 | 0.0%
| | A bug in Apache Airflow's Variable response masker caused nested-key redaction (triggered by secret-… | Jun 1, 2026 | Jun 2, 2026 |
| | CVE-2026-42252 | Apache | critical | 9.1 | 0.0%
| | Apache Airflow's official documentation at `core-concepts/dag-run.html` ("Passing Parameters when tr… | Jun 1, 2026 | Jun 2, 2026 |
| | CVE-2026-41084 | Apache | high | 7.5 | 0.0%
| | A bug in Apache Airflow's bulk Task Instances API (`PATCH/DELETE /api/v2/dags/{dag_id}/dagRuns/{dag_… | Jun 1, 2026 | Jun 2, 2026 |
| | CVE-2026-41017 | Apache | medium | 5.9 | 0.0%
| | Apache Airflow's `JWTRefreshMiddleware` set the JWT auth cookie without the `Secure` flag, so deploy… | Jun 1, 2026 | Jun 2, 2026 |
| | CVE-2026-41014 | Apache | medium | 4.3 | 0.0%
| | The partitioned_dag_runs endpoints in the Airflow UI enforced only asset-level access control, not p… | Jun 1, 2026 | Jun 2, 2026 |
| | CVE-2026-40963 | Apache | low | 3.1 | 0.0%
| | The structure_data endpoint in the Airflow UI returned external dependency graph nodes for linked Da… | Jun 1, 2026 | Jun 1, 2026 |
| | CVE-2026-40961 | Apache | high | 7.2 | 0.0%
| | A bug in the login redirect route in Apache Airflow allowed authenticated users to craft URLs that b… | Jun 1, 2026 | Jun 2, 2026 |