| | CVE-2026-31441 |  Red Hat | medium | 5.5 | — | | A flaw was found in the Linux kernel's `dmaengine: idxd` module. This vulnerability occurs when a wo… | Apr 22, 2026 | Apr 22, 2026 |
| | CVE-2026-31454 | Red Hat | medium | 7.0 | — | | A flaw was found in the Linux kernel's XFS file system. This vulnerability occurs when the system in… | Apr 22, 2026 | Apr 22, 2026 |
| | CVE-2026-31506 | Red Hat | medium | — | — | | A flaw was found in the Linux kernel's bcmasp component. This vulnerability involves a double free e… | Apr 22, 2026 | Apr 22, 2026 |
| | CVE-2026-31468 | Red Hat | medium | 7.0 | — | | A flaw was found in the Linux kernel's vfio/pci dma-buf feature. An issue in the error handling of t… | Apr 22, 2026 | Apr 22, 2026 |
| | CVE-2026-31478 | Red Hat | medium | — | — | | A flaw was found in ksmbd within the Linux kernel. This vulnerability occurs due to an incorrect cal… | Apr 22, 2026 | Apr 22, 2026 |
| | CVE-2026-31464 | Red Hat | medium | 7.0 | — | | A flaw was found in the Linux kernel's scsi: ibmvfc driver. A malicious or compromised Virtual I/O (… | Apr 22, 2026 | Apr 22, 2026 |
| | CVE-2026-31529 | Red Hat | medium | — | — | | A flaw was found in the Linux kernel's `cxl/region` component. This vulnerability involves a resourc… | Apr 22, 2026 | Apr 22, 2026 |
| | CVE-2026-31449 | Red Hat | medium | 7.0 | — | | A flaw was found in the Linux kernel's ext4 filesystem. A local attacker could exploit this vulnerab… | Apr 22, 2026 | Apr 22, 2026 |
| | CVE-2026-31516 | Red Hat | high | 7.0 | — | | A flaw was found in the Linux kernel's XFRM (IP eXtensible FRamework) subsystem. A race condition ca… | Apr 22, 2026 | Apr 22, 2026 |
| | CVE-2026-31457 | Red Hat | medium | — | — | | A flaw was found in the Linux kernel. A local user can exploit this vulnerability by setting the `nr… | Apr 22, 2026 | Apr 22, 2026 |
| | CVE-2026-31452 | Red Hat | medium | 5.5 | — | | A flaw was found in the Linux kernel's ext4 filesystem. A local user could exploit a vulnerability w… | Apr 22, 2026 | Apr 22, 2026 |
| | CVE-2026-31515 | Red Hat | medium | 7.0 | — | | A flaw was found in the Linux kernel. The `pfkey_send_migrate` function, which manages security asso… | Apr 22, 2026 | Apr 22, 2026 |
| | CVE-2026-31458 | Red Hat | medium | 5.5 | — | | A flaw was found in the Linux kernel. A privileged local user can exploit this by manipulating the `… | Apr 22, 2026 | Apr 22, 2026 |
| | CVE-2026-31439 | Red Hat | medium | — | — | | A flaw was found in the Linux kernel's Xilinx DMA (Direct Memory Access) engine. The xdma driver's r… | Apr 22, 2026 | Apr 22, 2026 |
| | CVE-2026-31434 | Red Hat | medium | — | — | | A flaw was found in the Linux kernel's btrfs filesystem. When sub-groups for space information are c… | Apr 22, 2026 | Apr 22, 2026 |
| | CVE-2026-31489 | Red Hat | medium | — | — | | A flaw was found in the Linux kernel's meson-spicc Serial Peripheral Interface (SPI) controller driv… | Apr 22, 2026 | Apr 22, 2026 |
| | CVE-2026-31453 | Red Hat | medium | 7.0 | — | | A flaw was found in the Linux kernel's XFS filesystem. This vulnerability arises when log items are … | Apr 22, 2026 | Apr 22, 2026 |
| | CVE-2026-31510 | Red Hat | medium | 5.5 | — | | A flaw was found in the Linux kernel's Bluetooth L2CAP (Logical Link Control and Adaptation Protocol… | Apr 22, 2026 | Apr 22, 2026 |
| | CVE-2026-31438 | Red Hat | medium | 7.0 | — | | A flaw was found in the Linux kernel's netfs component. When a process crashes and the kernel attemp… | Apr 22, 2026 | Apr 22, 2026 |
| | CVE-2026-31503 | Red Hat | medium | 5.5 | — | | A flaw was found in the Linux kernel's User Datagram Protocol (UDP) implementation. When a significa… | Apr 22, 2026 | Apr 22, 2026 |
| | CVE-2026-40372 |  Microsoft | critical | 9.1 | 0.0%
| | Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to … | Apr 21, 2026 | Apr 27, 2026 |
| | CVE-2026-22751 |  VMware | medium | 4.8 | 0.0%
| | Vulnerability in Spring Spring Security. Applications that explicitly configure One-Time Token login… | Apr 21, 2026 | May 1, 2026 |
| | CVE-2026-39946 | Red Hat | medium | 4.9 | 0.0%
| | A flaw was found in OpenBao. When OpenBao revoked privileges on a role in the PostgreSQL database se… | Apr 21, 2026 | Apr 21, 2026 |
| | CVE-2026-39377 | Red Hat | medium | 6.5 | 0.0%
| | A flaw was found in nbconvert, a tool used to convert Jupyter notebooks. When processing notebooks c… | Apr 21, 2026 | Apr 21, 2026 |
| | CVE-2026-33558 |  Apache | medium | 5.3 | 0.0%
| | Information exposure vulnerability has been identified in Apache Kafka.
The NetworkClient component… | Apr 20, 2026 | Apr 22, 2026 |
| | CVE-2026-33557 | Apache | critical | 9.1 | 0.0%
| | A possible security vulnerability has been identified in Apache Kafka.
By default, the broker prope… | Apr 20, 2026 | Apr 22, 2026 |
| | CVE-2025-66335 | Apache | medium | 5.3 | 0.0%
| | Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw … | Apr 20, 2026 | Apr 22, 2026 |
| | CVE-2026-6587 | Red Hat | high | 8.1 | 0.0%
| | A flaw was found in vibrantlabsai RAGAS. A remote attacker can exploit a server-side request forgery… | Apr 20, 2026 | Apr 20, 2026 |
| | CVE-2026-31430 | Red Hat | medium | 6.6 | 0.0%
| | A flaw was found in the Linux kernel. An unprivileged user can exploit this vulnerability by submitt… | Apr 20, 2026 | Apr 20, 2026 |
| | CVE-2026-31429 | Red Hat | medium | 6.6 | 0.0%
| | A flaw was found in the Linux kernel. When the Kernel Electric Fence (KFENCE), a memory safety error… | Apr 20, 2026 | Apr 20, 2026 |
| | CVE-2026-40948 | Apache | medium | 5.4 | 0.0%
| | The Keycloak authentication manager in `apache-airflow-providers-keycloak` did not generate or valid… | Apr 18, 2026 | May 11, 2026 |
| | CVE-2026-32690 | Apache | low | 3.7 | 0.0%
| | Secrets in Variables saved as JSON dictionaries were not properly redacted - in case thee variables … | Apr 18, 2026 | Apr 21, 2026 |
| | CVE-2026-32228 | Apache | high | 7.5 | 0.0%
| | UI / API User with asset materialize permission could trigger dags they had no access to.
Users are … | Apr 18, 2026 | Apr 21, 2026 |
| | CVE-2026-30912 | Apache | high | 7.5 | 0.0%
| | In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/expose_stack_… | Apr 18, 2026 | Apr 21, 2026 |
| | CVE-2026-25917 | Apache | high | 7.2 | 0.1%
| | Dag Authors, who normally should not be able to execute code in the webserver context could craft XC… | Apr 18, 2026 | Apr 22, 2026 |
| | CVE-2026-30898 | Apache | medium | — | 0.1%
| | An example of BashOperator in Airflow documentation suggested a way of passing dag_run.conf in the w… | Apr 18, 2026 | Apr 22, 2026 |
| | CVE-2026-32105 | Red Hat | medium | 5.9 | 0.0%
| | A flaw was found in xrdp, an open-source Remote Desktop Protocol (RDP) server. When using the "Class… | Apr 17, 2026 | Apr 17, 2026 |
| | CVE-2026-32107 | Red Hat | high | 7.0 | 0.0%
| | A flaw was found in xrdp, an open source Remote Desktop Protocol (RDP) server. The session execution… | Apr 17, 2026 | Apr 17, 2026 |
| | CVE-2026-6507 | Red Hat | medium | 7.5 | 0.1%
| | A flaw was found in dnsmasq. A remote attacker could exploit an out-of-bounds write vulnerability by… | Apr 17, 2026 | Apr 17, 2026 |
| | CVE-2026-5807 | Red Hat | high | 7.5 | 0.0%
| | A flaw was found in Vault. An unauthenticated attacker can repeatedly initiate or cancel root token … | Apr 17, 2026 | Apr 17, 2026 |
| | CVE-2026-4525 | Red Hat | high | 7.5 | 0.0%
| | A flaw was found in Vault. When a Vault authentication mount is configured to pass through the "Auth… | Apr 17, 2026 | Apr 17, 2026 |
| | CVE-2026-5052 | Red Hat | medium | 5.8 | 0.0%
| | A flaw was found in Vault’s PKI engine. The ACME (Automated Certificate Management Environment) vali… | Apr 17, 2026 | Apr 17, 2026 |
| | CVE-2026-3605 | Red Hat | high | 8.1 | 0.0%
| | A flaw was found in Vault. An authenticated user with access to a kvv2 path through a policy contain… | Apr 17, 2026 | Apr 17, 2026 |
| | CVE-2026-6494 | Red Hat | medium | 5.3 | 0.0%
| | A flaw was found in the AAP MCP server. An unauthenticated remote attacker can exploit a log injecti… | Apr 17, 2026 | Apr 17, 2026 |
| | CVE-2026-27820 | Red Hat | medium | 5.6 | — | | A flaw was found in zlib, a Ruby interface for the zlib compression/decompression library. The Zlib:… | Apr 16, 2026 | Apr 16, 2026 |
| | CVE-2026-41080 | Red Hat | low | 3.7 | — | | A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing a spec… | Apr 16, 2026 | Apr 16, 2026 |
| | CVE-2026-31987 | Apache | high | 7.5 | 0.0%
| | JWT Tokens used by tasks were exposed in logs. This could allow UI users to act as Dag Authors.
Use… | Apr 16, 2026 | Apr 20, 2026 |
| | CVE-2026-6410 | Red Hat | medium | 5.3 | — | | A flaw was found in @fastify/static. When directory listing is enabled, a remote unauthenticated att… | Apr 16, 2026 | Apr 16, 2026 |
| | CVE-2026-6414 | Red Hat | medium | 5.9 | — | | A flaw was found in @fastify/static. A remote attacker can exploit this vulnerability by sending spe… | Apr 16, 2026 | Apr 16, 2026 |
| | CVE-2026-40962 | Red Hat | medium | 4.8 | 0.0%
| | A flaw was found in FFmpeg. This vulnerability, stemming from an integer overflow and a subsequent o… | Apr 16, 2026 | Apr 16, 2026 |