| | CVE-2026-40411 | Microsoft | critical | 9.9 | 0.1%
| | Improper input validation in Azure Virtual Network Gateway allows an authorized attacker to execute … | May 22, 2026 | May 27, 2026 |
| | CVE-2026-35430 | Microsoft | high | 8.8 | 0.1%
| | Authorization bypass through user-controlled key in Azure Privileged Identity Management (PIM) allow… | May 22, 2026 | May 27, 2026 |
| | CVE-2026-33843 | Microsoft | critical | 9.1 | 0.1%
| | Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C all… | May 22, 2026 | May 27, 2026 |
| | CVE-2026-26147 | Microsoft | high | 7.7 | 0.1%
| | Improper input validation in Azure Compute Gallery allows an authorized attacker to disclose informa… | May 22, 2026 | May 27, 2026 |
| | CVE-2026-23663 | Microsoft | high | 7.5 | 0.1%
| | Improper privilege management in Azure Entra ID allows an unauthorized attacker to elevate privilege… | May 22, 2026 | May 27, 2026 |
| | CVE-2026-23652 | Microsoft | critical | 10.0 | 0.1%
| | Improper neutralization of special elements used in a command ('command injection') in Microsoft Pow… | May 22, 2026 | May 27, 2026 |
| | CVE-2026-9256 | F5 | high | 8.1 | 4.3%
| | NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vu… | May 22, 2026 | Jun 30, 2026 |
| | CVE-2026-9277 | Red Hat | high | 8.1 | 0.1%
| | A flaw was found in the shell-quote component. The quote() function did not properly validate object… | May 22, 2026 | May 22, 2026 |
| | CVE-2026-44930 | Apache | critical | 9.8 | 0.5%
| | An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF … | May 22, 2026 | Jun 30, 2026 |
| | CVE-2026-44618 | Apache | medium | 5.3 | 0.2%
| | Insecure XML parser configuration in Apache CXF's WS-Transfer module may allow attackers to perform … | May 22, 2026 | May 22, 2026 |
| | CVE-2026-44417 | Apache | high | 7.5 | 0.4%
| | The fix for CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not complete… | May 22, 2026 | Jun 30, 2026 |
| | CVE-2026-48207 | Apache | critical | 9.8 | 0.1%
| | Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass docu… | May 21, 2026 | May 22, 2026 |
| | CVE-2026-5946 | Red Hat | high | 7.5 | 0.0%
| ✓ Fix | No description is available for this CVE. | May 21, 2026 | May 21, 2026 |
| | CVE-2026-3039 | Red Hat | high | 7.5 | 0.1%
| ✓ Fix | A flaw was found in BIND. A remote attacker can exploit this vulnerability by sending maliciously-co… | May 21, 2026 | May 21, 2026 |
| | CVE-2026-5947 | Red Hat | high | 7.5 | 0.0%
| | A flaw was found in BIND. A remote attacker could exploit a race condition during SIG(0) signature v… | May 21, 2026 | May 21, 2026 |
| | CVE-2026-3593 | Red Hat | high | 7.4 | 0.0%
| | A flaw was found in the BIND (Berkeley Internet Name Domain) DNS-over-HTTPS implementation. A remote… | May 21, 2026 | May 21, 2026 |
| | CVE-2026-45760 | Apache | medium | — | — | | (Externally Controlled Reference to a Resource in Another Sphere), (Authorization Bypass Through Use… | May 21, 2026 | May 21, 2026 |
| | CVE-2026-2734 | Red Hat | medium | 6.5 | 0.0%
| | A flaw was found in mlflow. An authenticated user could exploit a lack of proper authorization check… | May 21, 2026 | May 21, 2026 |
| | CVE-2026-43494 | Red Hat | high | 7.0 | 0.0%
| | A flaw was found in the Linux kernel, specifically within the `net/rds` module. When a zerocopy page… | May 21, 2026 | May 21, 2026 |
| | CVE-2026-43495 | Red Hat | medium | — | — | | A flaw was found in the Linux kernel, specifically within the net: wwan: t7xx module. A malicious mo… | May 21, 2026 | May 21, 2026 |
| | CVE-2026-43499 | Red Hat | medium | — | — | | A flaw was found in the Linux kernel. When the kernel's real-time mutex (rtmutex) component performs… | May 21, 2026 | May 21, 2026 |
| | CVE-2026-43498 | Red Hat | medium | — | — | | A flaw was found in the Linux kernel's accel/ivpu module. This vulnerability allows for the re-expor… | May 21, 2026 | May 21, 2026 |
| | CVE-2026-43502 | Red Hat | medium | 5.5 | — | | A flaw was found in the Linux kernel, specifically within the Remote Direct Memory Access (RDMA) sub… | May 21, 2026 | May 21, 2026 |
| | CVE-2026-43501 | Red Hat | high | 7.0 | — | | A flaw was found in the Linux kernel. A local attacker can exploit an out-of-bounds write vulnerabil… | May 21, 2026 | May 21, 2026 |
| | CVE-2026-43497 | Red Hat | medium | — | — | | A flaw was found in the Linux kernel's udlfb driver. This use-after-free vulnerability occurs becaus… | May 21, 2026 | May 21, 2026 |
| | CVE-2026-43496 | Red Hat | low | 5.5 | — | | A flaw was found in the Linux kernel's networking scheduler component. This vulnerability occurs whe… | May 21, 2026 | May 21, 2026 |
| | CVE-2026-9150 | Red Hat | medium | 6.5 | — | | A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debi… | May 20, 2026 | May 20, 2026 |
| | CVE-2026-9149 | Red Hat | medium | 6.5 | — | | MANUALLY_VERIFIED_REPORT
package: libsolv-0.7.33-2.el10
------
[Security] Heap Buffer Overflow in re… | May 20, 2026 | May 20, 2026 |
| | CVE-2026-8632 | HPE | high | 7.8 | 0.7%
| | A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software… | May 20, 2026 | Jun 30, 2026 |
| | CVE-2026-8631 | HPE | critical | 9.8 | 0.7%
| | A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software… | May 20, 2026 | Jun 30, 2026 |
| | CVE-2026-20240 | Splunk | medium | 6.5 | 0.0%
| | In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform ve… | May 20, 2026 | May 21, 2026 |
| | CVE-2026-20239 | Splunk | high | 7.5 | 0.0%
| | In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3… | May 20, 2026 | May 21, 2026 |
| | CVE-2026-20238 | Splunk | medium | 6.5 | 0.0%
| | In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the 'admin' or '… | May 20, 2026 | May 26, 2026 |
| | CVE-2026-47099 | Red Hat | medium | 5.4 | 0.0%
| | TeleJSON prior to 6.0.0 contains a DOM-based cross-site scripting vulnerability in the parse() funct… | May 20, 2026 | May 20, 2026 |
| | CVE-2026-20223 | Cisco | critical | 10.0 | 0.9%
| | A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could a… | May 20, 2026 | Jun 30, 2026 |
| | CVE-2026-20206 | Cisco | medium | 6.3 | 0.4%
| | A vulnerability in the BrowserBot component of Cisco ThousandEyes Enterprise Agent could have allowe… | May 20, 2026 | Jun 17, 2026 |
| | CVE-2026-20199 | Cisco | medium | 4.7 | 0.4%
| | A vulnerability in the SSL certificate handling of Cisco ThousandEyes Virtual Appliance could allow … | May 20, 2026 | Jun 30, 2026 |
| | CVE-2026-20171 | Cisco | medium | 6.8 | 0.5%
| | A vulnerability in the Border Gateway Protocol (BGP) enforce-first-as feature of Cisco Nex… | May 20, 2026 | Jun 17, 2026 |
| | CVE-2026-9087 | Red Hat | medium | 6.4 | — | | A flaw was found in Keycloak. The cross-session verification proof is keyed only by (local userId,
i… | May 20, 2026 | May 20, 2026 |
| | CVE-2026-45498 | Microsoft | medium | 4.0 | 4.1%
| ⚠ KEV | Microsoft Defender Denial of Service Vulnerability | May 20, 2026 | May 28, 2026 |
| | CVE-2026-42834 | Microsoft | high | 7.8 | 0.0%
| | Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges … | May 20, 2026 | Jun 1, 2026 |
| | CVE-2026-45584 | Microsoft | high | 8.1 | — | | Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code ove… | May 20, 2026 | May 21, 2026 |
| | CVE-2026-41091 | Microsoft | high | 7.8 | — | ⚠ KEV | Improper link resolution before file access ('link following') in Microsoft Defender allows an autho… | May 20, 2026 | May 21, 2026 |
| | CVE-2026-33278 | Red Hat | high | 8.1 | 0.4%
| | A flaw was discovered in Unbound’s DNSSEC validator can leave it using an invalid memory pointer aft… | May 20, 2026 | May 20, 2026 |
| | CVE-2026-42944 | Red Hat | high | 7.5 | 0.0%
| | A flaw was found in Unbound, a Domain Name System (DNS) resolver. A remote attacker could trigger a … | May 20, 2026 | May 20, 2026 |
| | CVE-2026-44608 | Red Hat | medium | 5.9 | 0.1%
| ✓ Fix | A flaw was found in Unbound. When operating in a multi-threaded configuration with specific Response… | May 20, 2026 | May 20, 2026 |
| | CVE-2026-9064 | Red Hat | high | 7.5 | 0.1%
| | A flaw was found in 389-ds-base. The get_ldapmessage_controls_ext() function in the LDAP server does… | May 20, 2026 | May 20, 2026 |
| | CVE-2026-47784 | Red Hat | medium | 5.9 | 0.1%
| | A flaw was found in memcached. This vulnerability involves a timing side channel during SASL (Simple… | May 20, 2026 | May 20, 2026 |
| | CVE-2026-47783 | Red Hat | high | 8.1 | 0.1%
| | A flaw was found in memcached. A remote attacker can exploit a timing side channel during Simple Aut… | May 20, 2026 | May 20, 2026 |
| | CVE-2026-45232 | Red Hat | medium | 5.9 | 0.0%
| | A flaw was found in rsync. A network attacker can exploit an off-by-one out-of-bounds stack write vu… | May 20, 2026 | May 20, 2026 |