| | CVE-2026-34481 |  Apache | high | 7.5 | 0.2%
| | Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.… | Apr 10, 2026 | Apr 24, 2026 |
| | CVE-2026-34480 | Apache | high | 7.5 | 0.2%
| | Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.html#XmlLayout , … | Apr 10, 2026 | Apr 24, 2026 |
| | CVE-2026-34479 | Apache | high | 7.5 | 0.2%
| | The Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2 bridge fails to escape characters forbidden b… | Apr 10, 2026 | May 6, 2026 |
| | CVE-2026-34478 | Apache | high | 7.5 | 0.2%
| | Apache Log4j Core's Rfc5424Layout https://logging.apache.org/log4j/2.x/manual/layouts.html#RFC5424L… | Apr 10, 2026 | Apr 24, 2026 |
| | CVE-2026-34477 | Apache | medium | 5.9 | 0.1%
| | The fix for CVE-2025-68161 https://logging.apache.org/security.html#CVE-2025-68161 was incomplete:… | Apr 10, 2026 | May 6, 2026 |
| | CVE-2026-40227 |  Red Hat | medium | 6.2 | 0.0%
| | A flaw was found in systemd. A local unprivileged user can exploit this vulnerability by making an I… | Apr 10, 2026 | Apr 10, 2026 |
| | CVE-2026-39304 | Apache | high | 7.5 | 0.1%
| | Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker,… | Apr 10, 2026 | May 1, 2026 |
| | CVE-2026-22750 |  VMware | high | 7.5 | 0.0%
| | When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.… | Apr 10, 2026 | Apr 10, 2026 |
| | CVE-2026-31412 | Red Hat | medium | — | 0.0%
| | A flaw was found in the Linux kernel's USB mass storage gadget module (`usb-gadget-f_mass_storage`).… | Apr 10, 2026 | Apr 10, 2026 |
| | CVE-2026-34500 | Apache | medium | 6.5 | 0.1%
| | CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled a… | Apr 9, 2026 | Apr 14, 2026 |
| | CVE-2026-34487 | Apache | high | 7.5 | 0.0%
| | Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clusterin… | Apr 9, 2026 | Apr 14, 2026 |
| | CVE-2026-34486 | Apache | high | 7.5 | 0.0%
| | Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-2914… | Apr 9, 2026 | Apr 14, 2026 |
| | CVE-2026-34483 | Apache | high | 7.5 | 0.0%
| | Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache … | Apr 9, 2026 | Apr 14, 2026 |
| | CVE-2026-32990 | Apache | medium | 5.3 | 0.0%
| | Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614.… | Apr 9, 2026 | Apr 14, 2026 |
| | CVE-2026-29146 | Apache | high | 7.5 | 0.0%
| | Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration.
This… | Apr 9, 2026 | Apr 14, 2026 |
| | CVE-2026-29145 | Apache | critical | 9.1 | 0.1%
| | CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled v… | Apr 9, 2026 | Apr 14, 2026 |
| | CVE-2026-29129 | Apache | high | 7.5 | 0.0%
| | Configured cipher preference order not preserved vulnerability in Apache Tomcat.
This issue affects… | Apr 9, 2026 | Apr 14, 2026 |
| | CVE-2026-25854 | Apache | medium | 6.1 | 0.0%
| | Occasional URL redirection to untrusted Site ('Open Redirect') vulnerability in Apache Tomcat via th… | Apr 9, 2026 | Apr 14, 2026 |
| | CVE-2026-24880 | Apache | high | 7.5 | 0.0%
| | Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Ap… | Apr 9, 2026 | Apr 14, 2026 |
| | CVE-2026-5447 | Red Hat | medium | 5.3 | — | | A flaw was found in wolfSSL. A heap buffer overflow, a type of memory corruption vulnerability, occu… | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-5194 | Red Hat | critical | 10.0 | — | | A flaw was found in wolfSSL. Missing hash/digest size and Object Identifier (OID) checks allow the a… | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-35195 | Red Hat | medium | 6.3 | — | | A flaw was found in Wasmtime, a runtime for WebAssembly. A malicious guest component can exploit an … | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-35186 | Red Hat | medium | 6.9 | — | | A flaw was found in Wasmtime, a runtime for WebAssembly. The Winch compiler backend incorrectly hand… | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-34988 | Red Hat | medium | 5.6 | — | | A flaw was found in Wasmtime, a runtime for WebAssembly. When Wasmtime's pooling allocator is config… | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-34987 | Red Hat | medium | 8.5 | — | | A flaw was found in Wasmtime, a runtime for WebAssembly. When using its non-default Winch compiler b… | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-34983 | Red Hat | low | 2.5 | — | | A flaw was found in Wasmtime, a runtime for WebAssembly. This vulnerability allows for a use-after-f… | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-34971 | Red Hat | high | 8.5 | — | | A flaw was found in Wasmtime, a runtime for WebAssembly. On aarch64 systems, a miscompilation bug in… | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-34946 | Red Hat | medium | 5.3 | — | | A flaw was found in Wasmtime, a runtime for WebAssembly (Wasm) code. A malicious Wasm program, when … | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-34945 | Red Hat | medium | 5.6 | — | | A flaw was found in Wasmtime's Winch compiler. This vulnerability, present in versions from 25.0.0 t… | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-34944 | Red Hat | medium | 4.7 | — | | A flaw was found in Wasmtime, a runtime for WebAssembly. On x86-64 platforms with SSE3 disabled, Was… | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-34943 | Red Hat | medium | 5.0 | — | | A flaw was found in Wasmtime, a runtime for WebAssembly. A malicious guest can exploit an issue wher… | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-34942 | Red Hat | medium | 5.6 | — | | A flaw was found in Wasmtime, a runtime for WebAssembly. This vulnerability allows a malicious guest… | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-34941 | Red Hat | medium | 5.3 | — | | A flaw was found in Wasmtime, a runtime for WebAssembly. When transcoding a UTF-16 string to the lat… | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-34020 | Apache | high | 7.5 | 0.0%
| | Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings.
The RE… | Apr 9, 2026 | Apr 15, 2026 |
| | CVE-2026-33266 | Apache | high | 7.5 | 0.0%
| | Use of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings.
The remember-me cookie en… | Apr 9, 2026 | Apr 15, 2026 |
| | CVE-2026-33005 | Apache | medium | 4.3 | 0.0%
| | Improper Handling of Insufficient Privileges vulnerability in Apache OpenMeetings.
Any registered u… | Apr 9, 2026 | Apr 15, 2026 |
| | CVE-2026-34757 | Red Hat | medium | 4.4 | — | | A flaw was found in libpng, a library used for handling PNG (Portable Network Graphics) image files.… | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2025-57735 | Apache | critical | 9.1 | 0.0%
| | When user logged out, the JWT token the user had authtenticated with was not invalidated, which coul… | Apr 9, 2026 | Apr 17, 2026 |
| | CVE-2026-34538 | Apache | medium | 6.5 | 0.0%
| | Apache Airflow versions 3.0.0 through 3.1.8 DagRun wait endpoint returns XCom result values even to … | Apr 9, 2026 | Apr 15, 2026 |
| | CVE-2025-62188 | Apache | high | 7.5 | 0.0%
| | An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache Dolphin… | Apr 9, 2026 | Apr 17, 2026 |
| | CVE-2026-39881 | Red Hat | medium | 5.0 | — | | A flaw was found in Vim. A command injection vulnerability in Vim's NetBeans interface allows a mali… | Apr 8, 2026 | Apr 8, 2026 |
| | CVE-2025-14243 | Red Hat | medium | 5.3 | — | | A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated, rem… | Apr 8, 2026 | Apr 8, 2026 |
| | CVE-2026-2377 | Red Hat | high | 6.5 | — | | A flaw was found in mirror-registry. Authenticated users can exploit the log export feature by provi… | Apr 8, 2026 | Apr 8, 2026 |
| | CVE-2026-33753 | Red Hat | medium | 6.2 | — | | A flaw was found in rfc3161-client, a Python library implementing the Time-Stamp Protocol (TSP). Thi… | Apr 8, 2026 | Apr 8, 2026 |
| | CVE-2026-39865 | Red Hat | medium | 5.9 | — | | A flaw was found in Axios, a promise-based HTTP client. A malicious server can exploit a state corru… | Apr 8, 2026 | Apr 8, 2026 |
| | CVE-2025-57847 | Red Hat | medium | 6.4 | — | | A container privilege escalation flaw was found in certain Ansible Automation Platform images. This … | Apr 8, 2026 | Apr 8, 2026 |
| | CVE-2025-57851 | Red Hat | medium | 6.4 | — | | A container privilege escalation flaw was found in certain Multicluster Engine for Kubernetes images… | Apr 8, 2026 | Apr 8, 2026 |
| | CVE-2025-57853 | Red Hat | medium | 6.4 | — | | A container privilege escalation flaw was found in certain Web Terminal images. This issue stems fro… | Apr 8, 2026 | Apr 8, 2026 |
| | CVE-2025-57854 | Red Hat | medium | 6.4 | — | | A container privilege escalation flaw was found in certain OpenShift Update Service (OSUS) images. T… | Apr 8, 2026 | Apr 8, 2026 |
| | CVE-2025-58713 | Red Hat | medium | 6.4 | — | | A container privilege escalation flaw was found in certain Red Hat Process Automation Manager images… | Apr 8, 2026 | Apr 8, 2026 |