| | CVE-2026-31909 | Apache | high | 7.5 | 0.0%
| | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache OFBiz.
This issu… | May 19, 2026 | May 19, 2026 |
| | CVE-2026-31906 | Apache | medium | 6.1 | 0.0%
| | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i… | May 19, 2026 | May 19, 2026 |
| | CVE-2026-31388 | Apache | medium | 5.3 | 0.0%
| | Improper Access Control vulnerability in Apache OFBiz in multi-tenant deployments.
This issue affec… | May 19, 2026 | May 19, 2026 |
| | CVE-2026-31387 | Apache | medium | 5.3 | 0.0%
| | Improper Authentication vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 24.0… | May 19, 2026 | May 19, 2026 |
| | CVE-2026-31380 | Apache | medium | 6.5 | 0.0%
| | Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression La… | May 19, 2026 | May 19, 2026 |
| | CVE-2026-31379 | Apache | medium | 6.1 | 0.0%
| | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Improper Limit… | May 19, 2026 | May 19, 2026 |
| | CVE-2026-31378 | Apache | medium | 6.5 | 0.0%
| | Improper Input Validation vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 24… | May 19, 2026 | May 19, 2026 |
| | CVE-2026-29226 | Apache | high | 7.3 | 0.0%
| | Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz via Content component operations.
… | May 19, 2026 | May 19, 2026 |
| | CVE-2026-29220 | Apache | medium | 6.5 | 0.0%
| | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apac… | May 19, 2026 | May 19, 2026 |
| | CVE-2026-29207 | Apache | medium | 6.5 | 0.0%
| | Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz.… | May 19, 2026 | May 19, 2026 |
| | CVE-2026-35086 | Apache | medium | — | 0.0%
| | Improper Control of Generation of Code ('Code Injection') vulnerability in email services of Apache … | May 19, 2026 | May 20, 2026 |
| | CVE-2026-2611 | Red Hat | critical | 9.6 | 0.0%
| | A flaw was found in MLflow. Improper origin validation in the MLflow Assistant's /ajax-api endpoints… | May 19, 2026 | May 19, 2026 |
| | CVE-2026-8922 | Red Hat | medium | 5.4 | 0.0%
| | A flaw was found in Keycloak. When both realm-level and client-level `notBefore` revocation policies… | May 19, 2026 | May 19, 2026 |
| | CVE-2026-8830 | Red Hat | medium | 4.3 | 0.0%
| | A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during c… | May 19, 2026 | May 19, 2026 |
| | CVE-2026-37979 | Red Hat | medium | 6.5 | 0.0%
| | A flaw was found in Keycloak. This access control vulnerability in Keycloak's OpenID Connect (OIDC) … | May 19, 2026 | May 19, 2026 |
| | CVE-2026-37982 | Red Hat | medium | 6.8 | 0.0%
| | A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay `… | May 19, 2026 | May 19, 2026 |
| | CVE-2026-43493 | Red Hat | medium | 7.0 | 0.0%
| | A flaw was found in the Linux kernel's `pcrypt` component. This vulnerability involves how the syste… | May 19, 2026 | May 19, 2026 |
| | CVE-2026-43491 | Red Hat | medium | 7.0 | 0.0%
| | A flaw was found in the Linux kernel. A malicious client can exploit this by sending a large number … | May 19, 2026 | May 19, 2026 |
| | CVE-2026-43492 | Red Hat | medium | 5.5 | 0.0%
| | A flaw was found in the Linux kernel. A local user could trigger an integer underflow in the mpi_rea… | May 19, 2026 | May 19, 2026 |
| | CVE-2026-31072 | Red Hat | high | 8.8 | — | | A flaw was found in APScheduler, affecting its JSONSerializer and CBORSerializer components. This vu… | May 19, 2026 | May 19, 2026 |
| | CVE-2025-51427 | Red Hat | high | 8.1 | 0.0%
| | A flaw was found in ModelScope. This vulnerability allows a remote attacker to execute arbitrary cod… | May 19, 2026 | May 19, 2026 |
| | CVE-2026-25244 | Red Hat | high | 8.0 | 0.1%
| | A flaw was found in WebdriverIO. A remote attacker can exploit a command injection vulnerability by … | May 18, 2026 | May 18, 2026 |
| | CVE-2026-45495 | Microsoft | high | 8.8 | 0.2%
| | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | May 18, 2026 | May 26, 2026 |
| | CVE-2026-45494 | Microsoft | medium | 5.4 | 0.0%
| | Microsoft Edge (Chromium-based) Spoofing Vulnerability | May 18, 2026 | May 19, 2026 |
| | CVE-2026-45492 | Microsoft | medium | 5.4 | 0.1%
| | Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypa… | May 18, 2026 | May 19, 2026 |
| | CVE-2026-42822 | Microsoft | critical | 10.0 | 0.1%
| | Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to el… | May 18, 2026 | May 21, 2026 |
| | CVE-2026-45829 | Red Hat | critical | 10.0 | — | | A flaw was found in the ChromaDB Python project. This pre-authentication code injection vulnerabilit… | May 18, 2026 | May 18, 2026 |
| | CVE-2021-47952 | Red Hat | critical | 9.8 | 0.4%
| | python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to exec… | May 16, 2026 | May 16, 2026 |
| | CVE-2026-35194 | Apache | high | 8.1 | 0.0%
| | Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x al… | May 15, 2026 | May 18, 2026 |
| | CVE-2026-46483 | Red Hat | medium | 7.0 | 0.0%
| | A flaw was found in Vim. When decompressing .tgz archives, the Vimuntar function builds shell comman… | May 15, 2026 | May 15, 2026 |
| | CVE-2026-8503 | Apache | medium | — | — | | Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids.
Apac… | May 15, 2026 | May 15, 2026 |
| | CVE-2026-41702 | VMware | high | 7.8 | 0.0%
| | VMware Fusion contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during an oper… | May 15, 2026 | May 18, 2026 |
| | CVE-2026-46333 | Red Hat | high | 7.8 | 0.0%
| | In the Linux kernel, the following vulnerability has been resolved:
ptrace: slightly saner 'get_dump… | May 15, 2026 | May 15, 2026 |
| | CVE-2026-43490 | Red Hat | medium | — | 0.0%
| | A flaw was found in ksmbd, a Linux kernel module that provides an in-kernel Server Message Block (SM… | May 15, 2026 | May 15, 2026 |
| | CVE-2026-34253 | Red Hat | high | 8.2 | 0.1%
| | A flaw was found in the ogg123 utility of the vorbis-tools package. This buffer underflow vulnerabil… | May 15, 2026 | May 15, 2026 |
| | CVE-2026-44673 | Red Hat | high | 7.5 | 0.1%
| | A flaw was found in libyang, a YANG data modeling language library. An integer overflow in the `lyb_… | May 14, 2026 | May 14, 2026 |
| | CVE-2026-42327 | Red Hat | high | 9.1 | 0.0%
| | A flaw was found in rust-openssl, a library providing OpenSSL bindings for the Rust programming lang… | May 14, 2026 | May 14, 2026 |
| | CVE-2026-8587 | Red Hat | medium | 9.6 | 0.0%
| | An use after free flaw was found in the Extensions component of the Chromium browser.
Upstream bug(s… | May 14, 2026 | May 14, 2026 |
| | CVE-2026-8586 | Red Hat | medium | 3.9 | 0.0%
| | Inappropriate implementation in Chromoting in Google Chrome prior to 148.0.7778.168 allowed a local … | May 14, 2026 | May 14, 2026 |
| | CVE-2026-8582 | Red Hat | medium | 4.3 | 0.0%
| | An object lifecycle issue flaw was found in the Dawn component of the Chromium browser.
Upstream bug… | May 14, 2026 | May 14, 2026 |
| | CVE-2026-8583 | Red Hat | medium | 5.7 | 0.1%
| | An insufficient policy enforcement flaw was found in the WebXR component of the Chromium browser.
Up… | May 14, 2026 | May 14, 2026 |
| | CVE-2026-8581 | Red Hat | medium | 8.8 | 0.1%
| | An use after free flaw was found in the GPU component of the Chromium browser.
Upstream bug(s):
http… | May 14, 2026 | May 14, 2026 |
| | CVE-2026-8578 | Red Hat | medium | 5.8 | 0.0%
| | Out of bounds read in GPU in Google Chrome on Linux prior to 148.0.7778.168 allowed a remote attacke… | May 14, 2026 | May 14, 2026 |
| | CVE-2026-8579 | Red Hat | medium | 8.8 | 0.0%
| | Insufficient validation of untrusted input in Skia in Google Chrome prior to 148.0.7778.168 allowed … | May 14, 2026 | May 14, 2026 |
| | CVE-2026-8580 | Red Hat | medium | 9.6 | 0.1%
| | An use after free flaw was found in the Mojo component of the Chromium browser.
Upstream bug(s):
htt… | May 14, 2026 | May 14, 2026 |
| | CVE-2026-8576 | Red Hat | medium | 6.5 | 0.0%
| | Inappropriate implementation in CORS in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 … | May 14, 2026 | May 14, 2026 |
| | CVE-2026-8577 | Red Hat | medium | 9.6 | 0.1%
| | An integer overflow flaw was found in the Fonts component of the Chromium browser.
Upstream bug(s):
… | May 14, 2026 | May 14, 2026 |
| | CVE-2026-8575 | Red Hat | medium | 9.0 | 0.1%
| | An use after free flaw was found in the UI component of the Chromium browser.
Upstream bug(s):
https… | May 14, 2026 | May 14, 2026 |
| | CVE-2026-8574 | Red Hat | medium | 8.2 | 0.1%
| | An use after free flaw was found in the Core component of the Chromium browser.
Upstream bug(s):
htt… | May 14, 2026 | May 14, 2026 |
| | CVE-2026-8573 | Red Hat | medium | 9.6 | 0.1%
| | An integer overflow flaw was found in the Codecs component of the Chromium browser.
Upstream bug(s):… | May 14, 2026 | May 14, 2026 |