| | CVE-2026-8522 | Red Hat | critical | 8.8 | 0.1%
| | An use after free flaw was found in the Downloads component of the Chromium browser.
Upstream bug(s)… | May 14, 2026 | May 14, 2026 |
| | CVE-2026-8518 | Red Hat | critical | 9.6 | 0.1%
| | An use after free flaw was found in the Blink component of the Chromium browser.
Upstream bug(s):
ht… | May 14, 2026 | May 14, 2026 |
| | CVE-2026-8520 | Red Hat | critical | 8.3 | 0.1%
| | A race flaw was found in the Payments component of the Chromium browser.
Upstream bug(s):
https://co… | May 14, 2026 | May 14, 2026 |
| | CVE-2026-8519 | Red Hat | critical | 8.8 | 0.1%
| | An integer overflow flaw was found in the ANGLE component of the Chromium browser.
Upstream bug(s):
… | May 14, 2026 | May 14, 2026 |
| | CVE-2026-8517 | Red Hat | critical | 9.6 | 0.1%
| | An object lifecycle issue flaw was found in the WebShare component of the Chromium browser.
Upstream… | May 14, 2026 | May 14, 2026 |
| | CVE-2026-8516 | Red Hat | critical | 6.5 | 0.0%
| | An insufficient validation of untrusted input flaw was found in the DataTransfer component of the Ch… | May 14, 2026 | May 14, 2026 |
| | CVE-2026-8515 | Red Hat | critical | 9.6 | 0.1%
| | An use after free flaw was found in the HID component of the Chromium browser.
Upstream bug(s):
http… | May 14, 2026 | May 14, 2026 |
| | CVE-2026-8514 | Red Hat | critical | 9.0 | 0.1%
| | An use after free flaw was found in the Aura component of the Chromium browser.
Upstream bug(s):
htt… | May 14, 2026 | May 14, 2026 |
| | CVE-2026-8512 | Red Hat | critical | 9.6 | 0.1%
| | An use after free flaw was found in the FileSystem component of the Chromium browser.
Upstream bug(s… | May 14, 2026 | May 14, 2026 |
| | CVE-2026-8513 | Red Hat | critical | 8.0 | 0.1%
| | An use after free flaw was found in the Input component of the Chromium browser.
Upstream bug(s):
ht… | May 14, 2026 | May 14, 2026 |
| | CVE-2026-8510 | Red Hat | critical | 8.0 | 0.1%
| | An integer overflow flaw was found in the Skia component of the Chromium browser.
Upstream bug(s):
h… | May 14, 2026 | May 14, 2026 |
| | CVE-2026-8511 | Red Hat | critical | 9.6 | 0.1%
| | An use after free flaw was found in the UI component of the Chromium browser.
Upstream bug(s):
https… | May 14, 2026 | May 14, 2026 |
| | CVE-2026-8509 | Red Hat | critical | 9.6 | 0.1%
| | A heap buffer overflow flaw was found in the WebML component of the Chromium browser.
Upstream bug(s… | May 14, 2026 | May 14, 2026 |
| | CVE-2026-42897 | Microsoft | high | 8.1 | 2.5%
| ⚠ KEV | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Ex… | May 14, 2026 | Jun 15, 2026 |
| | CVE-2026-41615 | Microsoft | critical | 9.6 | 0.1%
| | Exposure of sensitive information to an unauthorized actor in Microsoft Authenticator allows an unau… | May 14, 2026 | May 15, 2026 |
| | CVE-2026-20224 | Cisco | high | 8.6 | 0.7%
| | A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow… | May 14, 2026 | Jun 29, 2026 |
| | CVE-2026-20210 | Cisco | medium | 5.4 | 0.2%
| | A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow… | May 14, 2026 | Jun 29, 2026 |
| | CVE-2026-20209 | Cisco | medium | 5.4 | 0.2%
| | A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow… | May 14, 2026 | Jun 29, 2026 |
| | CVE-2026-20182 | Cisco | critical | 10.0 | 77.9%
| ⚠ KEV | May 2026: This security advisory provides the details and fix information for a vulnerability that w… | May 14, 2026 | Jun 17, 2026 |
| | CVE-2026-41888 | Red Hat | medium | 6.5 | 0.0%
| | A flaw was found in Distribution, a software toolkit used for managing container content. This vulne… | May 14, 2026 | May 14, 2026 |
| | CVE-2026-44484 | Red Hat | high | 9.8 | 0.1%
| | PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 an… | May 14, 2026 | May 14, 2026 |
| | CVE-2026-44216 | Red Hat | high | 7.5 | 0.0%
| | Wasmtime is a runtime for WebAssembly. From 30.0.0 to 36.0.8, 43.0.2, and 44.0.1, Wasmtime's allocat… | May 14, 2026 | May 14, 2026 |
| | CVE-2026-6478 | Red Hat | high | 8.2 | 0.1%
| | A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the compariso… | May 14, 2026 | May 14, 2026 |
| | CVE-2026-6474 | Red Hat | medium | 4.3 | 0.0%
| | A flaw was found in PostgreSQL. This vulnerability, an externally-controlled format string in the `t… | May 14, 2026 | May 14, 2026 |
| | CVE-2026-45205 | Apache | medium | 5.3 | 0.1%
| | Uncontrolled Recursion vulnerability in Apache Commons.
When processing an untrusted configuration … | May 14, 2026 | May 15, 2026 |
| | CVE-2026-8295 | Red Hat | medium | 5.3 | 0.1%
| | A flaw was found in simdjson, a JSON parsing library. An integer overflow vulnerability in the docum… | May 14, 2026 | May 14, 2026 |
| | CVE-2026-28374 | Grafana | medium | 4.3 | 0.2%
| | Editors could delete any annotation, even those they do not have read access to. The editor user can… | May 13, 2026 | Jun 17, 2026 |
| | CVE-2026-33378 | Grafana | medium | 6.5 | 0.3%
| | Using the $__timeGroup macro, one can achieve an OOM by overloading the server. This requires a SQL … | May 13, 2026 | Jun 17, 2026 |
| | CVE-2026-28383 | Grafana | medium | 6.5 | 0.3%
| | A request to the Grafana plugin resources endpoint can cause unbounded memory allocation by reading … | May 13, 2026 | Jun 17, 2026 |
| | CVE-2026-33376 | Grafana | high | 7.4 | 0.3%
| | When using an IPv6 allow-list for the Auth Proxy feature, it defaults to /32 addresses. Addresses sp… | May 13, 2026 | Jun 17, 2026 |
| | CVE-2026-33380 | Grafana | medium | 6.3 | 0.3%
| | A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the… | May 13, 2026 | Jun 17, 2026 |
| | CVE-2026-28380 | Grafana | medium | 6.5 | 0.2%
| | Any Editor could delete any snapshot, even if they have no access to read or write them. | May 13, 2026 | Jun 17, 2026 |
| | CVE-2026-33381 | Grafana | medium | 5.9 | 0.2%
| | When a user's access to mint tokens for a service account is revoked, it is sometimes still possible… | May 13, 2026 | Jun 17, 2026 |
| | CVE-2026-33377 | Grafana | high | 7.1 | 0.2%
| | An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard. T… | May 13, 2026 | Jun 17, 2026 |
| | CVE-2026-28376 | Grafana | medium | 6.5 | 0.3%
| | The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a la… | May 13, 2026 | Jun 17, 2026 |
| | CVE-2026-28379 | Grafana | medium | 6.5 | 0.3%
| | A race condition in Grafana Live allows authenticated users with Viewer role to trigger a server cra… | May 13, 2026 | Jun 17, 2026 |
| | CVE-2026-42586 | Red Hat | medium | 6.8 | 0.0%
| | A flaw was found in Netty, an asynchronous, event-driven network application framework. The Netty Re… | May 13, 2026 | May 13, 2026 |
| | CVE-2026-42584 | Red Hat | high | 7.3 | 0.0%
| | A flaw was found in Netty, an asynchronous, event-driven network application framework. A remote att… | May 13, 2026 | May 13, 2026 |
| | CVE-2026-42580 | Red Hat | medium | 6.5 | 0.0%
| | A flaw was found in Netty, an asynchronous, event-driven network application framework. A remote att… | May 13, 2026 | May 13, 2026 |
| | CVE-2026-42579 | Red Hat | high | 7.5 | 0.0%
| | A flaw was found in Netty. Netty's DNS (Domain Name System) codec does not properly enforce domain n… | May 13, 2026 | May 13, 2026 |
| | CVE-2026-42581 | Red Hat | high | 7.2 | 0.0%
| | A flaw was found in Netty's HttpObjectDecoder. A remote attacker can exploit this by sending a speci… | May 13, 2026 | May 13, 2026 |
| | CVE-2026-44576 | Red Hat | medium | 5.4 | 0.0%
| | A flaw was found in Next.js, a React framework for building web applications. This vulnerability, re… | May 13, 2026 | May 13, 2026 |
| | CVE-2026-42946 | F5 | medium | 6.5 | 0.8%
| | A vulnerability exists in the ngx_http_scgi_module and ngx_http_uwsgi_module modules that may result… | May 13, 2026 | Jun 16, 2026 |
| | CVE-2026-41959 | F5 | medium | 6.5 | 0.2%
| | Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell (tmsh) network… | May 13, 2026 | Jun 24, 2026 |
| | CVE-2026-41956 | F5 | high | 7.5 | 0.3%
| | When a classification profile is configured on a UDP virtual server, undisclosed requests can cause … | May 13, 2026 | Jun 24, 2026 |
| | CVE-2026-41954 | F5 | medium | 4.9 | 0.3%
| | Sensitive information disclosure vulnerability exists in the undisclosed iControl REST endpoint and … | May 13, 2026 | Jun 24, 2026 |
| | CVE-2026-41953 | F5 | high | 8.7 | 0.2%
| | A vulnerability exists in BIG-IP systems where a highly privileged, authenticated attacker with at l… | May 13, 2026 | Jun 24, 2026 |
| | CVE-2026-41227 | F5 | high | 7.5 | 0.3%
| | On an HTTP/2 virtual server with Layer 7 DoS Protection configured, undisclosed traffic can result i… | May 13, 2026 | Jun 24, 2026 |
| | CVE-2026-41225 | F5 | critical | 9.1 | 0.3%
| | A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at le… | May 13, 2026 | Jun 24, 2026 |
| | CVE-2026-41219 | F5 | medium | 6.5 | 0.3%
| | An improper sanitization vulnerability exists in the BIG-IP QKView utility that allows a low-privile… | May 13, 2026 | Jun 24, 2026 |