| | CVE-2026-43485 | Red Hat | medium | — | 0.0%
| | A flaw was found in the Linux kernel's nouveau/gsp module. This issue involved the frequent triggeri… | May 13, 2026 | May 13, 2026 |
| | CVE-2026-43477 | Red Hat | low | 5.5 | 0.0%
| | A flaw was found in the Linux kernel. Incorrectly configuring Variable Refresh Rate (VRR) timings be… | May 13, 2026 | May 13, 2026 |
| | CVE-2026-43487 | Red Hat | low | 5.5 | 0.0%
| | A flaw was found in the Linux kernel's `libata-core` module. This vulnerability arises from issues w… | May 13, 2026 | May 13, 2026 |
| | CVE-2026-43489 | Red Hat | medium | — | 0.0%
| | A flaw was found in the Linux kernel's liveupdate mechanism. When a `retrieve()` operation fails, th… | May 13, 2026 | May 13, 2026 |
| | CVE-2026-43479 | Red Hat | medium | — | 0.0%
| | A flaw was found in the Linux kernel's USB network device driver (lan78xx). A redundant function cal… | May 13, 2026 | May 13, 2026 |
| | CVE-2026-43486 | Red Hat | medium | 5.5 | 0.0%
| | A flaw was found in the Linux kernel. The `contpte_ptep_set_access_flags()` function, responsible fo… | May 13, 2026 | May 13, 2026 |
| | CVE-2026-43476 | Red Hat | medium | — | 0.0%
| | In the Linux kernel, the following vulnerability has been resolved:
iio: chemical: sps30_i2c: fix bu… | May 13, 2026 | May 13, 2026 |
| | CVE-2026-42268 | Red Hat | medium | 4.9 | 0.1%
| | A flaw was found in ModSecurity, an open-source web application firewall (WAF). This vulnerability o… | May 12, 2026 | May 12, 2026 |
| | CVE-2026-8449 | Red Hat | medium | — | — | | No description is available for this CVE. | May 12, 2026 | May 12, 2026 |
| | CVE-2026-44871 | HPE | high | 7.2 | 0.1%
| | Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the … | May 12, 2026 | May 14, 2026 |
| | CVE-2026-44872 | HPE | high | 7.2 | 0.3%
| | A command injection vulnerability exists in the web-based management interface of AOS-8 and AOS-10 O… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-44869 | HPE | high | 7.2 | 0.2%
| | Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Op… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-44868 | HPE | high | 7.2 | 0.2%
| | Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Op… | May 12, 2026 | May 14, 2026 |
| | CVE-2026-44867 | HPE | high | 7.2 | 0.2%
| | Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Op… | May 12, 2026 | May 14, 2026 |
| | CVE-2026-23823 | HPE | high | 7.2 | — | | A vulnerability in the command line interface of Access Points running AOS-10 could allow an authent… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-23821 | HPE | high | 7.2 | — | | A vulnerability in the configuration processing logic of Access Points running AOS-10 could allow an… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-23820 | HPE | high | 7.2 | — | | A vulnerability in the command line interface of Access Points running AOS-10 and AOS-8 Instant coul… | May 12, 2026 | May 13, 2026 |
| | CVE-2026-44279 | Fortinet | medium | 5.5 | 0.1%
| | An improper export of android application components vulnerability in Fortinet FortiTokenAndroid 6.2… | May 12, 2026 | Jun 26, 2026 |
| | CVE-2026-44278 | Fortinet | low | 2.3 | 0.0%
| | A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4… | May 12, 2026 | May 16, 2026 |
| | CVE-2026-44277 | Fortinet | critical | 9.8 | 0.1%
| | A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0… | May 12, 2026 | May 28, 2026 |
| | CVE-2026-42898 | Microsoft | critical | 9.9 | 0.1%
| | Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) al… | May 12, 2026 | May 14, 2026 |
| | CVE-2026-42893 | Microsoft | high | 7.4 | 0.0%
| | Improper neutralization of special elements used in a command ('command injection') in M365 Copilot … | May 12, 2026 | May 13, 2026 |
| | CVE-2026-42891 | Microsoft | medium | 6.5 | 0.0%
| | User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) all… | May 12, 2026 | May 14, 2026 |
| | CVE-2026-42838 | Microsoft | medium | 5.4 | 0.0%
| | Improper neutralization of special elements in output used by a downstream component ('injection') i… | May 12, 2026 | May 14, 2026 |
| | CVE-2026-42833 | Microsoft | critical | 9.1 | 0.1%
| | Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) al… | May 12, 2026 | Jun 1, 2026 |
| | CVE-2026-42832 | Microsoft | high | 7.7 | 0.0%
| | Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing loca… | May 12, 2026 | May 19, 2026 |
| | CVE-2026-42831 | Microsoft | high | 7.8 | 0.1%
| | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code local… | May 12, 2026 | May 19, 2026 |
| | CVE-2026-42830 | Microsoft | medium | 6.5 | 0.1%
| | Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges loc… | May 12, 2026 | May 14, 2026 |
| | CVE-2026-42823 | Microsoft | critical | 9.9 | 0.1%
| | Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over… | May 12, 2026 | May 14, 2026 |
| | CVE-2026-41614 | Microsoft | medium | 6.2 | 0.0%
| | Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoof… | May 12, 2026 | May 14, 2026 |
| | CVE-2026-41613 | Microsoft | high | 8.8 | 0.1%
| | Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a … | May 12, 2026 | May 15, 2026 |
| | CVE-2026-41612 | Microsoft | medium | 5.5 | 0.0%
| | Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose informatio… | May 12, 2026 | May 15, 2026 |
| | CVE-2026-41611 | Microsoft | high | 7.8 | 0.0%
| | Improper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code … | May 12, 2026 | May 15, 2026 |
| | CVE-2026-41610 | Microsoft | medium | 6.3 | 0.0%
| | Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studi… | May 12, 2026 | May 15, 2026 |
| | CVE-2026-41109 | Microsoft | high | 8.8 | 0.1%
| | Improper neutralization of special elements in output used by a downstream component ('injection') i… | May 12, 2026 | May 15, 2026 |
| | CVE-2026-41107 | Microsoft | high | 7.4 | 0.1%
| | External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized atta… | May 12, 2026 | May 15, 2026 |
| | CVE-2026-41103 | Microsoft | critical | 9.1 | 0.1%
| | Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluen… | May 12, 2026 | May 16, 2026 |
| | CVE-2026-41102 | Microsoft | high | 7.1 | 0.0%
| | Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoo… | May 12, 2026 | May 16, 2026 |
| | CVE-2026-41101 | Microsoft | high | 7.1 | 0.0%
| | Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing l… | May 12, 2026 | May 16, 2026 |
| | CVE-2026-41100 | Microsoft | medium | 4.4 | 0.0%
| | Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally. | May 12, 2026 | May 16, 2026 |
| | CVE-2026-41094 | Microsoft | high | 8.8 | 0.1%
| | Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an una… | May 12, 2026 | May 16, 2026 |
| | CVE-2026-41086 | Microsoft | high | 8.8 | 0.1%
| | Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges … | May 12, 2026 | May 15, 2026 |
| | CVE-2026-40421 | Microsoft | medium | 4.3 | 0.1%
| | Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized … | May 12, 2026 | Jun 1, 2026 |
| | CVE-2026-40420 | Microsoft | high | 8.8 | 0.0%
| | Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. | May 12, 2026 | Jun 1, 2026 |
| | CVE-2026-40419 | Microsoft | high | 7.8 | 0.0%
| | Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. | May 12, 2026 | May 19, 2026 |
| | CVE-2026-40418 | Microsoft | high | 7.8 | 0.0%
| | Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. | May 12, 2026 | Jun 1, 2026 |
| | CVE-2026-40417 | Microsoft | high | 7.8 | 0.0%
| | Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges… | May 12, 2026 | Jun 3, 2026 |
| | CVE-2026-40416 | Microsoft | medium | 4.3 | 0.0%
| | User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) all… | May 12, 2026 | May 18, 2026 |
| | CVE-2026-40381 | Microsoft | high | 7.8 | 0.0%
| | Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate pr… | May 12, 2026 | May 18, 2026 |
| | CVE-2026-40379 | Microsoft | critical | 9.3 | 0.1%
| | Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized … | May 12, 2026 | May 21, 2026 |