| | CVE-2026-28369 |  Apache | high | 8.7 | 0.1%
| | A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line sta… | Mar 27, 2026 | Apr 8, 2026 |
| | CVE-2026-28367 | Apache | high | 8.7 | 0.0%
| | A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\r\r\r` a… | Mar 27, 2026 | Apr 8, 2026 |
| | CVE-2026-28368 | Apache | high | 8.7 | 0.1%
| | A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially cra… | Mar 27, 2026 | Apr 8, 2026 |
| | CVE-2026-27880 |  Grafana | high | 7.5 | 0.0%
| | The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cau… | Mar 27, 2026 | May 10, 2026 |
| | CVE-2026-27877 | Grafana | medium | 6.5 | 0.0%
| | When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed… | Mar 27, 2026 | May 10, 2026 |
| | CVE-2026-4980 |  Red Hat | medium | 6.3 | 0.0%
| | A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-27879 | Grafana | medium | 6.5 | 0.0%
| | A resample query can be used to trigger out-of-memory crashes in Grafana. | Mar 27, 2026 | Apr 24, 2026 |
| | CVE-2026-28375 | Grafana | medium | 6.5 | 0.0%
| | A testdata data-source can be used to trigger out-of-memory crashes in Grafana. | Mar 27, 2026 | Apr 24, 2026 |
| | CVE-2026-27876 | Grafana | critical | 9.1 | 0.1%
| | A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary … | Mar 27, 2026 | Apr 24, 2026 |
| | CVE-2026-33758 | Red Hat | high | 9.6 | 0.1%
| | OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao … | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33757 | Red Hat | high | 9.6 | 0.1%
| | OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao … | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33433 | Red Hat | high | 7.7 | 0.0%
| | Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.42, 3.6.11, and 3.7.0-ea.… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-32695 | Red Hat | high | 7.7 | 0.0%
| | Traefik is an HTTP reverse proxy and load balancer. Prior to versions 3.6.11 and 3.7.0-ea.2, Traefik… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-27860 | Red Hat | low | 3.7 | 0.0%
| | If auth_username_chars is empty, it is possible to inject arbitrary LDAP filter to Dovecot's LDAP au… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-27859 | Red Hat | medium | 5.3 | 0.0%
| | A mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much C… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-27858 | Red Hat | high | 7.5 | 0.0%
| | Attacker can send a specifically crafted message before authentication that causes managesieve to al… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-27857 | Red Hat | high | 7.5 | 0.0%
| | Sending "NOOP (((...)))" command with 4000 parenthesis open+close results in ~1MB extra memory usage… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-27855 | Red Hat | medium | 6.8 | 0.0%
| | Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache i… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-24031 | Red Hat | high | 7.7 | 0.1%
| | Dovecot SQL based authentication can be bypassed when auth_username_chars is cleared by admin. This … | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-0394 | Red Hat | medium | 5.3 | 0.0%
| | When dovecot has been configured to use per-domain passwd files, and they are placed one path compon… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2025-59031 | Red Hat | medium | 4.3 | 0.0%
| | Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2025-59028 | Red Hat | medium | 5.3 | 0.1%
| | When sending invalid base64 SASL data, login process is disconnected from the auth server, causing a… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-22744 |  VMware | high | 7.5 | 0.0%
| | In RedisFilterExpressionConverter of spring-ai-redis-store, when a user-controlled string is passed … | Mar 27, 2026 | Apr 16, 2026 |
| | CVE-2026-22743 | VMware | high | 7.5 | 0.1%
| | Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpr… | Mar 27, 2026 | Apr 16, 2026 |
| | CVE-2026-22742 | VMware | high | 8.6 | 0.1%
| | Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery (SSRF) vulnerability i… | Mar 27, 2026 | May 10, 2026 |
| | CVE-2026-22738 | VMware | critical | 9.8 | 0.1%
| | In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value … | Mar 27, 2026 | May 10, 2026 |
| | CVE-2026-34353 | Red Hat | medium | 5.9 | — | | A flaw was found in OCaml. An integer overflow vulnerability exists in the `Bigarray.reshape` functi… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33747 | Red Hat | medium | 8.2 | — | | A flaw was found in BuildKit, a toolkit for converting source code to build artifacts. An untrusted … | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33721 | Red Hat | high | 7.5 | — | | A flaw was found in MapServer, a system for developing web-based Geographic Information System (GIS)… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-33701 | Red Hat | high | 8.1 | 0.5%
| | OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation l… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-4948 | Red Hat | medium | 5.5 | — | | A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-autho… | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-4981 | Red Hat | medium | 5.4 | — | | A flaw was found in Red Hat Advanced Cluster Security (ACS). An unauthenticated remote attacker can … | Mar 27, 2026 | Mar 27, 2026 |
| | CVE-2026-28377 | Grafana | high | 7.5 | 0.0%
| | A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /statu… | Mar 26, 2026 | Apr 24, 2026 |
| | CVE-2026-1556 | Red Hat | high | 7.7 | — | | A flaw was found in Drupal File (Field) Paths. This information disclosure vulnerability allows auth… | Mar 26, 2026 | Mar 26, 2026 |
| | CVE-2026-3650 | Red Hat | medium | 6.5 | — | | A flaw was found in the Grassroots DICOM library (GDCM). This memory leak vulnerability occurs when … | Mar 26, 2026 | Mar 26, 2026 |
| | CVE-2026-21724 | Grafana | medium | 5.4 | 0.0%
| | A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning… | Mar 26, 2026 | Apr 24, 2026 |
| | CVE-2026-33375 | Grafana | medium | 6.5 | 0.0%
| | The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user (Viewer… | Mar 26, 2026 | Apr 24, 2026 |
| | CVE-2026-33490 | Red Hat | medium | 6.5 | — | | A flaw was found in H3, a minimal HTTP framework. The `mount()` method, responsible for routing requ… | Mar 26, 2026 | Mar 26, 2026 |
| | CVE-2026-33413 | Red Hat | medium | 7.7 | — | | A flaw was found in etcd, a distributed key-value store. Unauthorized users can bypass authenticatio… | Mar 26, 2026 | Mar 26, 2026 |
| | CVE-2026-4897 | Red Hat | medium | 5.5 | — | | A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessiv… | Mar 26, 2026 | Mar 26, 2026 |
| | CVE-2026-1961 | Red Hat | high | 8.0 | — | ✓ Fix | A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Fo… | Mar 26, 2026 | Mar 26, 2026 |
| | CVE-2026-4887 | Red Hat | medium | 6.1 | — | | A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an of… | Mar 26, 2026 | Mar 26, 2026 |
| | CVE-2026-4874 | Red Hat | low | 3.1 | 0.0%
| | A flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery (SSR… | Mar 26, 2026 | Mar 26, 2026 |
| | CVE-2026-33526 | Red Hat | high | 7.5 | 2.0%
| | A flaw was found in Squid. A remote attacker can exploit a heap Use-After-Free vulnerability when ha… | Mar 26, 2026 | Mar 26, 2026 |
| | CVE-2026-33515 | Red Hat | medium | 5.3 | 1.0%
| | A flaw was found in Squid, a caching proxy for the Web. Due to improper input validation, Squid is v… | Mar 26, 2026 | Mar 26, 2026 |
| | CVE-2026-32748 | Red Hat | high | 7.5 | 1.8%
| | A flaw was found in Squid. A remote attacker can exploit this vulnerability by sending specially cra… | Mar 26, 2026 | Mar 26, 2026 |
| | CVE-2026-29976 | Red Hat | low | 2.8 | — | | A flaw was found in ZerBea hcxpcapngtool. A local attacker can exploit a buffer overflow vulnerabili… | Mar 26, 2026 | Mar 26, 2026 |
| | CVE-2026-33249 | Red Hat | medium | 6.4 | 0.0%
| | NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Star… | Mar 25, 2026 | Mar 25, 2026 |
| | CVE-2026-33223 | Red Hat | medium | 6.4 | 0.0%
| | NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prio… | Mar 25, 2026 | Mar 25, 2026 |
| | CVE-2026-33248 | Red Hat | medium | 4.8 | 0.0%
| | NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prio… | Mar 25, 2026 | Mar 25, 2026 |