| | CVE-2026-43513 | Apache | high | 7.5 | 0.1%
| | Improper Handling of Case Sensitivity vulnerability in LockOutRealm in Apache Tomcat.
This issue af… | May 12, 2026 | May 15, 2026 |
| | CVE-2026-43512 | Apache | critical | 9.8 | 0.1%
| | DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat.
T… | May 12, 2026 | May 15, 2026 |
| | CVE-2026-42498 | Apache | high | 7.3 | 0.1%
| | Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerabi… | May 12, 2026 | May 14, 2026 |
| | CVE-2026-41293 | Apache | critical | 9.8 | 0.2%
| | Improper Input Validation vulnerability in Apache Tomcat.
This issue affects Apache Tomcat: from 11… | May 12, 2026 | May 15, 2026 |
| | CVE-2026-41284 | Apache | high | 7.5 | 0.0%
| | Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.
This issue aff… | May 12, 2026 | May 14, 2026 |
| | CVE-2026-5089 | Red Hat | medium | 4.0 | 0.0%
| | A flaw was found in perl-YAML-Syck. The base60 (sexagesimal) parsing code in perl_syck.h contains a … | May 12, 2026 | May 12, 2026 |
| | CVE-2026-43515 | Apache | medium | — | 0.1%
| | Improper Authorization vulnerability when multiple method constraints define an HTTP method for the … | May 12, 2026 | Jun 4, 2026 |
| | CVE-2026-8401 | Red Hat | high | 7.5 | 0.1%
| ✓ Fix | Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3, Fir… | May 12, 2026 | May 12, 2026 |
| | CVE-2026-8368 | Red Hat | medium | 6.5 | 0.0%
| | A flaw was found in LWP::UserAgent, a component of perl-libwww-perl. This vulnerability allows a rem… | May 12, 2026 | May 12, 2026 |
| | CVE-2026-40020 | Red Hat | medium | 6.5 | 0.0%
| | A flaw was found in dovecot. A remote attacker can exploit the Internet Message Access Protocol (IMA… | May 12, 2026 | May 12, 2026 |
| | CVE-2026-40016 | Red Hat | medium | 6.5 | 0.0%
| | A flaw was found in Dovecot. A remote or local attacker could upload a malicious Sieve script throug… | May 12, 2026 | May 12, 2026 |
| | CVE-2026-33603 | Red Hat | medium | 6.8 | 0.0%
| | A flaw was found in Dovecot. An attacker, positioned as a Man-in-the-Middle (MITM) between Dovecot a… | May 12, 2026 | May 12, 2026 |
| | CVE-2026-8391 | Red Hat | high | 7.5 | 0.1%
| ✓ Fix | Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3, Fir… | May 12, 2026 | May 12, 2026 |
| | CVE-2026-8390 | Red Hat | high | 7.5 | 0.0%
| | A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issu… | May 12, 2026 | May 12, 2026 |
| | CVE-2026-8389 | Red Hat | high | 7.5 | 0.1%
| | A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issu… | May 12, 2026 | May 12, 2026 |
| | CVE-2026-8388 | Red Hat | high | 7.5 | 0.0%
| ✓ Fix | Incorrect boundary conditions in the JavaScript Engine: JIT component. This vulnerability was fixed … | May 12, 2026 | May 12, 2026 |
| | CVE-2026-41713 | VMware | high | 8.2 | 0.0%
| | A malicious user could craft input that is stored in conversation memory and later interpreted by th… | May 12, 2026 | May 12, 2026 |
| | CVE-2026-41712 | VMware | high | 7.5 | 0.0%
| | Spring AI's chat memory component contained a problematic default that, when not explicitly overridd… | May 12, 2026 | May 12, 2026 |
| | CVE-2026-6402 | Red Hat | medium | 5.3 | 0.0%
| | A flaw was found in webpack-dev-server. When the development server operates over plain HTTP, a remo… | May 12, 2026 | May 12, 2026 |
| | CVE-2026-42050 | Red Hat | medium | 5.5 | 0.0%
| | A flaw was found in ImageMagick. A user opening a specially crafted MIFF (Magick Image File Format) … | May 11, 2026 | May 11, 2026 |
| | CVE-2026-43896 | Red Hat | medium | 5.5 | 0.0%
| | A flaw was found in jq, a command line JSON processor. The `jv_object_merge_recursive` function, rea… | May 11, 2026 | May 11, 2026 |
| | CVE-2026-43895 | Red Hat | medium | 4.4 | 0.0%
| | A flaw was found in jq, a command line JSON processor. Embedded NUL bytes in import paths are trunca… | May 11, 2026 | May 11, 2026 |
| | CVE-2026-44777 | Red Hat | medium | 5.5 | 0.0%
| | A flaw was found in jq, a command line JSON processor. The module loader fails to perform cycle dete… | May 11, 2026 | May 11, 2026 |
| | CVE-2026-43894 | Red Hat | medium | 6.2 | 0.0%
| | A flaw was found in jq, a tool used for processing JSON data from the command line. A remote attacke… | May 11, 2026 | May 11, 2026 |
| | CVE-2026-41256 | Red Hat | medium | 5.5 | 0.0%
| | A flaw was found in jq, a command line JSON processor. Top-level jq programs loaded from a file usin… | May 11, 2026 | May 11, 2026 |
| | CVE-2026-40612 | Red Hat | medium | 5.5 | 0.0%
| | A flaw was found in jq, a command line JSON processor. The `jv_contains` function does not have a de… | May 11, 2026 | May 11, 2026 |
| | CVE-2026-41257 | Red Hat | medium | 5.5 | 0.0%
| | A flaw was found in jq, a command line JSON processor. The memory allocation size is calculated usin… | May 11, 2026 | May 11, 2026 |
| | CVE-2026-4802 | Red Hat | high | 8.0 | — | | A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary comman… | May 11, 2026 | May 11, 2026 |
| | CVE-2026-43826 | Apache | medium | 6.5 | 0.0%
| | The OpenSearch logging provider, when configured with a `host` URL that embeds credentials (for exam… | May 11, 2026 | May 13, 2026 |
| | CVE-2026-41018 | Apache | medium | 6.5 | 0.0%
| | The Elasticsearch logging provider, when configured with a `host` URL that embeds credentials (for e… | May 11, 2026 | May 13, 2026 |
| | CVE-2026-43500 | Fortinet | high | 7.8 | 92.6%
| | In the Linux kernel, the following vulnerability has been resolved:
rxrpc: Also unshare DATA/RESPON… | May 11, 2026 | Jun 30, 2026 |
| | CVE-2026-8261 | Red Hat | medium | 6.1 | 0.0%
| | A flaw was found in Squirrel. A local attacker could exploit a heap-based buffer overflow vulnerabil… | May 11, 2026 | May 11, 2026 |
| | CVE-2026-45190 | Red Hat | medium | 6.5 | 0.1%
| | A flaw was found in Net::CIDR::Lite, a Perl module for handling IP address ranges. This vulnerabilit… | May 10, 2026 | May 10, 2026 |
| | CVE-2026-45186 | Red Hat | high | 7.5 | 0.0%
| | A flaw was found in libexpat. When processing a specially crafted XML input containing a specific pa… | May 10, 2026 | May 10, 2026 |
| | CVE-2026-6104 | Red Hat | high | 8.2 | 0.0%
| | A flaw was found in PHP. When an encoding name containing an embedded NUL byte is passed to `mb_conv… | May 10, 2026 | May 10, 2026 |
| | CVE-2026-7258 | Red Hat | medium | 5.9 | 0.0%
| ✓ Fix | A flaw was found in PHP. Some functions, including `urldecode()`, incorrectly pass signed characters… | May 10, 2026 | May 10, 2026 |
| | CVE-2026-7262 | Red Hat | high | 7.5 | 0.1%
| | A flaw was found in PHP. When a PHP SOAP server has a typemap configured, the apache:Map decoding pr… | May 10, 2026 | May 10, 2026 |
| | CVE-2026-7568 | Red Hat | high | 7.5 | 0.1%
| | A flaw was found in PHP. The metaphone() function in ext/standard/metaphone.c uses a signed int vari… | May 10, 2026 | May 10, 2026 |
| | CVE-2026-6735 | Red Hat | medium | 5.4 | 0.0%
| ✓ Fix | A flaw was found in PHP, specifically within the PHP-FPM status page. Due to improper sanitation of … | May 10, 2026 | May 10, 2026 |
| | CVE-2026-42257 | Red Hat | medium | 6.1 | 0.0%
| | Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to … | May 9, 2026 | May 9, 2026 |
| | CVE-2026-42256 | Red Hat | medium | 6.5 | 0.0%
| | A flaw was found in Net::IMAP, a Ruby library for Internet Message Access Protocol (IMAP) client fun… | May 9, 2026 | May 9, 2026 |
| | CVE-2026-42245 | Red Hat | medium | 6.5 | 0.1%
| | A flaw was found in Net::IMAP, a Ruby library implementing the Internet Message Access Protocol (IMA… | May 9, 2026 | May 9, 2026 |
| | CVE-2026-42310 | Red Hat | medium | 4.0 | 0.0%
| ✓ Fix | Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can sup… | May 9, 2026 | May 9, 2026 |
| | CVE-2026-42308 | Red Hat | medium | 6.2 | 0.0%
| | A flaw was found in Pillow, a Python imaging library. If a font advances for each glyph by an exceed… | May 9, 2026 | May 9, 2026 |
| | CVE-2026-42309 | Red Hat | medium | 5.1 | 0.0%
| ✓ Fix | A flaw was found in Pillow, a Python imaging library. A malicious actor could exploit this vulnerabi… | May 9, 2026 | May 9, 2026 |
| | CVE-2026-42295 | Red Hat | medium | 5.5 | 0.0%
| | A flaw was found in Argo Workflows, an open source container-native workflow engine for orchestratin… | May 9, 2026 | May 9, 2026 |
| | CVE-2026-42183 | Red Hat | medium | 5.3 | 0.1%
| | A flaw was found in Argo Workflows. This flaw, a nil pointer dereference in the `rbacAuthorization()… | May 9, 2026 | May 9, 2026 |
| | CVE-2026-41705 | VMware | high | 8.6 | 0.0%
| | Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injec… | May 9, 2026 | May 12, 2026 |
| | CVE-2026-2291 | Red Hat | medium | 6.5 | 0.1%
| ✓ Fix | dnsmasqs extract_name() function can be abused to cause a heap buffer overflow, allowing an attacker… | May 9, 2026 | May 9, 2026 |
| | CVE-2026-4890 | Red Hat | high | 7.5 | 0.2%
| ✓ Fix | A Denial of Service (DoS) vulnerability in the DNSSEC validation of dnsmasq allows remote attackers … | May 9, 2026 | May 9, 2026 |