| | CVE-2026-53404 | Apache | high | 7.3 | 0.2%
| | Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant th… | Jun 29, 2026 | Jul 2, 2026 |
| | CVE-2026-50229 | Apache | medium | 6.1 | 0.2%
| | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in the n… | Jun 29, 2026 | Jul 2, 2026 |
| | CVE-2026-13676 | Red Hat | high | 7.5 | — | | A flaw was found in fast-uri. This vulnerability occurs because fast-uri fails to properly convert U… | Jun 29, 2026 | Jun 29, 2026 |
| | CVE-2026-11979 | Red Hat | medium | 4.8 | — | | A flaw was found in libxml2, specifically within the xmlcatalog utility when operating in shell mode… | Jun 29, 2026 | Jun 29, 2026 |
| | CVE-2026-54369 | Red Hat | high | 7.1 | — | | A flaw was found in the `acl` component, specifically within its `libacl` pathname-based functions. … | Jun 29, 2026 | Jun 29, 2026 |
| | CVE-2026-54370 | Red Hat | medium | 6.3 | — | | A time-of-check to time-of-use (TOCTOU) race condition vulnerability was found in acl. By replacing … | Jun 29, 2026 | Jun 29, 2026 |
| | CVE-2026-54371 | Red Hat | high | 7.1 | — | | A flaw was found in the `attr` component, specifically within the `getfattr` utility. This vulnerabi… | Jun 29, 2026 | Jun 29, 2026 |
| | CVE-2026-12856 | Red Hat | high | 8.8 | — | | A flaw was found in the vscode-java extension, which provides Java language support for Visual Studi… | Jun 29, 2026 | Jun 29, 2026 |
| | CVE-2026-41991 | Red Hat | medium | 6.0 | — | | A flaw was found in the `gzexe` utility of GNU `gzip`. When the `mktemp` utility is not available, `… | Jun 29, 2026 | Jun 29, 2026 |
| | CVE-2026-53325 | Red Hat | low | 5.5 | 0.2%
| | A flaw was found in the Linux kernel's AMD64 AGP (Accelerated Graphics Port) driver. This vulnerabil… | Jun 29, 2026 | Jun 29, 2026 |
| | CVE-2026-48090 | Red Hat | medium | — | 0.6%
| | Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 u… | Jun 26, 2026 | Jun 26, 2026 |
| | CVE-2026-47220 | Red Hat | high | 7.5 | 0.5%
| | Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 u… | Jun 26, 2026 | Jun 26, 2026 |
| | CVE-2026-47205 | Red Hat | medium | — | 0.4%
| | Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.36.0 u… | Jun 26, 2026 | Jun 26, 2026 |
| | CVE-2025-64152 | Apache | medium | — | — | | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apac… | Jun 26, 2026 | Jun 26, 2026 |
| | CVE-2025-55017 | Apache | medium | — | — | | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apac… | Jun 26, 2026 | Jun 26, 2026 |
| | CVE-2026-57915 | Apache | medium | — | 0.3%
| | It is possible to bypass the Kerberos pre-authentication check in Apache Kerby by sending a PA-DATA … | Jun 26, 2026 | Jun 30, 2026 |
| | CVE-2026-57914 | Red Hat | medium | 6.5 | 0.3%
| | By sending a deeply nested ASN1 structure to a Apache Kerby client or service, it's possible to trig… | Jun 26, 2026 | Jun 26, 2026 |
| | CVE-2026-13325 | Red Hat | medium | 8.5 | — | | A flaw was found in KubeVirt's migration proxy. When spec.configuration.migrations.disableTLS is set… | Jun 26, 2026 | Jun 26, 2026 |
| | CVE-2025-7958 | Trellix | high | 7.1 | — | | A Code Injection vulnerability existed in Trellix Network Security CM and NX. A locally authenticate… | Jun 26, 2026 | Jun 26, 2026 |
| | CVE-2026-49486 | Apache | high | 7.5 | 0.3%
| | The Apache Airflow FTP provider's `FTPSHook.get_conn()` created an `ftplib.FTP_TLS` connection but n… | Jun 26, 2026 | Jun 26, 2026 |
| | CVE-2026-48930 | Red Hat | medium | 5.6 | 0.4%
| | A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authorit… | Jun 26, 2026 | Jun 26, 2026 |
| | CVE-2026-48619 | Red Hat | medium | 5.3 | 0.6%
| | A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which … | Jun 26, 2026 | Jun 26, 2026 |
| | CVE-2026-48935 | Red Hat | low | 3.3 | 0.1%
| | A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was se… | Jun 26, 2026 | Jun 26, 2026 |
| | CVE-2026-48933 | Red Hat | high | 7.5 | 0.6%
| ✓ Fix | A flaw in Node.js WebCrypto implementation can crash the process if the input of `subtle.encrypt()` … | Jun 26, 2026 | Jun 26, 2026 |
| | CVE-2026-48934 | Red Hat | medium | 4.3 | 0.3%
| | A flaw in Node.js TLS host verification can cause an attacker to bypass certification validation.
Th… | Jun 26, 2026 | Jun 26, 2026 |
| | CVE-2026-48928 | Red Hat | medium | 4.2 | 0.2%
| | A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS s… | Jun 26, 2026 | Jun 26, 2026 |
| | CVE-2026-48615 | Red Hat | medium | 5.9 | 0.4%
| ✓ Fix | A flaw in Node.js proxy tunnel error handling could expose proxy credentials in `ERR_PROXY_TUNNEL` e… | Jun 26, 2026 | Jun 26, 2026 |
| | CVE-2026-48936 | Red Hat | low | 3.3 | 0.1%
| | A flaw in Node.js Permission API can cause a local server to be started (via a Unix domain socket), … | Jun 26, 2026 | Jun 26, 2026 |
| | CVE-2026-48618 | Red Hat | high | 7.7 | 0.6%
| ✓ Fix | A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to… | Jun 26, 2026 | Jun 26, 2026 |
| | CVE-2026-13434 | Red Hat | medium | 4.9 | 0.2%
| | A flaw was found in KubeVirt's network annotation generator. When a tenant creates a VirtualMachineI… | Jun 26, 2026 | Jun 26, 2026 |
| | CVE-2026-47770 | Red Hat | medium | 5.5 | — | | A flaw was found in jq, a command-line JSON processor. This vulnerability allows a local user or an … | Jun 25, 2026 | Jun 25, 2026 |
| | CVE-2026-54679 | Red Hat | medium | 5.5 | — | | A flaw was found in jq, a command-line JSON processor. On 32-bit systems, a local attacker could exp… | Jun 25, 2026 | Jun 25, 2026 |
| | CVE-2026-9705 | Red Hat | medium | 6.5 | — | ✓ Fix | A flaw was found in Keycloak's client registration service. A remote attacker, possessing a previous… | Jun 25, 2026 | Jun 25, 2026 |
| | CVE-2026-9099 | Red Hat | high | 7.7 | — | ✓ Fix | A flaw was found in Keycloak. A missing authorization check in the GroupResource.addChild() endpoint… | Jun 25, 2026 | Jun 25, 2026 |
| | CVE-2026-9086 | Red Hat | high | 7.3 | — | ✓ Fix | A flaw was found in Keycloak. A remote attacker with administrative privileges, specifically those w… | Jun 25, 2026 | Jun 25, 2026 |
| | CVE-2026-9083 | Red Hat | medium | 4.9 | — | ✓ Fix | A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vu… | Jun 25, 2026 | Jun 25, 2026 |
| | CVE-2026-57588 | Tenable | low | 3.3 | 0.2%
| | A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file tha… | Jun 25, 2026 | Jun 26, 2026 |
| | CVE-2026-57587 | Tenable | medium | 5.3 | 0.3%
| | A SQL injection vulnerability in Nessus allows a remote, unauthenticated attacker who controls rever… | Jun 25, 2026 | Jun 26, 2026 |
| | CVE-2026-57236 | Red Hat | high | 8.2 | — | | A flaw was found in Nokogiri, an XML and HTML library for Ruby. When an attacker provides an invalid… | Jun 25, 2026 | Jun 25, 2026 |
| | CVE-2026-13324 | Red Hat | medium | 6.5 | — | | A vulnerability has been identified in the **GNOME Geary** package within its **`mailto` URI handlin… | Jun 25, 2026 | Jun 25, 2026 |
| | CVE-2026-56091 | Apache | high | 8.2 | — | | When using Apache Shiro with the shiro-guice module in a web servlet context, a specially crafted HT… | Jun 25, 2026 | Jun 25, 2026 |
| | CVE-2026-56130 | Apache | low | 2.0 | — | | "Remember me" cookie age is not verified on the server. This potentially allows an attacker to inter… | Jun 25, 2026 | Jun 25, 2026 |
| | CVE-2026-41566 | Apache | critical | 9.4 | — | | Improper Handling of Insufficient Permissions or Privileges vulnerability in Apache Kvrocks.
This i… | Jun 25, 2026 | Jun 25, 2026 |
| | CVE-2026-45188 | Apache | low | 2.4 | — | | Relative Path Traversal vulnerability in Apache Kvrocks.
This issue affects Apache Kvrocks: from 1.… | Jun 25, 2026 | Jun 25, 2026 |
| | CVE-2026-46751 | Apache | medium | 5.5 | — | | A vulnerability in Apache Kvrocks.
This issue affects Apache Kvrocks: from 2.2.0 through 2.15.0.
U… | Jun 25, 2026 | Jun 25, 2026 |
| | CVE-2026-46752 | Apache | critical | 10.0 | — | | Redis Lua HEAP overflow in cjson library vulnerability in Apache Kvrocks.
This issue affects Apache… | Jun 25, 2026 | Jun 25, 2026 |
| | CVE-2026-54226 | Apache | medium | 6.4 | — | | A vulnerability in Apache Kvrocks.
This issue affects Apache Kvrocks: from 2.6.0 through 2.15.0.
U… | Jun 25, 2026 | Jun 25, 2026 |
| | CVE-2026-13311 | Red Hat | medium | 6.5 | 0.4%
| | A flaw was found in the `shell-quote` component. An attacker who can supply a specially crafted stri… | Jun 25, 2026 | Jun 25, 2026 |
| | CVE-2026-13218 | Red Hat | medium | 4.2 | — | | A flaw was found in KubeVirt's virt-handler network cache handling. The WriteToCachedFile function w… | Jun 25, 2026 | Jun 25, 2026 |
| | CVE-2026-13318 | Red Hat | medium | 6.4 | — | | A server-side request forgery (SSRF) flaw was found in KubeVirt's virt-api port-forward handler. Whe… | Jun 25, 2026 | Jun 25, 2026 |