| | CVE-2026-7927 | Red Hat | high | 8.8 | 0.1%
| | A type confusion flaw was found in the Runtime component of the Chromium browser.
Upstream bug(s):
h… | May 5, 2026 | May 5, 2026 |
| | CVE-2026-7960 | Red Hat | medium | 2.6 | 0.0%
| | A race flaw was found in the Speech component of the Chromium browser.
Upstream bug(s):
https://code… | May 5, 2026 | May 5, 2026 |
| | CVE-2026-7897 | Red Hat | high | 9.6 | 0.1%
| | An use after free flaw was found in the Mobile component of the Chromium browser.
Upstream bug(s):
h… | May 5, 2026 | May 5, 2026 |
| | CVE-2026-7931 | Red Hat | medium | 6.5 | 0.1%
| | An insufficient validation of untrusted input flaw was found in the iOS component of the Chromium br… | May 5, 2026 | May 5, 2026 |
| | CVE-2026-7957 | Red Hat | medium | 6.5 | 0.1%
| | An out of bounds write flaw was found in the Media component of the Chromium browser.
Upstream bug(s… | May 5, 2026 | May 5, 2026 |
| | CVE-2026-6321 | Red Hat | high | 7.5 | 0.0%
| ✓ Fix | A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by providing a spec… | May 4, 2026 | May 4, 2026 |
| | CVE-2026-42154 | Red Hat | high | 7.5 | 0.0%
| | A flaw was found in Prometheus. An unauthenticated attacker can exploit the remote read endpoint (`/… | May 4, 2026 | May 4, 2026 |
| | CVE-2026-42151 | Red Hat | high | 7.5 | 0.0%
| | A flaw was found in Prometheus, an open-source monitoring system. The `client_secret` field within t… | May 4, 2026 | May 4, 2026 |
| | CVE-2026-43964 | Red Hat | high | 7.5 | 0.1%
| | A flaw was found in Postfix. This issue occurs when processing enhanced status codes, specifically a… | May 4, 2026 | May 4, 2026 |
| | CVE-2026-29004 | Red Hat | high | 8.8 | 0.0%
| | A flaw was found in BusyBox. A heap buffer overflow vulnerability exists in the Dynamic Host Configu… | May 4, 2026 | May 4, 2026 |
| | CVE-2026-42812 | Apache | critical | 9.9 | 0.1%
| | In Apache Iceberg, the table's metadata files are control files: they tell readers
which data files … | May 4, 2026 | May 12, 2026 |
| | CVE-2026-42811 | Apache | critical | 9.9 | 0.1%
| | In plain terms, Apache Polaris is supposed to issue short-lived GCS credentials
that
only work for o… | May 4, 2026 | May 12, 2026 |
| | CVE-2026-42810 | Apache | critical | 9.9 | 0.1%
| | Apache Polaris accepts literal `*` characters in namespace and table names. When it
later builds tem… | May 4, 2026 | May 12, 2026 |
| | CVE-2026-42809 | Apache | critical | 9.9 | 0.1%
| | Apache Polaris can issue broad temporary ("vended") storage credentials during
staged
table creation… | May 4, 2026 | May 12, 2026 |
| | CVE-2026-42440 | Apache | high | 7.5 | 0.6%
| | OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReader
Version… | May 4, 2026 | Jul 3, 2026 |
| | CVE-2026-42027 | Apache | critical | 9.8 | 0.7%
| | Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader
Versions Aff… | May 4, 2026 | Jun 30, 2026 |
| | CVE-2026-40682 | Apache | critical | 9.1 | 0.4%
| | XML External Entity (XXE) via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersis… | May 4, 2026 | Jun 30, 2026 |
| | CVE-2026-26956 | Red Hat | high | 9.8 | 0.1%
| | A flaw was found in vm2, an open-source sandbox for Node.js. An attacker can exploit this vulnerabil… | May 4, 2026 | May 4, 2026 |
| | CVE-2026-26332 | Red Hat | high | 9.1 | 0.1%
| | A flaw was found in vm2, an open-source sandbox for Node.js. This vulnerability allows a remote atta… | May 4, 2026 | May 4, 2026 |
| | CVE-2026-24781 | Red Hat | high | 8.1 | 0.2%
| | A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. This vulnerability… | May 4, 2026 | May 4, 2026 |
| | CVE-2026-24120 | Red Hat | high | 9.1 | 0.1%
| | A flaw was found in vm2, an open-source sandbox for Node.js. This vulnerability allows a remote atta… | May 4, 2026 | May 4, 2026 |
| | CVE-2026-24118 | Red Hat | high | 9.1 | 0.2%
| | A flaw was found in vm2, an open-source sandbox for Node.js. This sandbox breakout vulnerability all… | May 4, 2026 | May 4, 2026 |
| | CVE-2026-40563 | Apache | high | 8.1 | 0.1%
| | Description:
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Atlas… | May 4, 2026 | May 6, 2026 |
| | CVE-2026-29169 | Red Hat | low | 7.5 | 0.6%
| ✓ Fix | A flaw was found in the mod_dav_lock module of httpd. This vulnerability allows a remote unauthentic… | May 4, 2026 | May 4, 2026 |
| | CVE-2026-23918 | Apache | medium | — | 42.8%
| | Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol.
This iss… | May 4, 2026 | Jun 30, 2026 |
| | CVE-2026-33006 | Red Hat | medium | 4.8 | 0.2%
| ✓ Fix | A flaw was found in the mod_auth_digest module of httpd. A remote unauthenticated attacker can bypas… | May 4, 2026 | May 4, 2026 |
| | CVE-2026-33007 | Red Hat | medium | 5.3 | 0.6%
| ✓ Fix | A flaw was found in the mod_authn_socache module of httpd. This vulnerability allows an unauthentica… | May 4, 2026 | May 4, 2026 |
| | CVE-2026-33523 | Red Hat | medium | 6.5 | 0.3%
| ✓ Fix | A flaw was found in httpd. When processing responses from an untrusted or compromised backend server… | May 4, 2026 | May 4, 2026 |
| | CVE-2026-6266 | Red Hat | high | 8.3 | — | ✓ Fix | A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatical… | May 4, 2026 | May 4, 2026 |
| | CVE-2026-33857 | Red Hat | medium | 7.5 | 0.2%
| ✓ Fix | A flaw was found in the mod_proxy_ajp module of httpd. When processing AJP (Apache JServ Protocol) m… | May 4, 2026 | May 4, 2026 |
| | CVE-2026-34032 | Red Hat | medium | 8.2 | 0.2%
| ✓ Fix | A flaw was found in the mod_proxy_ajp module of httpd. When processing AJP (Apache JServ Protocol) m… | May 4, 2026 | May 4, 2026 |
| | CVE-2026-34059 | Red Hat | medium | 8.2 | 0.1%
| ✓ Fix | A flaw was found in the mod_proxy_ajp module of httpd. When processing AJP (Apache JServ Protocol) m… | May 4, 2026 | May 4, 2026 |
| | CVE-2026-7482 | Red Hat | critical | 9.1 | 0.0%
| | A flaw was found in Ollama. A remote attacker can exploit a heap out-of-bounds read vulnerability in… | May 4, 2026 | May 4, 2026 |
| | CVE-2026-24072 | Red Hat | medium | 5.5 | 0.0%
| ✓ Fix | A flaw was found in Apache HTTP Server. This escalation of privilege vulnerability allows local atta… | May 4, 2026 | May 4, 2026 |
| | CVE-2026-33846 | Red Hat | high | 7.5 | 0.1%
| | A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTL… | May 4, 2026 | May 4, 2026 |
| | CVE-2026-43864 | Red Hat | medium | 4.7 | 0.0%
| | A flaw was found in mutt. This vulnerability, a null pointer dereference in the `show_sig_summary` f… | May 4, 2026 | May 4, 2026 |
| | CVE-2026-43863 | Red Hat | low | 3.7 | 0.0%
| | A flaw was found in mutt, an email client. A remote attacker could exploit this vulnerability by sen… | May 4, 2026 | May 4, 2026 |
| | CVE-2026-43862 | Red Hat | low | 3.7 | 0.0%
| | A flaw was found in mutt, an email client. The `imap_auth_gss` security level, which is used for sec… | May 4, 2026 | May 4, 2026 |
| | CVE-2026-43861 | Red Hat | low | 3.7 | 0.0%
| | A flaw was found in mutt, an email client. The `url_pct_decode` function, which is responsible for d… | May 4, 2026 | May 4, 2026 |
| | CVE-2026-7737 | Red Hat | high | 7.5 | 0.0%
| | A flaw was found in osrg GoBGP. A remote attacker can exploit an out-of-bounds read vulnerability wi… | May 4, 2026 | May 4, 2026 |
| | CVE-2026-43860 | Red Hat | low | 3.7 | 0.0%
| | A flaw was found in mutt. During the IMAP CRAM-MD5 (Challenge-Response Authentication Mechanism - Me… | May 4, 2026 | May 4, 2026 |
| | CVE-2026-43859 | Red Hat | low | 3.7 | 0.0%
| | A flaw was found in mutt, an email client, where it mishandles cryptographic digests used for IMAP (… | May 4, 2026 | May 4, 2026 |
| | CVE-2026-7736 | Red Hat | high | 7.5 | 0.0%
| | A flaw was found in osrg GoBGP. A remote attacker can exploit this vulnerability by executing a mani… | May 4, 2026 | May 4, 2026 |
| | CVE-2025-70072 | Red Hat | medium | 6.5 | — | | A flaw was found in Assimp. A remote attacker can exploit this vulnerability by manipulating the FBX… | May 4, 2026 | May 4, 2026 |
| | CVE-2025-70070 | Red Hat | medium | 6.5 | — | | A flaw was found in Assimp. A remote attacker can exploit this vulnerability by manipulating the FBX… | May 4, 2026 | May 4, 2026 |
| | CVE-2025-70069 | Red Hat | high | 7.5 | — | | A flaw was found in Assimp. A remote attacker can exploit this vulnerability by interacting with the… | May 4, 2026 | May 4, 2026 |
| | CVE-2025-70067 | Red Hat | medium | 5.6 | — | | A flaw was found in Assimp, an open-source asset import library, specifically within its FBX Importe… | May 4, 2026 | May 4, 2026 |
| | CVE-2025-70071 | Red Hat | high | 7.5 | — | | A flaw was found in Assimp. A remote attacker can exploit a vulnerability in the `FBXParser.cpp` fil… | May 4, 2026 | May 4, 2026 |
| | CVE-2026-39852 | Red Hat | high | 8.2 | 0.0%
| ✓ Fix | A flaw was found in io.quarkus:quarkus-vertx-http. A remote attacker can exploit an authorization by… | May 4, 2026 | May 4, 2026 |
| | CVE-2026-37458 | Red Hat | medium | 6.5 | 0.0%
| | A flaw was found in FRRouting (FRR). An authenticated remote attacker can exploit a missing input va… | May 4, 2026 | May 4, 2026 |