| | CVE-2026-27623 |  Red Hat | high | 7.5 | 0.1%
| | Valkey is a distributed key-value database. Starting in version 9.0.0 and prior to version 9.0.3, a … | Feb 23, 2026 | Feb 23, 2026 |
| | CVE-2026-21863 | Red Hat | high | 7.5 | 0.0%
| ✓ Fix | Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a mal… | Feb 23, 2026 | Feb 23, 2026 |
| | CVE-2025-67733 | Red Hat | high | 7.1 | 0.0%
| ✓ Fix | Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a mal… | Feb 23, 2026 | Feb 23, 2026 |
| | CVE-2026-2697 |  Tenable | medium | 6.3 | 0.1%
| | An Indirect Object Reference (IDOR) in Security Center allows an authenticated remote attacker to es… | Feb 23, 2026 | Apr 29, 2026 |
| | CVE-2026-25747 | Red Hat | high | 7.8 | 0.1%
| | Deserialization of Untrusted Data vulnerability in Apache Camel LevelDB component.
The Camel-LevelDB… | Feb 23, 2026 | Feb 23, 2026 |
| | CVE-2025-14905 | Red Hat | medium | 7.2 | 0.4%
| ✓ Fix | A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `sche… | Feb 23, 2026 | Feb 23, 2026 |
| | CVE-2025-61145 | Red Hat | medium | 5.0 | 0.0%
| | libtiff up to v4.7.1 was discovered to contain a double free via the component tools/tiffcrop.c. | Feb 23, 2026 | Feb 23, 2026 |
| | CVE-2025-61144 | Red Hat | medium | 5.0 | 0.0%
| | libtiff up to v4.7.1 was discovered to contain a stack overflow via the readSeparateStripsIntoBuffer… | Feb 23, 2026 | Feb 23, 2026 |
| | CVE-2025-61143 | Red Hat | medium | 5.5 | 0.0%
| | libtiff up to v4.7.1 was discovered to contain a NULL pointer dereference via the component libtiff/… | Feb 23, 2026 | Feb 23, 2026 |
| | CVE-2026-3062 | Red Hat | high | 8.8 | 0.0%
| | Out of bounds read and write in Tint in Google Chrome on Mac prior to 145.0.7632.116 allowed a remot… | Feb 23, 2026 | Feb 23, 2026 |
| | CVE-2026-3061 | Red Hat | high | 8.8 | 0.0%
| | Out of bounds read in Media in Google Chrome prior to 145.0.7632.116 allowed a remote attacker to pe… | Feb 23, 2026 | Feb 23, 2026 |
| | CVE-2026-3063 | Red Hat | high | 8.8 | 0.0%
| | Inappropriate implementation in DevTools in Google Chrome prior to 145.0.7632.116 allowed an attacke… | Feb 23, 2026 | Feb 23, 2026 |
| | CVE-2026-2913 | Red Hat | low | 2.5 | 0.0%
| | A vulnerability was determined in libvips up to 8.19.0. The affected element is the function vips_so… | Feb 22, 2026 | Feb 22, 2026 |
| | CVE-2026-2903 | Red Hat | low | 3.3 | 0.0%
| | A flaw has been found in skvadrik re2c up to 4.4. Impacted is the function check_and_merge_special_r… | Feb 22, 2026 | Feb 22, 2026 |
| | CVE-2026-27205 | Red Hat | medium | 4.3 | 0.0%
| | Flask is a web server gateway interface (WSGI) web application framework. In versions 3.1.2 and belo… | Feb 21, 2026 | Feb 21, 2026 |
| | CVE-2026-27134 | Red Hat | high | 8.1 | 0.0%
| | Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployme… | Feb 20, 2026 | Feb 20, 2026 |
| | CVE-2026-27133 | Red Hat | medium | 5.9 | 0.0%
| | Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployme… | Feb 20, 2026 | Feb 20, 2026 |
| | CVE-2026-27125 | Red Hat | medium | 5.6 | 0.1%
| | svelte performance oriented web framework. Prior to 5.51.5, in server-side rendering, attribute spre… | Feb 20, 2026 | Feb 20, 2026 |
| | CVE-2026-27122 | Red Hat | medium | 5.6 | 0.0%
| | svelte performance oriented web framework. Prior to 5.51.5, when using <svelte:element this={tag}> i… | Feb 20, 2026 | Feb 20, 2026 |
| | CVE-2026-27121 | Red Hat | medium | 5.6 | 0.0%
| | svelte performance oriented web framework. Versions of svelte prior to 5.51.5 are vulnerable to cros… | Feb 20, 2026 | Feb 20, 2026 |
| | CVE-2026-27119 | Red Hat | medium | 5.6 | 0.0%
| | svelte performance oriented web framework. From 5.39.3, <=5.51.4, in certain circumstances, the serv… | Feb 20, 2026 | Feb 20, 2026 |
| | CVE-2026-2048 | Red Hat | high | 7.8 | 0.1%
| ✓ Fix | GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability al… | Feb 20, 2026 | Feb 20, 2026 |
| | CVE-2026-2047 | Red Hat | high | 7.8 | 0.1%
| ✓ Fix | GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerab… | Feb 20, 2026 | Feb 20, 2026 |
| | CVE-2026-2045 | Red Hat | high | 7.3 | 0.1%
| ✓ Fix | GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability al… | Feb 20, 2026 | Feb 20, 2026 |
| | CVE-2026-2044 | Red Hat | high | 8.8 | 0.1%
| ✓ Fix | GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability a… | Feb 20, 2026 | Feb 20, 2026 |
| | CVE-2026-2492 | Red Hat | high | 7.8 | 0.0%
| | TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. T… | Feb 20, 2026 | Feb 20, 2026 |
| | CVE-2026-0797 | Red Hat | high | 8.8 | 0.1%
| ✓ Fix | GIMP ICO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerabi… | Feb 20, 2026 | Feb 20, 2026 |
| | CVE-2026-27026 | Red Hat | medium | 6.5 | 0.0%
| | pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this v… | Feb 20, 2026 | Feb 20, 2026 |
| | CVE-2026-27025 | Red Hat | medium | 6.5 | 0.0%
| | pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this v… | Feb 20, 2026 | Feb 20, 2026 |
| | CVE-2026-27024 | Red Hat | medium | 5.5 | 0.0%
| | pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this v… | Feb 20, 2026 | Feb 20, 2026 |
| | CVE-2026-25896 | Red Hat | high | 7.1 | 0.0%
| | fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object wi… | Feb 20, 2026 | Feb 20, 2026 |
| | CVE-2026-2472 | Red Hat | high | 8.1 | 0.2%
| | Stored Cross-Site Scripting (XSS) in the _genai/_evals_visualization component of Google Cloud Verte… | Feb 20, 2026 | Feb 20, 2026 |
| | CVE-2026-2818 | Red Hat | high | 7.1 | 0.1%
| | A zip-slip path traversal vulnerability in Spring Data Geode's import snapshot functionality allows … | Feb 20, 2026 | Feb 20, 2026 |
| | CVE-2026-21620 | Red Hat | medium | 4.2 | 0.0%
| | Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erla… | Feb 20, 2026 | Feb 20, 2026 |
| | CVE-2026-2739 | Red Hat | medium | 5.3 | 0.0%
| | This affects versions of the package bn.js before 5.2.3. Calling maskn(0) on any BN instance corrupt… | Feb 20, 2026 | Feb 20, 2026 |
| | CVE-2026-26996 | Red Hat | medium | 6.5 | 0.1%
| | minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objec… | Feb 20, 2026 | Feb 20, 2026 |
| | CVE-2026-26960 | Red Hat | medium | 7.1 | 0.0%
| | node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below,… | Feb 20, 2026 | Feb 20, 2026 |
| | CVE-2026-26967 | Red Hat | high | 8.4 | 0.0%
| | PJSIP is a free and open source multimedia communication library written in C. In versions 2.16 and … | Feb 20, 2026 | Feb 20, 2026 |
| | CVE-2026-3196 | Red Hat | medium | 5.5 | — | | An integer overflow vulnerability was found in the virtio-snd device via PCM_INFO requests from the … | Feb 20, 2026 | Feb 20, 2026 |
| | CVE-2026-3195 | Red Hat | high | 7.4 | — | | A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the `vir… | Feb 20, 2026 | Feb 20, 2026 |
| | CVE-2026-26963 | Red Hat | medium | 6.1 | 0.0%
| | Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions … | Feb 19, 2026 | Feb 19, 2026 |
| | CVE-2026-26958 | Red Hat | low | 3.7 | 0.1%
| | filippo.io/edwards25519 is a Go library implementing the edwards25519 elliptic curve with APIs for b… | Feb 19, 2026 | Feb 19, 2026 |
| | CVE-2026-24122 | Red Hat | low | 3.7 | 0.0%
| | Cosign provides code signing and transparency for containers and binaries. In versions 3.0.4 and bel… | Feb 19, 2026 | Feb 19, 2026 |
| | CVE-2026-21535 |  Microsoft | high | 8.2 | 0.1%
| | Improper access control in Microsoft Teams allows an unauthorized attacker to disclose information o… | Feb 19, 2026 | Mar 13, 2026 |
| | CVE-2026-26267 |  Check Point | high | 7.5 | 0.0%
| | soroban-sdk is a Rust SDK for Soroban contracts. Prior to versions 22.0.10, 23.5.2, and 25.1.1, the … | Feb 19, 2026 | Feb 20, 2026 |
| | CVE-2026-26318 | Red Hat | high | 8.8 | 0.1%
| | systeminformation is a System and OS information library for node.js. Versions prior to 5.31.0 are v… | Feb 19, 2026 | Feb 19, 2026 |
| | CVE-2026-26280 | Red Hat | high | 8.4 | 0.1%
| | systeminformation is a System and OS information library for node.js. In versions prior to 5.30.8, a… | Feb 19, 2026 | Feb 19, 2026 |
| | CVE-2026-26278 | Red Hat | high | 7.5 | 0.1%
| | fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object wi… | Feb 19, 2026 | Feb 19, 2026 |
| | CVE-2026-26057 |  Cisco | medium | 6.5 | 0.1%
| | Skill Scanner is a security scanner for AI Agent Skills that detects prompt injection, data exfiltra… | Feb 19, 2026 | Feb 26, 2026 |
| | CVE-2026-26200 | Red Hat | high | 7.8 | 0.0%
| | HDF5 is software for managing data. Prior to version 1.14.4-2, an attacker who can control an `h5` f… | Feb 19, 2026 | Feb 19, 2026 |