| | CVE-2026-31682 | Red Hat | medium | 5.5 | 0.1%
| | In the Linux kernel, the following vulnerability has been resolved:
bridge: br_nd_send: linearize sk… | Apr 25, 2026 | Apr 25, 2026 |
| | CVE-2026-31676 | Red Hat | medium | 5.5 | 0.1%
| | In the Linux kernel, the following vulnerability has been resolved:
rxrpc: only handle RESPONSE duri… | Apr 25, 2026 | Apr 25, 2026 |
| | CVE-2026-31683 | Red Hat | medium | — | 0.0%
| | In the Linux kernel, the following vulnerability has been resolved:
batman-adv: avoid OGM aggregatio… | Apr 25, 2026 | Apr 25, 2026 |
| | CVE-2026-31684 | Red Hat | medium | 7.1 | 0.0%
| ✓ Fix | In the Linux kernel, the following vulnerability has been resolved:
net: sched: act_csum: validate n… | Apr 25, 2026 | Apr 25, 2026 |
| | CVE-2026-31674 | Red Hat | medium | 5.5 | 0.0%
| | In the Linux kernel, the following vulnerability has been resolved:
netfilter: ip6t_rt: reject overs… | Apr 25, 2026 | Apr 25, 2026 |
| | CVE-2026-31685 | Red Hat | medium | 7.1 | 0.1%
| ✓ Fix | In the Linux kernel, the following vulnerability has been resolved:
netfilter: ip6t_eui64: reject in… | Apr 25, 2026 | Apr 25, 2026 |
| | CVE-2026-31675 | Red Hat | medium | 5.5 | 0.0%
| | In the Linux kernel, the following vulnerability has been resolved:
net/sched: sch_netem: fix out-of… | Apr 25, 2026 | Apr 25, 2026 |
| | CVE-2026-31678 | Red Hat | medium | 5.5 | 0.0%
| | In the Linux kernel, the following vulnerability has been resolved:
openvswitch: defer tunnel netdev… | Apr 25, 2026 | Apr 25, 2026 |
| | CVE-2026-31679 | Red Hat | medium | 5.5 | 0.0%
| | In the Linux kernel, the following vulnerability has been resolved:
openvswitch: validate MPLS set/s… | Apr 25, 2026 | Apr 25, 2026 |
| | CVE-2026-31677 | Red Hat | low | 5.5 | 0.0%
| ✓ Fix | In the Linux kernel, the following vulnerability has been resolved:
crypto: af_alg - limit RX SG ext… | Apr 25, 2026 | Apr 25, 2026 |
| | CVE-2026-31680 | Red Hat | medium | 5.5 | 0.0%
| | In the Linux kernel, the following vulnerability has been resolved:
net: ipv6: flowlabel: defer excl… | Apr 25, 2026 | Apr 25, 2026 |
| | CVE-2026-41488 | Red Hat | low | 3.4 | 0.0%
| | A flaw was found in langchain-openai. A remote attacker could exploit a Time-of-Check to Time-of-Use… | Apr 24, 2026 | Apr 24, 2026 |
| | CVE-2026-41481 | Red Hat | high | 6.5 | 0.0%
| | A flaw was found in LangChain and langchain-text-splitters. This vulnerability, a Server-Side Reques… | Apr 24, 2026 | Apr 24, 2026 |
| | CVE-2026-41425 | Red Hat | medium | 5.4 | 0.0%
| | A flaw was found in Authlib, a Python library for building OAuth and OpenID Connect servers. A remot… | Apr 24, 2026 | Apr 24, 2026 |
| | CVE-2026-41415 | Red Hat | high | 7.5 | 0.1%
| | A flaw was found in PJSIP, a multimedia communication library. A remote attacker could exploit this … | Apr 24, 2026 | Apr 24, 2026 |
| | CVE-2026-41907 | Red Hat | medium | 4.8 | 0.0%
| | A flaw was found in uuid. The library's versions v3, v5, and v6 do not adequately check the size of … | Apr 24, 2026 | Apr 24, 2026 |
| | CVE-2026-42042 | Red Hat | medium | 6.1 | 0.0%
| | A flaw was found in Axios, a promise-based HTTP client. A remote attacker can exploit this vulnerabi… | Apr 24, 2026 | Apr 24, 2026 |
| | CVE-2026-42039 | Red Hat | high | 7.5 | 0.1%
| ✓ Fix | A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability … | Apr 24, 2026 | Apr 24, 2026 |
| | CVE-2026-42036 | Red Hat | medium | 5.3 | 0.1%
| | A flaw was found in Axios. When 'responseType: 'stream'' is used, Axios returns the response stream … | Apr 24, 2026 | Apr 24, 2026 |
| | CVE-2026-42034 | Red Hat | medium | 5.3 | 0.1%
| | A flaw was found in Axios. A remote attacker can exploit this vulnerability by sending oversized str… | Apr 24, 2026 | Apr 24, 2026 |
| | CVE-2026-42037 | Red Hat | medium | 5.3 | 0.1%
| | A flaw was found in Axios, an HTTP client for Node.js. A remote attacker, by controlling the type pr… | Apr 24, 2026 | Apr 24, 2026 |
| | CVE-2026-42038 | Red Hat | medium | 6.8 | 0.1%
| | A flaw was found in Axios, a software library used for making web requests. This vulnerability allow… | Apr 24, 2026 | Apr 24, 2026 |
| | CVE-2026-42041 | Red Hat | high | 8.2 | 0.1%
| ✓ Fix | A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution "G… | Apr 24, 2026 | Apr 24, 2026 |
| | CVE-2026-42043 | Red Hat | high | 7.2 | 0.1%
| ✓ Fix | A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination … | Apr 24, 2026 | Apr 24, 2026 |
| | CVE-2026-42044 | Red Hat | high | 7.4 | 0.1%
| ✓ Fix | A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollu… | Apr 24, 2026 | Apr 24, 2026 |
| | CVE-2026-42035 | Red Hat | medium | 7.4 | 0.0%
| ✓ Fix | A flaw was found in Axios, a software library for making network requests. A remote attacker can exp… | Apr 24, 2026 | Apr 24, 2026 |
| | CVE-2026-42033 | Red Hat | high | 7.4 | 0.0%
| ✓ Fix | A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit … | Apr 24, 2026 | Apr 24, 2026 |
| | CVE-2026-41680 | Red Hat | medium | 7.5 | 0.1%
| | A flaw was found in marked, a markdown parser and compiler. An unauthenticated attacker can exploit … | Apr 24, 2026 | Apr 24, 2026 |
| | CVE-2026-41140 | Red Hat | high | 8.7 | 0.1%
| | A flaw was found in Poetry, a dependency manager for Python. This vulnerability allows a remote atta… | Apr 24, 2026 | Apr 24, 2026 |
| | CVE-2026-41079 | Red Hat | low | 4.3 | 0.0%
| | A flaw was found in CUPS. A network-adjacent attacker can send a specially crafted Simple Network Ma… | Apr 24, 2026 | Apr 24, 2026 |
| | CVE-2026-41411 | Red Hat | medium | 7.3 | 0.1%
| | Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerabilit… | Apr 24, 2026 | Apr 24, 2026 |
| | CVE-2026-40897 | Red Hat | high | 8.8 | 0.1%
| | A flaw was found in mathjs, an extensive math library for JavaScript and Node.js. This vulnerability… | Apr 24, 2026 | Apr 24, 2026 |
| | CVE-2026-41066 | Red Hat | medium | 5.9 | 0.0%
| | A flaw was found in lxml, a library for processing XML and HTML in Python. A remote attacker can exp… | Apr 24, 2026 | Apr 24, 2026 |
| | CVE-2026-40690 | Apache | medium | 4.3 | 0.1%
| | The asset dependency graph did not restrict nodes by the viewer's DAG read permissions: a user with … | Apr 24, 2026 | Apr 27, 2026 |
| | CVE-2026-38743 | Apache | medium | 4.3 | 0.0%
| | The authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-… | Apr 24, 2026 | Apr 27, 2026 |
| | CVE-2026-21515 | Microsoft | critical | 9.9 | 0.1%
| | Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized… | Apr 24, 2026 | Apr 28, 2026 |
| | CVE-2026-23902 | Apache | high | 8.1 | 0.0%
| | Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with sys… | Apr 24, 2026 | Apr 27, 2026 |
| | CVE-2026-41044 | Apache | high | 8.8 | 0.8%
| | Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability i… | Apr 24, 2026 | Jun 30, 2026 |
| | CVE-2025-62233 | Apache | medium | 6.3 | 0.0%
| | Deserialization of Untrusted Data vulnerability in Apache DolphinScheduler RPC module.
This issue a… | Apr 24, 2026 | Apr 27, 2026 |
| | CVE-2026-41043 | Red Hat | medium | 4.6 | 0.2%
| | A flaw was found in Apache ActiveMQ and Apache ActiveMQ Web. An authenticated attacker can exploit a… | Apr 24, 2026 | Apr 24, 2026 |
| | CVE-2026-40466 | Apache | medium | — | 4.0%
| | Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability i… | Apr 24, 2026 | Jun 30, 2026 |
| | CVE-2026-21728 | Grafana | high | 7.5 | 0.6%
| | Tempo queries with large limits can cause large memory allocations which can impact the availability… | Apr 24, 2026 | Jun 30, 2026 |
| | CVE-2026-41324 | Red Hat | medium | 5.9 | 0.0%
| | A flaw was found in basic-ftp, an FTP client for Node.js. A malicious or compromised remote FTP serv… | Apr 24, 2026 | Apr 24, 2026 |
| | CVE-2026-41316 | Red Hat | high | 8.1 | 0.1%
| | ERB is a templating system for Ruby. Ruby 2.7.0 (before ERB 2.2.0 was published on rubygems.org) int… | Apr 24, 2026 | Apr 24, 2026 |
| | CVE-2026-41305 | Red Hat | medium | 6.1 | 0.0%
| | A flaw was found in PostCSS. This vulnerability allows a remote attacker to perform Cross-Site Scrip… | Apr 24, 2026 | Apr 24, 2026 |
| | CVE-2026-40254 | Red Hat | medium | 6.1 | 0.0%
| | A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A rogue Remote De… | Apr 24, 2026 | Apr 24, 2026 |
| | CVE-2026-32952 | Red Hat | medium | 5.3 | 0.1%
| | A flaw was found in the `go-ntlmssp` package. A remote attacker could exploit this vulnerability by … | Apr 24, 2026 | Apr 24, 2026 |
| | CVE-2026-31584 | Red Hat | medium | — | 0.0%
| | A flaw was found in the MediaTek vcodec driver within the Linux kernel. This use-after-free vulnerab… | Apr 24, 2026 | Apr 24, 2026 |
| | CVE-2026-31650 | Red Hat | medium | — | 0.0%
| | A flaw was found in the `vub300` driver within the Linux kernel. This vulnerability is a memory mana… | Apr 24, 2026 | Apr 24, 2026 |
| | CVE-2026-31572 | Red Hat | medium | 7.0 | 0.0%
| | A flaw was found in the Linux kernel's `i2c: designware: amdisp` component. A race condition exists … | Apr 24, 2026 | Apr 24, 2026 |