| | CVE-2026-2327 |  Red Hat | medium | 7.5 | 0.0%
| | Versions of the package markdown-it from 13.0.0 and before 14.1.1 are vulnerable to Regular Expressi… | Feb 12, 2026 | Feb 12, 2026 |
| | CVE-2026-2391 | Red Hat | medium | 5.3 | 0.0%
| | ### Summary
The `arrayLimit` option in qs does not enforce limits for comma-separated values when `c… | Feb 12, 2026 | Feb 12, 2026 |
| | CVE-2026-1669 | Red Hat | high | 6.5 | 0.0%
| | Arbitrary file read in the model loading mechanism (HDF5 integration) in Keras versions 3.0.0 throug… | Feb 11, 2026 | Feb 11, 2026 |
| | CVE-2026-26012 | Red Hat | medium | 6.5 | 0.0%
| | vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarde… | Feb 11, 2026 | Feb 11, 2026 |
| | CVE-2026-26019 | Red Hat | medium | 4.1 | 0.0%
| | LangChain is a framework for building LLM-powered applications. Prior to 1.1.14, the RecursiveUrlLoa… | Feb 11, 2026 | Feb 11, 2026 |
| | CVE-2026-26014 | Red Hat | medium | 5.9 | 0.1%
| | Pion DTLS is a Go implementation of Datagram Transport Layer Security. Pion DTLS versions v1.0.0 thr… | Feb 11, 2026 | Feb 11, 2026 |
| | CVE-2026-25990 | Red Hat | high | 7.3 | 0.0%
| ✓ Fix | Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be trigg… | Feb 11, 2026 | Feb 11, 2026 |
| | CVE-2020-37178 | Red Hat | high | 7.5 | 0.0%
| | KeePass Password Safe versions before 2.44 contain a denial of service vulnerability in the help sys… | Feb 11, 2026 | Feb 11, 2026 |
| | CVE-2025-12474 | Red Hat | low | 3.1 | 0.0%
| | A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized (but alloc… | Feb 11, 2026 | Feb 11, 2026 |
| | CVE-2026-1837 | Red Hat | high | 8.8 | 0.0%
| | A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated… | Feb 11, 2026 | Feb 11, 2026 |
| | CVE-2026-2366 | Red Hat | low | 3.1 | 0.0%
| | No description is available for this CVE. | Feb 11, 2026 | Feb 11, 2026 |
| | CVE-2026-2369 | Red Hat | medium | 6.5 | — | | No description is available for this CVE. | Feb 11, 2026 | Feb 11, 2026 |
| | CVE-2026-26079 | Red Hat | medium | 4.7 | 0.1%
| | Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS) injection,… | Feb 11, 2026 | Feb 11, 2026 |
| | CVE-2026-26157 | Red Hat | high | 7.0 | 0.0%
| | A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows… | Feb 11, 2026 | Feb 11, 2026 |
| | CVE-2026-26158 | Red Hat | high | 7.0 | 0.0%
| | A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the in… | Feb 11, 2026 | Feb 11, 2026 |
| | CVE-2025-69872 | Red Hat | high | 7.6 | 0.1%
| ✓ Fix | DiskCache (python-diskcache) through 5.6.3 uses Python pickle for serialization by default. An attac… | Feb 11, 2026 | Feb 11, 2026 |
| | CVE-2025-69873 | Red Hat | high | 7.5 | 0.1%
| | ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expression Denial of Serv… | Feb 11, 2026 | Feb 11, 2026 |
| | CVE-2026-2436 | Red Hat | medium | 6.5 | — | | No description is available for this CVE. | Feb 11, 2026 | Feb 11, 2026 |
| | CVE-2026-26013 | Red Hat | low | 3.7 | 0.0%
| | LangChain is a framework for building agents and LLM-powered applications. Prior to 1.2.11, the Chat… | Feb 10, 2026 | Feb 10, 2026 |
| | CVE-2026-26007 | Red Hat | high | 7.4 | 0.0%
| ✓ Fix | cryptography is a package designed to expose cryptographic primitives and recipes to Python develope… | Feb 10, 2026 | Feb 10, 2026 |
| | CVE-2026-25506 | Red Hat | high | 7.7 | 0.0%
| ✓ Fix | MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17,… | Feb 10, 2026 | Feb 10, 2026 |
| | CVE-2025-14821 | Red Hat | low | 7.8 | — | | A flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security down… | Feb 10, 2026 | Feb 10, 2026 |
| | CVE-2026-0965 | Red Hat | low | 3.3 | — | | No description is available for this CVE. | Feb 10, 2026 | Feb 10, 2026 |
| | CVE-2026-0966 | Red Hat | medium | 6.5 | — | | No description is available for this CVE. | Feb 10, 2026 | Feb 10, 2026 |
| | CVE-2026-0967 | Red Hat | low | 2.2 | — | | No description is available for this CVE. | Feb 10, 2026 | Feb 10, 2026 |
| | CVE-2026-0968 | Red Hat | low | 3.1 | — | | No description is available for this CVE. | Feb 10, 2026 | Feb 10, 2026 |
| | CVE-2026-0964 | Red Hat | medium | 5.0 | — | | No description is available for this CVE. | Feb 10, 2026 | Feb 10, 2026 |
| | CVE-2026-20841 |  Microsoft | high | 7.8 | 0.1%
| | Improper neutralization of special elements used in a command ('command injection') in Windows Notep… | Feb 10, 2026 | Mar 13, 2026 |
| | CVE-2026-20846 | Microsoft | high | 7.5 | 0.0%
| | Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network. | Feb 10, 2026 | Mar 13, 2026 |
| | CVE-2026-21222 | Microsoft | medium | 5.5 | 0.0%
| | Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to … | Feb 10, 2026 | Mar 13, 2026 |
| | CVE-2026-21228 | Microsoft | high | 8.1 | 0.1%
| | Improper certificate validation in Azure Local allows an unauthorized attacker to execute code over … | Feb 10, 2026 | Mar 13, 2026 |
| | CVE-2026-21231 | Microsoft | high | 7.8 | 0.0%
| | Concurrent execution using shared resource with improper synchronization ('race condition') in Windo… | Feb 10, 2026 | Mar 13, 2026 |
| | CVE-2026-21232 | Microsoft | high | 7.8 | 0.0%
| | Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privilege… | Feb 10, 2026 | Mar 13, 2026 |
| | CVE-2026-21237 | Microsoft | high | 7.0 | 0.0%
| | Concurrent execution using shared resource with improper synchronization ('race condition') in Windo… | Feb 10, 2026 | Mar 13, 2026 |
| | CVE-2026-21238 | Microsoft | high | 7.8 | 0.0%
| | Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attack… | Feb 10, 2026 | Mar 13, 2026 |
| | CVE-2026-21239 | Microsoft | high | 7.8 | 0.0%
| | Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges loc… | Feb 10, 2026 | Mar 13, 2026 |
| | CVE-2026-21241 | Microsoft | high | 7.0 | 0.0%
| | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to ele… | Feb 10, 2026 | Mar 13, 2026 |
| | CVE-2026-21240 | Microsoft | high | 7.8 | 0.0%
| | Time-of-check time-of-use (toctou) race condition in Windows HTTP.sys allows an authorized attacker … | Feb 10, 2026 | Mar 13, 2026 |
| | CVE-2026-21243 | Microsoft | high | 7.5 | 0.1%
| | Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an unauthori… | Feb 10, 2026 | Mar 13, 2026 |
| | CVE-2026-21244 | Microsoft | high | 7.3 | 0.0%
| | Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally. | Feb 10, 2026 | Mar 13, 2026 |
| | CVE-2026-21245 | Microsoft | high | 7.8 | 0.0%
| | Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges loc… | Feb 10, 2026 | Mar 13, 2026 |
| | CVE-2026-21249 | Microsoft | low | 3.3 | 0.0%
| | External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spo… | Feb 10, 2026 | Mar 13, 2026 |
| | CVE-2026-21250 | Microsoft | high | 7.8 | 0.0%
| | Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privilege… | Feb 10, 2026 | Mar 13, 2026 |
| | CVE-2026-21251 | Microsoft | high | 7.8 | 0.0%
| | Use after free in Windows Cluster Client Failover allows an authorized attacker to elevate privilege… | Feb 10, 2026 | Mar 13, 2026 |
| | CVE-2026-21253 | Microsoft | high | 7.0 | 0.0%
| | Use after free in Mailslot File System allows an authorized attacker to elevate privileges locally. | Feb 10, 2026 | Mar 13, 2026 |
| | CVE-2026-21255 | Microsoft | high | 8.8 | 0.0%
| | Improper access control in Windows Hyper-V allows an authorized attacker to bypass a security featur… | Feb 10, 2026 | Mar 13, 2026 |
| | CVE-2026-21256 | Microsoft | high | 8.8 | 0.0%
| | Improper neutralization of special elements used in a command ('command injection') in GitHub Copilo… | Feb 10, 2026 | Mar 13, 2026 |
| | CVE-2026-21257 | Microsoft | high | 8.0 | 0.0%
| | Improper neutralization of special elements used in a command ('command injection') in GitHub Copilo… | Feb 10, 2026 | Mar 13, 2026 |
| | CVE-2026-21261 | Microsoft | medium | 5.5 | 0.0%
| | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information… | Feb 10, 2026 | Mar 13, 2026 |
| | CVE-2026-21508 | Microsoft | high | 7.0 | 0.0%
| | Improper authentication in Windows Storage allows an authorized attacker to elevate privileges local… | Feb 10, 2026 | Mar 13, 2026 |