| | CVE-2025-61731 |  Red Hat | high | 8.6 | 0.0%
| ✓ Fix | Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file wit… | Jan 28, 2026 | Jan 28, 2026 |
| | CVE-2025-68119 | Red Hat | medium | 6.7 | 0.0%
| | Downloading and building modules with malicious version strings can cause local code execution. On s… | Jan 28, 2026 | Jan 28, 2026 |
| | CVE-2026-1530 | Red Hat | high | 8.1 | 0.0%
| | A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-th… | Jan 28, 2026 | Jan 28, 2026 |
| | CVE-2026-1531 | Red Hat | high | 8.1 | 0.0%
| | A flaw was found in foreman_kubevirt. When configuring the connection to OpenShift, the system disab… | Jan 28, 2026 | Jan 28, 2026 |
| | CVE-2026-0818 | Red Hat | medium | 6.1 | 0.0%
| | When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded … | Jan 28, 2026 | Jan 28, 2026 |
| | CVE-2026-24838 |  Microsoft | critical | 9.1 | 0.0%
| | DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft e… | Jan 28, 2026 | Feb 4, 2026 |
| | CVE-2026-24842 | Red Hat | high | 8.2 | 0.0%
| ✓ Fix | node-tar,a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security c… | Jan 28, 2026 | Jan 28, 2026 |
| | CVE-2026-24837 | Microsoft | high | 7.6 | 0.0%
| | DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft e… | Jan 28, 2026 | Feb 4, 2026 |
| | CVE-2026-24836 | Microsoft | high | 7.6 | 0.0%
| | DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft e… | Jan 28, 2026 | Feb 4, 2026 |
| | CVE-2026-24833 | Microsoft | high | 7.6 | 0.0%
| | DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft e… | Jan 28, 2026 | Feb 4, 2026 |
| | CVE-2026-24784 | Microsoft | medium | 6.8 | 0.0%
| | DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft e… | Jan 28, 2026 | Feb 4, 2026 |
| | CVE-2026-1539 | Red Hat | medium | 5.8 | 0.0%
| | A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be s… | Jan 28, 2026 | Jan 28, 2026 |
| | CVE-2026-1518 | Red Hat | low | 2.7 | 0.0%
| | A flaw was found in Keycloak’s CIBA feature where insufficient validation of client-configured backc… | Jan 28, 2026 | Jan 28, 2026 |
| | CVE-2026-1536 | Red Hat | medium | 5.8 | 0.1%
| | A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition heade… | Jan 28, 2026 | Jan 28, 2026 |
| | CVE-2026-23014 | Red Hat | low | 5.5 | 0.0%
| | In the Linux kernel, the following vulnerability has been resolved:
perf: Ensure swevent hrtimer is … | Jan 28, 2026 | Jan 28, 2026 |
| | CVE-2025-57283 | Red Hat | high | 7.8 | 0.1%
| | The Node.js package browserstack-local 1.5.8 contains a command injection vulnerability. This occurs… | Jan 28, 2026 | Jan 28, 2026 |
| | CVE-2025-61140 | Red Hat | high | 8.8 | 0.1%
| ✓ Fix | The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution. | Jan 28, 2026 | Jan 28, 2026 |
| | CVE-2026-24779 | Red Hat | high | 7.1 | 0.0%
| ✓ Fix | vLLM is an inference and serving engine for large language models (LLMs). Prior to version 0.14.1, a… | Jan 27, 2026 | Jan 27, 2026 |
| | CVE-2026-24765 | Red Hat | high | 7.8 | 0.1%
| | PHPUnit is a testing framework for PHP. A vulnerability has been discovered in versions prior to 12.… | Jan 27, 2026 | Jan 27, 2026 |
| | CVE-2026-24747 | Red Hat | high | 8.8 | 0.0%
| | PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerabili… | Jan 27, 2026 | Jan 27, 2026 |
| | CVE-2026-24858 |  Fortinet | critical | 9.8 | 6.2%
| ⚠ KEV | An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in… | Jan 27, 2026 | May 12, 2026 |
| | CVE-2026-24688 | Red Hat | medium | 5.3 | 0.0%
| | pypdf is a free and open-source pure-python PDF library. An attacker who uses an infinite loop vulne… | Jan 27, 2026 | Jan 27, 2026 |
| | CVE-2026-24883 | Red Hat | low | 3.7 | 0.0%
| | In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with… | Jan 27, 2026 | Jan 27, 2026 |
| | CVE-2026-24882 | Red Hat | high | 8.4 | 0.0%
| ✓ Fix | In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PK… | Jan 27, 2026 | Jan 27, 2026 |
| | CVE-2026-24881 | Red Hat | high | 8.1 | 0.2%
| | In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped s… | Jan 27, 2026 | Jan 27, 2026 |
| | CVE-2026-22263 | Red Hat | medium | 5.3 | 0.0%
| | Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3,… | Jan 27, 2026 | Jan 27, 2026 |
| | CVE-2026-22262 | Red Hat | medium | 5.9 | 0.1%
| | Suricata is a network IDS, IPS and NSM engine. While saving a dataset a stack buffer is used to prep… | Jan 27, 2026 | Jan 27, 2026 |
| | CVE-2026-23593 |  HPE | high | 7.5 | 0.0%
| | A vulnerability in the web-based management interface of HPE Aruba Networking Fabric Composer could … | Jan 27, 2026 | Feb 27, 2026 |
| | CVE-2026-23592 | HPE | high | 7.2 | 0.1%
| | Insecure file operations in HPE Aruba Networking Fabric Composer’s backup functionality could allo… | Jan 27, 2026 | Feb 27, 2026 |
| | CVE-2026-22261 | Red Hat | low | 3.7 | 0.1%
| | Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, various inefficie… | Jan 27, 2026 | Jan 27, 2026 |
| | CVE-2025-14911 | Red Hat | medium | 6.5 | 0.1%
| | User-controlled chunkSize metadata from MongoDB lacks appropriate validation allowing malformed Grid… | Jan 27, 2026 | Jan 27, 2026 |
| | CVE-2026-0648 |  Check Point | high | 7.8 | 0.0%
| | The vulnerability stems from an incorrect error-checking logic in the CreateCounter() function (in t… | Jan 27, 2026 | Jan 29, 2026 |
| | CVE-2025-15467 | Fortinet | high | 8.8 | 1.0%
| | Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with
maliciously crafted AEAD … | Jan 27, 2026 | Mar 19, 2026 |
| | CVE-2026-24869 | Red Hat | high | 7.5 | 0.0%
| | Use-after-free in the Layout: Scrolling and Overflow component. This vulnerability affects Firefox <… | Jan 27, 2026 | Jan 27, 2026 |
| | CVE-2026-24868 | Red Hat | medium | 6.1 | 0.0%
| | Mitigation bypass in the Privacy: Anti-Tracking component. This vulnerability affects Firefox < 147.… | Jan 27, 2026 | Jan 27, 2026 |
| | CVE-2025-13881 | Red Hat | low | 2.7 | 0.0%
| ✓ Fix | A flaw was found in Keycloak Admin API. This vulnerability allows an administrator with limited priv… | Jan 27, 2026 | Jan 27, 2026 |
| | CVE-2026-21721 |  Grafana | high | 8.1 | 0.0%
| | The dashboard permissions API does not verify the target dashboard scope and only checks the dashboa… | Jan 27, 2026 | Apr 24, 2026 |
| | CVE-2026-21720 | Grafana | high | 7.5 | 0.0%
| | Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the re… | Jan 27, 2026 | Apr 24, 2026 |
| | CVE-2026-24825 | Red Hat | medium | 5.3 | 0.1%
| | Missing Release of Memory after Effective Lifetime vulnerability in ydb-platform ydb (contrib/libs/y… | Jan 27, 2026 | Jan 27, 2026 |
| | CVE-2026-24686 | Red Hat | medium | 4.7 | 0.0%
| | go-tuf is a Go implementation of The Update Framework (TUF). go-tuf's TAP 4 Multirepo Client uses th… | Jan 27, 2026 | Jan 27, 2026 |
| | CVE-2026-24486 | Red Hat | high | 8.6 | 0.0%
| ✓ Fix | Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Travers… | Jan 27, 2026 | Jan 27, 2026 |
| | CVE-2026-24480 | Red Hat | high | 9.9 | 0.4%
| | QGIS is a free, open source, cross platform geographical information system (GIS) The repository con… | Jan 27, 2026 | Jan 27, 2026 |
| | CVE-2025-11187 | Red Hat | medium | 6.1 | 0.0%
| ✓ Fix | Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation
which can trigger a stack-b… | Jan 27, 2026 | Jan 27, 2026 |
| | CVE-2025-15468 | Red Hat | low | 5.9 | 0.1%
| ✓ Fix | Issue summary: If an application using the SSL_CIPHER_find() function in
a QUIC protocol client or s… | Jan 27, 2026 | Jan 27, 2026 |
| | CVE-2025-15469 | Red Hat | low | 5.5 | 0.0%
| ✓ Fix | Issue summary: The 'openssl dgst' command-line tool silently truncates input
data to 16MB when using… | Jan 27, 2026 | Jan 27, 2026 |
| | CVE-2025-66199 | Red Hat | low | 5.9 | 0.1%
| ✓ Fix | Issue summary: A TLS 1.3 connection using certificate compression can be
forced to allocate a large … | Jan 27, 2026 | Jan 27, 2026 |
| | CVE-2025-68160 | Red Hat | low | 4.7 | 0.0%
| ✓ Fix | Issue summary: Writing large, newline-free data into a BIO chain using the
line-buffering filter whe… | Jan 27, 2026 | Jan 27, 2026 |
| | CVE-2025-69418 | Red Hat | low | 4.0 | 0.0%
| ✓ Fix | Issue summary: When using the low-level OCB API directly with AES-NI or<br>other hardware-accelerate… | Jan 27, 2026 | Jan 27, 2026 |
| | CVE-2025-69419 | Red Hat | medium | 7.4 | 0.1%
| ✓ Fix | Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously
crafted PKCS#12 file with… | Jan 27, 2026 | Jan 27, 2026 |
| | CVE-2025-69421 | Red Hat | low | 6.5 | 0.1%
| ✓ Fix | Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer
dereference in the PKC… | Jan 27, 2026 | Jan 27, 2026 |