| | CVE-2026-30912 | Apache | high | 7.5 | 0.0%
| | In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/expose_stack_… | Apr 18, 2026 | Apr 21, 2026 |
| | CVE-2026-25917 | Apache | high | 7.2 | 0.1%
| | Dag Authors, who normally should not be able to execute code in the webserver context could craft XC… | Apr 18, 2026 | Apr 22, 2026 |
| | CVE-2026-41254 | Red Hat | medium | 6.1 | 0.0%
| | Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow… | Apr 18, 2026 | Apr 18, 2026 |
| | CVE-2026-30898 | Apache | medium | — | 0.1%
| | An example of BashOperator in Airflow documentation suggested a way of passing dag_run.conf in the w… | Apr 18, 2026 | Apr 22, 2026 |
| | CVE-2026-40490 | Red Hat | medium | 6.8 | 0.1%
| | The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and async… | Apr 18, 2026 | Apr 18, 2026 |
| | CVE-2026-40347 | Red Hat | medium | 5.9 | 0.0%
| | Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial … | Apr 17, 2026 | Apr 17, 2026 |
| | CVE-2026-40341 | Red Hat | medium | 4.6 | 0.0%
| | libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, an out of… | Apr 17, 2026 | Apr 17, 2026 |
| | CVE-2026-40340 | Red Hat | medium | 6.1 | 0.0%
| | libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-o… | Apr 17, 2026 | Apr 17, 2026 |
| | CVE-2026-40339 | Red Hat | medium | 5.0 | 0.0%
| | libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-o… | Apr 17, 2026 | Apr 17, 2026 |
| | CVE-2026-40338 | Red Hat | medium | 6.1 | 0.0%
| | libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-o… | Apr 17, 2026 | Apr 17, 2026 |
| | CVE-2026-40336 | Red Hat | medium | 4.3 | 0.0%
| | libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have a memory… | Apr 17, 2026 | Apr 17, 2026 |
| | CVE-2026-40335 | Red Hat | medium | 5.2 | 0.0%
| | libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-o… | Apr 17, 2026 | Apr 17, 2026 |
| | CVE-2026-40334 | Red Hat | low | 3.5 | 0.0%
| | libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing… | Apr 17, 2026 | Apr 17, 2026 |
| | CVE-2026-40333 | Red Hat | medium | 6.1 | 0.0%
| | libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, two funct… | Apr 17, 2026 | Apr 17, 2026 |
| | CVE-2026-40478 | Red Hat | high | 8.5 | 0.1%
| | Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.… | Apr 17, 2026 | Apr 17, 2026 |
| | CVE-2026-40477 | Red Hat | high | 8.5 | 0.1%
| | Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.… | Apr 17, 2026 | Apr 17, 2026 |
| | CVE-2026-40299 | Red Hat | low | 4.3 | 0.1%
| | next-intl provides internationalization for Next.js. Applications using the `next-intl` middleware p… | Apr 17, 2026 | Apr 17, 2026 |
| | CVE-2026-40293 | Red Hat | high | 7.5 | 0.1%
| | A flaw was found in OpenFGA, an authorization/permission engine. When OpenFGA is configured to use p… | Apr 17, 2026 | Apr 17, 2026 |
| | CVE-2026-32105 | Red Hat | medium | 5.9 | 0.0%
| | A flaw was found in xrdp, an open-source Remote Desktop Protocol (RDP) server. When using the "Class… | Apr 17, 2026 | Apr 17, 2026 |
| | CVE-2026-32107 | Red Hat | high | 7.0 | 0.0%
| | A flaw was found in xrdp, an open source Remote Desktop Protocol (RDP) server. The session execution… | Apr 17, 2026 | Apr 17, 2026 |
| | CVE-2026-6437 | Red Hat | medium | 6.5 | 0.0%
| | A flaw was found in the AWS EFS CSI Driver. Remote authenticated users with PersistentVolume creatio… | Apr 17, 2026 | Apr 17, 2026 |
| | CVE-2026-6507 | Red Hat | medium | 7.5 | 0.1%
| | A flaw was found in dnsmasq. A remote attacker could exploit an out-of-bounds write vulnerability by… | Apr 17, 2026 | Apr 17, 2026 |
| | CVE-2026-5807 | Red Hat | high | 7.5 | 0.0%
| | A flaw was found in Vault. An unauthenticated attacker can repeatedly initiate or cancel root token … | Apr 17, 2026 | Apr 17, 2026 |
| | CVE-2026-4525 | Red Hat | high | 7.5 | 0.0%
| | A flaw was found in Vault. When a Vault authentication mount is configured to pass through the "Auth… | Apr 17, 2026 | Apr 17, 2026 |
| | CVE-2026-5052 | Red Hat | medium | 5.8 | 0.0%
| | A flaw was found in Vault’s PKI engine. The ACME (Automated Certificate Management Environment) vali… | Apr 17, 2026 | Apr 17, 2026 |
| | CVE-2026-3605 | Red Hat | high | 8.1 | 0.0%
| | A flaw was found in Vault. An authenticated user with access to a kvv2 path through a policy contain… | Apr 17, 2026 | Apr 17, 2026 |
| | CVE-2026-6494 | Red Hat | medium | 5.3 | 0.0%
| | A flaw was found in the AAP MCP server. An unauthenticated remote attacker can exploit a log injecti… | Apr 17, 2026 | Apr 17, 2026 |
| | CVE-2026-40253 | Red Hat | medium | 6.8 | 0.0%
| | A flaw was found in openCryptoki, a PKCS#11 (Cryptographic Token Interface Standard) library. The BE… | Apr 16, 2026 | Apr 16, 2026 |
| | CVE-2026-40170 | Red Hat | high | 7.5 | 0.0%
| ✓ Fix | ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_par… | Apr 16, 2026 | Apr 16, 2026 |
| | CVE-2025-54502 | Red Hat | high | 7.5 | 0.0%
| | A flaw was found in the AMD Platform Configuration Blob (APCB) SMM driver. A privileged attacker wit… | Apr 16, 2026 | Apr 16, 2026 |
| | CVE-2025-54510 | Red Hat | medium | 6.0 | 0.0%
| | A missing lock verification in AMD Secure Processor (ASP) firmware may permit a locally authenticate… | Apr 16, 2026 | Apr 16, 2026 |
| | CVE-2026-41082 | Red Hat | high | 7.1 | 0.0%
| | In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach … | Apr 16, 2026 | Apr 16, 2026 |
| | CVE-2026-27820 | Red Hat | medium | 5.6 | — | | A flaw was found in zlib, a Ruby interface for the zlib compression/decompression library. The Zlib:… | Apr 16, 2026 | Apr 16, 2026 |
| | CVE-2026-41080 | Red Hat | low | 3.7 | — | | A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing a spec… | Apr 16, 2026 | Apr 16, 2026 |
| | CVE-2026-31987 | Apache | high | 7.5 | 0.0%
| | JWT Tokens used by tasks were exposed in logs. This could allow UI users to act as Dag Authors.
Use… | Apr 16, 2026 | Apr 20, 2026 |
| | CVE-2026-6410 | Red Hat | medium | 5.3 | — | | A flaw was found in @fastify/static. When directory listing is enabled, a remote unauthenticated att… | Apr 16, 2026 | Apr 16, 2026 |
| | CVE-2026-6414 | Red Hat | medium | 5.9 | — | | A flaw was found in @fastify/static. A remote attacker can exploit this vulnerability by sending spe… | Apr 16, 2026 | Apr 16, 2026 |
| | CVE-2026-41035 | Red Hat | high | 7.4 | 0.0%
| ✓ Fix | In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call,… | Apr 16, 2026 | Apr 16, 2026 |
| | CVE-2026-40962 | Red Hat | medium | 4.8 | 0.0%
| | A flaw was found in FFmpeg. This vulnerability, stemming from an integer overflow and a subsequent o… | Apr 16, 2026 | Apr 16, 2026 |
| | CVE-2026-30656 | Red Hat | medium | 5.5 | — | | A flaw was found in fio (Flexible I/O Tester). A local user could exploit this vulnerability by prov… | Apr 16, 2026 | Apr 16, 2026 |
| | CVE-2026-6732 | Red Hat | medium | 6.5 | 0.1%
| ✓ Fix | A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafte… | Apr 16, 2026 | Apr 16, 2026 |
| | CVE-2026-40192 | Red Hat | high | 7.5 | 0.0%
| ✓ Fix | A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-39350 | Red Hat | medium | 5.4 | 0.0%
| | A flaw was found in Istio, an open platform designed to connect, manage, and secure microservices. T… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-40261 | Red Hat | high | 8.8 | 0.1%
| ✓ Fix | A flaw was found in Composer. `Perforce::syncCodeBase()` appends the `$sourceReference` parameter to… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-40176 | Red Hat | high | 7.8 | 0.0%
| ✓ Fix | A flaw was found in Composer. `Perforce::generateP4Command()` constructs shell commands by interpola… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-6388 | Red Hat | high | 9.1 | — | | A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-21726 | Grafana | medium | 5.3 | 0.4%
| | The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single… | Apr 15, 2026 | Jun 17, 2026 |
| | CVE-2025-41118 | Grafana | critical | 9.1 | 0.4%
| | Pyroscope is an open-source continuous profiling database. The database supports various storage bac… | Apr 15, 2026 | Jun 30, 2026 |
| | CVE-2026-6385 | Red Hat | medium | 6.5 | — | | A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specia… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-21727 | Grafana | low | 3.3 | 0.2%
| | ---
title: Cross-Tenant Legacy Correlation Disclosure and Deletion
draft: false
hero:
image: /stat… | Apr 15, 2026 | Jun 17, 2026 |