| | CVE-2026-6359 | Red Hat | high | 9.0 | — | | An use after free flaw was found in the Video component of the Chromium browser.
Upstream bug(s):
ht… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-6298 | Red Hat | high | 7.4 | — | | A heap buffer overflow flaw was found in the Skia component of the Chromium browser.
Upstream bug(s)… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-6307 | Red Hat | high | 8.8 | — | | A type confusion flaw was found in the Turbofan component of the Chromium browser.
Upstream bug(s):
… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-6362 | Red Hat | high | 9.6 | — | | An use after free flaw was found in the Codecs component of the Chromium browser.
Upstream bug(s):
h… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-6360 | Red Hat | high | 9.6 | — | | An use after free flaw was found in the FileSystem component of the Chromium browser.
Upstream bug(s… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-6319 | Red Hat | medium | 9.6 | — | | An use after free flaw was found in the Payments component of the Chromium browser.
Upstream bug(s):… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-6308 | Red Hat | high | 9.6 | 0.0%
| | Out of bounds read in Media in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who c… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-6299 | Red Hat | high | 9.6 | 0.1%
| | Use after free in Prerender in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to ex… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-6311 | Red Hat | high | 9.0 | 0.0%
| | Uninitialized Use in Accessibility in Google Chrome on Windows prior to 147.0.7727.101 allowed a rem… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-6313 | Red Hat | high | 6.8 | 0.0%
| | Insufficient policy enforcement in CORS in Google Chrome prior to 147.0.7727.101 allowed a remote at… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-6309 | Red Hat | high | 9.0 | 0.0%
| | Use after free in Viz in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had com… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-6364 | Red Hat | medium | 4.3 | 0.0%
| | Out of bounds read in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obt… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-6316 | Red Hat | high | 9.6 | 0.1%
| | Use after free in Forms in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execut… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-6314 | Red Hat | high | 8.0 | 0.0%
| | Out of bounds write in GPU in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who ha… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-6310 | Red Hat | high | 9.0 | 0.0%
| | Use after free in Dawn in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had co… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-6317 | Red Hat | high | 8.8 | 0.1%
| | Use after free in Cast in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-6363 | Red Hat | medium | 8.8 | 0.0%
| | Type Confusion in V8 in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potential… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-6303 | Red Hat | high | 9.6 | 0.1%
| | Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execu… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-6304 | Red Hat | high | 9.0 | 0.0%
| | Use after free in Graphite in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who ha… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-6361 | Red Hat | high | 8.8 | 0.0%
| | Heap buffer overflow in PDFium in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote … | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-6312 | Red Hat | high | 6.8 | 0.0%
| | Insufficient policy enforcement in Passwords in Google Chrome prior to 147.0.7727.101 allowed a remo… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-6315 | Red Hat | high | 9.6 | 0.0%
| | Use after free in Permissions in Google Chrome on Android prior to 147.0.7727.101 allowed a remote a… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-6859 | Red Hat | high | 8.8 | 0.1%
| | A flaw was found in InstructLab. The `linux_train.py` script hardcodes `trust_remote_code=True` when… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-6855 | Red Hat | medium | 7.1 | 0.0%
| | A flaw was found in InstructLab. A local attacker could exploit a path traversal vulnerability in th… | Apr 15, 2026 | Apr 15, 2026 |
| | CVE-2026-40091 | Red Hat | medium | 4.4 | 0.0%
| | A flaw was found in SpiceDB. When SpiceDB starts with log level `info`, the startup configuration lo… | Apr 14, 2026 | Apr 14, 2026 |
| | CVE-2026-39984 | Red Hat | medium | 5.5 | 0.0%
| | Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Versions 2.0.5 and below … | Apr 14, 2026 | Apr 14, 2026 |
| | CVE-2026-40688 | Fortinet | high | 7.2 | 0.6%
| | An out-of-bounds write vulnerability [CWE-787] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.… | Apr 14, 2026 | Apr 20, 2026 |
| | CVE-2026-33414 | Red Hat | high | 8.8 | 0.0%
| ✓ Fix | Podman is a tool for managing OCI containers and pods. Versions 4.8.0 through 5.8.1 contain a comman… | Apr 14, 2026 | Apr 14, 2026 |
| | CVE-2026-33023 | Red Hat | high | 7.8 | 0.0%
| | libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. In versions 1.8.7 and… | Apr 14, 2026 | Apr 14, 2026 |
| | CVE-2026-33021 | Red Hat | medium | 7.3 | 0.0%
| | libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and pr… | Apr 14, 2026 | Apr 14, 2026 |
| | CVE-2026-33020 | Red Hat | medium | 7.1 | 0.0%
| | A flaw was found in libsixel. An integer overflow vulnerability in the `sixel_frame_convert_to_rgb88… | Apr 14, 2026 | Apr 14, 2026 |
| | CVE-2026-33019 | Red Hat | medium | 7.1 | 0.0%
| | libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and pr… | Apr 14, 2026 | Apr 14, 2026 |
| | CVE-2026-33018 | Red Hat | medium | 7.0 | 0.0%
| | libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and pr… | Apr 14, 2026 | Apr 14, 2026 |
| | CVE-2026-40683 | Red Hat | medium | 7.7 | 0.0%
| | A flaw was found in OpenStack Keystone. When using the LDAP identity backend, the system incorrectly… | Apr 14, 2026 | Apr 14, 2026 |
| | CVE-2026-33822 | Microsoft | medium | 6.1 | 0.1%
| | Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information … | Apr 14, 2026 | Apr 29, 2026 |
| | CVE-2026-33120 | Microsoft | high | 8.8 | 0.1%
| | Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a net… | Apr 14, 2026 | May 6, 2026 |
| | CVE-2026-33115 | Microsoft | high | 8.4 | 0.1%
| | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | Apr 14, 2026 | Apr 29, 2026 |
| | CVE-2026-33114 | Microsoft | high | 8.4 | 0.1%
| | Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute co… | Apr 14, 2026 | Apr 29, 2026 |
| | CVE-2026-33103 | Microsoft | medium | 5.5 | 0.0%
| | Improper access control in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to dis… | Apr 14, 2026 | Apr 28, 2026 |
| | CVE-2026-33095 | Microsoft | high | 7.8 | 0.1%
| | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | Apr 14, 2026 | Apr 29, 2026 |
| | CVE-2026-32226 | Microsoft | medium | 5.9 | 0.1%
| | Concurrent execution using shared resource with improper synchronization ('race condition') in .NET … | Apr 14, 2026 | May 6, 2026 |
| | CVE-2026-32201 | Microsoft | medium | 6.5 | 8.2%
| ⚠ KEV | Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform … | Apr 14, 2026 | May 28, 2026 |
| | CVE-2026-32200 | Microsoft | high | 7.8 | 0.1%
| | Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locall… | Apr 14, 2026 | Apr 28, 2026 |
| | CVE-2026-32199 | Microsoft | high | 7.8 | 0.1%
| | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | Apr 14, 2026 | Apr 28, 2026 |
| | CVE-2026-32198 | Microsoft | high | 7.8 | 0.1%
| | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | Apr 14, 2026 | Apr 28, 2026 |
| | CVE-2026-32197 | Microsoft | high | 7.8 | 0.1%
| | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | Apr 14, 2026 | Apr 28, 2026 |
| | CVE-2026-32196 | Microsoft | medium | 6.1 | 0.0%
| | Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admi… | Apr 14, 2026 | Apr 28, 2026 |
| | CVE-2026-32192 | Microsoft | high | 7.8 | 0.5%
| | Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate pr… | Apr 14, 2026 | May 7, 2026 |
| | CVE-2026-32190 | Microsoft | high | 8.4 | 0.1%
| | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | Apr 14, 2026 | Apr 29, 2026 |
| | CVE-2026-32189 | Microsoft | high | 7.8 | 0.1%
| | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | Apr 14, 2026 | Apr 29, 2026 |