| | CVE-2026-4150 | Red Hat | high | 7.8 | 0.0%
| ✓ Fix | GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allow… | Apr 11, 2026 | Apr 11, 2026 |
| | CVE-2026-33118 | Microsoft | medium | 4.3 | 0.6%
| | User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) all… | Apr 10, 2026 | Jun 19, 2026 |
| | CVE-2026-33119 | Microsoft | medium | 5.4 | 0.0%
| | User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) all… | Apr 10, 2026 | Apr 24, 2026 |
| | CVE-2026-40175 | Red Hat | high | 9.0 | 0.1%
| ✓ Fix | Axios is a promise based HTTP client for the browser and Node.js. Versions prior to 1.15.0 and 0.3.1… | Apr 10, 2026 | Apr 10, 2026 |
| | CVE-2026-3446 | Red Hat | medium | 5.3 | 0.0%
| ✓ Fix | When calling base64.b64decode() or related functions the decoding process would stop after encounter… | Apr 10, 2026 | Apr 10, 2026 |
| | CVE-2026-1502 | Red Hat | medium | 4.5 | 0.0%
| ✓ Fix | CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host. | Apr 10, 2026 | Apr 10, 2026 |
| | CVE-2026-5483 | Red Hat | high | 8.5 | 0.1%
| ✓ Fix | A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in the `odh-dashboard`… | Apr 10, 2026 | Apr 10, 2026 |
| | CVE-2026-40021 | Apache | medium | 5.3 | 0.2%
| | Apache Log4net's XmlLayout https://logging.apache.org/log4net/manual/configuration/layouts.html#lay… | Apr 10, 2026 | Apr 22, 2026 |
| | CVE-2026-40228 | Red Hat | low | 2.9 | 0.0%
| ✓ Fix | In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users … | Apr 10, 2026 | Apr 10, 2026 |
| | CVE-2026-40023 | Red Hat | medium | 5.3 | 0.3%
| | A flaw was found in Apache Log4cxx. An attacker who can influence logged data can exploit this by in… | Apr 10, 2026 | Apr 10, 2026 |
| | CVE-2026-34481 | Red Hat | medium | 6.5 | 0.1%
| | A flaw was found in Apache Log4j's JsonTemplateLayout. This vulnerability allows a remote attacker t… | Apr 10, 2026 | Apr 10, 2026 |
| | CVE-2026-34480 | Red Hat | medium | 5.3 | 0.0%
| | A flaw was found in Apache Log4j Core. The XmlLayout component, responsible for formatting log messa… | Apr 10, 2026 | Apr 10, 2026 |
| | CVE-2026-34479 | Red Hat | medium | 5.3 | 0.1%
| | A flaw was found in the Apache Log4j 1-to-Log4j 2 bridge. The Log4j1XmlLayout component fails to pro… | Apr 10, 2026 | Apr 10, 2026 |
| | CVE-2026-34478 | Red Hat | medium | 5.8 | 0.0%
| | A flaw was found in Apache Log4j Core. This vulnerability allows for log injection through the use o… | Apr 10, 2026 | Apr 10, 2026 |
| | CVE-2026-34477 | Red Hat | medium | 6.8 | 0.0%
| | A flaw was found in Apache Log4j Core. A network-based attacker can perform a man-in-the-middle (MIT… | Apr 10, 2026 | Apr 10, 2026 |
| | CVE-2026-29043 | Red Hat | medium | 5.5 | 0.0%
| | HDF5 is software for managing data. In 1.14.1-2 and earlier, an attacker who can control an h5 file … | Apr 10, 2026 | Apr 10, 2026 |
| | CVE-2026-40227 | Red Hat | medium | 6.2 | 0.0%
| | A flaw was found in systemd. A local unprivileged user can exploit this vulnerability by making an I… | Apr 10, 2026 | Apr 10, 2026 |
| | CVE-2026-40226 | Red Hat | medium | 6.4 | 0.0%
| ✓ Fix | In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted op… | Apr 10, 2026 | Apr 10, 2026 |
| | CVE-2026-40225 | Red Hat | medium | 6.4 | 0.0%
| ✓ Fix | In udev in systemd before 260, local root execution can occur via malicious hardware devices and uns… | Apr 10, 2026 | Apr 10, 2026 |
| | CVE-2026-40224 | Red Hat | medium | 6.7 | 0.0%
| ✓ Fix | A flaw was found in systemd-machined, a component of systemd. A local attacker can exploit a vulnera… | Apr 10, 2026 | Apr 10, 2026 |
| | CVE-2026-40223 | Red Hat | medium | 4.7 | 0.0%
| ✓ Fix | In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and U… | Apr 10, 2026 | Apr 10, 2026 |
| | CVE-2026-40217 | Red Hat | high | 8.8 | 0.1%
| | LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting … | Apr 10, 2026 | Apr 10, 2026 |
| | CVE-2026-6068 | Red Hat | medium | 6.8 | 0.0%
| | NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling … | Apr 10, 2026 | Apr 10, 2026 |
| | CVE-2026-39304 | Apache | medium | — | 0.7%
| | Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker,… | Apr 10, 2026 | Jun 30, 2026 |
| | CVE-2026-6042 | Red Hat | medium | 5.5 | 0.0%
| | A flaw was found in musl libc, specifically within the `iconv` function of the GB18030 4-byte Decode… | Apr 10, 2026 | Apr 10, 2026 |
| | CVE-2026-22750 | VMware | high | 7.5 | 0.1%
| | When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.… | Apr 10, 2026 | Jun 5, 2026 |
| | CVE-2026-31412 | Red Hat | medium | — | 0.0%
| | A flaw was found in the Linux kernel's USB mass storage gadget module (`usb-gadget-f_mass_storage`).… | Apr 10, 2026 | Apr 10, 2026 |
| | CVE-2026-40200 | Red Hat | high | 7.8 | 0.0%
| | An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur d… | Apr 10, 2026 | Apr 10, 2026 |
| | CVE-2026-6848 | Red Hat | medium | 5.4 | 0.0%
| | A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive … | Apr 10, 2026 | Apr 10, 2026 |
| | CVE-2026-35206 | Red Hat | medium | 4.4 | 0.0%
| | Helm is a package manager for Charts for Kubernetes. In Helm versions <=3.20.1 and <=4.1.3, a specia… | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-34486 | Apache | high | 7.5 | 15.8%
| | Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-2914… | Apr 9, 2026 | Jul 9, 2026 |
| | CVE-2026-29146 | Apache | high | 7.5 | 3.5%
| | Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration.
This… | Apr 9, 2026 | Jul 9, 2026 |
| | CVE-2026-5447 | Red Hat | medium | 5.3 | — | | A flaw was found in wolfSSL. A heap buffer overflow, a type of memory corruption vulnerability, occu… | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-34500 | Red Hat | medium | 5.9 | 0.2%
| ✓ Fix | A flaw was found in Apache Tomcat where OCSP-based certificate validation may incorrectly soft-fail … | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-34487 | Red Hat | low | 6.5 | 0.1%
| ✓ Fix | A flaw was found in Apache Tomcat. The cloud membership for clustering component was vulnerable to t… | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-40087 | Red Hat | medium | 5.3 | 0.1%
| | LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.2… | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-34483 | Red Hat | low | 5.4 | 0.1%
| ✓ Fix | Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache … | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-5194 | Red Hat | critical | 10.0 | — | | A flaw was found in wolfSSL. Missing hash/digest size and Object Identifier (OID) checks allow the a… | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-32990 | Red Hat | medium | 7.3 | 0.2%
| ✓ Fix | A flaw was found in Apache Tomcat. This improper input validation vulnerability stems from an incomp… | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-29145 | Red Hat | medium | 5.9 | 0.0%
| ✓ Fix | CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled v… | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-29129 | Red Hat | low | 6.5 | 0.0%
| | Configured cipher preference order not preserved vulnerability in Apache Tomcat.
This issue affects … | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-25854 | Red Hat | low | 4.3 | 0.0%
| ✓ Fix | Occasional URL redirection to untrusted Site ('Open Redirect') vulnerability in Apache Tomcat via th… | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-24880 | Red Hat | low | 4.3 | 0.2%
| ✓ Fix | Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Ap… | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-39977 | Red Hat | medium | 6.3 | 0.0%
| | A flaw was found in flatpak-builder. A specially crafted manifest or source can bypass path restrict… | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-34734 | F5 | high | 7.8 | 0.2%
| | HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-free was found in the … | Apr 9, 2026 | Jun 30, 2026 |
| | CVE-2026-35195 | Red Hat | medium | 6.3 | — | | A flaw was found in Wasmtime, a runtime for WebAssembly. A malicious guest component can exploit an … | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-35186 | Red Hat | medium | 6.9 | — | | A flaw was found in Wasmtime, a runtime for WebAssembly. The Winch compiler backend incorrectly hand… | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-34988 | Red Hat | medium | 5.6 | — | | A flaw was found in Wasmtime, a runtime for WebAssembly. When Wasmtime's pooling allocator is config… | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-34987 | Red Hat | medium | 8.5 | — | | A flaw was found in Wasmtime, a runtime for WebAssembly. When using its non-default Winch compiler b… | Apr 9, 2026 | Apr 9, 2026 |
| | CVE-2026-34983 | Red Hat | low | 2.5 | — | | A flaw was found in Wasmtime, a runtime for WebAssembly. This vulnerability allows for a use-after-f… | Apr 9, 2026 | Apr 9, 2026 |