| | CVE-2025-68758 |  Red Hat | low | 5.5 | 0.1%
| | In the Linux kernel, the following vulnerability has been resolved:
backlight: led-bl: Add devlink t… | Jan 5, 2026 | Jan 5, 2026 |
| | CVE-2025-68762 | Red Hat | low | 3.3 | 0.0%
| | In the Linux kernel, the following vulnerability has been resolved:
net: netpoll: initialize work qu… | Jan 5, 2026 | Jan 5, 2026 |
| | CVE-2025-68752 | Red Hat | medium | 5.5 | 0.0%
| | In the Linux kernel, the following vulnerability has been resolved:
iavf: Implement settime64 with -… | Jan 5, 2026 | Jan 5, 2026 |
| | CVE-2025-68757 | Red Hat | medium | 6.2 | 0.1%
| | In the Linux kernel, the following vulnerability has been resolved:
drm/vgem-fence: Fix potential de… | Jan 5, 2026 | Jan 5, 2026 |
| | CVE-2026-21444 | Red Hat | medium | 6.5 | 0.0%
| | libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in vers… | Jan 2, 2026 | Jan 2, 2026 |
| | CVE-2025-67269 | Red Hat | high | 7.5 | 0.1%
| ✓ Fix | An integer underflow vulnerability exists in the `nextstate()` function in `gpsd/packet.c` of gpsd v… | Jan 2, 2026 | Jan 2, 2026 |
| | CVE-2025-67268 | Red Hat | high | 7.5 | 0.1%
| ✓ Fix | gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/dr… | Jan 2, 2026 | Jan 2, 2026 |
| | CVE-2025-15412 | Red Hat | medium | 7.1 | 0.0%
| | A security vulnerability has been detected in WebAssembly wabt up to 1.0.39. This issue affects the … | Jan 1, 2026 | Jan 1, 2026 |
| | CVE-2025-15411 | Red Hat | medium | 7.1 | 0.0%
| | A weakness has been identified in WebAssembly wabt up to 1.0.39. This vulnerability affects the func… | Jan 1, 2026 | Jan 1, 2026 |
| | CVE-2026-21428 | Red Hat | high | 8.7 | 0.0%
| | cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0… | Jan 1, 2026 | Jan 1, 2026 |
| | CVE-2025-11157 | Red Hat | high | 7.8 | 0.1%
| | A high-severity remote code execution vulnerability exists in feast-dev/feast version 0.53.0, specif… | Jan 1, 2026 | Jan 1, 2026 |
| | CVE-2025-69413 | Red Hat | medium | 5.3 | 0.0%
| | In Gitea before 1.25.2, /api/v1/user has different responses for failed authentication depending on … | Jan 1, 2026 | Jan 1, 2026 |
| | CVE-2025-14847 |  Splunk | high | 7.5 | 71.2%
| ⚠ KEV | Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap … | Dec 19, 2025 | Jan 13, 2026 |
| | CVE-2025-64675 |  Microsoft | high | 8.3 | 0.1%
| | Improper neutralization of input during web page generation ('cross-site scripting') in Azure Cosmos… | Dec 19, 2025 | Jan 16, 2026 |
| | CVE-2025-65046 | Microsoft | low | 3.1 | 0.0%
| | Microsoft Edge (Chromium-based) Spoofing Vulnerability | Dec 18, 2025 | Feb 20, 2026 |
| | CVE-2025-65041 | Microsoft | critical | 10.0 | 0.1%
| | Improper authorization in Microsoft Partner Center allows an unauthorized attacker to elevate privil… | Dec 18, 2025 | Jan 6, 2026 |
| | CVE-2025-65037 | Microsoft | critical | 10.0 | 0.1%
| | Improper control of generation of code ('code injection') in Azure Container Apps allows an unauthor… | Dec 18, 2025 | Jan 15, 2026 |
| | CVE-2025-64677 | Microsoft | high | 8.2 | 0.1%
| | Improper neutralization of input during web page generation ('cross-site scripting') in Office Out-o… | Dec 18, 2025 | Jan 16, 2026 |
| | CVE-2025-64676 | Microsoft | high | 7.2 | 0.1%
| | '.../...//' in Microsoft Purview allows an authorized attacker to execute code over a network. | Dec 18, 2025 | Feb 10, 2026 |
| | CVE-2025-64663 | Microsoft | critical | 9.9 | 0.1%
| | Custom Question Answering Elevation of Privilege Vulnerability | Dec 18, 2025 | Jan 16, 2026 |
| | CVE-2025-20393 |  Cisco | critical | 10.0 | 6.3%
| ⚠ KEV | A vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gate… | Dec 17, 2025 | Jan 16, 2026 |
| | CVE-2025-14727 |  F5 | high | 8.3 | 0.2%
| | A vulnerability exists in NGINX Ingress Controller's nginx.org/rewrite-target annotation validation.… | Dec 17, 2025 | Jan 8, 2026 |
| | CVE-2025-11531 |  HPE | high | 8.8 | 0.1%
| | HP System Event Utility and Omen Gaming Hub might allow execution of
certain files outside of their… | Dec 9, 2025 | Jan 21, 2026 |
| | CVE-2025-64667 | Microsoft | medium | 5.3 | 0.0%
| | User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an… | Dec 9, 2025 | Jan 2, 2026 |
| | CVE-2025-64666 | Microsoft | high | 7.5 | 0.1%
| | Improper input validation in Microsoft Exchange Server allows an authorized attacker to elevate priv… | Dec 9, 2025 | Jan 2, 2026 |
| | CVE-2025-53679 |  Fortinet | high | 7.2 | 0.3%
| | An improper neutralization of special elements used in an OS command ('OS Command Injection') vulner… | Dec 9, 2025 | Feb 5, 2026 |
| | CVE-2025-62631 | Fortinet | medium | 5.3 | 0.0%
| | An insufficient session expiration vulnerability [CWE-613] vulnerability in Fortinet FortiOS 7.4.0, … | Dec 9, 2025 | May 12, 2026 |
| | CVE-2024-3884 |  Apache | high | 7.5 | 0.8%
| | A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses t… | Dec 3, 2025 | Mar 30, 2026 |
| | CVE-2025-54057 | Apache | medium | 6.1 | 0.4%
| | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apach… | Nov 27, 2025 | Apr 13, 2026 |
| | CVE-2025-64657 | Microsoft | critical | 9.8 | 0.1%
| | Stack-based buffer overflow in Azure Application Gateway allows an unauthorized attacker to elevate … | Nov 26, 2025 | Feb 13, 2026 |
| | CVE-2025-41115 |  Grafana | critical | 10.0 | 0.0%
| | SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in April to improve how org… | Nov 21, 2025 | Apr 24, 2026 |
| | CVE-2025-58692 | Fortinet | high | 8.8 | 0.0%
| | An improper neutralization of special elements used in an SQL Command ("SQL Injection") vulnerabilit… | Nov 18, 2025 | Jan 14, 2026 |
| | CVE-2025-54972 | Fortinet | medium | 4.3 | 0.0%
| | An improper neutralization of crlf sequences ('crlf injection') vulnerability in Fortinet FortiMail … | Nov 18, 2025 | Jan 14, 2026 |
| | CVE-2025-54821 | Fortinet | low | 1.9 | 0.0%
| | An Improper Privilege Management vulnerability [CWE-269] vulnerability in Fortinet FortiOS 7.6.0 thr… | Nov 18, 2025 | Jan 14, 2026 |
| | CVE-2025-40119 |  Check Point | medium | — | 0.0%
| | In the Linux kernel, the following vulnerability has been resolved:
ext4: fix potential null deref … | Nov 12, 2025 | Mar 13, 2026 |
| | CVE-2025-30398 | Microsoft | high | 8.1 | 0.1%
| | Missing authorization in Nuance PowerScribe allows an unauthorized attacker to disclose information … | Nov 11, 2025 | Feb 12, 2026 |
| | CVE-2025-60710 | Microsoft | high | 7.8 | 0.2%
| ⚠ KEV | Improper link resolution before file access ('link following') in Host Process for Windows Tasks all… | Nov 11, 2025 | Apr 14, 2026 |
| | CVE-2025-11761 | HPE | high | 7.8 | 0.0%
| | A potential security vulnerability has been identified in the HP Client Management Script Library so… | Nov 3, 2025 | Jan 21, 2026 |
| | CVE-2025-48984 |  Veeam | high | 8.8 | — | | A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain… | Oct 31, 2025 | Nov 11, 2025 |
| | CVE-2025-48983 | Veeam | critical | 9.9 | — | | A vulnerability in the Mount service of Veeam Backup & Replication, which allows for remote code exe… | Oct 31, 2025 | Dec 1, 2025 |
| | CVE-2025-48982 | Veeam | high | 7.8 | — | | This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation if a s… | Oct 31, 2025 | Dec 1, 2025 |
| | CVE-2025-61795 | Apache | medium | 5.3 | 0.1%
| | Improper Resource Shutdown or Release vulnerability in Apache Tomcat.
If an error occurred (includi… | Oct 27, 2025 | May 12, 2026 |
| | CVE-2025-55754 | Apache | critical | 9.6 | 0.1%
| | Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.
Tomca… | Oct 27, 2025 | May 12, 2026 |
| | CVE-2025-55752 | Apache | high | 7.5 | 0.1%
| | Relative Path Traversal vulnerability in Apache Tomcat.
The fix for bug 60013 introduced a regressi… | Oct 27, 2025 | May 12, 2026 |
| | CVE-2025-20360 | Cisco | medium | 5.8 | 0.1%
| | Multiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Decoder that could allow… | Oct 15, 2025 | Feb 12, 2026 |
| | CVE-2025-61958 | F5 | high | 8.7 | 0.0%
| | A vulnerability exists in the iHealth command that may allow an authenticated attacker with at least… | Oct 15, 2025 | Feb 4, 2026 |
| | CVE-2025-59481 | F5 | high | 8.7 | 0.0%
| | A vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command that may… | Oct 15, 2025 | Feb 4, 2026 |
| | CVE-2025-58424 | F5 | medium | 5.3 | 0.0%
| | On BIG-IP systems, undisclosed traffic can cause data corruption and unauthorized data modification … | Oct 15, 2025 | Feb 4, 2026 |
| | CVE-2025-58153 | F5 | medium | 5.9 | 0.0%
| | Under undisclosed traffic conditions along with conditions beyond the attacker's control, hardware s… | Oct 15, 2025 | Feb 4, 2026 |
| | CVE-2025-54755 | F5 | medium | 4.9 | 0.2%
| | A directory traversal vulnerability exists in TMUI that allows a highly privileged authenticated att… | Oct 15, 2025 | Jan 27, 2026 |