| | CVE-2025-62198 | Apache | medium | 5.4 | 0.2%
| | An authenticated user can perform XSS.
This issue affects Apache Atlas versions 2.4.0 and earlier.
… | Jun 22, 2026 | Jun 23, 2026 |
| | CVE-2026-50519 | Microsoft | medium | 6.5 | 0.5%
| | Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allow… | Jun 19, 2026 | Jun 29, 2026 |
| | CVE-2026-48584 | Microsoft | critical | 9.9 | 0.5%
| | Execution with unnecessary privileges in Azure Synapse allows an authorized attacker to elevate priv… | Jun 19, 2026 | Jun 29, 2026 |
| | CVE-2026-48582 | Microsoft | critical | 9.6 | 0.4%
| | Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileg… | Jun 19, 2026 | Jun 24, 2026 |
| | CVE-2026-47645 | Microsoft | high | 8.8 | 0.4%
| | Url redirection to untrusted site ('open redirect') in Microsoft 365 Copilot's Business Chat allows … | Jun 19, 2026 | Jun 26, 2026 |
| | CVE-2026-45480 | Microsoft | critical | 10.0 | 0.6%
| | Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privile… | Jun 19, 2026 | Jun 24, 2026 |
| | CVE-2026-42895 | Microsoft | medium | 6.5 | 0.4%
| | Improper neutralization of special elements used in a command ('command injection') in Microsoft Cop… | Jun 19, 2026 | Jun 26, 2026 |
| | CVE-2026-32208 | Microsoft | high | 8.8 | 0.3%
| | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft En… | Jun 19, 2026 | Jul 1, 2026 |
| | CVE-2026-27878 | Grafana | medium | 6.5 | 0.2%
| | A TraceQL query in Grafana Tempo with a large exemplars hint value can cause the Tempo instance to a… | Jun 19, 2026 | Jun 29, 2026 |
| | CVE-2026-12726 | Red Hat | medium | 6.3 | — | | A flaw was found in the AWX GitHub webhook integration. When processing GitHub pull_request webhooks… | Jun 19, 2026 | Jun 19, 2026 |
| | CVE-2026-49872 | Apache | high | 8.1 | 0.3%
| | Improper Authentication vulnerability in Apache APISIX.
When the cas-auth plugin is used in a route… | Jun 19, 2026 | Jun 23, 2026 |
| | CVE-2026-49871 | Apache | critical | 9.3 | 0.2%
| | Cross-Site Request Forgery (CSRF) vulnerability in the cas-auth plugin under default configurations.… | Jun 19, 2026 | Jun 23, 2026 |
| | CVE-2026-49231 | Apache | medium | 5.4 | 0.4%
| | Authentication Bypass by Spoofing vulnerability in opa plugin.
An attacker could relay spoofed iden… | Jun 19, 2026 | Jun 23, 2026 |
| | CVE-2026-49230 | Apache | critical | 9.1 | 0.2%
| | Improper Validation of Integrity Check Value vulnerability in Apache APISIX.
The jwe-decrypt plugin… | Jun 19, 2026 | Jun 23, 2026 |
| | CVE-2026-48895 | Apache | high | 7.2 | 0.3%
| | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache APISIX.
The attacker co… | Jun 19, 2026 | Jun 23, 2026 |
| | CVE-2026-47341 | Apache | medium | 6.5 | 0.4%
| | Authentication Bypass by Capture-replay vulnerability in Apache APISIX.
Attacker can benefit from c… | Jun 19, 2026 | Jun 23, 2026 |
| | CVE-2026-47339 | Apache | high | 8.1 | 0.2%
| | Incorrect Authorization vulnerability in Apache APISIX.
An attacker can capitalise on authz-casdoor… | Jun 19, 2026 | Jun 23, 2026 |
| | CVE-2026-44915 | Apache | medium | 6.1 | 0.3%
| | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache APISIX.
The default con… | Jun 19, 2026 | Jun 23, 2026 |
| | CVE-2026-44087 | Apache | critical | 9.1 | 0.2%
| | Insufficient Verification of Data Authenticity vulnerability in Apache APISIX.
The openid-connect p… | Jun 19, 2026 | Jun 23, 2026 |
| | CVE-2026-44046 | Apache | medium | 5.8 | 0.2%
| | Use of Less Trusted Source vulnerability in Apache APISIX.
Attacker can take advantage of wolf-rbac… | Jun 19, 2026 | Jun 23, 2026 |
| | CVE-2026-39999 | Apache | critical | 9.1 | 0.4%
| | Authentication Bypass by Spoofing vulnerability in Apache APISIX.
The attacker can completely bypas… | Jun 19, 2026 | Jun 23, 2026 |
| | CVE-2026-39998 | Apache | high | 8.8 | 0.3%
| | Improper Input Validation vulnerability in Apache APISIX.
The attacker can take advantage of certai… | Jun 19, 2026 | Jun 23, 2026 |
| | CVE-2025-62821 | Microsoft | critical | 9.1 | 0.4%
| | Microsoft HEIF Image Extensions 1.2.22.0 has an out-of-bounds read because CHEIFItemInfoEntry_GetDat… | Jun 19, 2026 | Jun 30, 2026 |
| | CVE-2026-56208 | Red Hat | high | 7.6 | — | | A heap buffer overflow vulnerability was found in libaom, the reference AV1 codec implementation. A … | Jun 19, 2026 | Jun 19, 2026 |
| | CVE-2026-56209 | Red Hat | high | 7.1 | — | | An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation… | Jun 19, 2026 | Jun 19, 2026 |
| | CVE-2026-56210 | Red Hat | high | 7.1 | — | | A heap-buffer-overflow read vulnerability was found in libaom, the reference AV1 codec implementatio… | Jun 19, 2026 | Jun 19, 2026 |
| | CVE-2026-56211 | Red Hat | high | 7.1 | — | | A remote code execution vulnerability was found in libaom, the reference AV1 codec implementation. I… | Jun 19, 2026 | Jun 19, 2026 |
| | CVE-2026-54130 | Microsoft | critical | 9.8 | 0.5%
| | Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disc… | Jun 18, 2026 | Jun 25, 2026 |
| | CVE-2026-47647 | Microsoft | critical | 9.9 | 0.4%
| | Improper access control in Microsoft Dynamics 365 allows an authorized attacker to elevate privilege… | Jun 18, 2026 | Jun 25, 2026 |
| | CVE-2026-47633 | Microsoft | high | 7.5 | 0.6%
| | Exposure of sensitive information to an unauthorized actor in Cost Management Interactive Experience… | Jun 18, 2026 | Jun 26, 2026 |
| | CVE-2026-32174 | Microsoft | high | 7.7 | 0.4%
| | Improper authentication in Azure Bot Service allows an authorized attacker to elevate privileges ove… | Jun 18, 2026 | Jun 24, 2026 |
| | CVE-2026-44942 | Red Hat | medium | 6.5 | — | | A flaw was found in libzypp. This path traversal vulnerability, present in the handling of the "path… | Jun 18, 2026 | Jun 18, 2026 |
| | CVE-2026-32682 | F5 | medium | 6.5 | 0.3%
| | When NGINX Gateway Fabric is configured using GRPCRoutes, an authenticated, remote attacker with per… | Jun 17, 2026 | Jul 2, 2026 |
| | CVE-2026-50107 | F5 | high | 8.1 | 0.3%
| | When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an in… | Jun 17, 2026 | Jun 18, 2026 |
| | CVE-2026-20178 | Cisco | medium | 4.3 | 0.2%
| | A vulnerability in the browser-based version of Cisco Webex App could have allowed an unauthenticate… | Jun 17, 2026 | Jun 22, 2026 |
| | CVE-2026-20246 | Cisco | medium | 6.0 | 0.1%
| | A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated,… | Jun 17, 2026 | Jun 22, 2026 |
| | CVE-2026-20220 | Cisco | medium | 6.3 | 0.2%
| | A vulnerability in the web-based management interface of Cisco Crosswork Network Controller could al… | Jun 17, 2026 | Jun 22, 2026 |
| | CVE-2026-20190 | Cisco | high | 7.5 | 0.4%
| | A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote attacker to view sen… | Jun 17, 2026 | Jun 22, 2026 |
| | CVE-2026-20181 | Cisco | critical | 9.1 | 0.6%
| | A vulnerability in Cisco ISE and ISE-PIC could allow an authenticated, remote attacker to execute ar… | Jun 17, 2026 | Jun 22, 2026 |
| | CVE-2026-42530 | F5 | high | 8.1 | 3.3%
| | NGINX Open Source has a vulnerability in the ngx_http_v3_module module. When NGINX Open Source is co… | Jun 17, 2026 | Jul 2, 2026 |
| | CVE-2026-42055 | F5 | high | 8.1 | 3.1%
| | NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_proxy_v2_module and ngx_http_g… | Jun 17, 2026 | Jul 9, 2026 |
| | CVE-2026-11311 | F5 | high | 8.1 | 0.6%
| | When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability… | Jun 17, 2026 | Jul 2, 2026 |
| | CVE-2026-5667 | F5 | high | 7.2 | — | | Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Room Air Conditioners (for Japan … | Jun 17, 2026 | Jun 17, 2026 |
| | CVE-2026-47340 | Apache | medium | — | — | | Allow authenticated users to access alert instances associated with alert groups they do not have pe… | Jun 17, 2026 | Jun 17, 2026 |
| | CVE-2026-32967 | Apache | medium | — | — | | Incorrect Authorization vulnerability of `/v2` experimental interface in Apache DolphinScheduler.
T… | Jun 17, 2026 | Jun 17, 2026 |
| | CVE-2026-42357 | Apache | medium | — | — | | Incorrect Authorization vulnerability allows users to access workflow instance information belonging… | Jun 17, 2026 | Jun 17, 2026 |
| | CVE-2026-41280 | Apache | medium | — | — | | Incorrect Authorization vulnerability allows users with system login privileges to delete task defin… | Jun 17, 2026 | Jun 17, 2026 |
| | CVE-2026-32966 | Apache | medium | — | — | | DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apa… | Jun 17, 2026 | Jun 17, 2026 |
| | CVE-2026-50203 | Apache | medium | — | — | | A path traversal in the SFTP provider (`SFTPHook.retrieve_directory` / `SFTPOperator(operation=get)`… | Jun 17, 2026 | Jun 17, 2026 |
| | CVE-2026-50656 | Microsoft | high | 7.8 | 3.4%
| | Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Micros… | Jun 16, 2026 | Jul 9, 2026 |