| | CVE-2026-10649 | Red Hat | high | 8.6 | — | | A flaw was found in Pacemaker. An unauthenticated remote attacker can exploit an integer overflow vu… | Jun 16, 2026 | Jun 16, 2026 |
| | CVE-2026-46655 | Red Hat | high | 7.8 | — | | A flaw was found in virtio-win. A low-integrity process can issue an IOCTL request to viosock.sys!VI… | Jun 16, 2026 | Jun 16, 2026 |
| | CVE-2026-12398 | Red Hat | medium | 7.5 | — | | A command injection vulnerability was found in galaxy_ng. The do_git_checkout() function in the lega… | Jun 16, 2026 | Jun 16, 2026 |
| | CVE-2026-47835 | VMware | high | 8.6 | 0.5%
| | In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary que… | Jun 15, 2026 | Jun 17, 2026 |
| | CVE-2026-20262 | Cisco | medium | 6.5 | 1.1%
| ⚠ KEV | A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow… | Jun 15, 2026 | Jun 17, 2026 |
| | CVE-2026-44188 | Red Hat | medium | 5.3 | 0.4%
| ✓ Fix | A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expirati… | Jun 15, 2026 | Jun 15, 2026 |
| | CVE-2026-12216 | Red Hat | medium | 4.8 | 0.1%
| | A flaw was found in Duktape. A local attacker can exploit this vulnerability by manipulating the `co… | Jun 15, 2026 | Jun 15, 2026 |
| | CVE-2026-52718 | Red Hat | medium | 6.5 | — | | A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The … | Jun 15, 2026 | Jun 15, 2026 |
| | CVE-2026-52719 | Red Hat | high | 7.1 | — | | An out-of-bounds read vulnerability was found in the VA JPEG decoder in GStreamer's gst-plugins-bad.… | Jun 15, 2026 | Jun 15, 2026 |
| | CVE-2026-52720 | Red Hat | high | 8.8 | — | | A heap buffer overflow vulnerability was found in GStreamer's librfb (RFB/VNC client). The rectangle… | Jun 15, 2026 | Jun 15, 2026 |
| | CVE-2026-52721 | Red Hat | medium | 5.3 | — | | Multiple out-of-bounds read vulnerabilities were found in GStreamer's pcapparse element. Malformed P… | Jun 15, 2026 | Jun 15, 2026 |
| | CVE-2026-52722 | Red Hat | high | 7.1 | — | | A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream… | Jun 15, 2026 | Jun 15, 2026 |
| | CVE-2026-11769 | Grafana | high | 8.8 | 0.3%
| | We have released version 5.24.0 of the Grafana Operator. This patch includes a CRITICAL severity sec… | Jun 13, 2026 | Jun 30, 2026 |
| | CVE-2026-48748 | Red Hat | high | 7.5 | 0.0%
| | Netty is a network application framework for development of protocol servers and clients. Prior to v… | Jun 12, 2026 | Jun 12, 2026 |
| | CVE-2026-48059 | Red Hat | high | 7.5 | 0.0%
| | Netty is a network application framework for development of protocol servers and clients. Prior to v… | Jun 12, 2026 | Jun 12, 2026 |
| | CVE-2026-48043 | Red Hat | high | 7.5 | 0.0%
| | Netty is a network application framework for development of protocol servers and clients. In netty-c… | Jun 12, 2026 | Jun 12, 2026 |
| | CVE-2026-45673 | Red Hat | medium | 6.8 | 0.0%
| | Netty is a network application framework for development of protocol servers and clients. Prior to v… | Jun 12, 2026 | Jun 12, 2026 |
| | CVE-2026-44894 | Red Hat | high | 7.5 | 0.0%
| | Netty is a network application framework for development of protocol servers and clients. NoQuicToke… | Jun 12, 2026 | Jun 12, 2026 |
| | CVE-2026-44893 | Red Hat | high | 7.5 | 0.0%
| | Netty is a network application framework for development of protocol servers and clients. In netty-c… | Jun 12, 2026 | Jun 12, 2026 |
| | CVE-2026-50645 | Apache | high | 7.5 | 0.1%
| | There is no restriction on the amount of attachment headers that a message can contain when being de… | Jun 12, 2026 | Jun 13, 2026 |
| | CVE-2026-50634 | Apache | medium | 6.5 | 0.0%
| | A vulnerability in Apache CXF's JwsJsonContainerRequestFilter can be exploited to cause CXF to proce… | Jun 12, 2026 | Jun 12, 2026 |
| | CVE-2026-50633 | Apache | high | 8.1 | 0.6%
| | A JNDI Injection vulnerability has been discovered in Apache CXF's JCA integration module, which can… | Jun 12, 2026 | Jun 30, 2026 |
| | CVE-2026-50631 | Apache | high | 7.4 | 0.1%
| | A race condition in AbstractOAuthDataProvider allows concurrent requests using the same Refresh Toke… | Jun 12, 2026 | Jun 12, 2026 |
| | CVE-2026-50630 | Apache | medium | 6.5 | 0.1%
| | A CRLF injection vulnerability exists in the OAuth2 AuthorizationUtils class. When constructing the … | Jun 12, 2026 | Jun 12, 2026 |
| | CVE-2026-50629 | Apache | medium | 5.3 | 0.2%
| | The 'clientId' parameter from incoming HTTP requests is directly concatenated into OAuth2 server log… | Jun 12, 2026 | Jun 12, 2026 |
| | CVE-2026-50623 | Apache | medium | 4.8 | 0.5%
| | An authentication bypass vulnerability exists in the OAuth2 TokenIntrospectionService in Apache CXF.… | Jun 12, 2026 | Jun 16, 2026 |
| | CVE-2026-49875 | Apache | critical | 9.8 | 0.5%
| | Apache CXF's EndpointReferenceUtils and W3CMultiSchemaFactory classes construct a SAXParserFactory w… | Jun 12, 2026 | Jul 9, 2026 |
| | CVE-2026-50632 | Apache | medium | — | 0.6%
| | A further incomplete fix for a previous advisory CVE-2026-44417 (Untrusted JMS configuration can lea… | Jun 12, 2026 | Jul 3, 2026 |
| | CVE-2026-50628 | Apache | medium | — | 0.6%
| | A logic error in OAuthRequestFilter rejects legitimate requests originating from the bound IP addres… | Jun 12, 2026 | Jul 2, 2026 |
| | CVE-2026-50627 | Apache | medium | — | 0.4%
| | The JwtAccessTokenValidator class in Apache CXF fails to validate the 'aud' (Audience) claims of inc… | Jun 12, 2026 | Jul 3, 2026 |
| | CVE-2026-45173 | Microsoft | medium | 6.5 | 0.2%
| | Idira Identity Browser Extension (Chrome, Firefox, and Edge builds) versions prior to 26.8.1 exhibit… | Jun 11, 2026 | Jun 22, 2026 |
| | CVE-2026-44490 | Red Hat | medium | 4.8 | — | | A flaw was found in Axios, a promise-based HTTP client. This vulnerability, known as prototype pollu… | Jun 11, 2026 | Jun 11, 2026 |
| | CVE-2026-44489 | Red Hat | low | 3.7 | — | | A flaw was found in Axios, a promise-based HTTP client. A remote attacker could exploit a prototype … | Jun 11, 2026 | Jun 11, 2026 |
| | CVE-2026-11986 | Red Hat | medium | 4.9 | — | | A flaw was found in the admin-ui-ext component of Keycloak, which provides extended administrative u… | Jun 11, 2026 | Jun 11, 2026 |
| | CVE-2026-41856 | VMware | high | 7.5 | 0.4%
| | The Spring GraphQL annotation detection mechanism for @Controller data fetchers may not correctly re… | Jun 11, 2026 | Jun 30, 2026 |
| | CVE-2026-41700 | VMware | high | 8.1 | 0.2%
| | Spring for GraphQL applications that have enabled the WebSocket transport are vulnerable to Cross-Si… | Jun 11, 2026 | Jun 30, 2026 |
| | CVE-2026-41699 | VMware | high | 8.1 | 0.4%
| | Spring for GraphQL applications are vulnerable to Unsafe Deserialization when processing paginated G… | Jun 11, 2026 | Jun 30, 2026 |
| | CVE-2026-50223 | Apache | high | 8.8 | 0.2%
| | Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz allows a low… | Jun 10, 2026 | Jun 12, 2026 |
| | CVE-2026-47342 | Apache | high | 8.8 | 0.0%
| | A privilege escalation vulnerability in Apache OFBiz allows a low-privileged authenticated user to o… | Jun 10, 2026 | Jun 12, 2026 |
| | CVE-2026-10143 | Red Hat | high | 7.5 | — | | A flaw was found in kafka-python. A malicious or machine-in-the-middle broker could exploit a denial… | Jun 10, 2026 | Jun 10, 2026 |
| | CVE-2026-6893 | Red Hat | high | 8.8 | — | | A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability… | Jun 10, 2026 | Jun 10, 2026 |
| | CVE-2026-20259 | Splunk | medium | 5.5 | 0.0%
| | In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4… | Jun 10, 2026 | Jun 12, 2026 |
| | CVE-2026-20258 | Splunk | high | 7.1 | 0.2%
| | In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform ve… | Jun 10, 2026 | Jun 15, 2026 |
| | CVE-2026-20257 | Splunk | medium | 5.7 | 0.2%
| | In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform ve… | Jun 10, 2026 | Jun 15, 2026 |
| | CVE-2026-20256 | Splunk | medium | 5.7 | 0.3%
| | In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform ve… | Jun 10, 2026 | Jun 15, 2026 |
| | CVE-2026-20255 | Splunk | medium | 5.7 | 0.2%
| | In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform ve… | Jun 10, 2026 | Jun 15, 2026 |
| | CVE-2026-20254 | Splunk | medium | 5.7 | 0.3%
| | In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform ve… | Jun 10, 2026 | Jun 15, 2026 |
| | CVE-2026-20252 | Splunk | high | 7.6 | 0.3%
| | In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform ve… | Jun 10, 2026 | Jun 15, 2026 |
| | CVE-2026-20251 | Splunk | high | 8.8 | 0.6%
| | In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, Splunk Cloud Platform versio… | Jun 10, 2026 | Jun 15, 2026 |
| | CVE-2026-20253 | Splunk | critical | 9.8 | 1.7%
| ⚠ KEV | In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated use… | Jun 10, 2026 | Jun 19, 2026 |