| CVE-2026-43826 | medium | 6.5 | The OpenSearch logging provider, when configured with a `host` URL that embeds credentials (for exam… | May 11, 2026 | May 13, 2026 |
| CVE-2026-41018 | medium | 6.5 | The Elasticsearch logging provider, when configured with a `host` URL that embeds credentials (for e… | May 11, 2026 | May 13, 2026 |
| CVE-2026-39816 | high | 8.8 | The optional extension component TinkerpopClientService is missing the Restricted annotation with th… | May 8, 2026 | May 9, 2026 |
| CVE-2026-25199 | critical | 9.1 | Instances deployed via the Proxmox extension allow unauthorized access to instances belonging to oth… | May 8, 2026 | May 9, 2026 |
| CVE-2026-25077 | high | 8.8 | Account users are allowed by default to register templates to be downloaded directly to the primary … | May 8, 2026 | May 10, 2026 |
| CVE-2025-69233 | medium | 6.5 | Due to multiple time-of-check time-of-use race conditions in the resource count check and increment … | May 8, 2026 | May 9, 2026 |
| CVE-2025-66467 | high | 8.0 | Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain access … | May 8, 2026 | May 11, 2026 |
| CVE-2025-66172 | high | 8.1 | The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone … | May 8, 2026 | May 12, 2026 |
| CVE-2025-66171 | medium | 6.5 | The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone … | May 8, 2026 | May 12, 2026 |
| CVE-2025-66170 | medium | 6.5 | The CloudStack Backup plugin has an improper authorization logic in versions 4.21.0.0 and 4.22.0.0. … | May 8, 2026 | May 11, 2026 |
| CVE-2013-10075 | medium | — | Apache::Session versions through 1.94 for Perl re-creates deleted sessions.
The session stores Apac… | May 8, 2026 | May 8, 2026 |
| CVE-2026-5081 | medium | — | Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are inse… | May 6, 2026 | May 6, 2026 |
| CVE-2026-43975 | medium | 6.5 | FolderUploadsFileManager in Apache Wicket does not validate or sanitize the uploadFieldId parameter … | May 6, 2026 | May 6, 2026 |
| CVE-2026-43646 | high | 7.5 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Wicket.
This iss… | May 6, 2026 | May 6, 2026 |
| CVE-2026-42509 | medium | 6.1 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i… | May 6, 2026 | May 7, 2026 |
| CVE-2026-40010 | critical | 9.1 | Missing invocation of Servlet http web request method changeSessionId after session binding can be e… | May 6, 2026 | May 7, 2026 |
| CVE-2026-28780 | critical | 9.8 | Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server.
If mod_proxy_ajp co… | May 5, 2026 | May 6, 2026 |
| CVE-2026-29168 | high | 7.3 | Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's mod_md v… | May 5, 2026 | May 6, 2026 |
| CVE-2026-43870 | high | 7.3 | Origin Validation Error, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversa… | May 5, 2026 | May 6, 2026 |
| CVE-2026-43868 | medium | 5.3 | Memory Allocation with Excessive Size Value vulnerability in Apache Thrift.
This issue affects Apac… | May 5, 2026 | May 6, 2026 |
| CVE-2026-43869 | high | 7.3 | Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift.
This issue af… | May 5, 2026 | May 6, 2026 |
| CVE-2026-42812 | critical | 9.9 | In Apache Iceberg, the table's metadata files are control files: they tell readers
which data files … | May 4, 2026 | May 12, 2026 |
| CVE-2026-42811 | critical | 9.9 | In plain terms, Apache Polaris is supposed to issue short-lived GCS credentials
that
only work for o… | May 4, 2026 | May 12, 2026 |
| CVE-2026-42810 | critical | 9.9 | Apache Polaris accepts literal `*` characters in namespace and table names. When it
later builds tem… | May 4, 2026 | May 12, 2026 |
| CVE-2026-42809 | critical | 9.9 | Apache Polaris can issue broad temporary ("vended") storage credentials during
staged
table creation… | May 4, 2026 | May 12, 2026 |
