[{"CVE":"CVE-2026-44188","severity":"moderate","public_date":"2026-06-15T08:08:37Z","advisories":["RHSA-2026:25928"],"bugzilla":"2466764","bugzilla_description":"ansible-lightspeed: Ansible Lightspeed: Session hijacking and unauthorized data access due to insufficient session expiration","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-613","affected_packages":["ansible-automation-platform-27/lightspeed-rhel9:1781025813"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-44188.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","cvss3_score":"5.3"},{"CVE":"CVE-2026-12216","severity":"moderate","public_date":"2026-06-15T03:45:07Z","advisories":[],"bugzilla":"2488812","bugzilla_description":"Duktape: svaarala duktape duk_api_bytecode.c memory corruption","cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-12216.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L","cvss3_score":"4.8"},{"CVE":"CVE-2026-52718","severity":"moderate","public_date":"2026-06-15T00:00:00Z","advisories":[],"bugzilla":"2486328","bugzilla_description":"gstreamer1-plugins-bad-free: GStreamer: Denial of service via AV1 tile_list_obu parser byte/bit confusion","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-617","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-52718.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","cvss3_score":"6.5"},{"CVE":"CVE-2026-52719","severity":"important","public_date":"2026-06-15T00:00:00Z","advisories":[],"bugzilla":"2486353","bugzilla_description":"gstreamer1-plugins-bad-free: GStreamer: Out-of-bounds read via JPEG segment length validation in VA decoder","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-125","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-52719.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H","cvss3_score":"7.1"},{"CVE":"CVE-2026-52720","severity":"important","public_date":"2026-06-15T00:00:00Z","advisories":[],"bugzilla":"2486731","bugzilla_description":"gstreamer1-plugins-bad-free: GStreamer: Heap buffer overflow via crafted VNC server rectangle in librfb","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-122","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-52720.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2026-52721","severity":"moderate","public_date":"2026-06-15T00:00:00Z","advisories":[],"bugzilla":"2486732","bugzilla_description":"gstreamer1-plugins-bad-free: GStreamer: Multiple out-of-bounds reads in pcapparse IPv4/TCP header parsing","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-125","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-52721.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H","cvss3_score":"5.3"},{"CVE":"CVE-2026-52722","severity":"important","public_date":"2026-06-15T00:00:00Z","advisories":[],"bugzilla":"2486733","bugzilla_description":"gstreamer1-plugins-bad-free: GStreamer: Signed integer overflow in VMnc decoder cursor payload handling","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-190","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-52722.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H","cvss3_score":"7.1"},{"CVE":"CVE-2026-45833","severity":"important","public_date":"2026-06-12T15:16:33Z","advisories":[],"bugzilla":"2488430","bugzilla_description":"chromadb: ChromaDB: Arbitrary Code Execution via Code Injection","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-94","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-45833.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-45832","severity":"important","public_date":"2026-06-12T15:11:46Z","advisories":[],"bugzilla":"2488411","bugzilla_description":"chromadb: ChromaDB: Authorization bypass in V1 collection-level endpoints","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-551","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-45832.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","cvss3_score":"8.1"},{"CVE":"CVE-2026-45831","severity":"moderate","public_date":"2026-06-12T15:03:58Z","advisories":[],"bugzilla":"2488417","bugzilla_description":"ChromaDB: ChromaDB: Unauthorized cross-tenant actions due to improper authorization checks","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1220","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-45831.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N","cvss3_score":"6.8"},{"CVE":"CVE-2026-50560","severity":"moderate","public_date":"2026-06-12T14:59:59Z","advisories":[],"bugzilla":"2488407","bugzilla_description":"netty-codec-http2: Netty: Denial of Service due to HTTP/2 max header size handling","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-50560.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"5.3"},{"CVE":"CVE-2026-50020","severity":"moderate","public_date":"2026-06-12T14:55:32Z","advisories":[],"bugzilla":"2488421","bugzilla_description":"netty-codec-http: Netty: Data manipulation via request-boundary confusion in HttpObjectDecoder","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-444","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-50020.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","cvss3_score":"5.3"},{"CVE":"CVE-2026-50011","severity":"important","public_date":"2026-06-12T14:52:18Z","advisories":[],"bugzilla":"2488413","bugzilla_description":"netty-codec-redis: Netty: Denial of Service via malicious Redis array header","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-50011.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-50010","severity":"important","public_date":"2026-06-12T14:50:43Z","advisories":[],"bugzilla":"2488429","bugzilla_description":"netty-handler: Netty: Improper trust manager handling leads to hostname verification bypass","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-347","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-50010.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","cvss3_score":"7.5"},{"CVE":"CVE-2026-45830","severity":"important","public_date":"2026-06-12T14:46:54Z","advisories":[],"bugzilla":"2488408","bugzilla_description":"chromadb: ChromaDB: Unauthorized data manipulation due to improper authorization validation","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-266","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-45830.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","cvss3_score":"8.1"},{"CVE":"CVE-2026-48748","severity":"important","public_date":"2026-06-12T14:45:04Z","advisories":[],"bugzilla":"2488441","bugzilla_description":"netty: Netty: Denial of Service due to memory exhaustion in HTTP/3 codec","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-48748.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-48059","severity":"important","public_date":"2026-06-12T14:42:44Z","advisories":[],"bugzilla":"2488437","bugzilla_description":"netty-codec-haproxy: Netty HAProxy PROXY protocol v2 codec: Denial of Service via memory leak from crafted PROXY protocol headers","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1286","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-48059.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-48043","severity":"important","public_date":"2026-06-12T14:39:52Z","advisories":[],"bugzilla":"2488442","bugzilla_description":"netty-codec-http2: netty-codec-http2: Denial of Service due to resource leak","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-772","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-48043.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-48006","severity":"important","public_date":"2026-06-12T14:36:44Z","advisories":[],"bugzilla":"2488433","bugzilla_description":"netty-codec-redis: Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-772","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-48006.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-47691","severity":"important","public_date":"2026-06-12T14:33:16Z","advisories":[],"bugzilla":"2488439","bugzilla_description":"io.netty/netty-resolver-dns: Netty has Insufficient Bailiwick Validation for NS Records","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-346","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-47691.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N","cvss3_score":"8.7"},{"CVE":"CVE-2026-47244","severity":"moderate","public_date":"2026-06-12T14:23:50Z","advisories":[],"bugzilla":"2488399","bugzilla_description":"netty-codec-http2: Netty: Denial of Service via uncontrolled HTTP/2 concurrent streams","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-47244.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"5.3"},{"CVE":"CVE-2026-46340","severity":"important","public_date":"2026-06-12T14:19:48Z","advisories":[],"bugzilla":"2488388","bugzilla_description":"netty-transport-sctp: Netty-transport-sctp: Denial of Service due to unbounded memory growth from SctpMessage fragments","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-46340.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-45674","severity":"important","public_date":"2026-06-12T14:17:50Z","advisories":[],"bugzilla":"2488400","bugzilla_description":"netty-resolver-dns: Netty: Information disclosure and data manipulation due to improper CNAME record validation","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-346","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-45674.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N","cvss3_score":"8.7"},{"CVE":"CVE-2026-45673","severity":"moderate","public_date":"2026-06-12T14:16:03Z","advisories":[],"bugzilla":"2488386","bugzilla_description":"netty-resolver-dns: Netty DNS resolver: DNS Cache Poisoning via predictable transaction IDs","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1241","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-45673.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N","cvss3_score":"6.8"},{"CVE":"CVE-2026-45536","severity":"moderate","public_date":"2026-06-12T14:12:48Z","advisories":[],"bugzilla":"2488394","bugzilla_description":"netty-transport-native-epoll: netty-transport-native-kqueue: Netty: Denial of Service due to file descriptor leak in SCM_RIGHTS message handling","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-167","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-45536.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"4.0"},{"CVE":"CVE-2026-45416","severity":"important","public_date":"2026-06-12T14:10:05Z","advisories":[],"bugzilla":"2488391","bugzilla_description":"netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-45416.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-44894","severity":"important","public_date":"2026-06-12T14:06:54Z","advisories":[],"bugzilla":"2488380","bugzilla_description":"netty-codec-classes-quic: Netty: Denial of Service amplification via improper QUIC token validation","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-346","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-44894.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-44893","severity":"important","public_date":"2026-06-12T14:00:25Z","advisories":[],"bugzilla":"2488383","bugzilla_description":"netty-codec-haproxy: Netty-codec-haproxy: Denial of Service via malformed HAProxy message","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-805","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-44893.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-50633","severity":"important","public_date":"2026-06-12T09:02:02Z","advisories":[],"bugzilla":"2488307","bugzilla_description":"apache-cxf: org.apache.cxf/cxf-integration-jca: Apache CXF: Arbitrary code execution via JNDI Injection","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-502","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-50633.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"8.1"},{"CVE":"CVE-2026-50628","severity":"important","public_date":"2026-06-12T08:56:28Z","advisories":[],"bugzilla":"2488302","bugzilla_description":"cxf: org.apache.cxf/cxf-rt-rs-security-oauth2: cxf: Unauthorized access due to logic error in OAuthRequestFilter","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-358","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-50628.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","cvss3_score":"7.4"},{"CVE":"CVE-2026-50627","severity":"important","public_date":"2026-06-12T08:55:41Z","advisories":[],"bugzilla":"2488298","bugzilla_description":"apache-cxf: org.apache.cxf/cxf-rt-rs-security-oauth2: Apache CXF: Token Confusion/Routing attacks due to improper validation of JWT audience claims","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-303","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-50627.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","cvss3_score":"8.1"},{"CVE":"CVE-2026-49875","severity":"important","public_date":"2026-06-12T08:54:50Z","advisories":[],"bugzilla":"2488309","bugzilla_description":"cxf: org.apache.cxf/cxf-core: Apache CXF: Information disclosure via out-of-band external entity resolution due to missing JAXP hardening","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-611","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-49875.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","cvss3_score":"7.5"},{"CVE":"CVE-2026-53703","severity":"moderate","public_date":"2026-06-12T00:00:00Z","advisories":[],"bugzilla":"2487613","bugzilla_description":"gstreamer1-plugins-ugly-free: GStreamer: Out-of-bounds read in RealMedia demuxer audio stream header parser","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-125","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-53703.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H","cvss3_score":"7.1"},{"CVE":"CVE-2026-53704","severity":"moderate","public_date":"2026-06-12T00:00:00Z","advisories":[],"bugzilla":"2487614","bugzilla_description":"gstreamer1-plugins-ugly-free: GStreamer: Out-of-bounds read in RealMedia demuxer FILEINFO metadata parser","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-125","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-53704.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H","cvss3_score":"7.1"},{"CVE":"CVE-2026-53705","severity":"important","public_date":"2026-06-12T00:00:00Z","advisories":[],"bugzilla":"2487615","bugzilla_description":"gstreamer1-plugins-good: GStreamer: Heap buffer overflow in WavPack decoder via integer overflow","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-190","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-53705.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H","cvss3_score":"7.6"},{"CVE":"CVE-2026-44890","severity":"important","public_date":"2026-06-11T20:52:50Z","advisories":[],"bugzilla":"2488053","bugzilla_description":"netty-codec-redis: netty-codec-redis: Denial of Service via crafted Redis payloads","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-44890.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-44250","severity":"important","public_date":"2026-06-11T20:49:00Z","advisories":[],"bugzilla":"2488062","bugzilla_description":"netty-codec-redis: netty-codec-redis: Denial of Service via crafted Redis payload with deeply nested arrays","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-44250.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-44249","severity":"important","public_date":"2026-06-11T20:46:14Z","advisories":[],"bugzilla":"2488081","bugzilla_description":"netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1287","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-44249.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"8.1"},{"CVE":"CVE-2026-52859","severity":"moderate","public_date":"2026-06-11T18:33:09Z","advisories":[],"bugzilla":"2487989","bugzilla_description":"vim: Vim: Denial of Service via out-of-bounds write in terminal handling","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-787","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-52859.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H","cvss3_score":"5.0"},{"CVE":"CVE-2026-44486","severity":"important","public_date":"2026-06-11T15:39:07Z","advisories":[],"bugzilla":"2487947","bugzilla_description":"axios: Axios: Information disclosure of proxy credentials via HTTP redirects","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-201","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-44486.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","cvss3_score":"7.5"},{"CVE":"CVE-2026-44487","severity":"important","public_date":"2026-06-11T15:38:25Z","advisories":[],"bugzilla":"2487948","bugzilla_description":"axios: Axios: Information disclosure of proxy credentials via redirect flows","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-201","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-44487.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","cvss3_score":"7.5"},{"CVE":"CVE-2026-44488","severity":"important","public_date":"2026-06-11T15:37:38Z","advisories":[],"bugzilla":"2487949","bugzilla_description":"axios: Axios: Denial of Service due to unenforced request and response size limits","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-44488.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-44490","severity":"moderate","public_date":"2026-06-11T15:36:13Z","advisories":[],"bugzilla":"2487941","bugzilla_description":"axios: Axios: Information disclosure and denial of service due to prototype pollution","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-915","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-44490.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L","cvss3_score":"4.8"},{"CVE":"CVE-2026-44496","severity":"important","public_date":"2026-06-11T15:34:28Z","advisories":[],"bugzilla":"2487943","bugzilla_description":"axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1333","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-44496.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-44495","severity":"important","public_date":"2026-06-11T15:33:12Z","advisories":[],"bugzilla":"2487937","bugzilla_description":"axios: Axios: Information disclosure due to prototype pollution vulnerability","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-915","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-44495.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L","cvss3_score":"7.0"},{"CVE":"CVE-2026-44494","severity":"important","public_date":"2026-06-11T15:32:03Z","advisories":[],"bugzilla":"2487942","bugzilla_description":"axios: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-915","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-44494.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N","cvss3_score":"8.7"},{"CVE":"CVE-2026-44489","severity":"low","public_date":"2026-06-11T15:30:44Z","advisories":[],"bugzilla":"2487940","bugzilla_description":"axios: Axios: Information disclosure via Prototype Pollution","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-346","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-44489.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N","cvss3_score":"3.7"},{"CVE":"CVE-2026-44492","severity":"important","public_date":"2026-06-11T15:29:13Z","advisories":[],"bugzilla":"2487938","bugzilla_description":"axios: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-289","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-44492.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","cvss3_score":"8.6"},{"CVE":"CVE-2026-11986","severity":"moderate","public_date":"2026-06-11T14:17:32Z","advisories":[],"bugzilla":"2487906","bugzilla_description":"keycloak-rest-admin-ui-ext: Authorization Bypass vulnerability in the admin-ui-ext bulk role-mapping-delete endpoints of Keycloak","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-425","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-11986.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N","cvss3_score":"4.9"},{"CVE":"CVE-2026-11816","severity":"important","public_date":"2026-06-11T13:31:52Z","advisories":[],"bugzilla":"2487912","bugzilla_description":"keras: Keras: Arbitrary file write via path traversal in archive extraction utilities","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-22","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-11816.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","cvss3_score":"8.1"},{"CVE":"CVE-2026-48998","severity":"moderate","public_date":"2026-06-11T12:34:32Z","advisories":[],"bugzilla":"2487891","bugzilla_description":"guzzlehttp/psr7: guzzlehttp/psr7: Information disclosure via improper Host header validation","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1286","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-48998.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","cvss3_score":"5.3"}]