Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/java-11-openjdk@1:11.0.31.0.11-1?arch=el7_9

Type rpm

Namespace redhat

Name java-11-openjdk

Version 1:11.0.31.0.11-1

Qualifiers

arch	el7_9

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-1gha-995s-7qdg

vulnerability_id

VCID-1gha-995s-7qdg

summary

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22016.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22016.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-22016

reference_id

reference_type

scores

value	0.00033
scoring_system	epss
scoring_elements	0.09722
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-22016

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22016
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22016

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894
reference_id	1134894
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2460039
reference_id	2460039
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2460039

reference_url

https://www.oracle.com/security-alerts/cpuapr2026.html

reference_id

cpuapr2026.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:11:15Z/

url

https://www.oracle.com/security-alerts/cpuapr2026.html

reference_url	https://access.redhat.com/errata/RHSA-2026:9254
reference_id	RHSA-2026:9254
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9254

reference_url	https://access.redhat.com/errata/RHSA-2026:9255
reference_id	RHSA-2026:9255
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9255

reference_url	https://access.redhat.com/errata/RHSA-2026:9256
reference_id	RHSA-2026:9256
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9256

reference_url	https://access.redhat.com/errata/RHSA-2026:9682
reference_id	RHSA-2026:9682
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9682

reference_url	https://access.redhat.com/errata/RHSA-2026:9684
reference_id	RHSA-2026:9684
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9684

reference_url	https://access.redhat.com/errata/RHSA-2026:9685
reference_id	RHSA-2026:9685
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9685

reference_url	https://access.redhat.com/errata/RHSA-2026:9687
reference_id	RHSA-2026:9687
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9687

reference_url	https://access.redhat.com/errata/RHSA-2026:9688
reference_id	RHSA-2026:9688
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9688

reference_url	https://access.redhat.com/errata/RHSA-2026:9690
reference_id	RHSA-2026:9690
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9690

reference_url	https://access.redhat.com/errata/RHSA-2026:9691
reference_id	RHSA-2026:9691
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9691

reference_url	https://access.redhat.com/errata/RHSA-2026:9693
reference_id	RHSA-2026:9693
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9693

reference_url	https://access.redhat.com/errata/RHSA-2026:9694
reference_id	RHSA-2026:9694
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9694

fixed_packages

aliases

CVE-2026-22016

risk_score

3.4

exploitability

0.5

weighted_severity

6.8

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-1gha-995s-7qdg

url

VCID-41qj-62x6-tqe5

vulnerability_id

VCID-41qj-62x6-tqe5

summary

giflib: giflib: Denial of Service via buffer overflow in EGifGCBToExtension

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26740.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26740.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-26740

reference_id

reference_type

scores

value	0.00139
scoring_system	epss
scoring_elements	0.34086
published_at	2026-04-02T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.34051
published_at	2026-04-09T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.3405
published_at	2026-04-11T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.34007
published_at	2026-04-12T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.33983
published_at	2026-04-13T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.34017
published_at	2026-04-16T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.34004
published_at	2026-04-18T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.34118
published_at	2026-04-04T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.33978
published_at	2026-04-07T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.3402
published_at	2026-04-08T12:55:00Z

value	0.00151
scoring_system	epss
scoring_elements	0.35498
published_at	2026-04-24T12:55:00Z

value	0.00151
scoring_system	epss
scoring_elements	0.35733
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-26740

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26740
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26740

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131368
reference_id	1131368
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131368

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2448747
reference_id	2448747
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2448747

reference_url

https://github.com/zakkanijia/POC/blob/main/giflib/giftool/giflib_giftool_gce_len_heap_oobwrite_disclosure.md

reference_id

giflib_giftool_gce_len_heap_oobwrite_disclosure.md

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T18:43:32Z/

url

https://github.com/zakkanijia/POC/blob/main/giflib/giftool/giflib_giftool_gce_len_heap_oobwrite_disclosure.md

reference_url	https://access.redhat.com/errata/RHSA-2026:9254
reference_id	RHSA-2026:9254
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9254

reference_url	https://access.redhat.com/errata/RHSA-2026:9255
reference_id	RHSA-2026:9255
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9255

reference_url	https://access.redhat.com/errata/RHSA-2026:9693
reference_id	RHSA-2026:9693
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9693

fixed_packages

aliases

CVE-2026-26740

risk_score

3.7

exploitability

0.5

weighted_severity

7.4

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-41qj-62x6-tqe5

url

VCID-57sd-8y93-qqhu

vulnerability_id

VCID-57sd-8y93-qqhu

summary

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34282.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34282.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-34282

reference_id

reference_type

scores

value	0.0004
scoring_system	epss
scoring_elements	0.121
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-34282

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34282
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34282

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2460044
reference_id	2460044
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2460044

reference_url

https://www.oracle.com/security-alerts/cpuapr2026.html

reference_id

cpuapr2026.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:33:23Z/

url

https://www.oracle.com/security-alerts/cpuapr2026.html

reference_url	https://access.redhat.com/errata/RHSA-2026:9254
reference_id	RHSA-2026:9254
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9254

reference_url	https://access.redhat.com/errata/RHSA-2026:9255
reference_id	RHSA-2026:9255
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9255

reference_url	https://access.redhat.com/errata/RHSA-2026:9256
reference_id	RHSA-2026:9256
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9256

reference_url	https://access.redhat.com/errata/RHSA-2026:9687
reference_id	RHSA-2026:9687
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9687

reference_url	https://access.redhat.com/errata/RHSA-2026:9688
reference_id	RHSA-2026:9688
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9688

reference_url	https://access.redhat.com/errata/RHSA-2026:9690
reference_id	RHSA-2026:9690
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9690

reference_url	https://access.redhat.com/errata/RHSA-2026:9691
reference_id	RHSA-2026:9691
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9691

reference_url	https://access.redhat.com/errata/RHSA-2026:9693
reference_id	RHSA-2026:9693
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9693

reference_url	https://access.redhat.com/errata/RHSA-2026:9694
reference_id	RHSA-2026:9694
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9694

fixed_packages

aliases

CVE-2026-34282

risk_score

3.4

exploitability

0.5

weighted_severity

6.8

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-57sd-8y93-qqhu

url

VCID-6fzj-746j-bkbc

vulnerability_id

VCID-6fzj-746j-bkbc

summary

Freetype: Freetype: Information disclosure or denial of service via specially crafted font files

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23865.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23865.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-23865

reference_id

reference_type

scores

value	0.00014
scoring_system	epss
scoring_elements	0.02445
published_at	2026-04-02T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03111
published_at	2026-04-24T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03077
published_at	2026-04-09T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03041
published_at	2026-04-11T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03017
published_at	2026-04-12T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03009
published_at	2026-04-13T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.02986
published_at	2026-04-16T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.02993
published_at	2026-04-18T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03114
published_at	2026-04-21T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03047
published_at	2026-04-04T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.0305
published_at	2026-04-07T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03053
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-23865

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1129606
reference_id	1129606
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1129606

reference_url

https://sourceforge.net/projects/freetype/files/freetype2/2.14.2/

reference_id

2.14.2

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-02T16:25:34Z/

url

https://sourceforge.net/projects/freetype/files/freetype2/2.14.2/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2443891
reference_id	2443891
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2443891

reference_url

https://www.facebook.com/security/advisories/cve-2026-23865

reference_id

cve-2026-23865

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-02T16:25:34Z/

url

https://www.facebook.com/security/advisories/cve-2026-23865

reference_url

https://gitlab.com/freetype/freetype/-/commit/fc85a255849229c024c8e65f536fe1875d84841c

reference_id

fc85a255849229c024c8e65f536fe1875d84841c

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-02T16:25:34Z/

url

https://gitlab.com/freetype/freetype/-/commit/fc85a255849229c024c8e65f536fe1875d84841c

reference_url	https://access.redhat.com/errata/RHSA-2026:7933
reference_id	RHSA-2026:7933
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7933

reference_url	https://access.redhat.com/errata/RHSA-2026:9254
reference_id	RHSA-2026:9254
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9254

reference_url	https://access.redhat.com/errata/RHSA-2026:9255
reference_id	RHSA-2026:9255
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9255

reference_url	https://access.redhat.com/errata/RHSA-2026:9256
reference_id	RHSA-2026:9256
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9256

reference_url	https://access.redhat.com/errata/RHSA-2026:9682
reference_id	RHSA-2026:9682
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9682

reference_url	https://access.redhat.com/errata/RHSA-2026:9684
reference_id	RHSA-2026:9684
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9684

reference_url	https://access.redhat.com/errata/RHSA-2026:9685
reference_id	RHSA-2026:9685
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9685

reference_url	https://access.redhat.com/errata/RHSA-2026:9687
reference_id	RHSA-2026:9687
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9687

reference_url	https://access.redhat.com/errata/RHSA-2026:9688
reference_id	RHSA-2026:9688
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9688

reference_url	https://access.redhat.com/errata/RHSA-2026:9690
reference_id	RHSA-2026:9690
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9690

reference_url	https://access.redhat.com/errata/RHSA-2026:9691
reference_id	RHSA-2026:9691
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9691

reference_url	https://access.redhat.com/errata/RHSA-2026:9693
reference_id	RHSA-2026:9693
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9693

reference_url	https://access.redhat.com/errata/RHSA-2026:9694
reference_id	RHSA-2026:9694
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9694

reference_url	https://usn.ubuntu.com/8086-1/
reference_id	USN-8086-1
reference_type
scores
url	https://usn.ubuntu.com/8086-1/

fixed_packages

aliases

CVE-2026-23865

risk_score

2.4

exploitability

0.5

weighted_severity

4.8

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-6fzj-746j-bkbc

url

VCID-6r1k-8y1c-q7fm

vulnerability_id

VCID-6r1k-8y1c-q7fm

summary

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 2.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22007.json

reference_id

reference_type

scores

value	2.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22007.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-22007

reference_id

reference_type

scores

value	0.00012
scoring_system	epss
scoring_elements	0.01704
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-22007

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22007
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22007

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	2.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894
reference_id	1134894
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2460038
reference_id	2460038
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2460038

reference_url

https://www.oracle.com/security-alerts/cpuapr2026.html

reference_id

cpuapr2026.html

reference_type

scores

value	2.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:05:16Z/

url

https://www.oracle.com/security-alerts/cpuapr2026.html

reference_url	https://access.redhat.com/errata/RHSA-2026:9254
reference_id	RHSA-2026:9254
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9254

reference_url	https://access.redhat.com/errata/RHSA-2026:9255
reference_id	RHSA-2026:9255
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9255

reference_url	https://access.redhat.com/errata/RHSA-2026:9256
reference_id	RHSA-2026:9256
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9256

reference_url	https://access.redhat.com/errata/RHSA-2026:9682
reference_id	RHSA-2026:9682
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9682

reference_url	https://access.redhat.com/errata/RHSA-2026:9684
reference_id	RHSA-2026:9684
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9684

reference_url	https://access.redhat.com/errata/RHSA-2026:9685
reference_id	RHSA-2026:9685
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9685

reference_url	https://access.redhat.com/errata/RHSA-2026:9687
reference_id	RHSA-2026:9687
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9687

reference_url	https://access.redhat.com/errata/RHSA-2026:9688
reference_id	RHSA-2026:9688
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9688

reference_url	https://access.redhat.com/errata/RHSA-2026:9690
reference_id	RHSA-2026:9690
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9690

reference_url	https://access.redhat.com/errata/RHSA-2026:9691
reference_id	RHSA-2026:9691
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9691

reference_url	https://access.redhat.com/errata/RHSA-2026:9693
reference_id	RHSA-2026:9693
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9693

reference_url	https://access.redhat.com/errata/RHSA-2026:9694
reference_id	RHSA-2026:9694
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9694

fixed_packages

aliases

CVE-2026-22007

risk_score

1.3

exploitability

0.5

weighted_severity

2.6

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-6r1k-8y1c-q7fm

url

VCID-7qam-er5a-gbas

vulnerability_id

VCID-7qam-er5a-gbas

summary

libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22801.json

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22801.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-22801

reference_id

reference_type

scores

value	0.00018
scoring_system	epss
scoring_elements	0.04618
published_at	2026-04-02T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04807
published_at	2026-04-24T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04625
published_at	2026-04-16T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04633
published_at	2026-04-18T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04773
published_at	2026-04-21T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04642
published_at	2026-04-04T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04654
published_at	2026-04-07T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04688
published_at	2026-04-08T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.047
published_at	2026-04-09T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04692
published_at	2026-04-11T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04674
published_at	2026-04-12T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04658
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-22801

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22801

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125444
reference_id	1125444
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125444

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2428824
reference_id	2428824
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2428824

reference_url

https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8

reference_id

GHSA-vgjq-8cw5-ggw8

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T19:37:38Z/

url

https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8

reference_url	https://access.redhat.com/errata/RHSA-2026:3405
reference_id	RHSA-2026:3405
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3405

reference_url	https://access.redhat.com/errata/RHSA-2026:3551
reference_id	RHSA-2026:3551
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3551

reference_url	https://access.redhat.com/errata/RHSA-2026:3573
reference_id	RHSA-2026:3573
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3573

reference_url	https://access.redhat.com/errata/RHSA-2026:3574
reference_id	RHSA-2026:3574
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3574

reference_url	https://access.redhat.com/errata/RHSA-2026:3575
reference_id	RHSA-2026:3575
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3575

reference_url	https://access.redhat.com/errata/RHSA-2026:3576
reference_id	RHSA-2026:3576
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3576

reference_url	https://access.redhat.com/errata/RHSA-2026:3577
reference_id	RHSA-2026:3577
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3577

reference_url	https://access.redhat.com/errata/RHSA-2026:4306
reference_id	RHSA-2026:4306
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4306

reference_url	https://access.redhat.com/errata/RHSA-2026:4501
reference_id	RHSA-2026:4501
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4501

reference_url	https://access.redhat.com/errata/RHSA-2026:4728
reference_id	RHSA-2026:4728
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4728

reference_url	https://access.redhat.com/errata/RHSA-2026:4729
reference_id	RHSA-2026:4729
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4729

reference_url	https://access.redhat.com/errata/RHSA-2026:4730
reference_id	RHSA-2026:4730
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4730

reference_url	https://access.redhat.com/errata/RHSA-2026:4731
reference_id	RHSA-2026:4731
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4731

reference_url	https://access.redhat.com/errata/RHSA-2026:4732
reference_id	RHSA-2026:4732
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4732

reference_url	https://access.redhat.com/errata/RHSA-2026:5606
reference_id	RHSA-2026:5606
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:5606

reference_url	https://access.redhat.com/errata/RHSA-2026:6732
reference_id	RHSA-2026:6732
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6732

reference_url	https://access.redhat.com/errata/RHSA-2026:8746
reference_id	RHSA-2026:8746
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8746

reference_url	https://access.redhat.com/errata/RHSA-2026:8747
reference_id	RHSA-2026:8747
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8747

reference_url	https://access.redhat.com/errata/RHSA-2026:8748
reference_id	RHSA-2026:8748
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8748

reference_url	https://access.redhat.com/errata/RHSA-2026:9254
reference_id	RHSA-2026:9254
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9254

reference_url	https://access.redhat.com/errata/RHSA-2026:9255
reference_id	RHSA-2026:9255
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9255

reference_url	https://usn.ubuntu.com/7963-1/
reference_id	USN-7963-1
reference_type
scores
url	https://usn.ubuntu.com/7963-1/

reference_url	https://usn.ubuntu.com/8035-1/
reference_id	USN-8035-1
reference_type
scores
url	https://usn.ubuntu.com/8035-1/

fixed_packages

aliases

CVE-2026-22801

risk_score

3.0

exploitability

0.5

weighted_severity

6.1

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-7qam-er5a-gbas

url

VCID-dm7h-c7wt-1kbs

vulnerability_id

VCID-dm7h-c7wt-1kbs

summary

libpng: libpng: Arbitrary code execution due to use-after-free vulnerability

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33416.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33416.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-33416

reference_id

reference_type

scores

value	0.00037
scoring_system	epss
scoring_elements	0.10979
published_at	2026-04-24T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11022
published_at	2026-04-21T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12874
published_at	2026-04-13T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12779
published_at	2026-04-18T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12775
published_at	2026-04-16T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.13064
published_at	2026-04-04T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12864
published_at	2026-04-07T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12943
published_at	2026-04-08T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12994
published_at	2026-04-09T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12954
published_at	2026-04-11T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12919
published_at	2026-04-12T12:55:00Z

value	0.00051
scoring_system	epss
scoring_elements	0.15898
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-33416

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33416
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33416

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132012
reference_id	1132012
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132012

reference_url

https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb

reference_id

23019269764e35ed8458e517f1897bd3c54820eb

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/

url

https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2451805
reference_id	2451805
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2451805

reference_url

https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667

reference_id

7ea9eea884a2328cc7fdcb3c0c00246a50d90667

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/

url

https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667

reference_url

https://github.com/pnggroup/libpng/pull/824

reference_id

824

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/

url

https://github.com/pnggroup/libpng/pull/824

reference_url

https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25

reference_id

a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/

url

https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25

reference_url

https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1

reference_id

c1b0318b393c90679e6fa5bc1d329fd5d5012ec1

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/

url

https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1

reference_url

https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j

reference_id

GHSA-m4pc-p4q3-4c7j

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/

url

https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j

reference_url	https://access.redhat.com/errata/RHSA-2026:6732
reference_id	RHSA-2026:6732
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6732

reference_url	https://access.redhat.com/errata/RHSA-2026:7671
reference_id	RHSA-2026:7671
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7671

reference_url	https://access.redhat.com/errata/RHSA-2026:7672
reference_id	RHSA-2026:7672
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7672

reference_url	https://access.redhat.com/errata/RHSA-2026:8052
reference_id	RHSA-2026:8052
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8052

reference_url	https://access.redhat.com/errata/RHSA-2026:8459
reference_id	RHSA-2026:8459
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8459

reference_url	https://access.redhat.com/errata/RHSA-2026:9254
reference_id	RHSA-2026:9254
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9254

reference_url	https://access.redhat.com/errata/RHSA-2026:9255
reference_id	RHSA-2026:9255
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9255

reference_url	https://access.redhat.com/errata/RHSA-2026:9345
reference_id	RHSA-2026:9345
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9345

reference_url	https://access.redhat.com/errata/RHSA-2026:9638
reference_id	RHSA-2026:9638
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9638

reference_url	https://access.redhat.com/errata/RHSA-2026:9693
reference_id	RHSA-2026:9693
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9693

fixed_packages

aliases

CVE-2026-33416

risk_score

3.4

exploitability

0.5

weighted_severity

6.8

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-dm7h-c7wt-1kbs

url

VCID-j7dk-wzkm-tfcr

vulnerability_id

VCID-j7dk-wzkm-tfcr

summary

libpng: LIBPNG out-of-bounds read in png_image_read_composite

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66293.json

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66293.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-66293

reference_id

reference_type

scores

value	0.00082
scoring_system	epss
scoring_elements	0.24185
published_at	2026-04-02T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30216
published_at	2026-04-24T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30323
published_at	2026-04-07T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30382
published_at	2026-04-08T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30416
published_at	2026-04-09T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30418
published_at	2026-04-11T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30374
published_at	2026-04-12T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30326
published_at	2026-04-13T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30342
published_at	2026-04-16T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30324
published_at	2026-04-18T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30279
published_at	2026-04-21T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30511
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-66293

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66293
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66293

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121877
reference_id	1121877
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121877

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2418711
reference_id	2418711
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2418711

reference_url

https://github.com/pnggroup/libpng/issues/764

reference_id

764

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T20:52:13Z/

url

https://github.com/pnggroup/libpng/issues/764

reference_url

https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1

reference_id

788a624d7387a758ffd5c7ab010f1870dea753a1

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T20:52:13Z/

url

https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1

reference_url

https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a

reference_id

a05a48b756de63e3234ea6b3b938b8f5f862484a

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T20:52:13Z/

url

https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a

reference_url

https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f

reference_id

GHSA-9mpm-9pxh-mg4f

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T20:52:13Z/

url

https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f

reference_url	https://access.redhat.com/errata/RHSA-2026:0125
reference_id	RHSA-2026:0125
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0125

reference_url	https://access.redhat.com/errata/RHSA-2026:0210
reference_id	RHSA-2026:0210
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0210

reference_url	https://access.redhat.com/errata/RHSA-2026:0211
reference_id	RHSA-2026:0211
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0211

reference_url	https://access.redhat.com/errata/RHSA-2026:0212
reference_id	RHSA-2026:0212
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0212

reference_url	https://access.redhat.com/errata/RHSA-2026:0216
reference_id	RHSA-2026:0216
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0216

reference_url	https://access.redhat.com/errata/RHSA-2026:0234
reference_id	RHSA-2026:0234
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0234

reference_url	https://access.redhat.com/errata/RHSA-2026:0237
reference_id	RHSA-2026:0237
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0237

reference_url	https://access.redhat.com/errata/RHSA-2026:0238
reference_id	RHSA-2026:0238
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0238

reference_url	https://access.redhat.com/errata/RHSA-2026:0241
reference_id	RHSA-2026:0241
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0241

reference_url	https://access.redhat.com/errata/RHSA-2026:0313
reference_id	RHSA-2026:0313
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0313

reference_url	https://access.redhat.com/errata/RHSA-2026:0321
reference_id	RHSA-2026:0321
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0321

reference_url	https://access.redhat.com/errata/RHSA-2026:0322
reference_id	RHSA-2026:0322
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0322

reference_url	https://access.redhat.com/errata/RHSA-2026:0323
reference_id	RHSA-2026:0323
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0323

reference_url	https://access.redhat.com/errata/RHSA-2026:0414
reference_id	RHSA-2026:0414
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0414

reference_url	https://access.redhat.com/errata/RHSA-2026:2072
reference_id	RHSA-2026:2072
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2072

reference_url	https://access.redhat.com/errata/RHSA-2026:2633
reference_id	RHSA-2026:2633
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2633

reference_url	https://access.redhat.com/errata/RHSA-2026:2659
reference_id	RHSA-2026:2659
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2659

reference_url	https://access.redhat.com/errata/RHSA-2026:2671
reference_id	RHSA-2026:2671
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2671

reference_url	https://access.redhat.com/errata/RHSA-2026:2974
reference_id	RHSA-2026:2974
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2974

reference_url	https://access.redhat.com/errata/RHSA-2026:3415
reference_id	RHSA-2026:3415
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3415

reference_url	https://access.redhat.com/errata/RHSA-2026:3861
reference_id	RHSA-2026:3861
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3861

reference_url	https://access.redhat.com/errata/RHSA-2026:4419
reference_id	RHSA-2026:4419
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4419

reference_url	https://access.redhat.com/errata/RHSA-2026:6732
reference_id	RHSA-2026:6732
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6732

reference_url	https://access.redhat.com/errata/RHSA-2026:9254
reference_id	RHSA-2026:9254
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9254

reference_url	https://access.redhat.com/errata/RHSA-2026:9255
reference_id	RHSA-2026:9255
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9255

reference_url	https://usn.ubuntu.com/7963-1/
reference_id	USN-7963-1
reference_type
scores
url	https://usn.ubuntu.com/7963-1/

reference_url	https://usn.ubuntu.com/8035-1/
reference_id	USN-8035-1
reference_type
scores
url	https://usn.ubuntu.com/8035-1/

fixed_packages

aliases

CVE-2025-66293

risk_score

3.2

exploitability

0.5

weighted_severity

6.4

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-j7dk-wzkm-tfcr

url

VCID-jxgd-j4wr-tyb7

vulnerability_id

VCID-jxgd-j4wr-tyb7

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34268.json

reference_id

reference_type

scores

value	2.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34268.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-34268

reference_id

reference_type

scores

value	0.00012
scoring_system	epss
scoring_elements	0.01704
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-34268

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34268
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34268

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	2.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894
reference_id	1134894
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2460043
reference_id	2460043
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2460043

reference_url

https://www.oracle.com/security-alerts/cpuapr2026.html

reference_id

cpuapr2026.html

reference_type

scores

value	2.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T13:55:07Z/

url

https://www.oracle.com/security-alerts/cpuapr2026.html

reference_url	https://access.redhat.com/errata/RHSA-2026:9254
reference_id	RHSA-2026:9254
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9254

reference_url	https://access.redhat.com/errata/RHSA-2026:9255
reference_id	RHSA-2026:9255
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9255

reference_url	https://access.redhat.com/errata/RHSA-2026:9256
reference_id	RHSA-2026:9256
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9256

reference_url	https://access.redhat.com/errata/RHSA-2026:9682
reference_id	RHSA-2026:9682
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9682

reference_url	https://access.redhat.com/errata/RHSA-2026:9684
reference_id	RHSA-2026:9684
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9684

reference_url	https://access.redhat.com/errata/RHSA-2026:9685
reference_id	RHSA-2026:9685
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9685

reference_url	https://access.redhat.com/errata/RHSA-2026:9687
reference_id	RHSA-2026:9687
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9687

reference_url	https://access.redhat.com/errata/RHSA-2026:9688
reference_id	RHSA-2026:9688
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9688

reference_url	https://access.redhat.com/errata/RHSA-2026:9690
reference_id	RHSA-2026:9690
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9690

reference_url	https://access.redhat.com/errata/RHSA-2026:9691
reference_id	RHSA-2026:9691
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9691

reference_url	https://access.redhat.com/errata/RHSA-2026:9693
reference_id	RHSA-2026:9693
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9693

reference_url	https://access.redhat.com/errata/RHSA-2026:9694
reference_id	RHSA-2026:9694
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9694

fixed_packages

aliases

CVE-2026-34268

risk_score

1.3

exploitability

0.5

weighted_severity

2.6

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-jxgd-j4wr-tyb7

url

VCID-ptgq-884e-mkft

vulnerability_id

VCID-ptgq-884e-mkft

summary

libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33636.json

reference_id

reference_type

scores

value	7.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33636.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-33636

reference_id

reference_type

scores

value	0.00033
scoring_system	epss
scoring_elements	0.09433
published_at	2026-04-07T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09521
published_at	2026-04-04T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09508
published_at	2026-04-08T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09555
published_at	2026-04-09T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09569
published_at	2026-04-11T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.0954
published_at	2026-04-12T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09524
published_at	2026-04-13T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09418
published_at	2026-04-16T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.0942
published_at	2026-04-18T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10217
published_at	2026-04-02T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15153
published_at	2026-04-21T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15193
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-33636

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33636
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33636

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132013
reference_id	1132013
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132013

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2451819
reference_id	2451819
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2451819

reference_url

https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869

reference_id

7734cda20cf1236aef60f3bbd2267c97bbb40869

reference_type

scores

value	7.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:45:14Z/

url

https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869

reference_url

https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3

reference_id

aba9f18eba870d14fb52c5ba5d73451349e339c3

reference_type

scores

value	7.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:45:14Z/

url

https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3

reference_url

https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2

reference_id

GHSA-wjr5-c57x-95m2

reference_type

scores

value	7.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:45:14Z/

url

https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2

reference_url	https://access.redhat.com/errata/RHSA-2026:6732
reference_id	RHSA-2026:6732
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6732

reference_url	https://access.redhat.com/errata/RHSA-2026:7671
reference_id	RHSA-2026:7671
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7671

reference_url	https://access.redhat.com/errata/RHSA-2026:7672
reference_id	RHSA-2026:7672
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7672

reference_url	https://access.redhat.com/errata/RHSA-2026:8052
reference_id	RHSA-2026:8052
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8052

reference_url	https://access.redhat.com/errata/RHSA-2026:8459
reference_id	RHSA-2026:8459
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8459

reference_url	https://access.redhat.com/errata/RHSA-2026:9254
reference_id	RHSA-2026:9254
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9254

reference_url	https://access.redhat.com/errata/RHSA-2026:9255
reference_id	RHSA-2026:9255
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9255

reference_url	https://access.redhat.com/errata/RHSA-2026:9345
reference_id	RHSA-2026:9345
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9345

reference_url	https://access.redhat.com/errata/RHSA-2026:9638
reference_id	RHSA-2026:9638
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9638

reference_url	https://access.redhat.com/errata/RHSA-2026:9693
reference_id	RHSA-2026:9693
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9693

fixed_packages

aliases

CVE-2026-33636

risk_score

3.4

exploitability

0.5

weighted_severity

6.8

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-ptgq-884e-mkft

url

VCID-rm7f-ybuf-dyfq

vulnerability_id

VCID-rm7f-ybuf-dyfq

summary

libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22695.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22695.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-22695

reference_id

reference_type

scores

value	0.0003
scoring_system	epss
scoring_elements	0.08627
published_at	2026-04-02T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.08702
published_at	2026-04-24T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.08678
published_at	2026-04-04T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.08597
published_at	2026-04-07T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.08671
published_at	2026-04-08T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.08696
published_at	2026-04-11T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.08673
published_at	2026-04-12T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.0866
published_at	2026-04-13T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.08548
published_at	2026-04-16T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.08535
published_at	2026-04-18T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.08689
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-22695

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22695
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22695

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125443
reference_id	1125443
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125443

reference_url

https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea

reference_id

218612ddd6b17944e21eda56caf8b4bf7779d1ea

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:13:00Z/

url

https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2428825
reference_id	2428825
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2428825

reference_url

https://github.com/pnggroup/libpng/issues/778

reference_id

778

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:13:00Z/

url

https://github.com/pnggroup/libpng/issues/778

reference_url

https://github.com/pnggroup/libpng/commit/e4f7ad4ea2

reference_id

e4f7ad4ea2

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:13:00Z/

url

https://github.com/pnggroup/libpng/commit/e4f7ad4ea2

reference_url

https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp

reference_id

GHSA-mmq5-27w3-rxpp

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:13:00Z/

url

https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp

reference_url	https://access.redhat.com/errata/RHSA-2026:3405
reference_id	RHSA-2026:3405
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3405

reference_url	https://access.redhat.com/errata/RHSA-2026:3551
reference_id	RHSA-2026:3551
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3551

reference_url	https://access.redhat.com/errata/RHSA-2026:3573
reference_id	RHSA-2026:3573
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3573

reference_url	https://access.redhat.com/errata/RHSA-2026:3574
reference_id	RHSA-2026:3574
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3574

reference_url	https://access.redhat.com/errata/RHSA-2026:3575
reference_id	RHSA-2026:3575
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3575

reference_url	https://access.redhat.com/errata/RHSA-2026:3576
reference_id	RHSA-2026:3576
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3576

reference_url	https://access.redhat.com/errata/RHSA-2026:3577
reference_id	RHSA-2026:3577
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3577

reference_url	https://access.redhat.com/errata/RHSA-2026:4306
reference_id	RHSA-2026:4306
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4306

reference_url	https://access.redhat.com/errata/RHSA-2026:4501
reference_id	RHSA-2026:4501
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4501

reference_url	https://access.redhat.com/errata/RHSA-2026:4728
reference_id	RHSA-2026:4728
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4728

reference_url	https://access.redhat.com/errata/RHSA-2026:4729
reference_id	RHSA-2026:4729
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4729

reference_url	https://access.redhat.com/errata/RHSA-2026:4730
reference_id	RHSA-2026:4730
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4730

reference_url	https://access.redhat.com/errata/RHSA-2026:4731
reference_id	RHSA-2026:4731
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4731

reference_url	https://access.redhat.com/errata/RHSA-2026:4732
reference_id	RHSA-2026:4732
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4732

reference_url	https://access.redhat.com/errata/RHSA-2026:5606
reference_id	RHSA-2026:5606
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:5606

reference_url	https://access.redhat.com/errata/RHSA-2026:6732
reference_id	RHSA-2026:6732
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6732

reference_url	https://access.redhat.com/errata/RHSA-2026:8746
reference_id	RHSA-2026:8746
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8746

reference_url	https://access.redhat.com/errata/RHSA-2026:8747
reference_id	RHSA-2026:8747
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8747

reference_url	https://access.redhat.com/errata/RHSA-2026:8748
reference_id	RHSA-2026:8748
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8748

reference_url	https://access.redhat.com/errata/RHSA-2026:9254
reference_id	RHSA-2026:9254
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9254

reference_url	https://access.redhat.com/errata/RHSA-2026:9255
reference_id	RHSA-2026:9255
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9255

reference_url	https://usn.ubuntu.com/7963-1/
reference_id	USN-7963-1
reference_type
scores
url	https://usn.ubuntu.com/7963-1/

reference_url	https://usn.ubuntu.com/8035-1/
reference_id	USN-8035-1
reference_type
scores
url	https://usn.ubuntu.com/8035-1/

fixed_packages

aliases

CVE-2026-22695

risk_score

2.8

exploitability

0.5

weighted_severity

5.5

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-rm7f-ybuf-dyfq

url

VCID-sz6r-65q1-q3bh

vulnerability_id

VCID-sz6r-65q1-q3bh

summary

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22021.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22021.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-22021

reference_id

reference_type

scores

value	0.00039
scoring_system	epss
scoring_elements	0.11666
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-22021

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22021
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22021

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894
reference_id	1134894
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2460042
reference_id	2460042
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2460042

reference_url

https://www.oracle.com/security-alerts/cpuapr2026.html

reference_id

cpuapr2026.html

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T13:58:16Z/

url

https://www.oracle.com/security-alerts/cpuapr2026.html

reference_url	https://access.redhat.com/errata/RHSA-2026:9254
reference_id	RHSA-2026:9254
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9254

reference_url	https://access.redhat.com/errata/RHSA-2026:9255
reference_id	RHSA-2026:9255
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9255

reference_url	https://access.redhat.com/errata/RHSA-2026:9256
reference_id	RHSA-2026:9256
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9256

reference_url	https://access.redhat.com/errata/RHSA-2026:9682
reference_id	RHSA-2026:9682
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9682

reference_url	https://access.redhat.com/errata/RHSA-2026:9684
reference_id	RHSA-2026:9684
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9684

reference_url	https://access.redhat.com/errata/RHSA-2026:9685
reference_id	RHSA-2026:9685
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9685

reference_url	https://access.redhat.com/errata/RHSA-2026:9687
reference_id	RHSA-2026:9687
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9687

reference_url	https://access.redhat.com/errata/RHSA-2026:9688
reference_id	RHSA-2026:9688
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9688

reference_url	https://access.redhat.com/errata/RHSA-2026:9690
reference_id	RHSA-2026:9690
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9690

reference_url	https://access.redhat.com/errata/RHSA-2026:9691
reference_id	RHSA-2026:9691
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9691

reference_url	https://access.redhat.com/errata/RHSA-2026:9693
reference_id	RHSA-2026:9693
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9693

reference_url	https://access.redhat.com/errata/RHSA-2026:9694
reference_id	RHSA-2026:9694
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9694

fixed_packages

aliases

CVE-2026-22021

risk_score

2.4

exploitability

0.5

weighted_severity

4.8

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-sz6r-65q1-q3bh

url

VCID-xte1-h9nn-4bbk

vulnerability_id

VCID-xte1-h9nn-4bbk

summary

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22018.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22018.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-22018

reference_id

reference_type

scores

value	0.00039
scoring_system	epss
scoring_elements	0.11666
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-22018

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22018
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22018

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894
reference_id	1134894
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2460041
reference_id	2460041
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2460041

reference_url

https://www.oracle.com/security-alerts/cpuapr2026.html

reference_id

cpuapr2026.html

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:05:52Z/

url

https://www.oracle.com/security-alerts/cpuapr2026.html

reference_url	https://access.redhat.com/errata/RHSA-2026:9254
reference_id	RHSA-2026:9254
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9254

reference_url	https://access.redhat.com/errata/RHSA-2026:9255
reference_id	RHSA-2026:9255
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9255

reference_url	https://access.redhat.com/errata/RHSA-2026:9256
reference_id	RHSA-2026:9256
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9256

reference_url	https://access.redhat.com/errata/RHSA-2026:9682
reference_id	RHSA-2026:9682
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9682

reference_url	https://access.redhat.com/errata/RHSA-2026:9684
reference_id	RHSA-2026:9684
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9684

reference_url	https://access.redhat.com/errata/RHSA-2026:9685
reference_id	RHSA-2026:9685
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9685

reference_url	https://access.redhat.com/errata/RHSA-2026:9687
reference_id	RHSA-2026:9687
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9687

reference_url	https://access.redhat.com/errata/RHSA-2026:9688
reference_id	RHSA-2026:9688
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9688

reference_url	https://access.redhat.com/errata/RHSA-2026:9690
reference_id	RHSA-2026:9690
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9690

reference_url	https://access.redhat.com/errata/RHSA-2026:9691
reference_id	RHSA-2026:9691
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9691

reference_url	https://access.redhat.com/errata/RHSA-2026:9693
reference_id	RHSA-2026:9693
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9693

reference_url	https://access.redhat.com/errata/RHSA-2026:9694
reference_id	RHSA-2026:9694
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9694

fixed_packages

aliases

CVE-2026-22018

risk_score

1.6

exploitability

0.5

weighted_severity

3.3

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-xte1-h9nn-4bbk

url

VCID-xyhj-84d1-dqh3

vulnerability_id

VCID-xyhj-84d1-dqh3

summary

libpng: LIBPNG has a heap buffer overflow in png_set_quantize

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25646.json

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25646.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-25646

reference_id

reference_type

scores

value	0.00077
scoring_system	epss
scoring_elements	0.23049
published_at	2026-04-08T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.22976
published_at	2026-04-07T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.23103
published_at	2026-04-09T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.23122
published_at	2026-04-11T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.23085
published_at	2026-04-12T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.23029
published_at	2026-04-13T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.23042
published_at	2026-04-16T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.23035
published_at	2026-04-18T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.2376
published_at	2026-04-21T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.23645
published_at	2026-04-24T12:55:00Z

value	0.00093
scoring_system	epss
scoring_elements	0.26176
published_at	2026-04-04T12:55:00Z

value	0.00093
scoring_system	epss
scoring_elements	0.26135
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-25646

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25646
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25646

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88

reference_id

01d03b8453eb30ade759cd45c707e5a1c7277d88

reference_type

scores

value	8.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:31:50Z/

url

https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127566
reference_id	1127566
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127566

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2438542
reference_id	2438542
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2438542

reference_url

https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3

reference_id

GHSA-g8hp-mq4h-rqm3

reference_type

scores

value	8.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:31:50Z/

url

https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3

reference_url	https://access.redhat.com/errata/RHSA-2026:3031
reference_id	RHSA-2026:3031
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3031

reference_url	https://access.redhat.com/errata/RHSA-2026:3405
reference_id	RHSA-2026:3405
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3405

reference_url	https://access.redhat.com/errata/RHSA-2026:3551
reference_id	RHSA-2026:3551
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3551

reference_url	https://access.redhat.com/errata/RHSA-2026:3573
reference_id	RHSA-2026:3573
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3573

reference_url	https://access.redhat.com/errata/RHSA-2026:3574
reference_id	RHSA-2026:3574
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3574

reference_url	https://access.redhat.com/errata/RHSA-2026:3575
reference_id	RHSA-2026:3575
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3575

reference_url	https://access.redhat.com/errata/RHSA-2026:3576
reference_id	RHSA-2026:3576
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3576

reference_url	https://access.redhat.com/errata/RHSA-2026:3577
reference_id	RHSA-2026:3577
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3577

reference_url	https://access.redhat.com/errata/RHSA-2026:3968
reference_id	RHSA-2026:3968
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3968

reference_url	https://access.redhat.com/errata/RHSA-2026:3969
reference_id	RHSA-2026:3969
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3969

reference_url	https://access.redhat.com/errata/RHSA-2026:4221
reference_id	RHSA-2026:4221
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4221

reference_url	https://access.redhat.com/errata/RHSA-2026:4222
reference_id	RHSA-2026:4222
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4222

reference_url	https://access.redhat.com/errata/RHSA-2026:4306
reference_id	RHSA-2026:4306
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4306

reference_url	https://access.redhat.com/errata/RHSA-2026:4501
reference_id	RHSA-2026:4501
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4501

reference_url	https://access.redhat.com/errata/RHSA-2026:4728
reference_id	RHSA-2026:4728
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4728

reference_url	https://access.redhat.com/errata/RHSA-2026:4729
reference_id	RHSA-2026:4729
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4729

reference_url	https://access.redhat.com/errata/RHSA-2026:4730
reference_id	RHSA-2026:4730
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4730

reference_url	https://access.redhat.com/errata/RHSA-2026:4731
reference_id	RHSA-2026:4731
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4731

reference_url	https://access.redhat.com/errata/RHSA-2026:4732
reference_id	RHSA-2026:4732
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4732

reference_url	https://access.redhat.com/errata/RHSA-2026:4756
reference_id	RHSA-2026:4756
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4756

reference_url	https://access.redhat.com/errata/RHSA-2026:5606
reference_id	RHSA-2026:5606
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:5606

reference_url	https://access.redhat.com/errata/RHSA-2026:6439
reference_id	RHSA-2026:6439
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6439

reference_url	https://access.redhat.com/errata/RHSA-2026:6445
reference_id	RHSA-2026:6445
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6445

reference_url	https://access.redhat.com/errata/RHSA-2026:6466
reference_id	RHSA-2026:6466
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6466

reference_url	https://access.redhat.com/errata/RHSA-2026:6467
reference_id	RHSA-2026:6467
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6467

reference_url	https://access.redhat.com/errata/RHSA-2026:6468
reference_id	RHSA-2026:6468
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6468

reference_url	https://access.redhat.com/errata/RHSA-2026:6469
reference_id	RHSA-2026:6469
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6469

reference_url	https://access.redhat.com/errata/RHSA-2026:6553
reference_id	RHSA-2026:6553
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6553

reference_url	https://access.redhat.com/errata/RHSA-2026:6732
reference_id	RHSA-2026:6732
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6732

reference_url	https://access.redhat.com/errata/RHSA-2026:7032
reference_id	RHSA-2026:7032
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7032

reference_url	https://access.redhat.com/errata/RHSA-2026:7033
reference_id	RHSA-2026:7033
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7033

reference_url	https://access.redhat.com/errata/RHSA-2026:7034
reference_id	RHSA-2026:7034
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7034

reference_url	https://access.redhat.com/errata/RHSA-2026:7035
reference_id	RHSA-2026:7035
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7035

reference_url	https://access.redhat.com/errata/RHSA-2026:7036
reference_id	RHSA-2026:7036
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7036

reference_url	https://access.redhat.com/errata/RHSA-2026:7239
reference_id	RHSA-2026:7239
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7239

reference_url	https://access.redhat.com/errata/RHSA-2026:7243
reference_id	RHSA-2026:7243
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7243

reference_url	https://access.redhat.com/errata/RHSA-2026:8746
reference_id	RHSA-2026:8746
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8746

reference_url	https://access.redhat.com/errata/RHSA-2026:8747
reference_id	RHSA-2026:8747
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8747

reference_url	https://access.redhat.com/errata/RHSA-2026:8748
reference_id	RHSA-2026:8748
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8748

reference_url	https://access.redhat.com/errata/RHSA-2026:9254
reference_id	RHSA-2026:9254
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9254

reference_url	https://access.redhat.com/errata/RHSA-2026:9255
reference_id	RHSA-2026:9255
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9255

reference_url	https://usn.ubuntu.com/8035-1/
reference_id	USN-8035-1
reference_type
scores
url	https://usn.ubuntu.com/8035-1/

reference_url	https://usn.ubuntu.com/8039-1/
reference_id	USN-8039-1
reference_type
scores
url	https://usn.ubuntu.com/8039-1/

reference_url	https://usn.ubuntu.com/8081-1/
reference_id	USN-8081-1
reference_type
scores
url	https://usn.ubuntu.com/8081-1/

fixed_packages

aliases

CVE-2026-25646

risk_score

3.8

exploitability

0.5

weighted_severity

7.5

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-xyhj-84d1-dqh3

url

VCID-zsun-4q6p-8fek

vulnerability_id

VCID-zsun-4q6p-8fek

summary

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22013.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22013.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-22013

reference_id

reference_type

scores

value	0.0004
scoring_system	epss
scoring_elements	0.12118
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-22013

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22013
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22013

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894
reference_id	1134894
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2460040
reference_id	2460040
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2460040

reference_url

https://www.oracle.com/security-alerts/cpuapr2026.html

reference_id

cpuapr2026.html

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:09:34Z/

url

https://www.oracle.com/security-alerts/cpuapr2026.html

reference_url	https://access.redhat.com/errata/RHSA-2026:9254
reference_id	RHSA-2026:9254
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9254

reference_url	https://access.redhat.com/errata/RHSA-2026:9255
reference_id	RHSA-2026:9255
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9255

reference_url	https://access.redhat.com/errata/RHSA-2026:9256
reference_id	RHSA-2026:9256
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9256

reference_url	https://access.redhat.com/errata/RHSA-2026:9682
reference_id	RHSA-2026:9682
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9682

reference_url	https://access.redhat.com/errata/RHSA-2026:9684
reference_id	RHSA-2026:9684
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9684

reference_url	https://access.redhat.com/errata/RHSA-2026:9685
reference_id	RHSA-2026:9685
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9685

reference_url	https://access.redhat.com/errata/RHSA-2026:9687
reference_id	RHSA-2026:9687
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9687

reference_url	https://access.redhat.com/errata/RHSA-2026:9688
reference_id	RHSA-2026:9688
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9688

reference_url	https://access.redhat.com/errata/RHSA-2026:9690
reference_id	RHSA-2026:9690
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9690

reference_url	https://access.redhat.com/errata/RHSA-2026:9691
reference_id	RHSA-2026:9691
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9691

reference_url	https://access.redhat.com/errata/RHSA-2026:9693
reference_id	RHSA-2026:9693
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9693

reference_url	https://access.redhat.com/errata/RHSA-2026:9694
reference_id	RHSA-2026:9694
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9694

fixed_packages

aliases

CVE-2026-22013

risk_score

2.4

exploitability

0.5

weighted_severity

4.8

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-zsun-4q6p-8fek

Fixing_vulnerabilities

Risk_score 3.8

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/java-11-openjdk@1:11.0.31.0.11-1%3Farch=el7_9

Package Instance