CVEs from 2026
Total
14,110
critical
critical 1,245
high
high 4,690
medium
medium 4,467
low
low 488
% Critical
8.8%
% with KEV
0.4%
% with exploit
0.8%
Top vendors
Top products
- chrome 522
- firepower_threat_defense_software 300
- firepower_threat_defense 298
- gcp 247
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-9082 | critical | 9.8 | 10.0 | 14d ago | Drupal Core contains a SQL injection vulnerability that could allow for privilege escalation and remote code execution via specially crafted requests sent with the database abstraction API. | |||
| CVE-2026-20182 | critical | 10.0 | 10.0 | 20d ago | Cisco Catalyst SD-WAN Controller & Manager contain an authentication bypass vulnerability that allows an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges… | |||
| CVE-2026-44262 | critical | 9.4 | 10.0 | 28d ago | Scramble vulnerable to remote code execution via evaluation of user-controlled input in validation rules | |||
| CVE-2026-42607 | critical | 9.1 | 10.0 | 29d ago | Grav Vulnerable to Remote Code Execution (RCE) via Malicious Plugin ZIP Upload in Direct Install Feature | |||
| CVE-2026-36356 | critical | 9.1 | 10.0 | 29d ago | The GoAhead web server on MeiG Smart FORGE_SLT711 devices (firmware MDM9607.LE.1.0-00110-STD.PROD-1) allows unauthenticated OS command injection via the /action/SetRemoteAccessCfg endpoint. | |||
| CVE-2026-31431 | high | 7.8 | 10.0 | 1mo ago | Linux Kernel contains an incorrect resource transfer between spheres vulnerability that could allow for privilege escalation. | |||
| CVE-2026-7567 | critical | 9.8 | 10.0 | 1mo ago | The Temporary Login plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.0.0. This is due to improper input validation in the maybe_login_temporary_user() fun… | |||
| CVE-2026-41940 | critical | 9.8 | 10.0 | 1mo ago | WebPros cPanel & WHM (WebHost Manager) and WP2 (WordPress Squared) contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized a… | |||
| CVE-2026-4631 | critical | — | 10.0 | 2mo ago | Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit… | |||
| CVE-2026-32746 | critical | 9.8 | 10.0 | 3mo ago | telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full. | |||
| CVE-2026-28517 | critical | 9.8 | 10.0 | 3mo ago | openDCIM version 23.04, through commit 4467e9c4, contains an OS command injection vulnerability in report_network_map.php. The application retrieves the 'dot' configuration parameter from the databas… | |||
| CVE-2026-43284 | high | 8.8 | 9.8 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP marks… | |||
| CVE-2026-23918 | high | 8.8 | 9.8 | 1mo ago | Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which f… | |||
| CVE-2026-42471 | high | 8.1 | 9.1 | 1mo ago | Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke client (Connection.php:76) calls unserialize() on data received from the server response, enabling client-sid… | |||
| CVE-2026-46522 | high | — | 9.0 | 16d ago | ImageMagick: Infinite Loop in the MIFF decoder can lead to CPU exhaustion | |||
| CVE-2026-46300 | high | 7.8 | 8.8 | 15d ago | In the Linux kernel, the following vulnerability has been resolved: net: skbuff: preserve shared-frag marker during coalescing skb_try_coalesce() can attach paged frags from @from to @to. If @from… | |||
| CVE-2026-43500 | high | 7.8 | 8.8 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present The DATA-packet handler in rxrpc_input_call_event() and th… | |||
| CVE-2026-23231 | high | 7.8 | 8.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix use-after-free in nf_tables_addchain() nf_tables_addchain() publishes the chain to table->chains via li… | |||
| CVE-2026-36355 | high | 7.7 | 8.7 | 29d ago | The rtl8192cd Wi-Fi kernel driver in the Realtek rtl819x Jungle SDK (all known versions through v3.4.14B) does not perform any access control checks on the write_mem (ioctl 0x89F5) and read_mem (ioct… | |||
| CVE-2026-44680 | high | 7.6 | 8.6 | 8d ago | MikroORM has SQL injection via runtime-controlled identifiers and JSON-path keys | |||
| CVE-2026-34474 | high | 7.5 | 8.5 | 28d ago | Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A 1.1 and H108N 2.6. A crafted request to the router web interface can expose sensitive device and account information. I… | |||
| CVE-2026-34473 | high | 7.5 | 8.5 | 28d ago | Unauthenticated DoS in ZTE H8102E, H168N, H167A, H199A, H288A, H198A, H267A, H267N, H268A, H388X, H196A, H369A, H268N, H208N, H367N, H181A, and H196Q. A denial-of-service condition can be triggered a… | |||
| CVE-2026-26980 | high | 7.5 | 8.5 | 3mo ago | Ghost has a SQL injection in Content API | |||
| CVE-2026-44403 | high | 7.2 | 8.2 | 22d ago | Wing FTP Server before 8.1.3 contains an authenticated remote code execution vulnerability in the session serialization mechanism that allows authenticated administrators to inject arbitrary Lua code… | |||
| CVE-2026-34472 | high | 7.1 | 8.1 | 2mo ago | Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2_TE and V6.0.10P3N3_TE allows unauthenticated attackers on the local network to retrieve sensitive credentials… | |||
| CVE-2026-26157 | high | 7.0 | 8.0 | 4mo ago | A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may wr… | |||
| CVE-2026-44376 | medium | 6.1 | 7.1 | 21d ago | CubeCart is an ecommerce software solution. Prior to 6.7.0, an unauthenticated Reflected XSS vulnerability exists in the CubeCart v6.x search feature. Due to a logic flaw in classes/catalogue.class.p… | |||
| CVE-2026-6815 | medium | 5.9 | 6.9 | 23d ago | An arbitrary file write vulnerability exists in Casdoor's Local File System storage provider. Due to insufficient path sanitization, an authenticated attacker with administrative privileges can perfo… | |||
| CVE-2026-32202 | medium | 4.3 | 6.8 | 2mo ago | Microsoft Windows Shell contains a protection mechanism failure vulnerability that allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2026-44596 | medium | — | 6.5 | 8d ago | Yamcs has No Rate Limiting on Authentication Endpoint | |||
| CVE-2026-44595 | medium | — | 6.5 | 8d ago | Yamcs vulnerable to unauthorized user enumeration via IAM API endpoints | |||
| CVE-2026-42568 | medium | — | 6.5 | 8d ago | Yamcs Vulnerable to LDAP Injection in LdapAuthModule | |||
| CVE-2026-33829 | medium | 4.3 | 5.3 | 2mo ago | Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2026-1340 | unknown | — | 2.5 | 2mo ago | Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution. | |||
| CVE-2026-34197 | unknown | — | 2.5 | 2mo ago | Apache ActiveMQ contains an improper input validation vulnerability that allows for code injection. | |||
| CVE-2026-3055 | unknown | — | 2.5 | 2mo ago | Citrix NetScaler ADC (formerly Citrix ADC), NetScaler Gateway (formerly Citrix Gateway) and NetScaler ADC FIPS and NDcPP contain an out-of-bounds reads vulnerability when configured as a SAML IDP lea… | |||
| CVE-2026-20127 | unknown | — | 2.5 | 3mo ago | Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, contain an authentication bypass vulnerability could allow an unauthenticated, re… | |||
| CVE-2026-2441 | unknown | — | 2.5 | 4mo ago | Google Chromium CSS contains a use-after-free vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple… | |||
| CVE-2026-1731 | unknown | — | 2.5 | 4mo ago | BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)contain an OS command injection vulnerability. Successful exploitation could allow an unauthenticated remote attacker to execute oper… | |||
| CVE-2026-1281 | unknown | — | 2.5 | 4mo ago | Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution. | |||
| CVE-2026-24061 | unknown | — | 2.5 | 4mo ago | GNU InetUtils contains an argument injection vulnerability in telnetd that could allow for remote authentication bypass via a "-f root" value for the USER environment variable. | |||
| CVE-2026-35333 | unknown | — | 1.0 | — | ||||
| CVE-2026-21876 | unknown | — | 1.0 | — | The OWASP core rule set (CRS) is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when … | |||
| CVE-2026-35330 | unknown | — | 1.0 | — | ||||
| CVE-2026-25994 | unknown | — | 1.0 | — | PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a buffer overflow vulnerability exists in PJNATH ICE Session when processing credentials with exces… | |||
| CVE-2026-34156 | unknown | — | 1.0 | 2mo ago | NocoBase Affected by Sandbox Escape to RCE via console._stdout Prototype Chain Traversal in Workflow Script Node | |||
| CVE-2026-33641 | unknown | — | 1.0 | 2mo ago | Glances Vulnerable to Command Injection via Dynamic Configuration Values | |||
| CVE-2026-29058 | unknown | — | 1.0 | 3mo ago | WWBN AVideo is vulnerable to unauthenticated OS Command Injection via base64Url in objects/getImage.php | |||
| CVE-2026-28501 | unknown | — | 1.0 | 3mo ago | AVideo has Unauthenticated SQL Injection via JSON Request Bypass in objects/videos.json.php | |||
| CVE-2026-27966 | unknown | — | 1.0 | 3mo ago | Langflow has Remote Code Execution in CSV Agent | |||
| CVE-2026-27483 | unknown | — | 1.0 | 3mo ago | MindsDB: Path Traversal in /api/files Leading to Remote Code Execution | |||
| CVE-2026-25732 | unknown | — | 1.0 | 4mo ago | NiceGUI is a Python-based UI framework. Prior to 3.7.0, NiceGUI's FileUpload.name property exposes client-supplied filename metadata without sanitization, enabling path traversal when developers use … | |||
| CVE-2026-25895 | unknown | — | 1.0 | 4mo ago | FUXA Unauthenticated Remote Code Execution via Arbitrary File Write in Upload API | |||
| CVE-2026-25047 | unknown | — | 1.0 | 4mo ago | deepHas vulnerable to Prototype Pollution via constructor.prototype | |||
| CVE-2026-24486 | unknown | — | 1.0 | 4mo ago | Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options `UPLOAD_DIR` and `UPLOAD_KEEP_… | |||
| CVE-2026-24421 | unknown | — | 1.0 | 4mo ago | phpMyFAQ: /api/setup/backup accessible to any authenticated user (authz missing) | |||
| CVE-2026-0770 | unknown | — | 1.0 | 4mo ago | Langflow affected by Remote Code Execution via validate_code() exec() | |||
| CVE-2026-22704 | unknown | — | 1.0 | 5mo ago | HAXcms Has Stored XSS Vulnerability that May Lead to Account Takeover |