CVEs from 2026

14,122 normalized CVEs published or assigned in this year.

Total

14,122

critical

critical 1,246

high

high 4,695

medium

medium 4,473

low

low 488

% Critical

8.8%

% with KEV

0.4%

% with exploit

0.8%

Top vendors

qualcomm 1,873
google 769
cisco 662
microsoft 334
adobe 333
apache 183
openclaw 173
mediatek 123

Top products

chrome 522
firepower_threat_defense_software 300
firepower_threat_defense 298
gcp 247
openclaw 172
commerce 104
netweaver_application_server_abap 102
commerce_b2b 89

Top packages

npm/openclaw 407
npm/parse-server 143
Packagist/wwbn/avideo 129
NPM/openclaw 129
Go/github.com/mattermost/mattermost-server 126
npm/n8n 120
Packagist/symfony/symfony 107
Go/github.com/mattermost/mattermost/server/v8 103

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Flags	OS	Vendor	Published	Description
CVE-2026-34926	medium	6.7	8.2				14d ago	Trend Micro Apex One (on-premise) contains a directory traversal vulnerability that could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to depl…
CVE-2026-32201	medium	6.5	8.0				2mo ago	Microsoft SharePoint Server contains an improper input validation vulnerability that allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-32202	medium	4.3	6.8				2mo ago	Microsoft Windows Shell contains a protection mechanism failure vulnerability that allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-45498	medium	4.0	5.5				15d ago	Microsoft Defender contains an unspecified vulnerability that allows for denial of service.