CVEs from 2026
Total
14,697
critical
critical 1,323
high
high 4,976
medium
medium 4,753
low
low 501
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 660
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-2146 | high | 8.8 | 8.8 | 4mo ago | A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Perfo… | |||
| CVE-2026-2141 | high | 8.8 | 8.8 | 4mo ago | A security flaw has been discovered in WuKongOpenSource WukongCRM up to 11.3.3. This affects an unknown part of the file gateway/src/main/java/com/kakarote/gateway/service/impl/PermissionServiceImpl.… | |||
| CVE-2026-2135 | high | 8.8 | 8.8 | 4mo ago | A vulnerability was detected in UTT HiPER 810 1.7.4-141218. The impacted element is the function sub_43F020 of the file /goform/formPdbUpConfig. Performing a manipulation of the argument policyNames … | |||
| CVE-2026-2131 | high | 8.8 | 8.8 | 4mo ago | A vulnerability was identified in XixianLiang HarmonyOS-mcp-server 0.1.0. This vulnerability affects the function input_text. The manipulation of the argument text leads to os command injection. Remo… | |||
| CVE-2026-2107 | high | 8.8 | 8.8 | 4mo ago | A vulnerability was found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function loadAllLoginfo/deleteLoginfo/batchDeleteLoginfo of the file dataset\repos\wareh… | |||
| CVE-2026-2106 | high | 8.8 | 8.8 | 4mo ago | A vulnerability has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. The impacted element is the function addNotice/updateNotice/deleteNotice/batchDeleteNotice of the fi… | |||
| CVE-2026-2105 | high | 8.8 | 8.8 | 4mo ago | A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. The affected element is the function addDept/updateDept/deleteDept of the file dataset\repos\warehouse\src\ma… | |||
| CVE-2026-2079 | high | 8.8 | 8.8 | 4mo ago | A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This vulnerability affects the function addMenu/updateMenu/deleteMenu of the file dataset\repos\warehouse\src… | |||
| CVE-2026-2078 | high | 8.8 | 8.8 | 4mo ago | A vulnerability was detected in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function addPermission/updatePermission/deletePermission of the file dataset\repos\wa… | |||
| CVE-2026-2077 | high | 8.8 | 8.8 | 4mo ago | A security vulnerability has been detected in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function addRole/updateRole/deleteRole of the file dataset… | |||
| CVE-2026-2076 | high | 8.8 | 8.8 | 4mo ago | A weakness has been identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this vulnerability is the function addUser/updateUser/deleteUser of the file dataset\rep… | |||
| CVE-2026-2075 | high | 8.8 | 8.8 | 4mo ago | A security flaw has been discovered in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected is the function saveRolePermission of the file dataset\repos\warehouse\src\main\java\c… | |||
| CVE-2026-2065 | high | 8.8 | 8.8 | 4mo ago | A security flaw has been discovered in Flycatcher Toys smART Pixelator 2.0. Affected by this issue is some unknown functionality of the component Bluetooth Low Energy Interface. Performing a manipula… | |||
| CVE-2026-2015 | high | 8.8 | 8.8 | 4mo ago | A weakness has been identified in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file FinalStatusImportService.php of the component Final Status Import. Executing a manipulati… | |||
| CVE-2026-2008 | high | 8.8 | 8.8 | 4mo ago | A vulnerability was detected in abhiphile fermat-mcp up to 47f11def1cd37e45dd060f30cdce346cbdbd6f0a. This vulnerability affects the function eqn_chart of the file fmcp/mpl_mcp/core/eqn_chart.py. Perf… | |||
| CVE-2026-1811 | high | 8.8 | 8.8 | 4mo ago | A flaw has been found in bolo-blog bolo-solo up to 2.6.4. This affects the function importFromMarkdown of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component Filename … | |||
| CVE-2026-1810 | high | 8.8 | 8.8 | 4mo ago | A vulnerability was detected in bolo-blog bolo-solo up to 2.6.4. The impacted element is the function unpackFilteredZip of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the co… | |||
| CVE-2026-22550 | high | 8.8 | 8.8 | 4mo ago | OS command injection vulnerability exists in ELECOM wireless LAN products. A crafted request from a logged-in user may lead to an arbitrary OS command execution. | |||
| CVE-2026-24070 | high | 8.8 | 8.8 | 4mo ago | During the installation of the Native Access application, a privileged helper `com.native-instruments.NativeAccess.Helper2`, which is used by Native Access to trigger functions via XPC communication … | |||
| CVE-2026-1746 | high | 8.8 | 8.8 | 4mo ago | A vulnerability was identified in JeecgBoot 3.9.0. This vulnerability affects unknown code of the file /JeecgBoot/sys/api/loadDictItemByKeyword of the component Online Report API. Such manipulation o… | |||
| CVE-2026-1702 | high | 8.8 | 8.8 | 4mo ago | A vulnerability was detected in SourceCodester Pet Grooming Management Software 1.0. Impacted is an unknown function of the file /admin/operation/user.php of the component User Management. Performing… | |||
| CVE-2026-1691 | high | 8.8 | 8.8 | 4mo ago | A vulnerability has been found in bolo-solo up to 2.6.4. This impacts the function importMarkdownsSync of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component SnakeYAML… | |||
| CVE-2026-1638 | high | 8.8 | 8.8 | 4mo ago | A security flaw has been discovered in Tenda AC21 1.1.1.1/1.dmzip/16.03.08.16. The impacted element is the function mDMZSetCfg of the file /goform/mDMZSetCfg. The manipulation of the argument dmzIp r… | |||
| CVE-2026-1625 | high | 8.8 | 8.8 | 4mo ago | A vulnerability was detected in D-Link DWR-M961 1.1.47. The impacted element is the function sub_4250E0 of the file /boafrm/formSmsManage of the component SMS Message. Performing a manipulation of th… | |||
| CVE-2026-1624 | high | 8.8 | 8.8 | 4mo ago | A security vulnerability has been detected in D-Link DWR-M961 1.1.47. The affected element is an unknown function of the file /boafrm/formLtefotaUpgradeFibocom. Such manipulation of the argument fota… | |||
| CVE-2026-1597 | high | 8.8 | 8.8 | 4mo ago | A vulnerability has been found in Bdtask SalesERP up to 20260116. This issue affects some unknown processing of the component Administrative Endpoint. Such manipulation of the argument ci_session lea… | |||
| CVE-2026-1596 | high | 8.8 | 8.8 | 4mo ago | A flaw has been found in D-Link DWR-M961 1.1.47. This vulnerability affects the function sub_419920 of the file /boafrm/formLtefotaUpgradeQuectel. This manipulation of the argument fota_url causes co… | |||
| CVE-2026-1551 | high | 8.8 | 8.8 | 4mo ago | A weakness has been identified in itsourcecode School Management System 1.0. This affects an unknown part of the file /ramonsys/course/controller.php. Executing a manipulation of the argument ID can … | |||
| CVE-2026-1550 | high | 8.8 | 8.8 | 4mo ago | A security flaw has been discovered in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /hms/hospital/docappsystem/adminviews.py of the comp… | |||
| CVE-2026-1548 | high | 8.8 | 8.8 | 4mo ago | A flaw has been found in Totolink A7000R 4.1cu.4154. This impacts the function CloudACMunualUpdateUserdata of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument url causes command injec… | |||
| CVE-2026-1544 | high | 8.8 | 8.8 | 4mo ago | A security flaw has been discovered in D-Link DIR-823X 250416. Impacted is the function sub_41E2A0 of the file /goform/set_mode. Performing a manipulation of the argument lan_gateway results in os co… | |||
| CVE-2026-1327 | high | 8.8 | 8.8 | 4mo ago | A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279_B20210910. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request H… | |||
| CVE-2026-1326 | high | 8.8 | 8.8 | 4mo ago | A weakness has been identified in Totolink NR1800X 9.1.0u.6279_B20210910. This vulnerability affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Thi… | |||
| CVE-2026-0834 | high | 8.8 | 8.8 | 5mo ago | Logic vulnerability in TP-Link Archer C20 v5, 6.0, Archer AX53 v1.0 and TL-WR841N v13 (TDDP module) allows unauthenticated adjacent attackers to execute administrative commands including factory rese… | |||
| CVE-2026-1193 | high | 8.8 | 8.8 | 5mo ago | MineAdmin has Incorrect Privilege Assignment | |||
| CVE-2026-1169 | high | 8.8 | 8.8 | 5mo ago | A security vulnerability has been detected in birkir prime up to 0.4.0.beta.0. This vulnerability affects unknown code. Such manipulation leads to cross-site request forgery. The attack can be launch… | |||
| CVE-2026-22031 | high | 8.8 | 8.8 | 5mo ago | Fastify Middie Middleware Path Bypass | |||
| CVE-2026-1150 | high | 8.8 | 8.8 | 5mo ago | A security flaw has been discovered in Totolink LR350 9.3.5u.6369_B20220309. Impacted is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The mani… | |||
| CVE-2026-1149 | high | 8.8 | 8.8 | 5mo ago | A vulnerability was identified in Totolink LR350 9.3.5u.6369_B20220309. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The man… | |||
| CVE-2026-1145 | high | 8.8 | 8.8 | 5mo ago | A flaw has been found in quickjs-ng quickjs up to 0.11.0. Affected by this vulnerability is the function js_typed_array_constructor_ta of the file quickjs.c. This manipulation causes heap-based buffe… | |||
| CVE-2026-1144 | high | 8.8 | 8.8 | 5mo ago | A vulnerability was detected in quickjs-ng quickjs up to 0.11.0. Affected is an unknown function of the file quickjs.c of the component Atomics Ops Handler. The manipulation results in use after free… | |||
| CVE-2026-1141 | high | 8.8 | 8.8 | 5mo ago | A vulnerability was identified in PHPGurukul News Portal 1.0. The affected element is an unknown function of the file /admin/add-subadmins.php of the component Add Sub-Admin Page. Such manipulation l… | |||
| CVE-2026-1066 | high | 8.8 | 8.8 | 5mo ago | A vulnerability was detected in kalcaddle kodbox up to 1.61.10. This issue affects some unknown processing of the file /?explorer/index/zip of the component Compression Handler. The manipulation resu… | |||
| CVE-2026-23622 | high | 8.8 | 8.8 | 5mo ago | alextselegidis/easyappointments is Vulnerable to CSRF Protection Bypass | |||
| CVE-2026-0822 | high | 8.8 | 8.8 | 5mo ago | A vulnerability was identified in quickjs-ng quickjs up to 0.11.0. This issue affects the function js_typed_array_sort of the file quickjs.c. The manipulation leads to heap-based buffer overflow. Rem… | |||
| CVE-2026-0803 | high | 8.8 | 8.8 | 5mo ago | A vulnerability was found in PHPGurukul Online Course Registration System up to 3.1. This affects an unknown part of the file /enroll.php. The manipulation of the argument studentregno/Pincode/sessio… | |||
| CVE-2026-0733 | high | 8.8 | 8.8 | 5mo ago | A vulnerability was determined in PHPGurukul Online Course Registration System up to 3.1. This impacts an unknown function of the file /onlinecourse/admin/manage-students.php. This manipulation of th… | |||
| CVE-2026-0641 | high | 8.8 | 8.8 | 5mo ago | A security vulnerability has been detected in TOTOLINK WA300 5.2cu.7112_B20190227. This vulnerability affects the function sub_401510 of the file cstecgi.cgi. The manipulation of the argument UPLOAD_… | |||
| CVE-2026-0574 | high | 8.8 | 8.8 | 5mo ago | A weakness has been identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function saveUserRole of the file warehouse\src\main\java\com\yeqifu\sys\controller… | |||
| CVE-2026-0547 | high | 8.8 | 8.8 | 5mo ago | A vulnerability was found in PHPGurukul Online Course Registration up to 3.1. This issue affects some unknown processing of the file /admin/edit-student-profile.php of the component Student Registrat… | |||
| CVE-2026-46392 | high | 8.7 | 8.7 | 3h ago | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the `saveFile` endpoint validates upload extensions case-insensitively and writes the file… | |||
| CVE-2026-9024 | high | 8.7 | 8.7 | 5d ago | A Stored Cross-site Scripting (XSS) vulnerability affecting Process Experience Studio in DELMIA Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2026x could all… | |||
| CVE-2026-48527 | high | 8.7 | 8.7 | 7d ago | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions up to and including 26.0.0 are affected by a stored cross-site scripting (XSS) vulnerability in the `/system/api/saveNode… | |||
| CVE-2026-47762 | high | 8.7 | 8.7 | 8d ago | TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via forged mce:protected comments. Allows attackers to bypass sanitization and injec… | |||
| CVE-2026-47760 | high | 8.7 | 8.7 | 8d ago | TinyMCE is an open source rich text editor. From 6.8.0 to before 7.1.0, TinyMCE contains an XSS vulnerability caused by improper SVG namespace scope handling in the sanitizer. A crafted payload using… | |||
| CVE-2026-42197 | high | 8.7 | 8.7 | 9d ago | RELATE is a web-based courseware package. Versions prior to commit 555f0efb1c5bd7531c07cd73724d7e566a81f620 have a stored cross-site scripting vulnerability that allows any enrolled student to execut… | |||
| CVE-2026-44669 | high | 8.7 | 8.7 | 10d ago | FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting (XSS) via attachment filenames in assessment file preview f… | |||
| CVE-2026-44667 | high | 8.7 | 8.7 | 10d ago | FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting (XSS) via attachment filenames in remediation verification … | |||
| CVE-2026-44729 | high | 8.7 | 8.7 | 10d ago | Twenty is an open source CRM. In 1.18.0 and earlier, the file serving endpoints in Twenty CRM at /files/* and /file/:fileFolder/:id serve uploaded files using fileStream.pipe(res) without setting any… | |||
| CVE-2026-28445 | high | 8.7 | 8.7 | 14d ago | Typebot has Stored XSS via Rating Block Custom Icon that Bypasses isUnsafe Sandbox in Builder Preview | |||
| CVE-2026-40165 | high | 8.7 | 8.7 | 16d ago | authentik is an open-source identity provider. Versions 2025.12.4 and prior, and versions 2026.2.0-rc1 through 2026.2.2 were vulnerable to Authentication Bypass through SAML NameID XML Comment Inject… | |||
| CVE-2026-34241 | high | 8.7 | 8.7 | 17d ago | CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting (XSS) vulnerability in the ticket reply notification system. Unsanitize… | |||
| CVE-2026-27173 | high | 8.7 | 8.7 | 17d ago | Apache Airflow CNCF Kubernetes provider: JWT Token Exposure in KubernetesExecutor Command-Line Arguments | |||
| CVE-2026-6346 | high | 8.7 | 8.7 | 19d ago | Mattermost doesn't sanitize sensitive configuration fields before including them in support packet generation | |||
| CVE-2026-45315 | high | 8.7 | 8.7 | 21d ago | Open WebUI has stored XSS via attacker-controlled file extension in /api/v1/audio/transcriptions | |||
| CVE-2026-44549 | high | 8.7 | 8.7 | 21d ago | Open WebUI has stored XSS in Excel file preview | |||
| CVE-2026-41147 | high | 8.7 | 8.7 | 21d ago | NukeViet CMS: Stored Cross-Site Scripting (XSS) via insufficient server-side input sanitization in Request class | |||
| CVE-2026-45348 | high | 8.7 | 8.7 | 22d ago | pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the packages.js template at src/pyload/webui/app/themes/modern/templates/js/packages.js:172 interpolates … | |||
| CVE-2026-33583 | high | 8.7 | 8.7 | 23d ago | Exposure of the QKEY (used as input into the ‘OTA-Quantum’ device registration process) and internal system keys via an unauthenticated and unencrypted HTTP GET method in the Arqit Symmetric Key Ag… | |||
| CVE-2026-44295 | high | 8.7 | 8.7 | 23d ago | protobuf.js: Code injection in pbjs static output from crafted schema names | |||
| CVE-2026-42930 | high | 8.7 | 8.7 | 23d ago | When running in Appliance mode, an authenticated attacker assigned the 'Administrator' role may be able to bypass Appliance mode restrictions on a BIG-IP system. Note: Software versions which have … | |||
| CVE-2026-42924 | high | 8.7 | 8.7 | 23d ago | An authenticated attacker with the Resource Administrator or Administrator role can create SNMP configuration objects through iControl SOAP resulting in privilege escalation. Note: Software versions… | |||
| CVE-2026-42406 | high | 8.7 | 8.7 | 23d ago | A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running ar… | |||
| CVE-2026-41953 | high | 8.7 | 8.7 | 23d ago | A vulnerability exists in BIG-IP systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can modify configuration objects resulting in privilege escala… | |||
| CVE-2026-40698 | high | 8.7 | 8.7 | 23d ago | A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can create SNMP configuration objects through iCont… | |||
| CVE-2026-40631 | high | 8.7 | 8.7 | 23d ago | An authenticated attacker with the Resource Administrator or Administrator role can modify configuration objects through iControl SOAP resulting in privilege escalation. Note: Software versions whic… | |||
| CVE-2026-40061 | high | 8.7 | 8.7 | 23d ago | When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with the Resource Administrator or… | |||
| CVE-2026-34176 | high | 8.7 | 8.7 | 23d ago | When running in Appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a securit… | |||
| CVE-2026-32673 | high | 8.7 | 8.7 | 23d ago | A vulnerability exists in BIG-IP scripted monitors that may allow an authenticated attacker with the Resource Administrator or Administrator role to execute arbitrary system commands with higher priv… | |||
| CVE-2026-32643 | high | 8.7 | 8.7 | 23d ago | A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running ar… | |||
| CVE-2026-34686 | high | 8.7 | 8.7 | 24d ago | Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-pr… | |||
| CVE-2026-34653 | high | 8.7 | 8.7 | 24d ago | Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') … | |||
| CVE-2026-45392 | high | 8.7 | 8.7 | 25d ago | DOM-based cross-site scripting (XSS) in Cribl Stream before 4.17.1 allows a remote attacker to execute arbitrary JavaScript in the browser of an authenticated user who is tricked into visiting a craf… | |||
| CVE-2026-43912 | high | 8.7 | 8.7 | 25d ago | Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden does not enforce that a groups_users.users_organizations_uuid entry belongs to the same organization as grou… | |||
| CVE-2026-43888 | high | 8.7 | 8.7 | 25d ago | Outline is a service that allows for collaborative documentation. Prior to 1.7.0, ZipHelper.extract computes the extraction path for each entry by passing a full filesystem path through trimFileAndEx… | |||
| CVE-2026-44543 | high | 8.7 | 8.7 | 25d ago | Local Path Provisioner provides a way for the Kubernetes users to utilize the local storage in each node. Prior to 0.0.36, a malicious user with permission to edit the local-path-config ConfigMap in … | |||
| CVE-2026-44552 | high | 8.7 | 8.7 | 28d ago | Open WebUI: Redis Cache Keys tool_servers and terminal_servers Missing Instance Prefix Enable Cross-Instance Cache Poisoning | |||
| CVE-2026-41524 | high | 8.7 | 8.7 | 28d ago | Brave CMS is an open-source CMS. Prior to commit 6c56603, page and article body content entered through the CKEditor rich-text editor is stored verbatim in the database and subsequently rendered with… | |||
| CVE-2026-42275 | high | 8.7 | 8.7 | 29d ago | zrok: WebDAV drive backend follows symlinks outside DriveRoot, enabling host filesystem read/write | |||
| CVE-2026-6973 | high | 7.2 | 8.7 | 29d ago | Ivanti Endpoint Manager Mobile (EPMM) contains an improper input validation vulnerability that allows a remotely authenticated user with administrative access to achieve remote code execution. | |||
| CVE-2026-41505 | high | 8.7 | 8.7 | 29d ago | RELATE is a web-based courseware package. Prior to commit 2f68e16, RELATE is vulnerable to predictable token generation in auth.py's make_sign_in_key() function and exam.py's gen_ticket_code() functi… | |||
| CVE-2026-36355 | high | 7.7 | 8.7 | 1mo ago | The rtl8192cd Wi-Fi kernel driver in the Realtek rtl819x Jungle SDK (all known versions through v3.4.14B) does not perform any access control checks on the write_mem (ioctl 0x89F5) and read_mem (ioct… | |||
| CVE-2026-35228 | high | 8.7 | 8.7 | 1mo ago | Vulnerability in the Oracle MCP Server Helper Tool product of Oracle Open Source Projects (component: helper tool). The supported versions that is affected is 1.0.1-1.0.156. Easily exploitable vulner… | |||
| CVE-2026-33317 | high | 8.7 | 8.7 | 1mo ago | OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, mi… | |||
| CVE-2026-35569 | high | 8.7 | 8.7 | 2mo ago | Stored XSS in SEO Fields Leads to Authenticated API Data Exposure in ApostropheCMS | |||
| CVE-2026-27928 | high | 8.7 | 8.7 | 2mo ago | Improper input validation in Windows Hello allows an unauthorized attacker to bypass a security feature over a network. | |||
| CVE-2026-30587 | high | 8.7 | 8.7 | 2mo ago | Seafile Server has multiple stored XSS vulnerabilities | |||
| CVE-2026-11158 | high | 8.6 | 8.6 | 23h ago | Insufficient validation of untrusted input in Downloads in Google Chrome on Mac prior to 149.0.7827.53 allowed a local attacker to potentially perform a sandbox escape via a crafted AppleScript comma… | |||
| CVE-2026-49202 | high | 8.6 | 8.6 | 2d ago | Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing (CORS) rules that allow cross-site theft. | |||
| CVE-2026-46273 | high | 8.6 | 8.6 | 2d ago | In the Linux kernel, the following vulnerability has been resolved: ibmveth: Disable GSO for packets with small MSS Some physical adapters on Power systems do not support segmentation offload when … |