CVEs from 2026
Total
14,777
critical
critical 1,334
high
high 5,000
medium
medium 4,821
low
low 503
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 723
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42235 | critical | 9.6 | 9.6 | 1mo ago | n8n Vulnerable to XSS via MCP OAuth client | |||
| CVE-2026-42090 | critical | 9.6 | 9.6 | 1mo ago | Notesnook is a note-taking app focused on user privacy & ease of use. Prior to Notesnook Web/Desktop version 3.3.15 and prior to Notesnook iOS/Android version 3.3.20, a stored XSS vulnerability in th… | |||
| CVE-2026-36760 | critical | 9.6 | 9.6 | 1mo ago | An issue in the fileMd5 parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute a path traversal and write arbitrary files w… | |||
| CVE-2026-5166 | critical | 9.6 | 9.6 | 1mo ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Path Traversal. … | |||
| CVE-2026-7333 | critical | 9.6 | 9.6 | 1mo ago | Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-41397 | critical | 9.6 | 9.6 | 1mo ago | OpenClaw: OpenShell Mirror Sync — Sandbox Escape via Unrestricted File Sync + Symlink Traversal | |||
| CVE-2026-24303 | critical | 9.6 | 9.6 | 1mo ago | Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network. | |||
| CVE-2026-6920 | critical | 9.6 | 9.6 | 1mo ago | Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted … | |||
| CVE-2026-6919 | critical | 9.6 | 9.6 | 1mo ago | Use after free in DevTools in Google Chrome prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.… | |||
| CVE-2026-42087 | critical | 9.6 | 9.6 | 2mo ago | OpenC3 COSMOS has SQL Injection in QuestDB Time-Series Database | |||
| CVE-2026-6356 | critical | 9.6 | 9.6 | 2mo ago | A vulnerability in the web application allows standard users to escalate their privileges to those of a super administrator through parameter manipulation, enabling them to access and modify sensitiv… | |||
| CVE-2026-5845 | critical | 9.6 | 9.6 | 2mo ago | An improper authorization vulnerability in scoped user-to-server (ghu_) token authorization in GitHub Enterprise Server allows an authenticated attacker to access private repositories outside the int… | |||
| CVE-2026-6296 | critical | 9.6 | 9.6 | 2mo ago | Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-27303 | critical | 9.6 | 9.6 | 2mo ago | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Ex… | |||
| CVE-2026-6068 | critical | 9.6 | 9.6 | 2mo ago | NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling pointer to freed memory is stored in the global depend_file and later dereferenced, as the response… | |||
| CVE-2026-28373 | critical | 9.6 | 9.6 | 2mo ago | The Stackfield Desktop App before 1.10.2 for macOS and Windows contains a path traversal vulnerability in certain decryption functionality when processing the filePath property. A malicious export ca… | |||
| CVE-2026-26135 | critical | 9.6 | 9.6 | 2mo ago | Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to elevate privileges over a network. | |||
| CVE-2026-34430 | critical | 9.6 | 9.6 | 2mo ago | ByteDance DeerFlow versions prior to commit 92c7a20 contain a sandbox escape vulnerability in bash tool handling that allows attackers to execute arbitrary commands on the host system by bypassing re… | |||
| CVE-2026-22208 | critical | 9.6 | 9.6 | 4mo ago | OpenS100 (the reference implementation S-100 viewer) prior to commit 753cf29 contains a remote code execution vulnerability via an unrestricted Lua interpreter. The Portrayal Engine initializes Lua u… | |||
| CVE-2026-46621 | critical | — | 9.5 | 10d ago | Yamcs Vulnerable to Authenticated Remote Code Execution (RCE) via Jython Algorithm Code Injection | |||
| CVE-2026-46562 | critical | — | 9.5 | 10d ago | Yamcs Vulnerable to Remote Code Execution via Mission Database algorithm override | |||
| CVE-2026-45618 | critical | — | 9.5 | 10d ago | LiquidJS is Vulnerable to Remote Code Execution | |||
| CVE-2026-44632 | critical | — | 9.5 | 11d ago | Yamcs Vulnerable to Server-Side Code Injection (RCE) via Janino Expression Engine in `JavaExprAlgorithmExecutionFactory` | |||
| CVE-2026-46716 | critical | — | 9.5 | 15d ago | Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron | |||
| CVE-2026-46670 | critical | — | 9.5 | 15d ago | YesWiki: Unauthenticated SQL Injection | |||
| CVE-2026-46614 | critical | — | 9.5 | 16d ago | Fission router exposes /fission-function/<ns>/<name> on its public listener, allowing invocation of any function without an HTTPTrigger | |||
| CVE-2026-33137 | critical | — | 9.5 | 17d ago | XWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName} | |||
| CVE-2026-23734 | critical | — | 9.5 | 17d ago | XWiki Platform has path traversal via resources parameter in ssx and jsx endpoints when using leading slash | |||
| CVE-2026-46421 | critical | — | 9.5 | 17d ago | Supply chain compromise via malicious package versions (@cap-js/sqlite, @cap-js/postgres, @cap-js/db-service) | |||
| CVE-2026-46633 | critical | — | 9.5 | 17d ago | Twig: PHP code injection via `{% use %}` template name | |||
| CVE-2026-46412 | critical | — | 9.5 | 18d ago | Malicious code in @beproduct/nestjs-auth (0.1.2 through 0.1.19) — Mini Shai-Hulud worm | |||
| CVE-2026-46354 | critical | — | 9.5 | 18d ago | Coder: PKCS#7 signature bypass in Azure instance identity allows unauthenticated agent token theft | |||
| CVE-2026-46339 | critical | — | 9.5 | 18d ago | 9router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes | |||
| CVE-2026-45695 | critical | — | 9.5 | 18d ago | Kopia: RCE via SSH ProxyCommand Injection | |||
| CVE-2026-45568 | critical | — | 9.5 | 18d ago | rok Python ProxyShare can be used as an SSRF proxy through absolute URL paths | |||
| CVE-2026-46395 | critical | — | 9.5 | 18d ago | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the `hmacBase64()` function in the HAXcms Node.js backend contains two critical cryptographic implementat… | |||
| CVE-2026-46703 | critical | — | 9.5 | 22d ago | Boxlite: Path Traversal Vulnerability Leads to Arbitrary File Write on the Host | |||
| CVE-2026-46695 | critical | — | 9.5 | 22d ago | BoxLite: Permission Bypass Allows Modification of Read-Only Files | |||
| CVE-2026-45058 | critical | — | 9.5 | 23d ago | electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In 3.8.8 and earlier, there is persistent local-pty code execution via imported bookmarks or compromised sync… | |||
| CVE-2026-44670 | critical | — | 9.5 | 23d ago | SiYuan Affected by Stored XSS via Attribute View Name to Electron Renderer RCE | |||
| CVE-2026-44588 | critical | — | 9.5 | 23d ago | SiYuan: Electron Renderer RCE via decodeURIComponent-driven tooltip XSS in aria-label sink (incomplete fix for CVE-2026-34585) | |||
| CVE-2026-44990 | critical | — | 9.5 | 23d ago | Apostrophe has default XSS via `xmp` raw-text passthrough in `sanitize-html` | |||
| CVE-2026-44791 | critical | — | 9.5 | 23d ago | n8n Has an XML Node Prototype Pollution Patch Bypass | |||
| CVE-2026-44790 | critical | — | 9.5 | 23d ago | n8n Has an Arbitrary File Read via Git Node | |||
| CVE-2026-44789 | critical | — | 9.5 | 23d ago | n8n: HTTP Request Node Pagination Prototype Pollution to RCE | |||
| CVE-2026-46442 | critical | — | 9.5 | 23d ago | FlowiseAI: Authenticated Host RCE via POST /api/v1/node-custom-function and NodeVM Sandbox Escape | |||
| CVE-2026-44364 | critical | — | 9.5 | 24d ago | misp-modules website - Missing CSRF protection in the website home blueprint | |||
| CVE-2026-44672 | critical | — | 9.5 | 25d ago | mapfish-print is a component of MapFish for printing templated cartographic maps. From 3.23.0 to before 3.28.28, 3.30.30, 3.31.22, 3.33.14, and 4.0.3, the attacker can execute arbitrary code in Dyna… | |||
| CVE-2026-44593 | critical | — | 9.5 | 25d ago | esm.sh is a no-build content delivery network (CDN) for web development. In 137 and earlier, the legacy router first retrieves a response from legacyServer, parses the incoming request path, and ulti… | |||
| CVE-2026-42300 | critical | — | 9.5 | 25d ago | DevGuard has an unauthenticated identity assertion via `X-Admin-Token` header | |||
| CVE-2026-27478 | critical | — | 9.5 | 26d ago | Unity Catalog has a JWT Issuer Validation Bypass tht Allows Complete User Impersonation | |||
| CVE-2026-42571 | critical | — | 9.5 | 28d ago | Pelican Web UI Affected by a Privilege Escalation Attack | |||
| CVE-2026-41586 | critical | — | 9.5 | 1mo ago | fabric-sdk-java has ObjectInputStream.readObject() without ObjectInputFilter, which allows Java deserialization RCE | |||
| CVE-2026-41203 | critical | — | 9.5 | 1mo ago | CI4MS Theme::upload is vulnerable to Zip Slip leading to RCE | |||
| CVE-2026-41202 | critical | — | 9.5 | 1mo ago | CI4MS Backup::restore is vulnerable to Zip Slip leading to RCE | |||
| CVE-2026-42196 | critical | — | 9.5 | 1mo ago | django-s3file is vulnerable to relative path traversal | |||
| CVE-2026-42155 | critical | — | 9.5 | 1mo ago | Magento LTS has Weak API Session ID — Predictable MD5 of Time-Derived Inputs | |||
| CVE-2026-25660 | critical | — | 9.5 | 1mo ago | Codechecker has an authentication bypass for certain API calls | |||
| CVE-2026-41176 | critical | — | 9.5 | 2mo ago | Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution | |||
| CVE-2026-41242 | critical | — | 9.5 | 2mo ago | Arbitrary code execution in protobufjs | |||
| CVE-2026-32179 | critical | — | 9.5 | 2mo ago | MsQuic has a Remote Elevation of Privilege Vulnerability | |||
| CVE-2026-23891 | critical | — | 9.5 | 2mo ago | Decidim has a cross-site scripting (XSS) in user name | |||
| CVE-2026-29145 | critical | — | 9.5 | 2mo ago | CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native. This issue affects Apache Tomcat: from 11.0.0… | |||
| CVE-2026-39890 | critical | — | 9.5 | 2mo ago | PraisonAI Vulnerable to Remote Code Execution via YAML Deserialization in Agent Definition Loading | |||
| CVE-2026-39324 | critical | — | 9.5 | 2mo ago | Rack::Session::Cookie secrets: decrypt failure fallback enables secretless session forgery and Marshal deserialization | |||
| CVE-2026-35035 | critical | — | 9.5 | 2mo ago | CI4MS: Company Information Public-Facing Page Full Platform Compromise & Full Account Takeover for All Roles & Privilege-Escalation via System Settings Company Information Stored DOM XSS | |||
| CVE-2026-0596 | critical | — | 9.5 | 2mo ago | Mlflow: Command Injection when serving models with enable_mlserver=True | |||
| CVE-2026-1709 | critical | — | 9.5 | 4mo ago | Keylime Missing Authentication for Critical Function and Improper Authentication | |||
| CVE-2026-50208 | critical | 9.4 | 9.4 | 2d ago | High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle (MITM) actor could decrypt network traffic. | |||
| CVE-2026-44315 | critical | 9.4 | 9.4 | 10d ago | free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-pfd-management API without inbound OAuth2/bearer-token authorization. A network attacker… | |||
| CVE-2026-44326 | critical | 9.4 | 9.4 | 10d ago | free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-traffic-influence API without inbound OAuth2/bearer-token authorization. A network attac… | |||
| CVE-2026-41948 | critical | 9.4 | 9.4 | 19d ago | Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API by exploiting insufficie… | |||
| CVE-2026-44592 | critical | 9.4 | 9.4 | 23d ago | Gradient is a nix-based continuous integration system. In 1.1.0, when GRADIENT_DISCOVERABLE=true (the default, and the NixOS module default), anyone who can reach /proto can register as a worker with… | |||
| CVE-2026-42596 | critical | 9.4 | 9.4 | 23d ago | Gotenberg vulnerable to unauthenticated SSRF via default deny-list bypass in downloadFrom and webhook | |||
| CVE-2026-42882 | critical | 9.4 | 9.4 | 26d ago | S3-Proxy has Security Issues in its Resource Path Matching Implementation | |||
| CVE-2026-43383 | critical | 9.4 | 9.4 | 29d ago | In the Linux kernel, the following vulnerability has been resolved: net/tcp-md5: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use th… | |||
| CVE-2026-43114 | critical | 9.4 | 9.4 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo_avx2: don't return non-matching entry on expiry New test case fails unexpectedly when avx2 matching fun… | |||
| CVE-2026-42613 | critical | 9.4 | 9.4 | 1mo ago | Grav Vulnerable to Privilege Escalation via Missing Server-Side Validation of groups/access | |||
| CVE-2026-42569 | critical | 9.4 | 9.4 | 1mo ago | phpVMS has an /importer authorization bypass causing full database wipe | |||
| CVE-2026-41571 | critical | 9.4 | 9.4 | 1mo ago | Note Mark: OIDC-registered users authenticated by submitting password "null" | |||
| CVE-2026-3893 | critical | 9.4 | 9.4 | 1mo ago | The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing an attacker with network access to directly access and modify its configuration and operational functions without needi… | |||
| CVE-2026-7248 | critical | 9.4 | 9.4 | 1mo ago | A vulnerability was found in D-Link DI-8100 16.07.26A1. This affects the function tgfile_htm of the file tgfile.htm of the component CGI Endpoint. The manipulation of the argument fn results in buffe… | |||
| CVE-2026-33454 | critical | 9.4 | 9.4 | 1mo ago | Apache Camel's Camel-Mail component is vulnerable to Camel message header injection | |||
| CVE-2026-31685 | critical | 9.4 | 9.4 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6t_eui64: reject invalid MAC header for all packets `eui64_mt6()` derives a modified EUI-64 from the Ethernet source… | |||
| CVE-2026-31448 | critical | 9.4 | 9.4 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: ext4: avoid infinite loops caused by residual data On the mkdir/mknod path, when mapping logical blocks to physical blocks, if in… | |||
| CVE-2026-23941 | critical | 9.4 | 9.4 | 3mo ago | Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Erlang OTP (inets httpd module) allows HTTP Request Smuggling. This vulnerability is associated with program … | |||
| CVE-2026-42849 | critical | 9.3 | 9.3 | 4d ago | authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, due to the implementation of stages in the SFE (Simple Flow Executor) in order to make the interface more comp… | |||
| CVE-2026-42684 | critical | 9.3 | 9.3 | 4d ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ahmad WP Job Portal allows Blind SQL Injection. This issue affects WP Job Portal: from n/a throu… | |||
| CVE-2026-42672 | critical | 9.3 | 9.3 | 5d ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection. This issue affects WP Directory Ki… | |||
| CVE-2026-44590 | critical | 9.3 | 9.3 | 10d ago | Sherlock hunts down social media accounts by username across social networks. Prior to 0.16.1, the GitHub Actions workflow validate_modified_targets.yml is vulnerable to command injection via the pul… | |||
| CVE-2026-42761 | critical | 9.3 | 9.3 | 10d ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows B… | |||
| CVE-2026-42755 | critical | 9.3 | 9.3 | 10d ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 TableOn posts-table-filterable allows Blind SQL Injection.This issue affects TableOn: … | |||
| CVE-2026-42747 | critical | 9.3 | 9.3 | 10d ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Blind SQL Injection.This issue affects … | |||
| CVE-2026-42740 | critical | 9.3 | 9.3 | 10d ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in tainacan Tainacan tainacan allows Blind SQL Injection.This issue affects Tainacan: from n/a throu… | |||
| CVE-2026-42727 | critical | 9.3 | 9.3 | 10d ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows B… | |||
| CVE-2026-8950 | critical | 9.3 | 9.3 | 11d ago | Important: thunderbird security update | |||
| CVE-2026-44451 | critical | 9.3 | 9.3 | 11d ago | Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component override system transpiles user-supplied TSX via Sucrase and evaluates it with new Function, shadowing dangerous global… | |||
| CVE-2026-42774 | critical | 9.3 | 9.3 | 12d ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crocoblock JetEngine allows SQL Injection. This issue affects JetEngine: from n/a through 3.8.8.… | |||
| CVE-2026-42773 | critical | 9.3 | 9.3 | 12d ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eMagicOne eMagicOne Store Manager allows Blind SQL Injection. This issue affects eMagicOne Store… | |||
| CVE-2026-41090 | critical | 9.3 | 9.3 | 15d ago | Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network. |