CVEs from 2026
Total
14,726
critical
critical 1,327
high
high 4,986
medium
medium 4,775
low
low 502
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 723
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-6920 | critical | 9.6 | 9.6 | 1mo ago | Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted … | |||
| CVE-2026-6919 | critical | 9.6 | 9.6 | 1mo ago | Use after free in DevTools in Google Chrome prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.… | |||
| CVE-2026-42087 | critical | 9.6 | 9.6 | 1mo ago | OpenC3 COSMOS has SQL Injection in QuestDB Time-Series Database | |||
| CVE-2026-6356 | critical | 9.6 | 9.6 | 2mo ago | A vulnerability in the web application allows standard users to escalate their privileges to those of a super administrator through parameter manipulation, enabling them to access and modify sensitiv… | |||
| CVE-2026-5845 | critical | 9.6 | 9.6 | 2mo ago | An improper authorization vulnerability in scoped user-to-server (ghu_) token authorization in GitHub Enterprise Server allows an authenticated attacker to access private repositories outside the int… | |||
| CVE-2026-6296 | critical | 9.6 | 9.6 | 2mo ago | Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-27303 | critical | 9.6 | 9.6 | 2mo ago | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Ex… | |||
| CVE-2026-6068 | critical | 9.6 | 9.6 | 2mo ago | NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling pointer to freed memory is stored in the global depend_file and later dereferenced, as the response… | |||
| CVE-2026-28373 | critical | 9.6 | 9.6 | 2mo ago | The Stackfield Desktop App before 1.10.2 for macOS and Windows contains a path traversal vulnerability in certain decryption functionality when processing the filePath property. A malicious export ca… | |||
| CVE-2026-26135 | critical | 9.6 | 9.6 | 2mo ago | Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to elevate privileges over a network. | |||
| CVE-2026-34430 | critical | 9.6 | 9.6 | 2mo ago | ByteDance DeerFlow versions prior to commit 92c7a20 contain a sandbox escape vulnerability in bash tool handling that allows attackers to execute arbitrary commands on the host system by bypassing re… | |||
| CVE-2026-22208 | critical | 9.6 | 9.6 | 4mo ago | OpenS100 (the reference implementation S-100 viewer) prior to commit 753cf29 contains a remote code execution vulnerability via an unrestricted Lua interpreter. The Portrayal Engine initializes Lua u… | |||
| CVE-2026-46621 | critical | — | 9.5 | 9d ago | Yamcs Vulnerable to Authenticated Remote Code Execution (RCE) via Jython Algorithm Code Injection | |||
| CVE-2026-46562 | critical | — | 9.5 | 9d ago | Yamcs Vulnerable to Remote Code Execution via Mission Database algorithm override | |||
| CVE-2026-45618 | critical | — | 9.5 | 9d ago | LiquidJS is Vulnerable to Remote Code Execution | |||
| CVE-2026-44632 | critical | — | 9.5 | 10d ago | Yamcs Vulnerable to Server-Side Code Injection (RCE) via Janino Expression Engine in `JavaExprAlgorithmExecutionFactory` | |||
| CVE-2026-46716 | critical | — | 9.5 | 14d ago | Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron | |||
| CVE-2026-46670 | critical | — | 9.5 | 15d ago | YesWiki: Unauthenticated SQL Injection | |||
| CVE-2026-46614 | critical | — | 9.5 | 15d ago | Fission router exposes /fission-function/<ns>/<name> on its public listener, allowing invocation of any function without an HTTPTrigger | |||
| CVE-2026-33137 | critical | — | 9.5 | 16d ago | XWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName} | |||
| CVE-2026-23734 | critical | — | 9.5 | 16d ago | XWiki Platform has path traversal via resources parameter in ssx and jsx endpoints when using leading slash | |||
| CVE-2026-46421 | critical | — | 9.5 | 17d ago | Supply chain compromise via malicious package versions (@cap-js/sqlite, @cap-js/postgres, @cap-js/db-service) | |||
| CVE-2026-46633 | critical | — | 9.5 | 17d ago | Twig: PHP code injection via `{% use %}` template name | |||
| CVE-2026-46412 | critical | — | 9.5 | 17d ago | Malicious code in @beproduct/nestjs-auth (0.1.2 through 0.1.19) — Mini Shai-Hulud worm | |||
| CVE-2026-46354 | critical | — | 9.5 | 17d ago | Coder: PKCS#7 signature bypass in Azure instance identity allows unauthenticated agent token theft | |||
| CVE-2026-46339 | critical | — | 9.5 | 17d ago | 9router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes | |||
| CVE-2026-45695 | critical | — | 9.5 | 17d ago | Kopia: RCE via SSH ProxyCommand Injection | |||
| CVE-2026-45568 | critical | — | 9.5 | 18d ago | rok Python ProxyShare can be used as an SSRF proxy through absolute URL paths | |||
| CVE-2026-46395 | critical | — | 9.5 | 18d ago | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the `hmacBase64()` function in the HAXcms Node.js backend contains two critical cryptographic implementat… | |||
| CVE-2026-46703 | critical | — | 9.5 | 21d ago | Boxlite: Path Traversal Vulnerability Leads to Arbitrary File Write on the Host | |||
| CVE-2026-46695 | critical | — | 9.5 | 21d ago | BoxLite: Permission Bypass Allows Modification of Read-Only Files | |||
| CVE-2026-45058 | critical | — | 9.5 | 22d ago | electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In 3.8.8 and earlier, there is persistent local-pty code execution via imported bookmarks or compromised sync… | |||
| CVE-2026-44670 | critical | — | 9.5 | 22d ago | SiYuan Affected by Stored XSS via Attribute View Name to Electron Renderer RCE | |||
| CVE-2026-44588 | critical | — | 9.5 | 22d ago | SiYuan: Electron Renderer RCE via decodeURIComponent-driven tooltip XSS in aria-label sink (incomplete fix for CVE-2026-34585) | |||
| CVE-2026-44990 | critical | — | 9.5 | 22d ago | Apostrophe has default XSS via `xmp` raw-text passthrough in `sanitize-html` | |||
| CVE-2026-44791 | critical | — | 9.5 | 23d ago | n8n Has an XML Node Prototype Pollution Patch Bypass | |||
| CVE-2026-44790 | critical | — | 9.5 | 23d ago | n8n Has an Arbitrary File Read via Git Node | |||
| CVE-2026-44789 | critical | — | 9.5 | 23d ago | n8n: HTTP Request Node Pagination Prototype Pollution to RCE | |||
| CVE-2026-46442 | critical | — | 9.5 | 23d ago | FlowiseAI: Authenticated Host RCE via POST /api/v1/node-custom-function and NodeVM Sandbox Escape | |||
| CVE-2026-44364 | critical | — | 9.5 | 23d ago | misp-modules website - Missing CSRF protection in the website home blueprint | |||
| CVE-2026-44672 | critical | — | 9.5 | 24d ago | mapfish-print is a component of MapFish for printing templated cartographic maps. From 3.23.0 to before 3.28.28, 3.30.30, 3.31.22, 3.33.14, and 4.0.3, the attacker can execute arbitrary code in Dyna… | |||
| CVE-2026-44593 | critical | — | 9.5 | 24d ago | esm.sh is a no-build content delivery network (CDN) for web development. In 137 and earlier, the legacy router first retrieves a response from legacyServer, parses the incoming request path, and ulti… | |||
| CVE-2026-42300 | critical | — | 9.5 | 24d ago | DevGuard has an unauthenticated identity assertion via `X-Admin-Token` header | |||
| CVE-2026-27478 | critical | — | 9.5 | 25d ago | Unity Catalog has a JWT Issuer Validation Bypass tht Allows Complete User Impersonation | |||
| CVE-2026-42571 | critical | — | 9.5 | 27d ago | Pelican Web UI Affected by a Privilege Escalation Attack | |||
| CVE-2026-41586 | critical | — | 9.5 | 1mo ago | fabric-sdk-java has ObjectInputStream.readObject() without ObjectInputFilter, which allows Java deserialization RCE | |||
| CVE-2026-41203 | critical | — | 9.5 | 1mo ago | CI4MS Theme::upload is vulnerable to Zip Slip leading to RCE | |||
| CVE-2026-41202 | critical | — | 9.5 | 1mo ago | CI4MS Backup::restore is vulnerable to Zip Slip leading to RCE | |||
| CVE-2026-42196 | critical | — | 9.5 | 1mo ago | django-s3file is vulnerable to relative path traversal | |||
| CVE-2026-42155 | critical | — | 9.5 | 1mo ago | Magento LTS has Weak API Session ID — Predictable MD5 of Time-Derived Inputs | |||
| CVE-2026-25660 | critical | — | 9.5 | 1mo ago | Codechecker has an authentication bypass for certain API calls | |||
| CVE-2026-41176 | critical | — | 9.5 | 2mo ago | Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution | |||
| CVE-2026-41242 | critical | — | 9.5 | 2mo ago | Arbitrary code execution in protobufjs | |||
| CVE-2026-32179 | critical | — | 9.5 | 2mo ago | MsQuic has a Remote Elevation of Privilege Vulnerability | |||
| CVE-2026-23891 | critical | — | 9.5 | 2mo ago | Decidim has a cross-site scripting (XSS) in user name | |||
| CVE-2026-29145 | critical | — | 9.5 | 2mo ago | CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native. This issue affects Apache Tomcat: from 11.0.0… | |||
| CVE-2026-39890 | critical | — | 9.5 | 2mo ago | PraisonAI Vulnerable to Remote Code Execution via YAML Deserialization in Agent Definition Loading | |||
| CVE-2026-39324 | critical | — | 9.5 | 2mo ago | Rack::Session::Cookie secrets: decrypt failure fallback enables secretless session forgery and Marshal deserialization | |||
| CVE-2026-35035 | critical | — | 9.5 | 2mo ago | CI4MS: Company Information Public-Facing Page Full Platform Compromise & Full Account Takeover for All Roles & Privilege-Escalation via System Settings Company Information Stored DOM XSS | |||
| CVE-2026-0596 | critical | — | 9.5 | 2mo ago | Mlflow: Command Injection when serving models with enable_mlserver=True | |||
| CVE-2026-1709 | critical | — | 9.5 | 4mo ago | Critical: keylime security update | |||
| CVE-2026-50208 | critical | 9.4 | 9.4 | 2d ago | High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle (MITM) actor could decrypt network traffic. | |||
| CVE-2026-44315 | critical | 9.4 | 9.4 | 10d ago | free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-pfd-management API without inbound OAuth2/bearer-token authorization. A network attacker… | |||
| CVE-2026-44326 | critical | 9.4 | 9.4 | 10d ago | free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-traffic-influence API without inbound OAuth2/bearer-token authorization. A network attac… | |||
| CVE-2026-41948 | critical | 9.4 | 9.4 | 19d ago | Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API by exploiting insufficie… | |||
| CVE-2026-44592 | critical | 9.4 | 9.4 | 22d ago | Gradient is a nix-based continuous integration system. In 1.1.0, when GRADIENT_DISCOVERABLE=true (the default, and the NixOS module default), anyone who can reach /proto can register as a worker with… | |||
| CVE-2026-42596 | critical | 9.4 | 9.4 | 23d ago | Gotenberg vulnerable to unauthenticated SSRF via default deny-list bypass in downloadFrom and webhook | |||
| CVE-2026-42882 | critical | 9.4 | 9.4 | 25d ago | S3-Proxy has Security Issues in its Resource Path Matching Implementation | |||
| CVE-2026-43383 | critical | 9.4 | 9.4 | 29d ago | In the Linux kernel, the following vulnerability has been resolved: net/tcp-md5: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use th… | |||
| CVE-2026-43114 | critical | 9.4 | 9.4 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo_avx2: don't return non-matching entry on expiry New test case fails unexpectedly when avx2 matching fun… | |||
| CVE-2026-42613 | critical | 9.4 | 9.4 | 1mo ago | Grav Vulnerable to Privilege Escalation via Missing Server-Side Validation of groups/access | |||
| CVE-2026-42569 | critical | 9.4 | 9.4 | 1mo ago | phpVMS has an /importer authorization bypass causing full database wipe | |||
| CVE-2026-41571 | critical | 9.4 | 9.4 | 1mo ago | Note Mark: OIDC-registered users authenticated by submitting password "null" | |||
| CVE-2026-3893 | critical | 9.4 | 9.4 | 1mo ago | The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing an attacker with network access to directly access and modify its configuration and operational functions without needi… | |||
| CVE-2026-7248 | critical | 9.4 | 9.4 | 1mo ago | A vulnerability was found in D-Link DI-8100 16.07.26A1. This affects the function tgfile_htm of the file tgfile.htm of the component CGI Endpoint. The manipulation of the argument fn results in buffe… | |||
| CVE-2026-33454 | critical | 9.4 | 9.4 | 1mo ago | Apache Camel's Camel-Mail component is vulnerable to Camel message header injection | |||
| CVE-2026-31685 | critical | 9.4 | 9.4 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6t_eui64: reject invalid MAC header for all packets `eui64_mt6()` derives a modified EUI-64 from the Ethernet source… | |||
| CVE-2026-31448 | critical | 9.4 | 9.4 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: ext4: avoid infinite loops caused by residual data On the mkdir/mknod path, when mapping logical blocks to physical blocks, if in… | |||
| CVE-2026-23941 | critical | 9.4 | 9.4 | 3mo ago | Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Erlang OTP (inets httpd module) allows HTTP Request Smuggling. This vulnerability is associated with program … | |||
| CVE-2026-42849 | critical | 9.3 | 9.3 | 3d ago | authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, due to the implementation of stages in the SFE (Simple Flow Executor) in order to make the interface more comp… | |||
| CVE-2026-42684 | critical | 9.3 | 9.3 | 4d ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ahmad WP Job Portal allows Blind SQL Injection. This issue affects WP Job Portal: from n/a throu… | |||
| CVE-2026-42672 | critical | 9.3 | 9.3 | 4d ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection. This issue affects WP Directory Ki… | |||
| CVE-2026-44590 | critical | 9.3 | 9.3 | 9d ago | Sherlock hunts down social media accounts by username across social networks. Prior to 0.16.1, the GitHub Actions workflow validate_modified_targets.yml is vulnerable to command injection via the pul… | |||
| CVE-2026-42761 | critical | 9.3 | 9.3 | 10d ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows B… | |||
| CVE-2026-42755 | critical | 9.3 | 9.3 | 10d ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 TableOn posts-table-filterable allows Blind SQL Injection.This issue affects TableOn: … | |||
| CVE-2026-42747 | critical | 9.3 | 9.3 | 10d ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Blind SQL Injection.This issue affects … | |||
| CVE-2026-42740 | critical | 9.3 | 9.3 | 10d ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in tainacan Tainacan tainacan allows Blind SQL Injection.This issue affects Tainacan: from n/a throu… | |||
| CVE-2026-42727 | critical | 9.3 | 9.3 | 10d ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows B… | |||
| CVE-2026-8950 | critical | 9.3 | 9.3 | 10d ago | Important: thunderbird security update | |||
| CVE-2026-44451 | critical | 9.3 | 9.3 | 10d ago | Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component override system transpiles user-supplied TSX via Sucrase and evaluates it with new Function, shadowing dangerous global… | |||
| CVE-2026-42774 | critical | 9.3 | 9.3 | 11d ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crocoblock JetEngine allows SQL Injection. This issue affects JetEngine: from n/a through 3.8.8.… | |||
| CVE-2026-42773 | critical | 9.3 | 9.3 | 11d ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eMagicOne eMagicOne Store Manager allows Blind SQL Injection. This issue affects eMagicOne Store… | |||
| CVE-2026-41090 | critical | 9.3 | 9.3 | 14d ago | Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network. | |||
| CVE-2026-9264 | critical | 9.3 | 9.3 | 15d ago | A cross-site scripting (XSS) vulnerability in SketchUp 2026's Dynamic Components feature allows remote code execution and local file exfiltration through maliciously crafted SKP files. The vulnerabil… | |||
| CVE-2026-39531 | critical | 9.3 | 9.3 | 16d ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection. This issue affects WP Directory Ki… | |||
| CVE-2026-44225 | critical | 9.3 | 9.3 | 24d ago | Pulpy is a lightweight, cross-platform desktop application packager for web apps. Prior to 0.1.1, Pulpy injects a pulpy.fs JavaScript API into every packaged web application, giving it access to the … | |||
| CVE-2026-34660 | critical | 9.3 | 9.3 | 24d ago | Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. An … | |||
| CVE-2026-40402 | critical | 9.3 | 9.3 | 24d ago | Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally. | |||
| CVE-2026-40379 | critical | 9.3 | 9.3 | 24d ago | Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2026-43900 | critical | 9.3 | 9.3 | 25d ago | DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, a Cross-Site Scripting (XSS) vulnerability exists due to a discrepanc… |