CVEs from 2026
Total
14,214
critical
critical 1,262
high
high 4,737
medium
medium 4,541
low
low 495
% Critical
8.9%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 522
- firepower_threat_defense_software 300
- firepower_threat_defense 298
- gcp 247
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42155 | critical | — | 9.5 | 1mo ago | Magento LTS has Weak API Session ID — Predictable MD5 of Time-Derived Inputs | |||
| CVE-2026-25660 | critical | — | 9.5 | 1mo ago | Codechecker has an authentication bypass for certain API calls | |||
| CVE-2026-41176 | critical | — | 9.5 | 1mo ago | Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution | |||
| CVE-2026-41242 | critical | — | 9.5 | 2mo ago | Arbitrary code execution in protobufjs | |||
| CVE-2026-32179 | critical | — | 9.5 | 2mo ago | MsQuic has a Remote Elevation of Privilege Vulnerability | |||
| CVE-2026-23891 | critical | — | 9.5 | 2mo ago | Decidim has a cross-site scripting (XSS) in user name | |||
| CVE-2026-29145 | critical | — | 9.5 | 2mo ago | CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native. This issue affects Apache Tomcat: from 11.0.0… | |||
| CVE-2026-39890 | critical | — | 9.5 | 2mo ago | PraisonAI Vulnerable to Remote Code Execution via YAML Deserialization in Agent Definition Loading | |||
| CVE-2026-39324 | critical | — | 9.5 | 2mo ago | Rack::Session::Cookie secrets: decrypt failure fallback enables secretless session forgery and Marshal deserialization | |||
| CVE-2026-35035 | critical | — | 9.5 | 2mo ago | CI4MS: Company Information Public-Facing Page Full Platform Compromise & Full Account Takeover for All Roles & Privilege-Escalation via System Settings Company Information Stored DOM XSS | |||
| CVE-2026-0596 | critical | — | 9.5 | 2mo ago | Mlflow: Command Injection when serving models with enable_mlserver=True | |||
| CVE-2026-1709 | critical | — | 9.5 | 4mo ago | Critical: keylime security update | |||
| CVE-2026-50208 | critical | 9.4 | 9.4 | 11h ago | High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle (MITM) actor could decrypt network traffic. | |||
| CVE-2026-44315 | critical | 9.4 | 9.4 | 8d ago | free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-pfd-management API without inbound OAuth2/bearer-token authorization. A network attacker… | |||
| CVE-2026-44326 | critical | 9.4 | 9.4 | 8d ago | free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-traffic-influence API without inbound OAuth2/bearer-token authorization. A network attac… | |||
| CVE-2026-41948 | critical | 9.4 | 9.4 | 17d ago | Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API by exploiting insufficie… | |||
| CVE-2026-44592 | critical | 9.4 | 9.4 | 21d ago | Gradient is a nix-based continuous integration system. In 1.1.0, when GRADIENT_DISCOVERABLE=true (the default, and the NixOS module default), anyone who can reach /proto can register as a worker with… | |||
| CVE-2026-42596 | critical | 9.4 | 9.4 | 21d ago | Gotenberg vulnerable to unauthenticated SSRF via default deny-list bypass in downloadFrom and webhook | |||
| CVE-2026-42882 | critical | 9.4 | 9.4 | 24d ago | S3-Proxy has Security Issues in its Resource Path Matching Implementation | |||
| CVE-2026-43383 | critical | 9.4 | 9.4 | 27d ago | In the Linux kernel, the following vulnerability has been resolved: net/tcp-md5: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use th… | |||
| CVE-2026-43114 | critical | 9.4 | 9.4 | 29d ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo_avx2: don't return non-matching entry on expiry New test case fails unexpectedly when avx2 matching fun… | |||
| CVE-2026-42613 | critical | 9.4 | 9.4 | 1mo ago | Grav Vulnerable to Privilege Escalation via Missing Server-Side Validation of groups/access | |||
| CVE-2026-42569 | critical | 9.4 | 9.4 | 1mo ago | phpVMS has an /importer authorization bypass causing full database wipe | |||
| CVE-2026-41571 | critical | 9.4 | 9.4 | 1mo ago | Note Mark: OIDC-registered users authenticated by submitting password "null" | |||
| CVE-2026-3893 | critical | 9.4 | 9.4 | 1mo ago | The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing an attacker with network access to directly access and modify its configuration and operational functions without needi… | |||
| CVE-2026-7248 | critical | 9.4 | 9.4 | 1mo ago | A vulnerability was found in D-Link DI-8100 16.07.26A1. This affects the function tgfile_htm of the file tgfile.htm of the component CGI Endpoint. The manipulation of the argument fn results in buffe… | |||
| CVE-2026-33454 | critical | 9.4 | 9.4 | 1mo ago | Apache Camel's Camel-Mail component is vulnerable to Camel message header injection | |||
| CVE-2026-31685 | critical | 9.4 | 9.4 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6t_eui64: reject invalid MAC header for all packets `eui64_mt6()` derives a modified EUI-64 from the Ethernet source… | |||
| CVE-2026-31448 | critical | 9.4 | 9.4 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: ext4: avoid infinite loops caused by residual data On the mkdir/mknod path, when mapping logical blocks to physical blocks, if in… | |||
| CVE-2026-23941 | critical | 9.4 | 9.4 | 3mo ago | Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Erlang OTP (inets httpd module) allows HTTP Request Smuggling. This vulnerability is associated with program … | |||
| CVE-2026-42849 | critical | 9.3 | 9.3 | 2d ago | authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, due to the implementation of stages in the SFE (Simple Flow Executor) in order to make the interface more comp… | |||
| CVE-2026-42684 | critical | 9.3 | 9.3 | 2d ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ahmad WP Job Portal allows Blind SQL Injection. This issue affects WP Job Portal: from n/a throu… | |||
| CVE-2026-42672 | critical | 9.3 | 9.3 | 3d ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection. This issue affects WP Directory Ki… | |||
| CVE-2026-44590 | critical | 9.3 | 9.3 | 8d ago | Sherlock hunts down social media accounts by username across social networks. Prior to 0.16.1, the GitHub Actions workflow validate_modified_targets.yml is vulnerable to command injection via the pul… | |||
| CVE-2026-42761 | critical | 9.3 | 9.3 | 8d ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows B… | |||
| CVE-2026-42755 | critical | 9.3 | 9.3 | 8d ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 TableOn posts-table-filterable allows Blind SQL Injection.This issue affects TableOn: … | |||
| CVE-2026-42747 | critical | 9.3 | 9.3 | 8d ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Blind SQL Injection.This issue affects … | |||
| CVE-2026-42740 | critical | 9.3 | 9.3 | 8d ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in tainacan Tainacan tainacan allows Blind SQL Injection.This issue affects Tainacan: from n/a throu… | |||
| CVE-2026-42727 | critical | 9.3 | 9.3 | 8d ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows B… | |||
| CVE-2026-8950 | critical | 9.3 | 9.3 | 9d ago | Important: thunderbird security update | |||
| CVE-2026-44451 | critical | 9.3 | 9.3 | 9d ago | Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component override system transpiles user-supplied TSX via Sucrase and evaluates it with new Function, shadowing dangerous global… | |||
| CVE-2026-42774 | critical | 9.3 | 9.3 | 10d ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crocoblock JetEngine allows SQL Injection. This issue affects JetEngine: from n/a through 3.8.8.… | |||
| CVE-2026-42773 | critical | 9.3 | 9.3 | 10d ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eMagicOne eMagicOne Store Manager allows Blind SQL Injection. This issue affects eMagicOne Store… | |||
| CVE-2026-41090 | critical | 9.3 | 9.3 | 13d ago | Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network. | |||
| CVE-2026-9264 | critical | 9.3 | 9.3 | 14d ago | A cross-site scripting (XSS) vulnerability in SketchUp 2026's Dynamic Components feature allows remote code execution and local file exfiltration through maliciously crafted SKP files. The vulnerabil… | |||
| CVE-2026-39531 | critical | 9.3 | 9.3 | 14d ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection. This issue affects WP Directory Ki… | |||
| CVE-2026-41091 | high | 7.8 | 9.3 | 15d ago | Microsoft Defender contains a link following vulnerability that allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-44225 | critical | 9.3 | 9.3 | 23d ago | Pulpy is a lightweight, cross-platform desktop application packager for web apps. Prior to 0.1.1, Pulpy injects a pulpy.fs JavaScript API into every packaged web application, giving it access to the … | |||
| CVE-2026-34660 | critical | 9.3 | 9.3 | 23d ago | Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. An … | |||
| CVE-2026-40402 | critical | 9.3 | 9.3 | 23d ago | Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally. | |||
| CVE-2026-40379 | critical | 9.3 | 9.3 | 23d ago | Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2026-43900 | critical | 9.3 | 9.3 | 24d ago | DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, a Cross-Site Scripting (XSS) vulnerability exists due to a discrepanc… | |||
| CVE-2026-44212 | critical | 9.3 | 9.3 | 27d ago | PrestaShop has a stored XSS executable in customer service view | |||
| CVE-2026-43526 | critical | 9.3 | 9.3 | 1mo ago | OpenClaw: QQBot reply media URL handling could trigger SSRF and re-upload fetched bytes | |||
| CVE-2026-40797 | critical | 9.3 | 9.3 | 1mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saleswonder LLC WebinarIgnition allows Blind SQL Injection. This issue affects WebinarIgnition: … | |||
| CVE-2026-7161 | critical | 9.3 | 9.3 | 1mo ago | An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An att… | |||
| CVE-2026-42363 | critical | 9.3 | 9.3 | 1mo ago | An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An att… | |||
| CVE-2026-33102 | critical | 9.3 | 9.3 | 1mo ago | Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network. | |||
| CVE-2026-32210 | critical | 9.3 | 9.3 | 1mo ago | Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2026-33825 | high | 7.8 | 9.3 | 1mo ago | Microsoft Defender contains an insufficient granularity of access control vulnerability that could allow an authorized attacker to escalate privileges locally. | |||
| CVE-2026-40959 | critical | 9.3 | 9.3 | 2mo ago | Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod. | |||
| CVE-2026-34615 | critical | 9.3 | 9.3 | 2mo ago | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. An… | |||
| CVE-2026-27246 | critical | 9.3 | 9.3 | 2mo ago | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a … | |||
| CVE-2026-27245 | critical | 9.3 | 9.3 | 2mo ago | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a … | |||
| CVE-2026-27243 | critical | 9.3 | 9.3 | 2mo ago | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a … | |||
| CVE-2026-31845 | critical | 9.3 | 9.3 | 2mo ago | A reflected cross-site scripting (XSS) vulnerability exists in Rukovoditel CRM version 3.6.4 and earlier in the Zadarma telephony API endpoint (/api/tel/zadarma.php). The application directly reflect… | |||
| CVE-2026-27413 | critical | 9.3 | 9.3 | 3mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozmoslabs Profile Builder Pro allows Blind SQL Injection.This issue affects Profile Builder Pro:… | |||
| CVE-2026-50076 | critical | 9.1 | 9.1 | 3h ago | Deserialization of Untrusted Data in the Java replace-resolve path in Apache Fory fory-core Java SDK before 1.1.0 on Java/JVM platforms allows a remote attacker to bypass class registration, TypeChec… | |||
| CVE-2026-8644 | critical | 9.1 | 9.1 | 3d ago | IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing. | |||
| CVE-2026-42682 | critical | 9.1 | 9.1 | 3d ago | Missing Authorization vulnerability in Tomdever wpForo Forum allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects wpForo Forum: from n/a through 3.0.6. | |||
| CVE-2026-42252 | critical | 9.1 | 9.1 | 3d ago | Apache Airflow's official documentation at `core-concepts/dag-run.html` ("Passing Parameters when triggering Dags") showed a verbatim `BashOperator(bash_command="echo value: {{ dag_run.conf['conf1'] … | |||
| CVE-2026-48188 | critical | 9.1 | 9.1 | 4d ago | An improper Input Validation vulnerability in OTRS or ((OTRS)) Community Edition database layer module allows an unauthenticated SQL injection which can lead to an authentication bypass. This issue o… | |||
| CVE-2026-9051 | critical | 9.1 | 9.1 | 6d ago | There is an authentication bypass vulnerability in the NI SystemLink Enterprise Dashboard application that may allow an unauthenticated remote attacker to bypass authentication controls leading to pr… | |||
| CVE-2026-5386 | critical | 9.1 | 9.1 | 6d ago | The affected KMW CCTV Security Cameras are vulnerable to a critical unauthenticated password reset. This flaw allows an attacker to remotely reset the administrator password to a known value without … | |||
| CVE-2026-48501 | critical | 9.1 | 9.1 | 6d ago | GitHub CLI (gh) is GitHub’s official command line tool. Prior to 2.93.0, GitHub CLI incorrectly includes authorization header in API requests to TUF repository mirrors via gh attestation, gh release … | |||
| CVE-2026-4290 | critical | 9.1 | 9.1 | 6d ago | The WP Travel Pro plugin for WordPress is vulnerable to arbitrary user deletion via the /wp-json/wp-travel/v1/travel-guide/{user_id} REST API endpoint in all versions up to, and including, 10.6.0. Th… | |||
| CVE-2026-46819 | critical | 9.1 | 9.1 | 7d ago | Vulnerability in the Oracle Internet Procurement Connector product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploi… | |||
| CVE-2026-9098 | critical | 9.1 | 9.1 | 7d ago | In Casdoor versions 2.362.0 and earlier, the SAML callback handler in controllers/auth.go accepts any well-formed SAMLResponse sent to /api/acs without verifying that it corresponds to an AuthnReques… | |||
| CVE-2026-9092 | critical | 9.1 | 9.1 | 7d ago | Casdoor versions 2.362.0 and earlier contain a vulnerability involving unverified email binding that may enable account takeover. The getExistUserByBindingRule function matches users by email without… | |||
| CVE-2026-9090 | critical | 9.1 | 9.1 | 7d ago | Casdoor versions 2.362.0 and earlier contain a vulnerability that allows an attacker to bypass authentication by supplying an arbitrary signing certificate. The buildSpCertificateStore function extra… | |||
| CVE-2026-22872 | critical | 9.1 | 9.1 | 7d ago | Capsule is a multi-tenancy and policy-based framework for Kubernetes. The Capsule Controller runs with cluster-admin privileges. Although the TenantResource RawItems processing logic forcibly sets th… | |||
| CVE-2026-46185 | critical | 9.1 | 9.1 | 7d ago | In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in symlink_data() Since smb2_check_message() returns success without length validation for the… | |||
| CVE-2026-46155 | critical | 9.1 | 9.1 | 7d ago | In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in smb2_compound_op() If a server sends a truncated response but a large OutputBufferLength, a… | |||
| CVE-2026-46119 | critical | 9.1 | 9.1 | 7d ago | In the Linux kernel, the following vulnerability has been resolved: libceph: Fix slab-out-of-bounds access in auth message processing If a (potentially corrupted) message of type CEPH_MSG_AUTH_REPL… | |||
| CVE-2026-7876 | critical | 9.1 | 9.1 | 8d ago | IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19 | |||
| CVE-2026-46043 | critical | 9.1 | 9.1 | 8d ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv rxe_rcv() currently checks only that the incoming packet is at l… | |||
| CVE-2026-49002 | critical | 9.1 | 9.1 | 9d ago | Access control failure means that an application does not effectively check user access permissions, so that unauthorized users can access system data beyond their permissions, such as viewing and mo… | |||
| CVE-2026-8450 | critical | 9.1 | 9.1 | 9d ago | HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file(). send_file() opens its string argument with Perl's 2-arg open(). The 2-arg form interprets magic prefixes: '| cm… | |||
| CVE-2026-44444 | critical | 9.1 | 9.1 | 9d ago | Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the Spindle extension build pipeline calls bun install without the --ignore-scripts flag before running the static backend safety sca… | |||
| CVE-2026-44449 | critical | 9.1 | 9.1 | 9d ago | Lumiverse is a full-featured AI chat application. Prior to 0.9.7, when the primary toSmbPath(fullPath) call throws, the method falls back to a dirname/basename split and only validates the directory … | |||
| CVE-2026-8856 | critical | 9.1 | 9.1 | 9d ago | IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service in configurations where an attacker has write access to parts of the server configuration. | |||
| CVE-2026-42496 | critical | 9.1 | 9.1 | 10d ago | Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. _make_special_file() passes the tar header's linkname to symlink() with… | |||
| CVE-2026-2332 | critical | 9.1 | 9.1 | 10d ago | Jetty has HTTP Request Smuggling via Chunked Extension Quoted-String Parsing | |||
| CVE-2026-33843 | critical | 9.1 | 9.1 | 13d ago | Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to elevate privileges over a network. | |||
| CVE-2026-8673 | critical | 9.1 | 9.1 | 13d ago | Unprotected transport of credentials vulnerability in syslink software AG Avantra on Linux, Windows allows Sniffing Attacks. This issue affects Avantra: before 25.3.0. | |||
| CVE-2026-42508 | critical | 9.1 | 9.1 | 14d ago | Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' are checked for @revoked. | |||
| CVE-2026-39834 | critical | 9.1 | 9.1 | 14d ago | When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty pack… | |||
| CVE-2026-39833 | critical | 9.1 | 9.1 | 14d ago | The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indicatio… | |||
| CVE-2026-39832 | critical | 9.1 | 9.1 | 14d ago | When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were silently stripped when forward… | |||
| CVE-2026-39831 | critical | 9.1 | 9.1 | 14d ago | The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did not check the User Presence flag. Signatures generated without physical touch … |