CVEs from 2026
Total
14,366
critical
critical 1,269
high
high 4,863
medium
medium 4,565
low
low 496
% Critical
8.8%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 522
- firepower_threat_defense_software 300
- firepower_threat_defense 298
- gcp 247
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-40971 | critical | 9.1 | 9.1 | 1mo ago | Spring Boot's RabbitMQ auto-configuration doesn't perform hostname verification when connecting to the RabbitMQ broker | |||
| CVE-2026-40514 | critical | 9.1 | 9.1 | 1mo ago | SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from Sy… | |||
| CVE-2026-31682 | critical | 9.1 | 9.1 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: bridge: br_nd_send: linearize skb before parsing ND options br_nd_send() parses neighbour discovery options from ns->opt[] and as… | |||
| CVE-2026-41473 | critical | 9.1 | 9.1 | 1mo ago | CyberPanel versions prior to 2.4.4 contain an authentication bypass vulnerability in the AI Scanner worker API endpoints that allows unauthenticated remote attackers to write arbitrary data to the da… | |||
| CVE-2026-41248 | critical | 9.1 | 9.1 | 1mo ago | Official Clerk JavaScript SDKs: Middleware-based route protection bypass | |||
| CVE-2026-41475 | critical | 9.1 | 9.1 | 1mo ago | BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an out-of-bounds read vulnerability in bacnet-stack's WritePropertyMultiple service decoder allows … | |||
| CVE-2026-41428 | critical | 9.1 | 9.1 | 1mo ago | Budibase: Authentication Bypass via Unanchored Regex in Public Endpoint Matcher — Unauthenticated Access to Protected Endpoints | |||
| CVE-2026-41415 | critical | 9.1 | 9.1 | 1mo ago | PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an out-of-bounds read when parsing a malformed Content-ID URI in SIP multipart message bod… | |||
| CVE-2026-41328 | critical | 9.1 | 9.1 | 1mo ago | Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in NQuad Lang Field | |||
| CVE-2026-41327 | critical | 9.1 | 9.1 | 1mo ago | Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in Upsert Condition Field | |||
| CVE-2026-42044 | critical | 9.1 | 9.1 | 1mo ago | Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `parseReviver` | |||
| CVE-2026-41677 | critical | 9.1 | 9.1 | 1mo ago | rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.0 to before 0.10.78, the *_from_pem_callback APIs did not validate the length returned by the user's callback. A pa… | |||
| CVE-2026-31636 | critical | 9.1 | 9.1 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix RESPONSE authenticator parser OOB read rxgk_verify_authenticator() copies auth_len bytes into a temporary buffer and t… | |||
| CVE-2026-27843 | critical | 9.1 | 9.1 | 1mo ago | A vulnerability exists in SenseLive X3050's web management interface that allows critical configuration parameters to be modified without sufficient authentication or server-side validation. By apply… | |||
| CVE-2026-41167 | critical | 9.1 | 9.1 | 1mo ago | Jellystat is a free and open source Statistics App for Jellyfin. Prior to version 1.1.10, multiple API endpoints in Jellystat build SQL queries by interpolating unsanitized request-body fields direct… | |||
| CVE-2026-32885 | critical | 9.1 | 9.1 | 1mo ago | DDEV has ZipSlip path traversal in tar and zip archive extraction | |||
| CVE-2026-40575 | critical | 9.1 | 9.1 | 1mo ago | OAuth2 Proxy has an Authentication Bypass via X-Forwarded-Uri Header Spoofing | |||
| CVE-2026-40910 | critical | 9.1 | 9.1 | 1mo ago | frp has an authentication bypass in HTTP vhost routing when routeByHTTPUser is used for access control | |||
| CVE-2026-40903 | critical | 9.1 | 9.1 | 1mo ago | goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs has an ArtiPACKED vulnerability. ArtiPACKED can lead to leakage of the GITHUB_TOKEN through workflow artifacts, even though the… | |||
| CVE-2026-40372 | critical | 9.1 | 9.1 | 1mo ago | Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network. | |||
| CVE-2026-6257 | critical | 9.1 | 9.1 | 2mo ago | Vvveb CMS v1.0.8.2 contains a remote code execution vulnerability in its media management functionality where a missing return statement in the file rename handler allows authenticated attackers to r… | |||
| CVE-2026-6644 | critical | 9.1 | 9.1 | 2mo ago | A command injection vulnerability was found in the PPTP VPN Clients on the ADM. The vulnerability allows an administrative user to break out of the restricted web environment and execute arbitrary co… | |||
| CVE-2026-40324 | critical | 9.1 | 9.1 | 2mo ago | ChilliCream GraphQL Platform: Utf8GraphQLParser Stack Overflow via Deeply Nested GraphQL Documents | |||
| CVE-2026-5720 | critical | 9.1 | 9.1 | 2mo ago | miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a denial of service or information disclosure by sending a malformed SOAPActio… | |||
| CVE-2026-40258 | critical | 9.1 | 9.1 | 2mo ago | gramps-webapi: Zip Slip Path Traversal in Media Archive Import | |||
| CVE-2026-23500 | critical | 9.1 | 9.1 | 2mo ago | Dolibarr: OS Command Injection (RCE) via MAIN_ODT_AS_PDF configuration | |||
| CVE-2026-40525 | critical | 9.1 | 9.1 | 2mo ago | OpenViking: Unauthenticated remote bot control via OpenAPI HTTP routes | |||
| CVE-2026-5426 | critical | 9.1 | 9.1 | 2mo ago | Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remot… | |||
| CVE-2026-33804 | critical | 9.1 | 9.1 | 2mo ago | @fastify/middie vulnerable to middleware bypass via deprecated ignoreDuplicateSlashes option | |||
| CVE-2026-6270 | critical | 9.1 | 9.1 | 2mo ago | @fastify/middie vulnerable to middleware authentication bypass in child plugin scopes | |||
| CVE-2026-33808 | critical | 9.1 | 9.1 | 2mo ago | Impact@fastify/express v4.0.4 and earlier fails to normalize URLs before passing them to Express middleware when Fastify router normalization options are enabled. This allows complete bypass of path-… | |||
| CVE-2026-33807 | critical | 9.1 | 9.1 | 2mo ago | @fastify/express v4.0.4 and earlier contains a path handling bug in the onRegister function that causes middleware paths to be doubled when inherited by child plugins. When a child plugin is register… | |||
| CVE-2026-25209 | critical | 9.1 | 9.1 | 2mo ago | Out-of-bounds read vulnerability in Samsung Open Source Escargot allows Resource Leak Exposure.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335. | |||
| CVE-2026-25206 | critical | 9.1 | 9.1 | 2mo ago | Out-of-bounds read vulnerability in Samsung Open Source Escargot allows Resource Leak Exposure.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335. | |||
| CVE-2026-5393 | critical | 9.1 | 9.1 | 2mo ago | Dual-Algorithm CertificateVerify out-of-bounds read. When processing a dual-algorithm CertificateVerify message, an out-of-bounds read can occur on crafted input. This can only occur when --enable-ex… | |||
| CVE-2026-5194 | critical | 9.1 | 9.1 | 2mo ago | Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than is appropriate for the relevant key type, to be accepted by signature ver… | |||
| CVE-2026-5574 | critical | 9.1 | 9.1 | 2mo ago | A security vulnerability has been detected in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. Affected is the function deletefile of the component FsBrowseClean. The manipulation of the argument dir/pa… | |||
| CVE-2026-23455 | critical | 9.1 | 9.1 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() In DecodeQ931(), the UserUserIE code path reads a 16-bit leng… | |||
| CVE-2026-32211 | critical | 9.1 | 9.1 | 2mo ago | Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information over a network. | |||
| CVE-2026-27071 | critical | 9.1 | 9.1 | 2mo ago | Missing Authorization vulnerability in Arraytics WPCafe wp-cafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCafe: from n/a through <= 3.0.7. | |||
| CVE-2026-4753 | critical | 9.1 | 9.1 | 2mo ago | Out-of-bounds Read vulnerability in slajerek RetroDebugger.This issue affects RetroDebugger: before v0.64.72. | |||
| CVE-2026-4750 | critical | 9.1 | 9.1 | 2mo ago | Out-of-bounds Read vulnerability in fabiangreffrath woof.This issue affects woof: before woof_15.3.0. | |||
| CVE-2026-4601 | critical | 9.1 | 9.1 | 2mo ago | jsrsasign: Missing cryptographic validation during DSA signing enables private key extraction | |||
| CVE-2026-4600 | critical | 9.1 | 9.1 | 2mo ago | jsrsasign: DSA signatures or X.509 certificates can be forged via DSA domain-parameter validation in KJUR.crypto.DSA.setPublic | |||
| CVE-2026-2369 | critical | 9.1 | 9.1 | 3mo ago | A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a buffer overread. This can allow an attacker to potentially acc… | |||
| CVE-2026-21671 | critical | 9.1 | 9.1 | 3mo ago | A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication. | |||
| CVE-2026-28395 | critical | 9.1 | 9.1 | 3mo ago | OpenClaw's Chrome extension relay binds publicly due to wildcard treated as loopback | |||
| CVE-2026-2880 | critical | 9.1 | 9.1 | 3mo ago | @fastify/middie has Improper Path Normalization when Using Path-Scoped Middleware | |||
| CVE-2026-2953 | critical | 9.1 | 9.1 | 3mo ago | A vulnerability has been found in Dromara UJCMS 101.2. This issue affects the function deleteDirectory of the file WebFileTemplateController.delete of the component Template Handler. Such manipulatio… | |||
| CVE-2026-36748 | critical | 9.0 | 9.0 | 1d ago | RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting (XSS) via Social Media links in user profile. | |||
| CVE-2026-9319 | critical | 9.0 | 9.0 | 3d ago | IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints with WS-Security. | |||
| CVE-2026-9311 | critical | 9.0 | 9.0 | 3d ago | IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls. | |||
| CVE-2026-45630 | critical | 9.0 | 9.0 | 6d ago | Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.28.8 and earlier, authenticated OS command injection in the application.updateTraefikConfig tRPC endpoint allows admin/owner users … | |||
| CVE-2026-9891 | critical | 9.0 | 9.0 | 7d ago | Use after free in Extensions in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted Chrome E… | |||
| CVE-2026-9881 | critical | 9.0 | 9.0 | 7d ago | Use after free in Bluetooth in Google Chrome on Mac prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a cra… | |||
| CVE-2026-46833 | critical | 9.0 | 9.0 | 7d ago | Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.2. Difficult to exploit vulnerability allows unauthenticated attacker with… | |||
| CVE-2026-4408 | critical | 9.0 | 9.0 | 8d ago | Important: samba security update | |||
| CVE-2026-32999 | critical | 9.0 | 9.0 | 8d ago | Insufficient character filtering in backup agent signing module on Comet Backup server allows authenticated tenant administrator to execute an arbitrary code on behalf of a privileged user on the aff… | |||
| CVE-2026-48150 | critical | 9.0 | 9.0 | 8d ago | Budibase is an open-source low-code platform. Prior to 3.39.0, /api/public/v1/roles/assign is guarded by the builderOrAdmin middleware, which passes any user who is a builder for the app id in the x-… | |||
| CVE-2026-45721 | critical | 9.0 | 9.0 | 9d ago | Algernon: handler.lua discovery walks parent directories above the server root | |||
| CVE-2026-4480 | critical | 9.0 | 9.0 | 10d ago | Important: samba security update | |||
| CVE-2026-2651 | critical | 9.0 | 9.0 | 11d ago | A vulnerability in MLflow versions <=3.10.1.dev0 allows unauthorized access to multipart upload (MPU) endpoints when the `--serve-artifacts` mode is enabled. The authorization logic does not enforce … | |||
| CVE-2026-22314 | critical | 9.0 | 9.0 | 16d ago | Improper Control of Generation of Code ('Code Injection') vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables code execution on other users' systems. This… | |||
| CVE-2026-46522 | high | — | 9.0 | 17d ago | ImageMagick: Infinite Loop in the MIFF decoder can lead to CPU exhaustion | |||
| CVE-2026-45375 | critical | 9.0 | 9.0 | 21d ago | SiYuan Bazaar marketplace renders unescaped package `name` and `version` metadata, allowing stored XSS and Electron code execution | |||
| CVE-2026-42457 | critical | 9.0 | 9.0 | 21d ago | vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to 4.4.3, 4.5.5, 4.6.2, 4.7.1, and 4.8.0, there is a Stored XSS attack vulner… | |||
| CVE-2026-41901 | critical | 9.0 | 9.0 | 23d ago | Sandboxed Thymeleaf expressions vulnerable to improper recognition of unauthorized syntax patterns | |||
| CVE-2026-44221 | critical | 9.0 | 9.0 | 23d ago | ArcadeDB vulnerable to cross-database authorization bypass and unsecured newly-created databases | |||
| CVE-2026-42556 | critical | 9.0 | 9.0 | 27d ago | Postiz is an AI social media scheduling tool. From version 2.21.6 to before version 2.21.7, any authenticated user who can create a post can store arbitrary HTML in post content by tampering their ow… | |||
| CVE-2026-33844 | critical | 9.0 | 9.0 | 28d ago | Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network. | |||
| CVE-2026-7372 | critical | 9.0 | 9.0 | 1mo ago | A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker ca… | |||
| CVE-2026-42523 | critical | 9.0 | 9.0 | 1mo ago | Jenkins GitHub Plugin has an XSS vulnerability | |||
| CVE-2026-5652 | critical | 9.0 | 9.0 | 1mo ago | An insecure direct object reference vulnerability in the Users API component of Crafty Controller allows a remote, authenticated attacker to perform user modification actions via improper API permiss… | |||
| CVE-2026-26149 | critical | 9.0 | 9.0 | 2mo ago | Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to perform spoofing over a network. | |||
| CVE-2026-34989 | critical | 9.0 | 9.0 | 2mo ago | CI4MS: Profile & User Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS | |||
| CVE-2026-27540 | critical | 9.0 | 9.0 | 3mo ago | Unrestricted Upload of File with Dangerous Type vulnerability in Rymera Web Co Pty Ltd. Woocommerce Wholesale Lead Capture woocommerce-wholesale-lead-capture allows Using Malicious Files.This issue a… | |||
| CVE-2026-32635 | critical | 9.0 | 9.0 | 3mo ago | Angular vulnerable to XSS in i18n attribute bindings | |||
| CVE-2026-43984 | high | 8.9 | 8.9 | 10h ago | Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose `log_js_errors` to any authenticated user, including guest users when guest access is en… | |||
| CVE-2026-42611 | high | 8.9 | 8.9 | 1mo ago | Grav is Vulnerable to Stored XSS via Tag Injection | |||
| CVE-2026-38949 | high | 8.9 | 8.9 | 1mo ago | Cross-Site Scripting (XSS) vulnerability exists in HTMLy version 3.1.1 in the content creation functionality at the /add/content?type=image endpoint. The application fails to properly sanitize user i… | |||
| CVE-2026-5921 | high | 8.9 | 8.9 | 1mo ago | A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an attacker to extract sensitive environment variables from the instance through a timing si… | |||
| CVE-2026-11307 | high | 8.8 | 8.8 | 2h ago | Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low) | |||
| CVE-2026-11306 | high | 8.8 | 8.8 | 2h ago | Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low) | |||
| CVE-2026-11305 | high | 8.8 | 8.8 | 2h ago | Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low) | |||
| CVE-2026-11303 | high | 8.8 | 8.8 | 2h ago | Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low) | |||
| CVE-2026-11279 | high | 8.8 | 8.8 | 2h ago | Out of bounds read in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2026-11262 | high | 8.8 | 8.8 | 2h ago | Use after free in TabStrip in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2026-11235 | high | 8.8 | 8.8 | 3h ago | Insufficient policy enforcement in Compositing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox vi… | |||
| CVE-2026-11230 | high | 8.8 | 8.8 | 3h ago | Use after free in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2026-11173 | high | 8.8 | 8.8 | 3h ago | Out of bounds write in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page… | |||
| CVE-2026-11171 | high | 8.8 | 8.8 | 3h ago | Integer overflow in Blink in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-11164 | high | 8.8 | 8.8 | 3h ago | Use after free in Blink in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-11147 | high | 8.8 | 8.8 | 3h ago | Use after free in WebML in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: M… | |||
| CVE-2026-11136 | high | 8.8 | 8.8 | 3h ago | Use after free in Canvas in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-11130 | high | 8.8 | 8.8 | 3h ago | Use after free in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-11125 | high | 8.8 | 8.8 | 3h ago | Use after free in Compositing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-11118 | high | 8.8 | 8.8 | 3h ago | Use after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-11117 | high | 8.8 | 8.8 | 3h ago | Use after free in Views in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-11086 | high | 8.8 | 8.8 | 3h ago | Inappropriate implementation in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafte… | |||
| CVE-2026-11077 | high | 8.8 | 8.8 | 3h ago | Bad cast in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) |