CVEs from 2026
Total
14,786
critical
critical 1,335
high
high 5,004
medium
medium 4,828
low
low 503
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 723
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-4600 | critical | 9.1 | 9.1 | 3mo ago | jsrsasign: DSA signatures or X.509 certificates can be forged via DSA domain-parameter validation in KJUR.crypto.DSA.setPublic | |||
| CVE-2026-2369 | critical | 9.1 | 9.1 | 3mo ago | A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a buffer overread. This can allow an attacker to potentially acc… | |||
| CVE-2026-21671 | critical | 9.1 | 9.1 | 3mo ago | A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication. | |||
| CVE-2026-28395 | critical | 9.1 | 9.1 | 3mo ago | OpenClaw's Chrome extension relay binds publicly due to wildcard treated as loopback | |||
| CVE-2026-2880 | critical | 9.1 | 9.1 | 3mo ago | @fastify/middie has Improper Path Normalization when Using Path-Scoped Middleware | |||
| CVE-2026-2953 | critical | 9.1 | 9.1 | 3mo ago | A vulnerability has been found in Dromara UJCMS 101.2. This issue affects the function deleteDirectory of the file WebFileTemplateController.delete of the component Template Handler. Such manipulatio… | |||
| CVE-2026-45750 | critical | 9.0 | 9.0 | 1d ago | Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/file_manager/ssh/resolvePath endpoint in the Termix … | |||
| CVE-2026-45746 | critical | 9.0 | 9.0 | 1d ago | Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the File Manager functionality in Termix contains a critical Brok… | |||
| CVE-2026-36748 | critical | 9.0 | 9.0 | 3d ago | RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting (XSS) via Social Media links in user profile. | |||
| CVE-2026-9319 | critical | 9.0 | 9.0 | 5d ago | IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints with WS-Security. | |||
| CVE-2026-9311 | critical | 9.0 | 9.0 | 5d ago | IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls. | |||
| CVE-2026-45630 | critical | 9.0 | 9.0 | 8d ago | Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.28.8 and earlier, authenticated OS command injection in the application.updateTraefikConfig tRPC endpoint allows admin/owner users … | |||
| CVE-2026-9891 | critical | 9.0 | 9.0 | 9d ago | Use after free in Extensions in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted Chrome E… | |||
| CVE-2026-9881 | critical | 9.0 | 9.0 | 9d ago | Use after free in Bluetooth in Google Chrome on Mac prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a cra… | |||
| CVE-2026-46833 | critical | 9.0 | 9.0 | 9d ago | Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.2. Difficult to exploit vulnerability allows unauthenticated attacker with… | |||
| CVE-2026-4408 | critical | 9.0 | 9.0 | 10d ago | Important: samba security update | |||
| CVE-2026-32999 | critical | 9.0 | 9.0 | 10d ago | Insufficient character filtering in backup agent signing module on Comet Backup server allows authenticated tenant administrator to execute an arbitrary code on behalf of a privileged user on the aff… | |||
| CVE-2026-48150 | critical | 9.0 | 9.0 | 10d ago | Budibase is an open-source low-code platform. Prior to 3.39.0, /api/public/v1/roles/assign is guarded by the builderOrAdmin middleware, which passes any user who is a builder for the app id in the x-… | |||
| CVE-2026-45721 | critical | 9.0 | 9.0 | 11d ago | Algernon: handler.lua discovery walks parent directories above the server root | |||
| CVE-2026-4480 | critical | 9.0 | 9.0 | 11d ago | Important: samba security update | |||
| CVE-2026-2651 | critical | 9.0 | 9.0 | 13d ago | A vulnerability in MLflow versions <=3.10.1.dev0 allows unauthorized access to multipart upload (MPU) endpoints when the `--serve-artifacts` mode is enabled. The authorization logic does not enforce … | |||
| CVE-2026-22314 | critical | 9.0 | 9.0 | 18d ago | Improper Control of Generation of Code ('Code Injection') vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables code execution on other users' systems. This… | |||
| CVE-2026-45375 | critical | 9.0 | 9.0 | 23d ago | SiYuan Bazaar marketplace renders unescaped package `name` and `version` metadata, allowing stored XSS and Electron code execution | |||
| CVE-2026-42457 | critical | 9.0 | 9.0 | 23d ago | vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to 4.4.3, 4.5.5, 4.6.2, 4.7.1, and 4.8.0, there is a Stored XSS attack vulner… | |||
| CVE-2026-41901 | critical | 9.0 | 9.0 | 25d ago | Sandboxed Thymeleaf expressions vulnerable to improper recognition of unauthorized syntax patterns | |||
| CVE-2026-44221 | critical | 9.0 | 9.0 | 25d ago | ArcadeDB vulnerable to cross-database authorization bypass and unsecured newly-created databases | |||
| CVE-2026-42556 | critical | 9.0 | 9.0 | 29d ago | Postiz is an AI social media scheduling tool. From version 2.21.6 to before version 2.21.7, any authenticated user who can create a post can store arbitrary HTML in post content by tampering their ow… | |||
| CVE-2026-33844 | critical | 9.0 | 9.0 | 1mo ago | Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network. | |||
| CVE-2026-7372 | critical | 9.0 | 9.0 | 1mo ago | A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker ca… | |||
| CVE-2026-42523 | critical | 9.0 | 9.0 | 1mo ago | Jenkins GitHub Plugin has an XSS vulnerability | |||
| CVE-2026-5652 | critical | 9.0 | 9.0 | 2mo ago | An insecure direct object reference vulnerability in the Users API component of Crafty Controller allows a remote, authenticated attacker to perform user modification actions via improper API permiss… | |||
| CVE-2026-26149 | critical | 9.0 | 9.0 | 2mo ago | Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to perform spoofing over a network. | |||
| CVE-2026-34989 | critical | 9.0 | 9.0 | 2mo ago | CI4MS: Profile & User Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS | |||
| CVE-2026-27540 | critical | 9.0 | 9.0 | 3mo ago | Unrestricted Upload of File with Dangerous Type vulnerability in Rymera Web Co Pty Ltd. Woocommerce Wholesale Lead Capture woocommerce-wholesale-lead-capture allows Using Malicious Files.This issue a… | |||
| CVE-2026-32635 | critical | 9.0 | 9.0 | 3mo ago | Angular vulnerable to XSS in i18n attribute bindings | |||
| CVE-2026-44069 | low | 3.9 | 3.9 | 17d ago | An integer underflow in the volxlate function in Netatalk 3.0.0 through 4.4.2 allows a local privileged user to obtain limited information, modify limited data, or cause a minor service disruption vi… | |||
| CVE-2026-27964 | low | 3.9 | 3.9 | 1mo ago | FacturaScripts vulnerable to Reflected Cross-Site Scripting (XSS) via Cookie Manipulation | |||
| CVE-2026-10299 | low | 3.8 | 3.8 | 5d ago | A weakness has been identified in code-projects Online Hospital Management System 1.0. This issue affects some unknown processing of the file viewdoctortimings.php. This manipulation of the argument … | |||
| CVE-2026-6816 | low | 3.8 | 3.8 | 9d ago | An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users. This issue affects TFA Basic Plugins… | |||
| CVE-2026-44410 | low | 3.8 | 3.8 | 12d ago | This vulnerability stems from a business logic flaw.Attackers can exploit legitimate application functions in unintended and abnormal ways, deviating from the designer's expectations, to carry out ma… | |||
| CVE-2026-45683 | low | 3.8 | 3.8 | 19d ago | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the Java TLS ioctl probe reads user-controlled ioctl pointers with bpf_pr… | |||
| CVE-2026-6334 | low | 3.8 | 3.8 | 20d ago | Mattermost doesn't enforce client identity binding during the OAuth authorization code redemption flow | |||
| CVE-2026-6923 | low | 3.8 | 3.8 | 23d ago | A side-channel attack, which requires a physical presence to the TPM, can lead to extraction of an Elliptic Curve Diffie-Hellman (ECDH) key. | |||
| CVE-2026-33585 | low | 3.8 | 3.8 | 24d ago | Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an unexpired browser session.… | |||
| CVE-2026-44459 | low | 3.8 | 3.8 | 24d ago | Hono has improper validation of NumericDate claims (exp, nbf, iat) in JWT verify() | |||
| CVE-2026-34094 | low | 3.8 | 3.8 | 26d ago | Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Page/Article.Php. This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2. | |||
| CVE-2026-44987 | low | 3.8 | 3.8 | 29d ago | SysReptor is a fully customizable pentest reporting platform. Prior to version 2026.29, users with "User Admin" permissions can change the email addresses of users with "Superuser" permissions. If th… | |||
| CVE-2026-4222 | low | 3.8 | 3.8 | 3mo ago | A vulnerability was determined in SSCMS up to 7.4.0. This vulnerability affects the function PathUtils.RemoveParentPath of the file /api/admin/plugins/install/actions/download. This manipulation of t… | |||
| CVE-2026-4044 | low | 3.8 | 3.8 | 3mo ago | A vulnerability was detected in projectsend up to r1945. This affects the function realpath of the file /import-orphans.php of the component Delete Handler. Performing a manipulation of the argument … | |||
| CVE-2026-22411 | low | 3.8 | 3.8 | 5mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Dolcino dolcino allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dolcino: fro… | |||
| CVE-2026-22409 | low | 3.8 | 3.8 | 5mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Justicia justicia allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Justicia: … | |||
| CVE-2026-22407 | low | 3.8 | 3.8 | 5mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Roam roam allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Roam: from n/a thr… | |||
| CVE-2026-22406 | low | 3.8 | 3.8 | 5mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Overton overton allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Overton: fro… | |||
| CVE-2026-22404 | low | 3.8 | 3.8 | 5mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Innovio innovio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Innovio: fro… | |||
| CVE-2026-44546 | low | 3.7 | 3.7 | 3d ago | daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twisted does not treat \x0b, \x0c, \x1c, \x1d, \x1e, or … | |||
| CVE-2026-10300 | low | 3.7 | 3.7 | 5d ago | A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/lora_manager.py of the component Inference HTTP Endpoint. Such ma… | |||
| CVE-2026-5419 | low | 3.7 | 3.7 | 5d ago | A flaw was found in gnutls. The PKCS#7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive informat… | |||
| CVE-2026-10216 | low | 3.7 | 3.7 | 6d ago | A vulnerability was detected in unitedbyai droidclaw up to 0.5.3. The affected element is an unknown function of the file server/src/routes/pairing.ts of the component claim Endpoint. The manipulatio… | |||
| CVE-2026-10169 | low | 3.7 | 3.7 | 7d ago | A vulnerability was detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected by this vulnerability is the function ajax_forgot_pa… | |||
| CVE-2026-48524 | low | 3.7 | 3.7 | 9d ago | PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.get_signing_key() forces a fresh HTTP request to the JWKS endpoint for every JWT with an unknown kid value, with no ra… | |||
| CVE-2026-44474 | low | 3.7 | 3.7 | 10d ago | Ella Core has handover failures during concurrent Security Mode Command | |||
| CVE-2026-42791 | low | 3.7 | 3.7 | 10d ago | Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows forged OCSP responses signed with an expired responder certificate to be accepted as valid. OCSP re… | |||
| CVE-2026-33552 | low | 3.7 | 3.7 | 11d ago | Northern.tech Mender Enterprise Server before 4.1.1 has Incorrect Access Control. | |||
| CVE-2026-48852 | low | 3.7 | 3.7 | 12d ago | PuTTY 0.71 before 0.84 has an assertion failure in ECDSA signature verification. | |||
| CVE-2026-48847 | low | 3.7 | 3.7 | 12d ago | Roundcube Webmail 1.6.x before 1.6.16, and 1.7.x before 1.7.1 allows pre-authentication arbitrary file deletion via redis/memcache session poisoning bypass. | |||
| CVE-2026-9396 | low | 3.7 | 3.7 | 13d ago | A security flaw has been discovered in Besen BS20 EV Charging Station up to 20260426. Affected by this vulnerability is an unknown functionality of the component Firmware Version Check. The manipulat… | |||
| CVE-2026-9373 | low | 3.7 | 3.7 | 14d ago | A vulnerability has been found in JeecgBoot 3.9.1. This issue affects some unknown processing of the file /openapi/call/ of the component OpenAPI Endpoint. Such manipulation leads to improper authent… | |||
| CVE-2026-9370 | low | 3.7 | 3.7 | 14d ago | A weakness has been identified in ulisesbocchio jasypt-spring-boot up to 3.0.5/4.0.4. Affected by this vulnerability is the function getSecretKeySaltGenerator of the file jasypt-spring-boot/src/main/… | |||
| CVE-2026-9306 | low | 3.7 | 3.7 | 14d ago | A security vulnerability has been detected in QuantumNous new-api up to 0.12.1. This affects the function RelayMidjourneyImage/GetByOnlyMJId of the file router/relay-router.go of the component Midjou… | |||
| CVE-2026-7837 | low | 3.7 | 3.7 | 17d ago | A time-of-check time-of-use (TOCTOU) condition in the ad_flush function in Netatalk 3.0.0 through 4.4.2 involves root-privileged file operations, which may allow a remote attacker to cause limited da… | |||
| CVE-2026-44075 | low | 3.7 | 3.7 | 17d ago | A missing break statement in DSI OpenSession processing in Netatalk 1.5.0 through 4.4.2 causes a DSIOPT_ATTNQUANT switch case to fall through into DSIOPT_SERVQUANT, resulting in unintended session op… | |||
| CVE-2026-44074 | low | 3.7 | 3.7 | 17d ago | Netatalk 2.1.0 through 4.4.2 combines multiple errno values using bitwise OR, resulting in incorrect error codes when multiple error conditions occur simultaneously, which may allow a remote attacker… | |||
| CVE-2026-44071 | low | 3.7 | 3.7 | 17d ago | Netatalk 3.1.2 through 4.4.2 is compiled without FORTIFY_SOURCE, which disables built-in buffer overflow detection at runtime, potentially allowing a remote attacker to cause a minor denial of servic… | |||
| CVE-2026-45232 | low | 3.7 | 3.7 | 18d ago | Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in socket.c that allows network attackers to corrupt stack memor… | |||
| CVE-2026-8491 | low | 3.7 | 3.7 | 18d ago | Node view permissions module enables permissions "View own content" and "View any content" for each content type on permissions page The module doesn't sufficiently handle the case where a user is … | |||
| CVE-2026-8803 | low | 3.7 | 3.7 | 19d ago | A flaw has been found in opensourcepos Open Source Point of Sale up to 3.4.2. Impacted is the function Login of the file app/Models/Employee.php of the component Employee Login. This manipulation cau… | |||
| CVE-2026-44589 | low | 3.7 | 3.7 | 23d ago | nuxt-og-image SSRF — bypass of GHSA-pqhr-mp3f-hrpp / v6.2.5 fix (IPv6 + redirect) | |||
| CVE-2026-44582 | low | 3.7 | 3.7 | 24d ago | Next.js vulnerable to cache poisoning via collisions in React Server Component cache-busting | |||
| CVE-2026-44242 | low | 3.7 | 3.7 | 25d ago | Micronaut has Unbounded `bundleCache` in `ResourceBundleMessageSource` that Allows Memory Exhaustion via `Accept-Language` Header | |||
| CVE-2026-44219 | low | 3.7 | 3.7 | 25d ago | ciguard: SCA HTTP client reads response body without size cap | |||
| CVE-2026-43514 | low | 3.7 | 3.7 | 25d ago | Observable Timing Discrepancy vulnerability when comparing AJP secret in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M… | |||
| CVE-2026-42874 | low | 3.7 | 3.7 | 26d ago | Microdot has HTTP response splitting in Response.set_cookie() | |||
| CVE-2026-44996 | low | 3.7 | 3.7 | 26d ago | OpenClaw before 2026.4.15 contains an arbitrary local file read vulnerability in the webchat audio embedding helper that fails to apply local media root containment checks. Attackers can influence ag… | |||
| CVE-2026-8276 | low | 3.7 | 3.7 | 27d ago | bettercap Has an Integer Coercion Error in modules/mysql_server/mysql_server.go | |||
| CVE-2026-8275 | low | 3.7 | 3.7 | 27d ago | bettercap Has an Integer Coercion Error in the ippReadChunkedBody Function | |||
| CVE-2026-8242 | low | 3.7 | 3.7 | 28d ago | A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. The impacted element is the function doAction of the component Login RMI Interface. Performing a manipulation results… | |||
| CVE-2026-8196 | low | 3.7 | 3.7 | 28d ago | A flaw has been found in JeecgBoot 3.9.1. The impacted element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginControlle… | |||
| CVE-2026-8028 | low | 3.7 | 3.7 | 1mo ago | A vulnerability was detected in FlowiseAI Flowise up to 3.0.12. This affects the function verify of the file packages/server/src/enterprise/services/account.service.ts of the component Endpoint. Perf… | |||
| CVE-2026-43863 | low | 3.7 | 3.7 | 1mo ago | mutt before 2.3.2 has an infinite loop in data_object_to_stream in crypt-gpgme.c. | |||
| CVE-2026-43862 | low | 3.7 | 3.7 | 1mo ago | In mutt before 2.3.2, the imap_auth_gss security level is mishandled. | |||
| CVE-2026-43861 | low | 3.7 | 3.7 | 1mo ago | mutt before 2.3.2 does not check for '\0' in url_pct_decode. | |||
| CVE-2026-43860 | low | 3.7 | 3.7 | 1mo ago | mutt before 2.3.2 sometimes truncates the hash_passwd by one byte for IMAP auth_cram MD5 digest. | |||
| CVE-2026-43859 | low | 3.7 | 3.7 | 1mo ago | mutt before 2.3.2 sometimes uses strfcpy instead of memcpy for the IMAP auth_cram MD5 digest. | |||
| CVE-2026-7689 | low | 3.7 | 3.7 | 1mo ago | Dolibarr has Insufficient Verification of Data Authenticity | |||
| CVE-2026-7671 | low | 3.7 | 3.7 | 1mo ago | A vulnerability has been found in CodeWise Tornet Scooter Mobile App 4.75 on iOS/Android. The impacted element is an unknown function of the file /TwoFactor. Such manipulation leads to improper restr… | |||
| CVE-2026-41263 | low | 3.7 | 3.7 | 1mo ago | Traefik: A timing side-channel vulnerability allows for valid username enumeration via BasicAuth middleware | |||
| CVE-2026-3832 | low | 3.7 | 3.7 | 1mo ago | A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a lo… | |||
| CVE-2026-7303 | low | 3.7 | 3.7 | 1mo ago | xxl-job has a Resource Injection issue | |||
| CVE-2026-41913 | low | 3.7 | 3.7 | 1mo ago | OpenClaw: Concurrent async auth attempts can bypass the intended shared-secret rate-limit budget on Tailscale-capable paths | |||
| CVE-2026-7103 | low | 3.7 | 3.7 | 1mo ago | A vulnerability was determined in code-projects Chat System 1.0. Affected is an unknown function of the file update_user.php of the component MD5 Hash Handler. This manipulation of the argument Passw… |