CVEs from 2026
Total
14,786
critical
critical 1,335
high
high 5,004
medium
medium 4,828
low
low 503
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 723
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-11071 | high | 8.8 | 8.8 | 2d ago | Use after free in Base in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process mem… | |||
| CVE-2026-11068 | high | 8.8 | 8.8 | 2d ago | Use after free in WebSockets in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-11060 | high | 8.8 | 8.8 | 2d ago | Use after free in Media in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: M… | |||
| CVE-2026-11059 | high | 8.8 | 8.8 | 2d ago | Use after free in Blink in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-11055 | high | 8.8 | 8.8 | 2d ago | Use after free in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: M… | |||
| CVE-2026-11054 | high | 8.8 | 8.8 | 2d ago | Use after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-11050 | high | 8.8 | 8.8 | 2d ago | Use after free in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-11049 | high | 8.8 | 8.8 | 2d ago | Use after free in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: M… | |||
| CVE-2026-11046 | high | 8.8 | 8.8 | 2d ago | Insufficient validation of untrusted input in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandb… | |||
| CVE-2026-11042 | high | 8.8 | 8.8 | 2d ago | Use after free in Views in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted H… | |||
| CVE-2026-11041 | high | 8.8 | 8.8 | 2d ago | Insufficient validation of untrusted input in Media in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sand… | |||
| CVE-2026-11030 | high | 8.8 | 8.8 | 2d ago | Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: Medium) | |||
| CVE-2026-11028 | high | 8.8 | 8.8 | 2d ago | Use after free in Media in Google Chrome on Linux and ChromeOS prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via… | |||
| CVE-2026-11003 | high | 8.8 | 8.8 | 2d ago | Use after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-11000 | high | 8.8 | 8.8 | 2d ago | Use after free in Fonts in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Med… | |||
| CVE-2026-10995 | high | 8.8 | 8.8 | 2d ago | Heap buffer overflow in TabStrip in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a … | |||
| CVE-2026-10991 | high | 8.8 | 8.8 | 2d ago | Use after free in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted … | |||
| CVE-2026-10989 | high | 8.8 | 8.8 | 2d ago | Inappropriate implementation in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via … | |||
| CVE-2026-10988 | high | 8.8 | 8.8 | 2d ago | Use after free in Views in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Ch… | |||
| CVE-2026-10987 | high | 8.8 | 8.8 | 2d ago | Integer overflow in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-10986 | high | 8.8 | 8.8 | 2d ago | Integer overflow in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a malicious file. (Chromium security severity: High) | |||
| CVE-2026-10982 | high | 8.8 | 8.8 | 2d ago | Use after free in WebXR in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-10978 | high | 8.8 | 8.8 | 2d ago | Use after free in Chromoting in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: High) | |||
| CVE-2026-10975 | high | 8.8 | 8.8 | 2d ago | Use after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-10965 | high | 8.8 | 8.8 | 2d ago | Integer overflow in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-10964 | high | 8.8 | 8.8 | 2d ago | Integer overflow in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-10963 | high | 8.8 | 8.8 | 2d ago | Integer overflow in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-10962 | high | 8.8 | 8.8 | 2d ago | Type Confusion in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-10959 | high | 8.8 | 8.8 | 2d ago | Use after free in Input in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: H… | |||
| CVE-2026-10958 | high | 8.8 | 8.8 | 2d ago | Use after free in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafte… | |||
| CVE-2026-10957 | high | 8.8 | 8.8 | 2d ago | Use after free in Glic in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-10956 | high | 8.8 | 8.8 | 2d ago | Use after free in MimeHandlerView in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Hi… | |||
| CVE-2026-10955 | high | 8.8 | 8.8 | 2d ago | Type Confusion in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security sev… | |||
| CVE-2026-10954 | high | 8.8 | 8.8 | 2d ago | Use after free in Actor in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-10952 | high | 8.8 | 8.8 | 2d ago | Use after free in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: … | |||
| CVE-2026-10951 | high | 8.8 | 8.8 | 2d ago | Use after free in Autofill in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a… | |||
| CVE-2026-10948 | high | 8.8 | 8.8 | 2d ago | Use after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-10947 | high | 8.8 | 8.8 | 2d ago | Use after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-10945 | high | 8.8 | 8.8 | 2d ago | Use after free in PDF in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted… | |||
| CVE-2026-10943 | high | 8.8 | 8.8 | 2d ago | Use after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-10941 | high | 8.8 | 8.8 | 2d ago | Out of bounds memory access in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: … | |||
| CVE-2026-10939 | high | 8.8 | 8.8 | 2d ago | Use after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-10936 | high | 8.8 | 8.8 | 2d ago | Type Confusion in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-10935 | high | 8.8 | 8.8 | 2d ago | Type Confusion in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-10932 | high | 8.8 | 8.8 | 2d ago | Use after free in UI in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-10928 | high | 8.8 | 8.8 | 2d ago | Script injection in Headless in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-10926 | high | 8.8 | 8.8 | 2d ago | Use after free in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to execute arbitrary code via malicious network traffic. (Chromium security severity: H… | |||
| CVE-2026-10923 | high | 8.8 | 8.8 | 2d ago | Use after free in WebAppInstalls in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to execute arbitrary code via a malicious file. (Chromium security severity: High) | |||
| CVE-2026-10922 | high | 8.8 | 8.8 | 2d ago | Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin p… | |||
| CVE-2026-10914 | high | 8.8 | 8.8 | 2d ago | Use after free in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: H… | |||
| CVE-2026-10913 | high | 8.8 | 8.8 | 2d ago | Use after free in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: H… | |||
| CVE-2026-10910 | high | 8.8 | 8.8 | 2d ago | Type Confusion in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-10907 | high | 8.8 | 8.8 | 2d ago | Out of bounds write in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-10904 | high | 8.8 | 8.8 | 2d ago | Inappropriate implementation in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: H… | |||
| CVE-2026-10903 | high | 8.8 | 8.8 | 2d ago | Use after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-10902 | high | 8.8 | 8.8 | 2d ago | Use after free in Ozone in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-10897 | high | 8.8 | 8.8 | 2d ago | Inappropriate implementation in GPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Cri… | |||
| CVE-2026-10896 | high | 8.8 | 8.8 | 2d ago | Use after free in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-10895 | high | 8.8 | 8.8 | 2d ago | Use after free in Ozone in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-10893 | high | 8.8 | 8.8 | 2d ago | Use after free in Chromoting in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical) | |||
| CVE-2026-10891 | high | 8.8 | 8.8 | 2d ago | Use after free in GFX in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-10890 | high | 8.8 | 8.8 | 2d ago | Use after free in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to potentially exploit heap corruption via malicious network traffic. (Chromium securit… | |||
| CVE-2026-10888 | high | 8.8 | 8.8 | 2d ago | Use after free in Cast Streaming in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to execute arbitrary code via malicious network traffic. (Chromium security s… | |||
| CVE-2026-10885 | high | 8.8 | 8.8 | 2d ago | Use after free in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-10883 | high | 8.8 | 8.8 | 2d ago | Type Confusion in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-10882 | high | 8.8 | 8.8 | 2d ago | Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-5228 | high | 8.8 | 8.8 | 2d ago | Improper Access Control, Missing Authorization vulnerability in Kurt Software Studio WriteUp Mobile App allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WriteUp Mo… | |||
| CVE-2026-43985 | high | 8.8 | 8.8 | 2d ago | Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose `configUpdate` as a state-changing administrator endpoint, but the route does not enforc… | |||
| CVE-2026-49194 | high | 8.8 | 8.8 | 3d ago | The debugging routine SCREEN_CLICK(5053) enables a connection to skip the standard device login prompt entirely and directly enter an interactive shell interface. | |||
| CVE-2026-49190 | high | 8.8 | 8.8 | 3d ago | The system fails to evaluate instructional permissions over multiple internal operation codes (opcodes), permitting unauthorized application installations or command executions. | |||
| CVE-2026-41860 | high | 8.8 | 8.8 | 3d ago | CWE-326 in BOSH allows a local attacker to steal Basic-auth credentials or redirect UAA token requests via MITM. HttpRequestHelper#create_async_endpoint and #send_http_get_request_synchronous hard-co… | |||
| CVE-2026-46264 | high | 8.8 | 8.8 | 3d ago | In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Fix sysfs initialization In case of devm_add_action_or_reset() failure the provided cleanup action will be run immedia… | |||
| CVE-2026-35085 | high | 8.8 | 8.8 | 3d ago | A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root. | |||
| CVE-2026-35084 | high | 8.8 | 8.8 | 3d ago | A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root. | |||
| CVE-2026-35083 | high | 8.8 | 8.8 | 3d ago | A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root. | |||
| CVE-2026-35082 | high | 8.8 | 8.8 | 3d ago | The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input. | |||
| CVE-2026-36607 | high | 8.8 | 8.8 | 4d ago | Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 allows unauthenticated brute-force attacks via the TDDP password change endpoint (code=10), which lacks the rate limiting applied to th… | |||
| CVE-2026-36608 | high | 8.8 | 8.8 | 4d ago | Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 allows UPnP AddPortMapping to forward external ports to the router's own admin interface by accepting its own IP (192.168.1.1) or local… | |||
| CVE-2026-49443 | high | 8.8 | 8.8 | 4d ago | authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, an attacker with the ability to change a source connection, and an account in one of the configured… | |||
| CVE-2026-49143 | high | 8.8 | 8.8 | 4d ago | BrowserStack Runner through 0.9.5 contains a remote code execution vulnerability in the /_log HTTP handler that allows unauthenticated network-adjacent attackers to execute arbitrary code by submitti… | |||
| CVE-2026-1829 | high | 8.8 | 8.8 | 4d ago | The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.02 via the 'et_pb_text' shortcode 'cvdb_content_visibility_… | |||
| CVE-2026-30652 | high | 8.8 | 8.8 | 4d ago | A remote buffer overflow vulnerability exists in the /cgi-bin/dido/setdo.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an … | |||
| CVE-2026-30650 | high | 8.8 | 8.8 | 4d ago | A post-authentication remote buffer overflow vulnerability exists in the /cgi-bin/admin/eventtask.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-03… | |||
| CVE-2026-10591 | high | 8.8 | 8.8 | 4d ago | Insufficient access control restrictions in the file write tool in Amazon Kiro IDE before version 0.11 might allow remote unauthenticated actors to execute arbitrary commands via crafted instructions… | |||
| CVE-2026-7201 | high | 8.8 | 8.8 | 4d ago | CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630 allows a remote authenti… | |||
| CVE-2026-1784 | high | 8.8 | 8.8 | 5d ago | The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document was… | |||
| CVE-2026-25277 | high | 8.8 | 8.8 | 5d ago | Memory corruption while using Strongbox due to buffer overflow. | |||
| CVE-2026-25276 | high | 8.8 | 8.8 | 5d ago | Memory corruption while using Strongbox due to missing bounds check. | |||
| CVE-2026-24782 | high | 8.8 | 8.8 | 5d ago | Kiteworks is a private data network (PDN). Prior to version 9.3.0,ultiple SQL Injection vulnerabilities in Kiteworks Secure Data Forms could be exploited by an authenticated attacker with the FormBui… | |||
| CVE-2026-10293 | high | 8.8 | 8.8 | 5d ago | A flaw has been found in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/formFireWall. This manipulation of the argument Profile causes stack-based buffer ov… | |||
| CVE-2026-10292 | high | 8.8 | 8.8 | 5d ago | A vulnerability was detected in UTT HiPER 1200GW up to 2.5.3-170306. This affects the function strcpy of the file /goform/formTaskEdit. The manipulation results in stack-based buffer overflow. The at… | |||
| CVE-2026-9614 | high | 8.8 | 8.8 | 5d ago | An Improper Access Control vulnerability in Ivanti Neurons for ITSM (cloud and on-premises) allows a remote authenticated attacker to gain administrative access. | |||
| CVE-2026-7770 | high | 8.8 | 8.8 | 5d ago | IBM i Access Family 1.1.5.0 through 1.1.9.12 IBM i Access Client Solutions (ACS) is vulnerable to remote code execution when configured to listen for requests from IBM i Navigator. | |||
| CVE-2026-45284 | high | 8.8 | 8.8 | 5d ago | Nextcloud is an open source content collaboration platform. From version 1.3.6 to before version 8.4.0, an improper check allowed users that where provided by LDAP to still authenticate towards user … | |||
| CVE-2026-43623 | high | 8.8 | 8.8 | 5d ago | microtar through 0.1.0 contains a stack-based buffer overflow vulnerability in the raw_to_header() function in src/microtar.c that allows attackers to corrupt adjacent stack memory by supplying a cra… | |||
| CVE-2026-10259 | high | 8.8 | 8.8 | 5d ago | A security vulnerability has been detected in H3C Magic B0 up to 100R002. The affected element is the function SetMobileAPInfoById of the file /goform/aspForm. Such manipulation of the argument param… | |||
| CVE-2026-49298 | high | 8.8 | 8.8 | 6d ago | A bug in Apache Airflow's KubernetesExecutor caused JWT tokens used by worker pods to authenticate against the Execution API to be passed to the worker container as command-line arguments visible in … | |||
| CVE-2026-49157 | high | 8.8 | 8.8 | 6d ago | Incorrect Default Permissions vulnerability in Apache ActiveMQ. This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6. The default Jolokia authorization settings granted non-ad… | |||
| CVE-2026-45505 | high | 8.8 | 8.8 | 6d ago | Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Non-parenthesized discovery wrapp… | |||
| CVE-2026-42359 | high | 8.8 | 8.8 | 6d ago | A bug in Apache Airflow's XCom PATCH endpoint `PATCH /api/v2/xcomEntries/{key}` allowed an authenticated UI/API user with XCom write permission on a Dag to set XCom entries under reserved key names (… |