CVEs from 2026
Total
14,777
critical
critical 1,334
high
high 5,000
medium
medium 4,821
low
low 503
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 723
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-6304 | high | 8.3 | 8.3 | 2mo ago | Use after free in Graphite in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.… | |||
| CVE-2026-6311 | high | 8.3 | 8.3 | 2mo ago | Uninitialized Use in Accessibility in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a… | |||
| CVE-2026-6310 | high | 8.3 | 8.3 | 2mo ago | Use after free in Dawn in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Ch… | |||
| CVE-2026-6297 | high | 8.3 | 8.3 | 2mo ago | Use after free in Proxy in Google Chrome prior to 147.0.7727.101 allowed an attacker in a privileged network position to potentially perform a sandbox escape via a crafted HTML page. (Chromium securi… | |||
| CVE-2026-25083 | high | 8.3 | 8.3 | 3mo ago | GROWI OpenAI thread/message API endpoints do not perform authorization. Affected are v7.4.5 and earlier versions. A logged-in user who knows a shared AI assistant's identifier may view and/or tamper … | |||
| CVE-2026-1619 | high | 8.3 | 8.3 | 4mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Universal Software Inc. FlexCity/Kiosk allows Exploitation of Trusted Identifiers. This issue affects FlexCity/Kiosk: from 1.0 befor… | |||
| CVE-2026-50205 | high | 8.2 | 8.2 | 2d ago | System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identification data. | |||
| CVE-2026-41010 | high | 8.2 | 8.2 | 2d ago | ReleaseJob#unpack builds job_dir = File.join(@release_dir, 'jobs', name) and job_tgz = File.join(@release_dir, 'jobs', "#{name}.tgz") where name returns @job_meta['name'], a value taken verbatim from… | |||
| CVE-2026-41011 | high | 8.2 | 8.2 | 3d ago | PackagePersister.validate_tgz builds "tar -tf #{tgz} 2>&1" where tgz = File.join(release_dir, 'packages', "#{name}.tgz") and name = package_meta['name'] comes directly from release.MF inside the uplo… | |||
| CVE-2026-10622 | high | 8.2 | 8.2 | 4d ago | Improper Authentication in REST API in Collibra Agent, allows a remote unauthenticated attacker to access privileged functionality via exposed '/rest/* endpoints. | |||
| CVE-2026-24752 | high | 8.2 | 8.2 | 5d ago | Kiteworks is a private data network (PDN). Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitra… | |||
| CVE-2026-24088 | high | 8.2 | 8.2 | 5d ago | Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized bootloader. | |||
| CVE-2026-49491 | high | 8.2 | 8.2 | 5d ago | Pixa Bank 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract sensitive data by injecting SQL code into the 'rib' parameter. Attackers can send POST requests … | |||
| CVE-2026-45545 | high | 8.2 | 8.2 | 5d ago | Nextcloud is an open source content collaboration platform. From versions 0.7.0 to before 0.7.7, 0.8.0 to before 0.8.10, 0.9.0 to before 0.9.8, and 1.0.0 to before 1.0.4, an authenticated attacker wi… | |||
| CVE-2026-43624 | high | 8.2 | 8.2 | 5d ago | F5-TTS through version 1.1.20 contains a path traversal vulnerability in the finetune Gradio handlers that allows unauthenticated attackers to write arbitrary files by passing unsanitized user-suppli… | |||
| CVE-2026-24751 | high | 8.2 | 8.2 | 5d ago | Kiteworks is a private data network (PDN). Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitra… | |||
| CVE-2026-37234 | high | 8.2 | 8.2 | 6d ago | FlexRIC v2.0.0 allows a single SCTP connection to bind multiple xapp_ids by sending multiple E42_SETUP_REQUESTs. On disconnect, only the first registered xapp_id's resources are cleaned up; subsequen… | |||
| CVE-2026-49371 | high | 8.2 | 8.2 | 8d ago | In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible | |||
| CVE-2026-45615 | high | 8.2 | 8.2 | 8d ago | mouse07410/asn1c is an ASN.1 compiler. In 1.4 and earlier, a memory safety vulnerability was identified in the OER decoding skeleton files generated by asn1c (specifically INTEGER_oer.c). When parsin… | |||
| CVE-2026-44358 | high | 8.2 | 8.2 | 9d ago | Espressif Shared GitHub DangerJS is a reusable GitHub Action CI DangerJS workflow for Espressif GitHub projects. Prior to 1.0.1, the action's entrypoint.sh invoked DangerJS from the caller's workspac… | |||
| CVE-2026-35676 | high | 8.2 | 8.2 | 9d ago | phpMyFAQ before 4.1.3 contains an unauthenticated password reset vulnerability in the user password update API endpoint that allows attackers to change account passwords without token validation. Att… | |||
| CVE-2026-35675 | high | 8.2 | 8.2 | 9d ago | phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in the password reset endpoint that allows unauthenticated attackers to reset any user account password without token verificatio… | |||
| CVE-2026-44712 | high | 8.2 | 8.2 | 10d ago | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, a crafted UUID such as $(id>/tmp/rce) in the config causes root RCE when pamusb-conf --reset-pads is… | |||
| CVE-2026-4868 | high | 8.2 | 8.2 | 10d ago | GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that, under certain conditions, could have allowed an authent… | |||
| CVE-2026-45089 | high | 8.2 | 8.2 | 10d ago | Dalfox Server Mode has an Unauthenticated Arbitrary File Create/Append via `output` Option | |||
| CVE-2026-42083 | high | 8.2 | 8.2 | 10d ago | free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, PCF Npcf_SMPolicyControl missing authentication middleware allows unauthenticated access to SM policy handlers and dis… | |||
| CVE-2026-44328 | high | 8.2 | 8.2 | 10d ago | free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware. On top of that, the DELETE /upi… | |||
| CVE-2026-44483 | high | 8.2 | 8.2 | 10d ago | RVF (formerly Remix Validated Form) provides easy form validation and state management for React. From 6.0.0 to before 6.0.4 and 7.0.2, setPath in @rvf/set-get (used by @rvf/core to flatten incoming … | |||
| CVE-2026-44971 | high | 8.2 | 8.2 | 10d ago | GuardDog is a CLI tool to identify malicious PyPI packages. From 1.0.0 to 2.9.0, the programmatic remote project scanning path rewrites attacker-controlled repository URLs using a blind string replac… | |||
| CVE-2026-46037 | high | 8.2 | 8.2 | 10d ago | In the Linux kernel, the following vulnerability has been resolved: ipv4: icmp: validate reply type before using icmp_pointers Extended echo replies use ICMP_EXT_ECHOREPLY as the outbound reply typ… | |||
| CVE-2026-42735 | high | 8.2 | 8.2 | 10d ago | Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Password Recovery Exploitation.This issue affects KiviCare: f… | |||
| CVE-2026-45843 | high | 8.2 | 8.2 | 10d ago | In the Linux kernel, the following vulnerability has been resolved: slip: bound decode() reads against the compressed packet length slhc_uncompress() parses a VJ-compressed TCP header by advancing … | |||
| CVE-2026-9312 | high | 8.2 | 8.2 | 11d ago | A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to send crafted requests to internal services by exploiting insu… | |||
| CVE-2026-42013 | high | 8.2 | 8.2 | 11d ago | RHSA-2026:20612: gnutls security update (Important) | |||
| CVE-2026-5260 | high | 8.2 | 8.2 | 11d ago | RHSA-2026:20612: gnutls security update (Important) | |||
| CVE-2026-44843 | high | 8.2 | 8.2 | 11d ago | LangChain vulnerable to unsafe deserialization of attacker-controlled objects through overly broad `load()` allowlists | |||
| CVE-2026-8890 | high | 8.2 | 8.2 | 11d ago | code100x contains an authentication bypass vulnerability in the Mobile API that allows unauthenticated attackers to impersonate arbitrary users by supplying a crafted JSON payload in the 'g' HTTP hea… | |||
| CVE-2026-44728 | high | 8.2 | 8.2 | 11d ago | Babel is a compiler for writing next generation JavaScript. From 7.12.0 to before 7.29.4 and 8.0.0-alpha.13, using Babel to compile code that was specifically crafted by an attacker can cause Babel t… | |||
| CVE-2026-48126 | high | 8.2 | 8.2 | 11d ago | Algernon is a small self-contained pure-Go web server. Prior to 1.17.8, when algernon is started with --domain (or --letsencrypt, which silently turns on --domain at engine/flags.go:372), the request… | |||
| CVE-2026-9284 | high | 8.2 | 8.2 | 14d ago | The WooCommerce PayPal Payments plugin for WordPress is vulnerable to unauthorized order manipulation and information disclosure due to missing authorization checks on the `ppc-create-order` and `ppc… | |||
| CVE-2026-48235 | high | 8.2 | 8.2 | 16d ago | Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in incs/remotes.inc.php where latitude, longitude, callsign, mph, altitude, and timestamp values parsed from external GPS tracki… | |||
| CVE-2026-34926 | medium | 6.7 | 8.2 | 16d ago | Trend Micro Apex One (on-premise) contains a directory traversal vulnerability that could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to depl… | |||
| CVE-2026-9057 | high | 8.2 | 8.2 | 17d ago | A broken access control issue has been identified in the Talend Administration Center, that allows a user with “View” permission to modify the Talend Studio update URL. This issue was resolved in a p… | |||
| CVE-2026-0966 | high | 8.2 | 8.2 | 19d ago | Moderate: libssh security update | |||
| CVE-2026-45327 | high | 8.2 | 8.2 | 19d ago | TinyIce is a streaming server for audio and video. In versions 0.8.95 through 2.4.1, missing authentication on WebRTC ingest endpoint allows unauthenticated stream injection. Version 2.5.0 fixes the … | |||
| CVE-2026-45302 | high | 8.2 | 8.2 | 19d ago | parse-nested-form-data is a tiny node module for parsing FormData by name into objects and arrays. Prior to version 1.0.1, parseFormData() walks bracket and dot-notation FormData field names into nes… | |||
| CVE-2026-45627 | high | 8.2 | 8.2 | 19d ago | Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, the unauthenticated GET /api/app-images/logo endpoint reflects a user-supplied color query param… | |||
| CVE-2026-46510 | high | 8.2 | 8.2 | 19d ago | form-data-objectizer converts FormData to object. Prior to 1.0.1, form-data-objectizer walks bracket-notation form keys (e.g. name[sub]) into nested objects without filtering __proto__, constructor, … | |||
| CVE-2026-46720 | high | 8.2 | 8.2 | 20d ago | Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources c… | |||
| CVE-2026-46728 | high | 8.2 | 8.2 | 21d ago | Das U-Boot before 2026.04 allows FIT (Flat Image Tree) signature verification bypass because hashed-nodes is omitted from a hash. | |||
| CVE-2026-8657 | high | 8.2 | 8.2 | 21d ago | Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Prototype Pollution via the jsondiffpatch.patch() and jsondiffpatch/formatters/jsonpatch.patch() APIs. An attacker can perform pro… | |||
| CVE-2026-34253 | high | 8.2 | 8.2 | 22d ago | A buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-tools 1.4.3 package in function remotethread in remote.c. This vulnerability occurs in the remote control fu… | |||
| CVE-2026-46509 | high | 8.2 | 8.2 | 23d ago | deepobj provides get, set, delete deep objects in javascript. Prior to 1.0.3, prototype pollution is possible when property paths contain __proto__/constructor/prototype. The property path must not b… | |||
| CVE-2026-42591 | high | 8.2 | 8.2 | 23d ago | Gotenberg has a Server-Side Request Forgery (SSRF) Issue | |||
| CVE-2026-42590 | high | 8.2 | 8.2 | 23d ago | Gotenberg's ExifTool group-prefix syntax bypasses dangerous-tag blocklist | |||
| CVE-2026-40893 | high | 8.2 | 8.2 | 23d ago | Gotenberg has an ExifTool Dangerous Tag Blocklist Bypass via Group-Prefixed Tag Names that Allows Arbitrary File Rename and Move | |||
| CVE-2026-41249 | high | 8.2 | 8.2 | 23d ago | CoreShop is a Pimcore enhanced eCommerce solution. In versions 5.0.1 through 5.1.0-beta.1,, the GitHub Actions workflow (`.github/workflows/static.yml`) uses the `pull_request_target` trigger but dan… | |||
| CVE-2026-5395 | high | 8.2 | 8.2 | 23d ago | The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including,… | |||
| CVE-2026-5396 | high | 8.2 | 8.2 | 23d ago | The Fluent Forms plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 6.1.21. This is due to the SubmissionPolicy class authori… | |||
| CVE-2026-32992 | high | 8.2 | 8.2 | 24d ago | SSL verification is disabled in the DNS Cluster system. This could allow for a malicious server to man-in-the-middle the request and capture credentials. | |||
| CVE-2026-26289 | high | 8.2 | 8.2 | 25d ago | PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions … | |||
| CVE-2026-44403 | high | 7.2 | 8.2 | 25d ago | Wing FTP Server before 8.1.3 contains an authenticated remote code execution vulnerability in the session serialization mechanism that allows authenticated administrators to inject arbitrary Lua code… | |||
| CVE-2026-43929 | high | 8.2 | 8.2 | 25d ago | ssrfcheck Vulnerable to Server-Side Request Forgery (SSRF) and Incomplete List of Disallowed Inputs | |||
| CVE-2026-33833 | high | 8.2 | 8.2 | 25d ago | Improper neutralization of special elements in output used by a downstream component ('injection') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2026-43993 | high | 8.2 | 8.2 | 25d ago | JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the WAVS bridge's computeDataVerify called fetch() on agent-supplied URLs without validating scheme, port, or reso… | |||
| CVE-2026-42260 | high | 8.2 | 8.2 | 25d ago | open-websearch has SSRF in `fetchWebContent` MCP tool: bracketed IPv6 literals and non-resolving hostname check bypass `isPrivateOrLocalHostname` | |||
| CVE-2026-35071 | high | 8.2 | 8.2 | 25d ago | Dell PowerScale InsightIQ, versions 6.0.0 through 6.2.0, contains an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability. A high privileged attack… | |||
| CVE-2026-41713 | high | 8.2 | 8.2 | 25d ago | Spring AI: Prompt Injection via Memory Poisoning in PromptChatMemoryAdvisor | |||
| CVE-2026-39432 | high | 8.2 | 8.2 | 25d ago | Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Timetics: from n/a through 1.0.53. | |||
| CVE-2026-34259 | high | 8.2 | 8.2 | 26d ago | Due to an OS Command Execution vulnerability in SAP Forecasting & Replenishment, an authenticated attacker with administrative authorizations could abuse a non-remote-enabled function to execute arbi… | |||
| CVE-2026-43893 | high | 8.2 | 8.2 | 26d ago | exiftool-vendored vulnerable to argument injection via newline characters in tag names | |||
| CVE-2026-43886 | high | 8.2 | 8.2 | 26d ago | Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.6.1, a logic error in OAuthInterface.validateScope() uses Array.some() to validate requested OAuth scopes, causing t… | |||
| CVE-2026-42564 | high | 8.2 | 8.2 | 26d ago | jotty·page is a self-hosted app for your checklists and notes. Prior to 1.22.0, an unauthenticated path traversal vulnerability exists in /api/app-icons/[filename]. The filename route parameter is jo… | |||
| CVE-2026-41432 | high | 8.2 | 8.2 | 29d ago | New API: Stripe Webhook Signature Bypass via Empty Secret Enables Unlimited Quota Fraud | |||
| CVE-2026-42353 | high | 8.2 | 8.2 | 29d ago | i18next-http-middleware has path traversal / SSRF via user-controlled language and namespace parameters | |||
| CVE-2026-41693 | high | 8.2 | 8.2 | 29d ago | i18next-fs-backend: Path traversal via unsanitised lng/ns allows arbitrary file read/overwrite | |||
| CVE-2026-29972 | high | 8.2 | 8.2 | 29d ago | nanoMODBUS through v1.22.0 has a stack-based buffer overflow in recv_read_registers_res() in nanomodbus.c. When a client calls nmbs_read_holding_registers() or nmbs_read_input_registers(), the librar… | |||
| CVE-2026-43466 | high | 8.2 | 8.2 | 29d ago | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix DMA FIFO desync on error CQE SQ recovery In case of a TX error CQE, a recovery flow is triggered, mlx5e_reset_txqs… | |||
| CVE-2026-43452 | high | 8.2 | 8.2 | 29d ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: x_tables: guard option walkers against 1-byte tail reads When the last byte of options is a non-single-byte option kin… | |||
| CVE-2026-43365 | high | 8.2 | 8.2 | 29d ago | In the Linux kernel, the following vulnerability has been resolved: xfs: fix undersized l_iclog_roundoff values If the superblock doesn't list a log stripe unit, we set the incore log roundoff valu… | |||
| CVE-2026-34327 | high | 8.2 | 8.2 | 1mo ago | Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2026-45137 | high | 8.2 | 8.2 | 1mo ago | Anchor is a framework providing several convenient developer tools for writing Solana programs. From 1.0.0 to before 1.0.2, an logic error causes anchor programs to accept any program id when requiri… | |||
| CVE-2026-43233 | high | 8.2 | 8.2 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_h323: fix OOB read in decode_choice() In decode_choice(), the boundary check before get_len() uses the va… | |||
| CVE-2026-43190 | high | 8.2 | 8.2 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_tcpmss: check remaining length before reading optlen Quoting reporter: In net/netfilter/xt_tcpmss.c (lines 53-68)… | |||
| CVE-2026-39852 | high | 8.2 | 8.2 | 1mo ago | Quarkus has Authentication/Authorization bypasses | |||
| CVE-2026-35091 | high | 8.2 | 8.2 | 1mo ago | A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User… | |||
| CVE-2026-40912 | high | 8.2 | 8.2 | 1mo ago | Traefik has an StripPrefixRegex Middleware Authorization Bypass via Path/RawPath Desync | |||
| CVE-2026-41670 | high | 8.2 | 8.2 | 1mo ago | Admidio Sends SAML Response to Unvalidated Assertion Consumer Service URL from AuthnRequest | |||
| CVE-2026-41669 | high | 8.2 | 8.2 | 1mo ago | Admidio Ignores SAML Signature Validation Result, Processes Forged AuthnRequests and LogoutRequests | |||
| CVE-2026-28221 | high | 8.2 | 8.2 | 1mo ago | Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.8.0 to before version 4.14.4, a stack-based buffer overflow exists in print_hex_string() i… | |||
| CVE-2026-41394 | high | 8.2 | 8.2 | 1mo ago | OpenClaw: Unauthenticated plugin-auth HTTP routes receive operator runtime scopes | |||
| CVE-2026-38651 | high | 8.2 | 8.2 | 1mo ago | Netmaker does not verify JWT signatures for host tokens | |||
| CVE-2026-5944 | high | 8.2 | 8.2 | 1mo ago | An improper access control vulnerability exists in the Cisco Intersight Device Connector for Nutanix Prism Central. The service exposes an API passthrough endpoint on TCP port 7373 that is accessible… | |||
| CVE-2026-41604 | high | 8.2 | 8.2 | 1mo ago | Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue. | |||
| CVE-2026-40022 | high | 8.2 | 8.2 | 1mo ago | Apache Camel Vulnerable to Authentication Bypass Using an Alternate Path or Channel | |||
| CVE-2026-41326 | high | 8.2 | 8.2 | 1mo ago | Kata Container has CopyFile Policy Subversion via Symlinks | |||
| CVE-2026-31631 | high | 8.2 | 8.2 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix buffer overread in rxgk_do_verify_authenticator() Fix rxgk_do_verify_authenticator() to check the buffer size before c… | |||
| CVE-2026-41309 | high | 8.2 | 8.2 | 1mo ago | Open Source Social Network (OSSN) is open-source social networking software developed in PHP. Versions prior to 9.0 are vulnerable to resource exhaustion. An attacker can upload a specially crafted i… | |||
| CVE-2026-31476 | high | 8.2 | 8.2 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: ksmbd: do not expire session on binding failure When a multichannel session binding request fails (e.g. wrong password), the erro… | |||
| CVE-2026-41145 | high | 8.2 | 8.2 | 2mo ago | MinIO has an Unauthenticated Object Write via Query-String Credential Signature Bypass in Unsigned-Trailer Uploads |