CVEs from 2026
Total
14,774
critical
critical 1,334
high
high 4,998
medium
medium 4,821
low
low 502
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 723
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-11004 | unknown | — | — | 2d ago | <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> | |||
| CVE-2026-47708 | unknown | — | — | 2d ago | MCP-for-Stata: Command injection via log_file_name parameter in Stata command wrapper | |||
| CVE-2026-41522 | unknown | — | — | 2d ago | Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional GraphQL endpoint at `/graphql… | |||
| CVE-2026-47703 | unknown | — | — | 2d ago | AdGuard Home: DoQ-to-UDP State Reduction and Source-Port Oracle | |||
| CVE-2026-48013 | unknown | — | — | 2d ago | Shopware: SSRF in Media External-Link Endpoint Bypasses IP Validation | |||
| CVE-2026-48015 | unknown | — | — | 2d ago | Shopware: Stored XSS via SVG file upload — no SVG sanitization | |||
| CVE-2026-48016 | unknown | — | — | 2d ago | Shopware: Unauthorized Payment Trigger for Foreign Orders via /store-api/handle-payment | |||
| CVE-2026-48014 | unknown | — | — | 2d ago | Shopware: Admin API ACL Bypass in Order State Transition Endpoints | |||
| CVE-2026-48012 | unknown | — | — | 2d ago | Shopware SSO referer trust leading to an arbitrary redirect target | |||
| CVE-2026-48011 | unknown | — | — | 2d ago | Shopware: Timing-attack on admin panel allowing enumeration of administrator usernames | |||
| CVE-2026-48010 | unknown | — | — | 2d ago | Shopware: Privilege escalation: non-admin user with user:create ACL can create admin accounts | |||
| CVE-2026-48009 | unknown | — | — | 2d ago | Shopware: Admin Account Takeover via User Recovery Hash Exposure | |||
| CVE-2026-48008 | unknown | — | — | 2d ago | Shopware: Privilege Escalation via Sync API Integration Admin Flag Bypass | |||
| CVE-2026-48480 | unknown | — | — | 2d ago | The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.22.FInal, the codec-ohttp implementation of draft-ietf-ohai-chunked-ohttp does not verify that a cryptograp… | |||
| CVE-2026-50183 | unknown | — | — | 2d ago | WWBN AVideo: Stored XSS via Hostile YouTube Video Title in AVideo YouTubeAPI Gallery Section | |||
| CVE-2026-50182 | unknown | — | — | 2d ago | WWBN AVideo: Unauthenticated Reflected XSS via $_GET['search'] in AVideo YouTubeAPI Gallery Pagination | |||
| CVE-2026-49279 | unknown | — | — | 2d ago | WWBN AVideo: Stored XSS via autoEvalCodeOnHTML Bypass in MessageSQLite WebSocket Handler (CVE-2026-43874 Bypass) | |||
| CVE-2026-8462 | unknown | — | — | 2d ago | OpenMeter: SQL injection through meter creation | |||
| CVE-2026-47671 | unknown | — | — | 2d ago | Nhost CLI local configserver allows cross-origin unauthenticated read/write access to local development configuration and secrets | |||
| CVE-2026-47215 | unknown | — | — | 2d ago | Singluarity: Incorrect path matching for 'limit container paths' directive | |||
| CVE-2026-47192 | unknown | — | — | 2d ago | kas's late signature validation may allow unnoticed repository manipulations | |||
| CVE-2026-7774 | unknown | — | — | 2d ago | tarfile.data_filter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. T… | |||
| CVE-2026-38570 | unknown | — | — | 2d ago | bacnet_stack 1.3.1 contains an Out-of-bounds Read in bacnet_tag_number_decode which allows attackers to cause a denial of service. | |||
| CVE-2026-36182 | unknown | — | — | 2d ago | GNCC GP5 v7.1.76 was discovered to utilize a weak hashing algorithm to protect the root password, possibly allowing attackers to obtain root credentials and privileges via a bruteforce attack. | |||
| CVE-2026-10868 | unknown | — | — | 2d ago | A mass assignment vulnerability exists in the MISP user edit functionality due to insufficient filtering of user-supplied fields in UsersController::edit(). When processing edit requests, the applica… | |||
| CVE-2026-41065 | unknown | — | — | 2d ago | Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 are vulnerable to remote code execution via the newsletter custom template directory feature. O… | |||
| CVE-2026-36180 | unknown | — | — | 2d ago | A lack of runtime integrity in GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass file system read-only protections and modify system files and binaries for the duration of a boot sessi… | |||
| CVE-2026-36174 | unknown | — | — | 2d ago | GNCC GP5 v7.1.76 was discovered to store sensitive wireless network information in plaintext during routine operations to the serial console. This issue allows physically-proximate attackers to obtai… | |||
| CVE-2026-35905 | unknown | — | — | 2d ago | T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 were discovered to contain a hardcoded password for root access under the "superadmin" account. | |||
| CVE-2026-35904 | unknown | — | — | 2d ago | Incorrect access control in the web management interface of T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 allows unauthorized attackers to enable the Telnet service via … | |||
| CVE-2026-10864 | unknown | — | — | 2d ago | A vulnerability in the MISP dashboard widgets allowed an authenticated user to manipulate the fields option and influence which fields were returned by the New Users and New Organisations widgets. In… | |||
| CVE-2026-10863 | unknown | — | — | 2d ago | A security issue was fixed in the correlations over-correlation endpoint where the order query parameter was accepted from user-controlled named request parameters. This allowed an authenticated user… | |||
| CVE-2026-10860 | unknown | — | — | 2d ago | A logic error in the MISP CRUD component delete handler allowed validation failures to be bypassed when requests used the HTTP DELETE method. Due to missing parentheses in the delete condition, the e… | |||
| CVE-2026-45730 | unknown | — | — | 2d ago | Nuclio: Missing authorization on project write paths allows any authenticated user to modify or delete any project | |||
| CVE-2026-45337 | unknown | — | — | 2d ago | Better Auth: Device authorization approve and deny accept any authenticated session while the user code is pending | |||
| CVE-2026-45056 | unknown | — | — | 2d ago | Sender-binding gaps in to-device messages | |||
| CVE-2026-44476 | unknown | — | — | 2d ago | Doorkeeper Openid Connect: Dynamic Client Registration feature creates public clients with client_secret | |||
| CVE-2026-44889 | unknown | — | — | 2d ago | WebOb: Location header normalization during redirect leads to open redirect - again | |||
| CVE-2026-44496 | unknown | — | — | 2d ago | Axios: Regular Expression Denial of Service (ReDoS) via Cookie Name Injection | |||
| CVE-2026-44488 | unknown | — | — | 2d ago | Allocation of Resources Without Limits or Throttling in Axios | |||
| CVE-2026-44487 | unknown | — | — | 2d ago | Axios: Proxy-Authorization Credential Leak to Origin Server Across HTTP-to-HTTPS Redirect in Axios Node.js HTTP Adapter | |||
| CVE-2026-8762 | unknown | — | — | 2d ago | Rejected reason: After analysis, the originally reported behaviour was determined not to constitute a security vulnerability. The findings were parser-strictness defects without an exploitable framin… | |||
| CVE-2026-45433 | unknown | — | — | 2d ago | This vulnerability exists in GX Earth 2022 ONT models due to the presence of hardcoded RSA private key within the device firmware. A remote attacker could exploit this vulnerability by extracting the… | |||
| CVE-2026-43926 | unknown | — | — | 2d ago | FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the password reset confirmation endpoint `/client/reset-password-confirm/:hash` is handled by a non-AP… | |||
| CVE-2026-40605 | unknown | — | — | 2d ago | Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.1, a path traversal vulnerability in the cache deletion endpoint allows authenticated API access t… | |||
| CVE-2026-10861 | unknown | — | — | 2d ago | An open redirect vulnerability existed in MISP UsersController::routeafterlogin() because the value stored in the pre_login_requested_url session key was used as the post-login redirect destination w… | |||
| CVE-2026-10856 | unknown | — | — | 2d ago | A URL validation flaw in the MISP dashboard button widget allowed a crafted relative-looking URL to be accepted as a local path while being interpreted by browsers as an external URL. The validation … | |||
| CVE-2026-10855 | unknown | — | — | 2d ago | An authorization flaw existed in the MISP Event Template Importer overwrite workflow. When importing an event template in overwrite mode, the application checked whether a matching template already e… | |||
| CVE-2026-44486 | unknown | — | — | 2d ago | Axios: Proxy-Authorization header leaks to redirect target when proxy is re-evaluated to direct connection | |||
| CVE-2026-45432 | unknown | — | — | 2d ago | This vulnerability exists in GX Earth ONT models due to the transmission of user credentials in plaintext over HTTP in its web management interface. A remote attacker could exploit this vulnerability… | |||
| CVE-2026-45431 | unknown | — | — | 2d ago | This vulnerability exists in GX Earth ONT models due to improper handling of user-supplied input in multiple diagnostic functions in its web management interface. An authenticated remote attacker cou… | |||
| CVE-2026-50226 | unknown | — | — | 2d ago | Fixed AES-128-CBC keys inside the AcerConnect OTA application let attackers forge authorization credentials for arbitrary IMEI numbers. This allows unauthorized actors to list catalog items and extra… | |||
| CVE-2026-50225 | unknown | — | — | 2d ago | The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database. | |||
| CVE-2026-50224 | unknown | — | — | 2d ago | The web administration panel binds broadly to the public IPv6 address space on port [::]:8080 without default firewall limits, making internal API endpoints reachable over the WAN. | |||
| CVE-2026-50214 | unknown | — | — | 2d ago | The /v1/Plan service relies entirely on a shared global API token for full administrative management, allowing arbitrary creation of zero-cost network access plans. | |||
| CVE-2026-4881 | unknown | — | — | 2d ago | In affected versions of Octopus Server, permissions were not checked correctly resulting in any authenticated user being able to make server level changes using a certain API endpoint despite receivi… | |||
| CVE-2026-2596 | unknown | — | — | 3d ago | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |||
| CVE-2026-22055 | unknown | — | — | 3d ago | Active IQ OneCollect version 2.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations. | |||
| CVE-2026-22054 | unknown | — | — | 3d ago | Active IQ Config Advisor version 6.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations. | |||
| CVE-2026-44182 | unknown | — | — | 3d ago | Jupyter Enterprise Gateway: Kubernetes Manifest Injection in Jinja2 Template Rendering | |||
| CVE-2026-44181 | unknown | — | — | 3d ago | Jupyter Enterprise Gateway: Jinja2 Template Server Side Template Injection resulting in Remote Code Execution | |||
| CVE-2026-44180 | unknown | — | — | 3d ago | Jupyter Enterprise Gateway: ContainerProcessProxy._enforce_prohibited_ids Bypass | |||
| CVE-2026-44023 | unknown | — | — | 3d ago | Docling Core: Unsafe remote filename resolution | |||
| CVE-2026-44019 | unknown | — | — | 3d ago | Docling Core: Insufficient validation of image reference URIs | |||
| CVE-2026-47214 | unknown | — | — | 3d ago | Docling: Unsafe URI and Path Handling in HTML Backend | |||
| CVE-2026-44022 | unknown | — | — | 3d ago | Docling: Potential Path Traversal via LaTeX \includegraphics and \input Commands | |||
| CVE-2026-44020 | unknown | — | — | 3d ago | Docling: Unsafe XML Entity Expansion in USPTO Patent Backend | |||
| CVE-2026-44018 | unknown | — | — | 3d ago | Docling: Unsafe Archive Extraction and XML Parsing in METS-GBS Backend | |||
| CVE-2026-44016 | unknown | — | — | 3d ago | Docling: Unsafe Playwright-based HTML Rendering | |||
| CVE-2026-43980 | unknown | — | — | 3d ago | malla: Stored XSS via Meshtastic node names in multiple frontend pages | |||
| CVE-2026-43924 | unknown | — | — | 3d ago | FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Redirect module does not validate the URL scheme of administrator-configured destination URLs befo… | |||
| CVE-2026-40495 | unknown | — | — | 3d ago | FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 leak the exact system version through asset cache buster parameters in HTML output, bypassing the `hid… | |||
| CVE-2026-44017 | unknown | — | — | 3d ago | Docling: Unsafe Zip Extraction in EasyOCR Model Download | |||
| CVE-2026-7888 | unknown | — | — | 3d ago | Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the Workflow, Form block, and File/Set components that lack the allowed_classes restriction. An unauthenticat… | |||
| CVE-2026-42840 | unknown | — | — | 3d ago | An authenticated user can persist arbitrary HTML/JavaScript in the email_id or mobile_no fields of a Customer record and trigger unescaped rendering in the Point of Sale (POS) interface for every ope… | |||
| CVE-2026-42839 | unknown | — | — | 3d ago | An authenticated ERPNext user with Item record edit permissions can persist arbitrary HTML/JavaScript in the item_name, description, or image fields of an Item and trigger unescaped rendering in the … | |||
| CVE-2026-44281 | unknown | — | — | 3d ago | GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, an authenticated user with config READ permission can read a specific asset… | |||
| CVE-2026-42321 | unknown | — | — | 3d ago | GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS payload in the asset locked tab. Upgrade to 10.0.25 or … | |||
| CVE-2026-42320 | unknown | — | — | 3d ago | GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 10.0.25 and 11.0.7, a technician can read arbitrary files inside the GLPI_DOC_DIR. Upgrade to 1… | |||
| CVE-2026-42318 | unknown | — | — | 3d ago | GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 10.0.25 and 11.0.7, low privilege users with access to planning can delete any object in GLPI.… | |||
| CVE-2026-42317 | unknown | — | — | 3d ago | GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, a technician can delete arbitrary files from the filesystem as long as the … | |||
| CVE-2026-3276 | unknown | — | — | 3d ago | unicodedata.normalize() can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. Thi… | |||
| CVE-2026-36574 | unknown | — | — | 3d ago | A DLL hijacking vulnerability in Wassimulator (GitHub) CactusViewer v2.3.0 allows attackers to escalate privileges and execute arbitrary code via a crafted DLL. | |||
| CVE-2026-10770 | unknown | — | — | 3d ago | This module provides spam protection using the CleanTalk cloud service. The module doesn't sufficiently sanitize API response messages before rendering them in HTML output. The `_cleantalk_die()` an… | |||
| CVE-2026-10769 | unknown | — | — | 3d ago | The module doesn't sufficiently sanitize customer comments in the order receipt email template; this could be exploited to achieve Cross-site Scripting (XSS). This vulnerability is mitigated by the … | |||
| CVE-2026-10768 | unknown | — | — | 3d ago | This module configures default editorial workflows for LocalGov Drupal content types. It provides a Drupal content moderation workflow, a content approvals dashboard, content scheduling and content p… | |||
| CVE-2026-46272 | unknown | — | — | 3d ago | In the Linux kernel, the following vulnerability has been resolved: coresight: tmc-etr: Fix race condition between sysfs and perf mode When trying to run perf and sysfs mode simultaneously, the WAR… | |||
| CVE-2026-46269 | unknown | — | — | 3d ago | In the Linux kernel, the following vulnerability has been resolved: pinctrl: canaan: k230: Fix NULL pointer dereference when parsing devicetree When probing the k230 pinctrl driver, the kernel trig… | |||
| CVE-2026-46268 | unknown | — | — | 3d ago | In the Linux kernel, the following vulnerability has been resolved: PCI/P2PDMA: Fix p2pmem_alloc_mmap() warning condition Commit b7e282378773 has already changed the initial page refcount of p2pdma… | |||
| CVE-2026-46267 | unknown | — | — | 3d ago | In the Linux kernel, the following vulnerability has been resolved: nfc: hci: shdlc: Stop timers and work before freeing context llc_shdlc_deinit() purges SHDLC skb queues and frees the llc_shdlc s… | |||
| CVE-2026-46262 | unknown | — | — | 3d ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: fsl_xcvr: Revert fix missing lock in fsl_xcvr_mode_put() This reverts commit f51424872760 ("ASoC: fsl_xcvr: fix missing loc… | |||
| CVE-2026-46261 | unknown | — | — | 3d ago | In the Linux kernel, the following vulnerability has been resolved: spi: wpcm-fiu: Fix potential NULL pointer dereference in wpcm_fiu_probe() platform_get_resource_byname() can return NULL, which w… | |||
| CVE-2026-46258 | unknown | — | — | 3d ago | In the Linux kernel, the following vulnerability has been resolved: gpio: cdev: Avoid NULL dereference in linehandle_create() In linehandle_create(), there is a statement like this: retain_and_nu… | |||
| CVE-2026-46257 | unknown | — | — | 3d ago | In the Linux kernel, the following vulnerability has been resolved: clocksource/drivers/timer-sp804: Fix an Oops when read_current_timer is called on ARM32 platforms where the SP804 is not registere… | |||
| CVE-2026-46256 | unknown | — | — | 3d ago | In the Linux kernel, the following vulnerability has been resolved: NFS/localio: prevent direct reclaim recursion into NFS via nfs_writepages LOCALIO is an NFS loopback mount optimization that avoi… | |||
| CVE-2026-46255 | unknown | — | — | 3d ago | In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-edma: don't explicitly disable clocks in .remove() The clocks in fsl_edma_engine::muxclk are allocated and enabled… | |||
| CVE-2026-46254 | unknown | — | — | 3d ago | In the Linux kernel, the following vulnerability has been resolved: AppArmor: Allow apparmor to handle unaligned dfa tables The dfa tables can originate from kernel or userspace and 8-byte alignmen… | |||
| CVE-2026-46252 | unknown | — | — | 3d ago | In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix locking in regulator_resolve_supply() error path If late enabling of a supply regulator fails in regulator_r… | |||
| CVE-2026-46249 | unknown | — | — | 3d ago | In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Fix PF driver crash with kexec kernel booting During a kexec reboot the hardware is not power-cycled, so AF state f… | |||
| CVE-2026-46248 | unknown | — | — | 3d ago | In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: clear stale link mapping of ahvif->links_map When an arvif is initialized in non-AP STA mode but MLO connection pre… |