CVEs from 2026
Total
14,362
critical
critical 1,267
high
high 4,864
medium
medium 4,567
low
low 496
% Critical
8.8%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 522
- firepower_threat_defense_software 300
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-10158 | high | 8.8 | 8.8 | 5d ago | A security flaw has been discovered in TRENDnet TEW-432BRP 3.10B20. Affected is the function formPortFw of the file /goform/formPortFw. The manipulation of the argument server_name results in stack-b… | |||
| CVE-2026-10126 | high | 8.8 | 8.8 | 6d ago | A security flaw has been discovered in Edimax BR-6478AC 1.23. Affected by this issue is the function formQoS of the file /goform/formQoS of the component POST Request Handler. The manipulation of the… | |||
| CVE-2026-10125 | high | 8.8 | 8.8 | 6d ago | A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the function formPPPoESetup of the file /goform/formPPPoESetup of the component POST Request Handler. The ma… | |||
| CVE-2026-10124 | high | 8.8 | 8.8 | 6d ago | A vulnerability was determined in Shibby Tomato up to 1.28. Affected is the function rip_zebra_read_ipv4 of the file /usr/sbin/ripd of the component Zserv Handler. Executing a manipulation can lead t… | |||
| CVE-2026-10123 | high | 8.8 | 8.8 | 6d ago | A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. This impacts the function formSetDomainFilter of the file /goform/formSetDomainFilter. Performing a manipulation of the argument blocked_doma… | |||
| CVE-2026-10120 | high | 8.8 | 8.8 | 6d ago | A vulnerability was detected in TRENDnet TEW-432BRP 3.10B20. The affected element is the function formSetFirewallRule of the file /goform/formSetFirewallRule. The manipulation of the argument firewal… | |||
| CVE-2026-10122 | high | 8.8 | 8.8 | 6d ago | A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. This affects the function formSetProtocolFilter of the file /goform/formSetProtocolFilter. Such manipulation of the argument protocol_na… | |||
| CVE-2026-10121 | high | 8.8 | 8.8 | 6d ago | A flaw has been found in TRENDnet TEW-432BRP 3.10B20. The impacted element is the function formSetUrlFilter of the file /goform/formSetUrlFilter. This manipulation of the argument keyword_list/keywor… | |||
| CVE-2026-10119 | high | 8.8 | 8.8 | 6d ago | A security vulnerability has been detected in TRENDnet TEW-432BRP 3.10B20. Impacted is the function formSetMACFilter of the file /goform/formSetMACFilter. The manipulation of the argument filter_name… | |||
| CVE-2026-7465 | high | 8.8 | 8.8 | 6d ago | The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.19.25. This makes it possible f… | |||
| CVE-2026-48557 | high | 8.8 | 8.8 | 6d ago | Spatie Laravel Media Library before version 11.23.0 contains a file upload restriction bypass in FileAdder::defaultSanitizer(). The sanitizer checks only the final filename suffix, allowing double-ex… | |||
| CVE-2026-44421 | high | 8.8 | 8.8 | 6d ago | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs.… | |||
| CVE-2026-44420 | high | 8.8 | 8.8 | 6d ago | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard (cliprdr) channel … | |||
| CVE-2026-49373 | high | 8.8 | 8.8 | 6d ago | In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings | |||
| CVE-2026-49367 | high | 8.8 | 8.8 | 6d ago | In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account | |||
| CVE-2026-5768 | high | 8.8 | 8.8 | 7d ago | The Frontier X2 device allows unauthenticated BLE read/write access to critical GATT characteristics without enforcing pairing authentication or authorization. This allows attackers within BLE range … | |||
| CVE-2026-45662 | high | 8.8 | 8.8 | 7d ago | Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29.0 and earlier, the deleteRegistry function in Dokploy (packages/server/src/services/registry.ts) executes docker logout ${respon… | |||
| CVE-2026-35674 | high | 8.8 | 8.8 | 7d ago | OpenClaw before 2026.5.18 contains a scope bypass vulnerability in the Gateway chat.send route that allows scoped clients to execute privileged commands. Attackers with operator.write scope can deliv… | |||
| CVE-2026-10067 | high | 8.8 | 8.8 | 7d ago | A vulnerability was detected in Shibby Tomato 1.28. Impacted is the function sub_90F0 of the file multimon.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched rem… | |||
| CVE-2026-10066 | high | 8.8 | 8.8 | 7d ago | A security vulnerability has been detected in Shibby Tomato up to 1.28. This issue affects the function sub_9068 of the file tomatoups.cgi of the component UPS Service. The manipulation leads to stac… | |||
| CVE-2026-10065 | high | 8.8 | 8.8 | 7d ago | A weakness has been identified in Shibby Tomato 1.28. This vulnerability affects the function get_ups_field of the file tomatodata.cgi. Executing a manipulation of the argument Date can lead to stack… | |||
| CVE-2026-41236 | high | 8.8 | 8.8 | 7d ago | Froxlor is open source server administration software. Version 2.3.6 contains a symlink-following flaw in the root-owned SSH key synchronization path used for customer FTP users. The provisioning cod… | |||
| CVE-2026-44239 | high | 8.8 | 8.8 | 7d ago | FreePBX is an open source IP PBX. Prior to 16.0.22 and 17.0.5, the Dashboard module's getcontent AJAX handler includes PHP files based on user-supplied input without path sanitization. The $_REQUEST[… | |||
| CVE-2026-44238 | high | 8.8 | 8.8 | 7d ago | FreePBX is an open source IP PBX. Prior to 16.0.50 and 17.0.11, the CDR Reports module page allows SQL injection through the order and sort POST parameters. Authentication with a FreePBX Administrati… | |||
| CVE-2026-9999 | high | 8.8 | 8.8 | 7d ago | Inappropriate implementation in ANGLE in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security … | |||
| CVE-2026-9995 | high | 8.8 | 8.8 | 7d ago | Use after free in WebXR in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-9992 | high | 8.8 | 8.8 | 7d ago | Use after free in Network in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-9984 | high | 8.8 | 8.8 | 7d ago | Use after free in UI in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-9983 | high | 8.8 | 8.8 | 7d ago | Type Confusion in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-9978 | high | 8.8 | 8.8 | 7d ago | Use after free in Glic in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-9976 | high | 8.8 | 8.8 | 7d ago | Inappropriate implementation in USB in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-9973 | high | 8.8 | 8.8 | 7d ago | Out of bounds write in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-9969 | high | 8.8 | 8.8 | 7d ago | Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: … | |||
| CVE-2026-9968 | high | 8.8 | 8.8 | 7d ago | Integer overflow in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-9965 | high | 8.8 | 8.8 | 7d ago | Out of bounds write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-9962 | high | 8.8 | 8.8 | 7d ago | Use after free in WebRTC in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-9961 | high | 8.8 | 8.8 | 7d ago | Use after free in SurfaceCapture in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-9958 | high | 8.8 | 8.8 | 7d ago | Use after free in PDFium in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) | |||
| CVE-2026-9957 | high | 8.8 | 8.8 | 7d ago | Use after free in PDF in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High) | |||
| CVE-2026-9952 | high | 8.8 | 8.8 | 7d ago | Use after free in WebAudio in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-9947 | high | 8.8 | 8.8 | 7d ago | Use after free in XML in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-9945 | high | 8.8 | 8.8 | 7d ago | Use after free in Media in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: … | |||
| CVE-2026-9941 | high | 8.8 | 8.8 | 7d ago | Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-9940 | high | 8.8 | 8.8 | 7d ago | Heap buffer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-9939 | high | 8.8 | 8.8 | 7d ago | Heap buffer overflow in WebCodecs in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: H… | |||
| CVE-2026-9938 | high | 8.8 | 8.8 | 7d ago | Inappropriate implementation in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: … | |||
| CVE-2026-9928 | high | 8.8 | 8.8 | 7d ago | Out of bounds read in ANGLE in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-9927 | high | 8.8 | 8.8 | 7d ago | Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-9923 | high | 8.8 | 8.8 | 7d ago | Use after free in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-9910 | high | 8.8 | 8.8 | 7d ago | Out of bounds memory access in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity… | |||
| CVE-2026-9897 | high | 8.8 | 8.8 | 7d ago | Use after free in DOM in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-9896 | high | 8.8 | 8.8 | 7d ago | Out of bounds write in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-9887 | high | 8.8 | 8.8 | 7d ago | Use after free in Proxy in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted PAC script. (Chromium security severity: Critical) | |||
| CVE-2026-9884 | high | 8.8 | 8.8 | 7d ago | Use after free in Browser in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-9883 | high | 8.8 | 8.8 | 7d ago | Use after free in Base in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-9879 | high | 8.8 | 8.8 | 7d ago | Out of bounds write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-9878 | high | 8.8 | 8.8 | 7d ago | Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-9873 | high | 8.8 | 8.8 | 7d ago | Use after free in Network in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-10021 | high | 8.8 | 8.8 | 7d ago | Insufficient validation of untrusted input in USB in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Me… | |||
| CVE-2026-10019 | high | 8.8 | 8.8 | 7d ago | Integer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-10016 | high | 8.8 | 8.8 | 7d ago | Use after free in DOM in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-10015 | high | 8.8 | 8.8 | 7d ago | Integer overflow in WTF in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-10013 | high | 8.8 | 8.8 | 7d ago | Use after free in WebCodecs in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-10007 | high | 8.8 | 8.8 | 7d ago | Use after free in SVG in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-10002 | high | 8.8 | 8.8 | 7d ago | Use after free in PDFium in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) | |||
| CVE-2026-46837 | high | 8.8 | 8.8 | 7d ago | Vulnerability in the Oracle Flow Manufacturing product of Oracle E-Business Suite (component: Security). Supported versions that are affected are 12.2.9-12.2.15. Easily exploitable vulnerability all… | |||
| CVE-2026-46827 | high | 8.8 | 8.8 | 7d ago | Vulnerability in the Oracle Payroll product of Oracle E-Business Suite (component: Self Service Manager). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability al… | |||
| CVE-2026-46826 | high | 8.8 | 8.8 | 7d ago | Vulnerability in the Oracle Payroll product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability all… | |||
| CVE-2026-4944 | high | 8.8 | 8.8 | 7d ago | vllm-project/vllm version 0.14.1 contains a vulnerability where the `trust_remote_code=True` parameter is hardcoded in two model implementation files (`vllm/model_executor/models/nemotron_vl.py` and … | |||
| CVE-2026-43000 | high | 8.8 | 8.8 | 7d ago | An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to ad… | |||
| CVE-2026-42999 | high | 8.8 | 8.8 | 7d ago | An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforce_call unconditionally merges the raw JSON request body into the policy enforcement dictionary … | |||
| CVE-2026-42998 | high | 8.8 | 8.8 | 7d ago | An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone application credential authentication plugin does not verify that the user supplied in the authentication request matches the… | |||
| CVE-2026-8697 | high | 8.8 | 8.8 | 8d ago | Due to improper enforcement of authentication rate-limiting on a debug SSH service in Archer C64 v1, the SSH service allows unlimited authentication attempts and uses the same credentials as the web … | |||
| CVE-2026-44462 | high | 8.8 | 8.8 | 8d ago | Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash variable expansion chaining (${var@P}), allowing arbitrary command execution under an allowliste… | |||
| CVE-2026-35671 | high | 8.8 | 8.8 | 8d ago | phpMyFAQ before 4.1.3 contains an insecure direct object reference vulnerability in the admin API user password endpoint that allows authenticated administrators to change any user's password without… | |||
| CVE-2026-46238 | high | 8.8 | 8.8 | 8d ago | In the Linux kernel, the following vulnerability has been resolved: batman-adv: stop caching unowned originator pointers in BAT IV BAT IV keeps the last-hop neighbor address in each neigh_node, but… | |||
| CVE-2026-46212 | high | 8.8 | 8.8 | 8d ago | In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: prevent use-after-free when deleting claims When batadv_bla_del_backbone_claims() removes all claims for a backb… | |||
| CVE-2026-46198 | high | 8.8 | 8.8 | 8d ago | In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix integer overflow on buff_pos Fixing an integer overflow present in batadv_iv_ogm_send_to_if. The size check is do… | |||
| CVE-2026-46174 | high | 8.8 | 8.8 | 8d ago | In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache Make sure resources are not improperly shared in t… | |||
| CVE-2026-46166 | high | 8.8 | 8.8 | 8d ago | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: use safe list iteration in radar detect work The call to ieee80211_dfs_cac_cancel can cause the iterated chanctx … | |||
| CVE-2026-46152 | high | 8.8 | 8.8 | 8d ago | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: drop stray 'static' from fast-RX rx_result ieee80211_invoke_fast_rx() is documented as safe for parallel RX, but … | |||
| CVE-2026-46125 | high | 8.8 | 8.8 | 8d ago | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: remove station if connection prep fails If connection preparation fails for MLO connections, then the interface i… | |||
| CVE-2026-46113 | high | 8.8 | 8.8 | 8d ago | In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected GFN The shadow MMU computes GFNs for direct shadow pages using sp->g… | |||
| CVE-2026-6226 | high | 8.8 | 8.8 | 8d ago | The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthenticated privilege escalation in versions up to and including 3.29.2. This is due to insecure form submission handling th… | |||
| CVE-2026-9227 | high | 8.8 | 8.8 | 8d ago | The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.20.1 via the gutenbee_file_and_ext_json function. This is due to a … | |||
| CVE-2026-9009 | high | 8.8 | 8.8 | 8d ago | The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.7.2 via the filter_content function. This is due t… | |||
| CVE-2026-7802 | high | 8.8 | 8.8 | 8d ago | The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.29.2. This is due to the plugin not properly verifying that a user … | |||
| CVE-2026-8915 | high | 8.8 | 8.8 | 8d ago | Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 36f5fb58366a67b713c02f6fd985e924fcc09e31. | |||
| CVE-2026-46414 | high | 8.8 | 8.8 | 8d ago | Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's WebSocket control plane trusts client-supplied identity and role fie… | |||
| CVE-2026-44713 | high | 8.8 | 8.8 | 8d ago | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, src/tmux.c reads the user's $TMUX environment variable, splits it on commas, and interpolates the so… | |||
| CVE-2026-9208 | high | 8.8 | 8.8 | 8d ago | Tanium addressed an unauthorized code execution vulnerability in Connect. | |||
| CVE-2026-44346 | high | 8.8 | 8.8 | 9d ago | BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, a malicious bentofile.yaml containing a newline-injected value in envs[*].n… | |||
| CVE-2026-45716 | high | 8.8 | 8.8 | 9d ago | Budibase: Builder-to-Admin Privilege Escalation via onboardUsers Endpoint Without SMTP Configuration | |||
| CVE-2026-45717 | high | 8.8 | 8.8 | 9d ago | Budibase: `PUT /api/datasources/:datasourceId` is protected only by `TABLE/READ` permission instead of builder access, allowing any authenticated app user to overwrite datasource connection parameter… | |||
| CVE-2026-42184 | high | 8.8 | 8.8 | 9d ago | Tauri is a framework for building binaries for all major desktop platforms. From 2.0 to 2.11.0, a flaw in Tauri's is_local_url() function causes it to incorrectly classify remote URLs as trusted loca… | |||
| CVE-2026-44988 | high | 8.8 | 8.8 | 9d ago | LibVNCClient is a library for easy implementation of a VNC client. In 0.9.15 and earlier, LibVNCClient's Tight encoding decoder uses fixed-size 2048-pixel scratch buffers for the Gradient filter, but… | |||
| CVE-2026-48920 | high | 8.8 | 8.8 | 9d ago | Jenkins Email Extension Plugin 1933.v45cec755423f and earlier allows inlining images as `base64` in email content by setting the `data-inline` attribute, without restrictions on the image URLs that c… | |||
| CVE-2026-9617 | high | 8.8 | 8.8 | 9d ago | PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a table and placing malicious code inside a column identifier. If a superuser calls the k-an… | |||
| CVE-2026-8179 | high | 8.8 | 8.8 | 9d ago | IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affecte… | |||
| CVE-2026-46056 | high | 8.8 | 8.8 | 9d ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: fix potential UAF in SSP passkey handlers hci_conn lookup and field access must be covered by hdev lock in … |