CVEs from 2026
Total
14,786
critical
critical 1,335
high
high 5,004
medium
medium 4,828
low
low 503
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 723
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-11142 | medium | 6.5 | 6.5 | 2d ago | Insufficient policy enforcement in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-11141 | medium | 6.5 | 6.5 | 2d ago | Uninitialized Use in Audio in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory v… | |||
| CVE-2026-11140 | medium | 6.5 | 6.5 | 2d ago | Out of bounds read in Chromecast in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process me… | |||
| CVE-2026-11139 | medium | 6.5 | 6.5 | 2d ago | Inappropriate implementation in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-11138 | medium | 6.5 | 6.5 | 2d ago | Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-11137 | medium | 6.5 | 6.5 | 2d ago | Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium securit… | |||
| CVE-2026-11135 | medium | 6.5 | 6.5 | 2d ago | Insufficient policy enforcement in Autofill in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severi… | |||
| CVE-2026-11134 | medium | 6.5 | 6.5 | 2d ago | Inappropriate implementation in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-11133 | medium | 6.5 | 6.5 | 2d ago | Insufficient policy enforcement in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-11132 | medium | 6.5 | 6.5 | 2d ago | Insufficient policy enforcement in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-11129 | medium | 6.5 | 6.5 | 2d ago | Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-11110 | medium | 6.5 | 6.5 | 2d ago | Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-11109 | medium | 6.5 | 6.5 | 2d ago | Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-11106 | medium | 6.5 | 6.5 | 2d ago | Inappropriate implementation in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-11105 | medium | 6.5 | 6.5 | 2d ago | Insufficient validation of untrusted input in WebUI in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted … | |||
| CVE-2026-11104 | medium | 6.5 | 6.5 | 2d ago | Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory v… | |||
| CVE-2026-11101 | medium | 6.5 | 6.5 | 2d ago | Uninitialized Use in Dawn in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-11098 | medium | 6.5 | 6.5 | 2d ago | Insufficient validation of untrusted input in GPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HT… | |||
| CVE-2026-11097 | medium | 6.5 | 6.5 | 2d ago | Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Me… | |||
| CVE-2026-11096 | medium | 6.5 | 6.5 | 2d ago | Out of bounds read in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium secur… | |||
| CVE-2026-11093 | medium | 6.5 | 6.5 | 2d ago | Inappropriate implementation in Printing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. … | |||
| CVE-2026-11090 | medium | 6.5 | 6.5 | 2d ago | Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-11089 | medium | 6.5 | 6.5 | 2d ago | Uninitialized Use in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory v… | |||
| CVE-2026-11087 | medium | 6.5 | 6.5 | 2d ago | Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium secu… | |||
| CVE-2026-11084 | medium | 6.5 | 6.5 | 2d ago | Inappropriate implementation in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medi… | |||
| CVE-2026-11083 | medium | 6.5 | 6.5 | 2d ago | Inappropriate implementation in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medi… | |||
| CVE-2026-11081 | medium | 6.5 | 6.5 | 2d ago | Inappropriate implementation in Canvas in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-11078 | medium | 6.5 | 6.5 | 2d ago | Inappropriate implementation in FileSystem in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML p… | |||
| CVE-2026-11075 | medium | 6.5 | 6.5 | 2d ago | Out of bounds read in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security … | |||
| CVE-2026-11073 | medium | 6.5 | 6.5 | 2d ago | Use after free in WebGL in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security s… | |||
| CVE-2026-11069 | medium | 6.5 | 6.5 | 2d ago | Insufficient validation of untrusted input in Cast in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity:… | |||
| CVE-2026-11067 | medium | 6.5 | 6.5 | 2d ago | Uninitialized Use in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security… | |||
| CVE-2026-11064 | medium | 6.5 | 6.5 | 2d ago | Race in GPU in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security… | |||
| CVE-2026-11057 | medium | 6.5 | 6.5 | 2d ago | Uninitialized Use in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory vi… | |||
| CVE-2026-11051 | medium | 6.5 | 6.5 | 2d ago | Out of bounds read in ANGLE in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromi… | |||
| CVE-2026-11048 | medium | 6.5 | 6.5 | 2d ago | Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted… | |||
| CVE-2026-11045 | medium | 6.5 | 6.5 | 2d ago | Insufficient validation of untrusted input in GPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive informatio… | |||
| CVE-2026-11044 | medium | 6.5 | 6.5 | 2d ago | Integer overflow in ANGLE in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium s… | |||
| CVE-2026-11039 | medium | 6.5 | 6.5 | 2d ago | Uninitialized Use in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-11038 | medium | 6.5 | 6.5 | 2d ago | Insufficient policy enforcement in Subresource Integrity in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via malicious network traffic. (Chromium s… | |||
| CVE-2026-11036 | medium | 6.5 | 6.5 | 2d ago | Inappropriate implementation in DOM in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-11033 | medium | 6.5 | 6.5 | 2d ago | Uninitialized Use in WebML in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium … | |||
| CVE-2026-11032 | medium | 6.5 | 6.5 | 2d ago | Inappropriate implementation in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medi… | |||
| CVE-2026-11027 | medium | 6.5 | 6.5 | 2d ago | Insufficient validation of untrusted input in Glic in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted H… | |||
| CVE-2026-11026 | medium | 6.5 | 6.5 | 2d ago | Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a cr… | |||
| CVE-2026-11006 | medium | 6.5 | 6.5 | 2d ago | Out of bounds read in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-11001 | medium | 6.5 | 6.5 | 2d ago | Inappropriate implementation in Payments in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted … | |||
| CVE-2026-10999 | medium | 6.5 | 6.5 | 2d ago | Integer overflow in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from proces… | |||
| CVE-2026-10997 | medium | 6.5 | 6.5 | 2d ago | Insufficient policy enforcement in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control … | |||
| CVE-2026-10996 | medium | 6.5 | 6.5 | 2d ago | Inappropriate implementation in Workers in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-10994 | medium | 6.5 | 6.5 | 2d ago | Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium securit… | |||
| CVE-2026-10993 | medium | 6.5 | 6.5 | 2d ago | Heap buffer overflow in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium secur… | |||
| CVE-2026-10992 | medium | 6.5 | 6.5 | 2d ago | Insufficient data validation in Animation in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (C… | |||
| CVE-2026-10985 | medium | 6.5 | 6.5 | 2d ago | Out of bounds read in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-10981 | medium | 6.5 | 6.5 | 2d ago | Insufficient validation of untrusted input in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted… | |||
| CVE-2026-10980 | medium | 6.5 | 6.5 | 2d ago | Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a cr… | |||
| CVE-2026-10979 | medium | 6.5 | 6.5 | 2d ago | Out of bounds read in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium securi… | |||
| CVE-2026-10977 | medium | 6.5 | 6.5 | 2d ago | Uninitialized Use in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium secur… | |||
| CVE-2026-10950 | medium | 6.5 | 6.5 | 2d ago | Insufficient policy enforcement in Autofill in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Hi… | |||
| CVE-2026-10944 | medium | 6.5 | 6.5 | 2d ago | Insufficient policy enforcement in Autofill in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Hi… | |||
| CVE-2026-10938 | medium | 6.5 | 6.5 | 2d ago | Inappropriate implementation in Input in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chr… | |||
| CVE-2026-10937 | medium | 6.5 | 6.5 | 2d ago | Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-10912 | medium | 6.5 | 6.5 | 2d ago | Insufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a … | |||
| CVE-2026-11322 | medium | 6.5 | 6.5 | 2d ago | Hermes WebUI prior to v0.51.221 contains a path traversal vulnerability that allows attackers to escape the workspace boundary by supplying symlinks that resolve to files or directories outside the d… | |||
| CVE-2026-42539 | medium | 6.5 | 6.5 | 2d ago | IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user which are not required fo… | |||
| CVE-2026-36499 | medium | 6.5 | 6.5 | 2d ago | A missing upper-bound check in the udpif_set_threads() function of Open vSwitch v3.6.90 allows an attacker with OVSDB write access to request an excessive number of handler or revalidation threads. T… | |||
| CVE-2026-49940 | medium | 6.5 | 6.5 | 2d ago | Net::CIDR::Set versions through 0.20 for Perl accept non-ASCII IP addresses and netmasks. Unicode digits such as the Arabic-Indic One (U+0661) were accepted but not properly parsed as numbers. This… | |||
| CVE-2026-50212 | medium | 6.5 | 6.5 | 2d ago | Weak validation logic within device dissociation API routines allows a remote entity to forcefully unbind unrelated user endpoints, causing severe denial of service. | |||
| CVE-2026-49204 | medium | 6.5 | 6.5 | 3d ago | Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation. | |||
| CVE-2026-41858 | medium | 6.5 | 6.5 | 3d ago | Weak Randomness / Insecure Cryptographic Primitive (CWE-338) in Get-RandomPassword in BOSH-Ecosystem / windows-utilities-release allows a network attacker to estimate VM boot time and reconstruct a s… | |||
| CVE-2026-8653 | medium | 6.5 | 6.5 | 3d ago | The MasterStudy LMS Pro Plus plugin for WordPress is vulnerable to generic SQL Injection via the 'columns' parameter in all versions up to, and including, 4.8.20 due to insufficient escaping on the u… | |||
| CVE-2026-8722 | medium | 6.5 | 6.5 | 3d ago | Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inj… | |||
| CVE-2026-26824 | medium | 6.5 | 6.5 | 3d ago | libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table (MSAT) in read_MSAT() is not ful… | |||
| CVE-2026-26379 | medium | 6.5 | 6.5 | 3d ago | Koha versions up to 25.11 contain a Server-Side Request Forgery (SSRF) vulnerability via the Z39.50/SRU server configuration. This allows authenticated attackers to perform internal network scanning … | |||
| CVE-2026-36604 | medium | 6.5 | 6.5 | 4d ago | Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 does not validate the HTTP Host header, enabling DNS rebinding attacks. An external attacker can rebind a domain to the router's intern… | |||
| CVE-2026-36605 | medium | 6.5 | 6.5 | 4d ago | Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 is vulnerable to a HTTP denial of service via a low number of crafted incomplete HTTP requests, causing a persistent crash that require… | |||
| CVE-2026-44653 | medium | 6.5 | 6.5 | 4d ago | LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, users with only `VIEW` access to an MCP server can retrieve the server's decrypted a… | |||
| CVE-2026-27145 | medium | 6.5 | 6.5 | 4d ago | (*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the sa… | |||
| CVE-2026-49144 | medium | 6.5 | 6.5 | 4d ago | BrowserStack Runner through 0.9.5 contains a path traversal vulnerability in the _default HTTP handler in lib/server.js that allows unauthenticated network-adjacent attackers to read arbitrary files.… | |||
| CVE-2026-5074 | medium | 6.5 | 6.5 | 4d ago | The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'sSortDir_0' parameter of the `get_private_content_data` AJAX action in all versions up to, and including, 7.3.1. This… | |||
| CVE-2026-35049 | medium | 6.5 | 6.5 | 4d ago | wire-ios is an iOS client for the Wire secure messaging application. Prior to version 4.16.0, upon receiving a crafted malicious Proteus external message with an encrypted payload that is shorter tha… | |||
| CVE-2026-1871 | medium | 6.5 | 6.5 | 4d ago | TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling due to improper validation of Authorization header field lengths, which can be triggered by a crafted … | |||
| CVE-2026-35718 | medium | 6.5 | 6.5 | 4d ago | A path traversal vulnerability in the /admin/downloadMedias.cgi endpoint of VIVOTEK INC FD8136-VVTK firmware 0300a allows authenticated attackers to read any file on the device via sending a crafted … | |||
| CVE-2026-8993 | medium | 6.5 | 6.5 | 4d ago | D.Launcher 2 component of Slovak eID client ecosystem contains Improper URL Handler Processing vulnerability. Application registers multiple custom URL handlers that could be exploited to initiate fu… | |||
| CVE-2026-46718 | medium | 6.5 | 6.5 | 4d ago | Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Apache Calcite. This issue affects Apache Calcite: from 1.5.0 before 1.42. Users are recommended … | |||
| CVE-2026-3198 | medium | 6.5 | 6.5 | 5d ago | MLflow 3.9.0 with basic-auth (`--app-name basic-auth`) fails to enforce authorization checks for multiple Gateway API 'list' endpoints. Specifically, the `BEFORE_REQUEST_HANDLERS` dictionary in `mlfl… | |||
| CVE-2026-3871 | medium | 6.5 | 6.5 | 5d ago | A buffer overflow vulnerability in the UPnP DeletePortMapping() command in Zyxel VMG4005-B50B firmware versions through 5.13(ABRL.5.4)C0 could allow an adjacent attacker to trigger a temporary denial… | |||
| CVE-2026-3870 | medium | 6.5 | 6.5 | 5d ago | A buffer overflow vulnerability in the UPnP AddPortMapping() command in Zyxel VMG4005-B50B firmware versions through 5.13(ABRL.5.4)C0 could allow an adjacent attacker to trigger a temporary denial-of… | |||
| CVE-2026-24753 | medium | 6.5 | 6.5 | 5d ago | Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify resou… | |||
| CVE-2026-0080 | medium | 6.5 | 6.5 | 5d ago | In multiple functions of ubsan_throwing_runtime.cpp, there is a possible way to cause a crash due to an integer overflow. This could lead to remote denial of service with no additional execution priv… | |||
| CVE-2026-0052 | medium | 6.5 | 6.5 | 5d ago | In multiple functions of ubsan_throwing_runtime.cpp, there is a possible way to cause a crash due to an integer overflow. This could lead to remote denial of service with no additional execution priv… | |||
| CVE-2026-0051 | medium | 6.5 | 6.5 | 5d ago | In multiple functions of ubsan_throwing_runtime.cpp, there is a possible way to cause a system crash due to improper input validation. This could lead to remote denial of service with no additional e… | |||
| CVE-2026-0044 | medium | 6.5 | 6.5 | 5d ago | In multiple functions of ubsan_throwing_runtime.cpp, there is a possible way to cause the system to crash due to an integer overflow. This could lead to remote denial of service with no additional ex… | |||
| CVE-2026-0041 | medium | 6.5 | 6.5 | 5d ago | In multiple functions of ubsan_throwing_runtime.cpp, there is a possible UBSan failure due to an integer overflow. This could lead to remote denial of service with no additional execution privileges … | |||
| CVE-2026-0040 | medium | 6.5 | 6.5 | 5d ago | In multiple functions of ubsan_throwing_runtime.cpp, there is a possible way to cause a crash due to an integer overflow. This could lead to remote denial of service with no additional execution priv… | |||
| CVE-2026-0039 | medium | 6.5 | 6.5 | 5d ago | In multiple functions of ubsan_throwing_runtime.cpp, there is a possible persistent denial of service due to an integer overflow. This could lead to remote denial of service with no additional execut… | |||
| CVE-2026-45282 | medium | 6.5 | 6.5 | 5d ago | Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authenticated attacker can access attachments of… | |||
| CVE-2026-45279 | medium | 6.5 | 6.5 | 5d ago | Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.14, and 32.0.0 to before 32.0.4, if {lang} is used in the template directory config… | |||
| CVE-2026-45275 | medium | 6.5 | 6.5 | 5d ago | Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, a privilege escalation vulnerability exists in the Approval app that allows a user without sharing permissions to f… | |||
| CVE-2026-40990 | medium | 6.5 | 6.5 | 5d ago | OOM error is possible while attempting to add infinite amount of functions to Function Registry. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring C… |