CVEs from 2026
Total
14,798
critical
critical 1,335
high
high 5,011
medium
medium 4,834
low
low 504
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 723
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-3931 | unknown | — | — | — | Heap buffer overflow in Skia in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-44171 | unknown | — | — | — | ||||
| CVE-2026-4676 | unknown | — | — | — | Use after free in Dawn in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-33261 | unknown | — | — | — | A zone transition from NSEC to NSEC3 might trigger an internal inconsistency and cause a denial of service. | |||
| CVE-2026-4675 | unknown | — | — | — | Heap buffer overflow in WebGL in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-33262 | unknown | — | — | — | An attacker can send replies that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service. Cookies are disabled by default. | |||
| CVE-2026-33257 | unknown | — | — | — | An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default. | |||
| CVE-2026-3542 | unknown | — | — | — | Inappropriate implementation in WebAssembly in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security sever… | |||
| CVE-2026-33610 | unknown | — | — | — | A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when a PowerDNS secondary server forwards a DNS update request to it. | |||
| CVE-2026-33948 | unknown | — | — | — | jq is a command-line JSON processor. Commits before 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b contain a vulnerability where CLI input parsing allows validation bypass via embedded NUL bytes. When read… | |||
| CVE-2026-32853 | unknown | — | — | — | LibVNCServer versions 0.9.15 and prior (fixed in commit 009008e) contain a heap out-of-bounds read vulnerability in the UltraZip encoding handler that allows a malicious VNC server to cause informati… | |||
| CVE-2026-33947 | unknown | — | — | — | jq is a command-line JSON processor. In versions 1.8.1 and below, functions jv_setpath(), jv_getpath(), and delpaths_sorted() in jq's src/jv_aux.c use unbounded recursion whose depth is controlled by… | |||
| CVE-2026-5056 | unknown | — | — | — | ||||
| CVE-2026-4674 | unknown | — | — | — | Out of bounds read in CSS in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-44169 | unknown | — | — | — | ||||
| CVE-2026-4673 | unknown | — | — | — | Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-3539 | unknown | — | — | — | Object lifecycle issue in DevTools in Google Chrome prior to 145.0.7632.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a craf… | |||
| CVE-2026-4448 | unknown | — | — | — | Heap buffer overflow in ANGLE in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-4464 | unknown | — | — | — | Integer overflow in ANGLE in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-4463 | unknown | — | — | — | Heap buffer overflow in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-3538 | unknown | — | — | — | Integer overflow in Skia in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Cr… | |||
| CVE-2026-4462 | unknown | — | — | — | Out of bounds read in Blink in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-6756 | unknown | — | — | — | Mitigation bypass in Firefox for Android. This vulnerability was fixed in Firefox 150. | |||
| CVE-2026-1220 | unknown | — | — | — | ||||
| CVE-2026-4460 | unknown | — | — | — | Out of bounds read in Skia in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-3545 | unknown | — | — | — | Insufficient data validation in Navigation in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security sever… | |||
| CVE-2026-3446 | unknown | — | — | — | When calling base64.b64decode() or related functions the decoding process would stop after encountering the first padded quad regardless of whether there was more information to be processed. This ca… | |||
| CVE-2026-2319 | unknown | — | — | — | Race in DevTools in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures and install a malicious extension to potentially exploit obje… | |||
| CVE-2026-42254 | unknown | — | — | — | Hickory DNS hickory-recursor 0.1 through 0.25.2 allows cross-zone poisoning because cached data is not directly associated with a query that triggered a response. | |||
| CVE-2026-3536 | unknown | — | — | — | Integer overflow in ANGLE in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: C… | |||
| CVE-2026-40396 | unknown | — | — | — | Varnish Cache 9 before 9.0.1 allows a "workspace overflow" denial of service (daemon panic) after timeout_linger. A malicious client could send an HTTP/1 request, wait long enough until the session r… | |||
| CVE-2026-4457 | unknown | — | — | — | Type Confusion in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-3063 | unknown | — | — | — | Inappropriate implementation in DevTools in Google Chrome prior to 145.0.7632.116 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged… | |||
| CVE-2026-3544 | unknown | — | — | — | Heap buffer overflow in WebCodecs in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Hig… | |||
| CVE-2026-3543 | unknown | — | — | — | Inappropriate implementation in V8 in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security se… | |||
| CVE-2026-3541 | unknown | — | — | — | Inappropriate implementation in CSS in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Hi… | |||
| CVE-2026-4455 | unknown | — | — | — | Heap buffer overflow in PDFium in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) | |||
| CVE-2026-28295 | unknown | — | — | — | A flaw was found in the FTP GVfs backend. A malicious FTP server can exploit this vulnerability by providing an arbitrary IP address and port in its passive mode (PASV) response. The client unconditi… | |||
| CVE-2026-48754 | unknown | — | — | — | ||||
| CVE-2026-3922 | unknown | — | — | — | Use after free in MediaStream in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-31788 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: restrict usage in unprivileged domU The Xen privcmd driver allows to issue arbitrary hypercalls from user space proc… | |||
| CVE-2026-33598 | unknown | — | — | — | A cached crafted response can cause an out-of-bounds read if custom Lua code calls getDomainListByAddress() or getAddressListByDomain() on a packet cache. | |||
| CVE-2026-47766 | unknown | — | — | — | ||||
| CVE-2026-3920 | unknown | — | — | — | Out of bounds memory access in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Hig… | |||
| CVE-2026-4453 | unknown | — | — | — | Integer overflow in Dawn in Google Chrome on Mac prior to 146.0.7680.153 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-2650 | unknown | — | — | — | Heap buffer overflow in Media in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-5733 | unknown | — | — | — | Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 149.0.2 and Thunderbird 149.0.2. | |||
| CVE-2026-4459 | unknown | — | — | — | Out of bounds read and write in WebAudio in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity… | |||
| CVE-2026-2316 | unknown | — | — | — | Insufficient policy enforcement in Frames in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-2313 | unknown | — | — | — | Use after free in CSS in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-5873 | unknown | — | — | — | Out of bounds read and write in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: H… | |||
| CVE-2026-4726 | unknown | — | — | — | Denial-of-service in the XML component. This vulnerability was fixed in Firefox 149 and Thunderbird 149. | |||
| CVE-2026-2648 | unknown | — | — | — | Heap buffer overflow in PDFium in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to perform an out of bounds memory write via a crafted PDF file. (Chromium security severity: High) | |||
| CVE-2026-2323 | unknown | — | — | — | Inappropriate implementation in Downloads in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2026-4454 | unknown | — | — | — | Use after free in Network in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-2321 | unknown | — | — | — | Use after free in Ozone in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted H… | |||
| CVE-2026-49390 | unknown | — | — | — | ||||
| CVE-2026-25916 | unknown | — | — | — | Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Block remote images" is used, does not block SVG feImage. | |||
| CVE-2026-4452 | unknown | — | — | — | Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Hi… | |||
| CVE-2026-5875 | unknown | — | — | — | Policy bypass in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-47734 | unknown | — | — | — | ||||
| CVE-2026-3847 | unknown | — | — | — | Memory safety bugs present in Firefox 148.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary … | |||
| CVE-2026-2314 | unknown | — | — | — | Heap buffer overflow in Codecs in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-3846 | unknown | — | — | — | Same-origin policy bypass in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox 148.0.2. | |||
| CVE-2026-6941 | unknown | — | — | — | radare2 prior to 6.1.4 contains a path traversal vulnerability in its project notes handling that allows attackers to read or write files outside the configured project directory by importing a malic… | |||
| CVE-2026-2317 | unknown | — | — | — | Inappropriate implementation in Animation in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-5287 | unknown | — | — | — | Use after free in PDF in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High) | |||
| CVE-2026-2803 | unknown | — | — | — | Information disclosure, mitigation bypass in the Settings UI component. This vulnerability was fixed in Firefox 148 and Thunderbird 148. | |||
| CVE-2026-6940 | unknown | — | — | — | radare2 prior to 6.1.4 contains a path traversal vulnerability in project deletion that allows local attackers to recursively delete arbitrary directories by supplying absolute paths that escape the … | |||
| CVE-2026-2801 | unknown | — | — | — | Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148. | |||
| CVE-2026-2320 | unknown | — | — | — | Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafte… | |||
| CVE-2026-2798 | unknown | — | — | — | Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148. | |||
| CVE-2026-27475 | unknown | — | — | — | SPIP before 4.4.9 allows Insecure Deserialization in the public area through the table_valeur filter and the DATA iterator, which accept serialized data. An attacker who can place malicious serialize… | |||
| CVE-2026-3479 | unknown | — | — | — | DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.get_data() has the same security model as open(). The documentation has been updated to clarify this point. … | |||
| CVE-2026-5870 | unknown | — | — | — | Integer overflow in Skia in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-2318 | unknown | — | — | — | Inappropriate implementation in PictureInPicture in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a … | |||
| CVE-2026-26079 | unknown | — | — | — | Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS) injection, e.g., because comments are mishandled. | |||
| CVE-2026-27474 | unknown | — | — | — | SPIP before 4.4.9 allows Cross-Site Scripting (XSS) in the private area, complementing an incomplete fix from SPIP 4.4.8. The echappe_anti_xss() function was not systematically applied to input, form… | |||
| CVE-2026-23237 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: platform/x86: classmate-laptop: Add missing NULL pointer checks In a few places in the Classmate laptop driver, code using the ac… | |||
| CVE-2026-4451 | unknown | — | — | — | Insufficient validation of untrusted input in Navigation in Google Chrome prior to 146.0.7680.153 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox e… | |||
| CVE-2026-27473 | unknown | — | — | — | SPIP before 4.4.9 allows Stored Cross-Site Scripting (XSS) via syndicated sites in the private area. The #URL_SYNDIC output is not properly sanitized on the private syndicated site page, allowing an … | |||
| CVE-2026-26345 | unknown | — | — | — | SPIP before 4.4.8 contains a stored cross-site scripting (XSS) vulnerability in the public area triggered in certain edge-case usage patterns. The echapper_html_suspect() function does not adequately… | |||
| CVE-2026-48753 | unknown | — | — | — | ||||
| CVE-2026-23115 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: serial: Fix not set tty->port race condition Revert commit bfc467db60b7 ("serial: remove redundant tty_port_link_device()") becau… | |||
| CVE-2026-3913 | unknown | — | — | — | Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-2634 | unknown | — | — | — | Malicious scripts could cause desynchronization between the address bar and web content before a response is received in Firefox iOS, allowing attacker-controlled pages to be presented under spoofed … | |||
| CVE-2026-24869 | unknown | — | — | — | Use-after-free in the Layout: Scrolling and Overflow component. This vulnerability was fixed in Firefox 147.0.2. | |||
| CVE-2026-26223 | unknown | — | — | — | SPIP before 4.4.8 allows cross-site scripting (XSS) in the private area via malicious iframe tags. The application does not properly sandbox or escape iframe content in the back-office, allowing an a… | |||
| CVE-2026-44230 | unknown | — | — | — | ||||
| CVE-2026-24868 | unknown | — | — | — | Mitigation bypass in the Privacy: Anti-Tracking component. This vulnerability was fixed in Firefox 147.0.2. | |||
| CVE-2026-4449 | unknown | — | — | — | Use after free in Blink in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-2032 | unknown | — | — | — | Malicious scripts that interrupt new tab page loading could cause desynchronization between the address bar and page content, allowing the attacker to spoof arbitrary HTML under a trusted domain. Thi… | |||
| CVE-2026-0892 | unknown | — | — | — | Memory safety bugs present in Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited t… | |||
| CVE-2026-22206 | unknown | — | — | — | SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low-privilege users to execute arbitrary SQL queries by manipulating union-based injection techniques. At… | |||
| CVE-2026-23447 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds check The same bounds-check bug fixed for NDP16 in the previous patch al… | |||
| CVE-2026-23233 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid mapping wrong physical block for swapfile Xiaolong Guo reported a f2fs bug in bugzilla [1] [1] https://bugzil… | |||
| CVE-2026-23446 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: usb: aqc111: Do not perform PM inside suspend callback syzbot reports "task hung in rpm_resume" This is caused by aqc111_su… | |||
| CVE-2026-0888 | unknown | — | — | — | Information disclosure in the XML component. This vulnerability was fixed in Firefox 147 and Thunderbird 147. | |||
| CVE-2026-23445 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: igc: fix page fault in XDP TX timestamps handling If an XDP application that requested TX timestamping is shutting down while the… | |||
| CVE-2026-23443 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: Fix previous acpi_processor_errata_piix4() fix After commi f132e089fe89 ("ACPI: processor: Fix NULL-pointer dere… |