CVEs from 2026
Total
14,786
critical
critical 1,335
high
high 5,004
medium
medium 4,828
low
low 503
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 723
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-46245 | unknown | — | — | 3d ago | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix dc_link NULL handling in HPD init amdgpu_dm_hpd_init() may see connectors without a valid dc_link. The code… | |||
| CVE-2026-47325 | unknown | — | — | 3d ago | ProjectsAndPrograms school-management-system uses predictable credentials by generating student's and teacher's passwords solely from the user’s date of birth (e.g., 12072000 for 12 July 2000). The a… | |||
| CVE-2026-47324 | unknown | — | — | 3d ago | ProjectsAndPrograms school-management-system is vulnerable to Stored Cross‑Site Scripting (XSS) in multiple attributes of students and teachers objects. An authorized attacker (e.g., a teacher or adm… | |||
| CVE-2026-10729 | unknown | — | — | 3d ago | An HTML injection vulnerability in the notification email for "Slow Redirect" and "Cloned Website" Canarytokens exists in Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross… | |||
| CVE-2026-50052 | unknown | — | — | 4d ago | In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a deficiency in HTTP/2 request parsing can be exploited to launch a backend request desync attack (request smuggling), which in turn can be… | |||
| CVE-2026-45057 | unknown | — | — | 4d ago | Incomplete message edit validation in matrix-sdk-ui | |||
| CVE-2026-36460 | unknown | — | — | 4d ago | Dovestones Softwares ADPhonebook before v4.0.1.1 is vulnerable to a Cross Site Scripting vulnerability. The /Admin/Save API allows an authenticated admin user to store malicious JavaScript payloads i… | |||
| CVE-2026-40108 | unknown | — | — | 4d ago | GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, a technician can store an XSS payload in a ITIL costs. This issue has been fixed in version 11.0.7. | |||
| CVE-2026-10719 | unknown | — | — | 4d ago | Out of bounds write in openSeaChest’s --showSupportedFormats in Seagate’s openSeaChest v25.05.3 on all supported platforms allows for writing 1 extra byte outside of allocated memory which sets a val… | |||
| CVE-2026-10718 | unknown | — | — | 4d ago | Out of bounds write in openSeaChest’s Trim/Unmap operation in Seagate’s openSeaChest v26.03.0 on all supported platforms allows for writing extra memory describing a range of LBAs to deallocate 16 by… | |||
| CVE-2026-8936 | unknown | — | — | 4d ago | Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel module when a container created deeply nested directories on a bind-mounted host folder and triggered a dentry invalidation event… | |||
| CVE-2026-42029 | unknown | — | — | 4d ago | Rejected reason: This CVE is a duplicate of another CVE. | |||
| CVE-2026-10717 | unknown | — | — | 4d ago | Out of bounds write and reads in openSeaChest’s --showSCSIDefects in Seagate’s openSeaChest v25.05.3 on all supported platforms allows for writing defect information out of bounds for very large defe… | |||
| CVE-2026-5385 | unknown | — | — | 4d ago | An unauthenticated user with write access to the knowledge base can store an XSS payload in a knowledge base item. This issue affects glpi: before 11.0.7. | |||
| CVE-2026-48598 | unknown | — | — | 4d ago | Improper Encoding or Escaping of Output vulnerability in elixir-tesla tesla allows multipart part header injection via unescaped Content-Disposition parameter values. Tesla.Multipart.part_headers_fo… | |||
| CVE-2026-48597 | unknown | — | — | 4d ago | Allocation of Resources Without Limits or Throttling vulnerability in elixir-tesla tesla allows denial of service via atom table exhaustion in Tesla.Adapter.Mint. Tesla.Adapter.Mint.open_conn/2 conv… | |||
| CVE-2026-48596 | unknown | — | — | 4d ago | Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') vulnerability in elixir-tesla tesla allows HTTP header injection via Tesla.Multipart.add_content_type_par… | |||
| CVE-2026-48595 | unknown | — | — | 4d ago | Improper Handling of Case Sensitivity vulnerability in elixir-tesla tesla allows credential leakage to a third-party origin on cross-origin redirects. Tesla.Middleware.FollowRedirects strips securit… | |||
| CVE-2026-48594 | unknown | — | — | 4d ago | Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-tesla tesla allows a denial of service via decompression bomb in HTTP response bodies. When Tesla.Middleware.… | |||
| CVE-2026-40571 | unknown | — | — | 4d ago | NamelessMC is website software for Minecraft servers. In version 2.2.4, `core/classes/Misc/ProfilePostReactionContext.php` only verifies that the wall post exists and does not enforce blocked/private… | |||
| CVE-2026-40314 | unknown | — | — | 4d ago | NamelessMC is website software for Minecraft servers. In version 2.2.4,`core/classes/Misc/ProfilePostReactionContext.php` only verifies that the wall post exists and does not enforce blocked/private-… | |||
| CVE-2026-35447 | unknown | — | — | 4d ago | NamelessMC is website software for Minecraft servers. In version 2.2.4, the profile page (modules/Core/pages/profile.php) processes wall post submissions and replies before verifying whether the view… | |||
| CVE-2026-35443 | unknown | — | — | 4d ago | NamelessMC is website software for Minecraft servers. In version 2.2.4, `modules/Forum/classes/ForumPostReactionContext.php` only verifies that the caller can view the forum, but it does not re-enfor… | |||
| CVE-2026-49754 | unknown | — | — | 4d ago | HTTP/2 CONTINUATION flood in Mint client via unbounded header-block accumulation | |||
| CVE-2026-49753 | unknown | — | — | 4d ago | HTTP response smuggling in Mint HTTP/1 client via lenient Content-Length parsing | |||
| CVE-2026-48862 | unknown | — | — | 4d ago | Unbounded conn.streams growth in Mint HTTP/2 client via unenforced PUSH_PROMISE concurrency | |||
| CVE-2026-48861 | unknown | — | — | 4d ago | CRLF injection in HTTP/1 request line via unvalidated method in Mint | |||
| CVE-2026-45080 | unknown | — | — | 4d ago | Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, improper access control allows disclosure of password hash. This issue has been patched in versio… | |||
| CVE-2026-33398 | unknown | — | — | 4d ago | NamelessMC is website software for Minecraft servers. In version 2.2.4, `modules/Forum/pages/forum/get_quotes.php` only checks whether the caller is logged in, then reads a post by attacker-controlle… | |||
| CVE-2026-10047 | unknown | — | — | 4d ago | The Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the real-mode hook handler, implemented in napoca/kernel/handler.c. The handler uses a guest-controlled S… | |||
| CVE-2026-10046 | unknown | — | — | 4d ago | Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the BIOS INT 0x15 / E820 memory map handler, implemented in napoca/guests/bios_handlers.c. The handler comput… | |||
| CVE-2026-9844 | unknown | — | — | 4d ago | Use of default credentials vulnerability in Roche Diagnostics navify Digital Pathology (RabbitMQ Management interface modules) allows Default Usernames and Passwords. This issue affects navify Digita… | |||
| CVE-2026-43965 | unknown | — | — | 4d ago | Path traversal vulnerability in Gleam's dependency management allows arbitrary directory deletion via malicious build/packages/packages.toml content. Package keys read from build/packages/packages.t… | |||
| CVE-2026-42795 | unknown | — | — | 4d ago | Symlink following vulnerability in Gleam's Hex package export allows files outside the project root to be embedded in the generated package tarball. The file collection helpers (gleam_files, native_… | |||
| CVE-2026-32685 | unknown | — | — | 4d ago | Path traversal vulnerability in Gleam's handling of custom documentation pages allows arbitrary file read and file write outside the intended documentation output directory. The documentation.pages … | |||
| CVE-2026-10611 | unknown | — | — | 4d ago | An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement. In deployments configured with LdapAuth.mixedAuth=true and Security.require_otp=t… | |||
| CVE-2026-34907 | unknown | — | — | 4d ago | Wirtualna Uczelnia is vulnerable to Reflected Cross‑Site Scripting (XSS) due to insecure handling of the locale parameter across multiple endpoints. An attacker can craft a malicious URL with JavaScr… | |||
| CVE-2026-34906 | unknown | — | — | 4d ago | Server-Side Template Injection (SSTI) in Wirtualna Uczelnia allows an unauthenticated attacker to perform Remote Code Execution (RCE). In the endpoint redirectToUrl and parameter redirectUrlParameter… | |||
| CVE-2026-10549 | unknown | — | — | 4d ago | LDAP filter injection vulnerability in Yandex Database prior to 25.3.1.25 allows a remote attacker with valid LDAP credentials to bypass group membership checks resulting in unauthorized access to th… | |||
| CVE-2026-49139 | unknown | — | — | 5d ago | Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the Microsoft Teams channel handler that allows remote attackers to exfiltrate Bot Framework bearer tokens by su… | |||
| CVE-2026-8931 | unknown | — | — | 5d ago | A critical Remote Code Execution (RCE) vulnerability exists in Disig Web Signer versions 2.0.3 through 2.5.3. | |||
| CVE-2026-42251 | unknown | — | — | 5d ago | Use of hard-coded credentials in KS-SOMED allowed an unauthorized attacker access to FTP server that hosted the application's update packages. The attacker with these credentials could upload a malic… | |||
| CVE-2026-0826 | unknown | — | — | 5d ago | In certain scenarios when the admin has enabled Interactive Connectivity Establishment (ICE), a buffer overflow could enable remote code execution on Poly Voice products on the Linux p… | |||
| CVE-2026-47191 | unknown | — | — | 5d ago | kas checks out SHA-like git branches as valid commits | |||
| CVE-2026-47412 | unknown | — | — | 5d ago | praisonai-platform: Any workspace member can delete the entire workspace via DELETE /workspaces/{id} | |||
| CVE-2026-47415 | unknown | — | — | 5d ago | praisonai-platform: Issue endpoints accept any issue_id without workspace ownership check, cross-workspace read/update/delete IDOR | |||
| CVE-2026-47413 | unknown | — | — | 5d ago | praisonai-platform: Any workspace member can add arbitrary user as owner via POST /workspaces/{id}/members | |||
| CVE-2026-47411 | unknown | — | — | 5d ago | praisonai-platform: Any workspace member can rewrite workspace name, description, and settings via PATCH /workspaces/{id} | |||
| CVE-2026-47417 | unknown | — | — | 5d ago | praisonai-platform: Comment endpoints accept any issue_id without workspace ownership check, cross-workspace comment read and post IDOR | |||
| CVE-2026-47418 | unknown | — | — | 5d ago | praisonai-platform: Project endpoints accept any project_id without workspace ownership check, cross-workspace read/update/delete IDOR | |||
| CVE-2026-47425 | unknown | — | — | 5d ago | rattler has an entry-point path traversal in noarch:python install (arbitrary file write) | |||
| CVE-2026-47428 | unknown | — | — | 5d ago | Vitest browser mode serves unsanitized otelCarrier query parameter as inline script | |||
| CVE-2026-47429 | unknown | — | — | 5d ago | When Vitest UI server is listening, arbitrary file can be read and executed | |||
| CVE-2026-47423 | unknown | — | — | 5d ago | DOMPurify XSS via selectedcontent re-clone | |||
| CVE-2026-48119 | unknown | — | — | 5d ago | Nezha's authenticated agents can forge service-monitor results for other users' services | |||
| CVE-2026-10532 | unknown | — | — | 5d ago | Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core (HardenedObjectInputStream (logback-core) modules) allows Object Injection, albeit heavily restricted. More precis… | |||
| CVE-2026-40549 | unknown | — | — | 5d ago | SOPlanning is vulnerable to Cross‑Site Request Forgery (CSRF) in groupe_save create, modify and delete endpoints. An attacker can craft a malicious website that, when visited by an authenticated user… | |||
| CVE-2026-40548 | unknown | — | — | 5d ago | SOPlanning does not verify uploaded file extension. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive containing a legitimate user.csv file alongside … | |||
| CVE-2026-40547 | unknown | — | — | 5d ago | SOPlanning is vulnerable to Path Traversal in backup endpoints. Authenticated remote attacker is able to exploit a vulnerable endpoint and construct payloads that allow reading and executing files p… | |||
| CVE-2026-40546 | unknown | — | — | 5d ago | SOPlanning is vulnerable to SQL Injection across multiple endpoints and parameters. Attacker with low privileges can inject arbitrary SQL commands, potentially gaining full control over the database.… | |||
| CVE-2026-40545 | unknown | — | — | 5d ago | SOPlanning is vulnerable to Reflected XSS via the taches parameter. An attacker can craft a malicious URL which, when opened by authenticated victim, results in arbitrary JavaScript execution in the … | |||
| CVE-2026-40544 | unknown | — | — | 5d ago | SOPlanning is vulnerable to Stored Cross-Site Scripting (XSS) via /process/upload_backup endpoint. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive c… | |||
| CVE-2026-40543 | unknown | — | — | 5d ago | SOPlanning does not enforce authorization for backup functionalities. An unauthenticated attacker can directly query backup-related endpoints and retrieve backup archives containing user databases wi… | |||
| CVE-2026-47416 | unknown | — | — | 8d ago | praisonai-platform: Any workspace member can promote themselves or others to owner via PATCH /workspaces/{id}/members/{user_id} | |||
| CVE-2026-47409 | unknown | — | — | 8d ago | praisonai-platform: Missing authorization on member removal enables full workspace takeover by any user regardless of role | |||
| CVE-2026-47414 | unknown | — | — | 8d ago | praisonai-platform: Label endpoints' unchecked label_id/issue_id enable cross-workspace label IDOR (edit, delete, link) | |||
| CVE-2026-47406 | unknown | — | — | 8d ago | praisonai-platform: IDOR in dependency endpoints allows cross-workspace issue linking, reading, and deletion due to missing ownership checks | |||
| CVE-2026-47410 | unknown | — | — | 8d ago | praisonai-platform: JWT signing key defaults to hardcoded "dev-secret-change-me", allowing token forgery for any user when PLATFORM_ENV is unset | |||
| CVE-2026-47405 | unknown | — | — | 8d ago | PraisonAI Platform: Missing role checks let any workspace member become owner and control workspace membership | |||
| CVE-2026-47399 | unknown | — | — | 8d ago | PraisonAI Platform workspace-scoped routes allow cross-workspace object access by global object ID | |||
| CVE-2026-47407 | unknown | — | — | 8d ago | PraisonAI Platform has a cross-workspace IDOR + member-role privilege escalation | |||
| CVE-2026-47408 | unknown | — | — | 8d ago | praisonai-platform: list_issue_activity returns activity log for any issue regardless of workspace ownership | |||
| CVE-2026-48169 | unknown | — | — | 8d ago | PraisonAI has Cross-Workspace IDOR and Privilege Escalation via Platform API | |||
| CVE-2026-47397 | unknown | — | — | 8d ago | PraisonAI has an Arbitrary File Write in Python API | |||
| CVE-2026-47391 | unknown | — | — | 8d ago | PraisonAI's unauthenticated A2A official example can reach real LLM-driven `eval()` tool execution | |||
| CVE-2026-47394 | unknown | — | — | 8d ago | PraisonAI vulnerable to unauthenticated arbitrary file read via MCP workflow.show, workflow.validate, deploy.validate | |||
| CVE-2026-47392 | unknown | — | — | 8d ago | PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode) | |||
| CVE-2026-47395 | unknown | — | — | 8d ago | PraisonAI CLI automatically resolves @url mentions in prompt text and can read loopback URLs into model context | |||
| CVE-2026-47393 | unknown | — | — | 8d ago | PraisonAI `deploy --type api` emits a Flask server with authentication disabled by default | |||
| CVE-2026-47396 | unknown | — | — | 8d ago | PraisonAI call server exposes unauthenticated agent listing, invocation, and deletion when CALL_SERVER_TOKEN is unset | |||
| CVE-2026-47390 | unknown | — | — | 8d ago | PraisonAI spider_tools SSRF protection bypass via alternate loopback host encodings | |||
| CVE-2026-47398 | unknown | — | — | 8d ago | PraisonAI: Arbitrary code execution via unguarded `spec.loader.exec_module` in `agents_generator.py` - sibling of CVE-2026-44334 | |||
| CVE-2026-47268 | unknown | — | — | 8d ago | Nezha's authenticated DDNS webhook configuration allows blind SSRF from the dashboard host | |||
| CVE-2026-47233 | unknown | — | — | 8d ago | Admidio: Any logged-in user can delete inventory fields via `mode=field_delete` — incomplete fix of #2024 | |||
| CVE-2026-47234 | unknown | — | — | 8d ago | Admidio writes session IDs and auto-login cookie values to application logs | |||
| CVE-2026-47232 | unknown | — | — | 8d ago | Admidio PKCS#12 private key export action lacks CSRF protection | |||
| CVE-2026-47231 | unknown | — | — | 8d ago | Admidio has IDOR in `documents-files.php` `mode=move_save` that lets any folder-uploader exfiltrate files from private folders | |||
| CVE-2026-47230 | unknown | — | — | 8d ago | Admidio: IDOR in documents-files.php allows cross-folder file rename and description changes by unauthorized uploaders | |||
| CVE-2026-47229 | unknown | — | — | 8d ago | Admidio: CSRF in SSO client `enable` action toggles SAML/OIDC clients without token validation | |||
| CVE-2026-47228 | unknown | — | — | 8d ago | Admidio's CSRF in registration `send_login` mode resets arbitrary user passwords | |||
| CVE-2026-47227 | unknown | — | — | 8d ago | Admidio module-administrator can delete or reorder categories owned by other modules via dead authorization check in `modules/categories.php` | |||
| CVE-2026-47226 | unknown | — | — | 8d ago | Admidio: Authorization bypass in file_delete enables cross-folder file removal by authenticated users without delete privileges | |||
| CVE-2026-47213 | unknown | — | — | 8d ago | BoxLite has a Timeout Bypass Vulnerability | |||
| CVE-2026-47211 | unknown | — | — | 8d ago | ouroboros-ai Vulnerable to Remote Code Execution via Untrusted Project-Directory .env | |||
| CVE-2026-47203 | unknown | — | — | 8d ago | Authelia Missing Username Canonicalization in Basic Auth (LDAP) | |||
| CVE-2026-47695 | unknown | — | — | 8d ago | CC-Tweaked has an SSRF Protection Bypass with NAT64 | |||
| CVE-2026-47184 | unknown | — | — | 8d ago | zeroconf has unbounded DNS record cache that allows LAN-local memory exhaustion via multicast flood | |||
| CVE-2026-45151 | unknown | — | — | 8d ago | NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In 0.24.8 and earlier, quic_stream_recv can dereference a null substream pointer when a substream is in reopen state. The code fi… | |||
| CVE-2026-47183 | unknown | — | — | 8d ago | zeroconf: Unbounded exception-dedup state retains packet buffers via traceback frame locals, enabling LAN-local memory exhaustion | |||
| CVE-2026-47180 | unknown | — | — | 8d ago | zeroconf has unbounded recursion in DNS compression-pointer decoder that allows LAN-local denial of service |