CVEs from 2026
Total
14,775
critical
critical 1,334
high
high 4,999
medium
medium 4,821
low
low 502
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 723
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-48736 | unknown | — | — | 11d ago | CVE-2026-48736: IpUtils::PRIVATE_SUBNETS Omits IPv6 Transition Forms (6to4, NAT64, Teredo, IPv4-compatible): SSRF Bypass in NoPrivateNetworkHttpClient | |||
| CVE-2026-48760 | unknown | — | — | 11d ago | CVE-2026-48760: HtmlSanitizer URL Parser Deny Gates Underinclusive: Percent-Encoded BiDi Marks and Unicode Whitespace Bypass Visual-Spoofing Defense | |||
| CVE-2026-48761 | unknown | — | — | 11d ago | CVE-2026-48761: HtmlSanitizer UrlAttributeSanitizer Misses URL Attributes on <object>, <applet>, <iframe>, <img> and the URL Inside <meta http-equiv="refresh"> content | |||
| CVE-2026-48784 | unknown | — | — | 11d ago | CVE-2026-48784: UrlGenerator Dot-Segment Encoding Skips Every Other Chained `../` or `./` → Generated URL Collapses Off-Route Under RFC 3986 Normalization | |||
| CVE-2026-48831 | unknown | — | — | 13d ago | Wine ships a .desktop file that registers itself as a MIME handler for EXE files and several other Windows executable file types. In some configurations, handling of an EXE file causes that file to b… | |||
| CVE-2026-8997 | unknown | — | — | 15d ago | vifm is vulnerable to a heap buffer overflow during the history merge process when saving the state file (vifminfo.json). This flaw occurs because the application lacks a runtime check on the length … | |||
| CVE-2026-43496 | unknown | — | — | 16d ago | In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_red: Replace direct dequeue call with peek and qdisc_dequeue_peeked When red qdisc has children (eg qfq qdisc) who… | |||
| CVE-2026-47261 | unknown | — | — | 17d ago | wasmtime-wasi: WASI path_open(TRUNCATE) bypasses `FilePerms::WRITE` host restriction | |||
| CVE-2026-46627 | unknown | — | — | 17d ago | Sandbox does not protect against resource exhaustion | |||
| CVE-2026-46626 | unknown | — | — | 17d ago | CVE-2026-46626: SymfonyRuntime CVE-2024-50340 Patch Bypass: Web Requests Can Still Set APP_ENV/APP_DEBUG via parse_str/SAPI Argv Mismatch | |||
| CVE-2026-47212 | unknown | — | — | 17d ago | Symfony: Twilio SMS Notifier allows unauthenticated webhook injection due to missing X-Twilio-Signature verification | |||
| CVE-2026-47730 | unknown | — | — | 17d ago | Twig: XSS in profiler HtmlDumper via unescaped template and profile names | |||
| CVE-2026-47732 | unknown | — | — | 17d ago | Twig: Sandbox: multiple `__toString()` policy bypasses via unguarded string coercion points | |||
| CVE-2026-45753 | unknown | — | — | 17d ago | Symfony's HtmlSanitizer UrlAttributeSanitizer Omits action/formaction/poster/cite — `javascript`: URI Survives Sanitization (XSS) | |||
| CVE-2026-45756 | unknown | — | — | 17d ago | Symfony's JsonPath Evaluates Attacker-Controlled Regular Expressions in match()/search() Without Limits — ReDoS | |||
| CVE-2026-45755 | unknown | — | — | 17d ago | Symfony's Mailtrap Mailer Webhook Parser Never Verifies the X-Mt-Signature HMAC — Unauthenticated Webhook Event Injection | |||
| CVE-2026-45754 | unknown | — | — | 17d ago | Symfony's Mailjet Mailer Webhook Parser Never Verifies the Configured Secret — Unauthenticated Webhook Event Injection | |||
| CVE-2026-48019 | unknown | — | — | 18d ago | Laravel CRLF injection in default email rule | |||
| CVE-2026-7860 | unknown | — | — | 18d ago | Vaadin Build Plugins is Affected by a Possible Information Disclosure Vulnerability | |||
| CVE-2026-43492 | unknown | — | — | 18d ago | In the Linux kernel, the following vulnerability has been resolved: lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl() Yiming reports an integer underflow in mpi_read_raw_from_sgl() … | |||
| CVE-2026-43491 | unknown | — | — | 18d ago | In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the maximum server registration per node Current code does no bound checking on the number of servers added … | |||
| CVE-2026-8726 | unknown | — | — | 18d ago | SQL Injection in extension "News system" (news) | |||
| CVE-2026-45829 | unknown | — | — | 19d ago | ChromaDB Python project has a pre-authentication code injection vulnerability | |||
| CVE-2026-46722 | unknown | — | — | 19d ago | TYPO3-EXT-SA-2026-011: XML External Entity Injection in extension "Faceted Search" (ke_search) | |||
| CVE-2026-46724 | unknown | — | — | 19d ago | TYPO3-EXT-SA-2026-011: Path Traversal in extension "Faceted Search" (ke_search) | |||
| CVE-2026-8295 | unknown | — | — | 23d ago | An integer overflow vulnerability in the simdjson document-builder API allows incorrect buffer size calculations in "string_builder::escape_and_append()" when processing very large input strings on p… | |||
| CVE-2026-8328 | unknown | — | — | 24d ago | The ftpcp() function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv() was patched to replace server-supplied PASV host addresses with the actual peer address (getpee… | |||
| CVE-2026-43489 | unknown | — | — | 24d ago | In the Linux kernel, the following vulnerability has been resolved: liveupdate: luo_file: remember retrieve() status LUO keeps track of successful retrieve attempts on a LUO file. It does so to av… | |||
| CVE-2026-43488 | unknown | — | — | 24d ago | In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Prevent interrupt storm on host controller error (HCE) The xHCI controller reports a Host Controller Error (HCE) in UA… | |||
| CVE-2026-43487 | unknown | — | — | 24d ago | In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Disable LPM on ST1000DM010-2EP102 According to a user report, the ST1000DM010-2EP102 has problems with LPM, cau… | |||
| CVE-2026-43486 | unknown | — | — | 24d ago | In the Linux kernel, the following vulnerability has been resolved: arm64: contpte: fix set_access_flags() no-op check for SMMU/ATS faults contpte_ptep_set_access_flags() compared the gathered ptep… | |||
| CVE-2026-43485 | unknown | — | — | 24d ago | In the Linux kernel, the following vulnerability has been resolved: nouveau/gsp: drop WARN_ON in ACPI probes These WARN_ONs seem to trigger a lot, and we don't seem to have a plan to fix them, so j… | |||
| CVE-2026-43484 | unknown | — | — | 24d ago | In the Linux kernel, the following vulnerability has been resolved: mmc: core: Avoid bitfield RMW for claim/retune flags Move claimed and retune control flags out of the bitfield word to avoid unre… | |||
| CVE-2026-43483 | unknown | — | — | 24d ago | In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Set/clear CR8 write interception when AVIC is (de)activated Explicitly set/clear CR8 write interception when AVIC is (d… | |||
| CVE-2026-43482 | unknown | — | — | 24d ago | In the Linux kernel, the following vulnerability has been resolved: sched_ext: Disable preemption between scx_claim_exit() and kicking helper work scx_claim_exit() atomically sets exit_kind, which … | |||
| CVE-2026-43480 | unknown | — | — | 24d ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition The acp3x_5682_init() function did not check the r… | |||
| CVE-2026-43479 | unknown | — | — | 24d ago | In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect Remove redundant netif_napi_del() call from disconnect path.… | |||
| CVE-2026-43478 | unknown | — | — | 24d ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: rt1011: Use component to get the dapm context in spk_mode_put The correct helper to use in rt1011_recv_spk_mode_put… | |||
| CVE-2026-43477 | unknown | — | — | 24d ago | In the Linux kernel, the following vulnerability has been resolved: drm/i915/vrr: Configure VRR timings after enabling TRANS_DDI_FUNC_CTL Apparently ICL may hang with an MCE if we write TRANS_VRR_V… | |||
| CVE-2026-28894 | unknown | — | — | 27d ago | macOS Sonoma 14.8.5 | |||
| CVE-2026-1837 | unknown | — | — | 27d ago | visionOS 26.5 | |||
| CVE-2026-6210 | unknown | — | — | 1mo ago | A type confusion vulnerability in Qt SVG allows an attacker to cause an application crash via a crafted SVG image. When processing SVG marker references, the renderer retrieves a node by its id at… | |||
| CVE-2026-41305 | unknown | — | — | 1mo ago | PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Syntax Tree. Versions prior to 8.5.10 do not escape `</style>` sequences when s… | |||
| CVE-2026-39973 | unknown | — | — | 1mo ago | Apktool: Path Traversal to Arbitrary File Write | |||
| CVE-2026-41239 | unknown | — | — | 2mo ago | DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Starting in version 1.0.10 and prior to version 3.4.0, `SAFE_FOR_TEMPLATES` strips `{{...}}` expressions from untrust… | |||
| CVE-2026-41238 | unknown | — | — | 2mo ago | DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions 3.0.1 through 3.3.3 are vulnerable to a prototype pollution-based XSS bypass. When an application uses `DOMP… | |||
| CVE-2026-41166 | unknown | — | — | 2mo ago | OpenRemote has Improper Access Control via updateUserRealmRoles function | |||
| CVE-2026-40942 | unknown | — | — | 2mo ago | Data Sharing Framework has an Inverted Time Comparison in OIDC JWKS and Token Cache | |||
| CVE-2026-40939 | unknown | — | — | 2mo ago | Data Sharing Framework is Missing Session Timeout for OIDC Sessions | |||
| CVE-2026-41066 | unknown | — | — | 2mo ago | lxml: Default configuration of iterparse() and ETCompatXMLParser() allows XXE to local files | |||
| CVE-2026-39386 | unknown | — | — | 2mo ago | Neko has a Self-service Privilege Escalation for Authenticated Users in github.com/m1k1o/neko/server | |||
| CVE-2026-32613 | unknown | — | — | 2mo ago | Spinnaker: RCE via expression parsing due to unrestricted context handling | |||
| CVE-2026-32604 | unknown | — | — | 2mo ago | Spinnaker: RCE when using gitrepo artifact types due to improper sanitization of user input on branch and paths | |||
| CVE-2026-6783 | unknown | — | — | 2mo ago | Incorrect boundary conditions, integer overflow in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | |||
| CVE-2026-6782 | unknown | — | — | 2mo ago | Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | |||
| CVE-2026-6781 | unknown | — | — | 2mo ago | Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | |||
| CVE-2026-6778 | unknown | — | — | 2mo ago | Invalid pointer in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | |||
| CVE-2026-6777 | unknown | — | — | 2mo ago | Other issue in the Networking: DNS component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | |||
| CVE-2026-6775 | unknown | — | — | 2mo ago | Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | |||
| CVE-2026-6774 | unknown | — | — | 2mo ago | Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | |||
| CVE-2026-6773 | unknown | — | — | 2mo ago | Denial-of-service due to integer overflow in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | |||
| CVE-2026-6768 | unknown | — | — | 2mo ago | Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | |||
| CVE-2026-6755 | unknown | — | — | 2mo ago | Mitigation bypass in the DOM: postMessage component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | |||
| CVE-2026-33557 | unknown | — | — | 2mo ago | Apache Kafka does not validate JWT tokens in its OAUTHBEARER authentication implementation | |||
| CVE-2026-33558 | unknown | — | — | 2mo ago | Apache Kafka exposes sensitive information in its DEBUG logs | |||
| CVE-2026-32690 | unknown | — | — | 2mo ago | Apache Airflow Exposes Secrets in Variables Saved as JSON Dictionaries | |||
| CVE-2026-30912 | unknown | — | — | 2mo ago | Apache Airflow exposes SQL stack trace despite "api/expose_stack_traces" set to false | |||
| CVE-2026-40458 | unknown | — | — | 2mo ago | PAC4J has a Cross-Site Request Forgery (CSRF) Vulnerability | |||
| CVE-2026-40611 | unknown | — | — | 2mo ago | Let's Encrypt client and ACME library written in Go (Lego). Prior to 4.34.0, the webroot HTTP-01 challenge provider in lego is vulnerable to arbitrary file write and deletion via path traversal. A ma… | |||
| CVE-2026-41245 | unknown | — | — | 2mo ago | Junrar: Path Traversal (Zip-Slip) via Sibling Directory Name Prefix | |||
| CVE-2026-30778 | unknown | — | — | 2mo ago | SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information | |||
| CVE-2026-40478 | unknown | — | — | 2mo ago | Improper neutralization of specific syntax patterns for unauthorized expressions in Thymeleaf | |||
| CVE-2026-40477 | unknown | — | — | 2mo ago | Improper restriction of the scope of accessible objects in Thymeleaf expressions | |||
| CVE-2026-40347 | unknown | — | — | 2mo ago | Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial of service vulnerability when parsing crafted `multipart/form-data` requests with large preamble or… | |||
| CVE-2026-40882 | unknown | — | — | 2mo ago | OpenRemote has XXE in Velbus Asset Import | |||
| CVE-2026-6313 | unknown | — | — | 2mo ago | Insufficient policy enforcement in CORS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. … | |||
| CVE-2026-5598 | unknown | — | — | 2mo ago | Bouncy Castle Has Covert Timing Channel Vulnerability | |||
| CVE-2026-5588 | unknown | — | — | 2mo ago | Bouncy Castle Crypto Package For Java: Use of a Broken or Risky Cryptographic Algorithm vulnerability in bcpkix modules | |||
| CVE-2026-3505 | unknown | — | — | 2mo ago | Bouncy Castle Uncontrolled Resource Consumption vulnerability | |||
| CVE-2026-0636 | unknown | — | — | 2mo ago | Bouncy Castle has an LDAP injection | |||
| CVE-2026-40104 | unknown | — | — | 2mo ago | XWiki's REST APIs can list all pages/spaces, leading to unavailability | |||
| CVE-2026-40105 | unknown | — | — | 2mo ago | XWiki has Reflected Cross-Site Scripting (XSS) in page history compare | |||
| CVE-2026-39842 | unknown | — | — | 2mo ago | Expression Injection in OpenRemote | |||
| CVE-2026-33414 | unknown | — | — | 2mo ago | Podman is a tool for managing OCI containers and pods. Versions 4.8.0 through 5.8.1 contain a command injection vulnerability in the HyperV machine backend in pkg/machine/hyperv/stubber.go, where the… | |||
| CVE-2026-40683 | unknown | — | — | 2mo ago | OpenStack Keystone: LDAP identity backend does not convert enabled attribute to boolean | |||
| CVE-2026-40176 | unknown | — | — | 2mo ago | Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command() method, which constructs she… | |||
| CVE-2026-40261 | unknown | — | — | 2mo ago | Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase() method, which appends the $source… | |||
| CVE-2026-40312 | unknown | — | — | 2mo ago | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, an off by one error in the MSL decoder could result in a crash when a malico… | |||
| CVE-2026-40310 | unknown | — | — | 2mo ago | ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below both 7.1.2-19 and 6.9.13-44, contain a heap out-of-bounds write in the JP2 encoder with w… | |||
| CVE-2026-40183 | unknown | — | — | 2mo ago | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, the JXL encoder has an heap write overflow when a user specifies that the im… | |||
| CVE-2026-40169 | unknown | — | — | 2mo ago | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, a crafted image could result in an out of bounds heap write when writing a y… | |||
| CVE-2026-33905 | unknown | — | — | 2mo ago | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, the -sample operation has an out of bounds read when an s… | |||
| CVE-2026-33902 | unknown | — | — | 2mo ago | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a stack overflow vulnerability in ImageMagick's FX expres… | |||
| CVE-2026-33929 | unknown | — | — | 2mo ago | Apache PDFBox Examples: Path Traversal in PDFBox ExtractEmbeddedFiles Example Code | |||
| CVE-2026-40606 | unknown | — | — | 2mo ago | mitmproxy has an LDAP Injection | |||
| CVE-2026-40490 | unknown | — | — | 2mo ago | AsyncHttpClient leaks authorization credentials to untrusted domains on cross-origin redirects | |||
| CVE-2026-39984 | unknown | — | — | 2mo ago | Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Versions 2.0.5 and below contain an authorization bypass vulnerability in the VerifyTimestampResponse function. VerifyTimest… | |||
| CVE-2026-33901 | unknown | — | — | 2mo ago | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a heap buffer overflow occurs in the MVG decoder that cou… | |||
| CVE-2026-33908 | unknown | — | — | 2mo ago | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, Magick frees the memory of the XML tree via the `DestroyX… | |||
| CVE-2026-40869 | unknown | — | — | 2mo ago | Decidim amendments can be accepted or rejected by anyone |