CVEs from 2026
Total
14,777
critical
critical 1,334
high
high 5,000
medium
medium 4,821
low
low 503
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 723
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-34358 | high | 8.1 | 8.1 | 18d ago | CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contains a broken access control vulnerability where multiple admin controllers enforce permission checks on … | |||
| CVE-2026-47107 | high | 8.1 | 8.1 | 18d ago | Windmill prior to 1.703.2 contains an incorrect default permissions vulnerability in nsjail sandbox configuration files where /etc is bind-mounted without read-write restrictions, allowing authentica… | |||
| CVE-2026-8711 | high | 8.1 | 8.1 | 18d ago | NGINX JavaScript has a vulnerability when the js_fetch_proxy directive is configured with at least one client-controlled NGINX variable (for example, $http_*, $arg_*, $cookie_*) and a location invoki… | |||
| CVE-2026-8969 | high | 8.1 | 8.1 | 18d ago | Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. | |||
| CVE-2026-7504 | high | 8.1 | 8.1 | 18d ago | Keycloak: Open redirect when using wildcard valid redirect URIs in Keycloak | |||
| CVE-2026-24792 | high | 8.1 | 8.1 | 19d ago | in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps. | |||
| CVE-2026-8851 | high | 8.1 | 8.1 | 19d ago | SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to extract arbitrary data from the database b… | |||
| CVE-2026-45707 | high | 8.1 | 8.1 | 19d ago | n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.51.2, when ENABLE_MULTI_TENANT=true, the HTTP transport documents that th… | |||
| CVE-2026-41316 | high | 8.1 | 8.1 | 20d ago | Important: ruby:4.0 security update | |||
| CVE-2026-42945 | high | 8.1 | 8.1 | 20d ago | RHSA-2026:18041: nginx:1.24 security update (Critical) | |||
| CVE-2026-45665 | high | 8.1 | 8.1 | 22d ago | Open WebUI has Stored XSS in Banner Component via Improper Sanitization Order | |||
| CVE-2026-45301 | high | 8.1 | 8.1 | 22d ago | Open WebUI: Missing permission check in files API allows authenticated users to list, access and delete every uploaded file | |||
| CVE-2026-44565 | high | 8.1 | 8.1 | 22d ago | Open WebUI Arbitrary File Write, Delete via Path Traversal | |||
| CVE-2026-45402 | high | 8.1 | 8.1 | 22d ago | Open WebUI: Cross-User File Access via Unchecked file_id in Folder Knowledge and Knowledge-Base Attach Endpoints | |||
| CVE-2026-45675 | high | 8.1 | 8.1 | 22d ago | Open WebUI: LDAP and OAuth First-User Race Condition Allows Multiple Admin Accounts | |||
| CVE-2026-44554 | high | 8.1 | 8.1 | 22d ago | Open WebUI has Knowledge Base Destruction and RAG Poisoning via Unauthorized Collection Overwrite | |||
| CVE-2026-46407 | high | 8.1 | 8.1 | 22d ago | Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the backend admin/auth-token endpoint allows an authenticated administrator t… | |||
| CVE-2026-35194 | high | 8.1 | 8.1 | 22d ago | Apache Flink: Remote code execution via SQL injection in code generation | |||
| CVE-2026-4094 | high | 8.1 | 8.1 | 22d ago | The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the 'admin_head' function in all versions up… | |||
| CVE-2026-28761 | high | 8.1 | 8.1 | 22d ago | Cross-site request forgery vulnerability exists in Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and earlier. If a user views a malicious page while logged-in to the affected pr… | |||
| CVE-2026-8629 | high | 8.1 | 8.1 | 23d ago | Crabbox prior to v0.12.0 contains a privilege escalation vulnerability that allows users with shared visibility-only access to obtain Code, WebVNC, and Egress agent tickets by sending POST requests t… | |||
| CVE-2026-44633 | high | 8.1 | 8.1 | 23d ago | Live Helper Chat is an open-source application that enables live support websites. In 4.84v, the Live Helper Chat REST API chat update endpoint allows a REST user with lhchat/use to update a chat in … | |||
| CVE-2026-44973 | high | 8.1 | 8.1 | 23d ago | Billy is an interface filesystem abstraction for Go. Prior to 5.9.0, multiple path traversal issues exist across different components of go-billy. Insufficient path sanitization and boundary enforcem… | |||
| CVE-2026-44882 | high | 8.1 | 8.1 | 23d ago | Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before … | |||
| CVE-2026-4030 | high | 8.1 | 8.1 | 23d ago | The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized arbitrary file read and deletion in all versions up to, and including, 2.5.2. This is due to the plugin not proper… | |||
| CVE-2026-3892 | high | 8.1 | 8.1 | 23d ago | The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.4.107. This is due to insufficient file … | |||
| CVE-2026-1322 | high | 8.1 | 8.1 | 23d ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.0 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with a read… | |||
| CVE-2026-29206 | high | 8.1 | 8.1 | 24d ago | Insufficient sanitization of SQL queries in the `sqloptimizer` utility script allows SQL Injections on behalf of the root user if Slow Query logging is enabled. | |||
| CVE-2026-42463 | high | 8.1 | 8.1 | 24d ago | SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. Prior to 1.8.0, SQLBot contains a Cross-Workspace IDOR (Insecure Direct Object Reference) and Authorization Bypass … | |||
| CVE-2026-45055 | high | 8.1 | 8.1 | 24d ago | CubeCart is an ecommerce software solution. Prior to 6.7.2, CubeCart 6.6.x – 6.7.1 builds CC_STORE_URL directly from the Host request header at bootstrap, with no allowlist. The constant is embedded … | |||
| CVE-2026-42602 | high | 8.1 | 8.1 | 24d ago | azureauthextension is the Azure Authenticator Extension. From 0.124.0 to 0.150.0, a server-side authentication bypass in azureauthextension allows any party who holds a single valid Azure access toke… | |||
| CVE-2026-44574 | high | 8.1 | 8.1 | 24d ago | Next.js has a Middleware / Proxy bypass through dynamic route parameter injection | |||
| CVE-2026-6282 | high | 8.1 | 8.1 | 24d ago | A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move or access files belonging to ot… | |||
| CVE-2026-44291 | high | 8.1 | 8.1 | 24d ago | protobuf.js: Code generation gadget after prototype pollution | |||
| CVE-2026-20916 | high | 8.1 | 8.1 | 24d ago | An authenticated iControl REST user with low privileges can create or modify arbitrary files through an undisclosed iControl REST endpoint on the BIG-IQ system. Note: Software versions which have re… | |||
| CVE-2026-7635 | high | 8.1 | 8.1 | 24d ago | The coreActivity: Activity Logging for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0. This is due to the plugin failing to validate or… | |||
| CVE-2026-28907 | high | 8.1 | 8.1 | 25d ago | visionOS 26.5 | |||
| CVE-2026-44548 | high | 8.1 | 8.1 | 25d ago | ChurchCRM is an open-source church management system. Prior to 7.3.2, top-level cross-site GET navigation from an attacker-controlled page to FundRaiserDelete.php, PropertyTypeDelete.php, or NoteDele… | |||
| CVE-2026-44301 | high | 8.1 | 8.1 | 25d ago | Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses Node-based asset pipelines (PostCSS, Babel, TailwindCSS), Hugo invoked the configured Node tools with… | |||
| CVE-2026-44260 | high | 8.1 | 8.1 | 25d ago | efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the readonly flag set on the <efw:elFinder> JSP tag is intended to prevent file modifications. When protected=true, elfinder_checkRisk en… | |||
| CVE-2026-8430 | high | 8.1 | 8.1 | 25d ago | SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space that is limited to certain nginx configurations, allowing attackers to execute arbitrary code in the co… | |||
| CVE-2026-40415 | high | 8.1 | 8.1 | 25d ago | Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network. | |||
| CVE-2026-30808 | high | 8.1 | 8.1 | 25d ago | Session Fixation vulnerability allows Session Hijacking via crafted session ID. This issue affects Pandora FMS: from 777 through 800 | |||
| CVE-2026-43983 | high | 8.1 | 8.1 | 25d ago | Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services. Prior to 2.6.0, The createTokenFromRefreshToken function (oidc_service.go) validates the refresh … | |||
| CVE-2026-43938 | high | 8.1 | 8.1 | 25d ago | YAFNET has Unauthenticated Stored Second-Order XSS in Admin Event Log via Reflected `User-Agent` Header | |||
| CVE-2026-43913 | high | 8.1 | 8.1 | 26d ago | Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden allows an unconfirmed organization owner to purge the entire organization vault. The organization invite flo… | |||
| CVE-2026-43911 | high | 8.1 | 8.1 | 26d ago | Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, refresh tokens are not invalidated when the user's security_stamp is rotated by some security-sensitive operations (pass… | |||
| CVE-2026-43640 | high | 8.1 | 8.1 | 26d ago | Bitwarden Server prior to v2026.4.1 does not require master-password re-authentication when retrieving or rotating an organization's SCIM API key, allowing an authenticated user with SCIM management … | |||
| CVE-2026-38568 | high | 8.1 | 8.1 | 26d ago | HireFlow v1.2 is vulnerable to Incorrect Access Control. The application does not enforce object-level authorization on the /candidate/<id> and /interview/<id> endpoints. The route handlers retrieve … | |||
| CVE-2026-38566 | high | 8.1 | 8.1 | 26d ago | HireFlow v1.2 does not implement CSRF token validation on any state-changing POST endpoint. All forms (password change at /profile, candidate deletion at /candidates/delete/<id>, feedback submission … | |||
| CVE-2026-30635 | high | 8.1 | 8.1 | 26d ago | automagik-genie has a command injection vulnerability | |||
| CVE-2026-42349 | high | 8.1 | 8.1 | 26d ago | Clerk JavaScript is the official JavaScript repository for Clerk authentication. has(), auth.protect(), and related authorization predicates in @clerk/shared, @clerk/nextjs, @clerk/backend, and other… | |||
| CVE-2026-7819 | high | 8.1 | 8.1 | 26d ago | pgAdmin 4 File Manager has symbolic-link path traversal | |||
| CVE-2026-42296 | high | 8.1 | 8.1 | 29d ago | Argo has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure | |||
| CVE-2026-42452 | high | 8.1 | 8.1 | 29d ago | Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, /users/login issues a temporary JWT (temp_token) for TOTP-enabled… | |||
| CVE-2026-44553 | high | 8.1 | 8.1 | 29d ago | Open WebUI: Stale Admin Role in Socket.IO Session Pool Enables Post-Demotion Cross-User Note Access | |||
| CVE-2026-8178 | high | 8.1 | 8.1 | 29d ago | Amazon Redshift Vulnerable to Remote Code Execution via Unsafe Class Loading | |||
| CVE-2026-41883 | high | 8.1 | 8.1 | 29d ago | OmniFaces: EL injection via crafted resource name in wildcard CDN mapping | |||
| CVE-2026-43377 | high | 8.1 | 8.1 | 29d ago | In the Linux kernel, the following vulnerability has been resolved: ksmbd: Don't log keys in SMB3 signing and encryption key generation When KSMBD_DEBUG_AUTH logging is enabled, generate_smb3signin… | |||
| CVE-2026-43362 | high | 8.1 | 8.1 | 29d ago | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix in-place encryption corruption in SMB2_write() SMB2_write() places write payload in iov[1..n] as part of rq_iov.… | |||
| CVE-2026-41588 | high | 8.1 | 8.1 | 29d ago | RELATE is a web-based courseware package. Prior to commit 2f68e16, there is a timing attack vulnerability in course/auth.py — check_sign_in_key(). This issue has been patched via commit 2f68e16. | |||
| CVE-2026-41496 | high | 8.1 | 8.1 | 29d ago | PraisonAI: SQL Injection via unvalidated `table_prefix` in 9 conversation store backends (incomplete fix for CVE-2026-40315) | |||
| CVE-2026-41491 | high | 8.1 | 8.1 | 29d ago | Dapr: Service Invocation path traversal ACL bypass | |||
| CVE-2026-41105 | high | 8.1 | 8.1 | 1mo ago | Server-side request forgery (ssrf) in Azure Notification Service allows an authorized attacker to elevate privileges over a network. | |||
| CVE-2026-42239 | high | 8.1 | 8.1 | 1mo ago | Budibase is an open-source low-code platform. Prior to version 3.35.10, the budibase:auth cookie containing the JWT session token is set with httpOnly: false at packages/backend-core/src/utils/utils.… | |||
| CVE-2026-41654 | high | 8.1 | 8.1 | 1mo ago | Weblate Vulnerable to Authenticated SSRF via Project Backup Import bypassing validate_repo_url | |||
| CVE-2026-8093 | high | 8.1 | 8.1 | 1mo ago | Memory safety bugs present in Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary … | |||
| CVE-2026-33588 | high | 8.1 | 8.1 | 1mo ago | Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to create or modify files on the docker container via path traversal. | |||
| CVE-2026-7252 | high | 8.1 | 8.1 | 1mo ago | The WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validat… | |||
| CVE-2026-41002 | high | 8.1 | 8.1 | 1mo ago | Spring Cloud Config Server Susceptible To TOCTOU Attack | |||
| CVE-2026-44304 | high | 8.1 | 8.1 | 1mo ago | Lemur: LDAP Filter Injection enables post-authentication privilege escalation | |||
| CVE-2026-8018 | high | 8.1 | 8.1 | 1mo ago | Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via malicious network traffic. (Chromium security… | |||
| CVE-2026-7981 | high | 8.1 | 8.1 | 1mo ago | Out of bounds read in Codecs in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to obtain potentially sensitive information from process memory via a malicious file. (Chromium security… | |||
| CVE-2026-7978 | high | 8.1 | 8.1 | 1mo ago | Inappropriate implementation in Companion in Google Chrome on Mac prior to 148.0.7778.96 allowed a remote attacker to perform OS-level privilege escalation via malicious network traffic. (Chromium se… | |||
| CVE-2026-41936 | high | 8.1 | 8.1 | 1mo ago | Vvveb before version 1.0.8.2 contains an XML external entity (XXE) injection vulnerability in the admin Tools/Import feature that allows authenticated site_admin users to read arbitrary files and mod… | |||
| CVE-2026-43134 | high | 8.1 | 8.1 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ This adds a check for encryption key size upon receiving L2CAP… | |||
| CVE-2026-42609 | high | 8.1 | 8.1 | 1mo ago | Grav Vulnerable to Administrative Account Disruption and Privilege De-escalation via User Overwrite Logic | |||
| CVE-2026-44331 | high | 8.1 | 8.1 | 1mo ago | In ProFTPD through 1.3.9a before 7666224, a SQL injection vulnerability in sqltab_fetch_clients_cb() in contrib/mod_wrap2_sql.c allows a remote attacker to inject arbitrary SQL commands via a crafted… | |||
| CVE-2026-23631 | high | 8.1 | 8.1 | 1mo ago | Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-aft… | |||
| CVE-2026-43535 | high | 8.1 | 8.1 | 1mo ago | OpenClaw: Collect-mode queue batches could reuse the last sender authorization context | |||
| CVE-2026-6180 | high | 8.1 | 8.1 | 1mo ago | A race condition exists in PaperCut MF when processing badge-swipe data from certain HP multifunction devices. Under specific network conditions involving dropped packets and out-of-order sequence co… | |||
| CVE-2026-42088 | high | 8.1 | 8.1 | 1mo ago | OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0-rc3, the Script Runner widget allows users to execute Py… | |||
| CVE-2026-29004 | high | 8.1 | 8.1 | 1mo ago | BusyBox before commit 42202bf contains a heap buffer overflow vulnerability in the DHCPv6 client (udhcpc6) DNS_SERVERS option handler in networking/udhcp/d6_dhcpc.c that allows network-adjacent attac… | |||
| CVE-2026-42075 | high | 8.1 | 8.1 | 1mo ago | Evolver: Path Traversal via `--out` flag in `fetch` command allows Arbitrary File Write | |||
| CVE-2026-40563 | high | 8.1 | 8.1 | 1mo ago | Apache Atlas has a Code Injection Vulnerability | |||
| CVE-2026-29199 | high | 8.1 | 8.1 | 1mo ago | phpBB before 3.3.16 is vulnerable to Host Header Injection that can lead to password rest link poisoning. When force_server_vars is disabled, the servers hostname may be extracted from the HTTP Host … | |||
| CVE-2026-2554 | high | 8.1 | 8.1 | 1mo ago | The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and incl… | |||
| CVE-2026-7611 | high | 8.1 | 8.1 | 1mo ago | A vulnerability was found in TRENDnet TEW-821DAP up to 1.12B01. This impacts the function platform_do_upgrade_cameo_dev of the file cameo_dev.sh of the component Firmware Update Handler. Performing a… | |||
| CVE-2026-7610 | high | 8.1 | 8.1 | 1mo ago | A vulnerability has been found in TRENDnet TEW-821DAP 1.12B01. This affects an unknown function of the file /www/cgi/ssi of the component Firmware Update. Such manipulation leads to cleartext transmi… | |||
| CVE-2026-7491 | high | 8.1 | 8.1 | 1mo ago | School App developed by Zyosoft has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attackers to modify a specific parameter to read and modify other users' data. | |||
| CVE-2026-7606 | high | 8.1 | 8.1 | 1mo ago | A weakness has been identified in TRENDnet TEW-821DAP 1.12B01. This issue affects the function find_hwid/new_gui_update_firmware of the component Firmware Update Handler. Executing a manipulation of … | |||
| CVE-2026-7647 | high | 8.1 | 8.1 | 1mo ago | The Profile Builder Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to and including 3.14.5. This is due to the use of PHP's maybe_unserialize() function on the atta… | |||
| CVE-2026-37537 | high | 8.1 | 8.1 | 1mo ago | collin80/Open-SAE-J1939 thru commit 744024d4306bc387857dfce439558336806acb06 (2023-03-08) contains an integer underflow leading to out-of-bounds write in Transport Protocol Data Transfer handling. At… | |||
| CVE-2026-22166 | high | 8.1 | 8.1 | 1mo ago | A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the proce… | |||
| CVE-2026-22165 | high | 8.1 | 8.1 | 1mo ago | A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger a write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the pro… | |||
| CVE-2026-43051 | high | 8.1 | 8.1 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq The wacom_intuos_bt_irq() function processes Bluetooth HID reports with… | |||
| CVE-2026-31779 | high | 8.1 | 8.1 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix potential out-of-bounds read in iwl_mvm_nd_match_info_handler() The memcpy function assumes the dynamic a… | |||
| CVE-2026-31771 | high | 8.1 | 8.1 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: move wake reason storage into validated event handlers hci_store_wake_reason() is called from hci_event_pac… | |||
| CVE-2026-31708 | high | 8.1 | 8.1 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix OOB read in smb2_ioctl_query_info QUERY_INFO path smb2_ioctl_query_info() has two response-copy branches: PASSTH… | |||
| CVE-2026-7554 | high | 8.1 | 8.1 | 1mo ago | A vulnerability was determined in D-Link M60 up to 1.20B02. Affected by this issue is some unknown functionality of the file /usr/bin/httpd. This manipulation causes weak password recovery. The attac… |