CVEs from 2026
Total
14,777
critical
critical 1,334
high
high 5,000
medium
medium 4,821
low
low 503
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 723
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-33899 | unknown | — | — | 2mo ago | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-189 and 6.9.13-44, when `Magick` parses an XML file it is possible that a single… | |||
| CVE-2026-34238 | unknown | — | — | 2mo ago | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, an integer overflow in the despeckle operation causes a h… | |||
| CVE-2026-33900 | unknown | — | — | 2mo ago | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, the viff encoder contains an integer truncation/wraparoun… | |||
| CVE-2026-40179 | unknown | — | — | 2mo ago | Prometheus is an open-source monitoring system and time series database. Versions 3.0 through 3.5.1 and 3.6.0 through 3.11.1 have stored cross-site scripting vulnerabilities in multiple components of… | |||
| CVE-2026-35582 | unknown | — | — | 2mo ago | Emissary has an OS Command Injection via Unvalidated IN_FILE_ENDING / OUT_FILE_ENDING in Executrix | |||
| CVE-2026-33858 | unknown | — | — | 2mo ago | Apache Airflow: Unsafe Deserialization via Legacy Serialization Keys (__type/__var) Bypass in XCom API | |||
| CVE-2026-35337 | unknown | — | — | 2mo ago | Apache Storm: Deserialization of Untrusted Data vulnerability | |||
| CVE-2026-35565 | unknown | — | — | 2mo ago | Apache Storm UI: Stored Cross-Site Scripting (XSS) via Unsanitized Topology Metadata | |||
| CVE-2026-34177 | unknown | — | — | 2mo ago | Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in isVMLowLevelOptionForbidden (lxd/project/limits/permissions.go), which omits raw.apparmor and raw.qemu.conf from the set of k… | |||
| CVE-2026-34178 | unknown | — | — | 2mo ago | In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml in the supplied tar archive but creates the instance from backup/container/backup.yaml, a … | |||
| CVE-2026-34179 | unknown | — | — | 2mo ago | In Canonical LXD versions 4.12 through 6.7, the doCertificateUpdate function in lxd/certificates.go does not validate the Type field when handling PUT/PATCH requests to /1.0/certificates/{fingerprint… | |||
| CVE-2026-34481 | unknown | — | — | 2mo ago | Apache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in JsonTemplateLayout | |||
| CVE-2026-34480 | unknown | — | — | 2mo ago | Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.html#XmlLayout , in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 spec… | |||
| CVE-2026-34478 | unknown | — | — | 2mo ago | Apache Log4j Core: log injection in `Rfc5424Layout` due to silent configuration incompatibility | |||
| CVE-2026-34483 | unknown | — | — | 2mo ago | Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 1… | |||
| CVE-2026-34487 | unknown | — | — | 2mo ago | Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token. This issue affects Apache Tomcat… | |||
| CVE-2026-29146 | unknown | — | — | 2mo ago | Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from … | |||
| CVE-2026-25854 | unknown | — | — | 2mo ago | Occasional URL redirection to untrusted Site ('Open Redirect') vulnerability in Apache Tomcat via the LoadBalancerDrainingValve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, fro… | |||
| CVE-2026-32990 | unknown | — | — | 2mo ago | Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614. This issue affects Apache Tomcat: from 11.0.15 through 11.0.19, from 10.1.50 through 10.1.52, fro… | |||
| CVE-2026-40046 | unknown | — | — | 2mo ago | Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT vulnerable to Integer Overflow or Wraparound | |||
| CVE-2026-34020 | unknown | — | — | 2mo ago | Apache OpenMeetings Uses GET Request Method With Sensitive Query Strings | |||
| CVE-2026-33266 | unknown | — | — | 2mo ago | Apache OpenMeetings Uses Hard-coded Cryptographic Key | |||
| CVE-2026-33005 | unknown | — | — | 2mo ago | Apache OpenMeetings has an Improper Handling of Insufficient Privileges vulnerability | |||
| CVE-2026-34538 | unknown | — | — | 2mo ago | Apache Airflow has an authorization bypass in DagRun wait endpoint | |||
| CVE-2026-39892 | unknown | — | — | 2mo ago | Cryptography vulnerable to buffer overflow if non-contiguous buffers were passed to APIs | |||
| CVE-2026-39883 | unknown | — | — | 2mo ago | OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command us… | |||
| CVE-2026-39882 | unknown | — | — | 2mo ago | OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1.43.0, the otlp HTTP exporters (traces/metrics/logs) read the full HTTP response body into an in-memory bytes.Buffer without a si… | |||
| CVE-2026-5795 | unknown | — | — | 2mo ago | Eclipse Jetty: Early return from the JASPIAuthenticator code can potentially no clear ThreadLocal variables | |||
| CVE-2026-33229 | unknown | — | — | 2mo ago | XWiki vulnerable to remote code execution with script right through unprotected Velocity scripting API | |||
| CVE-2026-39847 | unknown | — | — | 2mo ago | Emmett has a path traversal in internal assets handler | |||
| CVE-2026-39395 | unknown | — | — | 2mo ago | Cosign provides code signing and transparency for containers and binaries. Prior to 3.0.6 and 2.6.3, cosign verify-blob-attestation may erroneously report a "Verified OK" result for attestations with… | |||
| CVE-2026-35583 | unknown | — | — | 2mo ago | Emissary has a Path Traversal via Blacklist Bypass in Configuration API | |||
| CVE-2026-35581 | unknown | — | — | 2mo ago | Emissary has a Command Injection via PLACE_NAME Configuration in Executrix | |||
| CVE-2026-35580 | unknown | — | — | 2mo ago | Emissary has GitHub Actions Shell Injection via Workflow Inputs | |||
| CVE-2026-39376 | unknown | — | — | 2mo ago | FastFeedParser has an infinite redirect loop DoS via meta-refresh chain | |||
| CVE-2026-32289 | unknown | — | — | 2mo ago | Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS … | |||
| CVE-2026-32288 | unknown | — | — | 2mo ago | tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format. | |||
| CVE-2026-5739 | unknown | — | — | 2mo ago | PowerJob's GroovyEvaluator.evaluate endpoint vulnerable to code injection | |||
| CVE-2026-35571 | unknown | — | — | 2mo ago | Emissary has Stored XSS via Navigation Template Link Injection | |||
| CVE-2026-35568 | unknown | — | — | 2mo ago | Java-SDK has a DNS Rebinding Vulnerability | |||
| CVE-2026-35406 | unknown | — | — | 2mo ago | Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a truncated TCP DNS query followed by a connection reset causes aardvark-dns to enter an unrecoverable… | |||
| CVE-2026-29181 | unknown | — | — | 2mo ago | OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value independently and aggregates members across va… | |||
| CVE-2026-27314 | unknown | — | — | 2mo ago | Apache Cassandra is vulnerable to privilege escalation in an mTLS environment using MutualTlsAuthenticator | |||
| CVE-2026-27315 | unknown | — | — | 2mo ago | Apache Cassandra has sensitive Information Leak in cqlsh | |||
| CVE-2026-32588 | unknown | — | — | 2mo ago | Apache Cassandra has an authenticated DoS over CQL | |||
| CVE-2026-33439 | unknown | — | — | 2mo ago | OpenIdentityPlatform OpenAM: Pre-Authentication Remote Code Execution via `jato.clientSession` Deserialization in OpenAM | |||
| CVE-2026-4277 | unknown | — | — | 2mo ago | Django vulnerable to privilege abuse in GenericInlineModelAdmin | |||
| CVE-2026-3902 | unknown | — | — | 2mo ago | Django vulnerable to ASGI header spoofing via underscore/hyphen conflation | |||
| CVE-2026-4292 | unknown | — | — | 2mo ago | Django vulnerable to privilege abuse in ModelAdmin.list_editable | |||
| CVE-2026-33033 | unknown | — | — | 2mo ago | Django has potential DoS via MultiPartParser through crafted multipart uploads | |||
| CVE-2026-33034 | unknown | — | — | 2mo ago | Django: SGI requests with a missing or understated `Content-Length` header could bypass the `DATA_UPLOAD_MAX_MEMORY_SIZE` limit | |||
| CVE-2026-35554 | unknown | — | — | 2mo ago | Apache Kafka Clients: Kafka Producer Message Corruption and Misrouting via Buffer Pool Race Condition | |||
| CVE-2026-33866 | unknown | — | — | 2mo ago | MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint | |||
| CVE-2026-33865 | unknown | — | — | 2mo ago | MLflow is vulnerable to Stored Cross-Site Scripting (XSS) caused by unsafe parsing of YAML-based MLmodel artifacts in its web interface | |||
| CVE-2026-28808 | unknown | — | — | 2mo ago | Incorrect Authorization vulnerability in Erlang OTP (inets modules) allows unauthenticated access to CGI scripts protected by directory rules when served via script_alias. When script_alias maps a U… | |||
| CVE-2026-32144 | unknown | — | — | 2mo ago | Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows OCSP designated-responder authorization bypass via missing signature verification. The OCSP respons… | |||
| CVE-2026-33227 | unknown | — | — | 2mo ago | Apache ActiveMQ: Improper validation and restriction of a classpath path name | |||
| CVE-2026-28810 | unknown | — | — | 2mo ago | Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel (inet_res, inet_db modules) allows DNS Cache Poisoning. The built-in DNS resolver (inet_res) uses a sequential, pr… | |||
| CVE-2026-35490 | unknown | — | — | 2mo ago | changedetection.io Vulnerable to Authentication Bypass via Decorator Ordering | |||
| CVE-2026-37977 | unknown | — | — | 2mo ago | Keycloak vulnerable to information disclosure via CORS header injection due to unvalidated JWT azp claim | |||
| CVE-2026-35166 | unknown | — | — | 2mo ago | Hugo is a static site generator. From 0.60.0 to before 0.159.2, links and image links in the default markdown to HTML renderer are not properly escaped. Hugo users who trust their Markdown content or… | |||
| CVE-2026-35542 | unknown | — | — | 2mo ago | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via a crafted background attribute of a BODY element in an e-mail message. Thi… | |||
| CVE-2026-35541 | unknown | — | — | 2mo ago | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison in the password plugin could lead to type confusion that allows a password change without knowing … | |||
| CVE-2026-35537 | unknown | — | — | 2mo ago | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsafe deserialization in the redis/memcache session handler may lead to arbitrary file write operations by unauthenticated atta… | |||
| CVE-2026-35538 | unknown | — | — | 2mo ago | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsanitized IMAP SEARCH command arguments could lead to IMAP injection or CSRF bypass during mail search. | |||
| CVE-2026-35544 | unknown | — | — | 2mo ago | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to a fixed-position mitigation bypass vi… | |||
| CVE-2026-35543 | unknown | — | — | 2mo ago | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via SVG content (with animate attributes) in an e-mail message. This may lead … | |||
| CVE-2026-35545 | unknown | — | — | 2mo ago | An issue was discovered in Roundcube Webmail before 1.5.15 and 1.6.15. The remote image blocking feature can be bypassed via SVG content in an e-mail message. This may lead to information disclosure … | |||
| CVE-2026-35540 | unknown | — | — | 2mo ago | An issue was discovered in Roundcube Webmail 1.6.0 before 1.6.14. Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if s… | |||
| CVE-2026-35539 | unknown | — | — | 2mo ago | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. XSS exists because of insufficient HTML attachment sanitization in preview mode. A victim must preview a text/html attachment. | |||
| CVE-2026-35171 | unknown | — | — | 2mo ago | Kedro has Arbitrary Code Execution via Malicious Logging Configuration | |||
| CVE-2026-35167 | unknown | — | — | 2mo ago | Kedro: Path Traversal in versioned dataset loading via unsanitized version string | |||
| CVE-2026-4325 | unknown | — | — | 2mo ago | Keycloak: Replay of action tokens via improper handling of single-use entries | |||
| CVE-2026-4634 | unknown | — | — | 2mo ago | Keycloak: Application-Level DoS via Scope Processing | |||
| CVE-2026-4636 | unknown | — | — | 2mo ago | Keycloak: UMA Policy Resource Injection Allows Unauthorized Cross-User Permission Grants | |||
| CVE-2026-4282 | unknown | — | — | 2mo ago | Keycloak: Privilege escalation via forged authorization codes due to SingleUseObjectProvider isolation flaw | |||
| CVE-2026-3872 | unknown | — | — | 2mo ago | Keycloak: Redirect URI validation bypass via ..;/ path traversal in OIDC auth endpoint | |||
| CVE-2026-34525 | unknown | — | — | 2mo ago | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host headers were allowed in aiohttp. This issue has been patched in version 3.13.4. | |||
| CVE-2026-34520 | unknown | — | — | 2mo ago | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, the C parser (the default for most installs) accepted null bytes and control characters in res… | |||
| CVE-2026-34519 | unknown | — | — | 2mo ago | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the reason parameter when creating a Response may be able to inject e… | |||
| CVE-2026-34518 | unknown | — | — | 2mo ago | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, when following redirects to a different origin, aiohttp drops the Authorization header, but re… | |||
| CVE-2026-34517 | unknown | — | — | 2mo ago | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, for some multipart form fields, aiohttp read the entire field into memory before checking clie… | |||
| CVE-2026-34516 | unknown | — | — | 2mo ago | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, a response with an excessive number of multipart headers may be allowed to use more memory tha… | |||
| CVE-2026-34515 | unknown | — | — | 2mo ago | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, on Windows the static resource handler may expose information about a NTLMv2 remote path. This… | |||
| CVE-2026-34514 | unknown | — | — | 2mo ago | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the content_type parameter in aiohttp could use this to inject extra … | |||
| CVE-2026-34513 | unknown | — | — | 2mo ago | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situ… | |||
| CVE-2026-22815 | unknown | — | — | 2mo ago | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restrictions in header/trailer handling could cause uncapped memory usage. This i… | |||
| CVE-2026-28876 | unknown | — | — | 2mo ago | visionOS 26.4 | |||
| CVE-2026-28868 | unknown | — | — | 2mo ago | visionOS 26.4 | |||
| CVE-2026-28866 | unknown | — | — | 2mo ago | macOS Sonoma 14.8.5 | |||
| CVE-2026-28865 | unknown | — | — | 2mo ago | visionOS 26.4 | |||
| CVE-2026-28867 | unknown | — | — | 2mo ago | visionOS 26.4 | |||
| CVE-2026-28852 | unknown | — | — | 2mo ago | visionOS 26.4 | |||
| CVE-2026-20687 | unknown | — | — | 2mo ago | watchOS 26.4 | |||
| CVE-2026-28864 | unknown | — | — | 2mo ago | visionOS 26.4 | |||
| CVE-2026-20690 | unknown | — | — | 2mo ago | visionOS 26.4 | |||
| CVE-2026-20668 | unknown | — | — | 2mo ago | macOS Sonoma 14.8.5 | |||
| CVE-2026-28880 | unknown | — | — | 2mo ago | visionOS 26.4 | |||
| CVE-2026-28879 | unknown | — | — | 2mo ago | visionOS 26.4 | |||
| CVE-2026-28886 | unknown | — | — | 2mo ago | visionOS 26.4 |