CVEs from 2026
Total
14,786
critical
critical 1,335
high
high 5,004
medium
medium 4,828
low
low 503
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 723
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-47717 | high | — | 8.0 | 10d ago | FUXA's Unauthenticated Project Data Disclosure Exposes Server-Side Scripts and Device Configurations | |||
| CVE-2026-47243 | high | — | 8.0 | 10d ago | Kata guest escape: runtime-rs guest-root to host-root escape via virtiofs | |||
| CVE-2026-45704 | high | — | 8.0 | 10d ago | Pimcore has a CustomReports Share Bypass | |||
| CVE-2026-44982 | high | — | 8.0 | 10d ago | CrowdSec AppSec silently drops request body for chunked / HTTP-2 requests | |||
| CVE-2026-44726 | high | — | 8.0 | 10d ago | Deno's TLS retry copies stale upgrade hook, risking plaintext traffic | |||
| CVE-2026-45617 | high | — | 8.0 | 10d ago | LiquidJS Vulnerable to ReDoS via Quadratic Backtracking in `strip_html` Filter Regex | |||
| CVE-2026-45368 | high | — | 8.0 | 10d ago | Kirby CMS vulnerable to cross-site scripting (XSS) from links in KirbyTags and image blocks in the site frontend | |||
| CVE-2026-45357 | high | — | 8.0 | 10d ago | LiquidJS has a memory and render limit bypass via unbounded width padding in `date` filter (strftime) | |||
| CVE-2026-42553 | high | — | 8.0 | 10d ago | Cinny is a Matrix client. Prior to 4.10.3, A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes (for example in a DM) can cause the victim's clien… | |||
| CVE-2026-45260 | high | — | 8.0 | 10d ago | Pimcore: Missing Authorization in WebDAV MOVE via unchecked asset move handling | |||
| CVE-2026-45162 | high | — | 8.0 | 10d ago | Pimcore has Unsafe PHP Deserialization in Multiple Locations Without allowed_classes Restriction | |||
| CVE-2026-3012 | high | 8.0 | 8.0 | 10d ago | Important: samba security update | |||
| CVE-2026-44974 | high | — | 8.0 | 11d ago | @hapi/content header parser has a parameter smuggling issue that allows upload-filter bypass via duplicate parameters | |||
| CVE-2026-44741 | high | — | 8.0 | 11d ago | Pimcore Admin Classic Bundle Vulnerable to SQL Injection in Translation Grid Date Filter via Unsanitized Property Parameter | |||
| CVE-2026-44739 | high | — | 8.0 | 11d ago | Pimcore Vulnerable to SQL Injection in Custom Reports Column Configuration | |||
| CVE-2026-44705 | high | — | 8.0 | 11d ago | tmp has Path Traversal via unsanitized prefix/postfix that enables directory escape | |||
| CVE-2026-34043 | high | — | 8.0 | 11d ago | RHSA-2026:21291: .NET 8.0 security update (Important) | |||
| CVE-2026-44177 | high | — | 8.0 | 11d ago | Kirby CMS has pre-authentication path traversal and PHP file inclusion during user lookup | |||
| CVE-2026-44175 | high | — | 8.0 | 11d ago | Kirby CMS vulnerable to cross-site scripting (XSS) from list field content in the site frontend | |||
| CVE-2026-44174 | high | — | 8.0 | 11d ago | Kirby CMS has an Arbitrary Method Call via REST API Search and Collection Query Endpoints | |||
| CVE-2026-43947 | high | — | 8.0 | 11d ago | FUXA Vulnerable to Unauthenticated Remote Code Execution via Script Test Mode Authorization Bypass | |||
| CVE-2026-43946 | high | — | 8.0 | 11d ago | FUXA has an unauthenticated arbitrary tag value disclosure via /api/getTagValue | |||
| CVE-2026-43945 | high | — | 8.0 | 11d ago | FUXA Vulnerable to Pre-auth RCE via Path Manipulation & Configuration Injection | |||
| CVE-2026-42462 | high | — | 8.0 | 11d ago | Fedify has an LD-Signature Bypass via JSON-LD Named-Graph Restructuring | |||
| CVE-2026-42089 | high | — | 8.0 | 11d ago | yeoman-environment Vulnerable to Arbitrary Package Installation without User Confirmation | |||
| CVE-2026-44895 | high | — | 8.0 | 11d ago | GitLab MCP Server lets an AI agent talk directly to GitLab. Prior to 0.6.0, the HTTP transport in src/transport.ts ships with no authentication layer at all and a wildcard Access-Control-Allow-Origin… | |||
| CVE-2026-48048 | high | — | 8.0 | 11d ago | XWiki Platform's Livetable results still allow reconstructing password hashes using 768 requests | |||
| CVE-2026-8834 | high | 8.0 | 8.0 | 11d ago | IBM HTTP Server 8.5, and 9.0 contains a buffer overflow vulnerability. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to execute remote code or cause … | |||
| CVE-2026-42014 | high | — | 8.0 | 12d ago | RHSA-2026:20612: gnutls security update (Important) | |||
| CVE-2026-47138 | high | — | 8.0 | 15d ago | Parse Server: Pre-authentication denial of service via client version header regex backtracking | |||
| CVE-2026-46717 | high | — | 8.0 | 15d ago | Nezha Monitoring: RoleMember-reachable SSRF with full response-body reflection via POST /api/v1/notification | |||
| CVE-2026-46701 | high | — | 8.0 | 16d ago | Network-AI: Unauthenticated Cross-Origin MCP Tool Invocation via Empty Default Secret | |||
| CVE-2026-46681 | high | — | 8.0 | 16d ago | @nevware21/ts-utils: Prototype Pollution in objDeepCopy/objCopyProps via for...in without hasOwnProperty | |||
| CVE-2026-46680 | high | — | 8.0 | 16d ago | containerd user ID handling bypass allows runAsNonRoot evasion | |||
| CVE-2026-46679 | high | — | 8.0 | 16d ago | js-libp2p: Memory DoS via subscription flood of unique topics | |||
| CVE-2026-46625 | high | — | 8.0 | 16d ago | JavaScript Cookie: Per-instance prototype hijack in assign() enables cookie-attribute injection | |||
| CVE-2026-46673 | high | — | 8.0 | 16d ago | Unbounded 32-bit allocation | |||
| CVE-2026-46519 | high | — | 8.0 | 16d ago | MCP Server Kubernetes: Tool Access Control Bypass via Presentation-Layer Filtering Without Execution-Layer Enforcement | |||
| CVE-2026-46654 | high | — | 8.0 | 16d ago | Plonky3 MultiField32Challenger: transcript malleability and challenge entropy loss | |||
| CVE-2026-46643 | high | — | 8.0 | 16d ago | Snappy: Binary path is never shell-escaped due to an inverted is_executable check | |||
| CVE-2026-46617 | high | — | 8.0 | 16d ago | Fission runtime pods automount the fission-fetcher service-account token into the user function container, granting function code namespace-wide secret / configmap read | |||
| CVE-2026-46612 | high | — | 8.0 | 16d ago | Fission StorageSvc /v1/archive endpoint exposes unauthenticated CRUD over all function archives | |||
| CVE-2026-46545 | high | — | 8.0 | 16d ago | nimiq-primitives: Panic DoS in trie chunk processing via ROOT-keyed item | |||
| CVE-2026-46517 | high | — | 8.0 | 16d ago | lmdeploy: Hardcoded trust_remote_code=True is an implicit unsafe remote-code load path with no user opt-out | |||
| CVE-2026-46492 | high | — | 8.0 | 16d ago | md-fileserver: Stored/Reflected XSS when viewing Markdown (raw HTML allowed) | |||
| CVE-2026-46432 | high | — | 8.0 | 16d ago | LMDeploy: Arbitrary code execution via hardcoded trust_remote_code=True in lmdeploy model initialization | |||
| CVE-2026-46490 | high | — | 8.0 | 16d ago | samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions | |||
| CVE-2026-46481 | high | — | 8.0 | 16d ago | OpenMetadata: TEST_CONNECTION workflow leaks ingestion-bot JWT and database password to regular users | |||
| CVE-2026-45804 | high | — | 8.0 | 17d ago | Diffusers: TOCTOU Trust Remote Code Bypass | |||
| CVE-2026-46640 | high | — | 8.0 | 17d ago | Twig: Arbitrary PHP code execution via `_self.(<string>)` macro-reference compilation | |||
| CVE-2026-45077 | high | — | 8.0 | 17d ago | Symfony has Unauthenticated PHP Object Deserialization in MonologBridge server:log Listener | |||
| CVE-2026-45067 | high | — | 8.0 | 17d ago | Symfony has Email Header / SMTP Command Injection via CRLF in Symfony\Component\Mime\Address | |||
| CVE-2026-45063 | high | — | 8.0 | 17d ago | Symfony Vulnerable to Identity Spoofing via Unanchored DN Regex in X509Authenticator | |||
| CVE-2026-46639 | high | — | 8.0 | 17d ago | Twig: Sandbox property and method bypass via object-destructuring assignment | |||
| CVE-2026-22984 | high | — | 8.0 | 18d ago | In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds reads in handle_auth_done() Perform an explicit bounds check on payload_len to avoid a p… | |||
| CVE-2026-22990 | high | — | 8.0 | 18d ago | In the Linux kernel, the following vulnerability has been resolved: libceph: replace overzealous BUG_ON in osdmap_apply_incremental() If the osdmap is (maliciously) corrupted such that the incremen… | |||
| CVE-2026-23401 | high | — | 8.0 | 18d ago | In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE When installing an emulated MMIO SPTE, do so *after*… | |||
| CVE-2026-46417 | high | — | 8.0 | 18d ago | @angular/platform-server: SSRF via Hostname Hijacking | |||
| CVE-2026-46415 | high | — | 8.0 | 18d ago | Caddy Defender trusted proxy client IP bypass | |||
| CVE-2026-46410 | high | — | 8.0 | 18d ago | FileBrowser Quantum: unauthenticated user share share info | |||
| CVE-2026-46374 | high | — | 8.0 | 18d ago | SQLFluff: Uncontrolled Resource Consumption in SQLFluff Parser | |||
| CVE-2026-46373 | high | — | 8.0 | 18d ago | SQLFluff: Recursive Stack Overflow in Parser | |||
| CVE-2026-46378 | high | — | 8.0 | 18d ago | Dasel: Denial of service in dasel selector lexer due to infinite loop on unterminated regex literal | |||
| CVE-2026-46377 | high | — | 8.0 | 18d ago | Dasel: Index-out-of-range panic in dasel selector lexer on trailing backslash in quoted string | |||
| CVE-2026-45783 | high | — | 8.0 | 18d ago | @libp2p/kad-dht: Unvalidated PUT_VALUE records allow unbounded disk exhaustion on DHT server nodes | |||
| CVE-2026-45805 | high | — | 8.0 | 18d ago | PenPot MCP REPL server binds to 0.0.0.0 with unauthenticated /execute endpoint — RCE | |||
| CVE-2026-45799 | high | — | 8.0 | 18d ago | Wire: skipGroup() missing negative-length check allows 10-byte payload to crash any Wire-decoding service | |||
| CVE-2026-45738 | high | — | 8.0 | 18d ago | Argo CD: Stored XSS in application link annotations enables developer-to-admin privilege escalation | |||
| CVE-2026-45713 | high | — | 8.0 | 18d ago | Mailpit: Unauthenticated remote memory-exhaustion DoS via unlimited SMTP DATA and /api/v1/send body sizes | |||
| CVE-2026-45576 | high | — | 8.0 | 18d ago | zrok copy writes attacker-controlled WebDAV paths outside the destination root | |||
| CVE-2026-46511 | high | — | 8.0 | 18d ago | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an attack chain utilizing Stored XSS alongside dynamic token exposure in the `/system/api/connectionSetti… | |||
| CVE-2026-46396 | high | — | 8.0 | 18d ago | HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 26.0.0 due to improper sanitization of `<iframe>` el… | |||
| CVE-2026-46391 | high | — | 8.0 | 18d ago | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 9.0.1 and prior to version 26.0.0 of @haxtheweb/open-apis, multiple functions conduct substring-only matching … | |||
| CVE-2026-46393 | high | — | 8.0 | 18d ago | HAX CMS helps manage microsite universe with PHP or NodeJs backends. An authenticated Server-Side Request Forgery (SSRF) vulnerability in versions prior to 26.0.0 allows authenticated users to fetch … | |||
| CVE-2026-1502 | high | — | 8.0 | 19d ago | Important: python3.12 security update | |||
| CVE-2026-23745 | high | — | 8.0 | 19d ago | Important: linux-sgx security update | |||
| CVE-2026-28859 | high | — | 8.0 | 19d ago | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. A malicious website may … | |||
| CVE-2026-28871 | high | — | 8.0 | 19d ago | A logic issue was addressed with improved checks. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4. Visiting a maliciously crafted website … | |||
| CVE-2026-28857 | high | — | 8.0 | 19d ago | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may le… | |||
| CVE-2026-20691 | high | — | 8.0 | 19d ago | An authorization issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. A maliciously crafted… | |||
| CVE-2026-20676 | high | — | 8.0 | 19d ago | This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A website may be able to track users through… | |||
| CVE-2026-20652 | high | — | 8.0 | 19d ago | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A remote attacker m… | |||
| CVE-2026-20644 | high | — | 8.0 | 19d ago | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciou… | |||
| CVE-2026-20643 | high | — | 8.0 | 19d ago | A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security Improvements for iOS, iPadOS, and macOS, Safari 26.4, iOS 18.7.7 an… | |||
| CVE-2026-20636 | high | — | 8.0 | 19d ago | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may le… | |||
| CVE-2026-20665 | high | — | 8.0 | 19d ago | This issue was addressed through improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, wat… | |||
| CVE-2026-20635 | high | — | 8.0 | 19d ago | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS … | |||
| CVE-2026-20608 | high | — | 8.0 | 19d ago | This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing mal… | |||
| CVE-2026-20664 | high | — | 8.0 | 19d ago | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may le… | |||
| CVE-2026-23950 | high | — | 8.0 | 19d ago | Important: linux-sgx security update | |||
| CVE-2026-4519 | high | — | 8.0 | 19d ago | Important: python3.12 security update | |||
| CVE-2026-2297 | high | — | 8.0 | 19d ago | Important: python3.12 security update | |||
| CVE-2026-0672 | high | — | 8.0 | 19d ago | Important: python3.12 security update | |||
| CVE-2026-27137 | high | — | 8.0 | 19d ago | Incorrect enforcement of email constraints in crypto/x509 | |||
| CVE-2026-3083 | high | — | 8.0 | 19d ago | GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interactio… | |||
| CVE-2026-3085 | high | — | 8.0 | 19d ago | GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Int… | |||
| CVE-2026-33983 | high | — | 8.0 | 19d ago | Important: freerdp security update | |||
| CVE-2026-2922 | high | — | 8.0 | 19d ago | Important: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free security update | |||
| CVE-2026-33984 | high | — | 8.0 | 19d ago | Important: freerdp security update | |||
| CVE-2026-23060 | high | — | 8.0 | 19d ago | Important: kernel security update |