CVEs from 2026
Total
14,792
critical
critical 1,335
high
high 5,008
medium
medium 4,832
low
low 503
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 723
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-8704 | medium | 6.5 | 6.5 | 22d ago | Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified. | |||
| CVE-2026-45667 | medium | 6.5 | 6.5 | 22d ago | Open WebUI: Unauthenticated endpoint can trigger embedding generation (cost/DoS) | |||
| CVE-2026-45666 | medium | 6.5 | 6.5 | 22d ago | Open WebUI has an Indirect Object Reference (IDOR) in user notes | |||
| CVE-2026-45351 | medium | 6.5 | 6.5 | 22d ago | Open WebUI Exposes System Prompt to Regular User [Non-Admin] | |||
| CVE-2026-45345 | medium | 6.5 | 6.5 | 22d ago | Open WebUI missing authorization check at the model update function - models from other users can be updated | |||
| CVE-2026-44571 | medium | 6.5 | 6.5 | 22d ago | Open WebUI's Improper Authorization in Standard Channels Allows Message Updates with Read Permission | |||
| CVE-2026-45008 | medium | 6.5 | 6.5 | 23d ago | phpMyFAQ before 4.1.2 contains a path traversal vulnerability in Client::deleteClientFolder that allows admins with INSTANCE_DELETE permission to delete arbitrary directories. Attackers can submit tr… | |||
| CVE-2026-44562 | medium | 6.5 | 6.5 | 23d ago | Open WebUI's Model Import Overwrites Any Model Without Ownership Check | |||
| CVE-2026-44560 | medium | 6.5 | 6.5 | 23d ago | Open WebUI has Unauthorized File and Knowledge Base Content Access via RAG Vector Search | |||
| CVE-2026-4054 | medium | 6.5 | 6.5 | 23d ago | Mattermost doesn't validate the response body of proxied images | |||
| CVE-2026-46362 | medium | 6.5 | 6.5 | 23d ago | phpMyFAQ before 4.1.2 contains an authorization bypass vulnerability in AbstractAdministrationController::userHasPermission() that fails to terminate execution after sending a forbidden response. Att… | |||
| CVE-2026-45619 | medium | 6.5 | 6.5 | 23d ago | WWBN AVideo is an open source video platform. In 29.0 and earlier, EpgParser.php, plugin/AI/receiveAsync.json.php, and other locations do not use the $resolvedIP out-param of isSSRFSafeURL() for DNS … | |||
| CVE-2026-45610 | medium | 6.5 | 6.5 | 23d ago | WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a cross-site request forgery vulnerability on the 2FA toggle. plugin/LoginControl/set.json.php accepts POST type=set2FA val… | |||
| CVE-2026-45773 | medium | 6.5 | 6.5 | 23d ago | Trubo: Login callback CSRF/session fixation | |||
| CVE-2026-8669 | medium | 6.5 | 6.5 | 23d ago | Imager versions through 1.030 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files. Imager::File::GIF's i_readgif_multi_low allocates a single per-row buffer GifRow sized… | |||
| CVE-2026-39053 | medium | 6.5 | 6.5 | 23d ago | Oinone Pamirs 7.0.0 contains an XML External Entity (XXE) issue in its XStream-based XML parsing logic. When attacker-controlled XML is passed to framework parsing entry points such as PamirsXmlUtils… | |||
| CVE-2026-39052 | medium | 6.5 | 6.5 | 23d ago | Oinone Pamirs 7.0.0 contains a code execution vulnerability via ScriptRunner. The method ScriptRunner.run(String expression, String type, Map<String, Object> context) evaluates attacker-controlled sc… | |||
| CVE-2026-8503 | medium | 6.5 | 6.5 | 23d ago | Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator re… | |||
| CVE-2026-4683 | medium | 6.5 | 6.5 | 23d ago | The Smartcat Translator for WPML plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'routeData' REST endpoint in all versions up to, and … | |||
| CVE-2026-45339 | medium | 6.5 | 6.5 | 24d ago | Open WebUI's API key endpoint restrictions bypassed via `x-api-key` header — full message processing on restricted endpoints | |||
| CVE-2026-45306 | medium | 6.5 | 6.5 | 24d ago | pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the fix for CVE-2026-33509 prevents setting storage_folder inside PKGDIR or userdir, but does NOT protect… | |||
| CVE-2026-8570 | medium | 6.5 | 6.5 | 24d ago | Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security sev… | |||
| CVE-2026-8550 | medium | 6.5 | 6.5 | 24d ago | Use after free in Google Lens in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memo… | |||
| CVE-2026-26062 | medium | 6.5 | 6.5 | 24d ago | Fleet server may terminate unexpectedly when handling certain gRPC requests | |||
| CVE-2026-22706 | medium | 6.5 | 6.5 | 24d ago | Strapi: Password Reset Does Not Revoke Existing Refresh Sessions | |||
| CVE-2026-42572 | medium | 6.5 | 6.5 | 24d ago | Hatchet affected by cross-tenant information disclosure in `listTasksByDAGIds` | |||
| CVE-2026-41888 | medium | 6.5 | 6.5 | 24d ago | Distribution's tag deletion bypasses `storage.delete.enabled` configuration | |||
| CVE-2026-44514 | medium | 6.5 | 6.5 | 24d ago | Kubetail has a Cross-Site WebSocket Hijacking issue that allows attacker to read Kubernetes logs from authenticated users | |||
| CVE-2026-44884 | medium | 6.5 | 6.5 | 24d ago | Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before … | |||
| CVE-2026-6478 | medium | 6.5 | 6.5 | 24d ago | Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 … | |||
| CVE-2026-6670 | medium | 6.5 | 6.5 | 24d ago | The Media Sync plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.9 via the 'sub_dir' and 'media_items' parameters. This is due to insufficient validation … | |||
| CVE-2026-6225 | medium | 6.5 | 6.5 | 24d ago | The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'project_search' parameter in all versions u… | |||
| CVE-2026-5193 | medium | 6.5 | 6.5 | 24d ago | The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.5.13. This is due to insu… | |||
| CVE-2026-8280 | medium | 6.5 | 6.5 | 24d ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to cause den… | |||
| CVE-2026-4527 | medium | 6.5 | 6.5 | 24d ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to creat… | |||
| CVE-2026-4524 | medium | 6.5 | 6.5 | 24d ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to access… | |||
| CVE-2026-5486 | medium | 6.5 | 6.5 | 24d ago | The Unlimited Elements for Elementor plugin for WordPress is vulnerable to SQL Injection via the 'data[filter_search]' parameter in the get_cat_addons AJAX action in versions up to and including 2.0.… | |||
| CVE-2026-44448 | medium | 6.5 | 6.5 | 24d ago | ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.102.0 and 16.11.0, certain endpoints failed to enforce proper authorization checks, allowing users to modify data beyo… | |||
| CVE-2026-44445 | medium | 6.5 | 6.5 | 24d ago | ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.12.0, an improper restriction of XML external entity (XXE) reference vulnerability in the EDI Module enab… | |||
| CVE-2026-44426 | medium | 6.5 | 6.5 | 24d ago | ShellHub has cross-tenant IDOR in `GET /api/namespaces/:tenant` via API Key bypasses membership check | |||
| CVE-2026-44424 | medium | 6.5 | 6.5 | 24d ago | ShellHub has cross-tenant IDOR in `GET /api/devices/:uid` that discloses device data of any namespace | |||
| CVE-2026-44423 | medium | 6.5 | 6.5 | 24d ago | ShellHub has cross-tenant IDOR in `GET /api/sessions/:uid` that discloses SSH session data | |||
| CVE-2026-44195 | medium | 6.5 | 6.5 | 24d ago | OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, a logic flaw in the OPNsense lockout_handler allows an unauthenticated attacker to continuously reset the authentication fa… | |||
| CVE-2026-33378 | medium | 6.5 | 6.5 | 25d ago | Using the $__timeGroup macro, one can achieve an OOM by overloading the server. This requires a SQL datasource. If the server is set up to auto-restart, the impact is minimal or non-existent, as the … | |||
| CVE-2026-28383 | medium | 6.5 | 6.5 | 25d ago | A request to the Grafana plugin resources endpoint can cause unbounded memory allocation by reading the entire request body into memory. An authenticated user can exploit this to trigger an out-of-me… | |||
| CVE-2026-28380 | medium | 6.5 | 6.5 | 25d ago | Any Editor could delete any snapshot, even if they have no access to read or write them. | |||
| CVE-2026-28379 | medium | 6.5 | 6.5 | 25d ago | A race condition in Grafana Live allows authenticated users with Viewer role to trigger a server crash by sending concurrent requests that cause a fatal map access error. This results in complete ser… | |||
| CVE-2026-28376 | medium | 6.5 | 6.5 | 25d ago | The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a large or streaming request body, potentially leading to out-of-memory conditions. An authenticated us… | |||
| CVE-2026-42580 | medium | 6.5 | 6.5 | 25d ago | Netty vulnerable to HTTP Request Smuggling due to incorrect chunk size parsing | |||
| CVE-2026-22677 | medium | 6.5 | 6.5 | 25d ago | Hermes WebUI prior to 0.51.44 contains a path traversal vulnerability in the session import endpoint that allows authenticated attackers to read arbitrary files by importing a crafted session with an… | |||
| CVE-2026-44456 | medium | 6.5 | 6.5 | 25d ago | Hono: bodyLimit() can be bypassed for chunked / unknown-length requests | |||
| CVE-2026-42946 | medium | 6.5 | 6.5 | 25d ago | A vulnerability exists in the ngx_http_scgi_module and ngx_http_uwsgi_module modules that may result in excessive memory allocation or an over-read of data. When scgi_pass or uwsgi_pass is configured… | |||
| CVE-2026-42937 | medium | 6.5 | 6.5 | 25d ago | Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell (tmsh) arp and ndp commands, and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attack… | |||
| CVE-2026-42781 | medium | 6.5 | 6.5 | 25d ago | When embedded Packet Velocity Acceleration (ePVA) acceleration is configured, undisclosed local ethernet traffic can cause an increase in ePVA and Traffic Management Microkernel (TMM) resource utiliz… | |||
| CVE-2026-41959 | medium | 6.5 | 6.5 | 25d ago | Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell (tmsh) network diagnostics commands and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated… | |||
| CVE-2026-41219 | medium | 6.5 | 6.5 | 25d ago | An improper sanitization vulnerability exists in the BIG-IP QKView utility that allows a low-privileged attacker to read sensitive information from a QKView file. Note: Software versions which ha… | |||
| CVE-2026-40699 | medium | 6.5 | 6.5 | 25d ago | A vulnerability exists in the undisclosed pages in the Configuration utility that may allow a low-privileged authenticated attacker to access to undisclosed sensitive information. Note: Software ver… | |||
| CVE-2026-40462 | medium | 6.5 | 6.5 | 25d ago | Incorrect permission assignment vulnerabilities exist in iControl REST and TMOS shell (tmsh) undisclosed command which may allow an authenticated attacker to view sensitive information. Note: Softwa… | |||
| CVE-2026-40460 | medium | 6.5 | 6.5 | 25d ago | When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limi… | |||
| CVE-2026-35062 | medium | 6.5 | 6.5 | 25d ago | An authenticated iControl SOAP user may be able to obtain information of other accounts. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||
| CVE-2026-31156 | medium | 6.5 | 6.5 | 25d ago | A path injection vulnerability exists in OpenPLC v3 (2c82b0e79c53f8c1f1458eee15fec173400d6e1a) as the binary program compiled from glue_generator.cpp does not perform any validation on the file path … | |||
| CVE-2026-44796 | medium | 6.5 | 6.5 | 25d ago | Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot UI object-bulk-rename endpoints (for example, /dcim/interfaces/rename/) were vulnerable to a… | |||
| CVE-2026-44740 | medium | 6.5 | 6.5 | 25d ago | Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loo… | |||
| CVE-2026-4608 | medium | 6.5 | 6.5 | 25d ago | The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to blind SQL Injection via the 'rid' parameter in all versions up to, and including, 5.9.8.4 due to insuffic… | |||
| CVE-2026-37429 | medium | 6.5 | 6.5 | 25d ago | qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysUserMapper.xml file. This vulnerability allows attackers to access sensitive dat… | |||
| CVE-2026-37428 | medium | 6.5 | 6.5 | 25d ago | qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysDeptMapper.xml file. This vulnerability allows attackers to access sensitive dat… | |||
| CVE-2026-25107 | medium | 6.5 | 6.5 | 25d ago | ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration file of… | |||
| CVE-2026-5545 | medium | 6.5 | 6.5 | 25d ago | libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTP(S) request after a Negotiate-authenticated one, when both use the same host. libcurl features a … | |||
| CVE-2026-4782 | medium | 6.5 | 6.5 | 25d ago | The Avada Builder plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.15.2 via the 'fusion_get_svg_from_file' function with the 'custom_svg' parameter of… | |||
| CVE-2026-7619 | medium | 6.5 | 6.5 | 25d ago | The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, a… | |||
| CVE-2026-8336 | medium | 6.5 | 6.5 | 25d ago | After invoking $_internalJsEmit, which is not intended to be directly accessible, or mapreduce command’s map function in a certain way, an authenticated user can subsequently crash mongod when the se… | |||
| CVE-2026-8202 | medium | 6.5 | 6.5 | 25d ago | Using a densely populated chars mask and a large input string in the MongoDB aggregation operators $trim, $ltrim, and $rtrim, an authenticated user with aggregation permissions can pin CPU utilizatio… | |||
| CVE-2026-8199 | medium | 6.5 | 6.5 | 25d ago | An authenticated user can cause excess memory usage via bitwise match expression AST processing of $bitsAllSet, $bitsAnySet, $bitsAllClear, and $bitsAnyClear. This contributes to memory pressure and … | |||
| CVE-2026-28902 | medium | 6.5 | 6.5 | 25d ago | visionOS 26.5 | |||
| CVE-2026-28946 | medium | 6.5 | 6.5 | 25d ago | A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, macOS Tahoe 26.5. Processing maliciously crafted web content may lead to an unexpected Safari… | |||
| CVE-2026-28942 | medium | 6.5 | 6.5 | 25d ago | visionOS 26.5 | |||
| CVE-2026-28903 | medium | 6.5 | 6.5 | 25d ago | visionOS 26.5 | |||
| CVE-2026-44347 | medium | 6.5 | 6.5 | 25d ago | Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. Prior to 0.23.3, the SSO flow does not validate the state parameter, which makes it possible for an attacker to trick a user in… | |||
| CVE-2026-44223 | medium | 6.5 | 6.5 | 26d ago | vLLM is an inference and serving engine for large language models (LLMs). From to before 0.20.0, the extract_hidden_states speculative decoding proposer in vLLM returns a tensor with an incorrect sh… | |||
| CVE-2026-44204 | medium | 6.5 | 6.5 | 26d ago | Shelf is a platform for tracking physical assets. From 1.12 to before 1.20.1, a SQL injection vulnerability in the sortBy query parameter on the /assets route allows any authenticated user (any role)… | |||
| CVE-2026-42891 | medium | 6.5 | 6.5 | 26d ago | User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2026-42830 | medium | 6.5 | 6.5 | 26d ago | Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-42175 | medium | 6.5 | 6.5 | 26d ago | requests-hardened is Vulnerable to Server-Side Request Forgery | |||
| CVE-2026-40374 | medium | 6.5 | 6.5 | 26d ago | Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker to disclose information over a network. | |||
| CVE-2026-35422 | medium | 6.5 | 6.5 | 26d ago | Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized attacker to bypass a security feature over a network. | |||
| CVE-2026-34350 | medium | 6.5 | 6.5 | 26d ago | Null pointer dereference in Windows Storport Miniport Driver allows an unauthorized attacker to deny service over a network. | |||
| CVE-2026-31244 | medium | 6.5 | 6.5 | 26d ago | The mem0 1.0.0 server lacks authentication and authorization controls for its memory deletion API endpoint (DELETE /memories/{memory_id}). The endpoint allows unauthenticated users to delete arbitrar… | |||
| CVE-2026-31243 | medium | 6.5 | 6.5 | 26d ago | The mem0 1.0.0 server lacks authentication and authorization controls for its memory reset and table re-creation functionality accessible via the DELETE /memories endpoint. An unauthenticated attacke… | |||
| CVE-2026-31241 | medium | 6.5 | 6.5 | 26d ago | mem0 server lacks authentication and authorization controls for its memory deletion API endpoint | |||
| CVE-2026-25690 | medium | 6.5 | 6.5 | 26d ago | An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDeceptor 6.0.0 through 6.0.2, FortiDeceptor 5.3.0 through 5.3.3, FortiDeceptor 5.2… | |||
| CVE-2026-40300 | medium | 6.5 | 6.5 | 26d ago | Zulip is an open-source team collaboration tool. Prior to 12.0, With message_edit_history_visibility_policy set to "moves", /api/v1/messages/{id}/history still returns historical content values, allo… | |||
| CVE-2026-42073 | medium | 6.5 | 6.5 | 26d ago | OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the OpenClaude MCP authentication flow starts a temporary local HTTP serv… | |||
| CVE-2026-8368 | medium | 6.5 | 6.5 | 26d ago | LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects. On a 3xx response, the redirect handler strips only Host and Cookie before … | |||
| CVE-2026-8109 | medium | 6.5 | 6.5 | 26d ago | An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials. | |||
| CVE-2026-40016 | medium | 6.5 | 6.5 | 26d ago | Attacker can upload a malicious Sieve script over ManageSieve service (or locally) to bypass configured CPU time limits for Sieve up to 130 times of the configured limit. Attacker can use this to deg… | |||
| CVE-2026-6402 | medium | 6.5 | 6.5 | 26d ago | webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins | |||
| CVE-2026-5028 | medium | 6.5 | 6.5 | 26d ago | The Eight Day Week Print Workflow plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'title' parameter in the `pp-get-articles` AJAX action in all versions up to, and includ… | |||
| CVE-2026-7255 | medium | 6.5 | 6.5 | 26d ago | ** UNSUPPORTED WHEN ASSIGNED ** An improper restriction of excessive authentication attempts vulnerability in the web management interface of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could a… | |||
| CVE-2026-40135 | medium | 6.5 | 6.5 | 26d ago | An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authenticated attacker with administrative access to execute specially c… | |||
| CVE-2026-7010 | medium | 6.5 | 6.5 | 26d ago | HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. The unvalidated inputs are the method and URI in the request line, the URL host t… |