CVEs from 2026
Total
14,778
critical
critical 1,334
high
high 5,002
medium
medium 4,823
low
low 503
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 723
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-0061 | medium | 5.9 | 5.9 | 5d ago | In multiple functions of WindowState.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege wit… | |||
| CVE-2026-45691 | medium | 5.9 | 5.9 | 5d ago | Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, a pre-2FA session cookie (created after successful … | |||
| CVE-2026-45690 | medium | 5.9 | 5.9 | 5d ago | Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authentication bypass vulnerability allowed atta… | |||
| CVE-2026-43625 | medium | 5.9 | 5.9 | 5d ago | CodexBar prior to 0.32.0 contains a session cookie leakage vulnerability that allows network attackers to intercept imported browser session cookies by exploiting improper redirect handling for Amp a… | |||
| CVE-2026-49270 | medium | 5.9 | 5.9 | 5d ago | Exposure of Sensitive Information Through Metadata vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Brokers that are configured with a network connector with syncDurabl… | |||
| CVE-2026-49267 | medium | 5.9 | 5.9 | 5d ago | Apache Airflow's EmailOperator and the underlying `airflow.utils.email` helpers established SMTP STARTTLS connections without verifying the remote certificate when the deployment used `[email] smtp_s… | |||
| CVE-2026-41017 | medium | 5.9 | 5.9 | 5d ago | Apache Airflow's `JWTRefreshMiddleware` set the JWT auth cookie without the `Secure` flag, so deployments running the Airflow API server behind an HTTPS-terminating reverse proxy (e.g. nginx / Envoy … | |||
| CVE-2026-47741 | medium | 5.9 | 5.9 | 8d ago | Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, CreateOrderFromCartAction::execute previously created the Order row before checking and incrementing the discount's total_use counter. Un… | |||
| CVE-2026-46538 | medium | 5.9 | 5.9 | 10d ago | Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's constellation client tracks pending task responses by session_id onl… | |||
| CVE-2026-45027 | medium | 5.9 | 5.9 | 10d ago | WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, when a user logs in, html/login.php hashes the submitted password using PHP's hash() function with the SHA-256 algorith… | |||
| CVE-2026-8606 | medium | 5.9 | 5.9 | 11d ago | A Server-Side Request Forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause the server to issue HTTP requests to internal services via the security… | |||
| CVE-2026-48850 | medium | 5.9 | 5.9 | 12d ago | PuTTY 0.72 before 0.84 has a double free in RSA KEX. | |||
| CVE-2026-42626 | medium | 5.9 | 5.9 | 15d ago | HP ENVY 5000 series printers VERBASPP1N003.2237A.00 do not properly manage concurrent TCP connections to port 9100 (JetDirect/RAW printing). An unauthenticated remote attacker on the same network can… | |||
| CVE-2026-48249 | medium | 5.9 | 5.9 | 16d ago | Open ISES Tickets before 3.44.2 disables TLS certificate verification in rm/incs/mobile_login.inc.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing … | |||
| CVE-2026-48248 | medium | 5.9 | 5.9 | 16d ago | Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/login.inc.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound H… | |||
| CVE-2026-48247 | medium | 5.9 | 5.9 | 16d ago | Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/functions.inc.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbou… | |||
| CVE-2026-48246 | medium | 5.9 | 5.9 | 16d ago | Open ISES Tickets before 3.44.2 disables TLS certificate verification in ajax/reports.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound HTT… | |||
| CVE-2026-44061 | medium | 5.9 | 5.9 | 16d ago | Netatalk 1.5.0 through 4.4.2 uses DES-ECB for authentication with a timing side channel, which allows a remote attacker to recover authentication credentials via timing analysis. | |||
| CVE-2026-9100 | medium | 5.9 | 5.9 | 17d ago | The MongoDB C Driver's legacy GridFS API accepts malformed file metadata from the database without adequate validation. Crafted documents in a GridFS collection may cause any application that reads t… | |||
| CVE-2026-5947 | medium | 5.9 | 5.9 | 17d ago | Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG(0), it begins work to validate that signature. … | |||
| CVE-2026-44608 | medium | 5.9 | 5.9 | 17d ago | NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a locking inconsistency vulnerability that when certain conditions are met (multi-threaded, RPZ XFR reload, RPZ zone with 'rpz-nsip'/'… | |||
| CVE-2026-41470 | medium | 5.9 | 5.9 | 18d ago | LIVE555 before 2026.04.22 contains an authorization bypass vulnerability in RTSP session command handling that allows attackers to replay valid Session tokens from unauthenticated connections. Attack… | |||
| CVE-2026-32134 | medium | 5.9 | 5.9 | 18d ago | NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In versions 0.24.10 and below, when NanoMQ handles high-concurrency reconnect traffic using a reconnect-collision payload, the br… | |||
| CVE-2026-40356 | medium | 5.9 | 5.9 | 19d ago | RHSA-2026:16799: krb5 security update (Important) | |||
| CVE-2026-40355 | medium | 5.9 | 5.9 | 19d ago | RHSA-2026:16799: krb5 security update (Important) | |||
| CVE-2026-45681 | medium | 5.9 | 5.9 | 19d ago | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the per-CPU message-buffer fallback path uses a 256-byte backup buffer bu… | |||
| CVE-2026-41968 | medium | 5.9 | 5.9 | 22d ago | Permission control vulnerability in the manufacturability design module. Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2026-41967 | medium | 5.9 | 5.9 | 22d ago | Permission control vulnerability in the manufacturability design module. Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2026-41961 | medium | 5.9 | 5.9 | 22d ago | Permission control vulnerability in contacts. Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2026-6811 | medium | 5.9 | 5.9 | 23d ago | Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when processing deeply nested BSON documents in unusual circumstances when the source of these BSON documents is… | |||
| CVE-2026-42597 | medium | 5.9 | 5.9 | 23d ago | Gotenberg allows Chromium URL conversion routes to read arbitrary files under /tmp via file:// scheme | |||
| CVE-2026-33381 | medium | 5.9 | 5.9 | 24d ago | When a user's access to mint tokens for a service account is revoked, it is sometimes still possible to do so for a few seconds after the event. The user will eventually lose access to do this. | |||
| CVE-2026-44577 | medium | 5.9 | 5.9 | 24d ago | Next.js has a Denial of Service in the Image Optimization API | |||
| CVE-2026-44572 | medium | 5.9 | 5.9 | 24d ago | Next.js's Middleware / Proxy redirects can be cache-poisoned | |||
| CVE-2026-6253 | medium | 5.9 | 5.9 | 24d ago | curl might erroneously pass on credentials for a first proxy to a second proxy. This can happen when the following conditions are true: 1. curl is setup to use specific different proxies for differ… | |||
| CVE-2026-4873 | medium | 5.9 | 5.9 | 24d ago | A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text (via IMAP, SM… | |||
| CVE-2026-42545 | medium | 5.9 | 5.9 | 25d ago | Granian vulnerable to DoS via WSGI response header panic | |||
| CVE-2026-43930 | medium | 5.9 | 5.9 | 25d ago | parse-server: MFA SMS one-time password accepted twice under concurrent login | |||
| CVE-2026-8261 | medium | 5.9 | 5.9 | 27d ago | A vulnerability was determined in Squirrel up to 3.2. This affects the function SQFunctionProto::Load of the file squirrel/sqobject.cpp. This manipulation causes heap-based buffer overflow. The attac… | |||
| CVE-2026-42225 | medium | 5.9 | 5.9 | 1mo ago | PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, on GnuTLS builds, the SIP TLS transport (sip_transport_tls) can accept connections with invalid o… | |||
| CVE-2026-39817 | medium | 5.9 | 5.9 | 1mo ago | The "go tool pack" subcommand (usually used only by the compiler as an internal tool with known-good inputs) does not sanitize output filenames. Extracting a malicious archive file with the "pack" su… | |||
| CVE-2026-41484 | medium | 5.9 | 5.9 | 1mo ago | OneCollector exporter reads unbounded HTTP response bodies | |||
| CVE-2026-41483 | medium | 5.9 | 5.9 | 1mo ago | OpenTelemetry.Resources.Azure has an unbounded HTTP response body read | |||
| CVE-2026-5119 | medium | 5.9 | 5.9 | 1mo ago | A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network… | |||
| CVE-2026-34956 | medium | 5.9 | 5.9 | 1mo ago | A flaw was found in Open vSwitch. When Open vSwitch is configured with a conntrack flow using FTP helpers over the userspace datapath, a remote attacker can send a specially crafted FTP stream with a… | |||
| CVE-2026-28510 | medium | 5.9 | 5.9 | 1mo ago | eLabFTW is an open source electronic lab notebook. In elabftw versions through 5.4.1, the login flow did not reliably preserve the multi-factor authentication state across authentication steps. Under… | |||
| CVE-2026-32148 | medium | 5.9 | 5.9 | 1mo ago | Insufficient Verification of Data Authenticity vulnerability in hexpm hex (Hex.RemoteConverger module) allows dependency integrity bypass via unverified lockfile checksums. Hex stores checksums for … | |||
| CVE-2026-5080 | medium | 5.9 | 5.9 | 1mo ago | Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The session id is generated from summing the character codepoints of the absolute pathname with the proce… | |||
| CVE-2026-41016 | medium | 5.9 | 5.9 | 1mo ago | apache-airflow-providers-smtp: No certificate validation on SMTP STARTTLS connections in SMTP provider | |||
| CVE-2026-42643 | medium | 5.9 | 5.9 | 1mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StellarWP Image Widget image-widget allows Stored XSS.This issue affects Image Widget: from n/a t… | |||
| CVE-2026-7318 | medium | 5.9 | 5.9 | 1mo ago | A vulnerability was detected in elie mcp-project 0.1.0. The affected element is the function search_papers of the file research_server.py. The manipulation of the argument topic results in path trave… | |||
| CVE-2026-33467 | medium | 5.9 | 5.9 | 1mo ago | Elastic Package Registry has Improper Verification of Cryptographic Signature | |||
| CVE-2026-40966 | medium | 5.9 | 5.9 | 1mo ago | Spring AI's VectorStoreChatMemoryAdvisor conversation scoping can lead to cross-tenant memory exfiltration | |||
| CVE-2026-41319 | medium | 5.9 | 5.9 | 1mo ago | MailKit has STARTTLS Response Injection via unflushed stream buffer that enables SASL mechanism downgrade | |||
| CVE-2026-41078 | medium | 5.9 | 5.9 | 1mo ago | OpenTelemetry .NET has potential memory exhaustion via unbounded pooled-list sizing in Jaeger exporter conversion path | |||
| CVE-2026-40182 | medium | 5.9 | 5.9 | 1mo ago | OpenTelemetry dotnet: OTLP exporter reads unbounded HTTP response bodies | |||
| CVE-2026-3621 | medium | 5.9 | 5.9 | 2mo ago | IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere Application Server Liberty is vulnerable to identity spoofing under limited conditions when an application is deploy… | |||
| CVE-2026-41213 | medium | 5.9 | 5.9 | 2mo ago | @node-oauth/oauth2-server is a module for implementing an OAuth2 server in Node.js. The token exchange path accepts RFC7636-invalid code_verifier values (including one-character strings) for S256 PKC… | |||
| CVE-2026-32226 | medium | 5.9 | 5.9 | 2mo ago | Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network. | |||
| CVE-2026-34477 | medium | 5.9 | 5.9 | 2mo ago | Apache Log4j Core: `verifyHostName` attribute silently ignored in TLS configuration | |||
| CVE-2026-21713 | medium | 5.9 | 5.9 | 2mo ago | RHSA-2026:7670: nodejs:24 security update (Important) | |||
| CVE-2026-21717 | medium | 5.9 | 5.9 | 2mo ago | RHSA-2026:7670: nodejs:24 security update (Important) | |||
| CVE-2026-39654 | medium | 5.9 | 5.9 | 2mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ashish Ajani WP Simple HTML Sitemap wp-simple-html-sitemap allows DOM-Based XSS.This issue affect… | |||
| CVE-2026-34219 | medium | 5.9 | 5.9 | 2mo ago | libp2p-gossipsub: Remote crash via unchecked Instant overflow in heartbeat backoff expiry handling | |||
| CVE-2026-4988 | medium | 5.9 | 5.9 | 2mo ago | A security flaw has been discovered in Open5GS 2.7.6. This issue affects the function smf_gx_cca_cb/smf_gy_cca_cb/smf_s6b of the component CCA Message Handler. The manipulation results in denial of s… | |||
| CVE-2026-27856 | medium | 5.9 | 5.9 | 2mo ago | Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to determine the configured credentials. Figuring out the credential wi… | |||
| CVE-2026-27855 | medium | 5.9 | 5.9 | 2mo ago | Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP credentials can be cached so that same OTP r… | |||
| CVE-2026-32935 | medium | 5.9 | 5.9 | 3mo ago | phpseclib's AES-CBC unpadding susceptible to padding oracle timing attack | |||
| CVE-2026-28044 | medium | 5.9 | 5.9 | 3mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Media WP Rocket allows Stored XSS.This issue affects WP Rocket: from n/a through 3.19.4. | |||
| CVE-2026-27344 | medium | 5.9 | 5.9 | 3mo ago | Missing Authorization vulnerability in inseriswiss inseri core inseri-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects inseri core: from n/a through <= … | |||
| CVE-2026-27601 | medium | 5.9 | 5.9 | 3mo ago | Underscore has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack | |||
| CVE-2026-25004 | medium | 5.9 | 5.9 | 4mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Business Directory cm-business-directory allows Stored XSS.This issue a… | |||
| CVE-2026-1685 | medium | 5.9 | 5.9 | 4mo ago | A vulnerability was identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_40AC74 of the component Login. Such manipulation leads to improper restriction of excessive authe… | |||
| CVE-2026-24621 | medium | 5.9 | 5.9 | 4mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vladimir Statsenko Terms descriptions terms-descriptions allows DOM-Based XSS.This issue affects … | |||
| CVE-2026-24594 | medium | 5.9 | 5.9 | 4mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in livemesh Livemesh Addons for WPBakery Page Builder addons-for-visual-composer allows Stored XSS.T… | |||
| CVE-2026-23976 | medium | 5.9 | 5.9 | 5mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Modula Image Gallery modula-best-grid-gallery allows Stored XSS.This issue affects Modul… | |||
| CVE-2026-7473 | medium | 5.8 | 5.8 | 1d ago | On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsulation) tunnel interface—is … | |||
| CVE-2026-10517 | medium | 5.8 | 5.8 | 5d ago | A flaw was found in Clair. The fetcher component makes outbound HTTP requests to attacker-supplied URIs from manifest layer descriptors without IP or scheme filtering. When PSK authentication is not … | |||
| CVE-2026-49129 | medium | 5.8 | 5.8 | 9d ago | Music Player Daemon (MPD) before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPT_FOLLOWLOCATION is set without CURLOPT_REDIR_PROTOCOLS_STR, allow… | |||
| CVE-2026-41009 | medium | 5.8 | 5.8 | 10d ago | When the director sends a long-running request (e.g. compile_package), the agent's reply JSON is consumed by AgentClient. inject_compile_log (line 332-339) reads response['value']['result']['compile_… | |||
| CVE-2026-24201 | medium | 5.8 | 5.8 | 11d ago | NVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause an out-of-bound access. A successful exploit of this vulnerability might lead to data tampering… | |||
| CVE-2026-7385 | medium | 5.8 | 5.8 | 17d ago | The Decent Comments WordPress plugin before 3.0.2 does not restrict access to comment author email addresses and post author email addresses via its REST API endpoint, allowing unauthenticated attack… | |||
| CVE-2026-45557 | medium | 5.8 | 5.8 | 18d ago | Technitium DNS Server aggressively tries to fetch missing RRSIG records or mismatched DNSKEY records. An attacker in control of a domain can cause a vulnerable system to generate excessive network tr… | |||
| CVE-2026-41181 | medium | 5.8 | 5.8 | 22d ago | Traefik's errors middleware forwards Authorization and Cookie headers to separate error page service | |||
| CVE-2026-41960 | medium | 5.8 | 5.8 | 22d ago | Permission control vulnerability in calls. Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2026-3160 | medium | 5.8 | 5.8 | 23d ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to view Jir… | |||
| CVE-2026-44003 | medium | 5.8 | 5.8 | 24d ago | vm2's Transformer Fast-Path Bypass Exposes Internal State Variable | |||
| CVE-2026-44002 | medium | 5.8 | 5.8 | 24d ago | vm2 is Vulnerable to Host File Path Disclosure via Stack Trace Information Leak | |||
| CVE-2026-42926 | medium | 5.8 | 5.8 | 24d ago | When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxy_http_version to 2, and also uses proxy_set_body, an attacker may be able to inject frame headers and payload bytes to the… | |||
| CVE-2026-42279 | medium | 5.8 | 5.8 | 1mo ago | solidtime is an open-source time-tracking app. In version 0.12.0, the PUT /api/v1/organizations/{organization}/time-entries/{timeEntry} API accepts a route-bound timeEntry from another organization w… | |||
| CVE-2026-44312 | medium | 5.8 | 5.8 | 1mo ago | CSS Parser: Improper Certificate Validation allows MITM injection of remote CSS content | |||
| CVE-2026-44117 | medium | 5.8 | 5.8 | 1mo ago | OpenClaw: QQBot direct media upload skipped URL SSRF validation | |||
| CVE-2026-6817 | medium | 5.8 | 5.8 | 1mo ago | The Quiz Maker by AYS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rate_reason' parameter in all versions up to, and including, 6.7.1.29 due to insufficient input saniti… | |||
| CVE-2026-41372 | medium | 5.8 | 5.8 | 1mo ago | OpenClaw: Trailing-dot localhost CDP hosts could bypass remote loopback protections | |||
| CVE-2026-35376 | medium | 5.8 | 5.8 | 2mo ago | A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the chcon utility of uutils coreutils during recursive operations. The implementation resolves recursive targets using a fresh path loo… | |||
| CVE-2026-34318 | medium | 5.8 | 5.8 | 2mo ago | Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Difficult to exploit vu… | |||
| CVE-2026-41389 | medium | 5.8 | 5.8 | 2mo ago | OpenClaw: Webchat media embedding enforces local-root containment for tool-result files | |||
| CVE-2026-20073 | medium | 5.8 | 5.8 | 3mo ago | A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to send tra… | |||
| CVE-2026-25624 | medium | 5.7 | 5.7 | 21h ago | An administrative cross-site scripting (XSS) vulnerability exists in the web user interface dashboard layout of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). Unvalidated use… | |||
| CVE-2026-41918 | medium | 5.7 | 5.7 | 4d ago | A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V4.0). The affected applications stores sensitive information in the browser cache when an authenticated user… |