CVEs from 2026
Total
14,798
critical
critical 1,335
high
high 5,011
medium
medium 4,834
low
low 504
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 723
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-44695 | medium | 6.5 | 6.5 | 27d ago | Outline is a service that allows for collaborative documentation. Prior to 1.7.1, the Slack integration callback for GET /auth/slack.post accepts an unsigned, session-independent OAuth state value. A… | |||
| CVE-2026-43889 | medium | 6.5 | 6.5 | 27d ago | Outline is a service that allows for collaborative documentation. Prior to 1.7.0, the shares.create API accepts both collectionId and documentId simultaneously and, when published=false, only verifie… | |||
| CVE-2026-34960 | medium | 6.5 | 6.5 | 27d ago | barebox prior to version 2026.04.0 contains an out-of-bounds read vulnerability in DHCP option parsing within the dhcp_message_type() function that fails to verify the options pointer remains within … | |||
| CVE-2026-42883 | medium | 6.5 | 6.5 | 27d ago | Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the GET /api/libraries/:id/download endpoint validates that the requesting user has access to the library specified in t… | |||
| CVE-2026-42316 | medium | 6.5 | 6.5 | 27d ago | kafka-sink-azure-kusto Kafka Connect plugin is the official Microsoft sink for Azure Data Explorer (Kusto). Prior to 5.2.3, kafka-sink-azure-kusto did not sanitize user-controlled values inside the k… | |||
| CVE-2026-42315 | medium | 6.5 | 6.5 | 27d ago | pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, when passing a folder name in the set_package_data() API function call inside the data object with key "_… | |||
| CVE-2026-42314 | medium | 6.5 | 6.5 | 27d ago | pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, package folder names are sanitized using insufficient string replacement. The pattern ....// becomes .._ … | |||
| CVE-2026-8292 | medium | 6.5 | 6.5 | 27d ago | A security vulnerability has been detected in Open5GS up to 2.7.7. The affected element is the function yuarel_parse in the library /lib/sbi/conv.c of the component NRF. Such manipulation of the argu… | |||
| CVE-2026-8291 | medium | 6.5 | 6.5 | 27d ago | A weakness has been identified in Open5GS up to 2.7.7. Impacted is the function ogs_nnrf_nfm_handle_nf_profile of the file lib/sbi/nnrf-handler.c of the component NRF. This manipulation causes denial… | |||
| CVE-2026-7820 | medium | 6.5 | 6.5 | 27d ago | pgAdmin 4: Improper restriction of excessive authentication attempts | |||
| CVE-2026-7817 | medium | 6.5 | 6.5 | 27d ago | pgAdmin 4 contains local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities | |||
| CVE-2026-44199 | medium | 6.5 | 6.5 | 27d ago | Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to form pages could delete submissions to form pages they don't hav… | |||
| CVE-2026-44197 | medium | 6.5 | 6.5 | 27d ago | Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could access revisions of the page through the revis… | |||
| CVE-2026-31246 | medium | 6.5 | 6.5 | 27d ago | GPT-Pilot contains a command injection vulnerability in the Executor.run() method | |||
| CVE-2026-8290 | medium | 6.5 | 6.5 | 27d ago | A security flaw has been discovered in Open5GS up to 2.7.7. This issue affects the function smf_nsmf_handle_update_data_in_vsmf of the file /src/smf/nsmf-handler.c of the component SMF. The manipulat… | |||
| CVE-2026-8289 | medium | 6.5 | 6.5 | 27d ago | A vulnerability was identified in Open5GS up to 2.7.7. This vulnerability affects the function smf_nsmf_handle_update_data_in_vsmf of the file /src/smf/nsmf-handler.c of the component SMF. The manipu… | |||
| CVE-2026-8288 | medium | 6.5 | 6.5 | 27d ago | A vulnerability was determined in Open5GS up to 2.7.7. This affects the function gsm_handle_pdu_session_modification_qos_flow_descriptions of the file src/smf/gsm-handler.c of the component SMF. Exec… | |||
| CVE-2026-43826 | medium | 6.5 | 6.5 | 27d ago | Apache Airflow Providers OpenSearch: OpenSearch task-log handler leaks credentials embedded in the host URL | |||
| CVE-2026-41018 | medium | 6.5 | 6.5 | 27d ago | Apache Airflow Providers Elasticsearch: Elasticsearch task-log handlers leak credentials embedded in the host URL | |||
| CVE-2026-5084 | medium | 6.5 | 6.5 | 27d ago | WebDyne::Session versions through 2.075 for Perl generates the session id insecurely. The session handler generates the session id from an MD5 hash seeded with a call to the built-in rand() function… | |||
| CVE-2026-8270 | medium | 6.5 | 6.5 | 27d ago | A vulnerability was determined in Open5GS up to 2.7.7. The affected element is the function ogs_nas_parse_qos_rules of the component SMF. Executing a manipulation can lead to denial of service. The a… | |||
| CVE-2026-8269 | medium | 6.5 | 6.5 | 27d ago | A vulnerability was found in Open5GS up to 2.7.7. Impacted is the function smf_nsmf_handle_create_sm_context of the component SMF. Performing a manipulation results in denial of service. Remote explo… | |||
| CVE-2026-8268 | medium | 6.5 | 6.5 | 27d ago | A vulnerability has been found in Open5GS up to 2.7.7. This issue affects the function OpenAPI_list_create of the component SMF. Such manipulation leads to denial of service. The attack may be launch… | |||
| CVE-2026-8267 | medium | 6.5 | 6.5 | 27d ago | A flaw has been found in Open5GS up to 2.7.7. This vulnerability affects the function smf_nsmf_handle_created_data_in_vsmf of the component SMF. This manipulation causes denial of service. The attack… | |||
| CVE-2026-8266 | medium | 6.5 | 6.5 | 27d ago | A vulnerability was detected in Open5GS up to 2.7.7. This affects the function gsm_build_pdu_session_establishment_accept of the file /src/smf/gsm-build.c of the component SMF. The manipulation resul… | |||
| CVE-2026-8252 | medium | 6.5 | 6.5 | 28d ago | A vulnerability was determined in Open5GS up to 2.7.7. Affected is the function smf_nsmf_handle_create_data_in_hsmf of the component SMF. Executing a manipulation can lead to null pointer dereference… | |||
| CVE-2026-28956 | medium | 6.5 | 6.5 | 28d ago | visionOS 26.5 | |||
| CVE-2026-28972 | medium | 6.5 | 6.5 | 28d ago | visionOS 26.5 | |||
| CVE-2026-28918 | medium | 6.5 | 6.5 | 28d ago | visionOS 26.5 | |||
| CVE-2026-28922 | medium | 6.5 | 6.5 | 28d ago | This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to access private information. | |||
| CVE-2026-28878 | medium | 6.5 | 6.5 | 28d ago | visionOS 26.4 | |||
| CVE-2026-28920 | medium | 6.5 | 6.5 | 28d ago | visionOS 26.5 | |||
| CVE-2026-8251 | medium | 6.5 | 6.5 | 28d ago | A vulnerability was found in Open5GS up to 2.7.7. This impacts the function update_authorized_pcc_rule_and_qos of the file /src/smf/npcf-handler.c of the component SMF. Performing a manipulation resu… | |||
| CVE-2026-8250 | medium | 6.5 | 6.5 | 28d ago | A vulnerability has been found in Open5GS up to 2.7.7. This affects the function smf_n4_build_qos_flow_to_modify_list of the file /src/smf/n4-build.c of the component SMF. Such manipulation leads to … | |||
| CVE-2026-8249 | medium | 6.5 | 6.5 | 28d ago | A flaw has been found in Open5GS up to 2.7.7. The impacted element is the function update_authorized_pcc_rule_and_qos of the file /src/smf/npcf-handler.c of the component SMF. This manipulation cause… | |||
| CVE-2026-8248 | medium | 6.5 | 6.5 | 28d ago | A vulnerability was detected in Open5GS up to 2.7.7. The affected element is the function update_authorized_pcc_rule_and_qos of the file /src/smf/npcf-handler.c of the component SMF. The manipulation… | |||
| CVE-2026-45191 | medium | 6.5 | 6.5 | 28d ago | Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, which may allow IP ACL bypass. Mask forms like "/00" and "/01" pass validatio… | |||
| CVE-2026-45190 | medium | 6.5 | 6.5 | 28d ago | Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass. Inputs containing a trailing newline or non-ASCII digit chara… | |||
| CVE-2026-7259 | medium | 6.5 | 6.5 | 28d ago | In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, re… | |||
| CVE-2026-45184 | medium | 6.5 | 6.5 | 29d ago | Kdenlive before 26.04.1 allows dangerous proxy parameters when an attacker-controlled project file is used. | |||
| CVE-2026-45181 | medium | 6.5 | 6.5 | 29d ago | Hex-Rays IDA Pro 9.2 and 9.3 before 9.3sp2 does not block Clang dependency-file generation (via argument injection), which allows attackers to place their code into a plugins directory if the victim … | |||
| CVE-2026-42576 | medium | 6.5 | 6.5 | 29d ago | apko `DiscoverKeys` has a panic on non-rsa jwks key that causes crash during key discovery | |||
| CVE-2026-42183 | medium | 6.5 | 6.5 | 29d ago | Argo Affected by SSO RBAC Delegation Nil Pointer Dereference DoS (gatekeeper.go) | |||
| CVE-2026-41311 | medium | 6.5 | 6.5 | 29d ago | liquidjs has a Denial of Service via circular block reference in layout | |||
| CVE-2026-42346 | medium | 6.5 | 6.5 | 1mo ago | Postiz is an AI social media scheduling tool. From version 2.16.6 to before version 2.21.7, all SSRF protections added in v2.21.4–v2.21.6 share a fundamental TOCTOU (Time-of-Check-Time-of-Use) vulner… | |||
| CVE-2026-42209 | medium | 6.5 | 6.5 | 1mo ago | FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.1, a remote client with retained publish permission can crash the FlashMQ broker when both set_retained_mes… | |||
| CVE-2026-44200 | medium | 6.5 | 6.5 | 1mo ago | Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to pages could copy a page they don't have access to to an area of … | |||
| CVE-2026-42181 | medium | 6.5 | 6.5 | 1mo ago | Lemmy has SSRF and internal image disclosure in post link metadata via unvalidated og:image | |||
| CVE-2026-41885 | medium | 6.5 | 6.5 | 1mo ago | i18next-locize-backend has URL Injection via Unsanitized Path Parameters | |||
| CVE-2026-41585 | medium | 6.5 | 6.5 | 1mo ago | Zebra Vulnerable to Denial of Service via Interrupted JSON-RPC Requests from Authenticated Clients | |||
| CVE-2026-41308 | medium | 6.5 | 6.5 | 1mo ago | Password Pusher is an open source application to communicate sensitive information over the web. Prior to versions 1.69.3 and 2.4.2, a security issue in OSS PasswordPusher allowed unauthenticated cre… | |||
| CVE-2026-42277 | medium | 6.5 | 6.5 | 1mo ago | Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the GET /chat/file/{file_id} endpoint allows any authenticated user to download any other user's uploaded files by provi… | |||
| CVE-2026-8123 | medium | 6.5 | 6.5 | 1mo ago | A vulnerability was determined in Open5GS up to 2.7.7. This impacts the function ogs_sbi_discovery_option_add_snssais in the library /lib/sbi/message.c of the component NSSF. This manipulation causes… | |||
| CVE-2026-8122 | medium | 6.5 | 6.5 | 1mo ago | A vulnerability was found in Open5GS up to 2.7.7. This affects the function ogs_sbi_discovery_option_add_service_names in the library /lib/sbi/message.c of the component NSSF. The manipulation result… | |||
| CVE-2026-8121 | medium | 6.5 | 6.5 | 1mo ago | A vulnerability has been found in Open5GS up to 2.7.7. The impacted element is the function ogs_sbi_parse_plmn_list in the library /lib/sbi/conv.c of the component NSSF. The manipulation leads to den… | |||
| CVE-2026-8120 | medium | 6.5 | 6.5 | 1mo ago | A flaw has been found in Open5GS up to 2.7.7. The affected element is the function nssf_nnrf_nsselection_handle_get_from_amf_or_vnssf of the file /src/nssf/nnssf-handler.c of the component NSSF. Exec… | |||
| CVE-2026-8113 | medium | 6.5 | 6.5 | 1mo ago | A vulnerability was determined in 8421bit MiniClaw up to 43905b934cf76489ab28e4d17da28ee97970f91f. Affected by this vulnerability is the function isPathInside of the file src/kernel.ts of the compone… | |||
| CVE-2026-6736 | medium | 6.5 | 6.5 | 1mo ago | An authentication bypass vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to create a local user account, bypassing the configured external identity p… | |||
| CVE-2026-8142 | medium | 6.5 | 6.5 | 1mo ago | VINCE versions 3.0.38 and earlier do not properly verify the From address authenticity due to encoding confusion and use the from address for automated actions such as Ticket creation or Ticket updat… | |||
| CVE-2026-27892 | medium | 6.5 | 6.5 | 1mo ago | FacturaScripts Vulnerable to Unstripped Image Metadata (EXIF) Leakage via Library Module File Upload/Download | |||
| CVE-2026-36387 | medium | 6.5 | 6.5 | 1mo ago | A Remote Code Execution vulnerability was found in CODEASTRO Membership Management System v1.0 in /add_members.php. This vulnerability affects the file upload functionality, where improper file sanit… | |||
| CVE-2026-41684 | medium | 6.5 | 6.5 | 1mo ago | Incus is a system container and virtual machine manager. Prior to version 7.0.0, backup.GetInfo() trusts the inline backup/index.yaml config when present and only falls back to parsing the legacy bac… | |||
| CVE-2026-41647 | medium | 6.5 | 6.5 | 1mo ago | Incus is a system container and virtual machine manager. Prior to version 7.0.0, a missing error handling could lead an authenticated Incus user to cause a daemon crash through the import of a trunca… | |||
| CVE-2026-5791 | medium | 6.5 | 6.5 | 1mo ago | Cross-Site request forgery (CSRF) vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross Site Request Forgery. This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2. | |||
| CVE-2026-33589 | medium | 6.5 | 6.5 | 1mo ago | Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to access local files content from the docker container via path traversal. | |||
| CVE-2026-27421 | medium | 6.5 | 6.5 | 1mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WProyal Royal Elementor Addons allows Stored XSS. This issue affects Royal Elementor Addons: fro… | |||
| CVE-2026-8063 | medium | 6.5 | 6.5 | 1mo ago | An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty pipeline on a view. When resolving a view, the server inspects the aggregation pipeline to determine whe… | |||
| CVE-2026-6214 | medium | 6.5 | 6.5 | 1mo ago | The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.53.0. This is due to the listen_for_saving_export_schedule() function in library/cla… | |||
| CVE-2026-4807 | medium | 6.5 | 6.5 | 1mo ago | The Appointment Booking Calendar plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.6.10.6. This is due to a flawed authorization logic in the nonce_permiss… | |||
| CVE-2026-40251 | medium | 6.5 | 6.5 | 1mo ago | Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage … | |||
| CVE-2026-40197 | medium | 6.5 | 6.5 | 1mo ago | Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage … | |||
| CVE-2026-40195 | medium | 6.5 | 6.5 | 1mo ago | Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage bucket import logic allows an authenticated user with access to the storage … | |||
| CVE-2026-43583 | medium | 6.5 | 6.5 | 1mo ago | OpenClaw: Delivery queue recovery could lose group tool-policy context for media replay | |||
| CVE-2026-43579 | medium | 6.5 | 6.5 | 1mo ago | OpenClaw before 2026.4.10 contains an insufficient access control vulnerability in Nostr plugin HTTP profile routes that allows operators with write permissions to persist profile configuration witho… | |||
| CVE-2026-43577 | medium | 6.5 | 6.5 | 1mo ago | OpenClaw before 2026.4.9 contains a file read vulnerability allowing attackers to bypass navigation guards through browser act/evaluate interactions. Attackers can pivot into the local CDP origin and… | |||
| CVE-2026-7982 | medium | 6.5 | 6.5 | 1mo ago | Uninitialized Use in WebCodecs in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium sec… | |||
| CVE-2026-7924 | medium | 6.5 | 6.5 | 1mo ago | Uninitialized Use in Dawn in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security… | |||
| CVE-2026-20168 | medium | 6.5 | 6.5 | 1mo ago | A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to retrieve files that they do not have per… | |||
| CVE-2026-41286 | medium | 6.5 | 6.5 | 1mo ago | Stack-based Buffer Overflow vulnerability in the WatchGuard Agent discovery service on Windows allows Overflow Buffers. An unauthenticated attacker on the same local network could exploit this vulner… | |||
| CVE-2026-41287 | medium | 6.5 | 6.5 | 1mo ago | Stack-based Buffer Overflow vulnerability in the WatchGuard Agent discovery service on Windows allows Overflow Buffers. An unauthenticated attacker on the same local network could exploit this vulner… | |||
| CVE-2026-43975 | medium | 6.5 | 6.5 | 1mo ago | Apache Wicket has a Path Traversal issue | |||
| CVE-2026-5753 | medium | 6.5 | 6.5 | 1mo ago | The All-in-One WP Migration Unlimited Extension plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.83. This is due to the 'Ai1wmve_Schedules_Controller::s… | |||
| CVE-2026-42610 | medium | 6.5 | 6.5 | 1mo ago | Grav Vulnerable to Sensitive Information Disclosure via Accounts Service Bypass | |||
| CVE-2026-41950 | medium | 6.5 | 6.5 | 1mo ago | Dify before version 1.14.0 contains an authorization bypass vulnerability that allows authenticated users to read the full contents of files uploaded by other users within the same tenant by supplyin… | |||
| CVE-2026-39402 | medium | 6.5 | 6.5 | 1mo ago | lxc is a Linux container runtime. In the setuid helper lxc-user-nic, the delete path contains a logic flaw in the find_line() function that allows an unprivileged user to delete OVS-attached network … | |||
| CVE-2026-32603 | medium | 6.5 | 6.5 | 1mo ago | Sandboxie is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, a local denial of service vulnerability exists in the Sandboxie kernel driver. An unprivilege… | |||
| CVE-2026-35192 | medium | 6.5 | 6.5 | 1mo ago | Django Uses Persistent Cookies Containing Sensitive Information | |||
| CVE-2026-30246 | medium | 6.5 | 6.5 | 1mo ago | Fiber's cache middleware default key generator ignores query string, causing response mix-up across distinct query parameters | |||
| CVE-2026-27644 | medium | 6.5 | 6.5 | 1mo ago | Traccar is an open source GPS tracking system. In versions between 6.11.1 and 6.13.0, the CSV export functionality writes position data, including user-controlled device and computed attributes, to C… | |||
| CVE-2026-6262 | medium | 6.5 | 6.5 | 1mo ago | The Betheme theme for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 28.4. This is due to the upload_icons() function workflow using a user-controlled upload pat… | |||
| CVE-2026-43574 | medium | 6.5 | 6.5 | 1mo ago | OpenClaw: Empty approver lists could grant explicit approval authorization | |||
| CVE-2026-43570 | medium | 6.5 | 6.5 | 1mo ago | OpenClaw contains a symlink traversal vulnerability | |||
| CVE-2026-43568 | medium | 6.5 | 6.5 | 1mo ago | OpenClaw: Memory dreaming config persistence was reachable from operator.write commands | |||
| CVE-2026-43567 | medium | 6.5 | 6.5 | 1mo ago | OpenClaw: screen_record outPath bypassed workspace-only filesystem guard | |||
| CVE-2026-43528 | medium | 6.5 | 6.5 | 1mo ago | OpenClaw: config.get redaction bypass through sourceConfig and runtimeConfig aliases | |||
| CVE-2026-42433 | medium | 6.5 | 6.5 | 1mo ago | OpenClaw: Matrix profile config persistence was reachable from operator.write message tools | |||
| CVE-2026-3454 | medium | 6.5 | 6.5 | 1mo ago | The GenerateBlocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.0. This is due to missing object-level authorization checks in the … | |||
| CVE-2026-4362 | medium | 6.5 | 6.5 | 1mo ago | The ElementsKit Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `Live_Action::reset()` function in all versions up to… | |||
| CVE-2026-5957 | medium | 6.5 | 6.5 | 1mo ago | The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to and including 1.6.5. This is due to a flawed path traversal validation in the create_template() method of … | |||
| CVE-2026-4409 | medium | 6.5 | 6.5 | 1mo ago | The Subscribe To Comments Reloaded plugin for WordPress is vulnerable to unauthorized modification of data due to a leaked secret key and usage of a weak hash generation algorithm in all versions up … |