CVEs from 2026
Total
14,769
critical
critical 1,335
high
high 5,011
medium
medium 4,834
low
low 504
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 723
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-0397 | unknown | — | — | — | When the internal webserver is enabled (default is disabled), an attacker might be able to trick an administrator logged to the dashboard into visiting a malicious website and extract information abo… | |||
| CVE-2026-0396 | unknown | — | — | — | An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-based dynamic rules have been enabled via either Dyn… | |||
| CVE-2026-11099 | unknown | — | — | — | <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> | |||
| CVE-2026-49271 | unknown | — | — | — | ||||
| CVE-2026-44941 | unknown | — | — | — | ||||
| CVE-2026-0906 | unknown | — | — | — | Incorrect security UI in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity… | |||
| CVE-2026-0907 | unknown | — | — | — | Incorrect security UI in Split View in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2026-0905 | unknown | — | — | — | Insufficient policy enforcement in Network in Google Chrome prior to 144.0.7559.59 allowed an attack who obtained a network log file to potentially obtain potentially sensitive information via a netw… | |||
| CVE-2026-0904 | unknown | — | — | — | Incorrect security UI in Digital Credentials in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-0902 | unknown | — | — | — | Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medi… | |||
| CVE-2026-6780 | unknown | — | — | — | Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | |||
| CVE-2026-23345 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: arm64: gcs: Do not set PTE_SHARED on GCS mappings if FEAT_LPA2 is enabled When FEAT_LPA2 is enabled, bits 8-9 of the PTE replace … | |||
| CVE-2026-23055 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: i2c: riic: Move suspend handling to NOIRQ phase Commit 53326135d0e0 ("i2c: riic: Add suspend/resume support") added suspend suppo… | |||
| CVE-2026-41436 | unknown | — | — | — | ||||
| CVE-2026-50142 | unknown | — | — | — | ||||
| CVE-2026-6941 | unknown | — | — | — | radare2 prior to 6.1.4 contains a path traversal vulnerability in its project notes handling that allows attackers to read or write files outside the configured project directory by importing a malic… | |||
| CVE-2026-6940 | unknown | — | — | — | radare2 prior to 6.1.4 contains a path traversal vulnerability in project deletion that allows local attackers to recursively delete arbitrary directories by supplying absolute paths that escape the … | |||
| CVE-2026-2806 | unknown | — | — | — | Uninitialized memory in the Graphics: Text component. This vulnerability was fixed in Firefox 148 and Thunderbird 148. | |||
| CVE-2026-1757 | unknown | — | — | — | A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a use… | |||
| CVE-2026-23004 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() syzbot was able to crash the kernel in rt6_uncached_list_flu… | |||
| CVE-2026-2797 | unknown | — | — | — | Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148. | |||
| CVE-2026-4727 | unknown | — | — | — | Denial-of-service in the Libraries component in NSS. This vulnerability was fixed in Firefox 149 and Thunderbird 149. | |||
| CVE-2026-4723 | unknown | — | — | — | Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 149 and Thunderbird 149. | |||
| CVE-2026-33599 | unknown | — | — | — | A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers request, when requested via either the autoUpgrade (Lua) option to newServer or auto_upgrade (YAML) settings. D… | |||
| CVE-2026-8341 | unknown | — | — | — | ||||
| CVE-2026-41438 | unknown | — | — | — | ||||
| CVE-2026-42784 | unknown | — | — | — | ||||
| CVE-2026-5124 | unknown | — | — | — | A security vulnerability has been detected in osrg GoBGP up to 4.3.0. Affected is the function BGPHeader.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component BGP Header Handler. The man… | |||
| CVE-2026-5123 | unknown | — | — | — | A weakness has been identified in osrg GoBGP up to 4.3.0. This impacts the function DecodeFromBytes of the file pkg/packet/bgp/bgp.go. Executing a manipulation of the argument data[1] can lead to off… | |||
| CVE-2026-5122 | unknown | — | — | — | A security flaw has been discovered in osrg GoBGP up to 4.3.0. This affects the function DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component BGP OPEN Message Handler. Performing a mani… | |||
| CVE-2026-34475 | unknown | — | — | — | Varnish Cache before 8.0.1 and Varnish Enterprise before 6.0.16r12, in certain unchecked req.url scenarios, mishandle URLs with a path of / for HTTP/1.1, potentially leading to cache poisoning or aut… | |||
| CVE-2026-40394 | unknown | — | — | — | Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a "workspace overflow" denial of service (daemon panic) for certain amounts of prefetched data. The setup of an HTTP/2 sess… | |||
| CVE-2026-40395 | unknown | — | — | — | Varnish Enterprise before 6.0.16r12 allows a "workspace overflow" denial of service (daemon panic) for shared VCL. The headerplus.write_req0() function from vmod_headerplus updates the underlying req… | |||
| CVE-2026-2802 | unknown | — | — | — | Race condition in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148. | |||
| CVE-2026-2807 | unknown | — | — | — | Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited t… | |||
| CVE-2026-4729 | unknown | — | — | — | Memory safety bugs present in Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited t… | |||
| CVE-2026-32854 | unknown | — | — | — | LibVNCServer versions 0.9.15 and prior (fixed in commit dc78dee) contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput() in httpd.c that allow remote att… | |||
| CVE-2026-45355 | unknown | — | — | — | ||||
| CVE-2026-0889 | unknown | — | — | — | Denial-of-service in the DOM: Service Workers component. This vulnerability was fixed in Firefox 147 and Thunderbird 147. | |||
| CVE-2026-0990 | unknown | — | — | — | A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that re… | |||
| CVE-2026-23435 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: perf/x86: Move event pointer setup earlier in x86_pmu_enable() A production AMD EPYC system crashed with a NULL pointer dereferen… | |||
| CVE-2026-4722 | unknown | — | — | — | Privilege escalation in the IPC component. This vulnerability was fixed in Firefox 149 and Thunderbird 149. | |||
| CVE-2026-5663 | unknown | — | — | — | A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEndOfStudy of the file dcmnet/apps/storescp.cc of the component storescp. Perform… | |||
| CVE-2026-23137 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: of: unittest: Fix memory leak in unittest_data_add() In unittest_data_add(), if of_resolve_phandles() fails, the allocated unitte… | |||
| CVE-2026-44229 | unknown | — | — | — | ||||
| CVE-2026-23379 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: fix divide by zero in the offload path Offloading ETS requires computing each class' WRR weight: this is done by … | |||
| CVE-2026-2805 | unknown | — | — | — | Invalid pointer in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148. | |||
| CVE-2026-3842 | unknown | — | — | — | ||||
| CVE-2026-39956 | unknown | — | — | — | jq is a command-line JSON processor. In commits after 69785bf77f86e2ea1b4a20ca86775916889e91c9, the _strindices builtin in jq's src/builtin.c passes its arguments directly to jv_string_indexes() with… | |||
| CVE-2026-4724 | unknown | — | — | — | Undefined behavior in the Audio/Video component. This vulnerability was fixed in Firefox 149 and Thunderbird 149. | |||
| CVE-2026-2794 | unknown | — | — | — | Information disclosure due to uninitialized memory in Firefox and Firefox Focus for Android. This vulnerability was fixed in Firefox 148. | |||
| CVE-2026-2799 | unknown | — | — | — | Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148. | |||
| CVE-2026-23428 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free of share_conf in compound request smb2_get_ksmbd_tcon() reuses work->tcon in compound requests without … | |||
| CVE-2026-4728 | unknown | — | — | — | Spoofing issue in the Privacy: Anti-Tracking component. This vulnerability was fixed in Firefox 149 and Thunderbird 149. | |||
| CVE-2026-23077 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mm/vma: fix anon_vma UAF on mremap() faulted, unfaulted merge Patch series "mm/vma: fix anon_vma UAF on mremap() faulted, unfault… | |||
| CVE-2026-23016 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: inet: frags: drop fraglist conntrack references Jakub added a warning in nf_conntrack_cleanup_net_list() to make debugging leaked… | |||
| CVE-2026-2796 | unknown | — | — | — | JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148. | |||
| CVE-2026-23018 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: btrfs: release path before initializing extent tree in btrfs_read_locked_inode() In btrfs_read_locked_inode() we are calling btrf… | |||
| CVE-2026-0992 | unknown | — | — | — | A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated <nextCatalog> elements pointing to the same dow… | |||
| CVE-2026-23122 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: igc: Reduce TSN TX packet buffer from 7KB to 5KB per queue The previous 7 KB per queue caused TX unit hangs under heavy timestamp… | |||
| CVE-2026-2804 | unknown | — | — | — | Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148. | |||
| CVE-2026-4725 | unknown | — | — | — | Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149 and Thunderbird 149. | |||
| CVE-2026-3446 | unknown | — | — | — | When calling base64.b64decode() or related functions the decoding process would stop after encountering the first padded quad regardless of whether there was more information to be processed. This ca… | |||
| CVE-2026-3805 | unknown | — | — | — | When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory. | |||
| CVE-2026-0881 | unknown | — | — | — | Sandbox escape in the Messaging System component. This vulnerability was fixed in Firefox 147 and Thunderbird 147. | |||
| CVE-2026-2800 | unknown | — | — | — | Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability was fixed in Firefox 148 and Thunderbird 148. | |||
| CVE-2026-32316 | unknown | — | — | — | jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvp_string_append() and jvp_string_copy_replace_bad functions, where concatenating strin… | |||
| CVE-2026-3195 | unknown | — | — | — | ||||
| CVE-2026-23197 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: i2c: imx: preserve error state in block data length handler When a block read returns an invalid length, zero or >I2C_SMBUS_BLOCK… | |||
| CVE-2026-23192 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: linkwatch: use __dev_put() in callers to prevent UAF After linkwatch_do_dev() calls __dev_put() to release the linkwatch referenc… | |||
| CVE-2026-2795 | unknown | — | — | — | Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148. | |||
| CVE-2026-6307 | unknown | — | — | — | Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-3845 | unknown | — | — | — | Heap buffer overflow in the Audio/Video: Playback component in Firefox for Android. This vulnerability was fixed in Firefox 148.0.2. | |||
| CVE-2026-6758 | unknown | — | — | — | Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | |||
| CVE-2026-6760 | unknown | — | — | — | Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | |||
| CVE-2026-24480 | unknown | — | — | — | QGIS is a free, open source, cross platform geographical information system (GIS) The repository contains a GitHub Actions workflow called "pre-commit checks" that, before commit 76a693cd91650f9b4e83… | |||
| CVE-2026-32726 | unknown | — | — | — | SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass in path-based scope validation. The e… | |||
| CVE-2026-33600 | unknown | — | — | — | An RPZ sent by a malicious authoritative server can result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service. | |||
| CVE-2026-23385 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: clone set on flush only Syzbot with fault injection triggered a failing memory allocation with GFP_KERNEL w… | |||
| CVE-2026-23347 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: can: usb: f81604: correctly anchor the urb in the read bulk callback When submitting an urb, that is using the anchor pattern, it… | |||
| CVE-2026-47766 | unknown | — | — | — | ||||
| CVE-2026-47734 | unknown | — | — | — | ||||
| CVE-2026-47712 | unknown | — | — | — | ||||
| CVE-2026-24413 | unknown | — | — | — | Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.2, the Icinga 2 MSI did not set appropriate permissions for the `%ProgramData%\… | |||
| CVE-2026-47753 | unknown | — | — | — | ||||
| CVE-2026-48753 | unknown | — | — | — | ||||
| CVE-2026-48754 | unknown | — | — | — | ||||
| CVE-2026-3914 | unknown | — | — | — | Integer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-3919 | unknown | — | — | — | Use after free in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTM… | |||
| CVE-2026-3921 | unknown | — | — | — | Use after free in TextEncoding in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-3926 | unknown | — | — | — | Out of bounds read in V8 in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-3923 | unknown | — | — | — | Use after free in WebMIDI in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-3924 | unknown | — | — | — | use after free in WindowDialog in Google Chrome prior to 146.0.7680.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML pa… | |||
| CVE-2026-3925 | unknown | — | — | — | Incorrect security UI in LookalikeChecks in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medi… | |||
| CVE-2026-3927 | unknown | — | — | — | Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-34580 | unknown | — | — | — | Botan is a C++ cryptography library. In 3.11.0, the function Certificate_Store::certificate_known had a misleading name; it would return true if any certificate in the store had a DN (and subject key… | |||
| CVE-2026-3930 | unknown | — | — | — | Unsafe navigation in Navigation in Google Chrome on iOS prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-3934 | unknown | — | — | — | Insufficient policy enforcement in ChromeDriver in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Me… | |||
| CVE-2026-3937 | unknown | — | — | — | Incorrect security UI in Downloads in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2026-32883 | unknown | — | — | — | Botan is a C++ cryptography library. From version 3.0.0 to before version 3.11.0, during X509 path validation, OCSP responses were checked for an appropriate status code, but critically omitted verif… |