CVEs from 2026
Total
14,792
critical
critical 1,335
high
high 5,008
medium
medium 4,832
low
low 503
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 723
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-47326 | medium | 5.5 | 5.5 | 10d ago | Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a memory leak in the handling of big responses to AppArmor notifications. The bug can be triggered by an unprivileged local user. The memory … | |||
| CVE-2026-48735 | medium | 5.5 | 5.5 | 10d ago | pypdf is a free and open-source pure-python PDF library. Prior to 6.12.1, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing large XMP me… | |||
| CVE-2026-48155 | medium | 5.5 | 5.5 | 10d ago | pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting text in l… | |||
| CVE-2026-45703 | medium | — | 5.5 | 10d ago | Pimcore has a WordExport Authorization Bypass for Unauthorized Document Export | |||
| CVE-2026-45309 | medium | — | 5.5 | 11d ago | AsyncSSH `AuthorizedKeysFile %u` path traversal allows attacker-selected authorized keys to authenticate a traversal username | |||
| CVE-2026-44981 | medium | — | 5.5 | 11d ago | CrowdSec LAPI: Denial of Service via Unbounded Gzip Decompression | |||
| CVE-2026-9759 | medium | 5.5 | 5.5 | 11d ago | ROHC protocol dissector crash in Wireshark 4.6.0 to 4.6.5 and 4.4.0 to 4.4.15 allows denial of service | |||
| CVE-2026-45046 | medium | 5.5 | 5.5 | 11d ago | Gryph provides a security layer for AI coding agents. Prior to 0.7.0, Gryph implements logging levels that determine what content is logged to a local sqlite database. The README incorrectly mentions… | |||
| CVE-2026-45334 | medium | — | 5.5 | 11d ago | Kirby CMS's content locks disclose IDs and emails of inaccessible users from `users.access/list` permissions | |||
| CVE-2026-48927 | medium | 5.5 | 5.5 | 11d ago | Jenkins buildgraph-view Plugin 1.8 and earlier does not escape the build URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs or views. | |||
| CVE-2026-47104 | medium | 5.5 | 5.5 | 11d ago | libusb before version 1.0.30 contains a one-byte out-of-bounds read vulnerability in parse_iad_array() in descriptor.c that allows attackers to trigger a denial of service by supplying a malformed US… | |||
| CVE-2026-6053 | medium | 5.5 | 5.5 | 11d ago | IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables. | |||
| CVE-2026-5515 | medium | 5.5 | 5.5 | 11d ago | IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user. | |||
| CVE-2026-40830 | medium | 5.5 | 5.5 | 11d ago | A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the admin.mbnetj.php files UpdateParam function due to improper neutralization of special elements in a… | |||
| CVE-2026-40829 | medium | 5.5 | 5.5 | 11d ago | A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the view.html.php files UpdateParam function due to improper neutralization of special elements in a SQ… | |||
| CVE-2026-40828 | medium | 5.5 | 5.5 | 11d ago | A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DeleteSysLogEntry function due to improper neutralization of special elements in a SQL DELETE comma… | |||
| CVE-2026-40827 | medium | 5.5 | 5.5 | 11d ago | A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the _RemoveRequest function due to improper neutralization of special elements in a SQL DELETE command … | |||
| CVE-2026-40825 | medium | 5.5 | 5.5 | 11d ago | A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the accountstatus view devices parameter due to improper neutralization of special elements in a SQL UP… | |||
| CVE-2026-40824 | medium | 5.5 | 5.5 | 11d ago | A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the accountstatus view userid parameter due to improper neutralization of special elements in a SQL UPD… | |||
| CVE-2026-40823 | medium | 5.5 | 5.5 | 11d ago | A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DevSerialReset function due to improper neutralization of special elements in a SQL UPDATE command … | |||
| CVE-2026-44979 | medium | — | 5.5 | 11d ago | @hapi/wreck leaks sensitive `Proxy-Authorization` header across cross-hostname redirects | |||
| CVE-2026-44646 | medium | — | 5.5 | 11d ago | LiquidJS's `{% render %}` tag silently bypasses per-render `ownPropertyOnly:true` via `Context.spawn()` | |||
| CVE-2026-44645 | medium | — | 5.5 | 11d ago | LiquidJS has a renderLimit DoS guard bypass via empty `{% for %}` body | |||
| CVE-2026-44644 | medium | — | 5.5 | 11d ago | LiquidJS's strip_html filter bypass via newline characters in HTML tags enables XSS | |||
| CVE-2026-44587 | medium | — | 5.5 | 11d ago | CarrierWave has a denylisted_content_type bypass via | |||
| CVE-2026-44210 | medium | — | 5.5 | 11d ago | Kata Containers have VM Escape via virtiofsd Argument Injection through Default-Enabled Pod Annotations | |||
| CVE-2026-44176 | medium | — | 5.5 | 11d ago | Kirby CMS's `pages.access` permission is not checked during rendering of page drafts | |||
| CVE-2026-44844 | medium | — | 5.5 | 12d ago | eml_parser serves as a python module for parsing eml files and returning various information found in the e-mail as well as computed information. Prior to 3.0.1, EmlParser.get_raw_body_text() recurse… | |||
| CVE-2026-48047 | medium | — | 5.5 | 12d ago | XWiki Platform vulnerable to potential arbitrary file writing using path traversal from (subwiki) admin | |||
| CVE-2026-7453 | medium | 5.5 | 5.5 | 12d ago | A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can cause a Stack Exhaustion vulnerability, leading to a denial-of-service condition. | |||
| CVE-2026-7450 | medium | 5.5 | 5.5 | 12d ago | A maliciously crafted PAR file, when parsed through Autodesk 3ds Max, can force a NULL Pointer Dereference vulnerability. Successful exploitation may cause the application to crash, leading to a deni… | |||
| CVE-2026-48693 | medium | 5.5 | 5.5 | 12d ago | FastNetMon Community Edition through 1.2.9 is vulnerable to a local symlink attack via predictable file paths in /tmp. The statistics file path defaults to '/tmp/fastnetmon.dat' (src/fastnetmon.cpp l… | |||
| CVE-2026-40386 | medium | — | 5.5 | 12d ago | Moderate: libexif security update | |||
| CVE-2026-4437 | medium | — | 5.5 | 12d ago | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from… | |||
| CVE-2026-4438 | medium | — | 5.5 | 12d ago | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS host… | |||
| CVE-2026-4046 | medium | — | 5.5 | 12d ago | RHSA-2026:20587: glibc security update (Moderate) | |||
| CVE-2026-40385 | medium | — | 5.5 | 12d ago | Moderate: libexif security update | |||
| CVE-2026-9490 | medium | 5.5 | 5.5 | 13d ago | A security vulnerability has been identified in Acer Care Center where the ACCSvc service creates a Named Pipe with a weak Security Descriptor. This vulnerability allows an authenticated local user t… | |||
| CVE-2026-47124 | medium | — | 5.5 | 15d ago | Nezha Monitoring: Nezha WebSocket server stream discloses cross-tenant server telemetry to authenticated members | |||
| CVE-2026-47157 | medium | — | 5.5 | 15d ago | aiograpi: Unsafe signup challenge path handling | |||
| CVE-2026-47120 | medium | — | 5.5 | 15d ago | Nezha Monitoring: RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks (no ownership check) | |||
| CVE-2026-41149 | medium | — | 5.5 | 15d ago | Mermaid: Improper sanitization of `classDef` in state diagrams leads to HTML injection | |||
| CVE-2026-41148 | medium | — | 5.5 | 15d ago | Mermaid: Improper sanitization of `classDefs` in diagrams leads to CSS injection | |||
| CVE-2026-40610 | medium | 5.5 | 5.5 | 16d ago | BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.38 and prior, the build packaging workflow follows attacker-controlled symli… | |||
| CVE-2026-46715 | medium | — | 5.5 | 16d ago | Flask-Security-Too OAuth reauthentication freshness bypass via cross- user OAuth identity acceptance | |||
| CVE-2026-47166 | medium | — | 5.5 | 16d ago | ImageMagick: Heap Buffer Over-Read in distributed pixel cache server | |||
| CVE-2026-47165 | medium | — | 5.5 | 16d ago | ImageMagick: Information Disclosure in distributed pixel cache server because it is not using a challenge–response authentication model | |||
| CVE-2026-46693 | medium | — | 5.5 | 16d ago | ImageMagick: Race Condition in distributed pixel cache server can result in file descriptor hijacking | |||
| CVE-2026-46692 | medium | — | 5.5 | 16d ago | ImageMagick: Heap Buffer Over-Write in distributed pixel cache server | |||
| CVE-2026-46678 | medium | — | 5.5 | 17d ago | Pydantic AI: SSRF cloud-metadata blocklist bypass via IPv4-mapped IPv6 (Incomplete fix of CVE-2026-25580) | |||
| CVE-2026-46671 | medium | — | 5.5 | 17d ago | Rust OneNote File Parser: Path traversal in `Parser::parse_notebook` allows reading files outside the notebook directory | |||
| CVE-2026-46645 | medium | — | 5.5 | 17d ago | SQLAdmin: Authorization Bypass on `ajax_lookup` | |||
| CVE-2026-46609 | medium | — | 5.5 | 17d ago | Umbraco.Cms: XSS/HTML Injection in Umbraco Backoffice confirmation dialog | |||
| CVE-2026-46556 | medium | — | 5.5 | 17d ago | FlaskBB: SSRF in get_image_info() via unrestricted avatar URL | |||
| CVE-2026-46552 | medium | — | 5.5 | 17d ago | NocoDB: Shared-base link access can invite arbitrary users as persistent base members | |||
| CVE-2026-46551 | medium | — | 5.5 | 17d ago | NocoDB: Missing File Size Enforcement in Upload-by-URL Allows Denial of Service via Disk Exhaustion | |||
| CVE-2026-46550 | medium | — | 5.5 | 17d ago | NocoDB: Refresh Token Cookie Set Without `secure` and `sameSite` Flags | |||
| CVE-2026-46548 | medium | — | 5.5 | 17d ago | NocoDB: SSRF Protection Bypass in Notification Webhook Plugins (Slack, Discord, Mattermost, Teams) | |||
| CVE-2026-46547 | medium | — | 5.5 | 17d ago | NocoDB: Reflected Cross-Site Scripting via Page Leaving Redirect URL | |||
| CVE-2026-46683 | medium | — | 5.5 | 17d ago | Snappy : SSRF and local file read via the xsl-style-sheet option | |||
| CVE-2026-46618 | medium | — | 5.5 | 17d ago | Fission builder accepts arbitrary buildcmd strings from Environment.spec.builder.command, allowing the builder pod to invoke arbitrary executables | |||
| CVE-2026-46616 | medium | — | 5.5 | 17d ago | Umbraco.Cms: Open Redirect Vulnerability in Surface Controllers | |||
| CVE-2026-46543 | medium | — | 5.5 | 17d ago | nimiq-blockchain: Genesis batch set request | |||
| CVE-2026-46542 | medium | — | 5.5 | 17d ago | nimiq-keys: Denial of service in Ed25519 multisig delinearization via invalid curve points | |||
| CVE-2026-46539 | medium | — | 5.5 | 17d ago | nimiq-primitives: BlockInclusionProof interlink issue when hops are empty | |||
| CVE-2026-46486 | medium | — | 5.5 | 17d ago | Mobile Verification Toolkit (MVT): Path Traversal via unsanitized File identifiers in iOS Backup processing | |||
| CVE-2026-46403 | medium | — | 5.5 | 17d ago | Klever-Go KVM read-only execution can commit contract delete and upgrade side effects | |||
| CVE-2026-45252 | medium | 5.5 | 5.5 | 17d ago | When a fusefs file system implements extended attributes, the kernel may send a FUSE_LISTXATTR message to the userspace daemon to retrieve the list of extended attributes for a given file. The FUSE … | |||
| CVE-2026-46420 | medium | — | 5.5 | 18d ago | Setup PHP: Command Injection in Repository-Derived PHP Version Resolution | |||
| CVE-2026-45792 | medium | — | 5.5 | 18d ago | RTK improperly trusts project-local filter configuration, allowing silent tampering of command output shown to LLM | |||
| CVE-2026-45498 | medium | 4.0 | 5.5 | 18d ago | Microsoft Defender Denial of Service Vulnerability | |||
| CVE-2026-45070 | medium | — | 5.5 | 18d ago | Symfony has Email Header Injection via Non-Token Characters in Mime Parameter Names | |||
| CVE-2026-45068 | medium | — | 5.5 | 18d ago | Symfony has an Argument Injection in SendmailTransport via Dash-Prefixed Recipient Address | |||
| CVE-2026-45064 | medium | — | 5.5 | 18d ago | Symfony's HtmlSanitizer URL Attributes Pass Through BiDi Override Characters → Visual href Spoofing | |||
| CVE-2026-45065 | medium | — | 5.5 | 18d ago | Symfony has a UrlGenerator Route-Requirement Bypass via Unanchored Regex Alternation → Off-Site //host URL Injection | |||
| CVE-2026-45069 | medium | — | 5.5 | 18d ago | Symfony's OidcTokenHandler Accepts JWTs Missing aud/iss/exp Claims | |||
| CVE-2026-45073 | medium | — | 5.5 | 18d ago | Symfony Vulnerable to SQL Injection in PdoAdapter::doClear() via Unsanitized $prefix | |||
| CVE-2026-45066 | medium | — | 5.5 | 18d ago | Symfony has an HtmlSanitizer allowLinkHosts() / allowMediaHosts() Bypass via URL-Parser Differentials and <area> Misclassification | |||
| CVE-2026-46638 | medium | — | 5.5 | 18d ago | Twig: `{% sandbox %}{% include %}` skips checkSecurity() on cached templates (incomplete fix for CVE-2024-45411) | |||
| CVE-2026-46634 | medium | — | 5.5 | 18d ago | Twig: `template_from_string()` escapes a SourcePolicy-driven sandbox via synthesized template name | |||
| CVE-2026-45074 | medium | — | 5.5 | 18d ago | Symfony's Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay | |||
| CVE-2026-45075 | medium | — | 5.5 | 18d ago | Synfony's HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid] | |||
| CVE-2026-43620 | medium | 5.5 | 5.5 | 18d ago | Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recv_files() in receiver.c that allows a malicious rsync server to crash the rsync client process. Atta… | |||
| CVE-2026-39309 | medium | 5.5 | 5.5 | 18d ago | Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Electron configuration is vulnerable to … | |||
| CVE-2026-46338 | medium | — | 5.5 | 19d ago | Regression in pymdownx.snippets reintroduces sibling-prefix path traversal bypass despite restrict_base_path | |||
| CVE-2026-45802 | medium | — | 5.5 | 19d ago | FPDI: Memory Exhaustion and Endless Loop in FPDI leads to Denial of Service | |||
| CVE-2026-45796 | medium | — | 5.5 | 19d ago | Coder: Unauthenticated SSRF via Azure Instance Identity Endpoint | |||
| CVE-2026-45785 | medium | — | 5.5 | 19d ago | OpenMcdf: Uncatchable infinite loop in DirectoryTree.TryGetDirectoryEntry on crafted CFB directory cycle | |||
| CVE-2026-45784 | medium | — | 5.5 | 19d ago | rust-openssl: Potential out-of-bounds write in `CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphers | |||
| CVE-2026-46341 | medium | — | 5.5 | 19d ago | Apify Model Context Protocol (MCP) server: Domain Allowlist Bypass in fetch-apify-docs via String Prefix Matching | |||
| CVE-2026-45737 | medium | — | 5.5 | 19d ago | Argo CD: Kubernetes Secret Extraction via ArgoCD ServerSideDiff via sensitive annotations | |||
| CVE-2026-45712 | medium | — | 5.5 | 19d ago | Mailpit: Concurrent map read & write in proxy CSS rewriter - remote unauth crash (fatal error: concurrent map read and map write) | |||
| CVE-2026-45711 | medium | — | 5.5 | 19d ago | Mailpit: Path traversal & arbitrary file write in mailpit dump --http via attacker-controlled message IDs | |||
| CVE-2026-45709 | medium | — | 5.5 | 19d ago | Mailpit has an incomplete fix for GHSA-6jxm: HTML check still permits SSRF to private/loopback/IMDS via missing IP-filter dialer | |||
| CVE-2026-45692 | medium | — | 5.5 | 19d ago | Caddy: Remote Admin Authorization Bypass in `/config` API via Array Index Normalization | |||
| CVE-2026-45670 | medium | — | 5.5 | 19d ago | Nuxt: Dev server exposes built source over LAN to malicious sites (incomplete fix for GHSA-4gf7-ff8x-hq99) | |||
| CVE-2026-45669 | medium | — | 5.5 | 19d ago | Nuxt: Reflected XSS in `navigateTo()` external redirect | |||
| CVE-2026-45581 | medium | — | 5.5 | 19d ago | fabric-chaincode-java: TLS Private Key Password Disclosed in INFO Startup Logs in Chaincode-as-a-Service Mode | |||
| CVE-2026-46496 | medium | — | 5.5 | 19d ago | HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 26.0.0 due to improper sanitization of the `<video-p… | |||
| CVE-2026-45409 | medium | — | 5.5 | 19d ago | Internationalized Domain Names in Applications (IDNA) for Python provides support for Internationalized Domain Names in Applications (IDNA) and Unicode IDNA Compatibility Processing. In versions prio… |