CVEs from 2026
Total
14,797
critical
critical 1,335
high
high 5,010
medium
medium 4,834
low
low 504
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 723
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-27766 | medium | 5.5 | 5.5 | 19d ago | in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak. | |||
| CVE-2026-25850 | medium | 5.5 | 5.5 | 19d ago | in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak | |||
| CVE-2026-0967 | medium | 5.5 | 5.5 | 19d ago | Moderate: libssh security update | |||
| CVE-2026-32710 | medium | — | 5.5 | 19d ago | MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Un… | |||
| CVE-2026-31677 | medium | 5.5 | 5.5 | 19d ago | Important: kernel security update | |||
| CVE-2026-23040 | medium | — | 5.5 | 19d ago | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211_hwsim: fix typo in frequency notification The NAN notification is for 5745 MHz which corresponds to channel 149 an… | |||
| CVE-2026-0865 | medium | — | 5.5 | 19d ago | User-controlled header names and values containing newlines can allow injecting HTTP headers. | |||
| CVE-2026-30892 | medium | — | 5.5 | 19d ago | Moderate: crun security update | |||
| CVE-2026-46559 | medium | — | 5.5 | 20d ago | ImageMagick: Heap Buffer Over-Write of a single byte in the JP2 encoder. | |||
| CVE-2026-46557 | medium | — | 5.5 | 20d ago | ImageMagick: Stack overflow in fx operation | |||
| CVE-2026-46523 | medium | — | 5.5 | 20d ago | ImageMagick: Use-After-Free in MSL decoder. | |||
| CVE-2026-46521 | medium | — | 5.5 | 20d ago | ImageMagick: Heap Buffer Over-Write in MIFF encoder when using LZMA compression | |||
| CVE-2026-45664 | medium | — | 5.5 | 20d ago | ImageMagick: Policy Bypass in MNG coder could | |||
| CVE-2026-45624 | medium | — | 5.5 | 20d ago | ImageMagick: Heap Buffer Over-Read of a 4 bytes in distort operation. | |||
| CVE-2026-45682 | medium | 5.5 | 5.5 | 20d ago | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the custom CappedConcurrentHashMap introduced for Java TLS state tracking… | |||
| CVE-2026-45246 | medium | 5.5 | 5.5 | 20d ago | Summarize prior to 0.15.1 contains an insecure file permission vulnerability in the refresh-free configuration rewrite path that allows local users to read sensitive credentials by exploiting default… | |||
| CVE-2026-32849 | medium | 5.5 | 5.5 | 20d ago | NetBSD prior to commit ec8451e contains a signed integer overflow vulnerability in the cryptodev_op() function in sys/opencrypto/cryptodev.c where the local variable iov_len is declared as a signed i… | |||
| CVE-2026-45676 | medium | 5.5 | 5.5 | 20d ago | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI's replacement ELF parser trusts section offsets, counts, and string o… | |||
| CVE-2026-45031 | medium | — | 5.5 | 20d ago | ImageMagick: Policy Bypass in PSD decoder | |||
| CVE-2026-41568 | medium | — | 5.5 | 20d ago | Docker: Race condition in docker cp allows creation of arbitrary empty files on the host via symlink swap | |||
| CVE-2026-45358 | medium | — | 5.5 | 20d ago | ImageMagick: Out-of-Bounds Read of a single byte in meta encoder | |||
| CVE-2026-45359 | medium | — | 5.5 | 20d ago | ImageMagick: Out-of-Bounds Read in connected components when the user supplies an invalid keep-top define | |||
| CVE-2026-45701 | medium | — | 5.5 | 20d ago | Sulu is an open-source PHP content management system based on the Symfony framework. Prior to versions 2.6.23 and 3.0.6, the password reset tokenand API key generation uses a weak cryptographical has… | |||
| CVE-2026-45139 | medium | — | 5.5 | 20d ago | CI4MS Fileeditor allows deletion and rename of critical application files due to missing extension allowlist on destructive operations | |||
| CVE-2026-45138 | medium | — | 5.5 | 20d ago | CI4MS: Stored XSS in Blog Content via Broken `html_purify` Validation Rule | |||
| CVE-2026-42326 | medium | — | 5.5 | 20d ago | ImageMagick: Heap Buffer Over-Read in IPTC encoder | |||
| CVE-2026-45577 | medium | — | 5.5 | 20d ago | Neotoma provides versioned records that persist across agent runs. From 0.6.0 to before 0.11.1, Neotoma can treat public reverse-proxied requests as local when the app receives them over a loopback s… | |||
| CVE-2026-46383 | medium | 5.5 | 5.5 | 23d ago | Microsoft APM: Windows absolute-path tar member overwrite during legacy-bundle probing in `apm install` | |||
| CVE-2026-45106 | medium | — | 5.5 | 23d ago | Weblate: Stored HTML injection in editor search preview | |||
| CVE-2026-41971 | medium | 5.5 | 5.5 | 23d ago | Permission control vulnerability in the security control module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||
| CVE-2026-44427 | medium | — | 5.5 | 24d ago | MCP Registry has open redirect via protocol-relative path in trailing-slash middleware | |||
| CVE-2026-44662 | medium | — | 5.5 | 24d ago | rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.0 to before 0.10.79, CipherCtxRef::cipher_update, CipherCtxRef::cipher_update_vec, and symm::Crypter::update incorr… | |||
| CVE-2026-42573 | medium | — | 5.5 | 24d ago | Svelte Vulnerable to XSS via DOM Clobbering of Internal Framework State | |||
| CVE-2026-42567 | medium | — | 5.5 | 24d ago | Svelte: ReDoS in `<svelte:element>` Tag Validation | |||
| CVE-2026-42599 | medium | — | 5.5 | 24d ago | Svelte SSR vulnerable to cross-site scripting via spread attributes | |||
| CVE-2026-8586 | medium | 5.5 | 5.5 | 24d ago | Inappropriate implementation in Chromoting in Google Chrome prior to 148.0.7778.168 allowed a local attacker to bypass discretionary access control via a malicious file. (Chromium security severity: … | |||
| CVE-2026-43996 | medium | 5.5 | 5.5 | 24d ago | OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, the bounds check in TGAInput::decode_… | |||
| CVE-2026-45021 | medium | — | 5.5 | 24d ago | Kuma is a modern Envoy-based service mesh that can run on every cloud across both Kubernetes and VMs. Prior to 2.7.25, 2.9.15, 2.11.13, 2.12.10, and 2.13.5, the default kuma-cp config leaks the admin… | |||
| CVE-2026-44968 | medium | — | 5.5 | 24d ago | dbt MCP Server has an Argument Injection in dbt CLI Tool Wrappers via node_selection and resource_type Parameters | |||
| CVE-2026-46469 | medium | 5.5 | 5.5 | 24d ago | An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemux_parse_trak function does not sufficiently validate atom data before per… | |||
| CVE-2026-44544 | medium | — | 5.5 | 24d ago | gittuf is a platform-agnostic Git security system. Prior to 0.14.0, an attacker with push access to gittuf's Reference State Log (RSL) can roll back the current policy to any previous policy trusted … | |||
| CVE-2026-44885 | medium | 5.5 | 5.5 | 24d ago | Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before … | |||
| CVE-2026-45078 | medium | 5.5 | 5.5 | 24d ago | Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, local authenticated users can cause Synapse to starve other requests of CPU and lead to other requests failing, causing o… | |||
| CVE-2026-44722 | medium | — | 5.5 | 24d ago | pyzipper has an encryption bypass for small files encrypted using it | |||
| CVE-2026-42853 | medium | — | 5.5 | 24d ago | @apostrophecms/cli: Command Injection in apos create via Unsanitized Password Input | |||
| CVE-2026-44308 | medium | — | 5.5 | 24d ago | Spring Cloud AWS missing SNS message signature verification allows spoofing of HTTP/HTTPS endpoint notifications | |||
| CVE-2026-44368 | medium | — | 5.5 | 25d ago | pyquorum: Timing side‑channel in mul_mod | |||
| CVE-2026-44363 | medium | — | 5.5 | 25d ago | misp-modules has nsafe remote resource fetching in expansion | |||
| CVE-2026-44479 | medium | 5.5 | 5.5 | 25d ago | Vercel’s AI Cloud is a unified platform for building modern applications. From 50.16.0 to 52.0.0, hen the Vercel CLI runs in non-interactive mode (--non-interactive or auto-detected AI agent), comma… | |||
| CVE-2026-21022 | medium | 5.5 | 5.5 | 25d ago | Improper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows local attackers to access sensitive information. | |||
| CVE-2026-21016 | medium | 5.5 | 5.5 | 25d ago | Incorrect privilege assignment in LocationManager prior to SMR May-2026 Release 1 allows local attackers to access sensitive information. | |||
| CVE-2026-21015 | medium | 5.5 | 5.5 | 25d ago | Incorrect default permissions in FactoryCamera prior to SMR May-2026 Release 1 allows local attacker to access unique identifier. | |||
| CVE-2026-44720 | medium | — | 5.5 | 25d ago | OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to 2.0.4, a critical authentication vulnerability was identified in OpenLearnX that could allow unauthorized access… | |||
| CVE-2026-27951 | medium | — | 5.5 | 25d ago | Moderate: freerdp security update | |||
| CVE-2026-26986 | medium | — | 5.5 | 25d ago | Moderate: freerdp security update | |||
| CVE-2026-31883 | medium | — | 5.5 | 25d ago | Moderate: freerdp security update | |||
| CVE-2026-29775 | medium | — | 5.5 | 25d ago | Moderate: freerdp security update | |||
| CVE-2026-31884 | medium | — | 5.5 | 25d ago | Moderate: freerdp security update | |||
| CVE-2026-25952 | medium | — | 5.5 | 25d ago | Moderate: freerdp security update | |||
| CVE-2026-28958 | medium | 5.5 | 5.5 | 25d ago | visionOS 26.5 | |||
| CVE-2026-33985 | medium | — | 5.5 | 25d ago | Moderate: freerdp security update | |||
| CVE-2026-31885 | medium | — | 5.5 | 25d ago | Moderate: freerdp security update | |||
| CVE-2026-44652 | medium | — | 5.5 | 26d ago | SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0,… | |||
| CVE-2026-44651 | medium | — | 5.5 | 26d ago | SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0,… | |||
| CVE-2026-35504 | medium | 5.5 | 5.5 | 26d ago | PowerSYSTEM Center email notification service is affected by a CRLF injection vulnerability when using SMTPS communication. | |||
| CVE-2026-44217 | medium | — | 5.5 | 26d ago | sse-channel: SSE Injection via unsanitized event fields | |||
| CVE-2026-42445 | medium | 5.5 | 5.5 | 26d ago | NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the UFS/UFS2 filesystem image parser in NanaZip. The function GetAllPat… | |||
| CVE-2026-42444 | medium | 5.5 | 5.5 | 26d ago | NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a denial-of-service vulnerability exists in the littlefs filesystem image parser in NanaZip. The handler's Open method re… | |||
| CVE-2026-42443 | medium | 5.5 | 5.5 | 26d ago | NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an integer divide-by-zero exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when … | |||
| CVE-2026-42442 | medium | 5.5 | 5.5 | 26d ago | NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a null-pointer dereference exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when… | |||
| CVE-2026-42355 | medium | 5.5 | 5.5 | 26d ago | NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the Electron Archive (ASAR) parser in NanaZip. When opening a crafted .… | |||
| CVE-2026-44279 | medium | 5.5 | 5.5 | 26d ago | A improper export of android application components vulnerability in Fortinet FortiTokenAndroid 6.2 all versions, FortiTokenAndroid 6.1 all versions, FortiTokenAndroid 5.2 all versions may allow atta… | |||
| CVE-2026-44278 | medium | 5.5 | 5.5 | 26d ago | A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.2, FortiClientWindows 7.2 all versions may allow attacker to information disclosure via <insert at… | |||
| CVE-2026-42303 | medium | — | 5.5 | 26d ago | Ethyca Fides has a Privacy Request Identity Verification Bypass Vulnerability via Duplicate Detection | |||
| CVE-2026-41612 | medium | 5.5 | 5.5 | 26d ago | Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally. | |||
| CVE-2026-35440 | medium | 5.5 | 5.5 | 26d ago | Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | |||
| CVE-2026-35419 | medium | 5.5 | 5.5 | 26d ago | Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally. | |||
| CVE-2026-34663 | medium | 5.5 | 5.5 | 26d ago | Illustrator versions 29.8.6, 30.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to d… | |||
| CVE-2026-34662 | medium | 5.5 | 5.5 | 26d ago | Illustrator versions 29.8.6, 30.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerabil… | |||
| CVE-2026-34339 | medium | 5.5 | 5.5 | 26d ago | Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to deny service locally. | |||
| CVE-2026-32185 | medium | 5.5 | 5.5 | 26d ago | Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally. | |||
| CVE-2026-20914 | medium | 5.5 | 5.5 | 26d ago | Null pointer dereference for some Intel(R) QAT software drivers for Windows before version 2.6.0 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with a… | |||
| CVE-2026-20881 | medium | 5.5 | 5.5 | 26d ago | Divide by zero for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authentic… | |||
| CVE-2026-34962 | medium | 5.5 | 5.5 | 26d ago | barebox version prior to 2026.04.0 contains a denial-of-service vulnerability in ext4 directory parsing in fs/ext4/ext4_common.c where the ext4fs_iterate_dir() function fails to validate that directo… | |||
| CVE-2026-20696 | medium | 5.5 | 5.5 | 27d ago | macOS Tahoe 26.4 | |||
| CVE-2026-42875 | medium | — | 5.5 | 27d ago | External Secrets Operator has Namespace Isolation Bypass in CAProvider ConfigMap Resolution for SecretStore | |||
| CVE-2026-42050 | medium | 5.5 | 5.5 | 27d ago | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-21 and 6.9.13-46, a malicious MIFF file could trigger an overflow when a user opens it in… | |||
| CVE-2026-42070 | medium | — | 5.5 | 27d ago | Mantis Bug Tracker (MantisBT) is an open source issue tracker. Prior to 2.28.2, the mc_issue_update() function in MantisBT allows users having update_bug_threshold access (UPDATER, with default setti… | |||
| CVE-2026-41897 | medium | — | 5.5 | 27d ago | Mantis Bug Tracker (MantisBT) is an open source issue tracker. From 1.0.0 to 2.28.1, lack of validation of filter_target parameter on return_dynamic_filters.php (normally used as an AJAX in View Issu… | |||
| CVE-2026-40598 | medium | — | 5.5 | 27d ago | MantisBT has Potential Referer-Based Reflected HTML Injection / XSS in Tag Update Page | |||
| CVE-2026-34970 | medium | — | 5.5 | 27d ago | MantisBT: Bugnote Revision Page Leaks Private Issue Metadata After Issue Access Is Revoked | |||
| CVE-2026-34744 | medium | — | 5.5 | 27d ago | MantisBT has an authorization bypass that allows reading attachments after losing access to a private issue | |||
| CVE-2026-34579 | medium | — | 5.5 | 27d ago | MantisBT has an authorization bypass in private issue monitoring | |||
| CVE-2026-34390 | medium | — | 5.5 | 27d ago | MantisBT Vulnerable to Privilege Escalation from Manager to Administrator | |||
| CVE-2026-44777 | medium | 5.5 | 5.5 | 27d ago | jq is a command-line JSON processor. In 1.8.2rc1 and earlier, the ordinary module loader recurses without cycle detection when two otherwise valid modules include each other. | |||
| CVE-2026-43896 | medium | 5.5 | 5.5 | 27d ago | jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded recursion in jv_object_merge_recursive() allows a crafted jq program to crash the process with a segfault. The function is reachab… | |||
| CVE-2026-43894 | medium | 5.5 | 5.5 | 27d ago | jq is a command-line JSON processor. In 1.8.1 and earlier, when decNumberFromString is given a number literal of INT_MAX-1 (2147483646) digits, the D2U() macro overflows during signed-int arithmetic.… | |||
| CVE-2026-41257 | medium | 5.5 | 5.5 | 27d ago | jq is a command-line JSON processor. In 1.8.1 and earlier, the jq bytecode VM's data stack tracks its allocation size in a signed int. When the stack grows beyond ≈1 GiB (via deeply nested generator … | |||
| CVE-2026-41256 | medium | 5.5 | 5.5 | 27d ago | jq is a command-line JSON processor. In 1.8.1 and earlier, Top-level jq programs loaded from a file with -f are truncated at the first embedded NUL byte on current upstream HEAD. A crafted filter fil… | |||
| CVE-2026-40612 | medium | 5.5 | 5.5 | 27d ago | jq is a command-line JSON processor. In 1.8.1 and earlier, jv_contains recurses into nested arrays/objects with no depth limit. With a sufficiently nested input structure (built programmatically with… |