CVEs from 2026
Total
14,770
critical
critical 1,334
high
high 4,998
medium
medium 4,817
low
low 502
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 723
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-45664 | medium | — | 5.5 | 19d ago | ImageMagick: Policy Bypass in MNG coder could | |||
| CVE-2026-45624 | medium | — | 5.5 | 19d ago | ImageMagick: Heap Buffer Over-Read of a 4 bytes in distort operation. | |||
| CVE-2026-45682 | medium | 5.5 | 5.5 | 19d ago | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the custom CappedConcurrentHashMap introduced for Java TLS state tracking… | |||
| CVE-2026-45246 | medium | 5.5 | 5.5 | 19d ago | Summarize prior to 0.15.1 contains an insecure file permission vulnerability in the refresh-free configuration rewrite path that allows local users to read sensitive credentials by exploiting default… | |||
| CVE-2026-32849 | medium | 5.5 | 5.5 | 19d ago | NetBSD prior to commit ec8451e contains a signed integer overflow vulnerability in the cryptodev_op() function in sys/opencrypto/cryptodev.c where the local variable iov_len is declared as a signed i… | |||
| CVE-2026-45676 | medium | 5.5 | 5.5 | 19d ago | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI's replacement ELF parser trusts section offsets, counts, and string o… | |||
| CVE-2026-45031 | medium | — | 5.5 | 19d ago | ImageMagick: Policy Bypass in PSD decoder | |||
| CVE-2026-41568 | medium | — | 5.5 | 19d ago | Docker: Race condition in docker cp allows creation of arbitrary empty files on the host via symlink swap | |||
| CVE-2026-45358 | medium | — | 5.5 | 19d ago | ImageMagick: Out-of-Bounds Read of a single byte in meta encoder | |||
| CVE-2026-45359 | medium | — | 5.5 | 19d ago | ImageMagick: Out-of-Bounds Read in connected components when the user supplies an invalid keep-top define | |||
| CVE-2026-45701 | medium | — | 5.5 | 19d ago | Sulu is an open-source PHP content management system based on the Symfony framework. Prior to versions 2.6.23 and 3.0.6, the password reset tokenand API key generation uses a weak cryptographical has… | |||
| CVE-2026-45139 | medium | — | 5.5 | 19d ago | CI4MS Fileeditor allows deletion and rename of critical application files due to missing extension allowlist on destructive operations | |||
| CVE-2026-45138 | medium | — | 5.5 | 19d ago | CI4MS: Stored XSS in Blog Content via Broken `html_purify` Validation Rule | |||
| CVE-2026-42326 | medium | — | 5.5 | 19d ago | ImageMagick: Heap Buffer Over-Read in IPTC encoder | |||
| CVE-2026-45577 | medium | — | 5.5 | 19d ago | Neotoma provides versioned records that persist across agent runs. From 0.6.0 to before 0.11.1, Neotoma can treat public reverse-proxied requests as local when the app receives them over a loopback s… | |||
| CVE-2026-46383 | medium | 5.5 | 5.5 | 22d ago | Microsoft APM: Windows absolute-path tar member overwrite during legacy-bundle probing in `apm install` | |||
| CVE-2026-45106 | medium | — | 5.5 | 22d ago | Weblate: Stored HTML injection in editor search preview | |||
| CVE-2026-41971 | medium | 5.5 | 5.5 | 22d ago | Permission control vulnerability in the security control module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||
| CVE-2026-44427 | medium | — | 5.5 | 23d ago | MCP Registry has open redirect via protocol-relative path in trailing-slash middleware | |||
| CVE-2026-44662 | medium | — | 5.5 | 23d ago | rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.0 to before 0.10.79, CipherCtxRef::cipher_update, CipherCtxRef::cipher_update_vec, and symm::Crypter::update incorr… | |||
| CVE-2026-42573 | medium | — | 5.5 | 23d ago | Svelte Vulnerable to XSS via DOM Clobbering of Internal Framework State | |||
| CVE-2026-42567 | medium | — | 5.5 | 23d ago | Svelte: ReDoS in `<svelte:element>` Tag Validation | |||
| CVE-2026-42599 | medium | — | 5.5 | 23d ago | Svelte SSR vulnerable to cross-site scripting via spread attributes | |||
| CVE-2026-8586 | medium | 5.5 | 5.5 | 23d ago | Inappropriate implementation in Chromoting in Google Chrome prior to 148.0.7778.168 allowed a local attacker to bypass discretionary access control via a malicious file. (Chromium security severity: … | |||
| CVE-2026-43996 | medium | 5.5 | 5.5 | 23d ago | OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, the bounds check in TGAInput::decode_… | |||
| CVE-2026-45021 | medium | — | 5.5 | 23d ago | Kuma is a modern Envoy-based service mesh that can run on every cloud across both Kubernetes and VMs. Prior to 2.7.25, 2.9.15, 2.11.13, 2.12.10, and 2.13.5, the default kuma-cp config leaks the admin… | |||
| CVE-2026-44968 | medium | — | 5.5 | 23d ago | dbt MCP Server has an Argument Injection in dbt CLI Tool Wrappers via node_selection and resource_type Parameters | |||
| CVE-2026-46469 | medium | 5.5 | 5.5 | 23d ago | An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemux_parse_trak function does not sufficiently validate atom data before per… | |||
| CVE-2026-44544 | medium | — | 5.5 | 23d ago | gittuf is a platform-agnostic Git security system. Prior to 0.14.0, an attacker with push access to gittuf's Reference State Log (RSL) can roll back the current policy to any previous policy trusted … | |||
| CVE-2026-44885 | medium | 5.5 | 5.5 | 23d ago | Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before … | |||
| CVE-2026-45078 | medium | 5.5 | 5.5 | 23d ago | Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, local authenticated users can cause Synapse to starve other requests of CPU and lead to other requests failing, causing o… | |||
| CVE-2026-44722 | medium | — | 5.5 | 23d ago | pyzipper has an encryption bypass for small files encrypted using it | |||
| CVE-2026-42853 | medium | — | 5.5 | 23d ago | @apostrophecms/cli: Command Injection in apos create via Unsanitized Password Input | |||
| CVE-2026-44308 | medium | — | 5.5 | 23d ago | Spring Cloud AWS missing SNS message signature verification allows spoofing of HTTP/HTTPS endpoint notifications | |||
| CVE-2026-44368 | medium | — | 5.5 | 24d ago | pyquorum: Timing side‑channel in mul_mod | |||
| CVE-2026-44363 | medium | — | 5.5 | 24d ago | misp-modules has nsafe remote resource fetching in expansion | |||
| CVE-2026-44479 | medium | 5.5 | 5.5 | 24d ago | Vercel’s AI Cloud is a unified platform for building modern applications. From 50.16.0 to 52.0.0, hen the Vercel CLI runs in non-interactive mode (--non-interactive or auto-detected AI agent), comma… | |||
| CVE-2026-21022 | medium | 5.5 | 5.5 | 24d ago | Improper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows local attackers to access sensitive information. | |||
| CVE-2026-21016 | medium | 5.5 | 5.5 | 24d ago | Incorrect privilege assignment in LocationManager prior to SMR May-2026 Release 1 allows local attackers to access sensitive information. | |||
| CVE-2026-21015 | medium | 5.5 | 5.5 | 24d ago | Incorrect default permissions in FactoryCamera prior to SMR May-2026 Release 1 allows local attacker to access unique identifier. | |||
| CVE-2026-44720 | medium | — | 5.5 | 24d ago | OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to 2.0.4, a critical authentication vulnerability was identified in OpenLearnX that could allow unauthorized access… | |||
| CVE-2026-31883 | medium | — | 5.5 | 24d ago | Moderate: freerdp security update | |||
| CVE-2026-26986 | medium | — | 5.5 | 24d ago | Moderate: freerdp security update | |||
| CVE-2026-27951 | medium | — | 5.5 | 24d ago | Moderate: freerdp security update | |||
| CVE-2026-29775 | medium | — | 5.5 | 24d ago | Moderate: freerdp security update | |||
| CVE-2026-31884 | medium | — | 5.5 | 24d ago | Moderate: freerdp security update | |||
| CVE-2026-31885 | medium | — | 5.5 | 24d ago | Moderate: freerdp security update | |||
| CVE-2026-33985 | medium | — | 5.5 | 24d ago | Moderate: freerdp security update | |||
| CVE-2026-25952 | medium | — | 5.5 | 24d ago | Moderate: freerdp security update | |||
| CVE-2026-28958 | medium | 5.5 | 5.5 | 24d ago | visionOS 26.5 | |||
| CVE-2026-44652 | medium | — | 5.5 | 25d ago | SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0,… | |||
| CVE-2026-44651 | medium | — | 5.5 | 25d ago | SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0,… | |||
| CVE-2026-35504 | medium | 5.5 | 5.5 | 25d ago | PowerSYSTEM Center email notification service is affected by a CRLF injection vulnerability when using SMTPS communication. | |||
| CVE-2026-44217 | medium | — | 5.5 | 25d ago | sse-channel: SSE Injection via unsanitized event fields | |||
| CVE-2026-42445 | medium | 5.5 | 5.5 | 25d ago | NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the UFS/UFS2 filesystem image parser in NanaZip. The function GetAllPat… | |||
| CVE-2026-42444 | medium | 5.5 | 5.5 | 25d ago | NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a denial-of-service vulnerability exists in the littlefs filesystem image parser in NanaZip. The handler's Open method re… | |||
| CVE-2026-42443 | medium | 5.5 | 5.5 | 25d ago | NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an integer divide-by-zero exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when … | |||
| CVE-2026-42442 | medium | 5.5 | 5.5 | 25d ago | NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a null-pointer dereference exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when… | |||
| CVE-2026-42355 | medium | 5.5 | 5.5 | 25d ago | NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the Electron Archive (ASAR) parser in NanaZip. When opening a crafted .… | |||
| CVE-2026-44279 | medium | 5.5 | 5.5 | 25d ago | A improper export of android application components vulnerability in Fortinet FortiTokenAndroid 6.2 all versions, FortiTokenAndroid 6.1 all versions, FortiTokenAndroid 5.2 all versions may allow atta… | |||
| CVE-2026-44278 | medium | 5.5 | 5.5 | 25d ago | A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.2, FortiClientWindows 7.2 all versions may allow attacker to information disclosure via <insert at… | |||
| CVE-2026-42303 | medium | — | 5.5 | 25d ago | Ethyca Fides has a Privacy Request Identity Verification Bypass Vulnerability via Duplicate Detection | |||
| CVE-2026-41612 | medium | 5.5 | 5.5 | 25d ago | Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally. | |||
| CVE-2026-35440 | medium | 5.5 | 5.5 | 25d ago | Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | |||
| CVE-2026-35419 | medium | 5.5 | 5.5 | 25d ago | Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally. | |||
| CVE-2026-34663 | medium | 5.5 | 5.5 | 25d ago | Illustrator versions 29.8.6, 30.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to d… | |||
| CVE-2026-34662 | medium | 5.5 | 5.5 | 25d ago | Illustrator versions 29.8.6, 30.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerabil… | |||
| CVE-2026-34339 | medium | 5.5 | 5.5 | 25d ago | Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to deny service locally. | |||
| CVE-2026-32185 | medium | 5.5 | 5.5 | 25d ago | Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally. | |||
| CVE-2026-20914 | medium | 5.5 | 5.5 | 25d ago | Null pointer dereference for some Intel(R) QAT software drivers for Windows before version 2.6.0 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with a… | |||
| CVE-2026-20881 | medium | 5.5 | 5.5 | 25d ago | Divide by zero for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authentic… | |||
| CVE-2026-34962 | medium | 5.5 | 5.5 | 25d ago | barebox version prior to 2026.04.0 contains a denial-of-service vulnerability in ext4 directory parsing in fs/ext4/ext4_common.c where the ext4fs_iterate_dir() function fails to validate that directo… | |||
| CVE-2026-20696 | medium | 5.5 | 5.5 | 26d ago | macOS Tahoe 26.4 | |||
| CVE-2026-42875 | medium | — | 5.5 | 26d ago | External Secrets Operator has Namespace Isolation Bypass in CAProvider ConfigMap Resolution for SecretStore | |||
| CVE-2026-42050 | medium | 5.5 | 5.5 | 26d ago | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-21 and 6.9.13-46, a malicious MIFF file could trigger an overflow when a user opens it in… | |||
| CVE-2026-42070 | medium | — | 5.5 | 26d ago | Mantis Bug Tracker (MantisBT) is an open source issue tracker. Prior to 2.28.2, the mc_issue_update() function in MantisBT allows users having update_bug_threshold access (UPDATER, with default setti… | |||
| CVE-2026-41897 | medium | — | 5.5 | 26d ago | Mantis Bug Tracker (MantisBT) is an open source issue tracker. From 1.0.0 to 2.28.1, lack of validation of filter_target parameter on return_dynamic_filters.php (normally used as an AJAX in View Issu… | |||
| CVE-2026-40598 | medium | — | 5.5 | 26d ago | MantisBT has Potential Referer-Based Reflected HTML Injection / XSS in Tag Update Page | |||
| CVE-2026-34970 | medium | — | 5.5 | 26d ago | MantisBT: Bugnote Revision Page Leaks Private Issue Metadata After Issue Access Is Revoked | |||
| CVE-2026-34744 | medium | — | 5.5 | 26d ago | MantisBT has an authorization bypass that allows reading attachments after losing access to a private issue | |||
| CVE-2026-34579 | medium | — | 5.5 | 26d ago | MantisBT has an authorization bypass in private issue monitoring | |||
| CVE-2026-34390 | medium | — | 5.5 | 26d ago | MantisBT Vulnerable to Privilege Escalation from Manager to Administrator | |||
| CVE-2026-44777 | medium | 5.5 | 5.5 | 26d ago | jq is a command-line JSON processor. In 1.8.2rc1 and earlier, the ordinary module loader recurses without cycle detection when two otherwise valid modules include each other. | |||
| CVE-2026-43896 | medium | 5.5 | 5.5 | 26d ago | jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded recursion in jv_object_merge_recursive() allows a crafted jq program to crash the process with a segfault. The function is reachab… | |||
| CVE-2026-43894 | medium | 5.5 | 5.5 | 26d ago | jq is a command-line JSON processor. In 1.8.1 and earlier, when decNumberFromString is given a number literal of INT_MAX-1 (2147483646) digits, the D2U() macro overflows during signed-int arithmetic.… | |||
| CVE-2026-41257 | medium | 5.5 | 5.5 | 26d ago | jq is a command-line JSON processor. In 1.8.1 and earlier, the jq bytecode VM's data stack tracks its allocation size in a signed int. When the stack grows beyond ≈1 GiB (via deeply nested generator … | |||
| CVE-2026-41256 | medium | 5.5 | 5.5 | 26d ago | jq is a command-line JSON processor. In 1.8.1 and earlier, Top-level jq programs loaded from a file with -f are truncated at the first embedded NUL byte on current upstream HEAD. A crafted filter fil… | |||
| CVE-2026-40612 | medium | 5.5 | 5.5 | 26d ago | jq is a command-line JSON processor. In 1.8.1 and earlier, jv_contains recurses into nested arrays/objects with no depth limit. With a sufficiently nested input structure (built programmatically with… | |||
| CVE-2026-33052 | medium | — | 5.5 | 26d ago | MantisBT Has Authorization Bypass in Global Profile Creation | |||
| CVE-2026-8257 | medium | 5.5 | 5.5 | 26d ago | A vulnerability was detected in WebAssembly Binaryen up to 117. This issue affects the function IRBuilder::makeBrOn of the file src/wasm/wasm-ir-builder.cpp of the component BrOn Parser. Performing a… | |||
| CVE-2026-28877 | medium | 5.5 | 5.5 | 26d ago | visionOS 26.4 | |||
| CVE-2026-28996 | medium | 5.5 | 5.5 | 26d ago | visionOS 26.5 | |||
| CVE-2026-28870 | medium | 5.5 | 5.5 | 26d ago | visionOS 26.4 | |||
| CVE-2026-28914 | medium | 5.5 | 5.5 | 26d ago | A logic issue was addressed with improved file handling. This issue is fixed in macOS Tahoe 26.5. A maliciously crafted ZIP archive may bypass Gatekeeper checks. | |||
| CVE-2026-28993 | medium | 5.5 | 5.5 | 26d ago | visionOS 26.5 | |||
| CVE-2026-28988 | medium | 5.5 | 5.5 | 26d ago | visionOS 26.5 | |||
| CVE-2026-8235 | medium | 5.5 | 5.5 | 27d ago | A vulnerability was detected in 8421bit MiniClaw 0.8.0/0.9.0. This issue affects the function resolveSkillScriptPath of the file src/kernel.ts of the component System Command Handler. The manipulatio… | |||
| CVE-2026-8213 | medium | 5.5 | 5.5 | 27d ago | A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manip… | |||
| CVE-2026-8212 | medium | 5.5 | 5.5 | 27d ago | A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-bas… | |||
| CVE-2026-42333 | medium | — | 5.5 | 28d ago | quarkus-openapi-generator has overly broad path-parameter matching that sends authentication headers to unintended operations |