CVEs from 2026
Total
14,798
critical
critical 1,335
high
high 5,011
medium
medium 4,834
low
low 504
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 723
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-23443 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: Fix previous acpi_processor_errata_piix4() fix After commi f132e089fe89 ("ACPI: processor: Fix NULL-pointer dere… | |||
| CVE-2026-23445 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: igc: fix page fault in XDP TX timestamps handling If an XDP application that requested TX timestamping is shutting down while the… | |||
| CVE-2026-23446 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: usb: aqc111: Do not perform PM inside suspend callback syzbot reports "task hung in rpm_resume" This is caused by aqc111_su… | |||
| CVE-2026-23447 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds check The same bounds-check bug fixed for NDP16 in the previous patch al… | |||
| CVE-2026-31788 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: restrict usage in unprivileged domU The Xen privcmd driver allows to issue arbitrary hypercalls from user space proc… | |||
| CVE-2026-3446 | unknown | — | — | — | When calling base64.b64decode() or related functions the decoding process would stop after encountering the first padded quad regardless of whether there was more information to be processed. This ca… | |||
| CVE-2026-5122 | unknown | — | — | — | A security flaw has been discovered in osrg GoBGP up to 4.3.0. This affects the function DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component BGP OPEN Message Handler. Performing a mani… | |||
| CVE-2026-5123 | unknown | — | — | — | A weakness has been identified in osrg GoBGP up to 4.3.0. This impacts the function DecodeFromBytes of the file pkg/packet/bgp/bgp.go. Executing a manipulation of the argument data[1] can lead to off… | |||
| CVE-2026-5124 | unknown | — | — | — | A security vulnerability has been detected in osrg GoBGP up to 4.3.0. Affected is the function BGPHeader.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component BGP Header Handler. The man… | |||
| CVE-2026-42784 | unknown | — | — | — | ||||
| CVE-2026-41438 | unknown | — | — | — | ||||
| CVE-2026-8341 | unknown | — | — | — | ||||
| CVE-2026-25916 | unknown | — | — | — | Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Block remote images" is used, does not block SVG feImage. | |||
| CVE-2026-26079 | unknown | — | — | — | Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS) injection, e.g., because comments are mishandled. | |||
| CVE-2026-40517 | unknown | — | — | — | radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's print_gvars() function that allows attackers to execute arbitrary commands by crafting a malicious PDB file with … | |||
| CVE-2026-6940 | unknown | — | — | — | radare2 prior to 6.1.4 contains a path traversal vulnerability in project deletion that allows local attackers to recursively delete arbitrary directories by supplying absolute paths that escape the … | |||
| CVE-2026-6941 | unknown | — | — | — | radare2 prior to 6.1.4 contains a path traversal vulnerability in its project notes handling that allows attackers to read or write files outside the configured project directory by importing a malic… | |||
| CVE-2026-50142 | unknown | — | — | — | ||||
| CVE-2026-28295 | unknown | — | — | — | A flaw was found in the FTP GVfs backend. A malicious FTP server can exploit this vulnerability by providing an arbitrary IP address and port in its passive mode (PASV) response. The client unconditi… | |||
| CVE-2026-3479 | unknown | — | — | — | DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.get_data() has the same security model as open(). The documentation has been updated to clarify this point. … | |||
| CVE-2026-41436 | unknown | — | — | — | ||||
| CVE-2026-6780 | unknown | — | — | — | Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | |||
| CVE-2026-0902 | unknown | — | — | — | Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medi… | |||
| CVE-2026-0904 | unknown | — | — | — | Incorrect security UI in Digital Credentials in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-0905 | unknown | — | — | — | Insufficient policy enforcement in Network in Google Chrome prior to 144.0.7559.59 allowed an attack who obtained a network log file to potentially obtain potentially sensitive information via a netw… | |||
| CVE-2026-0907 | unknown | — | — | — | Incorrect security UI in Split View in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2026-0906 | unknown | — | — | — | Incorrect security UI in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity… | |||
| CVE-2026-36229 | unknown | — | — | 16h ago | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||
| CVE-2026-10725 | unknown | — | — | 1d ago | Protocol::HTTP2 versions through 1.12 for Perl is vulnerable to a HTTP/2 Bomb. Protocol::HTTP2's inbound HPACK path has no header-list size limit, so a small HTTP/2 request can expand into large ser… | |||
| CVE-2026-6242 | unknown | — | — | 2d ago | An authenticated format string vulnerability exists in the ONVIF Subscribe service in Tapo C520WS v2 due to improper handling of externally supplied parameters within formatting functions. An attacke… | |||
| CVE-2026-6241 | unknown | — | — | 2d ago | An authenticated format string vulnerability is present in the ONVIF AddScopes in Tapo C520WS v2, where user-controlled input is improperly passed to formatting functions without adequate sanitizatio… | |||
| CVE-2026-6240 | unknown | — | — | 2d ago | A stack-based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF DeleteUsers service, due to insufficient boundary checks when handling multiple user deletion parameters. An authenti… | |||
| CVE-2026-6239 | unknown | — | — | 2d ago | A stack‑based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF CreateUsers service, where the device fails to properly validate the number of XML user nodes during request processi… | |||
| CVE-2026-34123 | unknown | — | — | 2d ago | On Tapo C520WS v2, restricted accounts (for example, hub users) are intended to execute only a limited set of low‑sensitivity operations. Due to a logic flaw in the device’s API authorization mechani… | |||
| CVE-2026-36785 | unknown | — | — | 2d ago | Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered to contain a stack overflow in the page parameter of the fromDhcpListClient function. This vulnerability allows attackers to cau… | |||
| CVE-2026-11423 | unknown | — | — | 2d ago | A path traversal vulnerability exists in the Altium Enterprise Server Collaboration Service due to improper handling of user-supplied filenames in the MCAD and Simulation file download flows. A regul… | |||
| CVE-2026-11431 | unknown | — | — | 2d ago | A path traversal vulnerability exists in the Projects Service download endpoint shared by Altium Enterprise Server and Altium 365. An authenticated user can supply a crafted path parameter that bypas… | |||
| CVE-2026-11429 | unknown | — | — | 2d ago | A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequence of post-clone file-manipulation operations that us… | |||
| CVE-2026-11424 | unknown | — | — | 2d ago | A server-side request forgery (SSRF) vulnerability exists in a GraphQL service component shared by Altium Enterprise Server and Altium 365. An authenticated user can submit a request whose input is t… | |||
| CVE-2026-47743 | unknown | — | — | 2d ago | Shopper: Multiple data integrity and disclosure issues in admin Livewire components | |||
| CVE-2026-45779 | unknown | — | — | 2d ago | OpenXDMoD is an open framework for collecting and analyzing HPC metrics. An SQL injection vulnerability exists in Open XDMoD versions prior to 10.0.3 that allows an unauthenticated remote attacker to… | |||
| CVE-2026-45778 | unknown | — | — | 2d ago | OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, an authenticated attacker can inject malicious JavaScript into their Open XDMoD user profile and abus… | |||
| CVE-2026-45777 | unknown | — | — | 2d ago | OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Starting in version 9.5.0 and prior to version 11.0.3, an attacker can remotely execute arbitrary system commands on the web s… | |||
| CVE-2026-11420 | unknown | — | — | 2d ago | Two path traversal vulnerabilities in the Network Installation Service (NIS) of Altium Enterprise Server allow an unauthenticated network attacker to write arbitrary files to any writable location on… | |||
| CVE-2026-11419 | unknown | — | — | 2d ago | A path traversal vulnerability exists in the Altium Enterprise Server Vault Service UploadController due to improper validation of a user-controlled path component in image upload requests. An authen… | |||
| CVE-2026-45776 | unknown | — | — | 2d ago | OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, a flaw in Open XDMoD's access control logic allows an attacker to submit a crafted HTTPS POST request… | |||
| CVE-2026-46401 | unknown | — | — | 2d ago | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.0 suffer from an improper session termination vulnerability where authentication tokens remain valid after … | |||
| CVE-2026-46399 | unknown | — | — | 2d ago | HAX CMS helps manage microsite universe with PHP or NodeJs backends. The PHP version of HAX CMS prior to version 26.0.0 has an authenticated file overwrite vulnerability. An attacker can exploit this… | |||
| CVE-2026-46394 | unknown | — | — | 2d ago | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an OS command injection vulnerability exists in the Git.php library of the HAXcms PHP backend. The applic… | |||
| CVE-2026-46390 | unknown | — | — | 2d ago | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 2.0.0 and prior to version 26.0.0, the gitlist plugin is exposed to unauthenticated users, allowing unauthenti… | |||
| CVE-2026-46400 | unknown | — | — | 2d ago | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 11.0.6 and prior to version 25.0.0, the file upload functionality in HAXCMS PHP only validates file extensions… | |||
| CVE-2026-46398 | unknown | — | — | 2d ago | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 25.0.0 and prior to version 26.0.0, the haxcms_refresh_token cookie is set without the Secure flag. This allow… | |||
| CVE-2026-11414 | unknown | — | — | 2d ago | A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service. Because the key is identical across all installations, an unauthenticated network a… | |||
| CVE-2026-47731 | unknown | — | — | 2d ago | NASA AMMOS Instrument Toolkit: Path traversal resulting in arbitrary file append (can be triggered over the network by unauthenticated attacker) | |||
| CVE-2026-8714 | unknown | — | — | 2d ago | A denial-of-service vulnerability exists in the RTSP server component of TP-Link Tapo C520WS v2 due to improper handling of syntactically invalid input. Crafted inputs can trigger a processing error… | |||
| CVE-2026-49343 | unknown | — | — | 2d ago | Klever-Go KVM: Throttler slot leak in trie account-data sync causes epoch bootstrap / state sync DoS | |||
| CVE-2026-48017 | unknown | — | — | 2d ago | DbGate: Remote Code Execution via functionName injection in loadReader endpoint | |||
| CVE-2026-47684 | unknown | — | — | 2d ago | Sync-in Server: SSRF protection bypass via IPv4-mapped IPv6 addresses in regExpPrivateIP | |||
| CVE-2026-47680 | unknown | — | — | 2d ago | Source controller: Improper path handling allows traversal | |||
| CVE-2026-47670 | unknown | — | — | 2d ago | Authenticated Remote Code Execution via loadReader functionName code injection in DbGate | |||
| CVE-2026-47419 | unknown | — | — | 2d ago | praisonai-platform: Agent endpoints accept any agent_id without workspace ownership check, cross-workspace read/update/delete IDOR | |||
| CVE-2026-47669 | unknown | — | — | 2d ago | DbGate: Zip Slip in archive/unzip allows arbitrary file write leading to RCE | |||
| CVE-2026-47668 | unknown | — | — | 2d ago | DbGate: Unauthenticated Remote Code Execution via JSON Script Runner | |||
| CVE-2026-47388 | unknown | — | — | 2d ago | NocoDB: Missing Ownership Check in MCP Attachment Read | |||
| CVE-2026-47387 | unknown | — | — | 2d ago | NocoDB: Stored Cross-Site Scripting via Form View Redirect URL | |||
| CVE-2026-47386 | unknown | — | — | 2d ago | NocoDB: OAuth Authorization Code Race Condition | |||
| CVE-2026-47385 | unknown | — | — | 2d ago | NocoDB: Path Traversal via SQLite Source Filename | |||
| CVE-2026-47384 | unknown | — | — | 2d ago | NocoDB: SQL Injection via Column Title in Bulk GroupBy | |||
| CVE-2026-47383 | unknown | — | — | 2d ago | NocoDB: Stored Cross-Site Scripting via Row Comments | |||
| CVE-2026-47382 | unknown | — | — | 2d ago | NocoDB: Server-Side Request Forgery via Database Connection Host | |||
| CVE-2026-9270 | unknown | — | — | 2d ago | DataDog::DogStatsd versions through 0.07 for Perl allow metric injections. DataDog::DogStatsd does not properly sanitise input, allowing metric injections of data from untrusted sources. The send_s… | |||
| CVE-2026-11362 | unknown | — | — | 2d ago | DataDog::DogStatsd versions through 0.07 for Perl allow metric injections from event tags. DataDog::DogStatsd does not properly sanitise input, allowing metric injections of data from untrusted sour… | |||
| CVE-2026-47381 | unknown | — | — | 2d ago | NocoDB: Cross-Workspace Integration Use in Connection Test | |||
| CVE-2026-47380 | unknown | — | — | 2d ago | NocoDB: User Enumeration via Sign-In Timing | |||
| CVE-2026-47379 | unknown | — | — | 2d ago | NocoDB: Plaintext Password Comparison in Shared Views | |||
| CVE-2026-47378 | unknown | — | — | 2d ago | NocoDB: Hidden Column Exposure in Public Shared View Endpoints | |||
| CVE-2026-47377 | unknown | — | — | 2d ago | NocoDB: Open Redirect via Hash Fragment in hashRedirect Plugin | |||
| CVE-2026-47376 | unknown | — | — | 2d ago | NocoDB: Reflected Cross-Site Scripting via Password Reset Token | |||
| CVE-2026-47375 | unknown | — | — | 2d ago | NocoDB: Postgres SQL Injection in Formula `ARRAYSORT` | |||
| CVE-2026-47279 | unknown | — | — | 2d ago | NocoDB: Hidden LTAR Column Exposure in Public Shared-View Relation Endpoints | |||
| CVE-2026-47250 | unknown | — | — | 2d ago | MCP Server Kubernetes: kubectl-generic flag injection enables Kubernetes bearer token exfiltration | |||
| CVE-2026-47249 | unknown | — | — | 2d ago | Klever-Go KVM: Hash-array amplification in P2P resolver request handling | |||
| CVE-2026-45726 | unknown | — | — | 2d ago | Omni: Reader-level users can retrieve imported cluster CA keys via ResourceService | |||
| CVE-2026-45723 | unknown | — | — | 2d ago | Omni: Operator can traverse image-factory API paths via unsanitized `talos_version` in CreateSchematic | |||
| CVE-2026-45720 | unknown | — | — | 2d ago | Omni has a TOCTOU race condition that allows multiple concurrent uses of a single-use SAML session token | |||
| CVE-2026-38579 | unknown | — | — | 2d ago | Multiple reflected Cross-Site Scripting (XSS) vulnerabilities in damasac thaipalliative_lte through version 3.0 allow remote attackers to inject arbitrary web script or HTML via the idFormMain parame… | |||
| CVE-2026-10879 | unknown | — | — | 2d ago | DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL placeholder characters to numbered binders of the for… | |||
| CVE-2026-38500 | unknown | — | — | 2d ago | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||
| CVE-2026-11369 | unknown | — | — | 2d ago | The Comment API (GET /api/Comment and POST /api/Comment) in the affected application fails to perform authorization checks to verify that the requesting user has access to the object identified by th… | |||
| CVE-2026-25659 | unknown | — | — | 2d ago | Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Missing Values (CWE-230) vulnerability where an attacker continuously sending a specially crafted message can… | |||
| CVE-2026-25658 | unknown | — | — | 2d ago | Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Missing Values (CWE-230) vulnerability where an attacker continuously sending a specially crafted message can… | |||
| CVE-2026-25657 | unknown | — | — | 2d ago | Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Syntactically Invalid Structure (CWE-228) vulnerability where an attacker continuously sending a specially cr… | |||
| CVE-2026-11346 | unknown | — | — | 2d ago | A Server-Side Request Forgery (SSRF) vulnerability in the custom process creation feature of linqi allows an authenticated attacker to probe internal network components. By crafting a specific proces… | |||
| CVE-2026-11345 | unknown | — | — | 2d ago | An Improper Authentication vulnerability in the /api/Cdn/GetFile endpoint of linqi allows unauthenticated, remote attackers to bypass file access controls. The ValidateAnonFileAccess function incorre… | |||
| CVE-2026-8914 | unknown | — | — | 2d ago | In Teltonika Networks RUTOS devices, running versions 7.22 through 7.23.2 and TSWOS devices running versions 1.09 through 1.09.1, due to unsafe calls to an eval function in rpc-profile, a vulnerabili… | |||
| CVE-2026-21038 | unknown | — | — | 2d ago | Improper input validation in Samsung Android USB Driver for Windows prior to version 1.9.5.0 allows local attacker to access out-of-bounds memory. | |||
| CVE-2026-21037 | unknown | — | — | 2d ago | Improper input validation in Samsung Members prior to version 5.8.01.5 allows local attackers to access arbitrary URL and launch arbitrary activity with Samsung Members privilege. | |||
| CVE-2026-21036 | unknown | — | — | 2d ago | Improper authorization in Samsung Internet prior to version 30.0.0.39 allows local attackers to access sensitive information. | |||
| CVE-2026-21035 | unknown | — | — | 2d ago | Improper input validation in Samsung Plus TV prior to version 1.0.28.6 allows remote attackers to access sensitive information. | |||
| CVE-2026-21034 | unknown | — | — | 2d ago | Improper export of android application components in Samsung Auto prior to version 3.1.2.61 in Android 15 and 3.2.0.38 in Android 16 allows local attacker to change audio configuration. |