CVEs from 2026
Total
14,798
critical
critical 1,335
high
high 5,011
medium
medium 4,834
low
low 504
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 723
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-40407 | high | 7.8 | 7.8 | 26d ago | Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-40399 | high | 7.8 | 7.8 | 26d ago | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-40398 | high | 7.8 | 7.8 | 26d ago | Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-40397 | high | 7.8 | 7.8 | 26d ago | Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-40382 | high | 7.8 | 7.8 | 26d ago | Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-40381 | high | 7.8 | 7.8 | 26d ago | Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-40377 | high | 7.8 | 7.8 | 26d ago | Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-40369 | high | 7.8 | 7.8 | 26d ago | Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-40362 | high | 7.8 | 7.8 | 26d ago | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-40360 | high | 7.8 | 7.8 | 26d ago | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | |||
| CVE-2026-40359 | high | 7.8 | 7.8 | 26d ago | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-35421 | high | 7.8 | 7.8 | 26d ago | Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-35420 | high | 7.8 | 7.8 | 26d ago | Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-35418 | high | 7.8 | 7.8 | 26d ago | Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-35417 | high | 7.8 | 7.8 | 26d ago | Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-35415 | high | 7.8 | 7.8 | 26d ago | Integer overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-34687 | high | 7.8 | 7.8 | 26d ago | Illustrator versions 29.8.6, 30.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation… | |||
| CVE-2026-34676 | high | 7.8 | 7.8 | 26d ago | Substance3D - Painter versions 12.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation o… | |||
| CVE-2026-34675 | high | 7.8 | 7.8 | 26d ago | Substance3D - Painter versions 12.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation o… | |||
| CVE-2026-34661 | high | 7.8 | 7.8 | 26d ago | Illustrator versions 29.8.6, 30.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of th… | |||
| CVE-2026-34644 | high | 7.8 | 7.8 | 26d ago | After Effects versions 26.0, 25.6.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Explo… | |||
| CVE-2026-34643 | high | 7.8 | 7.8 | 26d ago | After Effects versions 26.0, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of … | |||
| CVE-2026-34642 | high | 7.8 | 7.8 | 26d ago | After Effects versions 26.0, 25.6.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitati… | |||
| CVE-2026-34640 | high | 7.8 | 7.8 | 26d ago | Media Encoder versions 26.0.2, 25.6.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exp… | |||
| CVE-2026-34639 | high | 7.8 | 7.8 | 26d ago | Media Encoder versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation o… | |||
| CVE-2026-34638 | high | 7.8 | 7.8 | 26d ago | Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this … | |||
| CVE-2026-34637 | high | 7.8 | 7.8 | 26d ago | Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of… | |||
| CVE-2026-34636 | high | 7.8 | 7.8 | 26d ago | Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of… | |||
| CVE-2026-34351 | high | 7.8 | 7.8 | 26d ago | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-34344 | high | 7.8 | 7.8 | 26d ago | Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-34343 | high | 7.8 | 7.8 | 26d ago | Heap-based buffer overflow in Windows Application Identity (AppID) Subsystem allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-34338 | high | 7.8 | 7.8 | 26d ago | Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-34337 | high | 7.8 | 7.8 | 26d ago | Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-34336 | high | 7.8 | 7.8 | 26d ago | Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-34334 | high | 7.8 | 7.8 | 26d ago | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-34333 | high | 7.8 | 7.8 | 26d ago | Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-34330 | high | 7.8 | 7.8 | 26d ago | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-33841 | high | 7.8 | 7.8 | 26d ago | Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-33840 | high | 7.8 | 7.8 | 26d ago | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-33838 | high | 7.8 | 7.8 | 26d ago | Double free in Windows Message Queuing allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-33837 | high | 7.8 | 7.8 | 26d ago | Heap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-33835 | high | 7.8 | 7.8 | 26d ago | Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-33834 | high | 7.8 | 7.8 | 26d ago | Improper access control in Windows Event Logging Service allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-32204 | high | 7.8 | 7.8 | 26d ago | External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-20767 | high | 7.8 | 7.8 | 26d ago | Improper input validation for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary… | |||
| CVE-2026-20714 | high | 7.8 | 7.8 | 26d ago | Out-of-bounds write for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a escalation of privilege. Unprivileged software adversary with a… | |||
| CVE-2026-8110 | high | 7.8 | 7.8 | 26d ago | Incorrect permissions assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6 allows a local authenticated attacker to escalate their privileges. | |||
| CVE-2026-32687 | high | 7.8 | 7.8 | 26d ago | Postgrex: Channel-name SQL injection in `Postgrex.Notifications.listen/3` | |||
| CVE-2026-44412 | high | 7.8 | 7.8 | 26d ago | A vulnerability has been identified in Solid Edge SE2026 (All versions < V226.0 Update 5). The affected applications contain a stack based overflow vulnerability while parsing specially crafted PAR f… | |||
| CVE-2026-44411 | high | 7.8 | 7.8 | 26d ago | A vulnerability has been identified in Solid Edge SE2026 (All versions < V226.0 Update 5). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR f… | |||
| CVE-2026-45393 | high | 7.8 | 7.8 | 27d ago | A vulnerability chain in Cribl Edge for Windows before 4.17.1 allows a local authenticated user to escalate privileges to NT AUTHORITY\SYSTEM. Incorrect default permissions on the Windows installer's… | |||
| CVE-2026-45391 | high | 7.8 | 7.8 | 27d ago | A command injection vulnerability in Cribl Edge for Linux versions 3.2.0 through 4.17.0 allows a local unprivileged user to execute arbitrary commands in the context of the Cribl Edge service account. | |||
| CVE-2026-34963 | high | 7.8 | 7.8 | 27d ago | barebox version prior to 2026.04.0 contains multiple memory-safety vulnerabilities in the EFI PE loader in efi/loader/pe.c where integer overflow in virtual image size computation using 32-bit arithm… | |||
| CVE-2026-42046 | high | 7.8 | 7.8 | 27d ago | libcaca is a colour ASCII art library. In 0.99.beta20 and earlier, an integer overflow vulnerability in libcaca's canvas import functionality allows an attacker to cause a controlled heap out-of-boun… | |||
| CVE-2026-7818 | high | 7.8 | 7.8 | 27d ago | pgAdmin 4 has deserialization of untrusted data in its FileBackedSessionManager | |||
| CVE-2026-45004 | high | 7.8 | 7.8 | 27d ago | OpenClaw vulnerable to arbitrary code execution via attacker-controlled setup-api.js loaded from cwd during env-key resolution | |||
| CVE-2026-3609 | high | 7.8 | 7.8 | 27d ago | Wellbia's XIGNCODE3 xhunter1.sys kernel driver Privilege Escalation Vulnerability provides access to IRP_MJ_REITS command interface, which allows any user process to request a PROCESS_ALL_ACCESS. Cr… | |||
| CVE-2026-40636 | high | 7.8 | 7.8 | 27d ago | Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a use of hard-coded credentials vulnerability. An unauthenticated attacker with local access could p… | |||
| CVE-2026-28919 | high | 7.8 | 7.8 | 28d ago | A consistency issue was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to gain root privileges. | |||
| CVE-2026-28915 | high | 7.8 | 7.8 | 28d ago | A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able … | |||
| CVE-2026-28951 | high | 7.8 | 7.8 | 28d ago | An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Ta… | |||
| CVE-2026-28840 | high | 7.8 | 7.8 | 28d ago | macOS Tahoe 26.4 | |||
| CVE-2026-42311 | high | 7.8 | 7.8 | 29d ago | Pillow has an OOB Write with Invalid PSD Tile Extents (Integer Overflow) | |||
| CVE-2026-42301 | high | 7.8 | 7.8 | 29d ago | pyp2spec is Vulnerable to Code Injection | |||
| CVE-2026-43461 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: spi: amlogic: spifc-a4: Fix DMA mapping error handling Fix three bugs in aml_sfc_dma_buffer_setup() error paths: 1. Unnecessary g… | |||
| CVE-2026-43460 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: spi: rockchip-sfc: Fix double-free in remove() callback The driver uses devm_spi_register_controller() for registration, which au… | |||
| CVE-2026-43458 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: serial: caif: hold tty->link reference in ldisc_open and ser_release A reproducer triggers a KASAN slab-use-after-free in pty_wri… | |||
| CVE-2026-43456 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: bonding: fix type confusion in bond_setup_by_slave() kernel BUG at net/core/skbuff.c:2306! Oops: invalid opcode: 0000 [#1] SMP KA… | |||
| CVE-2026-43454 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix for duplicate device in netdev hooks When handling NETDEV_REGISTER notification, duplicate device regis… | |||
| CVE-2026-43447 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: iavf: fix PTP use-after-free during reset Commit 7c01dbfc8a1c5f ("iavf: periodically cache PHC time") introduced a worker to cach… | |||
| CVE-2026-43440 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: net/mana: Null service_wq on setup error to prevent double destroy In mana_gd_setup() error path, set gc->service_wq to NULL afte… | |||
| CVE-2026-43438 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: sched_ext: Remove redundant css_put() in scx_cgroup_init() The iterator css_for_each_descendant_pre() walks the cgroup hierarchy … | |||
| CVE-2026-43437 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain() In the drain loop, the local variable 'runtime' is reas… | |||
| CVE-2026-43434 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: rust_binder: check ownership before using vma When installing missing pages (or zapping them), Rust Binder will look up the vma i… | |||
| CVE-2026-43433 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: rust_binder: avoid reading the written value in offsets array When sending a transaction, its offsets array is first copied into … | |||
| CVE-2026-43426 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: usb: renesas_usbhs: fix use-after-free in ISR during device removal In usbhs_remove(), the driver frees resources (including the … | |||
| CVE-2026-43408 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: ceph: add a bunch of missing ceph_path_info initializers ceph_mdsc_build_path() must be called with a zero-initialized ceph_path_… | |||
| CVE-2026-43388 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: clear walk_control on inactive context in damos_walk() damos_walk() sets ctx->walk_control to the caller-provided … | |||
| CVE-2026-43378 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: smb: server: fix use-after-free in smb2_open() The opinfo pointer obtained via rcu_dereference(fp->f_opinfo) is dereferenced afte… | |||
| CVE-2026-43374 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: net: nexthop: fix percpu use-after-free in remove_nh_grp_entry When removing a nexthop from a group, remove_nh_grp_entry() publis… | |||
| CVE-2026-43370 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix use-after-free race in VM acquire Replace non-atomic vm->process_info assignment with cmpxchg() to prevent race w… | |||
| CVE-2026-43368 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix potential overflow of shmem scatterlist length When a scatterlists table of a GEM shmem object of size 4 GB or more… | |||
| CVE-2026-43366 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: io_uring/kbuf: check if target buffer list is still legacy on recycle There's a gap between when the buffer was grabbed and when … | |||
| CVE-2026-43353 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Fix race in DMA ring dequeue The HCI DMA dequeue path (hci_dma_dequeue_xfer()) may be invoked for multiple tra… | |||
| CVE-2026-43352 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Correct RING_CTRL_ABORT handling in DMA dequeue The logic used to abort the DMA ring contains several flaws: … | |||
| CVE-2026-41570 | high | 7.8 | 7.8 | 1mo ago | PHPUnit is a testing framework for PHP. In versions 12.5.21 and 13.1.5, PHPUnit forwards PHP INI settings to child processes (used for isolated/PHPT test execution) as -d name=value command-line argu… | |||
| CVE-2026-43339 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible UaF in addrconf_permanent_addr() The mentioned helper try to warn the user about an exceptional condition,… | |||
| CVE-2026-43332 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: thermal: core: Fix thermal zone device registration error path If thermal_zone_device_register_with_trips() fails after registeri… | |||
| CVE-2026-43330 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: crypto: caam - fix overflow on long hmac keys When a key longer than block size is supplied, it is copied and then hashed into th… | |||
| CVE-2026-43329 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: strictly check for maximum number of actions The maximum number of flowtable hardware offload actions in IP… | |||
| CVE-2026-43328 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: cpufreq: governor: fix double free in cpufreq_dbs_governor_init() error path When kobject_init_and_add() fails, cpufreq_dbs_gover… | |||
| CVE-2026-43324 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: USB: dummy-hcd: Fix interrupt synchronization error This fixes an error in synchronization in the dummy-hcd driver. The error ha… | |||
| CVE-2026-43321 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Properly mark live registers for indirect jumps For a `gotox rX` instruction the rX register should be marked as used in the… | |||
| CVE-2026-43307 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: iio: accel: adxl380: Avoid reading more entries than present in FIFO The interrupt handler reads FIFO entries in batches of N sam… | |||
| CVE-2026-43303 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: mm/page_alloc: clear page->private in free_pages_prepare() Several subsystems (slub, shmem, ttm, etc.) use page->private but don'… | |||
| CVE-2026-43290 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Return queued buffers on start_streaming() failure Return buffers if streaming fails to start due to uvc_pm_get(… | |||
| CVE-2026-8148 | high | 7.8 | 7.8 | 1mo ago | NAVER MYBOX Explorer for Windows before 3.0.11.160 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM via registry manipulation due to improper privilege checks. | |||
| CVE-2026-43943 | high | 7.8 | 7.8 | 1mo ago | Electerm Security Vulnerability: RCE via malicious SSH server filename in openFileWithEditor | |||
| CVE-2026-8087 | high | 7.8 | 7.8 | 1mo ago | A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is the function GDnentries of the file frmts/hdf4/hdf-eos/GDapi.c. Performing a manipulation of the argument DataFieldNam… | |||
| CVE-2026-8086 | high | 7.8 | 7.8 | 1mo ago | A vulnerability was identified in OSGeo gdal up to 3.13.0dev-4. This issue affects the function SWnentries of the file frmts/hdf4/hdf-eos/SWapi.c. Such manipulation of the argument DimensionName lead… |