CVEs from 2026
Total
14,777
critical
critical 1,334
high
high 5,000
medium
medium 4,821
low
low 503
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 723
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-32857 | high | 8.6 | 8.6 | 2mo ago | Firecrawl version 2.8.0 and prior contain a server-side request forgery (SSRF) protection bypass vulnerability in the Playwright scraping service where network policy validation is applied only to th… | |||
| CVE-2026-27764 | high | 8.6 | 8.6 | 3mo ago | The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predi… | |||
| CVE-2026-20748 | high | 8.6 | 8.6 | 3mo ago | The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predi… | |||
| CVE-2026-24912 | high | 8.6 | 8.6 | 3mo ago | The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predi… | |||
| CVE-2026-20082 | high | 8.6 | 8.6 | 3mo ago | A vulnerability in the handling of the embryonic connection limits in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause incomin… | |||
| CVE-2026-49120 | high | 8.5 | 8.5 | 4d ago | Medplum before 5.1.14 contains a server-side request forgery vulnerability in the subscription worker that allows authenticated users to perform unauthorized internal network requests by creating FHI… | |||
| CVE-2026-9330 | high | 8.5 | 8.5 | 5d ago | IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. This could result in remo… | |||
| CVE-2026-35563 | high | 8.5 | 8.5 | 5d ago | It was identified that the LDAP client implementation in version 2.1.7 does not verify if the server certificate matches the intended LDAP hostname. While the underlying code validates the certifica… | |||
| CVE-2026-49489 | high | 8.5 | 8.5 | 6d ago | OpenCATS through 0.9.7.4 contains a sql injection vulnerability in the sortDirection parameter of the DataGrid component that allows authenticated users to extract database contents. Attackers can in… | |||
| CVE-2026-47201 | high | 8.5 | 8.5 | 8d ago | authentik's XML Signature Wrapping in SAML Source ACS allows authentication as arbitrary federated user | |||
| CVE-2026-46820 | high | 8.5 | 8.5 | 9d ago | Vulnerability in the Oracle Financials Common Modules product of Oracle E-Business Suite (component: Common Components). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable v… | |||
| CVE-2026-48153 | high | 8.5 | 8.5 | 10d ago | Budibase is an open-source low-code platform. Prior to 3.39.0, fetchToken in the OAuth2 SDK makes a POST to a builder-supplied URL with plain node-fetch, skipping the blacklist.isBlacklisted check th… | |||
| CVE-2026-49046 | high | 8.5 | 8.5 | 10d ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Arjun Thakur Duplicate Page and Post allows Blind SQL Injection. This issue affects Duplicate Pa… | |||
| CVE-2026-42730 | high | 8.5 | 8.5 | 10d ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.Th… | |||
| CVE-2026-44706 | high | 8.5 | 8.5 | 11d ago | Chatwoot is a customer engagement suite. From 2.2.0 to before 4.11.2, a SQL injection vulnerability exists in the conversation and contact filter APIs. When filtering by a custom attribute of type da… | |||
| CVE-2026-48837 | high | 8.5 | 8.5 | 12d ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Unlimited Elements For Elementor allows Blind SQL Injection. This issue affects Unlimited Elemen… | |||
| CVE-2026-3515 | high | 8.5 | 8.5 | 13d ago | A vulnerability in the `GitHubRepository` block of the `prefect-github` integration in Prefect version 3.6.18 allows an attacker to inject arbitrary git command-line options via the `reference` field… | |||
| CVE-2026-46372 | high | 8.5 | 8.5 | 18d ago | SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0,… | |||
| CVE-2026-45401 | high | 8.5 | 8.5 | 22d ago | Open WebUI has a SSRF Bypass via HTTP Redirect Following in Web-Fetch and Image-Load Endpoints (not addressed by CVE-2025-65958) | |||
| CVE-2026-45400 | high | 8.5 | 8.5 | 22d ago | Open WebUI has a Server-Side Request Forgery (SSRF) bypass in `validate_url` | |||
| CVE-2026-45331 | high | 8.5 | 8.5 | 23d ago | Open WebUI has a full SSRF Vulnerability in the RAG Web Search Feature | |||
| CVE-2026-44850 | high | 8.5 | 8.5 | 23d ago | Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before … | |||
| CVE-2026-43998 | high | 8.5 | 8.5 | 24d ago | vm2 has a NodeVM require.root bypass via symlink traversal that allows sandbox escape | |||
| CVE-2026-44797 | high | 8.5 | 8.5 | 24d ago | Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot's Webhook data model and associated feature set could be configured by users with sufficient… | |||
| CVE-2026-43989 | high | 8.5 | 8.5 | 25d ago | JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the upload_wasm MCP tool accepted a filesystem path from the agent and uploaded whatever bytes the path resolved t… | |||
| CVE-2026-45214 | high | 8.5 | 8.5 | 25d ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows Blind SQL Injection.This issue affects Xp… | |||
| CVE-2026-45211 | high | 8.5 | 8.5 | 25d ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saad Iqbal APIExperts Square for WooCommerce woosquare allows Blind SQL Injection.This issue affe… | |||
| CVE-2026-42742 | high | 8.5 | 8.5 | 25d ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aman Views for WPForms views-for-wpforms-lite allows Blind SQL Injection.This issue affects Views… | |||
| CVE-2026-42741 | high | 8.5 | 8.5 | 25d ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aman Ninja Forms Views – Display & Edit Ninja Forms Submissions on your site frontend v… | |||
| CVE-2026-42449 | high | 8.5 | 8.5 | 1mo ago | n8n-mcp's IPv4-mapped IPv6 addresses bypass SSRF protection in validateUrlSync(), enabling full SSRF for SDK embedders | |||
| CVE-2026-34474 | high | 7.5 | 8.5 | 1mo ago | Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A 1.1 and H108N 2.6. A crafted request to the router web interface can expose sensitive device and account information. I… | |||
| CVE-2026-34473 | high | 7.5 | 8.5 | 1mo ago | Unauthenticated DoS in ZTE H8102E, H168N, H167A, H199A, H288A, H198A, H267A, H267N, H268A, H388X, H196A, H369A, H268N, H208N, H367N, H181A, and H196Q. A denial-of-service condition can be triggered a… | |||
| CVE-2026-42860 | high | 8.5 | 8.5 | 1mo ago | edx-enterprise has SSRF via SAML metadata URL in sync_provider_data endpoint | |||
| CVE-2026-42439 | high | 8.5 | 8.5 | 1mo ago | OpenClaw: Browser tabs action select and close routes bypassed SSRF policy | |||
| CVE-2026-41914 | high | 8.5 | 8.5 | 1mo ago | OpenClaw QQ Bot Extension missing SSRF Protection on All Media Fetch Paths | |||
| CVE-2026-41371 | high | 8.5 | 8.5 | 1mo ago | OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in chat.send that allows write-scoped gateway callers to trigger admin-only session reset operations. Attackers can rotate targ… | |||
| CVE-2026-34352 | high | 8.5 | 8.5 | 1mo ago | In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an application crash, because of incorrect permissions. | |||
| CVE-2026-41461 | high | 8.5 | 8.5 | 1mo ago | SocialEngine versions 7.8.0 and prior contain a blind server-side request forgery vulnerability in the /core/link/preview endpoint where user-supplied input passed via the uri request parameter is no… | |||
| CVE-2026-41455 | high | 8.5 | 8.5 | 2mo ago | WeKan before 8.35 contains a server-side request forgery vulnerability in webhook integration URL handling where the URL scheme field accepts any string without protocol restriction or destination va… | |||
| CVE-2026-35548 | high | 8.5 | 8.5 | 2mo ago | An issue was discovered in guardsix (formerly Logpoint) ODBC Enrichment Plugins before 5.2.1 (5.2.1 is used in guardsix 7.9.0.0). A logic flaw allowed stored database credentials to be reused after m… | |||
| CVE-2026-40938 | high | 8.5 | 8.5 | 2mo ago | Tekton Pipeline: Git Resolver Unsanitized Revision Parameter Enables git Argument Injection Leading to RCE | |||
| CVE-2026-21997 | high | 8.5 | 8.5 | 2mo ago | Vulnerability in the Oracle Life Sciences Empirica Signal product of Oracle Life Science Applications (component: Common Core). Supported versions that are affected are 9.2.1-9.2.3. Easily exploitab… | |||
| CVE-2026-39486 | high | 8.5 | 8.5 | 2mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Chill Download Monitor download-monitor allows Blind SQL Injection.This issue affects Download… | |||
| CVE-2026-28133 | high | 8.5 | 8.5 | 3mo ago | Unrestricted Upload of File with Dangerous Type vulnerability in WP Chill Filr filr-protection allows Upload a Web Shell to a Web Server.This issue affects Filr: from n/a through <= 1.2.14. | |||
| CVE-2026-26980 | high | 7.5 | 8.5 | 4mo ago | Ghost has a SQL injection in Content API | |||
| CVE-2026-24572 | high | 8.5 | 8.5 | 4mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nelio Software Nelio Content nelio-content allows Blind SQL Injection.This issue affects Nelio Co… | |||
| CVE-2026-24367 | high | 8.5 | 8.5 | 5mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler traveler allows Blind SQL Injection.This issue affects Traveler: from n/a thr… | |||
| CVE-2026-46270 | high | 8.4 | 8.4 | 3d ago | In the Linux kernel, the following vulnerability has been resolved: power: supply: rt9455: Fix use-after-free in power_supply_changed() Using the `devm_` variant for requesting IRQ _before_ the `de… | |||
| CVE-2026-46251 | high | 8.4 | 8.4 | 3d ago | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix block_group_tree dirty_list corruption When the incompat flag EXTENT_TREE_V2 is set, we unconditionally add the block … | |||
| CVE-2026-6824 | high | 8.4 | 8.4 | 8d ago | A stored cross-site scripting (XSS) vulnerability exists in certain 1xxx series NVR devices due to insufficient sanitization of user-supplied input in specific functional modules. Attackers can injec… | |||
| CVE-2026-49238 | high | 8.4 | 8.4 | 9d ago | An issue was discovered in Canonical Multipass before version 1.16.3. The host-side SFTP server component (sshfs_server), which executes with root privileges on the host, contains a path containment … | |||
| CVE-2026-45108 | high | 8.4 | 8.4 | 10d ago | Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 2.0.0 to before 3.1.5 and 2.3.11, Himmelblau contained an authentication bypass vulnerability in the Device Autho… | |||
| CVE-2026-40851 | high | 8.4 | 8.4 | 10d ago | A local attacker can perform a confusion attack on the cfgparser via a specially crafted file on an USB stick leading to code execution. This can result in a total loss of confidentiality, integrity … | |||
| CVE-2026-2740 | high | 8.4 | 8.4 | 16d ago | Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are vulnerable to Authenticated Remote code execution in the agent mac… | |||
| CVE-2026-45253 | high | 8.4 | 8.4 | 16d ago | ptrace(PT_SC_REMOTE) failed to properly validate parameters for the syscall(2) and __syscall(2) meta-system calls. As a result, a user with the ability to debug a process may trigger arbitrary code … | |||
| CVE-2026-9157 | high | 8.4 | 8.4 | 16d ago | Improper input validation, Unrestricted upload of file with dangerous type vulnerability in Gmission Web Fax allows Remote Code Inclusion. This issue affects Web Fax: from 3.0 before 3.1. | |||
| CVE-2026-5804 | high | 8.4 | 8.4 | 18d ago | An improper authentication vulnerability was discovered in the Motorola Factory Test component (com.motorola.motocit). The application contained a reference to a writable file descriptor in external … | |||
| CVE-2026-25781 | high | 8.4 | 8.4 | 19d ago | in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS and it cannot be recovered. | |||
| CVE-2026-4892 | high | 8.4 | 8.4 | 19d ago | RHSA-2026:20589: dnsmasq security update (Important) | |||
| CVE-2026-41964 | high | 8.4 | 8.4 | 22d ago | Permission control vulnerability in the web. Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2026-25705 | high | 8.4 | 8.4 | 24d ago | Rancher Extensions have arbitrary file access via path traversal | |||
| CVE-2026-40367 | high | 8.4 | 8.4 | 25d ago | Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-40366 | high | 8.4 | 8.4 | 25d ago | Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-40364 | high | 8.4 | 8.4 | 25d ago | Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-40363 | high | 8.4 | 8.4 | 25d ago | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-40361 | high | 8.4 | 8.4 | 25d ago | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-40358 | high | 8.4 | 8.4 | 25d ago | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-43991 | high | 8.4 | 8.4 | 25d ago | JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, substring-based blocklist in plugin-shell's command-safety check could be bypassed by adversarial argument constru… | |||
| CVE-2026-43990 | high | 8.4 | 8.4 | 25d ago | JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, plugin-shell's run_command wrapped every agent-supplied command in 'sh -c' / 'cmd /C' and passed the full argument… | |||
| CVE-2026-44334 | high | 8.4 | 8.4 | 29d ago | PraisonAI has unauthenticated RCE via `tool_override.py` (CVE-2026-40287 patch bypass) | |||
| CVE-2026-43940 | high | 8.4 | 8.4 | 1mo ago | Electerm runWidget has a path traversal that leads to arbitrary code execution | |||
| CVE-2026-43274 | high | 8.4 | 8.4 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: mailbox: mchp-ipc-sbi: fix out-of-bounds access in mchp_ipc_get_cluster_aggr_irq() The cluster_cfg array is dynamically allocated… | |||
| CVE-2026-30363 | high | 8.4 | 8.4 | 1mo ago | flipperzero-firmware commit ad2a80 was discovered to contain a stack overflow in the "Main" function. | |||
| CVE-2026-37552 | high | 8.4 | 8.4 | 1mo ago | Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke TCP server (Server.php:87) receives data from a TCP socket, passes it directly to Opis\Closure\unserialize(),… | |||
| CVE-2026-7111 | high | 8.4 | 8.4 | 1mo ago | Text::CSV_XS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption. The Parse, print, get… | |||
| CVE-2026-41433 | high | 8.4 | 8.4 | 1mo ago | OpenTelemetry eBPF Instrumentation: Privileged Java agent injection allows arbitrary host file overwrite via untrusted TMPDIR | |||
| CVE-2026-5398 | high | 8.4 | 8.4 | 2mo ago | The implementation of TIOCNOTTY failed to clear a back-pointer from the structure representing the controlling terminal to the calling process' session. If the invoking process then exits, the termi… | |||
| CVE-2026-23853 | high | 8.4 | 8.4 | 2mo ago | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.1… | |||
| CVE-2026-33115 | high | 8.4 | 8.4 | 2mo ago | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-33114 | high | 8.4 | 8.4 | 2mo ago | Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-32190 | high | 8.4 | 8.4 | 2mo ago | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-32162 | high | 8.4 | 8.4 | 2mo ago | Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized attacker to elevate privileges locally. | |||
| CVE-2026-32091 | high | 8.4 | 8.4 | 2mo ago | Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally. | |||
| CVE-2026-32221 | high | 8.4 | 8.4 | 2mo ago | Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-35020 | high | 8.4 | 8.4 | 2mo ago | Rejected reason: This CVE ID has been rejected by the its CVE Numbering Authority (CNA). It was determined that the attack requires an attacker to already control arbitrary environment variables, a l… | |||
| CVE-2026-32845 | high | 8.4 | 8.4 | 3mo ago | cgltf version 1.15 and prior contain an integer overflow vulnerability in the cgltf_validate() function when validating sparse accessors that allows attackers to trigger out-of-bounds reads by supply… | |||
| CVE-2026-0661 | high | 8.4 | 8.4 | 4mo ago | A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the c… | |||
| CVE-2026-0660 | high | 8.4 | 8.4 | 4mo ago | A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary cod… | |||
| CVE-2026-0538 | high | 8.4 | 8.4 | 4mo ago | A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in th… | |||
| CVE-2026-0537 | high | 8.4 | 8.4 | 4mo ago | A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the c… | |||
| CVE-2026-11256 | high | 8.3 | 8.3 | 2d ago | <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> | |||
| CVE-2026-11237 | high | 8.3 | 8.3 | 2d ago | <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> | |||
| CVE-2026-11236 | high | 8.3 | 8.3 | 2d ago | <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> | |||
| CVE-2026-11040 | high | 8.3 | 8.3 | 2d ago | <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> | |||
| CVE-2026-10970 | high | 8.3 | 8.3 | 2d ago | <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> | |||
| CVE-2026-10967 | high | 8.3 | 8.3 | 2d ago | Use after free in SurfaceCapture in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a cr… | |||
| CVE-2026-10961 | high | 8.3 | 8.3 | 2d ago | Use after free in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafte… | |||
| CVE-2026-10960 | high | 8.3 | 8.3 | 2d ago | <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> | |||
| CVE-2026-10953 | high | 8.3 | 8.3 | 2d ago | Use after free in Core in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML… | |||
| CVE-2026-10949 | high | 8.3 | 8.3 | 2d ago | <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.</p> |