CVEs from 2026
Total
14,770
critical
critical 1,335
high
high 5,012
medium
medium 4,834
low
low 504
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 723
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-31475 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: sma1307: fix double free of devm_kzalloc() memory A previous change added NULL checks and cleanup for allocation failures i… | |||
| CVE-2026-31474 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: can: isotp: fix tx.buf use-after-free in isotp_sendmsg() isotp_sendmsg() uses only cmpxchg() on so->tx.state to serialize access … | |||
| CVE-2026-31473 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex MEDIA_REQUEST_IOC_REINIT can run concurrently with VIDIOC_REQB… | |||
| CVE-2026-31471 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: only publish mode_data after clone setup iptfs_clone_state() stores x->mode_data before allocating the reorder windo… | |||
| CVE-2026-31469 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: virtio_net: Fix UAF on dst_ops when IFF_XMIT_DST_RELEASE is cleared and napi_tx is false A UAF issue occurs when the virtio_net d… | |||
| CVE-2026-31468 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Fix double free in dma-buf feature The error path through vfio_pci_core_feature_dma_buf() ignores its own advice to onl… | |||
| CVE-2026-31455 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: xfs: stop reclaim before pushing AIL during unmount The unmount sequence in xfs_unmount_flush_inodes() pushed the AIL while backg… | |||
| CVE-2026-31454 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: xfs: save ailp before dropping the AIL lock in push callbacks In xfs_inode_item_push() and xfs_qm_dquot_logitem_push(), the AIL l… | |||
| CVE-2026-31453 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: xfs: avoid dereferencing log items after push callbacks After xfsaild_push_item() calls iop_push(), the log item may have been fr… | |||
| CVE-2026-31452 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: ext4: convert inline data to extents when truncate exceeds inline size Add a check in ext4_setattr() to convert files from inline… | |||
| CVE-2026-31449 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: ext4: validate p_idx bounds in ext4_ext_correct_indexes ext4_ext_correct_indexes() walks up the extent tree correcting index entr… | |||
| CVE-2026-31447 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: ext4: reject mount if bigalloc with s_first_data_block != 0 bigalloc with s_first_data_block != 0 is not supported, reject mounti… | |||
| CVE-2026-31446 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free in update_super_work when racing with umount Commit b98535d09179 ("ext4: fix bug_on in start_this_handle… | |||
| CVE-2026-31442 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix possible invalid memory access after FLR In the case that the first Function Level Reset (FLR) concludes cor… | |||
| CVE-2026-6846 | high | 7.8 | 7.8 | 2mo ago | A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended Common Object File Format) object file during linking. A local attacker c… | |||
| CVE-2026-31368 | high | 7.8 | 7.8 | 2mo ago | AiAssistant is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability. | |||
| CVE-2026-39454 | high | 7.8 | 7.8 | 2mo ago | SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder with improper file access permission settings. A non-administrative user may manipulate and/or plac… | |||
| CVE-2026-41253 | high | 7.8 | 7.8 | 2mo ago | In iTerm2 through 3.6.9, displaying a .txt file can cause code execution via DCS 2000p and OSC 135 data, if the working directory contains a malicious file whose name is valid output from the conduct… | |||
| CVE-2026-40527 | high | 7.8 | 7.8 | 2mo ago | radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DW_TAG_formal_pa… | |||
| CVE-2026-6482 | high | 7.8 | 7.8 | 2mo ago | The Rapid7 Insight Agent (versions > 4.1.0.2) is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the agent service att… | |||
| CVE-2026-6384 | high | 7.8 | 7.8 | 2mo ago | A flaw was found in gimp. This buffer overflow vulnerability in the GIF image loading component's `ReadJeffsImage` function allows an attacker to write beyond an allocated buffer by processing a spec… | |||
| CVE-2026-40915 | high | 7.8 | 7.8 | 2mo ago | A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability in the FITS image loader by providing a specially crafted FITS file. This integer overflow leads to a zero-… | |||
| CVE-2026-40499 | high | 7.8 | 7.8 | 2mo ago | radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's print_gvars() function that allows attackers to execute arbitrary commands by embedding a newline byte in… | |||
| CVE-2026-27289 | high | 7.8 | 7.8 | 2mo ago | Photoshop Desktop versions 27.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure… | |||
| CVE-2026-33095 | high | 7.8 | 7.8 | 2mo ago | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-32200 | high | 7.8 | 7.8 | 2mo ago | Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-32199 | high | 7.8 | 7.8 | 2mo ago | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-32198 | high | 7.8 | 7.8 | 2mo ago | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-32197 | high | 7.8 | 7.8 | 2mo ago | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-32192 | high | 7.8 | 7.8 | 2mo ago | Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-32189 | high | 7.8 | 7.8 | 2mo ago | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-32184 | high | 7.8 | 7.8 | 2mo ago | Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-32168 | high | 7.8 | 7.8 | 2mo ago | Improper input validation in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-32154 | high | 7.8 | 7.8 | 2mo ago | Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-32152 | high | 7.8 | 7.8 | 2mo ago | Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-32077 | high | 7.8 | 7.8 | 2mo ago | Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-26143 | high | 7.8 | 7.8 | 2mo ago | Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally. | |||
| CVE-2026-23657 | high | 7.8 | 7.8 | 2mo ago | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-33101 | high | 7.8 | 7.8 | 2mo ago | Use after free in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-32164 | high | 7.8 | 7.8 | 2mo ago | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-32163 | high | 7.8 | 7.8 | 2mo ago | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-32155 | high | 7.8 | 7.8 | 2mo ago | Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-32153 | high | 7.8 | 7.8 | 2mo ago | Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-32078 | high | 7.8 | 7.8 | 2mo ago | Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-32076 | high | 7.8 | 7.8 | 2mo ago | Out-of-bounds read in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-32074 | high | 7.8 | 7.8 | 2mo ago | Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-32069 | high | 7.8 | 7.8 | 2mo ago | Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-27923 | high | 7.8 | 7.8 | 2mo ago | Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-27920 | high | 7.8 | 7.8 | 2mo ago | Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-27916 | high | 7.8 | 7.8 | 2mo ago | Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-27914 | high | 7.8 | 7.8 | 2mo ago | Improper access control in Microsoft Management Console allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-27911 | high | 7.8 | 7.8 | 2mo ago | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-27910 | high | 7.8 | 7.8 | 2mo ago | Improper handling of insufficient permissions or privileges in Windows Installer allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-27909 | high | 7.8 | 7.8 | 2mo ago | Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-26184 | high | 7.8 | 7.8 | 2mo ago | Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-26176 | high | 7.8 | 7.8 | 2mo ago | Heap-based buffer overflow in Windows Client Side Caching driver (csc.sys) allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-26172 | high | 7.8 | 7.8 | 2mo ago | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-26170 | high | 7.8 | 7.8 | 2mo ago | Improper input validation in Microsoft PowerShell allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-26168 | high | 7.8 | 7.8 | 2mo ago | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locall… | |||
| CVE-2026-26163 | high | 7.8 | 7.8 | 2mo ago | Double free in Windows Kernel allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-26159 | high | 7.8 | 7.8 | 2mo ago | Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-26156 | high | 7.8 | 7.8 | 2mo ago | Heap-based buffer overflow in Windows Hyper-V allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-26153 | high | 7.8 | 7.8 | 2mo ago | Out-of-bounds read in Windows Encrypting File System (EFS) allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-33098 | high | 7.8 | 7.8 | 2mo ago | Use after free in Windows Container Isolation FS Filter Driver allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-32222 | high | 7.8 | 7.8 | 2mo ago | Untrusted pointer dereference in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-32183 | high | 7.8 | 7.8 | 2mo ago | Improper neutralization of special elements used in a command ('command injection') in Windows Snipping Tool allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-32165 | high | 7.8 | 7.8 | 2mo ago | Use after free in Windows User Interface Core allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-32160 | high | 7.8 | 7.8 | 2mo ago | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-32159 | high | 7.8 | 7.8 | 2mo ago | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-32158 | high | 7.8 | 7.8 | 2mo ago | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-32090 | high | 7.8 | 7.8 | 2mo ago | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-32089 | high | 7.8 | 7.8 | 2mo ago | Use after free in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-27927 | high | 7.8 | 7.8 | 2mo ago | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Projected File System allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-27924 | high | 7.8 | 7.8 | 2mo ago | Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-27919 | high | 7.8 | 7.8 | 2mo ago | Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-27918 | high | 7.8 | 7.8 | 2mo ago | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-27915 | high | 7.8 | 7.8 | 2mo ago | Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-27907 | high | 7.8 | 7.8 | 2mo ago | Integer underflow (wrap or wraparound) in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-26183 | high | 7.8 | 7.8 | 2mo ago | Improper access control in Windows RPC API allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-26181 | high | 7.8 | 7.8 | 2mo ago | Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-26180 | high | 7.8 | 7.8 | 2mo ago | Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-26179 | high | 7.8 | 7.8 | 2mo ago | Double free in Windows Kernel allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-26162 | high | 7.8 | 7.8 | 2mo ago | Access of resource using incompatible type ('type confusion') in Windows OLE allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-26161 | high | 7.8 | 7.8 | 2mo ago | Untrusted pointer dereference in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-26160 | high | 7.8 | 7.8 | 2mo ago | Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-20930 | high | 7.8 | 7.8 | 2mo ago | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-40491 | high | 7.8 | 7.8 | 2mo ago | gdown is a Google Drive public file/folder downloader. Versions prior to 5.2.2 are vulnerable to a Path Traversal attack within the extractall functionality. When extracting a maliciously crafted ZIP… | |||
| CVE-2026-31419 | high | 7.8 | 7.8 | 2mo ago | Linux kernel vulnerabilities | |||
| CVE-2026-31413 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix unsound scalar forking in maybe_fork_scalars() for BPF_OR maybe_fork_scalars() is called for both BPF_AND and BPF_OR whe… | |||
| CVE-2026-32146 | high | 7.8 | 7.8 | 2mo ago | Improper path validation vulnerability in the Gleam compiler's handling of git dependencies allows arbitrary file system modification during dependency download. Dependency names from gleam.toml and… | |||
| CVE-2026-33092 | high | 7.8 | 7.8 | 2mo ago | Local privilege escalation due to improper handling of environment variables. The following products are affected: Acronis True Image OEM (macOS) before build 42571, Acronis True Image (macOS) before… | |||
| CVE-2026-5525 | high | 7.8 | 7.8 | 2mo ago | A stack-based buffer overflow vulnerability exists in Notepad++ version 8.9.3 in the file drop handler component. When a user drags and drops a directory path of exactly 259 characters without a trai… | |||
| CVE-2026-1839 | high | 7.8 | 7.8 | 2mo ago | A vulnerability in the HuggingFace Transformers library, specifically in the `Trainer` class, allows for arbitrary code execution. The `_load_rng_state()` method in `src/transformers/trainer.py` at l… | |||
| CVE-2026-35021 | high | 7.8 | 7.8 | 2mo ago | Rejected reason: This CVE ID has been rejected by its CVE Numbering Authority (CNA). It was determined that the affected code path cannot be triggered through normal usage of Claude Code. | |||
| CVE-2026-31406 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini() After cancel_delayed_work_sync() is called from xfrm_nat… | |||
| CVE-2026-23111 | high | 7.8 | 7.8 | 2mo ago | Linux kernel (Azure) vulnerabilities | |||
| CVE-2026-31404 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: NFSD: Defer sub-object cleanup in export put callbacks svc_export_put() calls path_put() and auth_domain_put() immediately when t… | |||
| CVE-2026-31403 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: NFSD: Hold net reference for the lifetime of /proc/fs/nfs/exports fd The /proc/fs/nfs/exports proc entry is created at module ini… | |||
| CVE-2026-31401 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: HID: bpf: prevent buffer overflow in hid_hw_request right now the returned value is considered to be always valid. However, when … | |||
| CVE-2026-31399 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: nvdimm/bus: Fix potential use after free in asynchronous initialization Dingisoul with KASAN reports a use after free if device_a… |