CVEs from 2026
Total
14,786
critical
critical 1,335
high
high 5,005
medium
medium 4,829
low
low 503
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 723
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-4270 | medium | 5.5 | 5.5 | 3mo ago | Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions >= 0.2.14 and < 1.3.9 on all platforms may allow the bypass of intended file acces… | |||
| CVE-2026-23241 | medium | 5.5 | 5.5 | 3mo ago | In the Linux kernel, the following vulnerability has been resolved: audit: add missing syscalls to read class The "at" variant of getxattr() and listxattr() are missing from the audit read class. C… | |||
| CVE-2026-21948 | medium | — | 5.5 | 3mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2026-21941 | medium | — | 5.5 | 3mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2026-21936 | medium | — | 5.5 | 3mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2026-21964 | medium | — | 5.5 | 3mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2026-21937 | medium | — | 5.5 | 3mo ago | Moderate: mysql:8.4 security update | |||
| CVE-2026-28499 | medium | — | 5.5 | 3mo ago | LeafKit's HTML escaping may be skipped for Collection values, enabling XSS | |||
| CVE-2026-31859 | medium | — | 5.5 | 3mo ago | CraftCMS vulnerable to reflective XSS via incomplete return URL sanitization | |||
| CVE-2026-25180 | medium | 5.5 | 5.5 | 3mo ago | Out-of-bounds read in Microsoft Graphics Component allows an unauthorized attacker to disclose information locally. | |||
| CVE-2026-28267 | medium | 5.5 | 5.5 | 3mo ago | Multiple i-フィルター products are configured with improper file access permission settings. Files may be created or overwritten in the system directory or backup directory by a non-administrative user. | |||
| CVE-2026-1299 | medium | — | 5.5 | 3mo ago | The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is seriali… | |||
| CVE-2026-3588 | medium | 5.5 | 5.5 | 3mo ago | A server-side request forgery (SSRF) vulnerability in IKEA Dirigera v2.866.4 allows an attacker to exfiltrate private keys by sending a crafted request. | |||
| CVE-2026-23001 | medium | — | 5.5 | 3mo ago | Moderate: kernel security update | |||
| CVE-2026-3665 | medium | 5.5 | 5.5 | 3mo ago | A vulnerability was identified in xlnt-community xlnt up to 1.6.1. The affected element is the function xlnt::detail::xlsx_consumer::read_office_document of the file source/detail/serialization/xlsx_… | |||
| CVE-2026-3664 | medium | 5.5 | 5.5 | 3mo ago | A vulnerability was determined in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::compound_document::read_directory of the file source/detail/cryptography/compound_document.cp… | |||
| CVE-2026-3606 | medium | 5.5 | 5.5 | 3mo ago | A vulnerability has been found in Ettercap 0.8.4-Garofalo. Affected by this vulnerability is the function add_data_segment of the file src/ettercap/utils/etterfilter/ef_output.c of the component ette… | |||
| CVE-2026-28685 | medium | — | 5.5 | 3mo ago | Kimai's API invoice endpoint missing customer-level access control (IDOR) | |||
| CVE-2026-23238 | medium | 5.5 | 5.5 | 3mo ago | In the Linux kernel, the following vulnerability has been resolved: romfs: check sb_set_blocksize() return value romfs_fill_super() ignores the return value of sb_set_blocksize(), which can fail if… | |||
| CVE-2026-1642 | medium | — | 5.5 | 3mo ago | Moderate: nginx security update | |||
| CVE-2026-23097 | medium | — | 5.5 | 3mo ago | Moderate: kernel security update | |||
| CVE-2026-3392 | medium | 5.5 | 5.5 | 3mo ago | A weakness has been identified in FascinatedBox lily up to 2.3. The affected element is the function eval_tree of the file src/lily_emitter.c. This manipulation causes null pointer dereference. The a… | |||
| CVE-2026-3391 | medium | 5.5 | 5.5 | 3mo ago | A security flaw has been discovered in FascinatedBox lily up to 2.3. Impacted is the function clear_storages of the file src/lily_emitter.c. The manipulation results in out-of-bounds read. The attack… | |||
| CVE-2026-3390 | medium | 5.5 | 5.5 | 3mo ago | A vulnerability was identified in FascinatedBox lily up to 2.3. This issue affects the function patch_line_end of the file src/lily_build_error.c of the component Error Reporting. The manipulation le… | |||
| CVE-2026-3389 | medium | 5.5 | 5.5 | 3mo ago | A vulnerability was determined in Squirrel up to 3.2. This vulnerability affects the function sqstd_rex_newnode in the library sqstdlib/sqstdrex.cpp. Executing a manipulation can lead to null pointer… | |||
| CVE-2026-3388 | medium | 5.5 | 5.5 | 3mo ago | A vulnerability was found in Squirrel up to 3.2. This affects the function SQCompiler::Factor/SQCompiler::UnaryOP of the file squirrel/sqcompiler.cpp. Performing a manipulation results in uncontrolle… | |||
| CVE-2026-3387 | medium | 5.5 | 5.5 | 3mo ago | A vulnerability has been found in wren-lang wren up to 0.4.0. Affected by this issue is the function getByteCountForArguments of the file src/vm/wren_compiler.c. Such manipulation leads to null point… | |||
| CVE-2026-3385 | medium | 5.5 | 5.5 | 3mo ago | A vulnerability was detected in wren-lang wren up to 0.4.0. Affected is the function resolveLocal of the file src/vm/wren_compiler.c. The manipulation results in uncontrolled recursion. Attacking loc… | |||
| CVE-2026-3384 | medium | 5.5 | 5.5 | 3mo ago | A security vulnerability has been detected in ChaiScript up to 6.1.0. This impacts the function chaiscript::eval::AST_Node_Impl::eval/chaiscript::eval::Function_Push_Pop of the file include/chaiscrip… | |||
| CVE-2026-3383 | medium | 5.5 | 5.5 | 3mo ago | A weakness has been identified in ChaiScript up to 6.1.0. This affects the function chaiscript::Boxed_Number::go of the file include/chaiscript/dispatchkit/boxed_number.hpp. Executing a manipulation … | |||
| CVE-2026-3382 | medium | 5.5 | 5.5 | 3mo ago | A security flaw has been discovered in ChaiScript up to 6.1.0. The impacted element is the function chaiscript::Boxed_Number::get_as of the file include/chaiscript/dispatchkit/boxed_number.hpp. Perfo… | |||
| CVE-2026-3293 | medium | 5.5 | 5.5 | 3mo ago | Snowflake JDBC Driver is Vulnerable to Uncontrolled Resource Consumption through SdkProxyRoutePlanner | |||
| CVE-2026-3284 | medium | 5.5 | 5.5 | 3mo ago | A vulnerability was found in libvips 8.19.0. Impacted is the function vips_extract_area_build of the file libvips/conversion/extract.c. The manipulation of the argument extract_area results in intege… | |||
| CVE-2026-2887 | medium | 5.5 | 5.5 | 4mo ago | A security vulnerability has been detected in aardappel lobster up to 2025.4. This impacts the function lobster::TypeName in the library dev/src/lobster/idents.h. Such manipulation leads to uncontrol… | |||
| CVE-2026-2869 | medium | 5.5 | 5.5 | 4mo ago | A vulnerability was identified in janet-lang janet up to 1.40.1. Affected by this vulnerability is the function janetc_varset of the file src/core/specials.c of the component handleattr Handler. The … | |||
| CVE-2026-2703 | medium | 5.5 | 5.5 | 4mo ago | A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::decode_base64 of the file source/detail/cryptography/base64.cpp of the component Encrypted XL… | |||
| CVE-2026-2657 | medium | 5.5 | 5.5 | 4mo ago | A vulnerability has been found in wren-lang wren up to 0.4.0. This impacts the function printError of the file src/vm/wren_compiler.c of the component Error Message Handler. Such manipulation leads t… | |||
| CVE-2026-23229 | medium | 5.5 | 5.5 | 4mo ago | In the Linux kernel, the following vulnerability has been resolved: crypto: virtio - Add spinlock protection with virtqueue notification When VM boots with one virtio-crypto PCI device and builtin … | |||
| CVE-2026-23228 | medium | 5.5 | 5.5 | 4mo ago | In the Linux kernel, the following vulnerability has been resolved: smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection() On kthread_run() failure in ksmbd_tcp_new_connection(), th… | |||
| CVE-2026-23220 | medium | 5.5 | 5.5 | 4mo ago | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix infinite loop caused by next_smb2_rcv_hdr_off reset in error paths The problem occurs when a signed request fails smb2… | |||
| CVE-2026-0861 | medium | — | 5.5 | 4mo ago | Moderate: glibc security update | |||
| CVE-2026-0915 | medium | — | 5.5 | 4mo ago | RHSA-2026:4772: glibc security update (Moderate) | |||
| CVE-2026-22998 | medium | — | 5.5 | 4mo ago | Moderate: kernel security update | |||
| CVE-2026-23157 | medium | 5.5 | 5.5 | 4mo ago | In the Linux kernel, the following vulnerability has been resolved: btrfs: do not strictly require dirty metadata threshold for metadata writepages [BUG] There is an internal report that over 1000 … | |||
| CVE-2026-23151 | medium | 5.5 | 5.5 | 4mo ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix memory leak in set_ssp_complete Fix memory leak in set_ssp_complete() where mgmt_pending_cmd structures are … | |||
| CVE-2026-23141 | medium | 5.5 | 5.5 | 4mo ago | In the Linux kernel, the following vulnerability has been resolved: btrfs: send: check for inline extents in range_is_hole_in_parent() Before accessing the disk_bytenr field of a file extent item w… | |||
| CVE-2026-21340 | medium | 5.5 | 5.5 | 4mo ago | Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose se… | |||
| CVE-2026-2259 | medium | 5.5 | 5.5 | 4mo ago | A vulnerability has been found in aardappel lobster up to 2025.4. Affected by this issue is the function lobster::Parser::ParseStatements in the library dev/src/lobster/parser.h of the component Pars… | |||
| CVE-2026-2258 | medium | 5.5 | 5.5 | 4mo ago | A flaw has been found in aardappel lobster up to 2025.4. Affected by this vulnerability is the function WaveFunctionCollapse in the library dev/src/lobster/wfc.h. Executing a manipulation can lead to… | |||
| CVE-2026-1998 | medium | 5.5 | 5.5 | 4mo ago | A flaw has been found in micropython up to 1.27.0. This vulnerability affects the function mp_import_all of the file py/runtime.c. This manipulation causes memory corruption. The attack needs to be l… | |||
| CVE-2026-1991 | medium | 5.5 | 5.5 | 4mo ago | A vulnerability was detected in libuvc up to 0.0.7. Affected is the function uvc_scan_streaming of the file src/device.c of the component UVC Descriptor Handler. The manipulation results in null poin… | |||
| CVE-2026-1979 | medium | 5.5 | 5.5 | 4mo ago | A flaw has been found in mruby up to 3.4.0. This affects the function mrb_vm_exec of the file src/vm.c of the component JMPNOT-to-JMPIF Optimization. Executing a manipulation can lead to use after fr… | |||
| CVE-2026-23026 | medium | 5.5 | 5.5 | 4mo ago | In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config() Fix a memory leak in gpi_peripheral_config() where the original … | |||
| CVE-2026-1532 | medium | 5.5 | 5.5 | 4mo ago | A vulnerability was identified in D-Link DCS-700L 1.03.09. The affected element is the function uploadmusic of the file /setUploadMusic of the component Music File Upload Service. The manipulation of… | |||
| CVE-2026-22795 | medium | 5.5 | 5.5 | 4mo ago | Important: openssl security update | |||
| CVE-2026-22977 | medium | 5.5 | 5.5 | 5mo ago | In the Linux kernel, the following vulnerability has been resolved: net: sock: fix hardened usercopy panic in sock_recv_errqueue skbuff_fclone_cache was created without defining a usercopy region, … | |||
| CVE-2026-22976 | medium | 5.5 | 5.5 | 5mo ago | In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset `qfq_class->leaf_qdisc->q.qlen > 0` does not… | |||
| CVE-2026-22188 | medium | 5.5 | 5.5 | 5mo ago | The deploy-stub component in Panda3D versions up to and including 1.10.16 contains a denial of service vulnerability due to unbounded stack allocation. The deploy-stub executable allocates argv_copy … | |||
| CVE-2026-21968 | medium | — | 5.5 | 5mo ago | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vuln… | |||
| CVE-2026-23146 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work hci_uart_set_proto() sets HCI_UART_PROTO_INIT before calling hci_u… | |||
| CVE-2026-23205 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: smb/client: fix memory leak in smb2_open_file() Reproducer: 1. server: directories are exported read-only 2. client: mount -… | |||
| CVE-2026-50591 | medium | 5.4 | 5.4 | 2d ago | In Znuny LTS before 6.5.21 and Znuny before 7.3.3, XSS can occur via stored user preferences. | |||
| CVE-2026-11243 | medium | 5.4 | 5.4 | 2d ago | Inappropriate implementation in Downloads in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2026-11232 | medium | 5.4 | 5.4 | 2d ago | Inappropriate implementation in TabGroups in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via malicious network traffic. (Chromium security severity: Low) | |||
| CVE-2026-11157 | medium | 5.4 | 5.4 | 2d ago | Script injection in Accessibility in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts or HTML (UXSS) via a cr… | |||
| CVE-2026-10984 | medium | 5.4 | 5.4 | 2d ago | Inappropriate implementation in Accessibility in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity:… | |||
| CVE-2026-42547 | medium | 5.4 | 5.4 | 2d ago | IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assi… | |||
| CVE-2026-40930 | medium | 5.4 | 5.4 | 2d ago | LIBPNG is a reference library for use in applications that process PNG (Portable Network Graphics) raster image files. In version 1.8.0, three inter-frame chunk discard paths in the push-mode APNG pa… | |||
| CVE-2026-49192 | medium | 5.4 | 5.4 | 3d ago | The summary service endpoint suffers from an IDOR vulnerability where it fails to verify user ownership of hardware serial numbers, exposing device data to scraping. | |||
| CVE-2026-26378 | medium | 5.4 | 5.4 | 3d ago | Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via file upload function in Invoice features | |||
| CVE-2026-33244 | medium | 5.4 | 5.4 | 4d ago | React Router has stored XSS via unescaped Location header in prerendered redirect HTML | |||
| CVE-2026-9522 | medium | 5.4 | 5.4 | 4d ago | Improper access control in the PAM account discovery feature in Devolutions Server 2026.1.19 and earlier allows an authenticated user without administrative privileges to delete network discovery sca… | |||
| CVE-2026-7299 | medium | 5.4 | 5.4 | 4d ago | Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS by a … | |||
| CVE-2026-34460 | medium | 5.4 | 5.4 | 4d ago | NamelessMC is website software for Minecraft servers. In versions 2.2.4 and prior, the OAuth callback handling does not validate the state parameter server-side before exchanging the authorization co… | |||
| CVE-2026-49782 | medium | 5.4 | 5.4 | 5d ago | Missing Authorization vulnerability in Elementor Elementor Website Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Elementor Website Builder: from… | |||
| CVE-2026-27351 | medium | 5.4 | 5.4 | 5d ago | Missing Authorization vulnerability in Sekander Badsha Crew HRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crew HRM: from n/a through 1.2.2. | |||
| CVE-2026-5191 | medium | 5.4 | 5.4 | 5d ago | The Tiled Gallery Carousel Without JetPack plugin for WordPress is vulnerable to stored cross-site scripting via the 'data-image-title' parameter in all versions up to, and including, 3.1 due to insu… | |||
| CVE-2026-24755 | medium | 5.4 | 5.4 | 5d ago | Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify permi… | |||
| CVE-2026-24754 | medium | 5.4 | 5.4 | 5d ago | Kiteworks is a private data network (PDN). Prior to version 9.3.0, a stored XSS vulnerability in Kiteworks Secure Data Forms could allow an authenticated attacker to execute arbitrary JavaScript code… | |||
| CVE-2026-10285 | medium | 5.4 | 5.4 | 5d ago | A vulnerability has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this issue is the function KanbanScrumHelper::recordUpdated of the file app/Helpers/KanbanScrumHelper.p… | |||
| CVE-2026-10284 | medium | 5.4 | 5.4 | 5d ago | A flaw has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this vulnerability is the function editComment/doDeleteComment of the file app/Filament/Resources/TicketResource… | |||
| CVE-2026-48559 | medium | 5.4 | 5.4 | 6d ago | Lightweight Music Server (LMS) though 3.76.0 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript by embedding malicious HTML in media file metad… | |||
| CVE-2026-9309 | medium | 5.4 | 5.4 | 6d ago | Firefox for iOS Reader View did not properly escape HTML tags in JSON-LD metadata. A malicious page could inject markup that changed Reader View behavior and leaked sensitive URL parameters. These pa… | |||
| CVE-2026-9308 | medium | 5.4 | 5.4 | 6d ago | Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders. A malicious page could include a placeholder string that was later substituted wit… | |||
| CVE-2026-10218 | medium | 5.4 | 5.4 | 6d ago | A vulnerability has been found in nextlevelbuilder GoClaw up to 3.11.3. This affects the function auth of the file internal/http/evolution_handlers.go. Such manipulation leads to improper authorizati… | |||
| CVE-2026-10213 | medium | 5.4 | 5.4 | 6d ago | A security flaw has been discovered in AstrBotDevs AstrBot 4.23.6. This vulnerability affects unknown code of the file /api/skills/delete of the component API Endpoint. Performing a manipulation of t… | |||
| CVE-2026-49368 | medium | 5.4 | 5.4 | 8d ago | In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible | |||
| CVE-2026-44611 | medium | 5.4 | 5.4 | 8d ago | Danelec MacGregor Voyage Data Recorder passwords are stored with a hashing method which limits password length and is susceptible to brute force attacks. | |||
| CVE-2026-42951 | medium | 5.4 | 5.4 | 8d ago | An authenticated user can download a backup of the Danelec MacGregor Voyage Data Recorder device which includes account data and password hashes. | |||
| CVE-2026-34507 | medium | 5.4 | 5.4 | 8d ago | OpenClaw before 2026.4.29 contains a policy bypass vulnerability in QQBot admin commands that allows authenticated senders to skip DM-only and allowFrom policy checks. Attackers can route admin comma… | |||
| CVE-2026-47694 | medium | 5.4 | 5.4 | 9d ago | WWBN AVideo: Stored XSS via unescaped Gallery category description | |||
| CVE-2026-9811 | medium | 5.4 | 5.4 | 9d ago | A stored Cross-Site Scripting (XSS) vulnerability exists in the project selector component of Mautic 7. When rendering selection menus for associating projects with system entities, the application f… | |||
| CVE-2026-9971 | medium | 5.4 | 5.4 | 9d ago | Inappropriate implementation in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTM… | |||
| CVE-2026-45023 | medium | 5.4 | 5.4 | 9d ago | AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.59, POST /api/blocks/{block_id}/execute endpoint executes block… | |||
| CVE-2026-42401 | medium | 5.4 | 5.4 | 9d ago | Improper Neutralization of Input During Web Page Generation (CWE-79) in Kibana can lead to stored HTML injection. A user with write access to an Elasticsearch index could persist crafted markup which… | |||
| CVE-2026-48523 | medium | 5.4 | 5.4 | 9d ago | PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode() or jwt.decode_complete() are called with a PyJWK key. … | |||
| CVE-2026-47761 | medium | 5.4 | 5.4 | 9d ago | TinyMCE Cross-Site Scripting (XSS) vulnerability using media plugin `data-mce-object` injection | |||
| CVE-2026-47759 | medium | 5.4 | 5.4 | 9d ago | TinyMCE Cross-Site Scripting (XSS) vulnerability using through data-mce- prefixed src, href, style attributes | |||
| CVE-2026-45718 | medium | 5.4 | 5.4 | 10d ago | Budibase is an open-source low-code platform. Prior to 3.38.1, the row action trigger endpoint (POST /api/tables/:sourceId/actions/:actionId/trigger) fails to validate that the user-supplied rowId is… | |||
| CVE-2026-4390 | medium | 5.4 | 5.4 | 10d ago | A weakness has been identified in TeamSpeak 3 Server up to 3.13.7. This affects the function process_resend_queue of the component Connection State Management. This manipulation causes use after free… |