CVEs from 2026
Total
14,786
critical
critical 1,335
high
high 5,005
medium
medium 4,829
low
low 503
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 723
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-48152 | high | 8.1 | 8.1 | 10d ago | Budibase is an open-source low-code platform. Prior to 3.39.0, the single-datasource GET and PUT routes are guarded by generic TABLE READ, not by Builder/Admin permission or datasource-specific owner… | |||
| CVE-2026-42790 | high | 8.1 | 8.1 | 10d ago | Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verific… | |||
| CVE-2026-44838 | high | 8.1 | 8.1 | 11d ago | RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ's MQTT plugin allows for topic-level authorization using regular expressions with variable substitution. Administrat… | |||
| CVE-2026-46099 | high | 8.1 | 8.1 | 11d ago | In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix NOREF dst use in seg6 and rpl lwtunnels seg6_input_core() and rpl_input() call ip6_route_input() which sets a NORE… | |||
| CVE-2026-46010 | high | 8.1 | 8.1 | 11d ago | In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix error handling in rxgk_extract_token() Fix a missing bit of error handling in rxgk_extract_token(): in the event that … | |||
| CVE-2026-48906 | high | 8.1 | 8.1 | 11d ago | The vulnerability in the Tassos Framework Plugin allows users to delete arbitrary files on the affected sites. | |||
| CVE-2026-8994 | high | 8.1 | 8.1 | 11d ago | The Login with NEAR plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.3.3. The `ajaxLoginWithNear()` function — registered as a `wp_ajax_nopriv` acti… | |||
| CVE-2026-8962 | high | 8.1 | 8.1 | 11d ago | Important: thunderbird security update | |||
| CVE-2026-44900 | high | 8.1 | 8.1 | 11d ago | epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.1, in SignedPublicKeysTrustValidatorImpl.isTrusted(), the ECDSA signature verification at line 45… | |||
| CVE-2026-45574 | high | 8.1 | 8.1 | 11d ago | epa4all-client: TLS Certificate Validation Disabled in Production | |||
| CVE-2026-48695 | high | 8.1 | 8.1 | 11d ago | FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the MikroTik router integration plugin. The _log() function in src/mikrotik_plugin/fastnetmon_mikrotik.php… | |||
| CVE-2026-48694 | high | 8.1 | 8.1 | 11d ago | FastNetMon Community Edition through 1.2.9 contains a configuration injection vulnerability in the Juniper router integration plugin. In src/juniper_plugin/fastnetmon_juniper.php, the $IP_ATTACK vari… | |||
| CVE-2026-8855 | high | 8.1 | 8.1 | 11d ago | IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial of service in configurations with TLS mutual authentication (client authentication). | |||
| CVE-2026-48692 | high | 8.1 | 8.1 | 11d ago | FastNetMon Community Edition through 1.2.9 exposes a gRPC API server on port 50052 with no authentication mechanism. The server is initialized with grpc::InsecureServerCredentials() (src/fastnetmon.c… | |||
| CVE-2026-43935 | high | 8.1 | 8.1 | 11d ago | e107 is a content management system (CMS). Prior to 2.3.4, a Host Header Injection vulnerability in the password reset page allows attackers to manipulate the Host header to generate password reset l… | |||
| CVE-2026-48132 | high | 8.1 | 8.1 | 12d ago | The Security Gateway does not correctly validate a length value in certain IKE packets when NAT-T is used (4500/UDP). As a result, a specially crafted or malformed packet can cause the VPN processing… | |||
| CVE-2026-48131 | high | 8.1 | 8.1 | 12d ago | The VPN service may mishandle an unexpected IKE fragment value received on the IKE port 500/UDP during the early stage of a connection attempt. This can cause the service to terminate unexpectedly, r… | |||
| CVE-2026-8046 | high | 8.1 | 8.1 | 12d ago | The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including tho… | |||
| CVE-2026-8092 | high | 8.1 | 8.1 | 12d ago | Memory safety bugs present in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of th… | |||
| CVE-2026-48842 | high | 8.1 | 8.1 | 12d ago | Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuser_query plugin via a preg_replace() backslash escape bypass. | |||
| CVE-2026-45361 | high | 8.1 | 8.1 | 13d ago | Apache Airflow providers-google's `ComputeEngineSSHHook` disables SSH host-key verification by default, exposing SSH traffic between an Airflow worker and a Compute Engine VM to in-path network attac… | |||
| CVE-2026-25193 | high | 8.1 | 8.1 | 13d ago | Insertion of Sensitive Information into Log File (CWE-532) in some Command Centre Service installers could lead to Service Account credentials exposure. Mitigating Factor: Only sites that install Co… | |||
| CVE-2026-9397 | high | 8.1 | 8.1 | 13d ago | A weakness has been identified in Besen BS20 EV Charging Station up to 20260426. Affected by this issue is some unknown functionality of the component OTA Update Installation Handler. This manipulati… | |||
| CVE-2026-41076 | high | 8.1 | 8.1 | 15d ago | RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.9 and prior in addition to 6.0.0 through 6.0.2 contain an authentication bypass vulnerability in RT installations… | |||
| CVE-2026-41071 | high | 8.1 | 8.1 | 15d ago | libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chun… | |||
| CVE-2026-40172 | high | 8.1 | 8.1 | 15d ago | authentik is an open-source identity provider. In versions prior to 2025.12.5 and 2026.2.0-rc1 through 2026.2.2, the PATCH /api/v3/core/users/{pk}/ API allows a caller with change_user on a target us… | |||
| CVE-2026-46727 | high | 8.1 | 8.1 | 15d ago | An issue was discovered in Ruby 4 before 4.0.5. A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handler (rb_getaddrinfo in ext/socket/raddrinfo.c) allows a remot… | |||
| CVE-2026-9256 | high | 8.1 | 8.1 | 15d ago | NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Co… | |||
| CVE-2026-9277 | high | 8.1 | 8.1 | 16d ago | shell-quote's `quote()` function did not validate object-token inputs against the operator model used by `parse()`. The `.op` field was backslash-escaped character by character using `/(.)/g`, which … | |||
| CVE-2026-48242 | high | 8.1 | 8.1 | 16d ago | Open ISES Tickets before 3.44.2 contains hardcoded MySQL database connection credentials (host, username, password, database name) in import_mdb.php. The credentials are embedded in source code commi… | |||
| CVE-2026-48241 | high | 8.1 | 8.1 | 16d ago | Open ISES Tickets before 3.44.2 contains hardcoded MySQL database credentials in loader.php (a public-facing database utility) that are committed to the source repository. Any actor with access to th… | |||
| CVE-2026-45760 | high | 8.1 | 8.1 | 17d ago | (Externally Controlled Reference to a Resource in Another Sphere), (Authorization Bypass Through User-Controlled Key) vulnerability in Apache Camel K. Authorized users in a Kubernetes namespace can c… | |||
| CVE-2026-44051 | high | 8.1 | 8.1 | 17d ago | An improper link resolution vulnerability in Netatalk 3.0.2 through 4.4.2 allows a remote authenticated attacker to read arbitrary files or overwrite arbitrary files via attacker-controlled symlink c… | |||
| CVE-2026-24218 | high | 8.1 | 8.1 | 17d ago | NVIDIA DGX OS contains a vulnerability in the factory provisioning process, where the cloning of a base image causes identical SSH host keys to be deployed across multiple systems. The sharing of cr… | |||
| CVE-2026-9087 | high | 8.1 | 8.1 | 17d ago | A flaw was found in Keycloak. The cross-session verification proof is keyed only by (local userId, idpAlias) and is not bound to the upstream identity that was actually verified, so a second upstream… | |||
| CVE-2026-45584 | high | 8.1 | 8.1 | 18d ago | Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network. | |||
| CVE-2026-47784 | high | 8.1 | 8.1 | 18d ago | In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by sasl_server_userdb_checkpass. | |||
| CVE-2026-47783 | high | 8.1 | 8.1 | 18d ago | In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by sasl_server_userdb_checkpass. | |||
| CVE-2026-43618 | high | 8.1 | 8.1 | 18d ago | Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigg… | |||
| CVE-2026-34358 | high | 8.1 | 8.1 | 18d ago | CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contains a broken access control vulnerability where multiple admin controllers enforce permission checks on … | |||
| CVE-2026-47107 | high | 8.1 | 8.1 | 18d ago | Windmill prior to 1.703.2 contains an incorrect default permissions vulnerability in nsjail sandbox configuration files where /etc is bind-mounted without read-write restrictions, allowing authentica… | |||
| CVE-2026-8711 | high | 8.1 | 8.1 | 18d ago | NGINX JavaScript has a vulnerability when the js_fetch_proxy directive is configured with at least one client-controlled NGINX variable (for example, $http_*, $arg_*, $cookie_*) and a location invoki… | |||
| CVE-2026-8969 | high | 8.1 | 8.1 | 19d ago | Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. | |||
| CVE-2026-7504 | high | 8.1 | 8.1 | 19d ago | Keycloak: Open redirect when using wildcard valid redirect URIs in Keycloak | |||
| CVE-2026-24792 | high | 8.1 | 8.1 | 19d ago | in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps. | |||
| CVE-2026-8851 | high | 8.1 | 8.1 | 19d ago | SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to extract arbitrary data from the database b… | |||
| CVE-2026-45707 | high | 8.1 | 8.1 | 19d ago | n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.51.2, when ENABLE_MULTI_TENANT=true, the HTTP transport documents that th… | |||
| CVE-2026-41316 | high | 8.1 | 8.1 | 20d ago | Important: ruby:4.0 security update | |||
| CVE-2026-42945 | high | 8.1 | 8.1 | 20d ago | RHSA-2026:18041: nginx:1.24 security update (Critical) | |||
| CVE-2026-45665 | high | 8.1 | 8.1 | 22d ago | Open WebUI has Stored XSS in Banner Component via Improper Sanitization Order | |||
| CVE-2026-45301 | high | 8.1 | 8.1 | 22d ago | Open WebUI: Missing permission check in files API allows authenticated users to list, access and delete every uploaded file | |||
| CVE-2026-44565 | high | 8.1 | 8.1 | 22d ago | Open WebUI Arbitrary File Write, Delete via Path Traversal | |||
| CVE-2026-45402 | high | 8.1 | 8.1 | 22d ago | Open WebUI: Cross-User File Access via Unchecked file_id in Folder Knowledge and Knowledge-Base Attach Endpoints | |||
| CVE-2026-45675 | high | 8.1 | 8.1 | 22d ago | Open WebUI: LDAP and OAuth First-User Race Condition Allows Multiple Admin Accounts | |||
| CVE-2026-44554 | high | 8.1 | 8.1 | 22d ago | Open WebUI has Knowledge Base Destruction and RAG Poisoning via Unauthorized Collection Overwrite | |||
| CVE-2026-46407 | high | 8.1 | 8.1 | 22d ago | Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the backend admin/auth-token endpoint allows an authenticated administrator t… | |||
| CVE-2026-35194 | high | 8.1 | 8.1 | 22d ago | Apache Flink: Remote code execution via SQL injection in code generation | |||
| CVE-2026-4094 | high | 8.1 | 8.1 | 23d ago | The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the 'admin_head' function in all versions up… | |||
| CVE-2026-28761 | high | 8.1 | 8.1 | 23d ago | Cross-site request forgery vulnerability exists in Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and earlier. If a user views a malicious page while logged-in to the affected pr… | |||
| CVE-2026-8629 | high | 8.1 | 8.1 | 23d ago | Crabbox prior to v0.12.0 contains a privilege escalation vulnerability that allows users with shared visibility-only access to obtain Code, WebVNC, and Egress agent tickets by sending POST requests t… | |||
| CVE-2026-44633 | high | 8.1 | 8.1 | 23d ago | Live Helper Chat is an open-source application that enables live support websites. In 4.84v, the Live Helper Chat REST API chat update endpoint allows a REST user with lhchat/use to update a chat in … | |||
| CVE-2026-44973 | high | 8.1 | 8.1 | 23d ago | Billy is an interface filesystem abstraction for Go. Prior to 5.9.0, multiple path traversal issues exist across different components of go-billy. Insufficient path sanitization and boundary enforcem… | |||
| CVE-2026-44882 | high | 8.1 | 8.1 | 23d ago | Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before … | |||
| CVE-2026-4030 | high | 8.1 | 8.1 | 24d ago | The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized arbitrary file read and deletion in all versions up to, and including, 2.5.2. This is due to the plugin not proper… | |||
| CVE-2026-3892 | high | 8.1 | 8.1 | 24d ago | The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.4.107. This is due to insufficient file … | |||
| CVE-2026-1322 | high | 8.1 | 8.1 | 24d ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.0 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with a read… | |||
| CVE-2026-29206 | high | 8.1 | 8.1 | 24d ago | Insufficient sanitization of SQL queries in the `sqloptimizer` utility script allows SQL Injections on behalf of the root user if Slow Query logging is enabled. | |||
| CVE-2026-42463 | high | 8.1 | 8.1 | 24d ago | SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. Prior to 1.8.0, SQLBot contains a Cross-Workspace IDOR (Insecure Direct Object Reference) and Authorization Bypass … | |||
| CVE-2026-45055 | high | 8.1 | 8.1 | 24d ago | CubeCart is an ecommerce software solution. Prior to 6.7.2, CubeCart 6.6.x – 6.7.1 builds CC_STORE_URL directly from the Host request header at bootstrap, with no allowlist. The constant is embedded … | |||
| CVE-2026-42602 | high | 8.1 | 8.1 | 24d ago | azureauthextension is the Azure Authenticator Extension. From 0.124.0 to 0.150.0, a server-side authentication bypass in azureauthextension allows any party who holds a single valid Azure access toke… | |||
| CVE-2026-44574 | high | 8.1 | 8.1 | 24d ago | Next.js has a Middleware / Proxy bypass through dynamic route parameter injection | |||
| CVE-2026-6282 | high | 8.1 | 8.1 | 24d ago | A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move or access files belonging to ot… | |||
| CVE-2026-44291 | high | 8.1 | 8.1 | 24d ago | protobuf.js: Code generation gadget after prototype pollution | |||
| CVE-2026-20916 | high | 8.1 | 8.1 | 24d ago | An authenticated iControl REST user with low privileges can create or modify arbitrary files through an undisclosed iControl REST endpoint on the BIG-IQ system. Note: Software versions which have re… | |||
| CVE-2026-7635 | high | 8.1 | 8.1 | 25d ago | The coreActivity: Activity Logging for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0. This is due to the plugin failing to validate or… | |||
| CVE-2026-28907 | high | 8.1 | 8.1 | 25d ago | visionOS 26.5 | |||
| CVE-2026-44548 | high | 8.1 | 8.1 | 25d ago | ChurchCRM is an open-source church management system. Prior to 7.3.2, top-level cross-site GET navigation from an attacker-controlled page to FundRaiserDelete.php, PropertyTypeDelete.php, or NoteDele… | |||
| CVE-2026-44301 | high | 8.1 | 8.1 | 25d ago | Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses Node-based asset pipelines (PostCSS, Babel, TailwindCSS), Hugo invoked the configured Node tools with… | |||
| CVE-2026-44260 | high | 8.1 | 8.1 | 25d ago | efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the readonly flag set on the <efw:elFinder> JSP tag is intended to prevent file modifications. When protected=true, elfinder_checkRisk en… | |||
| CVE-2026-8430 | high | 8.1 | 8.1 | 25d ago | SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space that is limited to certain nginx configurations, allowing attackers to execute arbitrary code in the co… | |||
| CVE-2026-40415 | high | 8.1 | 8.1 | 25d ago | Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network. | |||
| CVE-2026-30808 | high | 8.1 | 8.1 | 25d ago | Session Fixation vulnerability allows Session Hijacking via crafted session ID. This issue affects Pandora FMS: from 777 through 800 | |||
| CVE-2026-43983 | high | 8.1 | 8.1 | 25d ago | Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services. Prior to 2.6.0, The createTokenFromRefreshToken function (oidc_service.go) validates the refresh … | |||
| CVE-2026-43938 | high | 8.1 | 8.1 | 25d ago | YAFNET has Unauthenticated Stored Second-Order XSS in Admin Event Log via Reflected `User-Agent` Header | |||
| CVE-2026-43913 | high | 8.1 | 8.1 | 26d ago | Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden allows an unconfirmed organization owner to purge the entire organization vault. The organization invite flo… | |||
| CVE-2026-43911 | high | 8.1 | 8.1 | 26d ago | Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, refresh tokens are not invalidated when the user's security_stamp is rotated by some security-sensitive operations (pass… | |||
| CVE-2026-43640 | high | 8.1 | 8.1 | 26d ago | Bitwarden Server prior to v2026.4.1 does not require master-password re-authentication when retrieving or rotating an organization's SCIM API key, allowing an authenticated user with SCIM management … | |||
| CVE-2026-38568 | high | 8.1 | 8.1 | 26d ago | HireFlow v1.2 is vulnerable to Incorrect Access Control. The application does not enforce object-level authorization on the /candidate/<id> and /interview/<id> endpoints. The route handlers retrieve … | |||
| CVE-2026-38566 | high | 8.1 | 8.1 | 26d ago | HireFlow v1.2 does not implement CSRF token validation on any state-changing POST endpoint. All forms (password change at /profile, candidate deletion at /candidates/delete/<id>, feedback submission … | |||
| CVE-2026-30635 | high | 8.1 | 8.1 | 26d ago | automagik-genie has a command injection vulnerability | |||
| CVE-2026-42349 | high | 8.1 | 8.1 | 26d ago | Clerk JavaScript is the official JavaScript repository for Clerk authentication. has(), auth.protect(), and related authorization predicates in @clerk/shared, @clerk/nextjs, @clerk/backend, and other… | |||
| CVE-2026-7819 | high | 8.1 | 8.1 | 26d ago | pgAdmin 4 File Manager has symbolic-link path traversal | |||
| CVE-2026-42296 | high | 8.1 | 8.1 | 29d ago | Argo has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure | |||
| CVE-2026-42452 | high | 8.1 | 8.1 | 29d ago | Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, /users/login issues a temporary JWT (temp_token) for TOTP-enabled… | |||
| CVE-2026-44553 | high | 8.1 | 8.1 | 29d ago | Open WebUI: Stale Admin Role in Socket.IO Session Pool Enables Post-Demotion Cross-User Note Access | |||
| CVE-2026-8178 | high | 8.1 | 8.1 | 29d ago | Amazon Redshift Vulnerable to Remote Code Execution via Unsafe Class Loading | |||
| CVE-2026-41883 | high | 8.1 | 8.1 | 29d ago | OmniFaces: EL injection via crafted resource name in wildcard CDN mapping | |||
| CVE-2026-43377 | high | 8.1 | 8.1 | 29d ago | In the Linux kernel, the following vulnerability has been resolved: ksmbd: Don't log keys in SMB3 signing and encryption key generation When KSMBD_DEBUG_AUTH logging is enabled, generate_smb3signin… | |||
| CVE-2026-43362 | high | 8.1 | 8.1 | 29d ago | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix in-place encryption corruption in SMB2_write() SMB2_write() places write payload in iov[1..n] as part of rq_iov.… | |||
| CVE-2026-41588 | high | 8.1 | 8.1 | 29d ago | RELATE is a web-based courseware package. Prior to commit 2f68e16, there is a timing attack vulnerability in course/auth.py — check_sign_in_key(). This issue has been patched via commit 2f68e16. |