CVEs from 2026
Total
14,473
critical
critical 1,279
high
high 4,908
medium
medium 4,619
low
low 500
% Critical
8.8%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 528
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-47314 | critical | 9.8 | 9.8 | 17d ago | Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3. | |||
| CVE-2026-47311 | critical | 9.8 | 9.8 | 17d ago | Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3. | |||
| CVE-2026-47310 | critical | 9.8 | 9.8 | 17d ago | Use after free vulnerability in Samsung Open Source Escargot allows Pointer Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3. | |||
| CVE-2026-8838 | critical | 9.8 | 9.8 | 18d ago | amazon-redshift-python-driver vulnerable to Remote Code Execution via eval() Injection | |||
| CVE-2026-25244 | critical | 9.8 | 9.8 | 18d ago | WebdriverIO BrowserStack Service has a Command Injection issue | |||
| CVE-2026-8836 | critical | 9.8 | 9.8 | 18d ago | A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmp_parse_inbound_frame of the file src/apps/snmp/snmp_msg.c of the component snmpv3 USM Handler. Performing a manipulation of… | |||
| CVE-2026-45697 | critical | 9.8 | 9.8 | 18d ago | Formie is a Craft CMS plugin for creating forms. Prior to 2.2.20 and 3.1.24, unauthenticated users could submit crafted values into Hidden fields (with Default value → Custom) that were evaluated as … | |||
| CVE-2026-7304 | critical | 9.8 | 9.8 | 18d ago | SGLang: Unauthenticated RCE via --enable-custom-logit-processor | |||
| CVE-2026-7301 | critical | 9.8 | 9.8 | 18d ago | SGLanG: Multimodal scheduler deserializes untrusted pickle data on 0.0.0.0 ROUTER socket | |||
| CVE-2026-8721 | critical | 9.8 | 9.8 | 19d ago | Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char *, which routes through Perl's default typemap to Sv… | |||
| CVE-2026-8507 | critical | 9.8 | 9.8 | 19d ago | Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws. When parsing a PKCS12 file, with a >= 1 GiB OCTET STRING (or BIT STRING) attribute on a SAFEBAG, via info(… | |||
| CVE-2026-8751 | critical | 9.8 | 9.8 | 19d ago | A security flaw has been discovered in h2oai h2o-3 up to 7402. This affects the function importBinaryModel of the file h2o-core/src/main/java/hex/Model.java of the component JAR Handler. Performing a… | |||
| CVE-2026-44566 | critical | 9.8 | 9.8 | 21d ago | Open WebUI Vulnerable to Arbitrary File Upload and Path Traversal | |||
| CVE-2026-8696 | critical | 9.8 | 9.8 | 21d ago | radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_pids_list() function within the GDB client core that allows remote attackers to cause a denial of service or potentially execute arbi… | |||
| CVE-2026-46364 | critical | 9.8 | 9.8 | 21d ago | phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector() and BuiltinCaptcha::saveCaptcha() methods that interpolate unsanitized User-Agent h… | |||
| CVE-2026-8695 | critical | 9.8 | 9.8 | 21d ago | radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_threads_list() function that allows remote attackers to trigger memory corruption by sending a valid qfThreadInfo response followed b… | |||
| CVE-2026-44717 | critical | 9.8 | 9.8 | 21d ago | MCP Calculate Server is a mathematical calculation service based on MCP protocol and SymPy library. Prior to 0.1.1, the use of eval() to evaluate mathematical expressions without proper input sanitiz… | |||
| CVE-2026-45772 | critical | 9.8 | 9.8 | 21d ago | Turbo: Unexpected local code execution during Yarn Berry detection | |||
| CVE-2026-5229 | critical | 9.8 | 9.8 | 21d ago | The Form Notify plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.1.10. This is due to the plugin trusting user-controlled cookie data to determine which W… | |||
| CVE-2026-45288 | critical | 9.8 | 9.8 | 22d ago | Marten is a .NET Transactional Document DB and Event Store on PostgreSQL. Prior to 8.36.1, Marten's full-text search APIs interpolated the user-supplied regConfig parameter directly into the generate… | |||
| CVE-2026-26191 | critical | 9.8 | 9.8 | 22d ago | Fleet vulnerable to OS command injection in software packages | |||
| CVE-2026-41315 | critical | 9.8 | 9.8 | 22d ago | mdserver-web is a simple Linux panel. From 0.18.0 to 0.18.4, mdserver-web has a front-end unauthorized remote command execution vulnerability. Due to the lack of authentication on the /modify_crond a… | |||
| CVE-2026-42589 | critical | 9.8 | 9.8 | 22d ago | Gotenberg has Unauthenticated RCE via ExifTool Metadata Key Injection | |||
| CVE-2026-44484 | critical | 9.8 | 9.8 | 22d ago | Compromise of PyTorch Lightning PyPi Package Versions | |||
| CVE-2026-2347 | critical | 9.8 | 9.8 | 22d ago | Authorization bypass through User-Controlled key vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Session Hijacking. This issue affects E-Commerce Website: b… | |||
| CVE-2026-6510 | critical | 9.8 | 9.8 | 22d ago | The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation via missing authorization in all versions up to, and including, 5.1.2. This is due to missing nonce verification and capa… | |||
| CVE-2026-6271 | critical | 9.8 | 9.8 | 22d ago | The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7 via the CV upload handler. This is due to missing file type validation. This m… | |||
| CVE-2026-8181 | critical | 9.8 | 9.8 | 22d ago | The Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative) plugin for WordPress is vulnerable to Authentication Bypass in versions 3.4.0 to 3.4.1.1. This is due to inc… | |||
| CVE-2026-8500 | critical | 9.8 | 9.8 | 23d ago | Web::Passwd versions through 0.03 for Perl is vulnerable to RCE. Web::Passwd is a small CGI application for managing htpasswd files using the htpasswd command. The user parameter is not validated o… | |||
| CVE-2026-42581 | critical | 9.8 | 9.8 | 23d ago | Netty HTTP/1.0 TE+CL Coexistence Bypasses Smuggling Sanitization | |||
| CVE-2026-42031 | critical | 9.8 | 9.8 | 23d ago | CKAN has Unauthenticated SQL Injection and Authorization Bypass in `datastore_search_sql` | |||
| CVE-2026-45411 | critical | 9.8 | 9.8 | 23d ago | vm2 Has a Sandbox Breakout Using Async Generator | |||
| CVE-2026-44009 | critical | 9.8 | 9.8 | 23d ago | vm2 has Sandbox Breakout Through Null Proto Exception | |||
| CVE-2026-44008 | critical | 9.8 | 9.8 | 23d ago | vm2 has sandbox breakout via `neutralizeArraySpeciesBatch` | |||
| CVE-2026-45083 | critical | 9.8 | 9.8 | 23d ago | The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. From 4.8.0 to before 26.04.1, the Goobi viewer REST endpoint POST /api/v1/index/stream accepted … | |||
| CVE-2026-42062 | critical | 9.8 | 9.8 | 23d ago | ELECOM wireless LAN access point devices contain an OS command injection in processing of username parameter. If processing a crafted request, an arbitrary OS command may be executed. No authenticati… | |||
| CVE-2026-40621 | critical | 9.8 | 9.8 | 23d ago | ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication. | |||
| CVE-2026-32661 | critical | 9.8 | 9.8 | 23d ago | Stack-based buffer overflow vulnerability exists in GUARDIANWALL MailSuite and GUARDIANWALL Mail Security Cloud (SaaS version). If a remote attacker sends a specially crafted request to the product's… | |||
| CVE-2026-44649 | critical | 9.8 | 9.8 | 24d ago | SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0,… | |||
| CVE-2026-42854 | critical | 9.8 | 9.8 | 24d ago | arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer multipart form parser in arduino-esp32 allocates a … | |||
| CVE-2026-45185 | critical | 9.8 | 9.8 | 24d ago | Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a C… | |||
| CVE-2026-44343 | critical | 9.8 | 9.8 | 24d ago | WGDashboard is a dashboard for WireGuard VPN. Prior to 4.3.2, there are critical vulnerabilities affecting WGDashboard that, if exploited, could allow unauthorized parties to access the host file sys… | |||
| CVE-2026-44183 | critical | 9.8 | 9.8 | 24d ago | Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, TrustedNetworkAuthenticationHandler.… | |||
| CVE-2026-41096 | critical | 9.8 | 9.8 | 24d ago | Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network. | |||
| CVE-2026-41089 | critical | 9.8 | 9.8 | 24d ago | Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network. | |||
| CVE-2026-31239 | critical | 9.8 | 9.8 | 24d ago | mamba language model framework vulnerable to insecure deserialization when loading pre-trained models from HuggingFace Hub | |||
| CVE-2026-31238 | critical | 9.8 | 9.8 | 24d ago | Ludwig framework is vulnerable to insecure deserialization in its model serving component | |||
| CVE-2026-31237 | critical | 9.8 | 9.8 | 24d ago | Ludwig framework is vulnerable to insecure deserialization through its predict() method. | |||
| CVE-2026-31236 | critical | 9.8 | 9.8 | 24d ago | llm CLI tool contains a code injection vulnerability via `--functions` command-line argument | |||
| CVE-2026-31235 | critical | 9.8 | 9.8 | 24d ago | imgaug contains an insecure deserialization vulnerability in BackgroundAugmenter class within multicore.py module | |||
| CVE-2026-31234 | critical | 9.8 | 9.8 | 24d ago | Horovod contains an insecure deserialization vulnerability in its KVStore HTTP server component | |||
| CVE-2026-31233 | critical | 9.8 | 9.8 | 24d ago | Guardrails AI contains a code injection vulnerability in its Hub package installation mechanism | |||
| CVE-2026-31231 | critical | 9.8 | 9.8 | 24d ago | Cognee thru v0.4.0 contains a critical remote code execution vulnerability in its notebook cell execution API endpoint. The endpoint is designed to execute arbitrary Python code provided by the user,… | |||
| CVE-2026-31230 | critical | 9.8 | 9.8 | 24d ago | The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component (robustness_evaluation_fgsm_pytorch.py). The script uses the un… | |||
| CVE-2026-31229 | critical | 9.8 | 9.8 | 24d ago | The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains an insecure deserialization vulnerability (CWE-502) in its Kubeflow component's model loading functionality. When loading model weights f… | |||
| CVE-2026-26083 | critical | 9.8 | 9.8 | 24d ago | A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud 5.0.2 through 5.0.5, FortiSandbox PaaS 23.4 all versions, Fort… | |||
| CVE-2026-43992 | critical | 9.8 | 9.8 | 24d ago | JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, every MCP write tool (send_tokens, execute_contract, instantiate_contract, upload_wasm, ibc_transfer, etc.) accept… | |||
| CVE-2026-42074 | critical | 9.8 | 9.8 | 24d ago | OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the dangerouslyDisableSandbox parameter is exposed as part of the BashToo… | |||
| CVE-2026-43512 | critical | 9.8 | 9.8 | 24d ago | DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, fr… | |||
| CVE-2026-41293 | critical | 9.8 | 9.8 | 24d ago | Improper Input Validation vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 10.0.0… | |||
| CVE-2026-34187 | critical | 9.8 | 9.8 | 24d ago | Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via graph container parameter. This issue affects Pandora FMS: from 777 through 800 | |||
| CVE-2026-31228 | critical | 9.8 | 9.8 | 24d ago | The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorch models uses the unsafe ev… | |||
| CVE-2026-31226 | critical | 9.8 | 9.8 | 24d ago | The TinyZero project thru commit 6652a63c57fa7e5ccde3fc9c598c7176ff15b839 (2025-58-24) contains a critical command injection vulnerability (CWE-78) in its HDFS file operation utilities. The vulnerabi… | |||
| CVE-2026-31220 | critical | 9.8 | 9.8 | 24d ago | PySyft server-side arbitrary Python execution after code approval | |||
| CVE-2026-31217 | critical | 9.8 | 9.8 | 24d ago | The _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f (2024-07-21) allows arbitrary code execution. When a user … | |||
| CVE-2026-31214 | critical | 9.8 | 9.8 | 24d ago | The torch-checkpoint-shrink.py script in the ml-engineering project in commit 0099885db36a8f06556efe1faf552518852cb1e0 (2025-20-27) contains an insecure deserialization vulnerability (CWE-502). The s… | |||
| CVE-2026-43284 | high | 8.8 | 9.8 | 25d ago | Important: kernel security update | |||
| CVE-2026-43914 | critical | 9.8 | 9.8 | 25d ago | Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.4, there is a security vulnerability in Vaultwarden that allows bypassing the login brute-force protection if email 2fa is … | |||
| CVE-2026-8305 | critical | 9.8 | 9.8 | 25d ago | A vulnerability was detected in OpenClaw up to 2026.1.24. The impacted element is the function handleBlueBubblesWebhookRequest of the file extensions/bluebubbles/src/monitor.ts of the component blueb… | |||
| CVE-2026-7210 | critical | 9.8 | 9.8 | 25d ago | `xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this… | |||
| CVE-2026-43995 | critical | 9.8 | 9.8 | 25d ago | Flowise: SSRF Protection Bypass via Direct node-fetch / axios Usage (Patch Enforcement Failure) | |||
| CVE-2026-38567 | critical | 9.8 | 9.8 | 25d ago | HireFlow v1.2 is vulnerable to SQL injection in the /login and /search endpoints. User-supplied input is concatenated directly into SQL queries without parameterization. An unauthenticated attacker c… | |||
| CVE-2026-35157 | critical | 9.8 | 9.8 | 25d ago | Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability in the UI. An unauthentic… | |||
| CVE-2026-8263 | critical | 9.8 | 9.8 | 26d ago | A security flaw has been discovered in Tenda AC6 15.03.06.49_multi_TDE01. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet of the component httpd. Performing a manipula… | |||
| CVE-2026-7261 | critical | 9.8 | 9.8 | 26d ago | In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when SoapServer is configured with SOAP_PERSISTENCE_SESSION, the handler object is persisted acr… | |||
| CVE-2026-6722 | critical | 9.8 | 9.8 | 26d ago | In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global m… | |||
| CVE-2026-6665 | critical | 9.8 | 9.8 | 28d ago | The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat() correctly when building the contents of the SCRAM client-final-message. A malicious backend that sends a SCRAM se… | |||
| CVE-2026-42354 | critical | 9.8 | 9.8 | 28d ago | Sentry's improper authentication on SAML SSO process allows user identity linking | |||
| CVE-2026-42302 | critical | 9.8 | 9.8 | 28d ago | FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution (RCE). The star… | |||
| CVE-2026-42298 | critical | 9.8 | 9.8 | 28d ago | Postiz is an AI social media scheduling tool. Prior to commit da44801, a "Pwn Request" vulnerability in the Build and Publish PR Docker Image workflow (.github/workflows/pr-docker-build.yml) allows a… | |||
| CVE-2026-37709 | critical | 9.8 | 9.8 | 28d ago | Snipe-IT has insecure permissions in file uploads | |||
| CVE-2026-44400 | critical | 9.8 | 9.8 | 28d ago | MailEnable Enterprise Premium 10.55 and earlier contains an improper authorization vulnerability in the WebAdmin mobile portal that allows attackers to bypass authentication checks by reusing Authent… | |||
| CVE-2026-42072 | critical | 9.8 | 9.8 | 28d ago | NornicDB has Improper Network Binding in its Bolt Server, allowing unauthorized remote access | |||
| CVE-2026-41889 | critical | 9.8 | 9.8 | 28d ago | pgx: SQL Injection via placeholder confusion with dollar quoted string literals | |||
| CVE-2026-38360 | critical | 9.8 | 9.8 | 28d ago | Directory Traversal vulnerability in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execute arbitrary code via the dash_uploader/httprequesthandler.py, aseHttpRequestHan… | |||
| CVE-2026-43465 | critical | 9.8 | 9.8 | 28d ago | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: RX, Fix XDP multi-buf frag counting for striding RQ XDP multi-buf programs can modify the layout of the XDP buffer whe… | |||
| CVE-2026-43414 | critical | 9.8 | 9.8 | 28d ago | In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Completely fix fcport double free In qla24xx_els_dcmd_iocb() sp->free is set to qla2x00_els_dcmd_sp_free(). When a… | |||
| CVE-2026-43402 | critical | 9.8 | 9.8 | 28d ago | In the Linux kernel, the following vulnerability has been resolved: kthread: consolidate kthread exit paths to prevent use-after-free Guillaume reported crashes via corrupted RCU callback function … | |||
| CVE-2026-43384 | critical | 9.8 | 9.8 | 28d ago | In the Linux kernel, the following vulnerability has been resolved: net/tcp-ao: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the… | |||
| CVE-2026-43379 | critical | 9.8 | 9.8 | 28d ago | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in smb_lazy_parent_lease_break_close() opinfo pointer obtained via rcu_dereference(fp->f_opinfo) is bei… | |||
| CVE-2026-43376 | critical | 9.8 | 9.8 | 28d ago | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free by using call_rcu() for oplock_info ksmbd currently frees oplock_info immediately using kfree(), even t… | |||
| CVE-2026-41574 | critical | 9.8 | 9.8 | 28d ago | Nhost Vulnerable to Account Takeover via OAuth Email Verification Bypass | |||
| CVE-2026-37431 | critical | 9.8 | 9.8 | 28d ago | Beauty Parlour Management System v1.1 was discovered to contain a SQL injection vulnerability via the aptnumber parameter in the /appointment-detail.php endpoint. This vulnerability allows attackers … | |||
| CVE-2026-44335 | critical | 9.8 | 9.8 | 28d ago | PraisonAI has an SSRF bypass | |||
| CVE-2026-43341 | critical | 9.8 | 9.8 | 28d ago | In the Linux kernel, the following vulnerability has been resolved: net/ipv6: ioam6: prevent schema length wraparound in trace fill ioam6_fill_trace_data() stores the schema contribution to the tra… | |||
| CVE-2026-43304 | critical | 9.8 | 9.8 | 28d ago | In the Linux kernel, the following vulnerability has been resolved: libceph: define and enforce CEPH_MAX_KEY_LEN When decoding the key, verify that the key material would fit into a fixed-size buff… | |||
| CVE-2026-41509 | critical | 9.8 | 9.8 | 28d ago | CROSS implementation contains reference and optimized implementations of the CROSS post-quantum signature algorithm. Prior to commit fc6b7e7, there is a buffer overflow in crypto_sign_open() caused b… | |||
| CVE-2026-41507 | critical | 9.8 | 9.8 | 28d ago | Remote Code Execution (RCE) via String Literal Injection into math-codegen | |||
| CVE-2026-41497 | critical | 9.8 | 9.8 | 28d ago | PraisonAI has an incomplete fix for CVE-2026-34935 - OS Command Injection | |||
| CVE-2026-8153 | critical | 9.8 | 9.8 | 28d ago | OS command injection in Dashboard Server interface in Universal Robots PolyScope versions prior to 5.25.1 allows unauthenticated attacker to craft commands that will execute code on the robot's OS. |