CVEs from 2026
Total
14,199
critical
critical 1,258
high
high 4,728
medium
medium 4,538
low
low 495
% Critical
8.9%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 522
- firepower_threat_defense_software 300
- firepower_threat_defense 298
- gcp 247
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-8540 | high | 8.8 | 8.8 | 21d ago | Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-8532 | high | 8.8 | 8.8 | 21d ago | Integer overflow in XML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-8531 | high | 8.8 | 8.8 | 21d ago | Heap buffer overflow in WebML in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity… | |||
| CVE-2026-8529 | high | 8.8 | 8.8 | 21d ago | Heap buffer overflow in Codecs in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted video file. (Chromium security severity: Hig… | |||
| CVE-2026-8527 | high | 8.8 | 8.8 | 21d ago | Insufficient validation of untrusted input in Downloads in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severi… | |||
| CVE-2026-8526 | high | 8.8 | 8.8 | 21d ago | Out of bounds write in WebRTC in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-8524 | high | 8.8 | 8.8 | 21d ago | Out of bounds write in WebAudio in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Hig… | |||
| CVE-2026-8522 | high | 8.8 | 8.8 | 21d ago | Use after free in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-8519 | high | 8.8 | 8.8 | 21d ago | Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: … | |||
| CVE-2026-8518 | high | 8.8 | 8.8 | 21d ago | Use after free in Blink in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-8517 | high | 8.8 | 8.8 | 21d ago | Object lifecycle issue in WebShare in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a cra… | |||
| CVE-2026-8509 | high | 8.8 | 8.8 | 21d ago | Heap buffer overflow in WebML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Criti… | |||
| CVE-2026-43909 | high | 8.8 | 8.8 | 21d ago | OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in t… | |||
| CVE-2026-43908 | high | 8.8 | 8.8 | 21d ago | OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in t… | |||
| CVE-2026-8621 | high | 8.8 | 8.8 | 21d ago | Crabbox: authentication bypass vulnerability that allows impersonation of others by spoofing identity headers | |||
| CVE-2026-44827 | high | 8.8 | 8.8 | 21d ago | Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, diffusers 0.37.0 allows remote code execution without the trust_remote_code=True safeguard when loading pipelines from Hu… | |||
| CVE-2026-44513 | high | 8.8 | 8.8 | 21d ago | Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trust_remote_code bypass in DiffusionPipeline.from_pretrained allows arbitrary remote code execution despite the user p… | |||
| CVE-2026-44849 | high | 8.8 | 8.8 | 21d ago | Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before … | |||
| CVE-2026-44848 | high | 8.8 | 8.8 | 21d ago | Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before … | |||
| CVE-2026-6638 | high | 8.8 | 8.8 | 21d ago | SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute arbitrary SQL with the subscription's publication-side credenti… | |||
| CVE-2026-6637 | high | 8.8 | 8.8 | 21d ago | Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if… | |||
| CVE-2026-6477 | high | 8.8 | 8.8 | 21d ago | Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions allows the server superuser to overwrite a cli… | |||
| CVE-2026-6475 | high | 8.8 | 8.8 | 21d ago | Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system accou… | |||
| CVE-2026-6473 | high | 8.8 | 8.8 | 21d ago | Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code… | |||
| CVE-2026-6506 | high | 8.8 | 8.8 | 22d ago | The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.1.2. This is due to the infusedwoo_gdpr_upddata() function missing authorization … | |||
| CVE-2026-45229 | high | 8.8 | 8.8 | 22d ago | Quark Drive before 0.8.5 contains a mass assignment vulnerability in the POST /update endpoint that allows authenticated attackers to overwrite administrator credentials by posting an arbitrary webui… | |||
| CVE-2026-6281 | high | 8.8 | 8.8 | 22d ago | A potential vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user on the local network to execute arbitrary commands on the device. | |||
| CVE-2026-44293 | high | 8.8 | 8.8 | 22d ago | protobuf.js: Code injection through bytes field defaults in generated toObject code | |||
| CVE-2026-41957 | high | 8.8 | 8.8 | 22d ago | An authenticated remote code execution vulnerability through undisclosed vectors exists in the BIG-IP and BIG-IQ Configuration utility. Note: Software versions which have reached End of Technical S… | |||
| CVE-2026-3425 | high | 8.8 | 8.8 | 22d ago | The RTMKit Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.2 via the 'path' parameter of the 'get_content' AJAX action. This … | |||
| CVE-2026-8201 | high | 8.8 | 8.8 | 23d ago | A use-after-free vulnerability exists in MongoDB's Field-Level Encryption (FLE) query analysis component, affecting client-side uses of mongocryptd and crypt_shared. Triggering this vulnerability req… | |||
| CVE-2026-8053 | high | 8.8 | 8.8 | 23d ago | An issue in MongoDB Server's time-series collection implementation allows an authenticated user with database write privileges to trigger an out-of-bounds memory write in the mongod process. The issu… | |||
| CVE-2026-28955 | high | 8.8 | 8.8 | 23d ago | visionOS 26.5 | |||
| CVE-2026-28847 | high | 8.8 | 8.8 | 23d ago | visionOS 26.5 | |||
| CVE-2026-28947 | high | 8.8 | 8.8 | 23d ago | visionOS 26.5 | |||
| CVE-2026-42289 | high | 8.8 | 8.8 | 23d ago | ChurchCRM is an open-source church management system. Prior to 7.3.2, UserEditor.php processes user account creation and permission updates entirely through $_POST parameters with no CSRF token valid… | |||
| CVE-2026-45227 | high | 8.8 | 8.8 | 23d ago | Heym before 0.0.21 contains a sandbox escape vulnerability in the custom Python tool executor that allows authenticated workflow authors to bypass sandbox restrictions by using object-graph introspec… | |||
| CVE-2026-44871 | high | 8.8 | 8.8 | 23d ago | Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabiliti… | |||
| CVE-2026-44224 | high | 8.8 | 8.8 | 23d ago | Wiki.js is an open source wiki app built on Node.js. Prior to 2.5.313, the users.update GraphQL mutation accepts an arbitrary groups array and applies it directly to the database with no validation o… | |||
| CVE-2026-7474 | high | 8.8 | 8.8 | 23d ago | HashiCorp Nomad vulnerable to a path traversal | |||
| CVE-2026-44870 | high | 8.8 | 8.8 | 23d ago | Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabiliti… | |||
| CVE-2026-44869 | high | 8.8 | 8.8 | 23d ago | Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remo… | |||
| CVE-2026-44868 | high | 8.8 | 8.8 | 23d ago | Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remo… | |||
| CVE-2026-44867 | high | 8.8 | 8.8 | 23d ago | Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remo… | |||
| CVE-2026-44866 | high | 8.8 | 8.8 | 23d ago | Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remo… | |||
| CVE-2026-8429 | high | 8.8 | 8.8 | 23d ago | SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the private space that allows attackers to execute arbitrary code in the context of the web server. Attackers can exploi… | |||
| CVE-2026-23819 | high | 8.8 | 8.8 | 23d ago | A vulnerability in the web-based management interface of Access Points running AOS-10 and AOS-8 Instant could allow an unauthenticated remote attacker to execute arbitrary JavaScript code in a victim… | |||
| CVE-2026-31225 | high | 8.8 | 8.8 | 23d ago | Superduper: Remote code execution via unsafe eval in superduper query parsing | |||
| CVE-2026-31222 | high | 8.8 | 8.8 | 23d ago | Snorkel Trainer.load uses an unsafe torch.load | |||
| CVE-2026-43892 | high | 8.8 | 8.8 | 23d ago | AntSword is a cross-platform website management toolkit. Prior to 2.1.16, incomplete noxss() sanitization leads to 1-click RCE via jquery.terminal format code injection. This vulnerability is fixed i… | |||
| CVE-2026-41613 | high | 8.8 | 8.8 | 23d ago | Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network. | |||
| CVE-2026-41109 | high | 8.8 | 8.8 | 23d ago | Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature ove… | |||
| CVE-2026-41094 | high | 8.8 | 8.8 | 23d ago | Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network. | |||
| CVE-2026-41086 | high | 8.8 | 8.8 | 23d ago | Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network. | |||
| CVE-2026-40420 | high | 8.8 | 8.8 | 23d ago | Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-40403 | high | 8.8 | 8.8 | 23d ago | Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally. | |||
| CVE-2026-40370 | high | 8.8 | 8.8 | 23d ago | External control of file name or path in SQL Server allows an authorized attacker to execute code over a network. | |||
| CVE-2026-40365 | high | 8.8 | 8.8 | 23d ago | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||
| CVE-2026-40357 | high | 8.8 | 8.8 | 23d ago | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||
| CVE-2026-35439 | high | 8.8 | 8.8 | 23d ago | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||
| CVE-2026-35436 | high | 8.8 | 8.8 | 23d ago | Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-34329 | high | 8.8 | 8.8 | 23d ago | Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network. | |||
| CVE-2026-33112 | high | 8.8 | 8.8 | 23d ago | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||
| CVE-2026-33110 | high | 8.8 | 8.8 | 23d ago | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||
| CVE-2026-31232 | high | 8.8 | 8.8 | 23d ago | The CosyVoice project thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its model loading process. When loading model f… | |||
| CVE-2026-25088 | high | 8.8 | 8.8 | 23d ago | An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiNDR 7.6.0 through 7.6.2, FortiNDR 7.4.0 through 7.4.9, FortiNDR 7.2 all versions… | |||
| CVE-2026-31224 | high | 8.8 | 8.8 | 23d ago | Snorkel MultitaskClassifier.load uses an unsafe torch.load | |||
| CVE-2026-31223 | high | 8.8 | 8.8 | 23d ago | Snorkel BaseLabeler.load uses an unsafe pickle.load | |||
| CVE-2026-31219 | high | 8.8 | 8.8 | 23d ago | The _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f (2024-07-21) is vulnerable to insecure deserialization (CW… | |||
| CVE-2026-31218 | high | 8.8 | 8.8 | 23d ago | The _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f (2024-07-21) is vulnerable to insecure deserialization (CW… | |||
| CVE-2026-30810 | high | 8.8 | 8.8 | 23d ago | Server-Side Request Forgery vulnerability allows Privilege Escalation via API Checker extension. This issue affects Pandora FMS: from 777 through 800 | |||
| CVE-2026-30807 | high | 8.8 | 8.8 | 23d ago | Cross-Site Request Forgery vulnerability allows an attacker to perform unauthorized actions via crafted web page. This issue affects Pandora FMS: from 777 through 800 | |||
| CVE-2026-8111 | high | 8.8 | 8.8 | 23d ago | SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution. | |||
| CVE-2026-43937 | high | 8.8 | 8.8 | 23d ago | YAFNET: Pre-Handler Authorization Bypass on Admin Pages Enables Blind SQL Execution via `/Admin/RunSql` | |||
| CVE-2026-2465 | high | 8.8 | 8.8 | 23d ago | Incorrect Authorization vulnerability in E-Kalite Software Hardware Engineering Design and Internet Services Industry and Trade Ltd. Co. Turboard FOR-S allows Privilege Escalation. This issue affect… | |||
| CVE-2026-6001 | high | 8.8 | 8.8 | 23d ago | Authorization bypass through User-Controlled key vulnerability in ABIS Technology Ltd. Co. BAPSİS allows Exploitation of Trusted Identifiers. This issue affects BAPSİS: before v.202604152042. | |||
| CVE-2026-1185 | high | 8.8 | 8.8 | 24d ago | A configuration file on the local file system had improper input validation which could allow code execution and potentially lead to privilege escalation. This vulnerability can only be exploited if … | |||
| CVE-2026-7256 | high | 8.8 | 8.8 | 24d ago | ** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the LAN to execute operat… | |||
| CVE-2026-8346 | high | 8.8 | 8.8 | 24d ago | A vulnerability was detected in D-Link DIR-816 1.10CNB05_R1B011D88210. This affects the function portForward. Performing a manipulation of the argument ip_address results in command injection. The at… | |||
| CVE-2026-42559 | high | 8.8 | 8.8 | 24d ago | rmcp Streamable HTTP server transport has a DNS rebinding vulnerability | |||
| CVE-2026-8345 | high | 8.8 | 8.8 | 24d ago | A security vulnerability has been detected in D-Link DIR-816 1.10CNB05_R1B011D88210. Affected by this issue is the function sub_445E7C of the file /goform/singlePortForward. Such manipulation of the … | |||
| CVE-2026-8344 | high | 8.8 | 8.8 | 24d ago | A weakness has been identified in D-Link DIR-816 1.10CNB05_R1B011D88210. Affected by this vulnerability is the function sub_445E7C of the file /goform/formDMZ.cgi. This manipulation causes command in… | |||
| CVE-2026-41489 | high | 8.8 | 8.8 | 24d ago | Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to before Core 6.4.2 and FTL 6.6.1, two shell scripts executed as root by s… | |||
| CVE-2026-36734 | high | 8.8 | 8.8 | 24d ago | EDIMAX BR-6428nS V3 1.15 is vulnerable to Command Injection. An authenticated attacker with access to the network can submit crafted input to the WLAN configuration functionality. Due to insufficient… | |||
| CVE-2026-45223 | high | 8.8 | 8.8 | 24d ago | Crabbox before 0.9.0 contains an authentication bypass vulnerability in the coordinator user-token verification path where the verifyUserToken() function fails to reject payloads containing an admin … | |||
| CVE-2026-45006 | high | 8.8 | 8.8 | 24d ago | OpenClaw before 2026.4.23 contains an improper access control vulnerability in the gateway tool's config.apply and config.patch operations that allows compromised models to write unsafe configuration… | |||
| CVE-2026-42603 | high | 8.8 | 8.8 | 24d ago | OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Prior to 2.1.2, .github/workflows/pre-commit-fix.yaml uses pull_request_ta… | |||
| CVE-2026-7816 | high | 8.8 | 8.8 | 24d ago | pgAdmin 4: OS command injection vulnerability in Import/Export query export | |||
| CVE-2026-7815 | high | 8.8 | 8.8 | 24d ago | SQL injection vulnerability in pgAdmin 4 Maintenance Tool | |||
| CVE-2026-44521 | high | 8.8 | 8.8 | 24d ago | elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Prior to 2.1.68, an authenticated SQL injection vulnerability in the elFinder MySQL volume driver (elFinderVolu… | |||
| CVE-2026-44345 | high | 8.8 | 8.8 | 24d ago | BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, src/bentoml/_internal/container/frontend/dockerfile/templates/base_v2.j2 in… | |||
| CVE-2026-32658 | high | 8.8 | 8.8 | 24d ago | Dell Automation Platform versions prior to 2.0.0.0, contains a missing authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading … | |||
| CVE-2026-43500 | high | 7.8 | 8.8 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present The DATA-packet handler in rxrpc_input_call_event() and th… | |||
| CVE-2026-8264 | high | 8.8 | 8.8 | 25d ago | A weakness has been identified in Tenda AC6 15.03.06.23. Affected by this vulnerability is the function formWifiApScan of the file /goform/WifiApScan of the component httpd. Executing a manipulation … | |||
| CVE-2026-8260 | high | 8.8 | 8.8 | 25d ago | A vulnerability was found in D-Link DCS-935L up to 1.10.01. The impacted element is the function SetDeviceSettings of the file /web/cgi-bin/hnap/hnap_service of the component HNAP Service. The manipu… | |||
| CVE-2026-28978 | high | 8.8 | 8.8 | 25d ago | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. A malicious app may be able to break out of its san… | |||
| CVE-2026-28923 | high | 8.8 | 8.8 | 25d ago | A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. A malicious app may be able to break out of its sandbox. | |||
| CVE-2026-28995 | high | 8.8 | 8.8 | 25d ago | visionOS 26.5 | |||
| CVE-2026-28940 | high | 8.8 | 8.8 | 25d ago | visionOS 26.5 | |||
| CVE-2026-8234 | high | 8.8 | 8.8 | 26d ago | A security vulnerability has been detected in EFM ipTIME A8004T 14.18.2. This vulnerability affects the function formWifiBasicSet of the file /goform/WifiBasicSet. The manipulation of the argument se… |