CVEs from 2026
Total
14,367
critical
critical 1,267
high
high 4,864
medium
medium 4,567
low
low 496
% Critical
8.8%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 522
- firepower_threat_defense_software 300
- firepower_threat_defense 298
- gcp 247
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-32814 | medium | 6.5 | 6.5 | 16d ago | libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, when decoding a HEIF grid image with strict_decoding=false (the default), a corrupted tile silently fails to … | |||
| CVE-2026-32739 | medium | 6.5 | 6.5 | 16d ago | libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in Box_stts::get_sample_duration(), consuming 1… | |||
| CVE-2026-8096 | medium | 6.5 | 6.5 | 16d ago | The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.6. This is due to the plugin not p… | |||
| CVE-2026-32738 | medium | 6.5 | 6.5 | 16d ago | libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samples_per_chunk=0 in the stsc box causes an unsigned integer und… | |||
| CVE-2026-8706 | medium | 6.5 | 6.5 | 17d ago | Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another application on the same device to request arbitrary URLs and receive the response rendered with the signed-… | |||
| CVE-2026-8971 | medium | 6.5 | 6.5 | 17d ago | Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. | |||
| CVE-2026-8951 | medium | 6.5 | 6.5 | 17d ago | Spoofing issue in the Toolbar component in Firefox for Android. This vulnerability was fixed in Firefox 151. | |||
| CVE-2026-23557 | medium | 6.5 | 6.5 | 17d ago | Any guest can cause xenstored to crash by issuing a XS_RESET_WATCHES command within a transaction due to an assert() triggering. In case xenstored was built with NDEBUG #defined nothing bad will hap… | |||
| CVE-2026-37979 | medium | 6.5 | 6.5 | 17d ago | Keycloak: Information disclosure via OIDC token introspection endpoint audience bypass | |||
| CVE-2026-45187 | medium | 6.5 | 6.5 | 17d ago | Improper Authorization vulnerability in Apache OFBiz Webtools. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. | |||
| CVE-2026-35086 | medium | 6.5 | 6.5 | 17d ago | Improper Control of Generation of Code ('Code Injection') vulnerability in email services of Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to vers… | |||
| CVE-2026-31380 | medium | 6.5 | 6.5 | 17d ago | Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06… | |||
| CVE-2026-31378 | medium | 6.5 | 6.5 | 17d ago | Improper Input Validation vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. | |||
| CVE-2026-29220 | medium | 6.5 | 6.5 | 17d ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to v… | |||
| CVE-2026-29207 | medium | 6.5 | 6.5 | 17d ago | Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24… | |||
| CVE-2026-28733 | medium | 6.5 | 6.5 | 17d ago | in OpenHarmony v6.0 and prior versions allow a local attacker arbitrary code execution. | |||
| CVE-2026-27737 | medium | 6.5 | 6.5 | 17d ago | BigBlueButton is an open-source virtual classroom. In versions prior to 3.0.19, the recording playback (presentation format) was not sanitizing user's input in public chat. This allowed for a malicio… | |||
| CVE-2026-45679 | medium | 6.5 | 6.5 | 18d ago | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI exports raw Redis error text as the span status message. Because Redi… | |||
| CVE-2026-8843 | medium | 6.5 | 6.5 | 18d ago | Creating a "2dsphere_bucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A simi… | |||
| CVE-2026-20685 | medium | 6.5 | 6.5 | 18d ago | An attacker in a privileged network position may be able to leak sensitive information. A path handling issue was addressed with improved validation. This issue is fixed in PCC Release 5E290.3. | |||
| CVE-2026-45609 | medium | 6.5 | 6.5 | 18d ago | mcp-security provides Security and Authorization support for Model Context Protocol in Spring AI. Prior to 0.1.9, the mcp-security framework fails to implement the mandatory SSRF mitigations outlined… | |||
| CVE-2026-45582 | medium | 6.5 | 6.5 | 18d ago | n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.51.3, the workflow telemetry sanitizer could retain partial fragments of … | |||
| CVE-2026-6345 | medium | 6.5 | 6.5 | 18d ago | Mattermost doesn't prevent disclosure of created user password | |||
| CVE-2026-5163 | medium | 6.5 | 6.5 | 18d ago | Mattermost doesn't verify channel membership when processing AI-assisted message rewrites | |||
| CVE-2026-3471 | medium | 6.5 | 6.5 | 18d ago | Mattermost Desktop App versions <=6.1 6.0.1 5.4.13.0 fail to prevent an invalid URL from loading in a pop-up window in the Mattermost Desktop App which allows a malicious server owner to repeated cra… | |||
| CVE-2026-3117 | medium | 6.5 | 6.5 | 18d ago | Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0 fail to properly check for permissions when processing commands in the Gitlab plugin which allows normal users to uninstall instances or se… | |||
| CVE-2026-6340 | medium | 6.5 | 6.5 | 18d ago | Mattermost doesn't validate 7zip archive structure before processing | |||
| CVE-2026-2325 | medium | 6.5 | 6.5 | 18d ago | Mattermost doesn't limit the size of the request body on the start meeting API endpoint | |||
| CVE-2026-33637 | medium | 6.5 | 6.5 | 18d ago | Faraday has a possible incomplete fix for GHSA-33mh-2634-fwr2: protocol-relative URI objects still bypass host scoping | |||
| CVE-2026-8769 | medium | 6.5 | 6.5 | 18d ago | @ai-sdk/provider-utils has an Uncontrolled Resource Consumption issue | |||
| CVE-2026-8766 | medium | 6.5 | 6.5 | 18d ago | @kilocode/cli Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor | |||
| CVE-2026-8765 | medium | 6.5 | 6.5 | 18d ago | A vulnerability was detected in Kilo-Org kilocode up to 7.0.47. This vulnerability affects the function Bun.file of the file packages/opencode/src/kilocode/review/worktree-diff.ts of the component Fi… | |||
| CVE-2026-8746 | medium | 6.5 | 6.5 | 19d ago | A security flaw has been discovered in Open5GS up to 2.7.7. Affected by this issue is the function discover_handler in the library /lib/sbi/nghttp2-server.c of the component NRF. The manipulation res… | |||
| CVE-2026-8745 | medium | 6.5 | 6.5 | 19d ago | A vulnerability was identified in Open5GS up to 2.7.7. Affected by this vulnerability is the function ogs_timer_add in the library /src/ausf/nausf-handler.c of the component AUSF. The manipulation le… | |||
| CVE-2026-8744 | medium | 6.5 | 6.5 | 19d ago | A vulnerability was determined in Open5GS up to 2.7.7. Affected is the function ogs_sbi_subscription_data_add/ogs_sbi_nf_service_add in the library /lib/sbi/context.c of the component NRF. Executing … | |||
| CVE-2026-8738 | medium | 6.5 | 6.5 | 19d ago | A security vulnerability has been detected in Sanluan PublicCMS 5.202506.d. Impacted is the function TradeOrderController.pay/TradePaymentController.pay/AccountGatewayComponent.pay of the file public… | |||
| CVE-2026-8731 | medium | 6.5 | 6.5 | 19d ago | A vulnerability has been found in Open5GS up to 2.7.7. Affected is the function ogs_sbi_client_add in the library /lib/sbi/client.c of the component NRF. The manipulation of the argument client_pool … | |||
| CVE-2026-8730 | medium | 6.5 | 6.5 | 19d ago | A flaw has been found in Open5GS up to 2.7.6. This impacts the function ogs_sbi_nf_instance_set_id in the library /lib/sbi/context.c of the component NRF. Executing a manipulation of the argument nfI… | |||
| CVE-2026-8729 | medium | 6.5 | 6.5 | 19d ago | A vulnerability was detected in Open5GS up to 2.7.7. This affects an unknown function in the library /lib/sbi/message.c of the component NRF. Performing a manipulation of the argument service-names/s… | |||
| CVE-2026-8728 | medium | 6.5 | 6.5 | 19d ago | A security vulnerability has been detected in Open5GS up to 2.7.7. The impacted element is the function ogs_sbi_discovery_option_parse_plmn_list in the library /lib/sbi/conv.c of the component NRF. S… | |||
| CVE-2026-46719 | medium | 6.5 | 6.5 | 20d ago | Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections. The metric names were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject add… | |||
| CVE-2026-8704 | medium | 6.5 | 6.5 | 20d ago | Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified. | |||
| CVE-2026-45667 | medium | 6.5 | 6.5 | 20d ago | Open WebUI: Unauthenticated endpoint can trigger embedding generation (cost/DoS) | |||
| CVE-2026-45666 | medium | 6.5 | 6.5 | 20d ago | Open WebUI has an Indirect Object Reference (IDOR) in user notes | |||
| CVE-2026-45351 | medium | 6.5 | 6.5 | 20d ago | Open WebUI Exposes System Prompt to Regular User [Non-Admin] | |||
| CVE-2026-45345 | medium | 6.5 | 6.5 | 20d ago | Open WebUI missing authorization check at the model update function - models from other users can be updated | |||
| CVE-2026-44571 | medium | 6.5 | 6.5 | 20d ago | Open WebUI's Improper Authorization in Standard Channels Allows Message Updates with Read Permission | |||
| CVE-2026-45008 | medium | 6.5 | 6.5 | 20d ago | phpMyFAQ before 4.1.2 contains a path traversal vulnerability in Client::deleteClientFolder that allows admins with INSTANCE_DELETE permission to delete arbitrary directories. Attackers can submit tr… | |||
| CVE-2026-44562 | medium | 6.5 | 6.5 | 20d ago | Open WebUI's Model Import Overwrites Any Model Without Ownership Check | |||
| CVE-2026-44560 | medium | 6.5 | 6.5 | 20d ago | Open WebUI has Unauthorized File and Knowledge Base Content Access via RAG Vector Search | |||
| CVE-2026-4054 | medium | 6.5 | 6.5 | 20d ago | Mattermost doesn't validate the response body of proxied images | |||
| CVE-2026-46362 | medium | 6.5 | 6.5 | 20d ago | phpMyFAQ before 4.1.2 contains an authorization bypass vulnerability in AbstractAdministrationController::userHasPermission() that fails to terminate execution after sending a forbidden response. Att… | |||
| CVE-2026-45619 | medium | 6.5 | 6.5 | 20d ago | WWBN AVideo is an open source video platform. In 29.0 and earlier, EpgParser.php, plugin/AI/receiveAsync.json.php, and other locations do not use the $resolvedIP out-param of isSSRFSafeURL() for DNS … | |||
| CVE-2026-45610 | medium | 6.5 | 6.5 | 20d ago | WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a cross-site request forgery vulnerability on the 2FA toggle. plugin/LoginControl/set.json.php accepts POST type=set2FA val… | |||
| CVE-2026-45773 | medium | 6.5 | 6.5 | 21d ago | Trubo: Login callback CSRF/session fixation | |||
| CVE-2026-8669 | medium | 6.5 | 6.5 | 21d ago | Imager versions through 1.030 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files. Imager::File::GIF's i_readgif_multi_low allocates a single per-row buffer GifRow sized… | |||
| CVE-2026-39053 | medium | 6.5 | 6.5 | 21d ago | Oinone Pamirs 7.0.0 contains an XML External Entity (XXE) issue in its XStream-based XML parsing logic. When attacker-controlled XML is passed to framework parsing entry points such as PamirsXmlUtils… | |||
| CVE-2026-39052 | medium | 6.5 | 6.5 | 21d ago | Oinone Pamirs 7.0.0 contains a code execution vulnerability via ScriptRunner. The method ScriptRunner.run(String expression, String type, Map<String, Object> context) evaluates attacker-controlled sc… | |||
| CVE-2026-8503 | medium | 6.5 | 6.5 | 21d ago | Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator re… | |||
| CVE-2026-4683 | medium | 6.5 | 6.5 | 21d ago | The Smartcat Translator for WPML plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'routeData' REST endpoint in all versions up to, and … | |||
| CVE-2026-45339 | medium | 6.5 | 6.5 | 21d ago | Open WebUI's API key endpoint restrictions bypassed via `x-api-key` header — full message processing on restricted endpoints | |||
| CVE-2026-45306 | medium | 6.5 | 6.5 | 21d ago | pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the fix for CVE-2026-33509 prevents setting storage_folder inside PKGDIR or userdir, but does NOT protect… | |||
| CVE-2026-8570 | medium | 6.5 | 6.5 | 21d ago | Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security sev… | |||
| CVE-2026-8550 | medium | 6.5 | 6.5 | 21d ago | Use after free in Google Lens in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memo… | |||
| CVE-2026-26062 | medium | 6.5 | 6.5 | 21d ago | Fleet server may terminate unexpectedly when handling certain gRPC requests | |||
| CVE-2026-22706 | medium | 6.5 | 6.5 | 21d ago | Strapi: Password Reset Does Not Revoke Existing Refresh Sessions | |||
| CVE-2026-42572 | medium | 6.5 | 6.5 | 22d ago | Hatchet affected by cross-tenant information disclosure in `listTasksByDAGIds` | |||
| CVE-2026-41888 | medium | 6.5 | 6.5 | 22d ago | Distribution's tag deletion bypasses `storage.delete.enabled` configuration | |||
| CVE-2026-44514 | medium | 6.5 | 6.5 | 22d ago | Kubetail has a Cross-Site WebSocket Hijacking issue that allows attacker to read Kubernetes logs from authenticated users | |||
| CVE-2026-44884 | medium | 6.5 | 6.5 | 22d ago | Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before … | |||
| CVE-2026-6478 | medium | 6.5 | 6.5 | 22d ago | Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 … | |||
| CVE-2026-6670 | medium | 6.5 | 6.5 | 22d ago | The Media Sync plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.9 via the 'sub_dir' and 'media_items' parameters. This is due to insufficient validation … | |||
| CVE-2026-6225 | medium | 6.5 | 6.5 | 22d ago | The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'project_search' parameter in all versions u… | |||
| CVE-2026-5193 | medium | 6.5 | 6.5 | 22d ago | The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.5.13. This is due to insu… | |||
| CVE-2026-8280 | medium | 6.5 | 6.5 | 22d ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to cause den… | |||
| CVE-2026-4527 | medium | 6.5 | 6.5 | 22d ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to creat… | |||
| CVE-2026-4524 | medium | 6.5 | 6.5 | 22d ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to access… | |||
| CVE-2026-5486 | medium | 6.5 | 6.5 | 22d ago | The Unlimited Elements for Elementor plugin for WordPress is vulnerable to SQL Injection via the 'data[filter_search]' parameter in the get_cat_addons AJAX action in versions up to and including 2.0.… | |||
| CVE-2026-44448 | medium | 6.5 | 6.5 | 22d ago | ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.102.0 and 16.11.0, certain endpoints failed to enforce proper authorization checks, allowing users to modify data beyo… | |||
| CVE-2026-44445 | medium | 6.5 | 6.5 | 22d ago | ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.12.0, an improper restriction of XML external entity (XXE) reference vulnerability in the EDI Module enab… | |||
| CVE-2026-44426 | medium | 6.5 | 6.5 | 22d ago | ShellHub has cross-tenant IDOR in `GET /api/namespaces/:tenant` via API Key bypasses membership check | |||
| CVE-2026-44424 | medium | 6.5 | 6.5 | 22d ago | ShellHub has cross-tenant IDOR in `GET /api/devices/:uid` that discloses device data of any namespace | |||
| CVE-2026-44423 | medium | 6.5 | 6.5 | 22d ago | ShellHub has cross-tenant IDOR in `GET /api/sessions/:uid` that discloses SSH session data | |||
| CVE-2026-44195 | medium | 6.5 | 6.5 | 22d ago | OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, a logic flaw in the OPNsense lockout_handler allows an unauthenticated attacker to continuously reset the authentication fa… | |||
| CVE-2026-33378 | medium | 6.5 | 6.5 | 22d ago | Using the $__timeGroup macro, one can achieve an OOM by overloading the server. This requires a SQL datasource. If the server is set up to auto-restart, the impact is minimal or non-existent, as the … | |||
| CVE-2026-28383 | medium | 6.5 | 6.5 | 22d ago | A request to the Grafana plugin resources endpoint can cause unbounded memory allocation by reading the entire request body into memory. An authenticated user can exploit this to trigger an out-of-me… | |||
| CVE-2026-28380 | medium | 6.5 | 6.5 | 22d ago | Any Editor could delete any snapshot, even if they have no access to read or write them. | |||
| CVE-2026-28379 | medium | 6.5 | 6.5 | 22d ago | A race condition in Grafana Live allows authenticated users with Viewer role to trigger a server crash by sending concurrent requests that cause a fatal map access error. This results in complete ser… | |||
| CVE-2026-28376 | medium | 6.5 | 6.5 | 22d ago | The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a large or streaming request body, potentially leading to out-of-memory conditions. An authenticated us… | |||
| CVE-2026-42580 | medium | 6.5 | 6.5 | 22d ago | Netty vulnerable to HTTP Request Smuggling due to incorrect chunk size parsing | |||
| CVE-2026-22677 | medium | 6.5 | 6.5 | 22d ago | Hermes WebUI prior to 0.51.44 contains a path traversal vulnerability in the session import endpoint that allows authenticated attackers to read arbitrary files by importing a crafted session with an… | |||
| CVE-2026-44456 | medium | 6.5 | 6.5 | 23d ago | Hono: bodyLimit() can be bypassed for chunked / unknown-length requests | |||
| CVE-2026-42946 | medium | 6.5 | 6.5 | 23d ago | A vulnerability exists in the ngx_http_scgi_module and ngx_http_uwsgi_module modules that may result in excessive memory allocation or an over-read of data. When scgi_pass or uwsgi_pass is configured… | |||
| CVE-2026-42937 | medium | 6.5 | 6.5 | 23d ago | Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell (tmsh) arp and ndp commands, and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attack… | |||
| CVE-2026-42781 | medium | 6.5 | 6.5 | 23d ago | When embedded Packet Velocity Acceleration (ePVA) acceleration is configured, undisclosed local ethernet traffic can cause an increase in ePVA and Traffic Management Microkernel (TMM) resource utiliz… | |||
| CVE-2026-41959 | medium | 6.5 | 6.5 | 23d ago | Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell (tmsh) network diagnostics commands and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated… | |||
| CVE-2026-41219 | medium | 6.5 | 6.5 | 23d ago | An improper sanitization vulnerability exists in the BIG-IP QKView utility that allows a low-privileged attacker to read sensitive information from a QKView file. Note: Software versions which ha… | |||
| CVE-2026-40699 | medium | 6.5 | 6.5 | 23d ago | A vulnerability exists in the undisclosed pages in the Configuration utility that may allow a low-privileged authenticated attacker to access to undisclosed sensitive information. Note: Software ver… | |||
| CVE-2026-40462 | medium | 6.5 | 6.5 | 23d ago | Incorrect permission assignment vulnerabilities exist in iControl REST and TMOS shell (tmsh) undisclosed command which may allow an authenticated attacker to view sensitive information. Note: Softwa… | |||
| CVE-2026-40460 | medium | 6.5 | 6.5 | 23d ago | When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limi… |