CVEs from 2026
Total
14,117
critical
critical 1,245
high
high 4,694
medium
medium 4,470
low
low 488
% Critical
8.8%
% with KEV
0.4%
% with exploit
0.8%
Top vendors
Top products
- chrome 522
- firepower_threat_defense_software 300
- firepower_threat_defense 298
- gcp 247
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-46364 | critical | 9.8 | 9.8 | 19d ago | phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector() and BuiltinCaptcha::saveCaptcha() methods that interpolate unsanitized User-Agent h… | |||
| CVE-2026-8695 | critical | 9.8 | 9.8 | 19d ago | radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_threads_list() function that allows remote attackers to trigger memory corruption by sending a valid qfThreadInfo response followed b… | |||
| CVE-2026-44717 | critical | 9.8 | 9.8 | 19d ago | MCP Calculate Server is a mathematical calculation service based on MCP protocol and SymPy library. Prior to 0.1.1, the use of eval() to evaluate mathematical expressions without proper input sanitiz… | |||
| CVE-2026-45772 | critical | 9.8 | 9.8 | 20d ago | Turbo: Unexpected local code execution during Yarn Berry detection | |||
| CVE-2026-5229 | critical | 9.8 | 9.8 | 20d ago | The Form Notify plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.1.10. This is due to the plugin trusting user-controlled cookie data to determine which W… | |||
| CVE-2026-45288 | critical | 9.8 | 9.8 | 20d ago | Marten is a .NET Transactional Document DB and Event Store on PostgreSQL. Prior to 8.36.1, Marten's full-text search APIs interpolated the user-supplied regConfig parameter directly into the generate… | |||
| CVE-2026-26191 | critical | 9.8 | 9.8 | 20d ago | Fleet vulnerable to OS command injection in software packages | |||
| CVE-2026-41315 | critical | 9.8 | 9.8 | 20d ago | mdserver-web is a simple Linux panel. From 0.18.0 to 0.18.4, mdserver-web has a front-end unauthorized remote command execution vulnerability. Due to the lack of authentication on the /modify_crond a… | |||
| CVE-2026-42589 | critical | 9.8 | 9.8 | 21d ago | Gotenberg has Unauthenticated RCE via ExifTool Metadata Key Injection | |||
| CVE-2026-44484 | critical | 9.8 | 9.8 | 21d ago | Compromise of PyTorch Lightning PyPi Package Versions | |||
| CVE-2026-2347 | critical | 9.8 | 9.8 | 21d ago | Authorization bypass through User-Controlled key vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Session Hijacking. This issue affects E-Commerce Website: b… | |||
| CVE-2026-6510 | critical | 9.8 | 9.8 | 21d ago | The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation via missing authorization in all versions up to, and including, 5.1.2. This is due to missing nonce verification and capa… | |||
| CVE-2026-6271 | critical | 9.8 | 9.8 | 21d ago | The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7 via the CV upload handler. This is due to missing file type validation. This m… | |||
| CVE-2026-8181 | critical | 9.8 | 9.8 | 21d ago | The Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative) plugin for WordPress is vulnerable to Authentication Bypass in versions 3.4.0 to 3.4.1.1. This is due to inc… | |||
| CVE-2026-8500 | critical | 9.8 | 9.8 | 21d ago | Web::Passwd versions through 0.03 for Perl is vulnerable to RCE. Web::Passwd is a small CGI application for managing htpasswd files using the htpasswd command. The user parameter is not validated o… | |||
| CVE-2026-42581 | critical | 9.8 | 9.8 | 21d ago | Netty HTTP/1.0 TE+CL Coexistence Bypasses Smuggling Sanitization | |||
| CVE-2026-42031 | critical | 9.8 | 9.8 | 21d ago | CKAN has Unauthenticated SQL Injection and Authorization Bypass in `datastore_search_sql` | |||
| CVE-2026-45411 | critical | 9.8 | 9.8 | 21d ago | vm2 Has a Sandbox Breakout Using Async Generator | |||
| CVE-2026-44009 | critical | 9.8 | 9.8 | 21d ago | vm2 has Sandbox Breakout Through Null Proto Exception | |||
| CVE-2026-44008 | critical | 9.8 | 9.8 | 21d ago | vm2 has sandbox breakout via `neutralizeArraySpeciesBatch` | |||
| CVE-2026-45083 | critical | 9.8 | 9.8 | 22d ago | The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. From 4.8.0 to before 26.04.1, the Goobi viewer REST endpoint POST /api/v1/index/stream accepted … | |||
| CVE-2026-42062 | critical | 9.8 | 9.8 | 22d ago | ELECOM wireless LAN access point devices contain an OS command injection in processing of username parameter. If processing a crafted request, an arbitrary OS command may be executed. No authenticati… | |||
| CVE-2026-40621 | critical | 9.8 | 9.8 | 22d ago | ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication. | |||
| CVE-2026-32661 | critical | 9.8 | 9.8 | 22d ago | Stack-based buffer overflow vulnerability exists in GUARDIANWALL MailSuite and GUARDIANWALL Mail Security Cloud (SaaS version). If a remote attacker sends a specially crafted request to the product's… | |||
| CVE-2026-44649 | critical | 9.8 | 9.8 | 22d ago | SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0,… | |||
| CVE-2026-42854 | critical | 9.8 | 9.8 | 22d ago | arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer multipart form parser in arduino-esp32 allocates a … | |||
| CVE-2026-45185 | critical | 9.8 | 9.8 | 22d ago | Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a C… | |||
| CVE-2026-44343 | critical | 9.8 | 9.8 | 22d ago | WGDashboard is a dashboard for WireGuard VPN. Prior to 4.3.2, there are critical vulnerabilities affecting WGDashboard that, if exploited, could allow unauthorized parties to access the host file sys… | |||
| CVE-2026-44183 | critical | 9.8 | 9.8 | 22d ago | Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, TrustedNetworkAuthenticationHandler.… | |||
| CVE-2026-41096 | critical | 9.8 | 9.8 | 22d ago | Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network. | |||
| CVE-2026-41089 | critical | 9.8 | 9.8 | 22d ago | Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network. | |||
| CVE-2026-31239 | critical | 9.8 | 9.8 | 22d ago | mamba language model framework vulnerable to insecure deserialization when loading pre-trained models from HuggingFace Hub | |||
| CVE-2026-31238 | critical | 9.8 | 9.8 | 22d ago | Ludwig framework is vulnerable to insecure deserialization in its model serving component | |||
| CVE-2026-31237 | critical | 9.8 | 9.8 | 22d ago | Ludwig framework is vulnerable to insecure deserialization through its predict() method. | |||
| CVE-2026-31236 | critical | 9.8 | 9.8 | 22d ago | llm CLI tool contains a code injection vulnerability via `--functions` command-line argument | |||
| CVE-2026-31235 | critical | 9.8 | 9.8 | 22d ago | imgaug contains an insecure deserialization vulnerability in BackgroundAugmenter class within multicore.py module | |||
| CVE-2026-31234 | critical | 9.8 | 9.8 | 22d ago | Horovod contains an insecure deserialization vulnerability in its KVStore HTTP server component | |||
| CVE-2026-31233 | critical | 9.8 | 9.8 | 22d ago | Guardrails AI contains a code injection vulnerability in its Hub package installation mechanism | |||
| CVE-2026-31231 | critical | 9.8 | 9.8 | 22d ago | Cognee thru v0.4.0 contains a critical remote code execution vulnerability in its notebook cell execution API endpoint. The endpoint is designed to execute arbitrary Python code provided by the user,… | |||
| CVE-2026-31230 | critical | 9.8 | 9.8 | 22d ago | The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component (robustness_evaluation_fgsm_pytorch.py). The script uses the un… | |||
| CVE-2026-31229 | critical | 9.8 | 9.8 | 22d ago | The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains an insecure deserialization vulnerability (CWE-502) in its Kubeflow component's model loading functionality. When loading model weights f… | |||
| CVE-2026-26083 | critical | 9.8 | 9.8 | 22d ago | A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud 5.0.2 through 5.0.5, FortiSandbox PaaS 23.4 all versions, Fort… | |||
| CVE-2026-43992 | critical | 9.8 | 9.8 | 22d ago | JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, every MCP write tool (send_tokens, execute_contract, instantiate_contract, upload_wasm, ibc_transfer, etc.) accept… | |||
| CVE-2026-42074 | critical | 9.8 | 9.8 | 23d ago | OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the dangerouslyDisableSandbox parameter is exposed as part of the BashToo… | |||
| CVE-2026-43512 | critical | 9.8 | 9.8 | 23d ago | DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, fr… | |||
| CVE-2026-41293 | critical | 9.8 | 9.8 | 23d ago | Improper Input Validation vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 10.0.0… | |||
| CVE-2026-34187 | critical | 9.8 | 9.8 | 23d ago | Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via graph container parameter. This issue affects Pandora FMS: from 777 through 800 | |||
| CVE-2026-31228 | critical | 9.8 | 9.8 | 23d ago | The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorch models uses the unsafe ev… | |||
| CVE-2026-31226 | critical | 9.8 | 9.8 | 23d ago | The TinyZero project thru commit 6652a63c57fa7e5ccde3fc9c598c7176ff15b839 (2025-58-24) contains a critical command injection vulnerability (CWE-78) in its HDFS file operation utilities. The vulnerabi… | |||
| CVE-2026-31220 | critical | 9.8 | 9.8 | 23d ago | PySyft server-side arbitrary Python execution after code approval | |||
| CVE-2026-31217 | critical | 9.8 | 9.8 | 23d ago | The _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f (2024-07-21) allows arbitrary code execution. When a user … | |||
| CVE-2026-31214 | critical | 9.8 | 9.8 | 23d ago | The torch-checkpoint-shrink.py script in the ml-engineering project in commit 0099885db36a8f06556efe1faf552518852cb1e0 (2025-20-27) contains an insecure deserialization vulnerability (CWE-502). The s… | |||
| CVE-2026-43284 | high | 8.8 | 9.8 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP marks… | |||
| CVE-2026-43914 | critical | 9.8 | 9.8 | 23d ago | Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.4, there is a security vulnerability in Vaultwarden that allows bypassing the login brute-force protection if email 2fa is … | |||
| CVE-2026-8305 | critical | 9.8 | 9.8 | 23d ago | A vulnerability was detected in OpenClaw up to 2026.1.24. The impacted element is the function handleBlueBubblesWebhookRequest of the file extensions/bluebubbles/src/monitor.ts of the component blueb… | |||
| CVE-2026-7210 | critical | 9.8 | 9.8 | 23d ago | `xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this… | |||
| CVE-2026-43995 | critical | 9.8 | 9.8 | 23d ago | Flowise: SSRF Protection Bypass via Direct node-fetch / axios Usage (Patch Enforcement Failure) | |||
| CVE-2026-38567 | critical | 9.8 | 9.8 | 23d ago | HireFlow v1.2 is vulnerable to SQL injection in the /login and /search endpoints. User-supplied input is concatenated directly into SQL queries without parameterization. An unauthenticated attacker c… | |||
| CVE-2026-35157 | critical | 9.8 | 9.8 | 24d ago | Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability in the UI. An unauthentic… | |||
| CVE-2026-8263 | critical | 9.8 | 9.8 | 24d ago | A security flaw has been discovered in Tenda AC6 15.03.06.49_multi_TDE01. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet of the component httpd. Performing a manipula… | |||
| CVE-2026-7261 | critical | 9.8 | 9.8 | 25d ago | In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when SoapServer is configured with SOAP_PERSISTENCE_SESSION, the handler object is persisted acr… | |||
| CVE-2026-6722 | critical | 9.8 | 9.8 | 25d ago | In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global m… | |||
| CVE-2026-6665 | critical | 9.8 | 9.8 | 26d ago | The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat() correctly when building the contents of the SCRAM client-final-message. A malicious backend that sends a SCRAM se… | |||
| CVE-2026-42354 | critical | 9.8 | 9.8 | 26d ago | Sentry's improper authentication on SAML SSO process allows user identity linking | |||
| CVE-2026-42302 | critical | 9.8 | 9.8 | 26d ago | FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution (RCE). The star… | |||
| CVE-2026-42298 | critical | 9.8 | 9.8 | 26d ago | Postiz is an AI social media scheduling tool. Prior to commit da44801, a "Pwn Request" vulnerability in the Build and Publish PR Docker Image workflow (.github/workflows/pr-docker-build.yml) allows a… | |||
| CVE-2026-37709 | critical | 9.8 | 9.8 | 26d ago | Snipe-IT has insecure permissions in file uploads | |||
| CVE-2026-44400 | critical | 9.8 | 9.8 | 26d ago | MailEnable Enterprise Premium 10.55 and earlier contains an improper authorization vulnerability in the WebAdmin mobile portal that allows attackers to bypass authentication checks by reusing Authent… | |||
| CVE-2026-42072 | critical | 9.8 | 9.8 | 26d ago | NornicDB has Improper Network Binding in its Bolt Server, allowing unauthorized remote access | |||
| CVE-2026-41889 | critical | 9.8 | 9.8 | 26d ago | pgx: SQL Injection via placeholder confusion with dollar quoted string literals | |||
| CVE-2026-38360 | critical | 9.8 | 9.8 | 26d ago | Directory Traversal vulnerability in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execute arbitrary code via the dash_uploader/httprequesthandler.py, aseHttpRequestHan… | |||
| CVE-2026-43465 | critical | 9.8 | 9.8 | 27d ago | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: RX, Fix XDP multi-buf frag counting for striding RQ XDP multi-buf programs can modify the layout of the XDP buffer whe… | |||
| CVE-2026-43414 | critical | 9.8 | 9.8 | 27d ago | In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Completely fix fcport double free In qla24xx_els_dcmd_iocb() sp->free is set to qla2x00_els_dcmd_sp_free(). When a… | |||
| CVE-2026-43402 | critical | 9.8 | 9.8 | 27d ago | In the Linux kernel, the following vulnerability has been resolved: kthread: consolidate kthread exit paths to prevent use-after-free Guillaume reported crashes via corrupted RCU callback function … | |||
| CVE-2026-43384 | critical | 9.8 | 9.8 | 27d ago | In the Linux kernel, the following vulnerability has been resolved: net/tcp-ao: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the… | |||
| CVE-2026-43379 | critical | 9.8 | 9.8 | 27d ago | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in smb_lazy_parent_lease_break_close() opinfo pointer obtained via rcu_dereference(fp->f_opinfo) is bei… | |||
| CVE-2026-43376 | critical | 9.8 | 9.8 | 27d ago | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free by using call_rcu() for oplock_info ksmbd currently frees oplock_info immediately using kfree(), even t… | |||
| CVE-2026-41574 | critical | 9.8 | 9.8 | 27d ago | Nhost Vulnerable to Account Takeover via OAuth Email Verification Bypass | |||
| CVE-2026-37431 | critical | 9.8 | 9.8 | 27d ago | Beauty Parlour Management System v1.1 was discovered to contain a SQL injection vulnerability via the aptnumber parameter in the /appointment-detail.php endpoint. This vulnerability allows attackers … | |||
| CVE-2026-44335 | critical | 9.8 | 9.8 | 27d ago | PraisonAI has an SSRF bypass | |||
| CVE-2026-43341 | critical | 9.8 | 9.8 | 27d ago | In the Linux kernel, the following vulnerability has been resolved: net/ipv6: ioam6: prevent schema length wraparound in trace fill ioam6_fill_trace_data() stores the schema contribution to the tra… | |||
| CVE-2026-43304 | critical | 9.8 | 9.8 | 27d ago | In the Linux kernel, the following vulnerability has been resolved: libceph: define and enforce CEPH_MAX_KEY_LEN When decoding the key, verify that the key material would fit into a fixed-size buff… | |||
| CVE-2026-41509 | critical | 9.8 | 9.8 | 27d ago | CROSS implementation contains reference and optimized implementations of the CROSS post-quantum signature algorithm. Prior to commit fc6b7e7, there is a buffer overflow in crypto_sign_open() caused b… | |||
| CVE-2026-41507 | critical | 9.8 | 9.8 | 27d ago | Remote Code Execution (RCE) via String Literal Injection into math-codegen | |||
| CVE-2026-41497 | critical | 9.8 | 9.8 | 27d ago | PraisonAI has an incomplete fix for CVE-2026-34935 - OS Command Injection | |||
| CVE-2026-8153 | critical | 9.8 | 9.8 | 27d ago | OS command injection in Dashboard Server interface in Universal Robots PolyScope versions prior to 5.25.1 allows unauthenticated attacker to craft commands that will execute code on the robot's OS. | |||
| CVE-2026-41501 | critical | 9.8 | 9.8 | 27d ago | electerm has Command Injection via runLinux funtion | |||
| CVE-2026-41500 | critical | 9.8 | 9.8 | 27d ago | electerm: electerm_install_script_CommandInjection Vulnerability Report | |||
| CVE-2026-8034 | critical | 9.8 | 9.8 | 27d ago | A server-side request forgery (SSRF) vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusi… | |||
| CVE-2026-42284 | critical | 9.8 | 9.8 | 27d ago | GitPython: Unsafe option check validates multi_options before shlex.split transformation | |||
| CVE-2026-7415 | critical | 9.8 | 9.8 | 27d ago | The MQTT broker embedded in Yarbo firmware v2.3.9 is configured to allow anonymous connections with no topic-level read or write ACLs. Any host on the same network can subscribe to sensitive telemetr… | |||
| CVE-2026-7414 | critical | 9.8 | 9.8 | 27d ago | Yarbo firmware v2.3.9 contains hardcoded administrative credentials embedded in the firmware image. These credentials are identical across all devices running this firmware and cannot be changed or r… | |||
| CVE-2026-7413 | critical | 9.8 | 9.8 | 27d ago | A hidden, persistent backdoor was found in Yarbo firmware v2.3.9 that provides remote, unauthenticated (or weakly authenticated) access to privileged functionality. The backdoor is undocumented, cann… | |||
| CVE-2026-5788 | critical | 9.8 | 9.8 | 28d ago | An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke arbitrary methods. | |||
| CVE-2026-36458 | critical | 9.8 | 9.8 | 28d ago | ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cms_content tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered. | |||
| CVE-2026-30496 | critical | 9.8 | 9.8 | 28d ago | The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes an HTTP API on TCP port 2345 that allows full unauthenticated remote control of the device. The API supports bot… | |||
| CVE-2026-8091 | critical | 9.8 | 9.8 | 28d ago | Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, Thunderbird 140.10.1, and Firefox ESR 115.35.… | |||
| CVE-2026-6508 | critical | 9.8 | 9.8 | 28d ago | Origin Validation Error vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Lidera… | |||
| CVE-2026-42217 | critical | 9.8 | 9.8 | 28d ago | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3… | |||
| CVE-2026-44109 | critical | 9.8 | 9.8 | 28d ago | OpenClaw: Feishu webhook and card-action validation now fail closed |