CVEs from 2026
Total
14,769
critical
critical 1,335
high
high 5,011
medium
medium 4,834
low
low 504
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 723
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-45061 | high | 7.7 | 7.7 | 11d ago | Budibase is an open-source low-code platform. Prior to 3.35.10, the Plugin URL upload endpoint (POST /api/plugin) validates the submitted URL with a single substring check: url.includes(".tar.gz"). A… | |||
| CVE-2026-2253 | high | 7.7 | 7.7 | 12d ago | Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities. | |||
| CVE-2026-26147 | high | 7.7 | 7.7 | 16d ago | Improper input validation in Azure Compute Gallery allows an authorized attacker to disclose information over a network. | |||
| CVE-2026-39965 | high | 7.7 | 7.7 | 16d ago | TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain an SSRF via Open Redirect Bypass as the HTTP Request block and Code block validate the initial request URL via validateHttpReqUrl(… | |||
| CVE-2026-34911 | high | 7.7 | 7.7 | 17d ago | A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulat… | |||
| CVE-2026-9133 | high | 7.7 | 7.7 | 18d ago | Active debug code exists in the ARN resolver of amazon-mq rabbitmq-aws before version 0.2.1. A debug ARN scheme (arn:aws-debug:file) accepted by the PUT /api/aws/arn/validate validation endpoint migh… | |||
| CVE-2026-45370 | high | 7.7 | 7.7 | 24d ago | python-utcp: Full Process Environment Exposed to CLI Subprocess - Secrets Leakage via Command Injection | |||
| CVE-2026-45338 | high | 7.7 | 7.7 | 24d ago | Open WebUI Vulnerable to SSRF via OAuth Profile Picture URL in _process_picture_url (oauth.py) | |||
| CVE-2026-45303 | high | 7.7 | 7.7 | 24d ago | Open WebUI has stored XSS via the HTML renedering view | |||
| CVE-2026-44738 | high | 7.7 | 7.7 | 25d ago | Grav: Twig sandbox allows editor-role users to exfiltrate all plugin secrets via Config::toArray() | |||
| CVE-2026-42832 | high | 7.7 | 7.7 | 26d ago | Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally. | |||
| CVE-2026-42141 | high | 7.7 | 7.7 | 26d ago | Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.1, an authenticated Server-Side Request Forgery (SSRF) vulnerabi… | |||
| CVE-2026-33821 | high | 7.7 | 7.7 | 26d ago | Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network. | |||
| CVE-2026-45218 | high | 7.7 | 7.7 | 26d ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel wp-travel allows Blind SQL Injection.This issue affects WP Travel: from n/a t… | |||
| CVE-2026-27662 | high | 7.7 | 7.7 | 26d ago | Affected devices do not properly restrict access to the web browser via the Control Panel when no corresponding security mechanisms are in place. This could allow an unauthenticated attacker to gain… | |||
| CVE-2026-43890 | high | 7.7 | 7.7 | 27d ago | Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.7.0, the subscriptions.create API endpoint in server/routes/api/subscriptions/subscriptions.ts exhibits a broken aut… | |||
| CVE-2026-34961 | high | 7.7 | 7.7 | 27d ago | barebox prior to version 2026.04.0 contains out-of-bounds read vulnerabilities in ext4 extent parsing due to missing validation of the eh_entries field against buffer capacity in fs/ext4/ext4_common.… | |||
| CVE-2026-33356 | high | 7.7 | 7.7 | 27d ago | In Meari IoT Cloud MQTT Broker deployments running EMQX 4.x, any authenticated low-privilege account can subscribe to global wildcard topics and receive telemetry from devices the user does not own. … | |||
| CVE-2026-42345 | high | 7.7 | 7.7 | 1mo ago | FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress() function in packages/service/common/system/utils.ts blocks cloud metadata endpoints using a full… | |||
| CVE-2026-41905 | high | 7.7 | 7.7 | 1mo ago | FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, Helper::sanitizeRemoteUrl() in app/Misc/Helper.php follows HTTP redirects via curlGetLastR… | |||
| CVE-2026-41688 | high | 7.7 | 7.7 | 1mo ago | Wallos is an open-source, self-hostable personal subscription tracker. In versions 4.8.4 and prior, the incomplete SSRF fix in Wallos validates webhook URLs via gethostbyname() but passes the origina… | |||
| CVE-2026-41413 | high | 7.7 | 7.7 | 1mo ago | Istio: SSRF via RequestAuthentication jwksUri | |||
| CVE-2026-44113 | high | 7.7 | 7.7 | 1mo ago | OpenClaw: OpenShell FS bridge reads pin and verify the opened file before returning bytes | |||
| CVE-2026-43580 | high | 7.7 | 7.7 | 1mo ago | OpenClaw: Browser press/type interaction routes missed complete navigation guard coverage | |||
| CVE-2026-43576 | high | 7.7 | 7.7 | 1mo ago | OpenClaw: CDP /json/version WebSocket URL could pivot to untrusted second-hop targets | |||
| CVE-2026-20185 | high | 7.7 | 7.7 | 1mo ago | A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco 350 Series Managed Switches (SG350) and Cisco 350X Series Stackable Managed Switches (SG350X) firmware co… | |||
| CVE-2026-20167 | high | 7.7 | 7.7 | 1mo ago | A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to cause a DoS condition on a remotely mana… | |||
| CVE-2026-7573 | high | 7.7 | 7.7 | 1mo ago | An authorization bypass (CWE-639) in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege user to retrieve the complete ACL policy … | |||
| CVE-2026-43884 | high | 7.7 | 7.7 | 1mo ago | AVideo has SSRF Protection Bypass via HTTP Redirect and DNS Rebinding in isSSRFSafeURL() | |||
| CVE-2026-42997 | high | 7.7 | 7.7 | 1mo ago | An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-… | |||
| CVE-2026-43573 | high | 7.7 | 7.7 | 1mo ago | OpenClaw: Existing-session browser interaction routes bypassed SSRF policy enforcement | |||
| CVE-2026-43532 | high | 7.7 | 7.7 | 1mo ago | OpenClaw: Discord event cover images bypassed sandbox media normalization | |||
| CVE-2026-43527 | high | 7.7 | 7.7 | 1mo ago | OpenClaw: Browser SSRF policy default allowed private-network navigation | |||
| CVE-2026-42438 | high | 7.7 | 7.7 | 1mo ago | OpenClaw: Sender policy bypass in host media attachment reads allows unauthorized local file disclosure | |||
| CVE-2026-42436 | high | 7.7 | 7.7 | 1mo ago | OpenClaw: Browser snapshot and screenshot routes could expose internal page content after navigation | |||
| CVE-2026-43824 | high | 7.7 | 7.7 | 1mo ago | In Argo CD 3.2.0 before 3.2.11 and 3.3.0 before 3.3.9, ServerSideDiff allows reading cleartext Kubernetes Secret data. | |||
| CVE-2026-41649 | high | 7.7 | 7.7 | 1mo ago | Outline is a service that allows for collaborative documentation. The `shares.create` API endpoint starting in version 0.86.0 and prior to version 1.7.0 has an insecure direct object reference.. When… | |||
| CVE-2026-40886 | high | 7.7 | 7.7 | 2mo ago | Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows Controller | |||
| CVE-2026-32324 | high | 7.7 | 7.7 | 2mo ago | Anviz CX7 Firmware is vulnerable because the application embeds reusable certificate/key material, enabling decryption of MQTT traffic and potential interaction with device messaging channels at s… | |||
| CVE-2026-27913 | high | 7.7 | 7.7 | 2mo ago | Improper input validation in Windows BitLocker allows an unauthorized attacker to bypass a security feature locally. | |||
| CVE-2026-22664 | high | 7.7 | 7.7 | 2mo ago | prompts.chat prior to commit 30a8f04 contains a server-side request forgery vulnerability in the Fal.ai media status polling feature that allows authenticated users to perform arbitrary outbound requ… | |||
| CVE-2026-25835 | high | 7.7 | 7.7 | 2mo ago | Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG). | |||
| CVE-2026-32441 | high | 7.7 | 7.7 | 2mo ago | Missing Authorization vulnerability in WebToffee Comments Import & Export comments-import-export-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects… | |||
| CVE-2026-24969 | high | 7.7 | 7.7 | 2mo ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in designingmedia Instant VA instantva allows Path Traversal.This issue affects Instant VA: from n/a throu… | |||
| CVE-2026-22558 | high | 7.7 | 7.7 | 3mo ago | An Authenticated NoSQL Injection vulnerability found in UniFi Network Application could allow a malicious actor with authenticated access to the network to escalate privileges. | |||
| CVE-2026-20100 | high | 7.7 | 7.7 | 3mo ago | A vulnerability in the LUA interperter of the Remote Access SSL VPN feature of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could… | |||
| CVE-2026-3052 | high | 7.7 | 7.7 | 3mo ago | A vulnerability was found in DataLinkDC dinky up to 1.2.5. The impacted element is the function proxyUba of the file dinky-admin/src/main/java/org/dinky/controller/FlinkProxyController.java of the co… | |||
| CVE-2026-41518 | high | 7.6 | 7.6 | 3d ago | Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 through 5.0.0, an authenticated user with project-edit… | |||
| CVE-2026-49771 | high | 7.6 | 7.6 | 3d ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 10Web Photo Gallery by 10Web allows Blind SQL Injection. This issue affects Photo Gallery by 10W… | |||
| CVE-2026-41234 | high | 7.6 | 7.6 | 4d ago | Froxlor is open source server administration software. Prior to version 2.3.7, the `DomainZones.add` API endpoint does not sanitize newline characters in TXT record content. An authenticated customer… | |||
| CVE-2026-49374 | high | 7.6 | 7.6 | 9d ago | In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters | |||
| CVE-2026-9809 | high | 7.6 | 7.6 | 9d ago | A stored Cross-Site Scripting (XSS) vulnerability exists in the Projects component of Mautic 7. When displaying project tags and popovers on administrative detail views (such as campaigns, emails, or… | |||
| CVE-2026-46426 | high | 7.6 | 7.6 | 11d ago | Budibase: Unrestricted Upload of File with Dangerous Type | |||
| CVE-2026-45082 | high | 7.6 | 7.6 | 12d ago | Karakeep is a elf-hostable bookmark-everything app. A Server-Side Request Forgery (SSRF) protection bypass vulnerability was identified in versions prior to 0.32.0 affecting redirect-following proces… | |||
| CVE-2026-34207 | high | 7.6 | 7.6 | 16d ago | TypeBot is a chatbot builder tool. In versions prior to 3.16.0, SSRF protection for Webhook / HTTP Request blocks validates only the URL string, blocked hostname literals, and literal IP formats. It … | |||
| CVE-2026-9047 | high | 7.6 | 7.6 | 16d ago | Improper handling of factor key state in the multi-factor authentication management feature in Devolutions Server allows an attacker with knowledge of a user's password to bypass the user's multi-fac… | |||
| CVE-2026-44068 | high | 7.6 | 7.6 | 18d ago | Incomplete sanitization of extended attribute (EA) path components in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to write to files outside the intended metadata namespace via… | |||
| CVE-2026-9144 | high | 7.6 | 7.6 | 18d ago | Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a stored cross-site scripting vulnerability in the embedded web configuration interface that allows authenticated attackers to execute pe… | |||
| CVE-2026-5783 | high | 7.6 | 7.6 | 18d ago | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Beyaz Computer Software Design Industry and Trade Ltd. Co. CityPLus allows Reflected XSS. This i… | |||
| CVE-2026-42383 | high | 7.6 | 7.6 | 18d ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Blind SQL Injection. This issue affects YITH WooCom… | |||
| CVE-2026-33233 | high | 7.6 | 7.6 | 20d ago | AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.6.34 through 0.6.51, the backend deserializes Redis cache byte… | |||
| CVE-2026-6347 | high | 7.6 | 7.6 | 20d ago | Mattermost doesn't sanitize sensitive configuration fields in the Mattermost Calls plugin | |||
| CVE-2026-46367 | high | 7.6 | 7.6 | 23d ago | phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in Utils::parseUrl() that allows authenticated users to inject JavaScript via malformed URLs in comments. Attackers can craf… | |||
| CVE-2026-44555 | high | 7.6 | 7.6 | 23d ago | Open WebUI's Base Model Routing Bypasses Access Control via Model Chaining | |||
| CVE-2026-46408 | high | 7.6 | 7.6 | 23d ago | Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the checkout endpoint accepts a user-controlled cart_id and uses it to enter … | |||
| CVE-2026-44516 | high | 7.6 | 7.6 | 24d ago | Valtimo has sensitive data exposure through HTTP request/response logging in LoggingRestClientCustomizer | |||
| CVE-2026-45225 | high | 7.6 | 7.6 | 26d ago | Heym before 0.0.21 contains a path traversal vulnerability in the file upload endpoint that allows authenticated users to write attacker-controlled files to arbitrary locations by supplying a crafted… | |||
| CVE-2026-44166 | high | 7.6 | 7.6 | 26d ago | PocketBase vulnerable to account pre-hijacking via OAuth2 unverfied->verified autolinking upgrade | |||
| CVE-2026-45213 | high | 7.6 | 7.6 | 26d ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 BEAR woo-bulk-editor allows Blind SQL Injection.This issue affects BEAR: from n/a thro… | |||
| CVE-2026-43350 | high | 7.6 | 7.6 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: smb: client: require a full NFS mode SID before reading mode bits parse_dacl() treats an ACE SID matching sid_unix_NFS_mode as an… | |||
| CVE-2026-43510 | high | 7.6 | 7.6 | 1mo ago | manage.get.gov is the .gov TLD registrar maintained by CISA. manage.get.gov allows an organization administrator to assign domain manager privileges for domains not already in another organization. F… | |||
| CVE-2026-41904 | high | 7.6 | 7.6 | 1mo ago | FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user with updateAutoReply permission can store an XSS payload in the mailbox auto-reply … | |||
| CVE-2026-42224 | high | 7.6 | 7.6 | 1mo ago | ipl/web is vulnerable to reflected XSS by malformed search requests | |||
| CVE-2026-42646 | high | 7.6 | 7.6 | 1mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Steve Burge TaxoPress simple-tags allows Blind SQL Injection.This issue affects TaxoPress: from n… | |||
| CVE-2026-41912 | high | 7.6 | 7.6 | 1mo ago | OpenClaw has Browser SSRF Policy Bypass via Interaction-Triggered Navigation | |||
| CVE-2026-39475 | high | 7.6 | 7.6 | 2mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Blind SQL Injection.This issue affects User Fe… | |||
| CVE-2026-32606 | high | 7.6 | 7.6 | 3mo ago | IncusOS has a LUKS encryption bypass due to insufficient TPM policy in github.com/lxc/incus-os/incus-osd | |||
| CVE-2026-32459 | high | 7.6 | 7.6 | 3mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Blind SQL Injection.This issue affects Up… | |||
| CVE-2026-3051 | high | 7.6 | 7.6 | 3mo ago | A vulnerability has been found in DataLinkDC dinky up to 1.2.5. The affected element is the function getProjectDir of the file dinky-admin/src/main/java/org/dinky/utils/GitRepository.java of the comp… | |||
| CVE-2026-2469 | high | 7.6 | 7.6 | 4mo ago | ImapEngine affected by command injection via the ID command parameters | |||
| CVE-2026-24624 | high | 7.6 | 7.6 | 5mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in saeros1984 Neoforum neoforum allows Blind SQL Injection.This issue affects Neoforum: from n/a thr… | |||
| CVE-2026-49494 | high | 7.5 | 7.5 | 8h ago | Comodo Internet Security's firewall driver Inspect.sys contains an integer underflow in its IPv6 packet parser. The parser decrements an unsigned 64-bit payload-length value (taken from the IPv6 fixe… | |||
| CVE-2026-9290 | high | 7.5 | 7.5 | 2d ago | The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.17 via the (profile template scope) functi… | |||
| CVE-2026-46493 | high | 7.5 | 7.5 | 2d ago | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.1 use `uniqid` for generating salts, which is unsuitable. Version 26.0.1 fixes the issue. | |||
| CVE-2026-45291 | high | 7.5 | 7.5 | 2d ago | Cloudburst Network provides network components used within Cloudburst projects. A vulnerability in versions prior to `1.0.0.CR3-20260418.124334-32` impacts publicly accessible software depending on t… | |||
| CVE-2026-45290 | high | 7.5 | 7.5 | 2d ago | Cloudburst Network provides network components used within Cloudburst projects. A vulnerability in versions prior to `1.0.0.CR3-20260417.085727-30` impacts publicly accessible software depending on t… | |||
| CVE-2026-50234 | high | 7.5 | 7.5 | 2d ago | Lyrion Music Server 9.2.0 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting directory traversal in the web server context. Attackers … | |||
| CVE-2026-11296 | high | 7.5 | 7.5 | 3d ago | Inappropriate implementation in ImageCapture in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted H… | |||
| CVE-2026-11265 | high | 7.5 | 7.5 | 3d ago | Inappropriate implementation in Autofill in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2026-11255 | high | 7.5 | 7.5 | 3d ago | Insufficient validation of untrusted input in Storage Access API in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data v… | |||
| CVE-2026-11242 | high | 7.5 | 7.5 | 3d ago | Insufficient validation of untrusted input in Plugins in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafte… | |||
| CVE-2026-11239 | high | 7.5 | 7.5 | 3d ago | Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTM… | |||
| CVE-2026-11154 | high | 7.5 | 7.5 | 3d ago | Use after free in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chr… | |||
| CVE-2026-11151 | high | 7.5 | 7.5 | 3d ago | Insufficient validation of untrusted input in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sand… | |||
| CVE-2026-11149 | high | 7.5 | 7.5 | 3d ago | Insufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via… | |||
| CVE-2026-11058 | high | 7.5 | 7.5 | 3d ago | Integer overflow in CredentialProvider in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform OS-level privilege escalation v… | |||
| CVE-2026-10969 | high | 7.5 | 7.5 | 3d ago | Insufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via… | |||
| CVE-2026-10946 | high | 7.5 | 7.5 | 3d ago | Heap buffer overflow in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a… | |||
| CVE-2026-10906 | high | 7.5 | 7.5 | 3d ago | Use after free in WebAuthentication in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via… | |||
| CVE-2026-10901 | high | 7.5 | 7.5 | 3d ago | Use after free in Passwords in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTM… |