CVEs from 2026
Total
14,792
critical
critical 1,335
high
high 5,008
medium
medium 4,832
low
low 503
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 723
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-22324 | high | 8.1 | 8.1 | 3mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Melania allows PHP Local File Inclusion.This issue affects Melania: f… | |||
| CVE-2026-2646 | high | 8.1 | 8.1 | 3mo ago | A heap-buffer-overflow vulnerability exists in wolfSSL's wolfSSL_d2i_SSL_SESSION() function. When deserializing session data with SESSION_CERTS enabled, certificate and session id lengths are read fr… | |||
| CVE-2026-25471 | high | 8.1 | 8.1 | 3mo ago | Authentication Bypass Using an Alternate Path or Channel vulnerability in Themepaste Admin Safety Guard admin-safety-guard allows Password Recovery Exploitation.This issue affects Admin Safety Guard:… | |||
| CVE-2026-27096 | high | 8.1 | 8.1 | 3mo ago | Deserialization of Untrusted Data vulnerability in BuddhaThemes ColorFolio - Freelance Designer WordPress Theme allows Object Injection.This issue affects ColorFolio - Freelance Designer WordPress Th… | |||
| CVE-2026-32841 | high | 8.1 | 8.1 | 3mo ago | Edimax GS-5008PL firmware versions 1.00.54 and prior contain an authentication bypass vulnerability that allows unauthenticated attackers to access the management interface. Attackers can exploit the… | |||
| CVE-2026-30707 | high | 8.1 | 8.1 | 3mo ago | An issue was discovered in SpeedExam Online Examination System (SaaS) after v.FEV2026. It allows Broken Access Control via the ReviewAnswerDetails ASP.NET PageMethod. Authenticated attackers can bypa… | |||
| CVE-2026-23925 | high | 8.1 | 8.1 | 3mo ago | An authenticated Zabbix user (User role) with template/host write permissions is able to create objects via the configuration.import API. This can lead to confidentiality loss by creating unauthorize… | |||
| CVE-2026-3405 | high | 8.1 | 8.1 | 3mo ago | A vulnerability has been found in thinkgem JeeSite up to 5.15.1. The affected element is an unknown function of the component Connection Handler. The manipulation leads to path traversal. It is possi… | |||
| CVE-2026-3404 | high | 8.1 | 8.1 | 3mo ago | A flaw has been found in thinkgem JeeSite up to 5.15.1. Impacted is an unknown function of the file /com/jeesite/common/shiro/cas/CasOutHandler.java of the component Endpoint. Executing a manipulatio… | |||
| CVE-2026-3192 | high | 8.1 | 8.1 | 3mo ago | A security vulnerability has been detected in Chia Blockchain 2.1.0. This issue affects the function _authenticate of the file rpc_server_base.py of the component RPC Credential Handler. The manipula… | |||
| CVE-2026-2957 | high | 8.1 | 8.1 | 3mo ago | A weakness has been identified in qinming99 dst-admin up to 1.5.0. This impacts the function deleteBackup of the file src/main/java/com/tugos/dst/admin/controller/BackupController.java of the compone… | |||
| CVE-2026-2895 | high | 8.1 | 8.1 | 4mo ago | funadmin has Weak Password Recovery Mechanism for Forgotten Password | |||
| CVE-2026-22365 | high | 8.1 | 8.1 | 4mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Soleng soleng allows PHP Local File Inclusion.This issue affects S… | |||
| CVE-2026-2705 | high | 8.1 | 8.1 | 4mo ago | A vulnerability was detected in Open Babel up to 3.1.1. The impacted element is the function OBAtom::SetFormalCharge in the library include/openbabel/atom.h of the component MOL2 File Handler. The ma… | |||
| CVE-2026-2110 | high | 8.1 | 8.1 | 4mo ago | A security flaw has been discovered in Tasin1025 SwiftBuy up to 0f5011372e8d1d7edfd642d57d721c9fadc54ec7. Affected by this vulnerability is an unknown functionality of the file /login.php. Performing… | |||
| CVE-2026-2109 | high | 8.1 | 8.1 | 4mo ago | A vulnerability was identified in jsbroks COCO Annotator up to 0.11.1. Affected is an unknown function of the file /api/undo/ of the component Delete Category Handler. Such manipulation of the argume… | |||
| CVE-2026-0535 | high | 8.1 | 8.1 | 5mo ago | A maliciously crafted HTML payload, stored in a component’s description and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application… | |||
| CVE-2026-0534 | high | 8.1 | 8.1 | 5mo ago | A maliciously crafted HTML payload, stored in a part’s attribute and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A mal… | |||
| CVE-2026-0533 | high | 8.1 | 8.1 | 5mo ago | A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the A… | |||
| CVE-2026-1203 | high | 8.1 | 8.1 | 5mo ago | A weakness has been identified in CRMEB up to 5.6.3. The impacted element is the function remoteRegister of the file crmeb/app/services/user/LoginServices.php of the component JSON Token Handler. Exe… | |||
| CVE-2026-1112 | high | 8.1 | 8.1 | 5mo ago | A vulnerability was found in Sanluan PublicCMS up to 5.202506.d. Affected is the function delete of the file publiccms-trade/src/main/java/com/publiccms/controller/web/trade/TradeAddressController.ja… | |||
| CVE-2026-11401 | high | 8.0 | 8.0 | 1d ago | An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced Go Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to … | |||
| CVE-2026-11400 | high | 8.0 | 8.0 | 1d ago | An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges t… | |||
| CVE-2026-45745 | high | 8.0 | 8.0 | 2d ago | Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Starting in version 1.7.0, Termix Desktop (Electron) disables TLS certificate validation,… | |||
| CVE-2026-11241 | high | 8.0 | 8.0 | 2d ago | Insufficient validation of untrusted input in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to perform privilege escalation via a crafted HTML page. (C… | |||
| CVE-2026-35482 | high | 8.0 | 8.0 | 4d ago | alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, a sandbox escape vulnerability in the alf.io extension script en… | |||
| CVE-2026-0097 | high | 8.0 | 8.0 | 5d ago | In multiple locations, there is a possible way to bypass user interaction when pairing an LE device due to a logic error. This could lead to remote (proximal/adjacent) escalation of privilege with no… | |||
| CVE-2026-0095 | high | 8.0 | 8.0 | 5d ago | In l2c_fcr_clone_buf of l2c_fcr.cc, there is a possible way to trigger controlled heap corruption within the privileged Bluetooth process due to an integer overflow. This could lead to local escalati… | |||
| CVE-2026-0059 | high | 8.0 | 8.0 | 5d ago | In multiple functions of sdp_discovery.cc, there is a possible way to achieve code execution due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with no additi… | |||
| CVE-2026-47294 | high | 8.0 | 8.0 | 5d ago | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||
| CVE-2026-20452 | high | 8.0 | 8.0 | 6d ago | In wlan AP driver, there is a possible memory corruption due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with User execution privileges needed. User intera… | |||
| CVE-2026-35630 | high | 8.0 | 8.0 | 9d ago | OpenClaw before 2026.5.18 contains an authorization bypass vulnerability in QQBot native approval buttons that fails to enforce configured approver identity. Non-approver users can click approval but… | |||
| CVE-2026-37266 | high | 8.0 | 8.0 | 10d ago | An issue in Responsive File Manager Responsive FileManager Version 9.14.0 allows a remote attacker to execute arbitrary code via the force_download.php component | |||
| CVE-2026-23392 | high | — | 8.0 | 10d ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: release flowtable after rcu grace period on error Call synchronize_rcu() after unregistering the hooks from… | |||
| CVE-2026-34079 | high | — | 8.0 | 10d ago | Important: flatpak security update | |||
| CVE-2026-34078 | high | — | 8.0 | 10d ago | Important: flatpak security update | |||
| CVE-2026-45725 | high | — | 8.0 | 10d ago | compliance-trestle Remote Fetching Mechanism has an Arbitrary File Write via Cache Path Traversal | |||
| CVE-2026-47717 | high | — | 8.0 | 10d ago | FUXA's Unauthenticated Project Data Disclosure Exposes Server-Side Scripts and Device Configurations | |||
| CVE-2026-47243 | high | — | 8.0 | 10d ago | Kata guest escape: runtime-rs guest-root to host-root escape via virtiofs | |||
| CVE-2026-45704 | high | — | 8.0 | 10d ago | Pimcore has a CustomReports Share Bypass | |||
| CVE-2026-44982 | high | — | 8.0 | 10d ago | CrowdSec AppSec silently drops request body for chunked / HTTP-2 requests | |||
| CVE-2026-44726 | high | — | 8.0 | 10d ago | Deno's TLS retry copies stale upgrade hook, risking plaintext traffic | |||
| CVE-2026-45617 | high | — | 8.0 | 11d ago | LiquidJS Vulnerable to ReDoS via Quadratic Backtracking in `strip_html` Filter Regex | |||
| CVE-2026-45368 | high | — | 8.0 | 11d ago | Kirby CMS vulnerable to cross-site scripting (XSS) from links in KirbyTags and image blocks in the site frontend | |||
| CVE-2026-45357 | high | — | 8.0 | 11d ago | LiquidJS has a memory and render limit bypass via unbounded width padding in `date` filter (strftime) | |||
| CVE-2026-42553 | high | — | 8.0 | 11d ago | Cinny is a Matrix client. Prior to 4.10.3, A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes (for example in a DM) can cause the victim's clien… | |||
| CVE-2026-45260 | high | — | 8.0 | 11d ago | Pimcore: Missing Authorization in WebDAV MOVE via unchecked asset move handling | |||
| CVE-2026-45162 | high | — | 8.0 | 11d ago | Pimcore has Unsafe PHP Deserialization in Multiple Locations Without allowed_classes Restriction | |||
| CVE-2026-3012 | high | 8.0 | 8.0 | 11d ago | Important: samba security update | |||
| CVE-2026-44974 | high | — | 8.0 | 11d ago | @hapi/content header parser has a parameter smuggling issue that allows upload-filter bypass via duplicate parameters | |||
| CVE-2026-44741 | high | — | 8.0 | 11d ago | Pimcore Admin Classic Bundle Vulnerable to SQL Injection in Translation Grid Date Filter via Unsanitized Property Parameter | |||
| CVE-2026-44739 | high | — | 8.0 | 11d ago | Pimcore Vulnerable to SQL Injection in Custom Reports Column Configuration | |||
| CVE-2026-44705 | high | — | 8.0 | 11d ago | tmp has Path Traversal via unsanitized prefix/postfix that enables directory escape | |||
| CVE-2026-34043 | high | — | 8.0 | 11d ago | RHSA-2026:21291: .NET 8.0 security update (Important) | |||
| CVE-2026-44177 | high | — | 8.0 | 11d ago | Kirby CMS has pre-authentication path traversal and PHP file inclusion during user lookup | |||
| CVE-2026-44175 | high | — | 8.0 | 11d ago | Kirby CMS vulnerable to cross-site scripting (XSS) from list field content in the site frontend | |||
| CVE-2026-44174 | high | — | 8.0 | 11d ago | Kirby CMS has an Arbitrary Method Call via REST API Search and Collection Query Endpoints | |||
| CVE-2026-43947 | high | — | 8.0 | 11d ago | FUXA Vulnerable to Unauthenticated Remote Code Execution via Script Test Mode Authorization Bypass | |||
| CVE-2026-43946 | high | — | 8.0 | 11d ago | FUXA has an unauthenticated arbitrary tag value disclosure via /api/getTagValue | |||
| CVE-2026-43945 | high | — | 8.0 | 11d ago | FUXA Vulnerable to Pre-auth RCE via Path Manipulation & Configuration Injection | |||
| CVE-2026-42462 | high | — | 8.0 | 11d ago | Fedify has an LD-Signature Bypass via JSON-LD Named-Graph Restructuring | |||
| CVE-2026-42089 | high | — | 8.0 | 11d ago | yeoman-environment Vulnerable to Arbitrary Package Installation without User Confirmation | |||
| CVE-2026-44895 | high | — | 8.0 | 11d ago | GitLab MCP Server lets an AI agent talk directly to GitLab. Prior to 0.6.0, the HTTP transport in src/transport.ts ships with no authentication layer at all and a wildcard Access-Control-Allow-Origin… | |||
| CVE-2026-48048 | high | — | 8.0 | 11d ago | XWiki Platform's Livetable results still allow reconstructing password hashes using 768 requests | |||
| CVE-2026-8834 | high | 8.0 | 8.0 | 12d ago | IBM HTTP Server 8.5, and 9.0 contains a buffer overflow vulnerability. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to execute remote code or cause … | |||
| CVE-2026-42014 | high | — | 8.0 | 12d ago | RHSA-2026:20612: gnutls security update (Important) | |||
| CVE-2026-47138 | high | — | 8.0 | 15d ago | Parse Server: Pre-authentication denial of service via client version header regex backtracking | |||
| CVE-2026-46717 | high | — | 8.0 | 15d ago | Nezha Monitoring: RoleMember-reachable SSRF with full response-body reflection via POST /api/v1/notification | |||
| CVE-2026-46701 | high | — | 8.0 | 16d ago | Network-AI: Unauthenticated Cross-Origin MCP Tool Invocation via Empty Default Secret | |||
| CVE-2026-46681 | high | — | 8.0 | 16d ago | @nevware21/ts-utils: Prototype Pollution in objDeepCopy/objCopyProps via for...in without hasOwnProperty | |||
| CVE-2026-46680 | high | — | 8.0 | 16d ago | containerd user ID handling bypass allows runAsNonRoot evasion | |||
| CVE-2026-46679 | high | — | 8.0 | 16d ago | js-libp2p: Memory DoS via subscription flood of unique topics | |||
| CVE-2026-46625 | high | — | 8.0 | 16d ago | JavaScript Cookie: Per-instance prototype hijack in assign() enables cookie-attribute injection | |||
| CVE-2026-46673 | high | — | 8.0 | 16d ago | Unbounded 32-bit allocation | |||
| CVE-2026-46519 | high | — | 8.0 | 16d ago | MCP Server Kubernetes: Tool Access Control Bypass via Presentation-Layer Filtering Without Execution-Layer Enforcement | |||
| CVE-2026-46654 | high | — | 8.0 | 16d ago | Plonky3 MultiField32Challenger: transcript malleability and challenge entropy loss | |||
| CVE-2026-46643 | high | — | 8.0 | 16d ago | Snappy: Binary path is never shell-escaped due to an inverted is_executable check | |||
| CVE-2026-46617 | high | — | 8.0 | 16d ago | Fission runtime pods automount the fission-fetcher service-account token into the user function container, granting function code namespace-wide secret / configmap read | |||
| CVE-2026-46612 | high | — | 8.0 | 16d ago | Fission StorageSvc /v1/archive endpoint exposes unauthenticated CRUD over all function archives | |||
| CVE-2026-46545 | high | — | 8.0 | 16d ago | nimiq-primitives: Panic DoS in trie chunk processing via ROOT-keyed item | |||
| CVE-2026-46517 | high | — | 8.0 | 16d ago | lmdeploy: Hardcoded trust_remote_code=True is an implicit unsafe remote-code load path with no user opt-out | |||
| CVE-2026-46492 | high | — | 8.0 | 17d ago | md-fileserver: Stored/Reflected XSS when viewing Markdown (raw HTML allowed) | |||
| CVE-2026-46432 | high | — | 8.0 | 17d ago | LMDeploy: Arbitrary code execution via hardcoded trust_remote_code=True in lmdeploy model initialization | |||
| CVE-2026-46490 | high | — | 8.0 | 17d ago | samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions | |||
| CVE-2026-46481 | high | — | 8.0 | 17d ago | OpenMetadata: TEST_CONNECTION workflow leaks ingestion-bot JWT and database password to regular users | |||
| CVE-2026-45804 | high | — | 8.0 | 18d ago | Diffusers: TOCTOU Trust Remote Code Bypass | |||
| CVE-2026-45067 | high | — | 8.0 | 18d ago | Symfony has Email Header / SMTP Command Injection via CRLF in Symfony\Component\Mime\Address | |||
| CVE-2026-45077 | high | — | 8.0 | 18d ago | Symfony has Unauthenticated PHP Object Deserialization in MonologBridge server:log Listener | |||
| CVE-2026-45063 | high | — | 8.0 | 18d ago | Symfony Vulnerable to Identity Spoofing via Unanchored DN Regex in X509Authenticator | |||
| CVE-2026-46639 | high | — | 8.0 | 18d ago | Twig: Sandbox property and method bypass via object-destructuring assignment | |||
| CVE-2026-46640 | high | — | 8.0 | 18d ago | Twig: Arbitrary PHP code execution via `_self.(<string>)` macro-reference compilation | |||
| CVE-2026-22984 | high | — | 8.0 | 18d ago | In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds reads in handle_auth_done() Perform an explicit bounds check on payload_len to avoid a p… | |||
| CVE-2026-22990 | high | — | 8.0 | 18d ago | In the Linux kernel, the following vulnerability has been resolved: libceph: replace overzealous BUG_ON in osdmap_apply_incremental() If the osdmap is (maliciously) corrupted such that the incremen… | |||
| CVE-2026-23401 | high | — | 8.0 | 18d ago | In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE When installing an emulated MMIO SPTE, do so *after*… | |||
| CVE-2026-46417 | high | — | 8.0 | 18d ago | @angular/platform-server: SSRF via Hostname Hijacking | |||
| CVE-2026-46415 | high | — | 8.0 | 18d ago | Caddy Defender trusted proxy client IP bypass | |||
| CVE-2026-46410 | high | — | 8.0 | 18d ago | FileBrowser Quantum: unauthenticated user share share info | |||
| CVE-2026-46374 | high | — | 8.0 | 18d ago | SQLFluff: Uncontrolled Resource Consumption in SQLFluff Parser | |||
| CVE-2026-46373 | high | — | 8.0 | 18d ago | SQLFluff: Recursive Stack Overflow in Parser | |||
| CVE-2026-46378 | high | — | 8.0 | 18d ago | Dasel: Denial of service in dasel selector lexer due to infinite loop on unterminated regex literal |