CVEs from 2026
Total
14,796
critical
critical 1,335
high
high 5,010
medium
medium 4,834
low
low 503
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 723
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-4154 | high | — | 8.0 | 26d ago | Important: gimp security update | |||
| CVE-2026-4152 | high | — | 8.0 | 26d ago | Important: gimp security update | |||
| CVE-2026-43897 | high | — | 8.0 | 27d ago | link-preview-js vulnerable to IPv6 and internal loopback attacks | |||
| CVE-2026-44657 | high | — | 8.0 | 27d ago | Mantis Bug Tracker (MantisBT) is an open source issue tracker. Prior to 2.28.2, using show_inline=1 parameter and a valid file_show_inline_token CSRF token on file_download.php, an attacker can execu… | |||
| CVE-2026-44655 | high | — | 8.0 | 27d ago | Mantis Bug Tracker (MantisBT) is an open source issue tracker. From 1.3.0 to 2.28.1, unescaped Project Name allows an attacker that can set it (which typically requires manager or administrator acces… | |||
| CVE-2026-42071 | high | — | 8.0 | 27d ago | Mantis Bug Tracker (MantisBT) is an open source issue tracker. From 2.23.0 to 2.28.1, a missing authorization check in MantisBT's file visibility function allows any authenticated user (REPORTER+) to… | |||
| CVE-2026-40607 | high | — | 8.0 | 27d ago | MantisBT is Vulnerable to Stored XSS in Saved-Filter Owner Column | |||
| CVE-2026-40597 | high | — | 8.0 | 27d ago | MantisBT has a Content Security Policy bypass via attachments | |||
| CVE-2026-40596 | high | — | 8.0 | 27d ago | MantisBT is Vulnerable to XSS leading to account takeover via updating a user's font family preference | |||
| CVE-2026-34463 | high | — | 8.0 | 27d ago | MantisBT is Vulnerable to Stored HTML Injection/XSS in Clone Issue Form | |||
| CVE-2026-42856 | high | — | 8.0 | 27d ago | Network-AI missing authentication on MCP HTTP endpoint, which allows unauthenticated privileged tool calls | |||
| CVE-2026-41431 | high | 8.0 | 8.0 | 27d ago | Zen is a firefox-based browser. Prior to 1.19.9b, Zen Browser ships a Mozilla Application Resource (MAR) updater (org.mozilla.updater) that has had all MAR signature verification stripped from the Fi… | |||
| CVE-2026-4802 | high | 8.0 | 8.0 | 27d ago | A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links i… | |||
| CVE-2026-44499 | high | — | 8.0 | 1mo ago | Zebra has Permanent Block Discovery Halt via Gossip Queue Saturation and Syncer Poisoning | |||
| CVE-2026-42274 | high | — | 8.0 | 1mo ago | Heimdall has an authorization bypass via path normalization mismatch | |||
| CVE-2026-42273 | high | — | 8.0 | 1mo ago | Heimdall: Case-sensitive host matching may lead to policy bypass | |||
| CVE-2026-42272 | high | — | 8.0 | 1mo ago | Heimdall: Case-sensitive handling of URL-encoded slashes may lead to inconsistent path interpretation | |||
| CVE-2026-44349 | high | — | 8.0 | 1mo ago | Daptin fuzzy search injects unvalidated column name into raw SQL | |||
| CVE-2026-41675 | high | — | 8.0 | 1mo ago | xmldom has XML node injection through unvalidated processing instruction serialization | |||
| CVE-2026-41674 | high | — | 8.0 | 1mo ago | xmldom has XML injection through unvalidated DocumentType serialization | |||
| CVE-2026-41673 | high | — | 8.0 | 1mo ago | xmldom: Uncontrolled recursion in XML serialization leads to DoS | |||
| CVE-2026-41672 | high | — | 8.0 | 1mo ago | xmldom has XML node injection through unvalidated comment serialization | |||
| CVE-2026-44503 | high | — | 8.0 | 1mo ago | Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect | |||
| CVE-2026-33636 | high | — | 8.0 | 1mo ago | Important: thunderbird security update | |||
| CVE-2026-46689 | high | — | 8.0 | 1mo ago | scim_proton and kanidm_proto have an authenticated process abort via SCIM filter stack exhaustion | |||
| CVE-2026-0897 | high | — | 8.0 | 1mo ago | Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through 3.13.0 on all platforms allows a remote attacker to cause a Denial of Service (… | |||
| CVE-2026-42845 | high | — | 8.0 | 1mo ago | Grav Form Plugin has an Anonymous Page Content Overwrite via Form File Upload filename Override | |||
| CVE-2026-44307 | high | — | 8.0 | 1mo ago | Mako vulnerable to path traversal via backslash URI on Windows in TemplateLookup | |||
| CVE-2026-42548 | high | — | 8.0 | 1mo ago | Flight has reflected XSS through an unvalidated JSONP callback in Flight::jsonp() | |||
| CVE-2026-40171 | high | — | 8.0 | 1mo ago | In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 an… | |||
| CVE-2026-33079 | high | — | 8.0 | 1mo ago | Mistune has a ReDoS in LINK_TITLE_RE that allows denial of service via crafted Markdown input | |||
| CVE-2026-44012 | high | — | 8.0 | 1mo ago | Craft CMS's Missing Volume Permission Check in AssetsController::actionShowInFolder Allows Information Disclosure | |||
| CVE-2026-44011 | high | — | 8.0 | 1mo ago | Craft CMS has Potential Authenticated Remote Code Execution via Malicious Attached Behavior | |||
| CVE-2026-44010 | high | — | 8.0 | 1mo ago | Craft CMS's Missing Authorization in GraphQL Address Resolver Allows Cross-Scope PII Disclosure | |||
| CVE-2026-43885 | high | — | 8.0 | 1mo ago | AVideo Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor and Missing Authorization | |||
| CVE-2026-6970 | high | — | 8.0 | 1mo ago | authd: Primary group ID is incorrectly set to value of UID | |||
| CVE-2026-32689 | high | — | 8.0 | 1mo ago | Phoenix: Long-poll NDJSON body splitting causes large memory allocation | |||
| CVE-2026-26007 | high | — | 8.0 | 1mo ago | RHSA-2026:12176: fence-agents security update (Important) | |||
| CVE-2026-25679 | high | — | 8.0 | 1mo ago | Important: image-builder security update | |||
| CVE-2026-35388 | high | — | 8.0 | 1mo ago | OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions. | |||
| CVE-2026-23136 | high | — | 8.0 | 1mo ago | Important: kernel security update | |||
| CVE-2026-35414 | high | — | 8.0 | 1mo ago | OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma char… | |||
| CVE-2026-24660 | high | — | 8.0 | 1mo ago | RHSA-2026:13284: LibRaw security update (Important) | |||
| CVE-2026-20889 | high | — | 8.0 | 1mo ago | RHSA-2026:13284: LibRaw security update (Important) | |||
| CVE-2026-35386 | high | — | 8.0 | 1mo ago | In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and als… | |||
| CVE-2026-35387 | high | — | 8.0 | 1mo ago | OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms. | |||
| CVE-2026-35385 | high | — | 8.0 | 1mo ago | In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol)… | |||
| CVE-2026-7608 | high | 8.0 | 8.0 | 1mo ago | A vulnerability was detected in TRENDnet TEW-821DAP up to 1.12B01. The affected element is the function tools_diagnostic. The manipulation results in os command injection. The exploit is now public a… | |||
| CVE-2026-39804 | high | — | 8.0 | 1mo ago | Bandit's unbounded WebSocket inflate causes BEAM OOM with a single frame | |||
| CVE-2026-42786 | high | — | 8.0 | 1mo ago | Bandit Buffers Unbounded WebSocket Continuation Frames, Allowing Unauthenticated Memory Exhaustion | |||
| CVE-2026-43001 | high | 8.0 | 8.0 | 1mo ago | An issue was discovered in OpenStack Keystone before 29.0.2. POST /v3/credentials did not validate that the caller-supplied project_id for an EC2-type credential matched the project of the authentica… | |||
| CVE-2026-41587 | high | — | 8.0 | 1mo ago | CI4MS has Unrestricted PHP File Upload via Theme Installation that Leads to Authenticated Remote Code Execution | |||
| CVE-2026-0204 | high | 8.0 | 8.0 | 1mo ago | A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions. | |||
| CVE-2026-42524 | high | 8.0 | 8.0 | 1mo ago | Jenkins HTML Publisher Plugin has a XSS vulnerability in the legacy wrapper file | |||
| CVE-2026-34982 | high | — | 8.0 | 1mo ago | RHSA-2026:11509: vim security update (Important) | |||
| CVE-2026-21413 | high | — | 8.0 | 1mo ago | Important: LibRaw security update | |||
| CVE-2026-24450 | high | — | 8.0 | 1mo ago | Important: LibRaw security update | |||
| CVE-2026-5394 | high | — | 8.0 | 1mo ago | Pimcore Platform - SQL Injection in DataObject composite index handling during class definition import/save | |||
| CVE-2026-7069 | high | 8.0 | 8.0 | 1mo ago | A security flaw has been discovered in D-Link DIR-825 up to 3.00b32. This impacts the function AddPortMapping of the file upnpsoap.c of the component miniupnpd. Performing a manipulation of the argum… | |||
| CVE-2026-6750 | high | — | 8.0 | 1mo ago | Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | |||
| CVE-2026-4786 | high | — | 8.0 | 1mo ago | Important: python3.12 security update | |||
| CVE-2026-6772 | high | — | 8.0 | 1mo ago | Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | |||
| CVE-2026-6748 | high | — | 8.0 | 1mo ago | Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | |||
| CVE-2026-6759 | high | — | 8.0 | 1mo ago | Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | |||
| CVE-2026-6762 | high | — | 8.0 | 1mo ago | Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | |||
| CVE-2026-6769 | high | — | 8.0 | 1mo ago | Privilege escalation in the Debugger component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | |||
| CVE-2026-6753 | high | — | 8.0 | 1mo ago | Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | |||
| CVE-2026-6770 | high | — | 8.0 | 1mo ago | Other issue in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | |||
| CVE-2026-6757 | high | — | 8.0 | 1mo ago | Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | |||
| CVE-2026-6752 | high | — | 8.0 | 1mo ago | Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | |||
| CVE-2026-6751 | high | — | 8.0 | 1mo ago | Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | |||
| CVE-2026-33186 | high | — | 8.0 | 1mo ago | RHSA-2026:23228: image-builder security update (Important) | |||
| CVE-2026-6765 | high | — | 8.0 | 1mo ago | Information disclosure in the Form Autofill component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | |||
| CVE-2026-6764 | high | — | 8.0 | 1mo ago | Incorrect boundary conditions in the DOM: Device Interfaces component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | |||
| CVE-2026-6749 | high | — | 8.0 | 1mo ago | Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thund… | |||
| CVE-2026-6763 | high | — | 8.0 | 1mo ago | Mitigation bypass in the File Handling component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | |||
| CVE-2026-6747 | high | — | 8.0 | 1mo ago | Use-after-free in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | |||
| CVE-2026-6100 | high | — | 8.0 | 1mo ago | Important: python3.12 security update | |||
| CVE-2026-6767 | high | — | 8.0 | 1mo ago | Other issue in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | |||
| CVE-2026-6746 | high | — | 8.0 | 1mo ago | Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | |||
| CVE-2026-6766 | high | — | 8.0 | 1mo ago | Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | |||
| CVE-2026-6754 | high | — | 8.0 | 1mo ago | Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | |||
| CVE-2026-6776 | high | — | 8.0 | 1mo ago | Incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | |||
| CVE-2026-6771 | high | — | 8.0 | 1mo ago | Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | |||
| CVE-2026-6761 | high | — | 8.0 | 1mo ago | Privilege escalation in the Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | |||
| CVE-2026-40466 | high | — | 8.0 | 1mo ago | Apache ActiveMQ Vulnerable to Improper Input Validation and Code Injection | |||
| CVE-2026-41044 | high | — | 8.0 | 1mo ago | Apache ActiveMQ Vulnerable to Code Injection | |||
| CVE-2026-23902 | high | — | 8.0 | 1mo ago | Apache DolphinScheduler has an Incorrect Authorization Vulnerability | |||
| CVE-2026-21728 | high | — | 8.0 | 1mo ago | Grafana Tempo has an Uncontrolled Resource Consumption issue | |||
| CVE-2026-22018 | high | — | 8.0 | 1mo ago | RHSA-2026:22139: java-1.8.0-ibm security update (Important) | |||
| CVE-2026-22013 | high | — | 8.0 | 1mo ago | RHSA-2026:22139: java-1.8.0-ibm security update (Important) | |||
| CVE-2026-32280 | high | — | 8.0 | 1mo ago | Unexpected work during chain building in crypto/x509 | |||
| CVE-2026-34282 | high | — | 8.0 | 1mo ago | RHSA-2026:9689: java-21-openjdk security update (Important) | |||
| CVE-2026-22020 | high | — | 8.0 | 1mo ago | RHSA-2026:9686: java-17-openjdk security update (Important) | |||
| CVE-2026-32282 | high | — | 8.0 | 1mo ago | TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix | |||
| CVE-2026-32283 | high | — | 8.0 | 1mo ago | Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls | |||
| CVE-2026-27143 | high | — | 8.0 | 1mo ago | Arithmetic over induction variables in loops were not correctly checked for underflow or overflow. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading … | |||
| CVE-2026-27144 | high | — | 8.0 | 1mo ago | The compiler is meant to unwrap pointers which are the operands of a memory move; a no-op interface conversion prevented the compiler from making the correct determination about non-overlapping moves… | |||
| CVE-2026-34268 | high | — | 8.0 | 1mo ago | RHSA-2026:22139: java-1.8.0-ibm security update (Important) | |||
| CVE-2026-27140 | high | — | 8.0 | 1mo ago | SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass. |