CVEs from 2026
Total
14,692
critical
critical 1,319
high
high 4,975
medium
medium 4,753
low
low 501
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 660
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-41507 | critical | 9.8 | 9.8 | 28d ago | Remote Code Execution (RCE) via String Literal Injection into math-codegen | |||
| CVE-2026-41497 | critical | 9.8 | 9.8 | 28d ago | PraisonAI has an incomplete fix for CVE-2026-34935 - OS Command Injection | |||
| CVE-2026-8153 | critical | 9.8 | 9.8 | 28d ago | OS command injection in Dashboard Server interface in Universal Robots PolyScope versions prior to 5.25.1 allows unauthenticated attacker to craft commands that will execute code on the robot's OS. | |||
| CVE-2026-41501 | critical | 9.8 | 9.8 | 29d ago | electerm has Command Injection via runLinux funtion | |||
| CVE-2026-41500 | critical | 9.8 | 9.8 | 29d ago | electerm: electerm_install_script_CommandInjection Vulnerability Report | |||
| CVE-2026-8034 | critical | 9.8 | 9.8 | 29d ago | A server-side request forgery (SSRF) vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusi… | |||
| CVE-2026-42284 | critical | 9.8 | 9.8 | 29d ago | GitPython: Unsafe option check validates multi_options before shlex.split transformation | |||
| CVE-2026-7415 | critical | 9.8 | 9.8 | 29d ago | The MQTT broker embedded in Yarbo firmware v2.3.9 is configured to allow anonymous connections with no topic-level read or write ACLs. Any host on the same network can subscribe to sensitive telemetr… | |||
| CVE-2026-7414 | critical | 9.8 | 9.8 | 29d ago | Yarbo firmware v2.3.9 contains hardcoded administrative credentials embedded in the firmware image. These credentials are identical across all devices running this firmware and cannot be changed or r… | |||
| CVE-2026-7413 | critical | 9.8 | 9.8 | 29d ago | A hidden, persistent backdoor was found in Yarbo firmware v2.3.9 that provides remote, unauthenticated (or weakly authenticated) access to privileged functionality. The backdoor is undocumented, cann… | |||
| CVE-2026-5788 | critical | 9.8 | 9.8 | 29d ago | An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke arbitrary methods. | |||
| CVE-2026-36458 | critical | 9.8 | 9.8 | 29d ago | ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cms_content tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered. | |||
| CVE-2026-30496 | critical | 9.8 | 9.8 | 29d ago | The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes an HTTP API on TCP port 2345 that allows full unauthenticated remote control of the device. The API supports bot… | |||
| CVE-2026-8091 | critical | 9.8 | 9.8 | 29d ago | Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, Thunderbird 140.10.1, and Firefox ESR 115.35.… | |||
| CVE-2026-6508 | critical | 9.8 | 9.8 | 29d ago | Origin Validation Error vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Lidera… | |||
| CVE-2026-42217 | critical | 9.8 | 9.8 | 1mo ago | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3… | |||
| CVE-2026-44109 | critical | 9.8 | 9.8 | 1mo ago | OpenClaw: Feishu webhook and card-action validation now fail closed | |||
| CVE-2026-43585 | critical | 9.8 | 9.8 | 1mo ago | OpenClaw: Gateway HTTP endpoints re-resolve bearer auth after SecretRef rotation | |||
| CVE-2026-43575 | critical | 9.8 | 9.8 | 1mo ago | OpenClaw versions 2026.2.21 before 2026.4.10 contain an authentication bypass vulnerability in the sandbox noVNC helper route that exposes interactive browser session credentials. Attackers can acces… | |||
| CVE-2026-41930 | critical | 9.8 | 9.8 | 1mo ago | Vvveb before version 1.0.8.2 contains a hard-coded credentials vulnerability in its docker-compose-apache.yaml configuration that allows unauthenticated attackers to access the bundled phpMyAdmin con… | |||
| CVE-2026-43208 | critical | 9.8 | 9.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: net: do not pass flow_id to set_rps_cpu() Blamed commit made the assumption that the RPS table for each receive queue would have … | |||
| CVE-2026-43198 | critical | 9.8 | 9.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: tcp: fix potential race in tcp_v6_syn_recv_sock() Code in tcp_v6_syn_recv_sock() after the call to tcp_v4_syn_recv_sock() is done… | |||
| CVE-2026-43186 | critical | 9.8 | 9.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: ipv6: ioam: fix heap buffer overflow in __ioam6_fill_trace_data() On the receive path, __ioam6_fill_trace_data() uses trace->node… | |||
| CVE-2026-43185 | critical | 9.8 | 9.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix signededness bug in smb_direct_prepare_negotiation() smb_direct_prepare_negotiation() casts an unsigned __u32 value fr… | |||
| CVE-2026-43125 | critical | 9.8 | 9.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: dlm: validate length in dlm_search_rsb_tree The len parameter in dlm_dump_rsb_name() is not validated and comes from network mess… | |||
| CVE-2026-28780 | critical | 9.8 | 9.8 | 1mo ago | Important: httpd security update | |||
| CVE-2026-35579 | critical | 9.8 | 9.8 | 1mo ago | CoreDNS has TSIG authentication bypass on gRPC and QUIC transports | |||
| CVE-2026-7854 | critical | 9.8 | 9.8 | 1mo ago | A security vulnerability has been detected in D-Link DI-8100 16.07.26A1. Affected by this vulnerability is the function url_rule_asp of the file /url_rule.asp of the component POST Parameter Handler.… | |||
| CVE-2026-38428 | critical | 9.8 | 9.8 | 1mo ago | Kestra v1.3.3 and before is vulnerable to SQL Injection. The vulnerability occurs because user-controlled input from a GET parameter is directly concatenated into an SQL query without proper sanitiza… | |||
| CVE-2026-27960 | critical | 9.8 | 9.8 | 1mo ago | OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. In versions 6.6.0 through 6.9.12, there is a privilege escalation vulnerability that can be exploi… | |||
| CVE-2026-7853 | critical | 9.8 | 9.8 | 1mo ago | A weakness has been identified in D-Link DI-8100 16.07.26A1. Affected is the function sprintf of the file /auto_reboot.asp of the component HTTP Handler. This manipulation of the argument enable/time… | |||
| CVE-2026-38431 | critical | 9.8 | 9.8 | 1mo ago | ERPNext v15.103.1 and before is vulnerable to Server-Side Template Injection (SSTI). An attacker with permission to create or edit email templates can inject template expressions that are executed on… | |||
| CVE-2026-38429 | critical | 9.8 | 9.8 | 1mo ago | OpenCMS v20 and before is vulnerable to XML External Entity (XXE) in the Admin Import DB feature due to insecure XML parsing of user supplied .zip files containing a manifest.xml. | |||
| CVE-2026-43067 | critical | 9.8 | 9.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: ext4: handle wraparound when searching for blocks for indirect mapped blocks Commit 4865c768b563 ("ext4: always allocate blocks o… | |||
| CVE-2026-7834 | critical | 9.8 | 9.8 | 1mo ago | A security vulnerability has been detected in EFM ipTIME NAS1dual 1.5.24. This issue affects the function get_csrf_whites of the file /cgi/advanced/misc_main.cgi. Such manipulation leads to stack-bas… | |||
| CVE-2026-43566 | critical | 9.8 | 9.8 | 1mo ago | OpenClaw: Heartbeat owner downgrade missed untrusted webhook wake events | |||
| CVE-2026-43534 | critical | 9.8 | 9.8 | 1mo ago | OpenClaw: Agent hook events could enqueue trusted system events from unsanitized external input | |||
| CVE-2026-7823 | critical | 9.8 | 9.8 | 1mo ago | A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setAppFilterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results… | |||
| CVE-2026-5294 | critical | 9.8 | 9.8 | 1mo ago | The Geeky Bot plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.2.2. This is due to a nopriv AJAX route allowing attacker-controlled model/function dispa… | |||
| CVE-2026-5722 | critical | 9.8 | 9.8 | 1mo ago | The MoreConvert Pro plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.9.14. This is due to the guest waitlist verification flow not invalidating or r… | |||
| CVE-2026-42601 | critical | 9.8 | 9.8 | 1mo ago | ArchiveBox Vulnerable to RCE via unvalidated per-crawl config overrides in AddView | |||
| CVE-2026-42238 | critical | 9.8 | 9.8 | 1mo ago | Nginx-UI is Vulnerable to Unauthenticated Remote Code Execution via Backup Restore | |||
| CVE-2026-42222 | critical | 9.8 | 9.8 | 1mo ago | Nginx-UI: Unauthenticated first-boot instance claim via POST /api/install allows remote bootstrap takeover | |||
| CVE-2026-42221 | critical | 9.8 | 9.8 | 1mo ago | Nginx-UI: Unauthenticated First-Run Installer Allows Remote Initial Admin Claim | |||
| CVE-2026-42233 | critical | 9.8 | 9.8 | 1mo ago | n8n has SQL Injection in Oracle Database Node via Limit Field | |||
| CVE-2026-42796 | critical | 9.8 | 9.8 | 1mo ago | Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/configure REST endpoint that accepts a plugins query parameter and forwards it to the plugin manager… | |||
| CVE-2026-42376 | critical | 9.8 | 9.8 | 1mo ago | D-Link DIR-456U Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /etc/init0.d/S80telnetd.sh with the username "Alphanetworks… | |||
| CVE-2026-42076 | critical | 9.8 | 9.8 | 1mo ago | Evolver: Command Injection via `execSync` in `_extractLLM()` function allows Remote Code Execution | |||
| CVE-2026-42027 | critical | 9.8 | 9.8 | 1mo ago | Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The ExtensionLoader.instantiateExtension(C… | |||
| CVE-2026-26956 | critical | 9.8 | 9.8 | 1mo ago | VM2 Has a WASM Sandbox Escape (Node 25 only) | |||
| CVE-2026-25293 | critical | 9.8 | 9.8 | 1mo ago | Buffer overflow due to incorrect authorization in PLC FW | |||
| CVE-2026-24781 | critical | 9.8 | 9.8 | 1mo ago | VM2 Has Sandbox Breakout Through Inspect Function | |||
| CVE-2026-24120 | critical | 9.8 | 9.8 | 1mo ago | VM2 Has Sandbox Breakout Through Promise Species | |||
| CVE-2026-24118 | critical | 9.8 | 9.8 | 1mo ago | VM2 Sandbox Breakout Through __lookupGetter__ | |||
| CVE-2026-7747 | critical | 9.8 | 9.8 | 1mo ago | A security flaw has been discovered in Totolink N300RH 3.2.4-B20220812. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. P… | |||
| CVE-2026-7719 | critical | 9.8 | 9.8 | 1mo ago | A security flaw has been discovered in Totolink WA300 5.2cu.7112_B20190227. The affected element is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The … | |||
| CVE-2026-42370 | critical | 9.8 | 9.8 | 1mo ago | A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker ca… | |||
| CVE-2026-31402 | critical | 9.8 | 9.8 | 1mo ago | Important: kernel security update | |||
| CVE-2026-42258 | critical | 9.8 | 9.8 | 1mo ago | net-imap vulnerable to command Injection via unvalidated Symbol inputs | |||
| CVE-2026-42257 | critical | 9.8 | 9.8 | 1mo ago | net-imap vulnerable to command Injection via "raw" arguments to multiple commands | |||
| CVE-2026-7690 | critical | 9.8 | 9.8 | 1mo ago | A weakness has been identified in Wavlink WL-WN570HA1 R70HA1 V1410_221110. This issue affects the function set_sys_adm of the file /cgi-bin/adm.cgi. This manipulation of the argument Username causes … | |||
| CVE-2026-7458 | critical | 9.8 | 9.8 | 1mo ago | The User Verification by PickPlugins plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.46. This is due to the use of a loose PHP comparison operato… | |||
| CVE-2026-4882 | critical | 9.8 | 9.8 | 1mo ago | The User Registration Advanced Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'URAF_AJAX::method_upload' function in all versions up to… | |||
| CVE-2026-37540 | critical | 9.8 | 9.8 | 1mo ago | OpenAMP v2025.10.0 ELF loader contains an integer overflow vulnerability in firmware image parsing. In elf_loader.c, it performs multiplication of two attacker-controlled 16-bit values from the ELF h… | |||
| CVE-2026-37539 | critical | 9.8 | 9.8 | 1mo ago | Buffer overflow vulnerability in cannelloni v2.0.0 in CAN frame parsing in parser.cpp in function parseCANFrame, and decoder.cpp in function decodeFrame allowing remote attackers to cause a denial of… | |||
| CVE-2026-37534 | critical | 9.8 | 9.8 | 1mo ago | Integer underflow vulnerability in Open-SAE-J1939 thru commit b6caf884df46435e539b1ecbf92b6c29b345bdfe (2025-11-30) in SAE_J1939_Read_Transport_Protocol_Data_Transfer,allows attackers to write to arb… | |||
| CVE-2026-37531 | critical | 9.8 | 9.8 | 1mo ago | AGL app-framework-main thru 17.1.12 contains a Zip Slip path traversal vulnerability (CWE-22) combined with a TOCTOU race condition (CWE-367) in the widget installation flow. The is_valid_filename fu… | |||
| CVE-2026-42473 | critical | 9.8 | 9.8 | 1mo ago | Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize() on data from the filesystem in the FileHandler object. | |||
| CVE-2026-42472 | critical | 9.8 | 9.8 | 1mo ago | Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize() on data from Redis in the RedisHandler object. | |||
| CVE-2026-43039 | critical | 9.8 | 9.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: fix missing data copy and wrong recycle in ZC RX dispatch emac_dispatch_skb_zc() allocates a new skb via n… | |||
| CVE-2026-43038 | critical | 9.8 | 9.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach() Sashiko AI-review observed: In ip6_err_gen_icmpv6_unreach(), the … | |||
| CVE-2026-43037 | critical | 9.8 | 9.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: clear skb2->cb[] in ip4ip6_err() Oskar Kjos reported the following problem. ip4ip6_err() calls icmp_send() on a clon… | |||
| CVE-2026-43011 | critical | 9.8 | 9.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: net/x25: Fix potential double free of skb When alloc_skb fails in x25_queue_rx_frame it calls kfree_skb(skb) at line 48 and retur… | |||
| CVE-2026-42484 | critical | 9.8 | 9.8 | 1mo ago | A heap-based buffer overflow in hex_to_binary in the PKZIP hash parser in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted PKZIP hash fi… | |||
| CVE-2026-42483 | critical | 9.8 | 9.8 | 1mo ago | A heap-based buffer overflow in the Kerberos hash parser in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted Kerberos hash file. The iss… | |||
| CVE-2026-42482 | critical | 9.8 | 9.8 | 1mo ago | A stack-based buffer overflow in mangle_to_hex_lower() and mangle_to_hex_upper() in src/rp_cpu.c in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code v… | |||
| CVE-2026-31718 | critical | 9.8 | 9.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in __ksmbd_close_fd() via durable scavenger When a durable file handle survives session disconnect (TCP… | |||
| CVE-2026-31705 | critical | 9.8 | 9.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out-of-bounds write in smb2_get_ea() EA alignment smb2_get_ea() applies 4-byte alignment padding via memset() after wr… | |||
| CVE-2026-42779 | critical | 9.8 | 9.8 | 1mo ago | Apache MINA vulnerable to Deserialization of Untrusted Data (CVE-2026-41635 Incomplete Fix) | |||
| CVE-2026-42778 | critical | 9.8 | 9.8 | 1mo ago | Apache MINA vulnerable to Deserialization of Untrusted Data (CVE-2026-41409 Incomplete Fix) | |||
| CVE-2026-42994 | critical | 9.8 | 9.8 | 1mo ago | Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code. This is related to a Checkmarx supply chain incident. | |||
| CVE-2026-7546 | critical | 9.8 | 9.8 | 1mo ago | A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279_B20210910. The impacted element is the function find_host_ip of the component lighttpd. Such manipulation of the argument Ho… | |||
| CVE-2026-7538 | critical | 9.8 | 9.8 | 1mo ago | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function Vulnerability of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation o… | |||
| CVE-2026-40685 | critical | 9.8 | 9.8 | 1mo ago | In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrusted header, because of an incorrect implementation… | |||
| CVE-2026-2311 | critical | 9.8 | 9.8 | 1mo ago | IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization check. A malicious actor could cause user-controlled code to ru… | |||
| CVE-2026-33447 | critical | 9.8 | 9.8 | 1mo ago | CVE-2026-33447 is a buffer overflow in a message parsing function of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a special packet that can overwrit… | |||
| CVE-2026-33446 | critical | 9.8 | 9.8 | 1mo ago | CVE-2026-33446 is a buffer overflow in the authentication sub-system of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a special packet that can overw… | |||
| CVE-2026-4670 | critical | 9.8 | 9.8 | 1mo ago | Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass. This issue affects MOVEit Automation: from 2025.0.0 before 2025.0.9, from… | |||
| CVE-2026-42799 | critical | 9.8 | 9.8 | 1mo ago | Out-of-bounds read vulnerability in ASR Kestrel (nr_fw modules) allows Overflow Buffers. This vulnerability is associated with program files Code/Nr/nr_fw/RA/src/NrPwrCtrl.C. This issue affects … | |||
| CVE-2026-22070 | critical | 9.8 | 9.8 | 1mo ago | ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal. | |||
| CVE-2026-34084 | critical | 9.8 | 9.8 | 1mo ago | PhpSpreadsheet has SSRF/RCE in IOFactory::load when $filename is user controlled | |||
| CVE-2026-26015 | critical | 9.8 | 9.8 | 1mo ago | DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before version 0.16.0, an attacker accessing both the official DocsGPT website or any local and public deployment, can craft a … | |||
| CVE-2026-38992 | critical | 9.8 | 9.8 | 1mo ago | Cockpit is vulnerable to arbitrary code execution | |||
| CVE-2026-36841 | critical | 9.8 | 9.8 | 1mo ago | TOTOLINK N200RE V5 was discovered to contain a command injection vulnerability via the macstr and bandstr parameters in the formMapDelDevice function. | |||
| CVE-2026-42249 | critical | 9.8 | 9.8 | 1mo ago | Ollama for Windows contains a Remote Code Execution vulnerability in its update mechanism due to improper handling of attacker‑controlled HTTP response headers. When downloading updates, the applicat… | |||
| CVE-2026-42248 | critical | 9.8 | 9.8 | 1mo ago | Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables. Unlike other platforms, the Windows implementation of the update verification routine unco… | |||
| CVE-2026-41446 | critical | 9.8 | 9.8 | 1mo ago | Snap One WattBox 800 and 820 series firmware versions prior to 2.10.0.0 contain undisclosed diagnostic HTTP endpoints that require only the device MAC address and service tag for authentication, both… | |||
| CVE-2026-41386 | critical | 9.8 | 9.8 | 1mo ago | OpenClaw: Unbound bootstrap setup codes allow privilege escalation during pairing | |||
| CVE-2026-24178 | critical | 9.8 | 9.8 | 1mo ago | NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key. A succ… | |||
| CVE-2026-41873 | critical | 9.8 | 9.8 | 1mo ago | ** UNSUPPORTED WHEN ASSIGNED ** Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Pony Mail leading to admin account takeover. This issue affects all … |