CVEs from 2026
Total
14,691
critical
critical 1,318
high
high 4,976
medium
medium 4,752
low
low 501
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 621
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-45035 | high | 8.8 | 8.8 | 21d ago | Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, Tabby registers itself as the handler for the tabby:// URL scheme on all platforms. The URL scheme handler supp… | |||
| CVE-2026-6228 | high | 8.8 | 8.8 | 22d ago | The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 3.28.36. This is due to insufficient authorization checks in the role field… | |||
| CVE-2026-43490 | high | 8.8 | 8.8 | 22d ago | In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate inherited ACE SID length smb_inherit_dacl() walks the parent directory DACL loaded from the security descriptor x… | |||
| CVE-2026-45672 | high | 8.8 | 8.8 | 22d ago | Open WebUI: Jupyter code execution works despite `ENABLE_CODE_EXECUTION=false` — feature gate bypassed | |||
| CVE-2026-8587 | high | 8.8 | 8.8 | 22d ago | Use after free in Extensions in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome E… | |||
| CVE-2026-8581 | high | 8.8 | 8.8 | 22d ago | Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-8577 | high | 8.8 | 8.8 | 22d ago | Integer overflow in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-8558 | high | 8.8 | 8.8 | 22d ago | Out of bounds write in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-8555 | high | 8.8 | 8.8 | 22d ago | Use after free in GTK in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-8551 | high | 8.8 | 8.8 | 22d ago | Use after free in Downloads in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page… | |||
| CVE-2026-8549 | high | 8.8 | 8.8 | 22d ago | Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-8544 | high | 8.8 | 8.8 | 22d ago | Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-8540 | high | 8.8 | 8.8 | 22d ago | Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-8532 | high | 8.8 | 8.8 | 22d ago | Integer overflow in XML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-8531 | high | 8.8 | 8.8 | 22d ago | Heap buffer overflow in WebML in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity… | |||
| CVE-2026-8529 | high | 8.8 | 8.8 | 22d ago | Heap buffer overflow in Codecs in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted video file. (Chromium security severity: Hig… | |||
| CVE-2026-8527 | high | 8.8 | 8.8 | 22d ago | Insufficient validation of untrusted input in Downloads in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severi… | |||
| CVE-2026-8526 | high | 8.8 | 8.8 | 22d ago | Out of bounds write in WebRTC in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-8524 | high | 8.8 | 8.8 | 22d ago | Out of bounds write in WebAudio in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Hig… | |||
| CVE-2026-8522 | high | 8.8 | 8.8 | 22d ago | Use after free in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-8519 | high | 8.8 | 8.8 | 22d ago | Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: … | |||
| CVE-2026-8518 | high | 8.8 | 8.8 | 22d ago | Use after free in Blink in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-8517 | high | 8.8 | 8.8 | 22d ago | Object lifecycle issue in WebShare in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a cra… | |||
| CVE-2026-8509 | high | 8.8 | 8.8 | 22d ago | Heap buffer overflow in WebML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Criti… | |||
| CVE-2026-43909 | high | 8.8 | 8.8 | 22d ago | OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in t… | |||
| CVE-2026-43908 | high | 8.8 | 8.8 | 22d ago | OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in t… | |||
| CVE-2026-8621 | high | 8.8 | 8.8 | 22d ago | Crabbox: authentication bypass vulnerability that allows impersonation of others by spoofing identity headers | |||
| CVE-2026-44827 | high | 8.8 | 8.8 | 22d ago | Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, diffusers 0.37.0 allows remote code execution without the trust_remote_code=True safeguard when loading pipelines from Hu… | |||
| CVE-2026-44513 | high | 8.8 | 8.8 | 22d ago | Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trust_remote_code bypass in DiffusionPipeline.from_pretrained allows arbitrary remote code execution despite the user p… | |||
| CVE-2026-44849 | high | 8.8 | 8.8 | 22d ago | Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before … | |||
| CVE-2026-44848 | high | 8.8 | 8.8 | 22d ago | Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before … | |||
| CVE-2026-6638 | high | 8.8 | 8.8 | 22d ago | SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute arbitrary SQL with the subscription's publication-side credenti… | |||
| CVE-2026-6637 | high | 8.8 | 8.8 | 22d ago | Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if… | |||
| CVE-2026-6477 | high | 8.8 | 8.8 | 22d ago | Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions allows the server superuser to overwrite a cli… | |||
| CVE-2026-6475 | high | 8.8 | 8.8 | 22d ago | Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system accou… | |||
| CVE-2026-6473 | high | 8.8 | 8.8 | 22d ago | Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code… | |||
| CVE-2026-6506 | high | 8.8 | 8.8 | 23d ago | The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.1.2. This is due to the infusedwoo_gdpr_upddata() function missing authorization … | |||
| CVE-2026-45229 | high | 8.8 | 8.8 | 23d ago | Quark Drive before 0.8.5 contains a mass assignment vulnerability in the POST /update endpoint that allows authenticated attackers to overwrite administrator credentials by posting an arbitrary webui… | |||
| CVE-2026-6281 | high | 8.8 | 8.8 | 23d ago | A potential vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user on the local network to execute arbitrary commands on the device. | |||
| CVE-2026-44293 | high | 8.8 | 8.8 | 23d ago | protobuf.js: Code injection through bytes field defaults in generated toObject code | |||
| CVE-2026-41957 | high | 8.8 | 8.8 | 23d ago | An authenticated remote code execution vulnerability through undisclosed vectors exists in the BIG-IP and BIG-IQ Configuration utility. Note: Software versions which have reached End of Technical S… | |||
| CVE-2026-3425 | high | 8.8 | 8.8 | 23d ago | The RTMKit Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.2 via the 'path' parameter of the 'get_content' AJAX action. This … | |||
| CVE-2026-8201 | high | 8.8 | 8.8 | 24d ago | A use-after-free vulnerability exists in MongoDB's Field-Level Encryption (FLE) query analysis component, affecting client-side uses of mongocryptd and crypt_shared. Triggering this vulnerability req… | |||
| CVE-2026-8053 | high | 8.8 | 8.8 | 24d ago | An issue in MongoDB Server's time-series collection implementation allows an authenticated user with database write privileges to trigger an out-of-bounds memory write in the mongod process. The issu… | |||
| CVE-2026-28955 | high | 8.8 | 8.8 | 24d ago | visionOS 26.5 | |||
| CVE-2026-28947 | high | 8.8 | 8.8 | 24d ago | visionOS 26.5 | |||
| CVE-2026-28847 | high | 8.8 | 8.8 | 24d ago | visionOS 26.5 | |||
| CVE-2026-42289 | high | 8.8 | 8.8 | 24d ago | ChurchCRM is an open-source church management system. Prior to 7.3.2, UserEditor.php processes user account creation and permission updates entirely through $_POST parameters with no CSRF token valid… | |||
| CVE-2026-45227 | high | 8.8 | 8.8 | 24d ago | Heym before 0.0.21 contains a sandbox escape vulnerability in the custom Python tool executor that allows authenticated workflow authors to bypass sandbox restrictions by using object-graph introspec… | |||
| CVE-2026-44871 | high | 8.8 | 8.8 | 24d ago | Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabiliti… | |||
| CVE-2026-44224 | high | 8.8 | 8.8 | 24d ago | Wiki.js is an open source wiki app built on Node.js. Prior to 2.5.313, the users.update GraphQL mutation accepts an arbitrary groups array and applies it directly to the database with no validation o… | |||
| CVE-2026-7474 | high | 8.8 | 8.8 | 24d ago | HashiCorp Nomad vulnerable to a path traversal | |||
| CVE-2026-44870 | high | 8.8 | 8.8 | 24d ago | Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabiliti… | |||
| CVE-2026-44869 | high | 8.8 | 8.8 | 24d ago | Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remo… | |||
| CVE-2026-44868 | high | 8.8 | 8.8 | 24d ago | Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remo… | |||
| CVE-2026-44867 | high | 8.8 | 8.8 | 24d ago | Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remo… | |||
| CVE-2026-44866 | high | 8.8 | 8.8 | 24d ago | Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remo… | |||
| CVE-2026-8429 | high | 8.8 | 8.8 | 24d ago | SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the private space that allows attackers to execute arbitrary code in the context of the web server. Attackers can exploi… | |||
| CVE-2026-23819 | high | 8.8 | 8.8 | 24d ago | A vulnerability in the web-based management interface of Access Points running AOS-10 and AOS-8 Instant could allow an unauthenticated remote attacker to execute arbitrary JavaScript code in a victim… | |||
| CVE-2026-31225 | high | 8.8 | 8.8 | 24d ago | Superduper: Remote code execution via unsafe eval in superduper query parsing | |||
| CVE-2026-31222 | high | 8.8 | 8.8 | 24d ago | Snorkel Trainer.load uses an unsafe torch.load | |||
| CVE-2026-43892 | high | 8.8 | 8.8 | 24d ago | AntSword is a cross-platform website management toolkit. Prior to 2.1.16, incomplete noxss() sanitization leads to 1-click RCE via jquery.terminal format code injection. This vulnerability is fixed i… | |||
| CVE-2026-41613 | high | 8.8 | 8.8 | 24d ago | Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network. | |||
| CVE-2026-41109 | high | 8.8 | 8.8 | 24d ago | Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature ove… | |||
| CVE-2026-41094 | high | 8.8 | 8.8 | 24d ago | Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network. | |||
| CVE-2026-41086 | high | 8.8 | 8.8 | 24d ago | Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network. | |||
| CVE-2026-40420 | high | 8.8 | 8.8 | 24d ago | Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-40403 | high | 8.8 | 8.8 | 24d ago | Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally. | |||
| CVE-2026-40370 | high | 8.8 | 8.8 | 24d ago | External control of file name or path in SQL Server allows an authorized attacker to execute code over a network. | |||
| CVE-2026-40365 | high | 8.8 | 8.8 | 24d ago | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||
| CVE-2026-40357 | high | 8.8 | 8.8 | 24d ago | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||
| CVE-2026-35439 | high | 8.8 | 8.8 | 24d ago | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||
| CVE-2026-35436 | high | 8.8 | 8.8 | 24d ago | Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-34329 | high | 8.8 | 8.8 | 24d ago | Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network. | |||
| CVE-2026-33112 | high | 8.8 | 8.8 | 24d ago | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||
| CVE-2026-33110 | high | 8.8 | 8.8 | 24d ago | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||
| CVE-2026-31232 | high | 8.8 | 8.8 | 24d ago | The CosyVoice project thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its model loading process. When loading model f… | |||
| CVE-2026-25088 | high | 8.8 | 8.8 | 24d ago | An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiNDR 7.6.0 through 7.6.2, FortiNDR 7.4.0 through 7.4.9, FortiNDR 7.2 all versions… | |||
| CVE-2026-31224 | high | 8.8 | 8.8 | 24d ago | Snorkel MultitaskClassifier.load uses an unsafe torch.load | |||
| CVE-2026-31223 | high | 8.8 | 8.8 | 24d ago | Snorkel BaseLabeler.load uses an unsafe pickle.load | |||
| CVE-2026-31219 | high | 8.8 | 8.8 | 24d ago | The _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f (2024-07-21) is vulnerable to insecure deserialization (CW… | |||
| CVE-2026-31218 | high | 8.8 | 8.8 | 24d ago | The _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f (2024-07-21) is vulnerable to insecure deserialization (CW… | |||
| CVE-2026-30810 | high | 8.8 | 8.8 | 24d ago | Server-Side Request Forgery vulnerability allows Privilege Escalation via API Checker extension. This issue affects Pandora FMS: from 777 through 800 | |||
| CVE-2026-30807 | high | 8.8 | 8.8 | 24d ago | Cross-Site Request Forgery vulnerability allows an attacker to perform unauthorized actions via crafted web page. This issue affects Pandora FMS: from 777 through 800 | |||
| CVE-2026-8111 | high | 8.8 | 8.8 | 24d ago | SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution. | |||
| CVE-2026-43937 | high | 8.8 | 8.8 | 24d ago | YAFNET: Pre-Handler Authorization Bypass on Admin Pages Enables Blind SQL Execution via `/Admin/RunSql` | |||
| CVE-2026-8389 | high | 8.8 | 8.8 | 24d ago | JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3. | |||
| CVE-2026-2465 | high | 8.8 | 8.8 | 24d ago | Incorrect Authorization vulnerability in E-Kalite Software Hardware Engineering Design and Internet Services Industry and Trade Ltd. Co. Turboard FOR-S allows Privilege Escalation. This issue affect… | |||
| CVE-2026-6001 | high | 8.8 | 8.8 | 24d ago | Authorization bypass through User-Controlled key vulnerability in ABIS Technology Ltd. Co. BAPSİS allows Exploitation of Trusted Identifiers. This issue affects BAPSİS: before v.202604152042. | |||
| CVE-2026-1185 | high | 8.8 | 8.8 | 25d ago | A configuration file on the local file system had improper input validation which could allow code execution and potentially lead to privilege escalation. This vulnerability can only be exploited if … | |||
| CVE-2026-7256 | high | 8.8 | 8.8 | 25d ago | ** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the LAN to execute operat… | |||
| CVE-2026-8346 | high | 8.8 | 8.8 | 25d ago | A vulnerability was detected in D-Link DIR-816 1.10CNB05_R1B011D88210. This affects the function portForward. Performing a manipulation of the argument ip_address results in command injection. The at… | |||
| CVE-2026-42559 | high | 8.8 | 8.8 | 25d ago | rmcp Streamable HTTP server transport has a DNS rebinding vulnerability | |||
| CVE-2026-8345 | high | 8.8 | 8.8 | 25d ago | A security vulnerability has been detected in D-Link DIR-816 1.10CNB05_R1B011D88210. Affected by this issue is the function sub_445E7C of the file /goform/singlePortForward. Such manipulation of the … | |||
| CVE-2026-8344 | high | 8.8 | 8.8 | 25d ago | A weakness has been identified in D-Link DIR-816 1.10CNB05_R1B011D88210. Affected by this vulnerability is the function sub_445E7C of the file /goform/formDMZ.cgi. This manipulation causes command in… | |||
| CVE-2026-41489 | high | 8.8 | 8.8 | 25d ago | Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to before Core 6.4.2 and FTL 6.6.1, two shell scripts executed as root by s… | |||
| CVE-2026-36734 | high | 8.8 | 8.8 | 25d ago | EDIMAX BR-6428nS V3 1.15 is vulnerable to Command Injection. An authenticated attacker with access to the network can submit crafted input to the WLAN configuration functionality. Due to insufficient… | |||
| CVE-2026-45223 | high | 8.8 | 8.8 | 25d ago | Crabbox before 0.9.0 contains an authentication bypass vulnerability in the coordinator user-token verification path where the verifyUserToken() function fails to reject payloads containing an admin … | |||
| CVE-2026-45006 | high | 8.8 | 8.8 | 25d ago | OpenClaw before 2026.4.23 contains an improper access control vulnerability in the gateway tool's config.apply and config.patch operations that allows compromised models to write unsafe configuration… | |||
| CVE-2026-42603 | high | 8.8 | 8.8 | 25d ago | OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Prior to 2.1.2, .github/workflows/pre-commit-fix.yaml uses pull_request_ta… |