CVEs from 2026
Total
14,766
critical
critical 1,333
high
high 4,995
medium
medium 4,817
low
low 502
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 723
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-41085 | high | 8.8 | 8.8 | 19d ago | Thermo Fisher Scientific Torrent Suite Dx through 5.14.2 has a privilege escalation vulnerability that may allow an authenticated user with limited access privileges to gain unauthorized administrato… | |||
| CVE-2026-7498 | high | 8.8 | 8.8 | 19d ago | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Basamak Information Technology Consulting and Organization Trade Ltd. Co. DernekWeb allows Stored… | |||
| CVE-2026-3220 | high | 8.8 | 8.8 | 19d ago | The Autoptimize WordPress plugin before 3.1.15, Clearfy Cache WordPress plugin before 2.4.2, Speed Optimizer WordPress plugin before 7.7.9 are vulnerable to unauthenticated Stored Cross-Site Script… | |||
| CVE-2026-8776 | high | 8.8 | 8.8 | 19d ago | A vulnerability has been found in Edimax BR-6428NS 1.10. This vulnerability affects the function formPPTPSetup of the file /goform/formPPTPSetup of the component POST Request Handler. Such manipulati… | |||
| CVE-2026-8775 | high | 8.8 | 8.8 | 19d ago | A flaw has been found in Edimax BR-6428NS 1.10. This affects the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. This manipulation of the argument L2TP… | |||
| CVE-2026-8719 | high | 8.8 | 8.8 | 20d ago | The AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin for WordPress is vulnerable to Privilege Escalation in version 3.4.9. This is due to missing WordPress capability enforcement in t… | |||
| CVE-2026-45578 | high | 8.8 | 8.8 | 22d ago | WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a classic shell-metacharacter injection. The YPTSocket notification branch in plugin/Live/on_publish.php builds an execAsyn… | |||
| CVE-2026-45035 | high | 8.8 | 8.8 | 22d ago | Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, Tabby registers itself as the handler for the tabby:// URL scheme on all platforms. The URL scheme handler supp… | |||
| CVE-2026-6228 | high | 8.8 | 8.8 | 22d ago | The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 3.28.36. This is due to insufficient authorization checks in the role field… | |||
| CVE-2026-43490 | high | 8.8 | 8.8 | 22d ago | In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate inherited ACE SID length smb_inherit_dacl() walks the parent directory DACL loaded from the security descriptor x… | |||
| CVE-2026-45672 | high | 8.8 | 8.8 | 23d ago | Open WebUI: Jupyter code execution works despite `ENABLE_CODE_EXECUTION=false` — feature gate bypassed | |||
| CVE-2026-8587 | high | 8.8 | 8.8 | 23d ago | Use after free in Extensions in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome E… | |||
| CVE-2026-8581 | high | 8.8 | 8.8 | 23d ago | Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-8577 | high | 8.8 | 8.8 | 23d ago | Integer overflow in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-8558 | high | 8.8 | 8.8 | 23d ago | Out of bounds write in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-8555 | high | 8.8 | 8.8 | 23d ago | Use after free in GTK in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-8551 | high | 8.8 | 8.8 | 23d ago | Use after free in Downloads in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page… | |||
| CVE-2026-8549 | high | 8.8 | 8.8 | 23d ago | Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-8544 | high | 8.8 | 8.8 | 23d ago | Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-8540 | high | 8.8 | 8.8 | 23d ago | Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-8532 | high | 8.8 | 8.8 | 23d ago | Integer overflow in XML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-8531 | high | 8.8 | 8.8 | 23d ago | Heap buffer overflow in WebML in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity… | |||
| CVE-2026-8529 | high | 8.8 | 8.8 | 23d ago | Heap buffer overflow in Codecs in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted video file. (Chromium security severity: Hig… | |||
| CVE-2026-8527 | high | 8.8 | 8.8 | 23d ago | Insufficient validation of untrusted input in Downloads in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severi… | |||
| CVE-2026-8526 | high | 8.8 | 8.8 | 23d ago | Out of bounds write in WebRTC in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-8524 | high | 8.8 | 8.8 | 23d ago | Out of bounds write in WebAudio in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Hig… | |||
| CVE-2026-8522 | high | 8.8 | 8.8 | 23d ago | Use after free in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-8519 | high | 8.8 | 8.8 | 23d ago | Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: … | |||
| CVE-2026-8518 | high | 8.8 | 8.8 | 23d ago | Use after free in Blink in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-8517 | high | 8.8 | 8.8 | 23d ago | Object lifecycle issue in WebShare in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a cra… | |||
| CVE-2026-8509 | high | 8.8 | 8.8 | 23d ago | Heap buffer overflow in WebML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Criti… | |||
| CVE-2026-43909 | high | 8.8 | 8.8 | 23d ago | OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in t… | |||
| CVE-2026-43908 | high | 8.8 | 8.8 | 23d ago | OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in t… | |||
| CVE-2026-8621 | high | 8.8 | 8.8 | 23d ago | Crabbox: authentication bypass vulnerability that allows impersonation of others by spoofing identity headers | |||
| CVE-2026-44827 | high | 8.8 | 8.8 | 23d ago | Diffusers has a `trust_remote_code` bypass via `custom_pipeline` and local custom components | |||
| CVE-2026-44513 | high | 8.8 | 8.8 | 23d ago | Diffusers has a `trust_remote_code` bypass via `custom_pipeline` and local custom components | |||
| CVE-2026-44849 | high | 8.8 | 8.8 | 23d ago | Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before … | |||
| CVE-2026-44848 | high | 8.8 | 8.8 | 23d ago | Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before … | |||
| CVE-2026-6638 | high | 8.8 | 8.8 | 23d ago | SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute arbitrary SQL with the subscription's publication-side credenti… | |||
| CVE-2026-6637 | high | 8.8 | 8.8 | 23d ago | Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if… | |||
| CVE-2026-6477 | high | 8.8 | 8.8 | 23d ago | Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions allows the server superuser to overwrite a cli… | |||
| CVE-2026-6475 | high | 8.8 | 8.8 | 23d ago | Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system accou… | |||
| CVE-2026-6473 | high | 8.8 | 8.8 | 23d ago | Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code… | |||
| CVE-2026-6506 | high | 8.8 | 8.8 | 23d ago | The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.1.2. This is due to the infusedwoo_gdpr_upddata() function missing authorization … | |||
| CVE-2026-45229 | high | 8.8 | 8.8 | 23d ago | Quark Drive before 0.8.5 contains a mass assignment vulnerability in the POST /update endpoint that allows authenticated attackers to overwrite administrator credentials by posting an arbitrary webui… | |||
| CVE-2026-6281 | high | 8.8 | 8.8 | 24d ago | A potential vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user on the local network to execute arbitrary commands on the device. | |||
| CVE-2026-44293 | high | 8.8 | 8.8 | 24d ago | protobuf.js: Code injection through bytes field defaults in generated toObject code | |||
| CVE-2026-41957 | high | 8.8 | 8.8 | 24d ago | An authenticated remote code execution vulnerability through undisclosed vectors exists in the BIG-IP and BIG-IQ Configuration utility. Note: Software versions which have reached End of Technical S… | |||
| CVE-2026-3425 | high | 8.8 | 8.8 | 24d ago | The RTMKit Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.2 via the 'path' parameter of the 'get_content' AJAX action. This … | |||
| CVE-2026-8201 | high | 8.8 | 8.8 | 24d ago | A use-after-free vulnerability exists in MongoDB's Field-Level Encryption (FLE) query analysis component, affecting client-side uses of mongocryptd and crypt_shared. Triggering this vulnerability req… | |||
| CVE-2026-8053 | high | 8.8 | 8.8 | 24d ago | An issue in MongoDB Server's time-series collection implementation allows an authenticated user with database write privileges to trigger an out-of-bounds memory write in the mongod process. The issu… | |||
| CVE-2026-28947 | high | 8.8 | 8.8 | 24d ago | visionOS 26.5 | |||
| CVE-2026-28847 | high | 8.8 | 8.8 | 24d ago | visionOS 26.5 | |||
| CVE-2026-28955 | high | 8.8 | 8.8 | 24d ago | visionOS 26.5 | |||
| CVE-2026-42289 | high | 8.8 | 8.8 | 24d ago | ChurchCRM is an open-source church management system. Prior to 7.3.2, UserEditor.php processes user account creation and permission updates entirely through $_POST parameters with no CSRF token valid… | |||
| CVE-2026-45227 | high | 8.8 | 8.8 | 24d ago | Heym before 0.0.21 contains a sandbox escape vulnerability in the custom Python tool executor that allows authenticated workflow authors to bypass sandbox restrictions by using object-graph introspec… | |||
| CVE-2026-44871 | high | 8.8 | 8.8 | 24d ago | Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabiliti… | |||
| CVE-2026-44224 | high | 8.8 | 8.8 | 24d ago | Wiki.js is an open source wiki app built on Node.js. Prior to 2.5.313, the users.update GraphQL mutation accepts an arbitrary groups array and applies it directly to the database with no validation o… | |||
| CVE-2026-7474 | high | 8.8 | 8.8 | 25d ago | HashiCorp Nomad vulnerable to a path traversal | |||
| CVE-2026-44870 | high | 8.8 | 8.8 | 25d ago | Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabiliti… | |||
| CVE-2026-44869 | high | 8.8 | 8.8 | 25d ago | Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remo… | |||
| CVE-2026-44868 | high | 8.8 | 8.8 | 25d ago | Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remo… | |||
| CVE-2026-44867 | high | 8.8 | 8.8 | 25d ago | Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remo… | |||
| CVE-2026-44866 | high | 8.8 | 8.8 | 25d ago | Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remo… | |||
| CVE-2026-8429 | high | 8.8 | 8.8 | 25d ago | SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the private space that allows attackers to execute arbitrary code in the context of the web server. Attackers can exploi… | |||
| CVE-2026-23819 | high | 8.8 | 8.8 | 25d ago | A vulnerability in the web-based management interface of Access Points running AOS-10 and AOS-8 Instant could allow an unauthenticated remote attacker to execute arbitrary JavaScript code in a victim… | |||
| CVE-2026-31222 | high | 8.8 | 8.8 | 25d ago | Snorkel Trainer.load uses an unsafe torch.load | |||
| CVE-2026-31225 | high | 8.8 | 8.8 | 25d ago | Superduper: Remote code execution via unsafe eval in superduper query parsing | |||
| CVE-2026-43892 | high | 8.8 | 8.8 | 25d ago | AntSword is a cross-platform website management toolkit. Prior to 2.1.16, incomplete noxss() sanitization leads to 1-click RCE via jquery.terminal format code injection. This vulnerability is fixed i… | |||
| CVE-2026-41613 | high | 8.8 | 8.8 | 25d ago | Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network. | |||
| CVE-2026-41109 | high | 8.8 | 8.8 | 25d ago | Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature ove… | |||
| CVE-2026-41094 | high | 8.8 | 8.8 | 25d ago | Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network. | |||
| CVE-2026-41086 | high | 8.8 | 8.8 | 25d ago | Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network. | |||
| CVE-2026-40420 | high | 8.8 | 8.8 | 25d ago | Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-40403 | high | 8.8 | 8.8 | 25d ago | Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally. | |||
| CVE-2026-40370 | high | 8.8 | 8.8 | 25d ago | External control of file name or path in SQL Server allows an authorized attacker to execute code over a network. | |||
| CVE-2026-40365 | high | 8.8 | 8.8 | 25d ago | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||
| CVE-2026-40357 | high | 8.8 | 8.8 | 25d ago | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||
| CVE-2026-35439 | high | 8.8 | 8.8 | 25d ago | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||
| CVE-2026-35436 | high | 8.8 | 8.8 | 25d ago | Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-34329 | high | 8.8 | 8.8 | 25d ago | Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network. | |||
| CVE-2026-33112 | high | 8.8 | 8.8 | 25d ago | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||
| CVE-2026-33110 | high | 8.8 | 8.8 | 25d ago | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||
| CVE-2026-31232 | high | 8.8 | 8.8 | 25d ago | The CosyVoice project thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its model loading process. When loading model f… | |||
| CVE-2026-25088 | high | 8.8 | 8.8 | 25d ago | An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiNDR 7.6.0 through 7.6.2, FortiNDR 7.4.0 through 7.4.9, FortiNDR 7.2 all versions… | |||
| CVE-2026-31224 | high | 8.8 | 8.8 | 25d ago | Snorkel MultitaskClassifier.load uses an unsafe torch.load | |||
| CVE-2026-31223 | high | 8.8 | 8.8 | 25d ago | Snorkel BaseLabeler.load uses an unsafe pickle.load | |||
| CVE-2026-31219 | high | 8.8 | 8.8 | 25d ago | The _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f (2024-07-21) is vulnerable to insecure deserialization (CW… | |||
| CVE-2026-31218 | high | 8.8 | 8.8 | 25d ago | The _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f (2024-07-21) is vulnerable to insecure deserialization (CW… | |||
| CVE-2026-30810 | high | 8.8 | 8.8 | 25d ago | Server-Side Request Forgery vulnerability allows Privilege Escalation via API Checker extension. This issue affects Pandora FMS: from 777 through 800 | |||
| CVE-2026-30807 | high | 8.8 | 8.8 | 25d ago | Cross-Site Request Forgery vulnerability allows an attacker to perform unauthorized actions via crafted web page. This issue affects Pandora FMS: from 777 through 800 | |||
| CVE-2026-8111 | high | 8.8 | 8.8 | 25d ago | SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution. | |||
| CVE-2026-43937 | high | 8.8 | 8.8 | 25d ago | YAFNET: Pre-Handler Authorization Bypass on Admin Pages Enables Blind SQL Execution via `/Admin/RunSql` | |||
| CVE-2026-8389 | high | 8.8 | 8.8 | 25d ago | JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3. | |||
| CVE-2026-2465 | high | 8.8 | 8.8 | 25d ago | Incorrect Authorization vulnerability in E-Kalite Software Hardware Engineering Design and Internet Services Industry and Trade Ltd. Co. Turboard FOR-S allows Privilege Escalation. This issue affect… | |||
| CVE-2026-6001 | high | 8.8 | 8.8 | 25d ago | Authorization bypass through User-Controlled key vulnerability in ABIS Technology Ltd. Co. BAPSİS allows Exploitation of Trusted Identifiers. This issue affects BAPSİS: before v.202604152042. | |||
| CVE-2026-1185 | high | 8.8 | 8.8 | 25d ago | A configuration file on the local file system had improper input validation which could allow code execution and potentially lead to privilege escalation. This vulnerability can only be exploited if … | |||
| CVE-2026-7256 | high | 8.8 | 8.8 | 25d ago | ** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the LAN to execute operat… | |||
| CVE-2026-8346 | high | 8.8 | 8.8 | 25d ago | A vulnerability was detected in D-Link DIR-816 1.10CNB05_R1B011D88210. This affects the function portForward. Performing a manipulation of the argument ip_address results in command injection. The at… | |||
| CVE-2026-42559 | high | 8.8 | 8.8 | 25d ago | rmcp Streamable HTTP server transport has a DNS rebinding vulnerability |