CVEs from 2026
Total
14,122
critical
critical 1,246
high
high 4,695
medium
medium 4,475
low
low 488
% Critical
8.8%
% with KEV
0.4%
% with exploit
0.8%
Top vendors
Top products
- chrome 522
- firepower_threat_defense_software 300
- firepower_threat_defense 298
- gcp 247
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-28903 | medium | 6.5 | 6.5 | 22d ago | visionOS 26.5 | |||
| CVE-2026-44347 | medium | 6.5 | 6.5 | 22d ago | Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. Prior to 0.23.3, the SSO flow does not validate the state parameter, which makes it possible for an attacker to trick a user in… | |||
| CVE-2026-44223 | medium | 6.5 | 6.5 | 22d ago | vLLM is an inference and serving engine for large language models (LLMs). From to before 0.20.0, the extract_hidden_states speculative decoding proposer in vLLM returns a tensor with an incorrect sh… | |||
| CVE-2026-44204 | medium | 6.5 | 6.5 | 23d ago | Shelf is a platform for tracking physical assets. From 1.12 to before 1.20.1, a SQL injection vulnerability in the sortBy query parameter on the /assets route allows any authenticated user (any role)… | |||
| CVE-2026-42891 | medium | 6.5 | 6.5 | 23d ago | User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2026-42830 | medium | 6.5 | 6.5 | 23d ago | Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-42175 | medium | 6.5 | 6.5 | 23d ago | requests-hardened is Vulnerable to Server-Side Request Forgery | |||
| CVE-2026-40374 | medium | 6.5 | 6.5 | 23d ago | Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker to disclose information over a network. | |||
| CVE-2026-35422 | medium | 6.5 | 6.5 | 23d ago | Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized attacker to bypass a security feature over a network. | |||
| CVE-2026-34350 | medium | 6.5 | 6.5 | 23d ago | Null pointer dereference in Windows Storport Miniport Driver allows an unauthorized attacker to deny service over a network. | |||
| CVE-2026-31244 | medium | 6.5 | 6.5 | 23d ago | The mem0 1.0.0 server lacks authentication and authorization controls for its memory deletion API endpoint (DELETE /memories/{memory_id}). The endpoint allows unauthenticated users to delete arbitrar… | |||
| CVE-2026-31243 | medium | 6.5 | 6.5 | 23d ago | The mem0 1.0.0 server lacks authentication and authorization controls for its memory reset and table re-creation functionality accessible via the DELETE /memories endpoint. An unauthenticated attacke… | |||
| CVE-2026-31241 | medium | 6.5 | 6.5 | 23d ago | mem0 server lacks authentication and authorization controls for its memory deletion API endpoint | |||
| CVE-2026-25690 | medium | 6.5 | 6.5 | 23d ago | An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDeceptor 6.0.0 through 6.0.2, FortiDeceptor 5.3.0 through 5.3.3, FortiDeceptor 5.2… | |||
| CVE-2026-40300 | medium | 6.5 | 6.5 | 23d ago | Zulip is an open-source team collaboration tool. Prior to 12.0, With message_edit_history_visibility_policy set to "moves", /api/v1/messages/{id}/history still returns historical content values, allo… | |||
| CVE-2026-42073 | medium | 6.5 | 6.5 | 23d ago | OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the OpenClaude MCP authentication flow starts a temporary local HTTP serv… | |||
| CVE-2026-8368 | medium | 6.5 | 6.5 | 23d ago | LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects. On a 3xx response, the redirect handler strips only Host and Cookie before … | |||
| CVE-2026-8109 | medium | 6.5 | 6.5 | 23d ago | An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials. | |||
| CVE-2026-40016 | medium | 6.5 | 6.5 | 23d ago | Attacker can upload a malicious Sieve script over ManageSieve service (or locally) to bypass configured CPU time limits for Sieve up to 130 times of the configured limit. Attacker can use this to deg… | |||
| CVE-2026-6402 | medium | 6.5 | 6.5 | 23d ago | webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins | |||
| CVE-2026-5028 | medium | 6.5 | 6.5 | 23d ago | The Eight Day Week Print Workflow plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'title' parameter in the `pp-get-articles` AJAX action in all versions up to, and includ… | |||
| CVE-2026-7255 | medium | 6.5 | 6.5 | 23d ago | ** UNSUPPORTED WHEN ASSIGNED ** An improper restriction of excessive authentication attempts vulnerability in the web management interface of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could a… | |||
| CVE-2026-40135 | medium | 6.5 | 6.5 | 23d ago | An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authenticated attacker with administrative access to execute specially c… | |||
| CVE-2026-7010 | medium | 6.5 | 6.5 | 23d ago | HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. The unvalidated inputs are the method and URI in the request line, the URL host t… | |||
| CVE-2026-44695 | medium | 6.5 | 6.5 | 23d ago | Outline is a service that allows for collaborative documentation. Prior to 1.7.1, the Slack integration callback for GET /auth/slack.post accepts an unsigned, session-independent OAuth state value. A… | |||
| CVE-2026-43889 | medium | 6.5 | 6.5 | 23d ago | Outline is a service that allows for collaborative documentation. Prior to 1.7.0, the shares.create API accepts both collectionId and documentId simultaneously and, when published=false, only verifie… | |||
| CVE-2026-34960 | medium | 6.5 | 6.5 | 23d ago | barebox prior to version 2026.04.0 contains an out-of-bounds read vulnerability in DHCP option parsing within the dhcp_message_type() function that fails to verify the options pointer remains within … | |||
| CVE-2026-42883 | medium | 6.5 | 6.5 | 23d ago | Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the GET /api/libraries/:id/download endpoint validates that the requesting user has access to the library specified in t… | |||
| CVE-2026-42316 | medium | 6.5 | 6.5 | 24d ago | kafka-sink-azure-kusto Kafka Connect plugin is the official Microsoft sink for Azure Data Explorer (Kusto). Prior to 5.2.3, kafka-sink-azure-kusto did not sanitize user-controlled values inside the k… | |||
| CVE-2026-42315 | medium | 6.5 | 6.5 | 24d ago | pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, when passing a folder name in the set_package_data() API function call inside the data object with key "_… | |||
| CVE-2026-42314 | medium | 6.5 | 6.5 | 24d ago | pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, package folder names are sanitized using insufficient string replacement. The pattern ....// becomes .._ … | |||
| CVE-2026-8292 | medium | 6.5 | 6.5 | 24d ago | A security vulnerability has been detected in Open5GS up to 2.7.7. The affected element is the function yuarel_parse in the library /lib/sbi/conv.c of the component NRF. Such manipulation of the argu… | |||
| CVE-2026-8291 | medium | 6.5 | 6.5 | 24d ago | A weakness has been identified in Open5GS up to 2.7.7. Impacted is the function ogs_nnrf_nfm_handle_nf_profile of the file lib/sbi/nnrf-handler.c of the component NRF. This manipulation causes denial… | |||
| CVE-2026-7820 | medium | 6.5 | 6.5 | 24d ago | pgAdmin 4: Improper restriction of excessive authentication attempts | |||
| CVE-2026-7817 | medium | 6.5 | 6.5 | 24d ago | pgAdmin 4 contains local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities | |||
| CVE-2026-44199 | medium | 6.5 | 6.5 | 24d ago | Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to form pages could delete submissions to form pages they don't hav… | |||
| CVE-2026-44197 | medium | 6.5 | 6.5 | 24d ago | Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could access revisions of the page through the revis… | |||
| CVE-2026-31246 | medium | 6.5 | 6.5 | 24d ago | GPT-Pilot contains a command injection vulnerability in the Executor.run() method | |||
| CVE-2026-8290 | medium | 6.5 | 6.5 | 24d ago | A security flaw has been discovered in Open5GS up to 2.7.7. This issue affects the function smf_nsmf_handle_update_data_in_vsmf of the file /src/smf/nsmf-handler.c of the component SMF. The manipulat… | |||
| CVE-2026-8289 | medium | 6.5 | 6.5 | 24d ago | A vulnerability was identified in Open5GS up to 2.7.7. This vulnerability affects the function smf_nsmf_handle_update_data_in_vsmf of the file /src/smf/nsmf-handler.c of the component SMF. The manipu… | |||
| CVE-2026-8288 | medium | 6.5 | 6.5 | 24d ago | A vulnerability was determined in Open5GS up to 2.7.7. This affects the function gsm_handle_pdu_session_modification_qos_flow_descriptions of the file src/smf/gsm-handler.c of the component SMF. Exec… | |||
| CVE-2026-43826 | medium | 6.5 | 6.5 | 24d ago | The OpenSearch logging provider, when configured with a `host` URL that embeds credentials (for example `https://user:password@server.example.com:9200`), wrote the full host URL — including the embed… | |||
| CVE-2026-41018 | medium | 6.5 | 6.5 | 24d ago | Apache Airflow Providers Elasticsearch: Elasticsearch task-log handlers leak credentials embedded in the host URL | |||
| CVE-2026-5084 | medium | 6.5 | 6.5 | 24d ago | WebDyne::Session versions through 2.075 for Perl generates the session id insecurely. The session handler generates the session id from an MD5 hash seeded with a call to the built-in rand() function… | |||
| CVE-2026-8270 | medium | 6.5 | 6.5 | 24d ago | A vulnerability was determined in Open5GS up to 2.7.7. The affected element is the function ogs_nas_parse_qos_rules of the component SMF. Executing a manipulation can lead to denial of service. The a… | |||
| CVE-2026-8269 | medium | 6.5 | 6.5 | 24d ago | A vulnerability was found in Open5GS up to 2.7.7. Impacted is the function smf_nsmf_handle_create_sm_context of the component SMF. Performing a manipulation results in denial of service. Remote explo… | |||
| CVE-2026-8268 | medium | 6.5 | 6.5 | 24d ago | A vulnerability has been found in Open5GS up to 2.7.7. This issue affects the function OpenAPI_list_create of the component SMF. Such manipulation leads to denial of service. The attack may be launch… | |||
| CVE-2026-8267 | medium | 6.5 | 6.5 | 24d ago | A flaw has been found in Open5GS up to 2.7.7. This vulnerability affects the function smf_nsmf_handle_created_data_in_vsmf of the component SMF. This manipulation causes denial of service. The attack… | |||
| CVE-2026-8266 | medium | 6.5 | 6.5 | 24d ago | A vulnerability was detected in Open5GS up to 2.7.7. This affects the function gsm_build_pdu_session_establishment_accept of the file /src/smf/gsm-build.c of the component SMF. The manipulation resul… | |||
| CVE-2026-8252 | medium | 6.5 | 6.5 | 24d ago | A vulnerability was determined in Open5GS up to 2.7.7. Affected is the function smf_nsmf_handle_create_data_in_hsmf of the component SMF. Executing a manipulation can lead to null pointer dereference… | |||
| CVE-2026-28878 | medium | 6.5 | 6.5 | 24d ago | visionOS 26.4 | |||
| CVE-2026-28920 | medium | 6.5 | 6.5 | 24d ago | visionOS 26.5 | |||
| CVE-2026-28972 | medium | 6.5 | 6.5 | 24d ago | visionOS 26.5 | |||
| CVE-2026-28956 | medium | 6.5 | 6.5 | 24d ago | visionOS 26.5 | |||
| CVE-2026-28918 | medium | 6.5 | 6.5 | 24d ago | visionOS 26.5 | |||
| CVE-2026-28922 | medium | 6.5 | 6.5 | 24d ago | This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to access private information. | |||
| CVE-2026-8251 | medium | 6.5 | 6.5 | 24d ago | A vulnerability was found in Open5GS up to 2.7.7. This impacts the function update_authorized_pcc_rule_and_qos of the file /src/smf/npcf-handler.c of the component SMF. Performing a manipulation resu… | |||
| CVE-2026-8250 | medium | 6.5 | 6.5 | 24d ago | A vulnerability has been found in Open5GS up to 2.7.7. This affects the function smf_n4_build_qos_flow_to_modify_list of the file /src/smf/n4-build.c of the component SMF. Such manipulation leads to … | |||
| CVE-2026-8249 | medium | 6.5 | 6.5 | 24d ago | A flaw has been found in Open5GS up to 2.7.7. The impacted element is the function update_authorized_pcc_rule_and_qos of the file /src/smf/npcf-handler.c of the component SMF. This manipulation cause… | |||
| CVE-2026-8248 | medium | 6.5 | 6.5 | 24d ago | A vulnerability was detected in Open5GS up to 2.7.7. The affected element is the function update_authorized_pcc_rule_and_qos of the file /src/smf/npcf-handler.c of the component SMF. The manipulation… | |||
| CVE-2026-45191 | medium | 6.5 | 6.5 | 24d ago | Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, which may allow IP ACL bypass. Mask forms like "/00" and "/01" pass validatio… | |||
| CVE-2026-45190 | medium | 6.5 | 6.5 | 24d ago | Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass. Inputs containing a trailing newline or non-ASCII digit chara… | |||
| CVE-2026-7259 | medium | 6.5 | 6.5 | 25d ago | In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, re… | |||
| CVE-2026-45184 | medium | 6.5 | 6.5 | 25d ago | Kdenlive before 26.04.1 allows dangerous proxy parameters when an attacker-controlled project file is used. | |||
| CVE-2026-45181 | medium | 6.5 | 6.5 | 25d ago | Hex-Rays IDA Pro 9.2 and 9.3 before 9.3sp2 does not block Clang dependency-file generation (via argument injection), which allows attackers to place their code into a plugins directory if the victim … | |||
| CVE-2026-42576 | medium | 6.5 | 6.5 | 25d ago | apko `DiscoverKeys` has a panic on non-rsa jwks key that causes crash during key discovery | |||
| CVE-2026-42183 | medium | 6.5 | 6.5 | 26d ago | Argo Affected by SSO RBAC Delegation Nil Pointer Dereference DoS (gatekeeper.go) | |||
| CVE-2026-41311 | medium | 6.5 | 6.5 | 26d ago | liquidjs has a Denial of Service via circular block reference in layout | |||
| CVE-2026-42346 | medium | 6.5 | 6.5 | 26d ago | Postiz is an AI social media scheduling tool. From version 2.16.6 to before version 2.21.7, all SSRF protections added in v2.21.4–v2.21.6 share a fundamental TOCTOU (Time-of-Check-Time-of-Use) vulner… | |||
| CVE-2026-42209 | medium | 6.5 | 6.5 | 26d ago | FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.1, a remote client with retained publish permission can crash the FlashMQ broker when both set_retained_mes… | |||
| CVE-2026-44200 | medium | 6.5 | 6.5 | 26d ago | Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to pages could copy a page they don't have access to to an area of … | |||
| CVE-2026-42181 | medium | 6.5 | 6.5 | 26d ago | Lemmy has SSRF and internal image disclosure in post link metadata via unvalidated og:image | |||
| CVE-2026-41885 | medium | 6.5 | 6.5 | 27d ago | i18next-locize-backend has URL Injection via Unsanitized Path Parameters | |||
| CVE-2026-41585 | medium | 6.5 | 6.5 | 27d ago | Zebra Vulnerable to Denial of Service via Interrupted JSON-RPC Requests from Authenticated Clients | |||
| CVE-2026-41308 | medium | 6.5 | 6.5 | 27d ago | Password Pusher is an open source application to communicate sensitive information over the web. Prior to versions 1.69.3 and 2.4.2, a security issue in OSS PasswordPusher allowed unauthenticated cre… | |||
| CVE-2026-42277 | medium | 6.5 | 6.5 | 27d ago | Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the GET /chat/file/{file_id} endpoint allows any authenticated user to download any other user's uploaded files by provi… | |||
| CVE-2026-8123 | medium | 6.5 | 6.5 | 27d ago | A vulnerability was determined in Open5GS up to 2.7.7. This impacts the function ogs_sbi_discovery_option_add_snssais in the library /lib/sbi/message.c of the component NSSF. This manipulation causes… | |||
| CVE-2026-8122 | medium | 6.5 | 6.5 | 27d ago | A vulnerability was found in Open5GS up to 2.7.7. This affects the function ogs_sbi_discovery_option_add_service_names in the library /lib/sbi/message.c of the component NSSF. The manipulation result… | |||
| CVE-2026-8121 | medium | 6.5 | 6.5 | 27d ago | A vulnerability has been found in Open5GS up to 2.7.7. The impacted element is the function ogs_sbi_parse_plmn_list in the library /lib/sbi/conv.c of the component NSSF. The manipulation leads to den… | |||
| CVE-2026-8120 | medium | 6.5 | 6.5 | 27d ago | A flaw has been found in Open5GS up to 2.7.7. The affected element is the function nssf_nnrf_nsselection_handle_get_from_amf_or_vnssf of the file /src/nssf/nnssf-handler.c of the component NSSF. Exec… | |||
| CVE-2026-8113 | medium | 6.5 | 6.5 | 27d ago | A vulnerability was determined in 8421bit MiniClaw up to 43905b934cf76489ab28e4d17da28ee97970f91f. Affected by this vulnerability is the function isPathInside of the file src/kernel.ts of the compone… | |||
| CVE-2026-6736 | medium | 6.5 | 6.5 | 27d ago | An authentication bypass vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to create a local user account, bypassing the configured external identity p… | |||
| CVE-2026-8142 | medium | 6.5 | 6.5 | 27d ago | VINCE versions 3.0.38 and earlier do not properly verify the From address authenticity due to encoding confusion and use the from address for automated actions such as Ticket creation or Ticket updat… | |||
| CVE-2026-27892 | medium | 6.5 | 6.5 | 28d ago | FacturaScripts Vulnerable to Unstripped Image Metadata (EXIF) Leakage via Library Module File Upload/Download | |||
| CVE-2026-36387 | medium | 6.5 | 6.5 | 28d ago | A Remote Code Execution vulnerability was found in CODEASTRO Membership Management System v1.0 in /add_members.php. This vulnerability affects the file upload functionality, where improper file sanit… | |||
| CVE-2026-41684 | medium | 6.5 | 6.5 | 28d ago | Incus is a system container and virtual machine manager. Prior to version 7.0.0, backup.GetInfo() trusts the inline backup/index.yaml config when present and only falls back to parsing the legacy bac… | |||
| CVE-2026-41647 | medium | 6.5 | 6.5 | 28d ago | Incus is a system container and virtual machine manager. Prior to version 7.0.0, a missing error handling could lead an authenticated Incus user to cause a daemon crash through the import of a trunca… | |||
| CVE-2026-5791 | medium | 6.5 | 6.5 | 28d ago | Cross-Site request forgery (CSRF) vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross Site Request Forgery. This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2. | |||
| CVE-2026-33589 | medium | 6.5 | 6.5 | 28d ago | Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to access local files content from the docker container via path traversal. | |||
| CVE-2026-27421 | medium | 6.5 | 6.5 | 28d ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WProyal Royal Elementor Addons allows Stored XSS. This issue affects Royal Elementor Addons: fro… | |||
| CVE-2026-8063 | medium | 6.5 | 6.5 | 28d ago | An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty pipeline on a view. When resolving a view, the server inspects the aggregation pipeline to determine whe… | |||
| CVE-2026-6214 | medium | 6.5 | 6.5 | 28d ago | The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.53.0. This is due to the listen_for_saving_export_schedule() function in library/cla… | |||
| CVE-2026-4807 | medium | 6.5 | 6.5 | 28d ago | The Appointment Booking Calendar plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.6.10.6. This is due to a flawed authorization logic in the nonce_permiss… | |||
| CVE-2026-40251 | medium | 6.5 | 6.5 | 28d ago | Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage … | |||
| CVE-2026-40197 | medium | 6.5 | 6.5 | 28d ago | Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage … | |||
| CVE-2026-40195 | medium | 6.5 | 6.5 | 28d ago | Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage bucket import logic allows an authenticated user with access to the storage … | |||
| CVE-2026-43583 | medium | 6.5 | 6.5 | 28d ago | OpenClaw: Delivery queue recovery could lose group tool-policy context for media replay | |||
| CVE-2026-43579 | medium | 6.5 | 6.5 | 28d ago | OpenClaw before 2026.4.10 contains an insufficient access control vulnerability in Nostr plugin HTTP profile routes that allows operators with write permissions to persist profile configuration witho… | |||
| CVE-2026-43577 | medium | 6.5 | 6.5 | 28d ago | OpenClaw before 2026.4.9 contains a file read vulnerability allowing attackers to bypass navigation guards through browser act/evaluate interactions. Attackers can pivot into the local CDP origin and… | |||
| CVE-2026-7982 | medium | 6.5 | 6.5 | 29d ago | Uninitialized Use in WebCodecs in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium sec… |