CVEs from 2026
Total
14,726
critical
critical 1,327
high
high 4,986
medium
medium 4,775
low
low 502
% Critical
9.0%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 723
- firepower_threat_defense_software 310
- gcp 299
- firepower_threat_defense 298
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-8775 | high | 8.8 | 8.8 | 19d ago | A flaw has been found in Edimax BR-6428NS 1.10. This affects the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. This manipulation of the argument L2TP… | |||
| CVE-2026-8719 | high | 8.8 | 8.8 | 20d ago | The AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin for WordPress is vulnerable to Privilege Escalation in version 3.4.9. This is due to missing WordPress capability enforcement in t… | |||
| CVE-2026-45578 | high | 8.8 | 8.8 | 21d ago | WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a classic shell-metacharacter injection. The YPTSocket notification branch in plugin/Live/on_publish.php builds an execAsyn… | |||
| CVE-2026-45035 | high | 8.8 | 8.8 | 21d ago | Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, Tabby registers itself as the handler for the tabby:// URL scheme on all platforms. The URL scheme handler supp… | |||
| CVE-2026-6228 | high | 8.8 | 8.8 | 22d ago | The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 3.28.36. This is due to insufficient authorization checks in the role field… | |||
| CVE-2026-43490 | high | 8.8 | 8.8 | 22d ago | In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate inherited ACE SID length smb_inherit_dacl() walks the parent directory DACL loaded from the security descriptor x… | |||
| CVE-2026-45672 | high | 8.8 | 8.8 | 22d ago | Open WebUI: Jupyter code execution works despite `ENABLE_CODE_EXECUTION=false` — feature gate bypassed | |||
| CVE-2026-8587 | high | 8.8 | 8.8 | 22d ago | Use after free in Extensions in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome E… | |||
| CVE-2026-8581 | high | 8.8 | 8.8 | 22d ago | Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-8577 | high | 8.8 | 8.8 | 22d ago | Integer overflow in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-8558 | high | 8.8 | 8.8 | 22d ago | Out of bounds write in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-8555 | high | 8.8 | 8.8 | 22d ago | Use after free in GTK in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-8551 | high | 8.8 | 8.8 | 22d ago | Use after free in Downloads in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page… | |||
| CVE-2026-8549 | high | 8.8 | 8.8 | 22d ago | Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-8544 | high | 8.8 | 8.8 | 22d ago | Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-8540 | high | 8.8 | 8.8 | 22d ago | Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-8532 | high | 8.8 | 8.8 | 22d ago | Integer overflow in XML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-8531 | high | 8.8 | 8.8 | 22d ago | Heap buffer overflow in WebML in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity… | |||
| CVE-2026-8529 | high | 8.8 | 8.8 | 22d ago | Heap buffer overflow in Codecs in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted video file. (Chromium security severity: Hig… | |||
| CVE-2026-8527 | high | 8.8 | 8.8 | 22d ago | Insufficient validation of untrusted input in Downloads in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severi… | |||
| CVE-2026-8526 | high | 8.8 | 8.8 | 22d ago | Out of bounds write in WebRTC in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-8524 | high | 8.8 | 8.8 | 22d ago | Out of bounds write in WebAudio in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Hig… | |||
| CVE-2026-8522 | high | 8.8 | 8.8 | 22d ago | Use after free in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-8519 | high | 8.8 | 8.8 | 22d ago | Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: … | |||
| CVE-2026-8518 | high | 8.8 | 8.8 | 22d ago | Use after free in Blink in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-8517 | high | 8.8 | 8.8 | 22d ago | Object lifecycle issue in WebShare in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a cra… | |||
| CVE-2026-8509 | high | 8.8 | 8.8 | 22d ago | Heap buffer overflow in WebML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Criti… | |||
| CVE-2026-43909 | high | 8.8 | 8.8 | 22d ago | OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in t… | |||
| CVE-2026-43908 | high | 8.8 | 8.8 | 22d ago | OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in t… | |||
| CVE-2026-8621 | high | 8.8 | 8.8 | 22d ago | Crabbox: authentication bypass vulnerability that allows impersonation of others by spoofing identity headers | |||
| CVE-2026-44827 | high | 8.8 | 8.8 | 22d ago | Diffusers has a `trust_remote_code` bypass via `custom_pipeline` and local custom components | |||
| CVE-2026-44513 | high | 8.8 | 8.8 | 22d ago | Diffusers has a `trust_remote_code` bypass via `custom_pipeline` and local custom components | |||
| CVE-2026-44849 | high | 8.8 | 8.8 | 22d ago | Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before … | |||
| CVE-2026-44848 | high | 8.8 | 8.8 | 22d ago | Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before … | |||
| CVE-2026-6638 | high | 8.8 | 8.8 | 23d ago | SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute arbitrary SQL with the subscription's publication-side credenti… | |||
| CVE-2026-6637 | high | 8.8 | 8.8 | 23d ago | Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if… | |||
| CVE-2026-6477 | high | 8.8 | 8.8 | 23d ago | Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions allows the server superuser to overwrite a cli… | |||
| CVE-2026-6475 | high | 8.8 | 8.8 | 23d ago | Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system accou… | |||
| CVE-2026-6473 | high | 8.8 | 8.8 | 23d ago | Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code… | |||
| CVE-2026-6506 | high | 8.8 | 8.8 | 23d ago | The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.1.2. This is due to the infusedwoo_gdpr_upddata() function missing authorization … | |||
| CVE-2026-45229 | high | 8.8 | 8.8 | 23d ago | Quark Drive before 0.8.5 contains a mass assignment vulnerability in the POST /update endpoint that allows authenticated attackers to overwrite administrator credentials by posting an arbitrary webui… | |||
| CVE-2026-6281 | high | 8.8 | 8.8 | 23d ago | A potential vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user on the local network to execute arbitrary commands on the device. | |||
| CVE-2026-44293 | high | 8.8 | 8.8 | 23d ago | protobuf.js: Code injection through bytes field defaults in generated toObject code | |||
| CVE-2026-41957 | high | 8.8 | 8.8 | 23d ago | An authenticated remote code execution vulnerability through undisclosed vectors exists in the BIG-IP and BIG-IQ Configuration utility. Note: Software versions which have reached End of Technical S… | |||
| CVE-2026-3425 | high | 8.8 | 8.8 | 24d ago | The RTMKit Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.2 via the 'path' parameter of the 'get_content' AJAX action. This … | |||
| CVE-2026-8201 | high | 8.8 | 8.8 | 24d ago | A use-after-free vulnerability exists in MongoDB's Field-Level Encryption (FLE) query analysis component, affecting client-side uses of mongocryptd and crypt_shared. Triggering this vulnerability req… | |||
| CVE-2026-8053 | high | 8.8 | 8.8 | 24d ago | An issue in MongoDB Server's time-series collection implementation allows an authenticated user with database write privileges to trigger an out-of-bounds memory write in the mongod process. The issu… | |||
| CVE-2026-28847 | high | 8.8 | 8.8 | 24d ago | visionOS 26.5 | |||
| CVE-2026-28947 | high | 8.8 | 8.8 | 24d ago | visionOS 26.5 | |||
| CVE-2026-28955 | high | 8.8 | 8.8 | 24d ago | visionOS 26.5 | |||
| CVE-2026-42289 | high | 8.8 | 8.8 | 24d ago | ChurchCRM is an open-source church management system. Prior to 7.3.2, UserEditor.php processes user account creation and permission updates entirely through $_POST parameters with no CSRF token valid… | |||
| CVE-2026-45227 | high | 8.8 | 8.8 | 24d ago | Heym before 0.0.21 contains a sandbox escape vulnerability in the custom Python tool executor that allows authenticated workflow authors to bypass sandbox restrictions by using object-graph introspec… | |||
| CVE-2026-44871 | high | 8.8 | 8.8 | 24d ago | Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabiliti… | |||
| CVE-2026-44224 | high | 8.8 | 8.8 | 24d ago | Wiki.js is an open source wiki app built on Node.js. Prior to 2.5.313, the users.update GraphQL mutation accepts an arbitrary groups array and applies it directly to the database with no validation o… | |||
| CVE-2026-7474 | high | 8.8 | 8.8 | 24d ago | HashiCorp Nomad vulnerable to a path traversal | |||
| CVE-2026-44870 | high | 8.8 | 8.8 | 24d ago | Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabiliti… | |||
| CVE-2026-44869 | high | 8.8 | 8.8 | 24d ago | Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remo… | |||
| CVE-2026-44868 | high | 8.8 | 8.8 | 24d ago | Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remo… | |||
| CVE-2026-44867 | high | 8.8 | 8.8 | 24d ago | Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remo… | |||
| CVE-2026-44866 | high | 8.8 | 8.8 | 24d ago | Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remo… | |||
| CVE-2026-8429 | high | 8.8 | 8.8 | 24d ago | SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the private space that allows attackers to execute arbitrary code in the context of the web server. Attackers can exploi… | |||
| CVE-2026-23819 | high | 8.8 | 8.8 | 24d ago | A vulnerability in the web-based management interface of Access Points running AOS-10 and AOS-8 Instant could allow an unauthenticated remote attacker to execute arbitrary JavaScript code in a victim… | |||
| CVE-2026-31222 | high | 8.8 | 8.8 | 24d ago | Snorkel Trainer.load uses an unsafe torch.load | |||
| CVE-2026-31225 | high | 8.8 | 8.8 | 24d ago | Superduper: Remote code execution via unsafe eval in superduper query parsing | |||
| CVE-2026-43892 | high | 8.8 | 8.8 | 24d ago | AntSword is a cross-platform website management toolkit. Prior to 2.1.16, incomplete noxss() sanitization leads to 1-click RCE via jquery.terminal format code injection. This vulnerability is fixed i… | |||
| CVE-2026-41613 | high | 8.8 | 8.8 | 24d ago | Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network. | |||
| CVE-2026-41109 | high | 8.8 | 8.8 | 24d ago | Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature ove… | |||
| CVE-2026-41094 | high | 8.8 | 8.8 | 24d ago | Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network. | |||
| CVE-2026-41086 | high | 8.8 | 8.8 | 24d ago | Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network. | |||
| CVE-2026-40420 | high | 8.8 | 8.8 | 24d ago | Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-40403 | high | 8.8 | 8.8 | 24d ago | Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally. | |||
| CVE-2026-40370 | high | 8.8 | 8.8 | 24d ago | External control of file name or path in SQL Server allows an authorized attacker to execute code over a network. | |||
| CVE-2026-40365 | high | 8.8 | 8.8 | 24d ago | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||
| CVE-2026-40357 | high | 8.8 | 8.8 | 24d ago | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||
| CVE-2026-35439 | high | 8.8 | 8.8 | 24d ago | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||
| CVE-2026-35436 | high | 8.8 | 8.8 | 24d ago | Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-34329 | high | 8.8 | 8.8 | 24d ago | Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network. | |||
| CVE-2026-33112 | high | 8.8 | 8.8 | 24d ago | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||
| CVE-2026-33110 | high | 8.8 | 8.8 | 24d ago | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||
| CVE-2026-31232 | high | 8.8 | 8.8 | 24d ago | The CosyVoice project thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its model loading process. When loading model f… | |||
| CVE-2026-25088 | high | 8.8 | 8.8 | 24d ago | An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiNDR 7.6.0 through 7.6.2, FortiNDR 7.4.0 through 7.4.9, FortiNDR 7.2 all versions… | |||
| CVE-2026-31224 | high | 8.8 | 8.8 | 24d ago | Snorkel MultitaskClassifier.load uses an unsafe torch.load | |||
| CVE-2026-31223 | high | 8.8 | 8.8 | 24d ago | Snorkel BaseLabeler.load uses an unsafe pickle.load | |||
| CVE-2026-31219 | high | 8.8 | 8.8 | 24d ago | The _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f (2024-07-21) is vulnerable to insecure deserialization (CW… | |||
| CVE-2026-31218 | high | 8.8 | 8.8 | 24d ago | The _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f (2024-07-21) is vulnerable to insecure deserialization (CW… | |||
| CVE-2026-30810 | high | 8.8 | 8.8 | 24d ago | Server-Side Request Forgery vulnerability allows Privilege Escalation via API Checker extension. This issue affects Pandora FMS: from 777 through 800 | |||
| CVE-2026-30807 | high | 8.8 | 8.8 | 24d ago | Cross-Site Request Forgery vulnerability allows an attacker to perform unauthorized actions via crafted web page. This issue affects Pandora FMS: from 777 through 800 | |||
| CVE-2026-8111 | high | 8.8 | 8.8 | 25d ago | SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution. | |||
| CVE-2026-43937 | high | 8.8 | 8.8 | 25d ago | YAFNET: Pre-Handler Authorization Bypass on Admin Pages Enables Blind SQL Execution via `/Admin/RunSql` | |||
| CVE-2026-8389 | high | 8.8 | 8.8 | 25d ago | JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3. | |||
| CVE-2026-2465 | high | 8.8 | 8.8 | 25d ago | Incorrect Authorization vulnerability in E-Kalite Software Hardware Engineering Design and Internet Services Industry and Trade Ltd. Co. Turboard FOR-S allows Privilege Escalation. This issue affect… | |||
| CVE-2026-6001 | high | 8.8 | 8.8 | 25d ago | Authorization bypass through User-Controlled key vulnerability in ABIS Technology Ltd. Co. BAPSİS allows Exploitation of Trusted Identifiers. This issue affects BAPSİS: before v.202604152042. | |||
| CVE-2026-1185 | high | 8.8 | 8.8 | 25d ago | A configuration file on the local file system had improper input validation which could allow code execution and potentially lead to privilege escalation. This vulnerability can only be exploited if … | |||
| CVE-2026-7256 | high | 8.8 | 8.8 | 25d ago | ** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the LAN to execute operat… | |||
| CVE-2026-8346 | high | 8.8 | 8.8 | 25d ago | A vulnerability was detected in D-Link DIR-816 1.10CNB05_R1B011D88210. This affects the function portForward. Performing a manipulation of the argument ip_address results in command injection. The at… | |||
| CVE-2026-42559 | high | 8.8 | 8.8 | 25d ago | rmcp Streamable HTTP server transport has a DNS rebinding vulnerability | |||
| CVE-2026-8345 | high | 8.8 | 8.8 | 25d ago | A security vulnerability has been detected in D-Link DIR-816 1.10CNB05_R1B011D88210. Affected by this issue is the function sub_445E7C of the file /goform/singlePortForward. Such manipulation of the … | |||
| CVE-2026-8344 | high | 8.8 | 8.8 | 25d ago | A weakness has been identified in D-Link DIR-816 1.10CNB05_R1B011D88210. Affected by this vulnerability is the function sub_445E7C of the file /goform/formDMZ.cgi. This manipulation causes command in… | |||
| CVE-2026-41489 | high | 8.8 | 8.8 | 25d ago | Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to before Core 6.4.2 and FTL 6.6.1, two shell scripts executed as root by s… | |||
| CVE-2026-36734 | high | 8.8 | 8.8 | 25d ago | EDIMAX BR-6428nS V3 1.15 is vulnerable to Command Injection. An authenticated attacker with access to the network can submit crafted input to the WLAN configuration functionality. Due to insufficient… |