CVEs from 2026
Total
14,163
critical
critical 1,250
high
high 4,706
medium
medium 4,499
low
low 493
% Critical
8.8%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 522
- firepower_threat_defense_software 300
- firepower_threat_defense 298
- gcp 247
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-1812 | critical | 9.8 | 9.8 | 4mo ago | A vulnerability has been found in bolo-blog bolo-solo up to 2.6.4. This impacts the function importFromCnblogs of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component F… | |||
| CVE-2026-1740 | critical | 9.8 | 9.8 | 4mo ago | A vulnerability was found in EFM ipTIME A8004T 14.18.2. This impacts the function httpcon_check_session_url of the file /cgi/timepro.cgi of the component Hidden Hiddenloginsetup Interface. The manipu… | |||
| CVE-2026-1701 | critical | 9.8 | 9.8 | 4mo ago | A security vulnerability has been detected in itsourcecode School Management System 1.0. This issue affects some unknown processing of the file /enrollment/index.php. Such manipulation of the argumen… | |||
| CVE-2026-1688 | critical | 9.8 | 9.8 | 4mo ago | A security vulnerability has been detected in itsourcecode Directory Management System 1.0. The affected element is an unknown function of the file /admin/index.php. The manipulation of the argument … | |||
| CVE-2026-1595 | critical | 9.8 | 9.8 | 4mo ago | A vulnerability was detected in itsourcecode Society Management System 1.0. This affects an unknown part of the file /admin/edit_student_query.php. The manipulation of the argument student_id results… | |||
| CVE-2026-1594 | critical | 9.8 | 9.8 | 4mo ago | A security vulnerability has been detected in itsourcecode Society Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/add_expenses.php. The manipulation of… | |||
| CVE-2026-1593 | critical | 9.8 | 9.8 | 4mo ago | A weakness has been identified in itsourcecode Society Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/edit_expenses_query.php. Executing a manipu… | |||
| CVE-2026-1590 | critical | 9.8 | 9.8 | 4mo ago | A vulnerability was identified in itsourcecode School Management System 1.0. This impacts an unknown function of the file /ramonsys/faculty/index.php. Such manipulation of the argument ID leads to sq… | |||
| CVE-2026-1589 | critical | 9.8 | 9.8 | 4mo ago | A vulnerability was determined in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/inquiry/index.php. This manipulation of the argument txtsearch caus… | |||
| CVE-2026-1552 | critical | 9.8 | 9.8 | 4mo ago | A security vulnerability has been detected in SEMCMS 5.0. This vulnerability affects unknown code of the file /SEMCMS_Info.php. The manipulation of the argument searchml leads to sql injection. The a… | |||
| CVE-2026-1547 | critical | 9.8 | 9.8 | 4mo ago | A vulnerability was detected in Totolink A7000R 4.1cu.4154. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument plugin_name results in comma… | |||
| CVE-2026-1546 | critical | 9.8 | 9.8 | 4mo ago | A security vulnerability has been detected in jishenghua jshERP up to 3.6. The impacted element is the function getBillItemByParam of the file /jshERP-boot/depotItem/importItemExcel of the component … | |||
| CVE-2026-1545 | critical | 9.8 | 9.8 | 4mo ago | A weakness has been identified in itsourcecode School Management System 1.0. The affected element is an unknown function of the file /course/index.php. Executing a manipulation of the argument ID can… | |||
| CVE-2026-1535 | critical | 9.8 | 9.8 | 4mo ago | A security vulnerability has been detected in code-projects Online Music Site 1.0. This impacts an unknown function of the file /Administrator/PHP/AdminReply.php. Such manipulation of the argument ID… | |||
| CVE-2026-1534 | critical | 9.8 | 9.8 | 4mo ago | A weakness has been identified in code-projects Online Music Site 1.0. This affects an unknown function of the file /Administrator/PHP/AdminEditUser.php. This manipulation of the argument ID causes s… | |||
| CVE-2026-1533 | critical | 9.8 | 9.8 | 4mo ago | A security flaw has been discovered in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Administrator/PHP/AdminAddCategory.php. The manipulation results i… | |||
| CVE-2026-1443 | critical | 9.8 | 9.8 | 4mo ago | A flaw has been found in code-projects Online Music Site 1.0. Affected by this issue is some unknown functionality of the file /Administrator/PHP/AdminDeleteUser.php. This manipulation of the argumen… | |||
| CVE-2026-1423 | critical | 9.8 | 9.8 | 4mo ago | A vulnerability was determined in code-projects Online Examination System 1.0. Affected by this issue is some unknown functionality of the file /admin_pic.php. Executing a manipulation can lead to un… | |||
| CVE-2026-1422 | critical | 9.8 | 9.8 | 4mo ago | A vulnerability was found in code-projects Online Examination System 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php of the component Login Page. Performing a m… | |||
| CVE-2026-1414 | critical | 9.8 | 9.8 | 4mo ago | A vulnerability was determined in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This impacts the function getInformation of the file /equipment/get_Information of the com… | |||
| CVE-2026-1413 | critical | 9.8 | 9.8 | 4mo ago | A vulnerability was found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function portValidate of the file /fort/ip_and_port/port_validate of the compo… | |||
| CVE-2026-1412 | critical | 9.8 | 9.8 | 4mo ago | A vulnerability has been found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. The impacted element is an unknown function of the file /fort/audit/get_clip_img of the co… | |||
| CVE-2026-22586 | critical | 9.8 | 9.8 | 4mo ago | Hard-coded Cryptographic Key vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage modules) allow… | |||
| CVE-2026-1202 | critical | 9.8 | 9.8 | 5mo ago | A security flaw has been discovered in CRMEB up to 5.6.3. The affected element is the function appleLogin of the file crmeb/app/api/controller/v1/LoginController.php. Performing a manipulation of the… | |||
| CVE-2026-1179 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was detected in Yonyou KSOA 9.0. This affects an unknown part of the file /kmf/user_popedom.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument folderid … | |||
| CVE-2026-1178 | critical | 9.8 | 9.8 | 5mo ago | A security vulnerability has been detected in Yonyou KSOA 9.0. Affected by this issue is some unknown functionality of the file /kmf/select.jsp of the component HTTP GET Parameter Handler. The manipu… | |||
| CVE-2026-1177 | critical | 9.8 | 9.8 | 5mo ago | A weakness has been identified in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /kmf/save_folder.jsp of the component HTTP GET Parameter Handler. Executing a… | |||
| CVE-2026-1176 | critical | 9.8 | 9.8 | 5mo ago | A security flaw has been discovered in itsourcecode School Management System 1.0. Affected is an unknown function of the file /subject/index.php. Performing a manipulation of the argument ID results … | |||
| CVE-2026-1160 | critical | 9.8 | 9.8 | 5mo ago | A security vulnerability has been detected in PHPGurukul Directory Management System 1.0. Impacted is an unknown function of the file /index.php of the component Search. The manipulation of the argum… | |||
| CVE-2026-1159 | critical | 9.8 | 9.8 | 5mo ago | A weakness has been identified in itsourcecode Online Frozen Foods Ordering System 1.0. This issue affects some unknown processing of the file /order_online.php. Executing a manipulation of the argum… | |||
| CVE-2026-1152 | critical | 9.8 | 9.8 | 5mo ago | A security vulnerability has been detected in technical-laohu mpay up to 1.2.4. The impacted element is an unknown function of the component QR Code Image Handler. Such manipulation of the argument c… | |||
| CVE-2026-1133 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was determined in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /kmf/folder.jsp of the component HTTP GET Parameter Handler. Executing a manipulation of the… | |||
| CVE-2026-1132 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /kmf/edit_folder.jsp of the component HTTP GET Parameter Handler. Performing a manipulation of th… | |||
| CVE-2026-1131 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability has been found in Yonyou KSOA 9.0. Impacted is an unknown function of the file /kmc/save_catalog.jsp of the component HTTP GET Parameter Handler. Such manipulation of the argument cat… | |||
| CVE-2026-1130 | critical | 9.8 | 9.8 | 5mo ago | A flaw has been found in Yonyou KSOA 9.0. This issue affects some unknown processing of the file /worksheet/worksadd_plan.jsp of the component HTTP GET Parameter Handler. This manipulation of the arg… | |||
| CVE-2026-1129 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was detected in Yonyou KSOA 9.0. This vulnerability affects unknown code of the file /worksheet/worksadd.jsp of the component HTTP GET Parameter Handler. The manipulation of the argum… | |||
| CVE-2026-1125 | critical | 9.8 | 9.8 | 5mo ago | A weakness has been identified in D-Link DIR-823X 250416. Affected by this issue is the function sub_412E7C of the file /goform/set_wifidog_settings. Executing a manipulation of the argument wd_enabl… | |||
| CVE-2026-1124 | critical | 9.8 | 9.8 | 5mo ago | A security flaw has been discovered in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /worksheet/work_report.jsp of the component HTTP GET Parameter Handler. … | |||
| CVE-2026-1123 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was identified in Yonyou KSOA 9.0. Affected is an unknown function of the file /worksheet/work_mod.jsp of the component HTTP GET Parameter Handler. Such manipulation of the argument I… | |||
| CVE-2026-1122 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was determined in Yonyou KSOA 9.0. This impacts an unknown function of the file /worksheet/work_info.jsp of the component HTTP GET Parameter Handler. This manipulation of the argument… | |||
| CVE-2026-1121 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was found in Yonyou KSOA 9.0. This affects an unknown function of the file /worksheet/del_workplan.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument ID… | |||
| CVE-2026-1120 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability has been found in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /worksheet/del_work.jsp of the component HTTP GET Parameter Handler. The manipulation of the… | |||
| CVE-2026-1119 | critical | 9.8 | 9.8 | 5mo ago | A flaw has been found in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/delete_activity.php. Executing a manipulation of the argument activ… | |||
| CVE-2026-1118 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was detected in itsourcecode Society Management System 1.0. Impacted is an unknown function of the file /admin/add_activity.php. Performing a manipulation of the argument Title result… | |||
| CVE-2026-1107 | critical | 9.8 | 9.8 | 5mo ago | A weakness has been identified in EyouCMS up to 1.7.1/5.0. Impacted is the function check_userinfo of the file Diyajax.php of the component Member Avatar Handler. Executing a manipulation of the argu… | |||
| CVE-2026-1105 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was identified in EasyCMS up to 1.6. This vulnerability affects unknown code of the file /UserAction.class.php. Such manipulation of the argument _order leads to sql injection. The at… | |||
| CVE-2026-1062 | critical | 9.8 | 9.8 | 5mo ago | A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the file src/main/java/com/lhjz/portal/util/HtmlUtil.java. This manipulation of the argument url causes serv… | |||
| CVE-2026-1061 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was detected in xiweicheng TMS up to 2.28.0. Affected by this issue is the function Upload of the file src/main/java/com/lhjz/portal/controller/FileController.java. The manipulation o… | |||
| CVE-2026-1059 | critical | 9.8 | 9.8 | 5mo ago | A security vulnerability has been detected in FeMiner wms up to 9cad1f1b179a98b9547fd003c23b07c7594775fa. Affected by this vulnerability is an unknown functionality of the file /src/chkuser.php. The … | |||
| CVE-2026-0852 | critical | 9.8 | 9.8 | 5mo ago | A security flaw has been discovered in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Administrator/PHP/AdminUpdateUser.php. The manipulation of the arg… | |||
| CVE-2026-0851 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was identified in code-projects Online Music Site 1.0. The affected element is an unknown function of the file /Administrator/PHP/AdminAddUser.php. The manipulation of the argument tx… | |||
| CVE-2026-0821 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was determined in quickjs-ng quickjs up to 0.11.0. This vulnerability affects the function js_typed_array_constructor of the file quickjs.c. Executing a manipulation can lead to heap-… | |||
| CVE-2026-0732 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was found in D-Link DI-8200G 17.12.20A1. This affects an unknown function of the file /upgrade_filter.asp. The manipulation of the argument path results in command injection. The atta… | |||
| CVE-2026-0700 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was determined in code-projects Intern Membership Management System 1.0. Affected is an unknown function of the file /intern/admin/check_admin.php. Executing a manipulation of the arg… | |||
| CVE-2026-22189 | critical | 9.8 | 9.8 | 5mo ago | The egg-mkfont utility in Panda3D versions up to and including 1.10.16 contains a stack-based buffer overflow vulnerability due to use of an unbounded sprintf() call with attacker-controlled input. W… | |||
| CVE-2026-0643 | critical | 9.8 | 9.8 | 5mo ago | A flaw has been found in projectworlds House Rental and Property Listing 1.0. Impacted is an unknown function of the file /app/register.php?action=reg of the component Signup. This manipulation of th… | |||
| CVE-2026-0607 | critical | 9.8 | 9.8 | 5mo ago | A flaw has been found in code-projects Online Music Site 1.0. This affects an unknown part of the file /Administrator/PHP/AdminViewSongs.php. Executing a manipulation of the argument ID can lead to s… | |||
| CVE-2026-0606 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was detected in code-projects Online Music Site 1.0. Affected by this issue is some unknown functionality of the file /FrontEnd/Albums.php. Performing a manipulation of the argument I… | |||
| CVE-2026-0605 | critical | 9.8 | 9.8 | 5mo ago | A security vulnerability has been detected in code-projects Online Music Site 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. Such manipulation of the argument… | |||
| CVE-2026-0597 | critical | 9.8 | 9.8 | 5mo ago | A flaw has been found in Campcodes Supplier Management System 1.0. Affected by this issue is some unknown functionality of the file /retailer/edit_profile.php. This manipulation of the argument txtRe… | |||
| CVE-2026-0592 | critical | 9.8 | 9.8 | 5mo ago | A security flaw has been discovered in code-projects Online Product Reservation System 1.0. This affects an unknown function of the file /handgunner-administrator/register_code.php of the component U… | |||
| CVE-2026-0591 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was identified in code-projects Online Product Reservation System 1.0. The impacted element is an unknown function of the file /app/checkout/update.php of the component Cart Update Ha… | |||
| CVE-2026-0590 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was determined in code-projects Online Product Reservation System 1.0. The affected element is an unknown function of the file /app/checkout/delete.php of the component POST Parameter… | |||
| CVE-2026-0585 | critical | 9.8 | 9.8 | 5mo ago | A security vulnerability has been detected in code-projects Online Product Reservation System 1.0. Impacted is an unknown function of the file /order_view.php of the component GET Parameter Handler. … | |||
| CVE-2026-0584 | critical | 9.8 | 9.8 | 5mo ago | A weakness has been identified in code-projects Online Product Reservation System 1.0. This issue affects some unknown processing of the file app/products/left_cart.php. This manipulation of the argu… | |||
| CVE-2026-0583 | critical | 9.8 | 9.8 | 5mo ago | A security flaw has been discovered in code-projects Online Product Reservation System 1.0. This vulnerability affects unknown code of the file app/user/login.php of the component User Login. The man… | |||
| CVE-2026-0582 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was identified in itsourcecode Society Management System 1.0. This affects an unknown part of the file /admin/edit_activity_query.php. The manipulation of the argument Title leads to … | |||
| CVE-2026-0581 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was determined in Tenda AC1206 15.03.06.23. Affected by this issue is the function formBehaviorManager of the file /goform/BehaviorManager of the component httpd. Executing a manipula… | |||
| CVE-2026-0579 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was found in code-projects Online Product Reservation System 1.0. This affects an unknown part of the file /handgunner-administrator/edit.php of the component POST Parameter Handler. … | |||
| CVE-2026-0578 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability has been found in code-projects Online Product Reservation System 1.0. Affected by this issue is some unknown functionality of the file /handgunner-administrator/delete.php. The manip… | |||
| CVE-2026-0577 | critical | 9.8 | 9.8 | 5mo ago | A flaw has been found in code-projects Online Product Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file /handgunner-administrator/prod.php. Executing a ma… | |||
| CVE-2026-0576 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was detected in code-projects Online Product Reservation System 1.0. Affected is an unknown function of the file /handgunner-administrator/prod.php of the component Parameter Handler.… | |||
| CVE-2026-0575 | critical | 9.8 | 9.8 | 5mo ago | A security vulnerability has been detected in code-projects Online Product Reservation System 1.0. This impacts an unknown function of the file /handgunner-administrator/adminlogin.php of the compone… | |||
| CVE-2026-0570 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was found in code-projects Online Music Site 1.0. This impacts an unknown function of the file /Frontend/Feedback.php. Performing a manipulation of the argument fname results in sql i… | |||
| CVE-2026-0569 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability has been found in code-projects Online Music Site 1.0. This affects an unknown function of the file /Frontend/AlbumByCategory.php. Such manipulation of the argument ID leads to sql in… | |||
| CVE-2026-0568 | critical | 9.8 | 9.8 | 5mo ago | A flaw has been found in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Frontend/ViewSongs.php. This manipulation of the argument ID causes sql injectio… | |||
| CVE-2026-0567 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was detected in code-projects Content Management System 1.0. The affected element is an unknown function of the file /pages.php. The manipulation of the argument ID results in sql inj… | |||
| CVE-2026-0566 | critical | 9.8 | 9.8 | 5mo ago | A security vulnerability has been detected in code-projects Content Management System 1.0. Impacted is an unknown function of the file /admin/edit_posts.php. The manipulation of the argument image le… | |||
| CVE-2026-0565 | critical | 9.8 | 9.8 | 5mo ago | A weakness has been identified in code-projects Content Management System 1.0. This issue affects some unknown processing of the file /admin/delete.php. Executing a manipulation of the argument del c… | |||
| CVE-2026-0546 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was determined in code-projects Content Management System 1.0. This impacts an unknown function of the file search.php. This manipulation of the argument Value causes sql injection. T… | |||
| CVE-2026-0544 | critical | 9.8 | 9.8 | 5mo ago | A security flaw has been discovered in itsourcecode School Management System 1.0. This affects an unknown part of the file /student/index.php. The manipulation of the argument ID results in sql injec… | |||
| CVE-2026-8037 | critical | 9.6 | 9.6 | 1h ago | OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting un… | |||
| CVE-2026-10840 | critical | 9.6 | 9.6 | 3h ago | A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources… | |||
| CVE-2026-32625 | critical | 9.6 | 9.6 | 2d ago | LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, the Model Context Protocol (MCP) server integration resolves ${VAR} placeholders aga… | |||
| CVE-2026-48866 | critical | 9.6 | 9.6 | 3d ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Rocketgenius Inc. Gravity Forms allows Path Traversal. This issue affects Gravity Forms: from n/a thro… | |||
| CVE-2026-45628 | critical | 9.6 | 9.6 | 6d ago | Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29.2 and earlier, Dokploy constructs shell commands using JavaScript template literals and executes them via child_process.exec() (… | |||
| CVE-2026-9967 | critical | 9.6 | 9.6 | 7d ago | Out of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-9918 | critical | 9.6 | 9.6 | 7d ago | Inappropriate implementation in Tint in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: H… | |||
| CVE-2026-9886 | critical | 9.6 | 9.6 | 7d ago | Use after free in Base in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-9876 | critical | 9.6 | 9.6 | 7d ago | Use after free in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Cri… | |||
| CVE-2026-9875 | critical | 9.6 | 9.6 | 7d ago | Out of bounds read in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity:… | |||
| CVE-2026-9874 | critical | 9.6 | 9.6 | 7d ago | Use after free in Dawn in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-9872 | critical | 9.6 | 9.6 | 7d ago | Out of bounds write in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: … | |||
| CVE-2026-45323 | critical | 9.6 | 9.6 | 7d ago | MeshCore Card provides MeshCore Lovelace card for Home Assistant. Prior to 0.3.3, Meshcore node names are rendered without HTML escaping in meshcore-card, allowing any node within direct or indirect … | |||
| CVE-2026-8953 | critical | 9.6 | 9.6 | 9d ago | Important: thunderbird security update | |||
| CVE-2026-8959 | critical | 9.6 | 9.6 | 9d ago | Important: thunderbird security update | |||
| CVE-2026-44985 | critical | 9.6 | 9.6 | 9d ago | Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, he WebSocket upgrader for the /exec and /attach endpoints uses CheckOrigin: func(r *http.Request) bool { return true }, accepti… | |||
| CVE-2026-39821 | critical | 9.6 | 9.6 | 13d ago | Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna | |||
| CVE-2026-8670 | critical | 9.6 | 9.6 | 13d ago | Insufficient session expiration vulnerability in syslink software AG Avantra on Linux, Windows allows Reusing Session IDs (aka Session Replay). This issue affects Avantra: before 25.3.1. | |||
| CVE-2026-2587 | critical | 9.6 | 9.6 | 16d ago | A critical Remote Code Execution (RCE) vulnerability was identified in the server-side template rendering mechanism used by the Glassfish gadget handler. The application processes .xml files and eval… |