CVEs from 2026
Total
14,122
critical
critical 1,246
high
high 4,695
medium
medium 4,473
low
low 488
% Critical
8.8%
% with KEV
0.4%
% with exploit
0.8%
Top vendors
Top products
- chrome 522
- firepower_threat_defense_software 300
- firepower_threat_defense 298
- gcp 247
- openclaw 172
- commerce 104
- netweaver_application_server_abap 102
- commerce_b2b 89
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-7312 | critical | 10.0 | 10.0 | 2d ago | CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 14.0.7700 to 14.4.8152, and 15.0.8200 to 15.0.8234, and 15.1.8300 to 15.1.8335, 15.2.8400 to 15.2.844… | |||
| CVE-2026-40965 | critical | 10.0 | 10.0 | 2d ago | Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure. The server contains a vulnerability where EC (Elliptic Curve) private keys are inadvertently exposed thr… | |||
| CVE-2026-45132 | critical | 10.0 | 10.0 | 3d ago | CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow (generate-schema.yaml) exposes sensitive credentials (Personal Access Token and… | |||
| CVE-2026-45131 | critical | 10.0 | 10.0 | 3d ago | CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow (pull-request.yaml) executes attacker-controlled code from fork pull requests i… | |||
| CVE-2026-45631 | critical | 10.0 | 10.0 | 6d ago | Dokploy is a free, self-hostable Platform as a Service (PaaS). From 0.27.0 to before 0.29.3, a hardcoded BETTER_AUTH_SECRET fallback ("better-auth-secret-123456789") lets an unauthenticated attacker … | |||
| CVE-2026-44962 | critical | 10.0 | 10.0 | 6d ago | Plesk contains an XPath injection vulnerability in the APS Application Catalog search functionality, where user-supplied input is interpolated into XPath queries without proper sanitization. This all… | |||
| CVE-2026-46840 | critical | 10.0 | 10.0 | 6d ago | Vulnerability in Oracle REST Data Services (component: Backend-as-a-Service). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker… | |||
| CVE-2026-45087 | critical | 10.0 | 10.0 | 8d ago | Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is started in REST API server mode (dalfox server), the server binds to 0.0.0.0:6664 by de… | |||
| CVE-2026-48027 | critical | 9.8 | 10.0 | 8d ago | Nx Console contains an embedded malicious code vulnerability that allowed a malicious version of Nx Console to be published. The compromised extension fetched an obfuscated payload that could harvest… | |||
| CVE-2026-44327 | critical | 10.0 | 10.0 | 8d ago | free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-oam route group without inbound OAuth2/bearer-token authorization. A network attacker wh… | |||
| CVE-2026-44329 | critical | 10.0 | 10.0 | 8d ago | free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without OAuth2/bearer-token authorization middleware. A network at… | |||
| CVE-2026-44330 | critical | 10.0 | 10.0 | 8d ago | free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-pfdmanagement route group without inbound OAuth2/bearer-token authorization. A network a… | |||
| CVE-2026-45247 | critical | 9.8 | 10.0 | 9d ago | Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying … | |||
| CVE-2026-41104 | critical | 10.0 | 10.0 | 12d ago | Deserialization of untrusted data in Microsoft Planetary Computer Pro allows an unauthorized attacker to disclose information over a network. | |||
| CVE-2026-40412 | critical | 10.0 | 10.0 | 12d ago | Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network. | |||
| CVE-2026-42901 | critical | 10.0 | 10.0 | 12d ago | Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network. | |||
| CVE-2026-47280 | critical | 10.0 | 10.0 | 12d ago | Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate privileges over a network. | |||
| CVE-2026-23652 | critical | 10.0 | 10.0 | 12d ago | Improper neutralization of special elements used in a command ('command injection') in Microsoft Power Pages allows an unauthorized attacker to execute code over a network. | |||
| CVE-2026-33712 | critical | 10.0 | 10.0 | 13d ago | Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the preview chat endpoint (POST /api/v1/typebots/{typebotId}/preview/startChat) allows unauthenticated users to achieve Server-Side Re… | |||
| CVE-2026-46595 | critical | 10.0 | 10.0 | 13d ago | Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would… | |||
| CVE-2026-34910 | critical | 10.0 | 10.0 | 13d ago | A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection. | |||
| CVE-2026-34909 | critical | 10.0 | 10.0 | 13d ago | A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an und… | |||
| CVE-2026-34908 | critical | 10.0 | 10.0 | 13d ago | A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system. | |||
| CVE-2026-48172 | critical | 9.8 | 10.0 | 14d ago | LiteSpeed cPanel Plugin contains privilege escalation vulnerability that is exposed via the user-end cPanel plugin, which can be abused by any cPanel user account to execute arbitrary scripts with ro… | |||
| CVE-2026-9082 | critical | 9.8 | 10.0 | 14d ago | Drupal Core contains a SQL injection vulnerability that could allow for privilege escalation and remote code execution via specially crafted requests sent with the database abstraction API. | |||
| CVE-2026-45444 | critical | 10.0 | 10.0 | 14d ago | Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files. This issue affects Gift Cards For WooCommerce Pro: from n/a th… | |||
| CVE-2026-20223 | critical | 10.0 | 10.0 | 15d ago | A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the S… | |||
| CVE-2026-42960 | critical | 10.0 | 10.0 | 15d ago | NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section. Promiscuous RRSets that complement DNS replies in the authority sec… | |||
| CVE-2026-34234 | critical | 10.0 | 10.0 | 15d ago | CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the web-based installer (public/installer/index.php) is vulnerable to unauthenticated Remote Code Executi… | |||
| CVE-2026-43633 | critical | 10.0 | 10.0 | 16d ago | HestiaCP versions 1.9.0 through 1.9.4 contain a deserialization vulnerability in the web terminal component caused by a session format mismatch between PHP and Node.js that allows unauthenticated rem… | |||
| CVE-2026-42822 | critical | 10.0 | 10.0 | 16d ago | Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate privileges over a network. | |||
| CVE-2026-41553 | critical | 10.0 | 10.0 | 20d ago | PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Remote Code Execution due to lack of "data" parameter sanitization. An unauthenticated attacker can inject the malicio… | |||
| CVE-2026-8398 | critical | 9.8 | 10.0 | 20d ago | Daemon Tools contains an unspecified vulnerability that has a high impact on confidentiality, integrity, and availability. | |||
| CVE-2026-44523 | critical | 10.0 | 10.0 | 20d ago | Note Mark has a JWT Secret Weakness that allows Full Account Takeover via Token Forgery | |||
| CVE-2026-20182 | critical | 10.0 | 10.0 | 21d ago | Cisco Catalyst SD-WAN Controller & Manager contain an authentication bypass vulnerability that allows an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges… | |||
| CVE-2026-0257 | critical | 9.1 | 10.0 | 21d ago | Palo Alto Networks PAN-OS contains an authentication bypass vulnerability that allows attackers to bypass security restrictions and establish an unauthorized VPN connection. | |||
| CVE-2026-44006 | critical | 10.0 | 10.0 | 22d ago | vm2 has a Sandbox Escape Vulnerability | |||
| CVE-2026-44005 | critical | 10.0 | 10.0 | 22d ago | vm2: Mutable Proxies for Host Intrinsic Prototypes Allows Sandbox Escape | |||
| CVE-2026-43997 | critical | 10.0 | 10.0 | 22d ago | vm2 Access to Host Object Enables Sandbox Escape | |||
| CVE-2026-42288 | critical | 10.0 | 10.0 | 22d ago | ChurchCRM is an open-source church management system. Prior to 7.3.2, The fix for CVE-2026-39337 is incomplete. The pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard … | |||
| CVE-2026-45321 | critical | 9.6 | 10.0 | 23d ago | TanStack contains an unspecified vulnerability that allowed malicious versions of the product to be published to the npm registry to publish credential-stealing malware under a trusted identity. | |||
| CVE-2026-42869 | critical | 10.0 | 10.0 | 23d ago | SOCFortress CoPilot focuses on providing a single pane of glass for all your security operations needs. Prior to 0.1.57, SOCFortress CoPilot ships a hardcoded JWT signing secret as a fallback value i… | |||
| CVE-2026-43898 | critical | 10.0 | 10.0 | 23d ago | SandboxJS is a JavaScript sandboxing library. Prior to 0.9.6, sandbox-defined functions expose Function.caller, allowing sandboxed code to recover the internal LispType.Call runtime callback. That ca… | |||
| CVE-2026-44643 | critical | 10.0 | 10.0 | 24d ago | Angular Expressions - Remote Code Execution using filters | |||
| CVE-2026-41070 | critical | 10.0 | 10.0 | 27d ago | openvpn-auth-oauth2 returns FUNC_SUCCESS on client-deny, allowing unauthenticated VPN access | |||
| CVE-2026-42208 | critical | 9.8 | 10.0 | 27d ago | BerriAI LiteLLM contains a SQL injection vulnerability that allows an attacker to read data from the proxy's database and potentially modify it, leading to unauthorized access to the proxy and the cr… | |||
| CVE-2026-41900 | critical | 10.0 | 10.0 | 27d ago | OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to version 2.0.3, a remote code execution (RCE) vulnerability was identified in the OpenLearnX code execution envir… | |||
| CVE-2026-42826 | critical | 10.0 | 10.0 | 27d ago | Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose information over a network. | |||
| CVE-2026-33587 | critical | 10.0 | 10.0 | 28d ago | Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and subsequently OS commands) on the docker container via Server-Side Template Injection (S… | |||
| CVE-2026-44262 | critical | 9.4 | 10.0 | 28d ago | Scramble vulnerable to remote code execution via evaluation of user-controlled input in validation rules | |||
| CVE-2026-0300 | critical | 9.8 | 10.0 | 28d ago | Palo Alto Networks PAN-OS contains an out-of-bounds write vulnerability in the User-ID Authentication Portal (aka Captive Portal) service that can allow an unauthenticated attacker to execute arbitra… | |||
| CVE-2026-42607 | critical | 9.1 | 10.0 | 29d ago | Grav Vulnerable to Remote Code Execution (RCE) via Malicious Plugin ZIP Upload in Direct Install Feature | |||
| CVE-2026-7411 | critical | 10.0 | 10.0 | 1mo ago | Eclipse BaSyx Java Server SDK vulnerable to Path Traversal | |||
| CVE-2026-36356 | critical | 9.1 | 10.0 | 1mo ago | The GoAhead web server on MeiG Smart FORGE_SLT711 devices (firmware MDM9607.LE.1.0-00110-STD.PROD-1) allows unauthenticated OS command injection via the /action/SetRemoteAccessCfg endpoint. | |||
| CVE-2026-26332 | critical | 10.0 | 10.0 | 1mo ago | VM2 Has a Sandbox Escape Issue via SuppressedError | |||
| CVE-2026-42369 | critical | 10.0 | 10.0 | 1mo ago | GV-VMS V20 is a Video Monitoring Software used to gather the feeds of many surveillance cameras and manage other security devices. It is a native application accessed locally, but it is also possible… | |||
| CVE-2026-37541 | critical | 10.0 | 10.0 | 1mo ago | Buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) 3.3.005. In canformat_gvret.cpp, the length field in GVRET binary data is not properly validated, allowing remote attackers t… | |||
| CVE-2026-7567 | critical | 9.8 | 10.0 | 1mo ago | The Temporary Login plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.0.0. This is due to improper input validation in the maybe_login_temporary_user() fun… | |||
| CVE-2026-39858 | critical | 10.0 | 10.0 | 1mo ago | Traefik: Pre-authentication decision bypass due to forwarded alias spoofing | |||
| CVE-2026-35051 | critical | 10.0 | 10.0 | 1mo ago | Traefik's ForwardAuth trustForwardHeader=false allows spoofed X-Forwarded-Prefix to bypass authentication | |||
| CVE-2026-36767 | critical | 10.0 | 10.0 | 1mo ago | Shopizer has a path traversal issue | |||
| CVE-2026-41940 | critical | 9.8 | 10.0 | 1mo ago | WebPros cPanel & WHM (WebHost Manager) and WP2 (WordPress Squared) contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized a… | |||
| CVE-2026-33453 | critical | 10.0 | 10.0 | 1mo ago | Apache camel-coap allows header injection that can lead to remote code execution | |||
| CVE-2026-42043 | critical | 10.0 | 10.0 | 1mo ago | Axios: Incomplete Fix for CVE-2025-62718 — NO_PROXY Protection Bypassed via RFC 1122 Loopback Subnet (127.0.0.0/8) in Axios 1.15.0 | |||
| CVE-2026-35431 | critical | 10.0 | 10.0 | 1mo ago | Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2026-33819 | critical | 10.0 | 10.0 | 1mo ago | Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network. | |||
| CVE-2026-41211 | critical | 10.0 | 10.0 | 1mo ago | Path traversal in vite-plus/binding downloadPackageManager() writes outside VP_HOME | |||
| CVE-2026-41196 | critical | 10.0 | 10.0 | 1mo ago | Luanti (formerly Minetest) is an open source voxel game-creation platform. Starting in version 5.0.0 and prior to version 5.15.2, a malicious mod can trivially escape the sandboxed Lua environment to… | |||
| CVE-2026-39907 | critical | 10.0 | 10.0 | 2mo ago | Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose an unauthenticated WCF SOAP endpoint on TCP port 1208 that accepts unsanitized file paths in the ReadLicense action's L… | |||
| CVE-2026-39906 | critical | 10.0 | 10.0 | 2mo ago | Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose a deprecated .NET Remoting TCP channel that allows remote unauthenticated attackers to leak NTLMv2 machine-account hash… | |||
| CVE-2026-4631 | critical | — | 10.0 | 2mo ago | Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit… | |||
| CVE-2026-34444 | critical | 10.0 | 10.0 | 2mo ago | Lupa has a Sandbox escape and RCE due to incomplete attribute_filter enforcement in getattr / setattr | |||
| CVE-2026-32186 | critical | 10.0 | 10.0 | 2mo ago | Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to elevate privileges over a network. | |||
| CVE-2026-33105 | critical | 10.0 | 10.0 | 2mo ago | Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network. | |||
| CVE-2026-33107 | critical | 10.0 | 10.0 | 2mo ago | Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate privileges over a network. | |||
| CVE-2026-32213 | critical | 10.0 | 10.0 | 2mo ago | Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network. | |||
| CVE-2026-4963 | critical | 10.0 | 10.0 | 2mo ago | Hugging Face Smolagents has an Injection issue | |||
| CVE-2026-33017 | critical | 9.8 | 10.0 | 3mo ago | Langflow contains a code injection vulnerability that could allow building public flows without requiring authentication. | |||
| CVE-2026-22557 | critical | 10.0 | 10.0 | 3mo ago | A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to … | |||
| CVE-2026-32746 | critical | 9.8 | 10.0 | 3mo ago | telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full. | |||
| CVE-2026-28517 | critical | 9.8 | 10.0 | 3mo ago | openDCIM version 23.04, through commit 4467e9c4, contains an OS command injection vulnerability in report_network_map.php. The application retrieves the 'dot' configuration parameter from the databas… | |||
| CVE-2026-24858 | critical | 9.8 | 10.0 | 4mo ago | Fortinet FortiAnalyzer, FortiManager, FortiOS, and FortiProxy contain an authentication bypass using an alternate path or channel that could allow an attacker with a FortiCloud account and a register… | |||
| CVE-2026-41283 | critical | 9.9 | 9.9 | 2h ago | OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials. | |||
| CVE-2026-45372 | critical | 9.9 | 9.9 | 5d ago | cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, when cpp-httplib's server parses an incoming request, it applies percent-decoding to every header va… | |||
| CVE-2026-47744 | critical | 9.9 | 9.9 | 5d ago | Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, two distinct authorization defects in the team settings allowed any authenticated panel user to take over the RBAC system. Settings/Team/… | |||
| CVE-2026-45661 | critical | 9.9 | 9.9 | 6d ago | Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.5 and earlier, a critical path traversal vulnerability exists in Dokploy v0.26.5 that allows authenticated users to write arbitr… | |||
| CVE-2026-45633 | critical | 9.9 | 9.9 | 6d ago | Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.6 and earlier, Dokploy contains a command injection vulnerability in the /docker-container-logs WebSocket endpoint. The tail and… | |||
| CVE-2026-45632 | critical | 9.9 | 9.9 | 6d ago | Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.7 and earlier, the schedule router does not enforce organization/role checks. As a result, any authenticated user can create, up… | |||
| CVE-2026-45629 | critical | 9.9 | 9.9 | 6d ago | Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.28.8 and earlier, authenticated OS command injection in the /listen-deployment WebSocket endpoint allows any organization member to… | |||
| CVE-2026-45663 | critical | 9.9 | 9.9 | 6d ago | Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29.1 and earlier, a command injection vulnerability exists in the Docker file upload functionality. When an authenticated user uplo… | |||
| CVE-2026-45312 | critical | 9.9 | 9.9 | 6d ago | RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In 0.24.0 and earlier, a Jinja2 template injection in the prompt generator (rag/prompts/generator.py) allows any authenticated u… | |||
| CVE-2026-9559 | critical | 9.9 | 9.9 | 6d ago | A path traversal vulnerability exists in the campaign import feature of Mautic 7. When extracting uploaded ZIP files during campaign imports, a flaw in the validation logic allows file paths to escap… | |||
| CVE-2026-9558 | critical | 9.9 | 9.9 | 6d ago | A Server-Side Template Injection (SSTI) vulnerability exists in Mautic's theme engine. The platform renders uploaded Twig templates without a sandbox or strict function restrictions. Authenticated us… | |||
| CVE-2026-9645 | critical | 9.9 | 9.9 | 6d ago | Exposed methods allow authenticated users to create and execute arbitrary JavaScript code on the server. The scripts execute with full access, enabling complete system compromise as commands are exec… | |||
| CVE-2026-46839 | critical | 9.9 | 9.9 | 6d ago | Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows low privileged attacker with network acc… | |||
| CVE-2026-46824 | critical | 9.9 | 9.9 | 6d ago | Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Site Level Administration). Supported versions that are affected are 12.2.3-12.2.15. Eas… | |||
| CVE-2026-46822 | critical | 9.9 | 9.9 | 6d ago | Vulnerability in the Oracle iAssets product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability all… | |||
| CVE-2026-46775 | critical | 9.9 | 9.9 | 6d ago | Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows low privileged attacker with network acc… | |||
| CVE-2026-45102 | critical | 9.9 | 9.9 | 7d ago | OneUptime is an open-source monitoring and observability platform. Prior to 10.0.98, OneUptime uses the Node.js' vm module as an isolation primitive. This API was not designed for that and can be esc… | |||
| CVE-2026-46425 | critical | 9.9 | 9.9 | 8d ago | Budibase is an open-source low-code platform. Prior to 3.38.2, packages/worker/src/api/routes/global/scim.ts attaches only two middlewares to the SCIM router: requireSCIM (checks the Enterprise featu… |