CVEs from 2026
Total
14,172
critical
critical 1,106
high
high 3,898
medium
medium 3,930
low
low 413
% Critical
7.8%
% with KEV
0.4%
% with exploit
0.4%
Top products
- firepower_threat_defense 298
- chrome 298
- firepower_threat_defense_software 295
- gcp 221
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-41091 | high | 7.8 | 9.3 | 8d ago | Microsoft Defender contains a link following vulnerability that allows an authorized attacker to elevate privileges locally. | |
| CVE-2026-31431 | high | 7.8 | 9.3 | 24d ago | Important: kernel-rt security update | |
| CVE-2026-45498 | high | 7.5 | 9.0 | 8d ago | Microsoft Defender contains an unspecified vulnerability that allows for denial of service. | |
| CVE-2026-6973 | high | 7.2 | 8.7 | 21d ago | Ivanti Endpoint Manager Mobile (EPMM) contains an improper input validation vulnerability that allows a remotely authenticated user with administrative access to achieve remote code execution. | |
| CVE-2026-34926 | medium | 6.7 | 8.2 | 7d ago | Trend Micro Apex One (on-premise) contains a directory traversal vulnerability that could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to depl… | |
| CVE-2026-42897 | medium | 6.1 | 7.6 | 13d ago | Microsoft Exchange Server contains a cross-site scripting vulnerability during web page generation in Outlook Web Access and when certain interaction conditions are met, arbitrary JavaScript can be e… | |
| CVE-2026-32202 | medium | 4.3 | 5.8 | 1mo ago | Microsoft Windows Shell contains a protection mechanism failure vulnerability that allows an unauthorized attacker to perform spoofing over a network. |