CVEs from 2026

13,839 normalized CVEs published or assigned in this year.

Total

13,839

critical

critical 1,106

high

high 3,908

medium

medium 3,956

low

low 413

% Critical

8.0%

% with KEV

0.4%

% with exploit

0.4%

Top vendors

cisco 657
google 519
adobe 332
microsoft 300
openclaw 167
apache 120
mozilla 107
tanstack 84

Top products

firepower_threat_defense 298
chrome 298
firepower_threat_defense_software 295
gcp 221
openclaw 166
commerce 104
commerce_b2b 89
magento 74

Top packages

npm/openclaw 407
npm/parse-server 141
Packagist/wwbn/avideo 129
NPM/openclaw 129
npm/n8n 120
Go/github.com/mattermost/mattermost-server 103
Packagist/symfony/symfony 94
NuGet/Magick.NET-Q16-HDRI-AnyCPU 86

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Published	Description	Impact
CVE-2026-41091	high	7.8	9.3	8d ago	Microsoft Defender contains a link following vulnerability that allows an authorized attacker to elevate privileges locally.
CVE-2026-31431	high	7.8	9.3	24d ago	Important: kernel-rt security update	+3
CVE-2026-45498	high	7.5	9.0	8d ago	Microsoft Defender contains an unspecified vulnerability that allows for denial of service.
CVE-2026-6973	high	7.2	8.7	21d ago	Ivanti Endpoint Manager Mobile (EPMM) contains an improper input validation vulnerability that allows a remotely authenticated user with administrative access to achieve remote code execution.