CVEs from 2026

14,172 normalized CVEs published or assigned in this year.

Total

14,172

critical

critical 1,106

high

high 3,898

medium

medium 3,930

low

low 413

% Critical

7.8%

% with KEV

0.4%

% with exploit

0.4%

Top vendors

cisco 657
google 519
adobe 332
microsoft 300
openclaw 167
apache 120
mozilla 107
tanstack 84

Top products

firepower_threat_defense 298
chrome 298
firepower_threat_defense_software 295
gcp 221
openclaw 166
commerce 104
commerce_b2b 89
magento 74

Top packages

npm/openclaw 407
npm/parse-server 141
Packagist/wwbn/avideo 129
NPM/openclaw 129
npm/n8n 120
Go/github.com/mattermost/mattermost-server 103
Packagist/symfony/symfony 94
NuGet/Magick.NET-Q16-HDRI-AnyCPU 86

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Published	Description	Impact
CVE-2026-34926	medium	6.7	8.2	7d ago	Trend Micro Apex One (on-premise) contains a directory traversal vulnerability that could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to depl…
CVE-2026-42897	medium	6.1	7.6	13d ago	Microsoft Exchange Server contains a cross-site scripting vulnerability during web page generation in Outlook Web Access and when certain interaction conditions are met, arbitrary JavaScript can be e…
CVE-2026-32202	medium	4.3	5.8	1mo ago	Microsoft Windows Shell contains a protection mechanism failure vulnerability that allows an unauthorized attacker to perform spoofing over a network.