CVEs from 2026
Total
13,396
critical
critical 1,126
high
high 3,969
medium
medium 4,021
low
low 420
% Critical
8.4%
% with KEV
0.4%
% with exploit
0.4%
Top products
- chrome 299
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 221
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-41478 | critical | 9.9 | 9.9 | 1mo ago | Saltcorn: SQL Injection via Unparameterized Sync Endpoints (maxLoadedId) | |
| CVE-2026-21515 | critical | 9.9 | 9.9 | 1mo ago | Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network. | |
| CVE-2026-32621 | critical | 9.9 | 9.9 | 2mo ago | Apollo Federation vulnerable to prototype pollution via incomplete key sanitization | |
| CVE-2026-21708 | critical | 9.9 | 9.9 | 3mo ago | A vulnerability allowing a Backup Viewer to perform remote code execution (RCE) as the postgres user. | |
| CVE-2026-21669 | critical | 9.9 | 9.9 | 3mo ago | A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server. | |
| CVE-2026-46817 | critical | 9.8 | 9.8 | 47 min ago | Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allo… | |
| CVE-2026-34311 | critical | 9.8 | 9.8 | 47 min ago | Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Opera). Supported versions that are affected are 5.6.19.24, 5.6.22, 5.6.25.19… | |
| CVE-2026-45039 | critical | 9.8 | 9.8 | 2h ago | RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the internode RPC layer authenticates every request with an HMAC-SHA256 signature using a shared secret. The functi… | |
| CVE-2026-38707 | critical | 9.8 | 9.8 | 4h ago | A command injection vulnerability exists in the IPSec VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier ve… | |
| CVE-2026-38704 | critical | 9.8 | 9.8 | 4h ago | A command injection vulnerability exists in the WireGuard VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlie… | |
| CVE-2026-38703 | critical | 9.8 | 9.8 | 4h ago | A command injection vulnerability exists in the ZeroTier VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier… | |
| CVE-2026-38702 | critical | 9.8 | 9.8 | 4h ago | A command injection vulnerability exists in the Admin Access feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier… | |
| CVE-2026-24444 | critical | 9.8 | 9.8 | 4h ago | SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9_B9 contain a hardcoded password vulnerability in the web management interface recovery endpoints (mgmt.php, npcmd.php) that a… | |
| CVE-2026-8364 | critical | 9.8 | 9.8 | 1d ago | Gladinet Triofox Cloud Server Agent Access Service (GladServerAgentService.exe) listens on TCP port 7878 and processes remote HTTP messages with URL paths starting with /resources, /status, /sysinfo,… | |
| CVE-2026-8363 | critical | 9.8 | 9.8 | 1d ago | A stack-based buffer overflow condition exists in WOSDeviceDropFolder.dll when processing a long URL path starting with /resources: | |
| CVE-2026-8362 | critical | 9.8 | 9.8 | 1d ago | A stack-based buffer overflow condition exists in WOSDefaultHttpModule.dll when processing a long URL path starting with /woshome | |
| CVE-2026-44887 | critical | 9.8 | 9.8 | 1d ago | Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's web-based configuration editor allows arbitrary Python code to be injected into pialert.conf. S… | |
| CVE-2026-44888 | critical | 9.8 | 9.8 | 1d ago | Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's SaveConfigFile() endpoint writes user-supplied numeric config values (e.g., SMTP_PORT) directly… | |
| CVE-2026-8175 | critical | 9.8 | 9.8 | 1d ago | IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affecte… | |
| CVE-2026-7524 | critical | 9.8 | 9.8 | 1d ago | IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction. | |
| CVE-2026-42758 | critical | 9.8 | 9.8 | 1d ago | Incorrect Privilege Assignment vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through < 4.08.253. | |
| CVE-2026-42731 | critical | 9.8 | 9.8 | 1d ago | Incorrect Privilege Assignment vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Privilege Escalation.This issue affects miniorange otp verification: from n/a… | |
| CVE-2026-8760 | critical | 9.8 | 9.8 | 2d ago | The Login with OTP plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.6. This is due to an incomplete fix for CVE-2024-11178: the rate-limit/lockout c… | |
| CVE-2026-8956 | critical | 9.8 | 9.8 | 2d ago | RHSA-2026:21378: firefox security update (Important) | |
| CVE-2026-8401 | critical | 9.8 | 9.8 | 2d ago | RHSA-2026:21378: firefox security update (Important) | |
| CVE-2026-9642 | critical | 9.8 | 9.8 | 2d ago | There is a mitigation bypass / (incomplete fix) for CVE-2025-62582 (Unauthenticated Remote Database Access) An unauthenticated remote attacker can access configured databases in a DIAView project. | |
| CVE-2026-3660 | critical | 9.8 | 9.8 | 2d ago | IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an unauthenticated remote attacker to update server property files that would allow them to gain unauthorized access to the ap… | |
| CVE-2026-7251 | critical | 9.8 | 9.8 | 2d ago | Eppendorf BioFlo 320 is vulnerable to due to VNC server using a hard-coded password. If a remote attacker knows the network address of any BioFlo 320 model with remote access enabled, they can gain f… | |
| CVE-2026-44668 | critical | 9.8 | 9.8 | 2d ago | FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, AccessControlInterceptor, the authentication gate for all Struts2 actions, unconditionally calls invocation.invo… | |
| CVE-2026-9170 | critical | 9.8 | 9.8 | 2d ago | IBM HTTP Server 8.5, and 9.0 | |
| CVE-2026-8633 | critical | 9.8 | 9.8 | 2d ago | IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to remote code executi… | |
| CVE-2026-48902 | critical | 9.8 | 9.8 | 2d ago | The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set. | |
| CVE-2026-48691 | critical | 9.8 | 9.8 | 2d ago | FastNetMon Community Edition through 1.2.9 contains an integer overflow in the BGP AS_PATH attribute encoder. In src/bgp_protocol.hpp, the IPv4UnicastAnnounce::get_attributes() function computes attr… | |
| CVE-2026-35222 | critical | 9.8 | 9.8 | 2d ago | Improperly validated order clauses lead to a SQL injection vulnerability in com_tags. | |
| CVE-2026-24212 | critical | 9.8 | 9.8 | 2d ago | NVIDIA Isaac Launchable for Linux contains a vulnerability where sensitive information is transmitted in clear text. A successful exploit of this vulnerability might lead to code execution, escalatio… | |
| CVE-2026-35221 | critical | 9.8 | 9.8 | 2d ago | Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_finder. | |
| CVE-2026-40383 | critical | 9.8 | 9.8 | 2d ago | An improper validation of user-supplied input leads to a local file inclusion vulnerability. | |
| CVE-2026-48899 | critical | 9.8 | 9.8 | 2d ago | An improper access check allows privilege escalation through the com_users batch task. | |
| CVE-2026-35223 | critical | 9.8 | 9.8 | 2d ago | An improper access check allows unauthorized access to com_config webservice endpoints. | |
| CVE-2026-48904 | critical | 9.8 | 9.8 | 2d ago | An improper access check allows privelege escalation through the com_users group editing webservice endpoint. | |
| CVE-2026-48898 | critical | 9.8 | 9.8 | 2d ago | An improper access check allows privilege escalation through the com_users batch task. | |
| CVE-2026-48686 | critical | 9.8 | 9.8 | 2d ago | FastNetMon Community Edition through 1.2.9 contains a stack-based buffer overflow in the BGP NLRI (Network Layer Reachability Information) decoder. The function decode_bgp_subnet_encoding_ipv4_raw() … | |
| CVE-2026-45247 | critical | 9.8 | 9.8 | 2d ago | Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying … | |
| CVE-2026-9543 | critical | 9.8 | 9.8 | 2d ago | A vulnerability has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipul… | |
| CVE-2026-48689 | critical | 9.8 | 9.8 | 3d ago | FastNetMon Community Edition through 1.2.9 contains an off-by-one heap-based buffer overflow in the dynamic_binary_buffer_t class (src/dynamic_binary_buffer.hpp). Five methods (append_dynamic_buffer,… | |
| CVE-2026-48687 | critical | 9.8 | 9.8 | 3d ago | FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the Juniper router integration plugin. The _log() function in src/juniper_plugin/fastnetmon_juniper.php (l… | |
| CVE-2026-8094 | critical | 9.8 | 9.8 | 3d ago | Important: firefox security update | |
| CVE-2026-8376 | critical | 9.8 | 9.8 | 3d ago | Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_study.c checked the size of th… | |
| CVE-2026-9477 | critical | 9.8 | 9.8 | 3d ago | A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setAccessDeviceCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interf… | |
| CVE-2026-9478 | critical | 9.8 | 9.8 | 3d ago | A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setParentalRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing… | |
| CVE-2026-9476 | critical | 9.8 | 9.8 | 3d ago | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interfa… | |
| CVE-2026-9475 | critical | 9.8 | 9.8 | 3d ago | A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipu… | |
| CVE-2026-9458 | critical | 9.8 | 9.8 | 3d ago | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such… | |
| CVE-2026-9457 | critical | 9.8 | 9.8 | 3d ago | A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component Web Management Interf… | |
| CVE-2026-9456 | critical | 9.8 | 9.8 | 3d ago | A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setOpenVpnCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation … | |
| CVE-2026-9455 | critical | 9.8 | 9.8 | 3d ago | A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. T… | |
| CVE-2026-9454 | critical | 9.8 | 9.8 | 3d ago | A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setOpenVpnCertGenerationCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Int… | |
| CVE-2026-9436 | critical | 9.8 | 9.8 | 4d ago | A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setL2tpServerCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Execut… | |
| CVE-2026-9435 | critical | 9.8 | 9.8 | 4d ago | A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setQosCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Perfor… | |
| CVE-2026-9434 | critical | 9.8 | 9.8 | 4d ago | A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setWiFiWpsCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. … | |
| CVE-2026-9433 | critical | 9.8 | 9.8 | 4d ago | A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setMacFilterRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. T… | |
| CVE-2026-9432 | critical | 9.8 | 9.8 | 4d ago | A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setWiFiAdvancedCfg of the file /cgi-bin/cstecgi.cgi of the component Web Managemen… | |
| CVE-2026-9408 | critical | 9.8 | 9.8 | 4d ago | A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. Affected by this issue is the function setStaticDhcpRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interf… | |
| CVE-2026-9407 | critical | 9.8 | 9.8 | 4d ago | A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. Affected by this vulnerability is the function setFirewallType of the file /cgi-bin/cstecgi.cgi of the component We… | |
| CVE-2026-9406 | critical | 9.8 | 9.8 | 4d ago | A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setRemoteCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a m… | |
| CVE-2026-9405 | critical | 9.8 | 9.8 | 4d ago | A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setGameSpeedCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Perf… | |
| CVE-2026-9404 | critical | 9.8 | 9.8 | 4d ago | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulat… | |
| CVE-2026-9388 | critical | 9.8 | 9.8 | 4d ago | A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface.… | |
| CVE-2026-9387 | critical | 9.8 | 9.8 | 4d ago | A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component Web Management Interfa… | |
| CVE-2026-9386 | critical | 9.8 | 9.8 | 4d ago | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipu… | |
| CVE-2026-9385 | critical | 9.8 | 9.8 | 4d ago | A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Th… | |
| CVE-2026-9384 | critical | 9.8 | 9.8 | 4d ago | A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. … | |
| CVE-2026-40412 | critical | 9.8 | 9.8 | 6d ago | Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network. | |
| CVE-2026-33843 | critical | 9.8 | 9.8 | 6d ago | Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to elevate privileges over a network. | |
| CVE-2026-47280 | critical | 9.8 | 9.8 | 6d ago | Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate privileges over a network. | |
| CVE-2026-23652 | critical | 9.8 | 9.8 | 6d ago | Improper neutralization of special elements used in a command ('command injection') in Microsoft Power Pages allows an unauthorized attacker to execute code over a network. | |
| CVE-2026-32253 | critical | 9.8 | 9.8 | 6d ago | Sunshine is a self-hosted game stream host for Moonlight. In versions prior to 2026.516.143833, the client-certificate authentication can be bypassed because of how OpenSSL verification results are h… | |
| CVE-2026-44930 | critical | 9.8 | 9.8 | 6d ago | An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certificates from the repository. Users are recommende… | |
| CVE-2026-6960 | critical | 9.8 | 9.8 | 7d ago | The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bookingpress_validate_submitted_booking_form_func' function in all versio… | |
| CVE-2026-48207 | critical | 9.8 | 9.8 | 7d ago | Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resol… | |
| CVE-2026-5118 | critical | 9.8 | 9.8 | 7d ago | The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.2. This is due to the plugin accepting a user-controlled 'role' parameter from P… | |
| CVE-2026-6279 | critical | 9.8 | 9.8 | 8d ago | The Avada Builder (fusion-builder) plugin for WordPress is vulnerable to Unauthenticated Remote Code Execution via PHP Function Injection in versions up to and including 3.15.2. This is due to the `w… | |
| CVE-2026-8631 | critical | 9.8 | 9.8 | 8d ago | A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution v… | |
| CVE-2026-9141 | critical | 9.8 | 9.8 | 8d ago | Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass vulnerability in the embedded web configuration interface that allows unauthenticated attackers to access intern… | |
| CVE-2026-9139 | critical | 9.8 | 9.8 | 8d ago | Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration interface where authentication is implemented entirely in client-… | |
| CVE-2026-3593 | critical | 9.8 | 9.8 | 8d ago | A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BI… | |
| CVE-2026-33278 | critical | 9.8 | 9.8 | 8d ago | NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying … | |
| CVE-2026-7637 | critical | 9.8 | 9.8 | 9d ago | The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.0.3 via deserialization of untrusted input in the STYXKEY-BOOST_USER_LOCATION cookie. This mak… | |
| CVE-2026-24214 | critical | 9.8 | 9.8 | 9d ago | NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to code execution,… | |
| CVE-2026-24213 | critical | 9.8 | 9.8 | 9d ago | NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker could cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code executio… | |
| CVE-2026-24207 | critical | 9.8 | 9.8 | 9d ago | NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of this vulnerability might lead to code execution, escalation of … | |
| CVE-2026-24206 | critical | 9.8 | 9.8 | 9d ago | NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of this vulnerability might lead to escalation of privileges, deni… | |
| CVE-2026-24163 | critical | 9.8 | 9.8 | 9d ago | NVIDIA TRT-LLM for any platform contains a vulnerability in RPC testing, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code execut… | |
| CVE-2026-24142 | critical | 9.8 | 9.8 | 9d ago | NVIDIA TRT-LLM for any platform contains a deserialization vulnerability and unsafe serialized handle. A successful exploit of this vulnerability might lead to code execution, data tampering, and i… | |
| CVE-2026-7284 | critical | 9.8 | 9.8 | 9d ago | The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to privilege escalation via user registration in all versions up to, and including, 1.4.4. This is due … | |
| CVE-2026-6555 | critical | 9.8 | 9.8 | 9d ago | The ProSolution WP Client plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 2.0.0. This is due to an array validation mismatch where only the first file in… | |
| CVE-2026-31607 | critical | 9.8 | 9.8 | 9d ago | In the Linux kernel, the following vulnerability has been resolved: usbip: validate number_of_packets in usbip_pack_ret_submit() When a USB/IP client receives a RET_SUBMIT response, usbip_pack_ret_… | |
| CVE-2026-8495 | critical | 9.8 | 9.8 | 9d ago | This module enables you to export entity date fields as iCal feeds. The module doesn't sufficiently check entity or field access or sanitize user inputs when generating iCal feeds. This vulnerabili… | |
| CVE-2026-33642 | critical | 9.8 | 9.8 | 9d ago | Kitty is a cross-platform GPU based terminal. In versions 0.46.2 and below, the handle_compose_command() function in kitty/graphics.c performs bounds validation on composition offsets using unsigned … | |
| CVE-2026-8605 | critical | 9.8 | 9.8 | 9d ago | In ScadaBR version 1.2.0, a Use of Hard-Coded Credentials vulnerability could allow an attacker to access the SCADA system as admin. |