CVEs from 2026
Total
13,606
critical
critical 1,176
high
high 4,264
medium
medium 4,142
low
low 441
% Critical
8.6%
% with KEV
0.4%
% with exploit
0.7%
Top products
- chrome 417
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-45137 | high | 8.2 | 8.2 | 24d ago | Anchor is a framework providing several convenient developer tools for writing Solana programs. From 1.0.0 to before 1.0.2, an logic error causes anchor programs to accept any program id when requiri… | |||
| CVE-2026-43233 | high | 8.2 | 8.2 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_h323: fix OOB read in decode_choice() In decode_choice(), the boundary check before get_len() uses the va… | |||
| CVE-2026-43190 | high | 8.2 | 8.2 | 24d ago | RHSA-2026:21745: kernel-rt security update (Important) | |||
| CVE-2026-39852 | high | 8.2 | 8.2 | 25d ago | Quarkus has Authentication/Authorization bypasses | |||
| CVE-2026-35091 | high | 8.2 | 8.2 | 26d ago | A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User… | |||
| CVE-2026-40912 | high | 8.2 | 8.2 | 1mo ago | Traefik has an StripPrefixRegex Middleware Authorization Bypass via Path/RawPath Desync | |||
| CVE-2026-41670 | high | 8.2 | 8.2 | 1mo ago | Admidio Sends SAML Response to Unvalidated Assertion Consumer Service URL from AuthnRequest | |||
| CVE-2026-41669 | high | 8.2 | 8.2 | 1mo ago | Admidio Ignores SAML Signature Validation Result, Processes Forged AuthnRequests and LogoutRequests | |||
| CVE-2026-28221 | high | 8.2 | 8.2 | 1mo ago | Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.8.0 to before version 4.14.4, a stack-based buffer overflow exists in print_hex_string() i… | |||
| CVE-2026-41394 | high | 8.2 | 8.2 | 1mo ago | OpenClaw: Unauthenticated plugin-auth HTTP routes receive operator runtime scopes | |||
| CVE-2026-38651 | high | 8.2 | 8.2 | 1mo ago | Netmaker does not verify JWT signatures for host tokens | |||
| CVE-2026-5944 | high | 8.2 | 8.2 | 1mo ago | An improper access control vulnerability exists in the Cisco Intersight Device Connector for Nutanix Prism Central. The service exposes an API passthrough endpoint on TCP port 7373 that is accessible… | |||
| CVE-2026-41604 | high | 8.2 | 8.2 | 1mo ago | Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue. | |||
| CVE-2026-40022 | high | 8.2 | 8.2 | 1mo ago | Apache Camel Vulnerable to Authentication Bypass Using an Alternate Path or Channel | |||
| CVE-2026-41326 | high | 8.2 | 8.2 | 1mo ago | Kata Container has CopyFile Policy Subversion via Symlinks | |||
| CVE-2026-31631 | high | 8.2 | 8.2 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix buffer overread in rxgk_do_verify_authenticator() Fix rxgk_do_verify_authenticator() to check the buffer size before c… | |||
| CVE-2026-41309 | high | 8.2 | 8.2 | 1mo ago | Open Source Social Network (OSSN) is open-source social networking software developed in PHP. Versions prior to 9.0 are vulnerable to resource exhaustion. An attacker can upload a specially crafted i… | |||
| CVE-2026-31476 | high | 8.2 | 8.2 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: ksmbd: do not expire session on binding failure When a multichannel session binding request fails (e.g. wrong password), the erro… | |||
| CVE-2026-41145 | high | 8.2 | 8.2 | 1mo ago | MinIO has an Unauthenticated Object Write via Query-String Credential Signature Bypass in Unsigned-Trailer Uploads | |||
| CVE-2026-40344 | high | 8.2 | 8.2 | 1mo ago | MinIO has an Unauthenticated Object Write via Missing Signature Verification in Unsigned-Trailer Uploads | |||
| CVE-2026-41059 | high | 8.2 | 8.2 | 1mo ago | OAuth2 Proxy has an Authentication Bypass via Fragment Confusion in skip_auth_routes and skip_auth_regex | |||
| CVE-2026-6823 | high | 8.2 | 8.2 | 1mo ago | HKUDS OpenHarness prior to PR #147 remediation contains an insecure default configuration vulnerability where remote channels inherit allow_from = ["*"] permitting arbitrary remote senders to pass ad… | |||
| CVE-2026-4740 | high | 8.2 | 8.2 | 2mo ago | A flaw was found in Open Cluster Management (OCM), the technology underlying Red Hat Advanced Cluster Management (ACM). Improper validation of Kubernetes client certificate renewal allows a managed c… | |||
| CVE-2026-23459 | high | 8.2 | 8.2 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: ip_tunnel: adapt iptunnel_xmit_stats() to NETDEV_PCPU_STAT_DSTATS Blamed commits forgot that vxlan/geneve use udp_tunnel[6]_xmit_… | |||
| CVE-2026-23456 | high | 8.2 | 8.2 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_h323: fix OOB read in decode_int() CONS case In decode_int(), the CONS case calls get_bits(bs, 2) to read… | |||
| CVE-2026-4984 | high | 8.2 | 8.2 | 2mo ago | The Twilio integration webhook handler accepts any POST request without validating Twilio's 'X-Twilio-Signature'. When processing media messages, it fetches user-controlled URLs ('MediaUrlN' paramet… | |||
| CVE-2026-24031 | high | 8.2 | 8.2 | 2mo ago | Dovecot SQL based authentication can be bypassed when auth_username_chars is cleared by admin. This vulnerability allows bypassing authentication for any user and user enumeration. Do not clear auth_… | |||
| CVE-2026-31921 | high | 8.2 | 8.2 | 2mo ago | Missing Authorization vulnerability in Devteam HaywoodTech Product Rearrange for WooCommerce products-rearrange-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.Thi… | |||
| CVE-2026-24063 | high | 8.2 | 8.2 | 2mo ago | When a plugin is installed using the Arturia Software Center (MacOS), it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777, … | |||
| CVE-2026-28135 | high | 8.2 | 8.2 | 3mo ago | Inclusion of Functionality from Untrusted Control Sphere vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Accessing Functionality Not Properly Constrained by ACLs.This i… | |||
| CVE-2026-47740 | high | 8.1 | 8.1 | 18h ago | Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Multiple Filament actions on the admin Order detail and Order shipments table were callable by an authenticated low-privilege user withou… | |||
| CVE-2026-6075 | high | 8.1 | 8.1 | 1d ago | The Media Library Assistant plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.35 This is due to missing nonce verification on the bulk action handle… | |||
| CVE-2026-9964 | high | 8.1 | 8.1 | 2d ago | Use after free in Bluetooth in Google Chrome on Mac prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Ex… | |||
| CVE-2026-45344 | high | 8.1 | 8.1 | 2d ago | LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, the setup database configuration flow on uninitialized LinkAce instances accepts attacker-controlled database credential fie… | |||
| CVE-2026-46828 | high | 8.1 | 8.1 | 2d ago | Vulnerability in the Oracle Payroll product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability all… | |||
| CVE-2026-35277 | high | 8.1 | 8.1 | 2d ago | Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows low privileged attacker with network acc… | |||
| CVE-2026-9095 | high | 8.1 | 8.1 | 2d ago | Casdoor versions 2.362.0 and earlier map SAML assertions to user sessions without replay protection. The ParseSamlResponse() function in object/saml_sp.go calls sp.RetrieveAssertionInfo() and immedia… | |||
| CVE-2026-46232 | high | 8.1 | 8.1 | 2d ago | In the Linux kernel, the following vulnerability has been resolved: HID: playstation: Clamp num_touch_reports A device would never lie about the number of touch reports would it? If it does the lo… | |||
| CVE-2026-46138 | high | 8.1 | 8.1 | 2d ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix OOB read and infinite loop in hci_le_create_big_complete_evt hci_le_create_big_complete_evt() iterates … | |||
| CVE-2026-6455 | high | 8.1 | 8.1 | 2d ago | The WP Contact Form 7 DB Handler plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Arbitrary File Deletion via SQL Injection and PHP Object Injection in versions up to and i… | |||
| CVE-2026-46402 | high | 8.1 | 8.1 | 3d ago | Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO uses the user-controlled task_name value directly when constructing se… | |||
| CVE-2026-48064 | high | 8.1 | 8.1 | 3d ago | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, when a PAM service is configured with deny_remote=false in pam_usb (commonly done for display manage… | |||
| CVE-2026-48149 | high | 8.1 | 8.1 | 3d ago | Budibase is an open-source low-code platform. Prior to 3.39.0, the Budibase Text component renders markdown by assigning marked.parse(markdown) straight to innerHTML with no sanitizer (packages/bbui/… | |||
| CVE-2026-48152 | high | 8.1 | 8.1 | 3d ago | Budibase is an open-source low-code platform. Prior to 3.39.0, the single-datasource GET and PUT routes are guarded by generic TABLE READ, not by Builder/Admin permission or datasource-specific owner… | |||
| CVE-2026-46099 | high | 8.1 | 8.1 | 3d ago | In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix NOREF dst use in seg6 and rpl lwtunnels seg6_input_core() and rpl_input() call ip6_route_input() which sets a NORE… | |||
| CVE-2026-46010 | high | 8.1 | 8.1 | 3d ago | In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix error handling in rxgk_extract_token() Fix a missing bit of error handling in rxgk_extract_token(): in the event that … | |||
| CVE-2026-8994 | high | 8.1 | 8.1 | 3d ago | The Login with NEAR plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.3.3. The `ajaxLoginWithNear()` function — registered as a `wp_ajax_nopriv` acti… | |||
| CVE-2026-8962 | high | 8.1 | 8.1 | 4d ago | RHSA-2026:21382: firefox security update (Important) | |||
| CVE-2026-44900 | high | 8.1 | 8.1 | 4d ago | epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.1, in SignedPublicKeysTrustValidatorImpl.isTrusted(), the ECDSA signature verification at line 45… | |||
| CVE-2026-45574 | high | 8.1 | 8.1 | 4d ago | epa4all-client: TLS Certificate Validation Disabled in Production | |||
| CVE-2026-48695 | high | 8.1 | 8.1 | 4d ago | FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the MikroTik router integration plugin. The _log() function in src/mikrotik_plugin/fastnetmon_mikrotik.php… | |||
| CVE-2026-48694 | high | 8.1 | 8.1 | 4d ago | FastNetMon Community Edition through 1.2.9 contains a configuration injection vulnerability in the Juniper router integration plugin. In src/juniper_plugin/fastnetmon_juniper.php, the $IP_ATTACK vari… | |||
| CVE-2026-8855 | high | 8.1 | 8.1 | 4d ago | IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial of service in configurations with TLS mutual authentication (client authentication). | |||
| CVE-2026-48692 | high | 8.1 | 8.1 | 4d ago | FastNetMon Community Edition through 1.2.9 exposes a gRPC API server on port 50052 with no authentication mechanism. The server is initialized with grpc::InsecureServerCredentials() (src/fastnetmon.c… | |||
| CVE-2026-43935 | high | 8.1 | 8.1 | 4d ago | e107 is a content management system (CMS). Prior to 2.3.4, a Host Header Injection vulnerability in the password reset page allows attackers to manipulate the Host header to generate password reset l… | |||
| CVE-2026-48132 | high | 8.1 | 8.1 | 4d ago | The Security Gateway does not correctly validate a length value in certain IKE packets when NAT-T is used (4500/UDP). As a result, a specially crafted or malformed packet can cause the VPN processing… | |||
| CVE-2026-48131 | high | 8.1 | 8.1 | 4d ago | The VPN service may mishandle an unexpected IKE fragment value received on the IKE port 500/UDP during the early stage of a connection attempt. This can cause the service to terminate unexpectedly, r… | |||
| CVE-2026-8046 | high | 8.1 | 8.1 | 4d ago | The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including tho… | |||
| CVE-2026-8092 | high | 8.1 | 8.1 | 5d ago | RHSA-2026:20566: firefox security update (Important) | |||
| CVE-2026-48842 | high | 8.1 | 8.1 | 5d ago | Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuser_query plugin via a preg_replace() backslash escape bypass. | |||
| CVE-2026-45361 | high | 8.1 | 8.1 | 5d ago | Apache Airflow providers-google's `ComputeEngineSSHHook` disables SSH host-key verification by default, exposing SSH traffic between an Airflow worker and a Compute Engine VM to in-path network attac… | |||
| CVE-2026-25193 | high | 8.1 | 8.1 | 5d ago | Insertion of Sensitive Information into Log File (CWE-532) in some Command Centre Service installers could lead to Service Account credentials exposure. Mitigating Factor: Only sites that install Co… | |||
| CVE-2026-9397 | high | 8.1 | 8.1 | 6d ago | A weakness has been identified in Besen BS20 EV Charging Station up to 20260426. Affected by this issue is some unknown functionality of the component OTA Update Installation Handler. This manipulati… | |||
| CVE-2026-41076 | high | 8.1 | 8.1 | 8d ago | RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.9 and prior in addition to 6.0.0 through 6.0.2 contain an authentication bypass vulnerability in RT installations… | |||
| CVE-2026-41071 | high | 8.1 | 8.1 | 8d ago | libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chun… | |||
| CVE-2026-40172 | high | 8.1 | 8.1 | 8d ago | authentik is an open-source identity provider. In versions prior to 2025.12.5 and 2026.2.0-rc1 through 2026.2.2, the PATCH /api/v3/core/users/{pk}/ API allows a caller with change_user on a target us… | |||
| CVE-2026-46727 | high | 8.1 | 8.1 | 8d ago | An issue was discovered in Ruby 4 before 4.0.5. A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handler (rb_getaddrinfo in ext/socket/raddrinfo.c) allows a remot… | |||
| CVE-2026-9256 | high | 8.1 | 8.1 | 8d ago | NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Co… | |||
| CVE-2026-9277 | high | 8.1 | 8.1 | 8d ago | shell-quote's `quote()` function did not validate object-token inputs against the operator model used by `parse()`. The `.op` field was backslash-escaped character by character using `/(.)/g`, which … | |||
| CVE-2026-48242 | high | 8.1 | 8.1 | 9d ago | Open ISES Tickets before 3.44.2 contains hardcoded MySQL database connection credentials (host, username, password, database name) in import_mdb.php. The credentials are embedded in source code commi… | |||
| CVE-2026-48241 | high | 8.1 | 8.1 | 9d ago | Open ISES Tickets before 3.44.2 contains hardcoded MySQL database credentials in loader.php (a public-facing database utility) that are committed to the source repository. Any actor with access to th… | |||
| CVE-2026-45760 | high | 8.1 | 8.1 | 9d ago | (Externally Controlled Reference to a Resource in Another Sphere), (Authorization Bypass Through User-Controlled Key) vulnerability in Apache Camel K. Authorized users in a Kubernetes namespace can c… | |||
| CVE-2026-44051 | high | 8.1 | 8.1 | 9d ago | An improper link resolution vulnerability in Netatalk 3.0.2 through 4.4.2 allows a remote authenticated attacker to read arbitrary files or overwrite arbitrary files via attacker-controlled symlink c… | |||
| CVE-2026-24218 | high | 8.1 | 8.1 | 10d ago | NVIDIA DGX OS contains a vulnerability in the factory provisioning process, where the cloning of a base image causes identical SSH host keys to be deployed across multiple systems. The sharing of cr… | |||
| CVE-2026-45584 | high | 8.1 | 8.1 | 10d ago | <p>Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network.</p> | |||
| CVE-2026-47784 | high | 8.1 | 8.1 | 10d ago | In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by sasl_server_userdb_checkpass. | |||
| CVE-2026-47783 | high | 8.1 | 8.1 | 10d ago | In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by sasl_server_userdb_checkpass. | |||
| CVE-2026-43618 | high | 8.1 | 8.1 | 10d ago | Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigg… | |||
| CVE-2026-34358 | high | 8.1 | 8.1 | 11d ago | CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contains a broken access control vulnerability where multiple admin controllers enforce permission checks on … | |||
| CVE-2026-47107 | high | 8.1 | 8.1 | 11d ago | Windmill prior to 1.703.2 contains an incorrect default permissions vulnerability in nsjail sandbox configuration files where /etc is bind-mounted without read-write restrictions, allowing authentica… | |||
| CVE-2026-8711 | high | 8.1 | 8.1 | 11d ago | NGINX JavaScript has a vulnerability when the js_fetch_proxy directive is configured with at least one client-controlled NGINX variable (for example, $http_*, $arg_*, $cookie_*) and a location invoki… | |||
| CVE-2026-8969 | high | 8.1 | 8.1 | 11d ago | Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. | |||
| CVE-2026-7504 | high | 8.1 | 8.1 | 11d ago | A flaw was found in Keycloak's URL validation logic during redirect operations. By crafting a malicious request, an attacker could bypass validation to redirect users to unauthorized URLs, potentiall… | |||
| CVE-2026-24792 | high | 8.1 | 8.1 | 11d ago | in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps. | |||
| CVE-2026-8851 | high | 8.1 | 8.1 | 12d ago | SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to extract arbitrary data from the database b… | |||
| CVE-2026-45707 | high | 8.1 | 8.1 | 12d ago | n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.51.2, when ENABLE_MULTI_TENANT=true, the HTTP transport documents that th… | |||
| CVE-2026-41316 | high | 8.1 | 8.1 | 13d ago | RHSA-2026:20614: ruby:3.3 security update (Important) | |||
| CVE-2026-42945 | high | 8.1 | 8.1 | 13d ago | RHSA-2026:18041: nginx:1.24 security update (Critical) | |||
| CVE-2026-45665 | high | 8.1 | 8.1 | 15d ago | Open WebUI has Stored XSS in Banner Component via Improper Sanitization Order | |||
| CVE-2026-45301 | high | 8.1 | 8.1 | 15d ago | Open WebUI: Missing permission check in files API allows authenticated users to list, access and delete every uploaded file | |||
| CVE-2026-44565 | high | 8.1 | 8.1 | 15d ago | Open WebUI Arbitrary File Write, Delete via Path Traversal | |||
| CVE-2026-45402 | high | 8.1 | 8.1 | 15d ago | Open WebUI: Cross-User File Access via Unchecked file_id in Folder Knowledge and Knowledge-Base Attach Endpoints | |||
| CVE-2026-45675 | high | 8.1 | 8.1 | 15d ago | Open WebUI: LDAP and OAuth First-User Race Condition Allows Multiple Admin Accounts | |||
| CVE-2026-44554 | high | 8.1 | 8.1 | 15d ago | Open WebUI has Knowledge Base Destruction and RAG Poisoning via Unauthorized Collection Overwrite | |||
| CVE-2026-46407 | high | 8.1 | 8.1 | 15d ago | Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the backend admin/auth-token endpoint allows an authenticated administrator t… | |||
| CVE-2026-35194 | high | 8.1 | 8.1 | 15d ago | Apache Flink: Remote code execution via SQL injection in code generation | |||
| CVE-2026-4094 | high | 8.1 | 8.1 | 15d ago | The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the 'admin_head' function in all versions up… | |||
| CVE-2026-28761 | high | 8.1 | 8.1 | 15d ago | Cross-site request forgery vulnerability exists in Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and earlier. If a user views a malicious page while logged-in to the affected pr… | |||
| CVE-2026-8629 | high | 8.1 | 8.1 | 16d ago | Crabbox prior to v0.12.0 contains a privilege escalation vulnerability that allows users with shared visibility-only access to obtain Code, WebVNC, and Egress agent tickets by sending POST requests t… | |||
| CVE-2026-44633 | high | 8.1 | 8.1 | 16d ago | Live Helper Chat is an open-source application that enables live support websites. In 4.84v, the Live Helper Chat REST API chat update endpoint allows a REST user with lhchat/use to update a chat in … |