CVEs from 2026
Total
13,610
critical
critical 1,176
high
high 4,272
medium
medium 4,144
low
low 441
% Critical
8.6%
% with KEV
0.4%
% with exploit
0.7%
Top products
- chrome 417
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-45675 | high | 8.1 | 8.1 | 15d ago | Open WebUI: LDAP and OAuth First-User Race Condition Allows Multiple Admin Accounts | |||
| CVE-2026-44554 | high | 8.1 | 8.1 | 15d ago | Open WebUI has Knowledge Base Destruction and RAG Poisoning via Unauthorized Collection Overwrite | |||
| CVE-2026-46407 | high | 8.1 | 8.1 | 15d ago | Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the backend admin/auth-token endpoint allows an authenticated administrator t… | |||
| CVE-2026-35194 | high | 8.1 | 8.1 | 15d ago | Apache Flink: Remote code execution via SQL injection in code generation | |||
| CVE-2026-4094 | high | 8.1 | 8.1 | 15d ago | The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the 'admin_head' function in all versions up… | |||
| CVE-2026-28761 | high | 8.1 | 8.1 | 16d ago | Cross-site request forgery vulnerability exists in Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and earlier. If a user views a malicious page while logged-in to the affected pr… | |||
| CVE-2026-8629 | high | 8.1 | 8.1 | 16d ago | Crabbox prior to v0.12.0 contains a privilege escalation vulnerability that allows users with shared visibility-only access to obtain Code, WebVNC, and Egress agent tickets by sending POST requests t… | |||
| CVE-2026-44633 | high | 8.1 | 8.1 | 16d ago | Live Helper Chat is an open-source application that enables live support websites. In 4.84v, the Live Helper Chat REST API chat update endpoint allows a REST user with lhchat/use to update a chat in … | |||
| CVE-2026-44973 | high | 8.1 | 8.1 | 16d ago | Billy is an interface filesystem abstraction for Go. Prior to 5.9.0, multiple path traversal issues exist across different components of go-billy. Insufficient path sanitization and boundary enforcem… | |||
| CVE-2026-44882 | high | 8.1 | 8.1 | 16d ago | Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before … | |||
| CVE-2026-4030 | high | 8.1 | 8.1 | 16d ago | The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized arbitrary file read and deletion in all versions up to, and including, 2.5.2. This is due to the plugin not proper… | |||
| CVE-2026-3892 | high | 8.1 | 8.1 | 16d ago | The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.4.107. This is due to insufficient file … | |||
| CVE-2026-1322 | high | 8.1 | 8.1 | 17d ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.0 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with a read… | |||
| CVE-2026-29206 | high | 8.1 | 8.1 | 17d ago | Insufficient sanitization of SQL queries in the `sqloptimizer` utility script allows SQL Injections on behalf of the root user if Slow Query logging is enabled. | |||
| CVE-2026-42463 | high | 8.1 | 8.1 | 17d ago | SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. Prior to 1.8.0, SQLBot contains a Cross-Workspace IDOR (Insecure Direct Object Reference) and Authorization Bypass … | |||
| CVE-2026-45055 | high | 8.1 | 8.1 | 17d ago | CubeCart is an ecommerce software solution. Prior to 6.7.2, CubeCart 6.6.x – 6.7.1 builds CC_STORE_URL directly from the Host request header at bootstrap, with no allowlist. The constant is embedded … | |||
| CVE-2026-42602 | high | 8.1 | 8.1 | 17d ago | opentelemetry-collector-contrib's azureauthextension Authenticate method does not validate bearer tokens, allowing auth bypass via replay | |||
| CVE-2026-44574 | high | 8.1 | 8.1 | 17d ago | Next.js has a Middleware / Proxy bypass through dynamic route parameter injection | |||
| CVE-2026-6282 | high | 8.1 | 8.1 | 17d ago | A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move or access files belonging to ot… | |||
| CVE-2026-44291 | high | 8.1 | 8.1 | 17d ago | protobuf.js: Code generation gadget after prototype pollution | |||
| CVE-2026-20916 | high | 8.1 | 8.1 | 17d ago | An authenticated iControl REST user with low privileges can create or modify arbitrary files through an undisclosed iControl REST endpoint on the BIG-IQ system. Note: Software versions which have re… | |||
| CVE-2026-7635 | high | 8.1 | 8.1 | 18d ago | The coreActivity: Activity Logging for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0. This is due to the plugin failing to validate or… | |||
| CVE-2026-28907 | high | 8.1 | 8.1 | 18d ago | The issue was addressed with improved input validation. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS… | |||
| CVE-2026-44548 | high | 8.1 | 8.1 | 18d ago | ChurchCRM is an open-source church management system. Prior to 7.3.2, top-level cross-site GET navigation from an attacker-controlled page to FundRaiserDelete.php, PropertyTypeDelete.php, or NoteDele… | |||
| CVE-2026-44301 | high | 8.1 | 8.1 | 18d ago | Hugo's Node tool execution allows file system access outside the project directory | |||
| CVE-2026-44260 | high | 8.1 | 8.1 | 18d ago | efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the readonly flag set on the <efw:elFinder> JSP tag is intended to prevent file modifications. When protected=true, elfinder_checkRisk en… | |||
| CVE-2026-8430 | high | 8.1 | 8.1 | 18d ago | SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space that is limited to certain nginx configurations, allowing attackers to execute arbitrary code in the co… | |||
| CVE-2026-40415 | high | 8.1 | 8.1 | 18d ago | <p>Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.</p> | |||
| CVE-2026-30808 | high | 8.1 | 8.1 | 18d ago | Session Fixation vulnerability allows Session Hijacking via crafted session ID. This issue affects Pandora FMS: from 777 through 800 | |||
| CVE-2026-43983 | high | 8.1 | 8.1 | 18d ago | Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services. Prior to 2.6.0, The createTokenFromRefreshToken function (oidc_service.go) validates the refresh … | |||
| CVE-2026-43938 | high | 8.1 | 8.1 | 18d ago | YAFNET has Unauthenticated Stored Second-Order XSS in Admin Event Log via Reflected `User-Agent` Header | |||
| CVE-2026-43913 | high | 8.1 | 8.1 | 19d ago | Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden allows an unconfirmed organization owner to purge the entire organization vault. The organization invite flo… | |||
| CVE-2026-43911 | high | 8.1 | 8.1 | 19d ago | Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, refresh tokens are not invalidated when the user's security_stamp is rotated by some security-sensitive operations (pass… | |||
| CVE-2026-43640 | high | 8.1 | 8.1 | 19d ago | Bitwarden Server prior to v2026.4.1 does not require master-password re-authentication when retrieving or rotating an organization's SCIM API key, allowing an authenticated user with SCIM management … | |||
| CVE-2026-38568 | high | 8.1 | 8.1 | 19d ago | HireFlow v1.2 is vulnerable to Incorrect Access Control. The application does not enforce object-level authorization on the /candidate/<id> and /interview/<id> endpoints. The route handlers retrieve … | |||
| CVE-2026-38566 | high | 8.1 | 8.1 | 19d ago | HireFlow v1.2 does not implement CSRF token validation on any state-changing POST endpoint. All forms (password change at /profile, candidate deletion at /candidates/delete/<id>, feedback submission … | |||
| CVE-2026-30635 | high | 8.1 | 8.1 | 19d ago | automagik-genie has a command injection vulnerability | |||
| CVE-2026-7819 | high | 8.1 | 8.1 | 19d ago | pgAdmin 4 File Manager has symbolic-link path traversal | |||
| CVE-2026-42296 | high | 8.1 | 8.1 | 22d ago | Argo has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure | |||
| CVE-2026-42452 | high | 8.1 | 8.1 | 22d ago | Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, /users/login issues a temporary JWT (temp_token) for TOTP-enabled… | |||
| CVE-2026-44400 | high | 8.1 | 8.1 | 22d ago | MailEnable Enterprise Premium 10.55 and earlier contains an improper authorization vulnerability in the WebAdmin mobile portal that allows attackers to bypass authentication checks by reusing Authent… | |||
| CVE-2026-7807 | high | 8.1 | 8.1 | 22d ago | SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the /api/v1/report/summary/{type} API endpoint that allows authenticated users to read arbitrary .json fi… | |||
| CVE-2026-44553 | high | 8.1 | 8.1 | 22d ago | Open WebUI: Stale Admin Role in Socket.IO Session Pool Enables Post-Demotion Cross-User Note Access | |||
| CVE-2026-8178 | high | 8.1 | 8.1 | 22d ago | Amazon Redshift Vulnerable to Remote Code Execution via Unsafe Class Loading | |||
| CVE-2026-41883 | high | 8.1 | 8.1 | 22d ago | OmniFaces: EL injection via crafted resource name in wildcard CDN mapping | |||
| CVE-2026-43377 | high | 8.1 | 8.1 | 22d ago | In the Linux kernel, the following vulnerability has been resolved: ksmbd: Don't log keys in SMB3 signing and encryption key generation When KSMBD_DEBUG_AUTH logging is enabled, generate_smb3signin… | |||
| CVE-2026-43362 | high | 8.1 | 8.1 | 22d ago | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix in-place encryption corruption in SMB2_write() SMB2_write() places write payload in iov[1..n] as part of rq_iov.… | |||
| CVE-2026-41588 | high | 8.1 | 8.1 | 22d ago | RELATE is a web-based courseware package. Prior to commit 2f68e16, there is a timing attack vulnerability in course/auth.py — check_sign_in_key(). This issue has been patched via commit 2f68e16. | |||
| CVE-2026-41496 | high | 8.1 | 8.1 | 22d ago | PraisonAI: SQL Injection via unvalidated `table_prefix` in 9 conversation store backends (incomplete fix for CVE-2026-40315) | |||
| CVE-2026-41491 | high | 8.1 | 8.1 | 22d ago | Dapr: Service Invocation path traversal ACL bypass | |||
| CVE-2026-41105 | high | 8.1 | 8.1 | 23d ago | <p>Server-side request forgery (ssrf) in Azure Notification Service allows an authorized attacker to elevate privileges over a network.</p> | |||
| CVE-2026-42239 | high | 8.1 | 8.1 | 23d ago | Budibase auth session cookies are set with httpOnly:false — any XSS can lead to full account takeover | |||
| CVE-2026-41654 | high | 8.1 | 8.1 | 23d ago | Weblate Vulnerable to Authenticated SSRF via Project Backup Import bypassing validate_repo_url | |||
| CVE-2026-8093 | high | 8.1 | 8.1 | 23d ago | Memory safety bugs present in Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary … | |||
| CVE-2026-33588 | high | 8.1 | 8.1 | 23d ago | Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to create or modify files on the docker container via path traversal. | |||
| CVE-2026-7252 | high | 8.1 | 8.1 | 24d ago | The WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validat… | |||
| CVE-2026-41002 | high | 8.1 | 8.1 | 24d ago | Spring Cloud Config Server Susceptible To TOCTOU Attack | |||
| CVE-2026-44304 | high | 8.1 | 8.1 | 24d ago | Lemur: LDAP Filter Injection enables post-authentication privilege escalation | |||
| CVE-2026-8018 | high | 8.1 | 8.1 | 24d ago | <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google… | |||
| CVE-2026-7981 | high | 8.1 | 8.1 | 24d ago | <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google… | |||
| CVE-2026-7978 | high | 8.1 | 8.1 | 24d ago | <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google… | |||
| CVE-2026-41936 | high | 8.1 | 8.1 | 24d ago | Vvveb before version 1.0.8.2 contains an XML external entity (XXE) injection vulnerability in the admin Tools/Import feature that allows authenticated site_admin users to read arbitrary files and mod… | |||
| CVE-2026-43134 | high | 8.1 | 8.1 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ This adds a check for encryption key size upon receiving L2CAP… | |||
| CVE-2026-42609 | high | 8.1 | 8.1 | 25d ago | Grav Vulnerable to Administrative Account Disruption and Privilege De-escalation via User Overwrite Logic | |||
| CVE-2026-44331 | high | 8.1 | 8.1 | 25d ago | In ProFTPD through 1.3.9a before 7666224, a SQL injection vulnerability in sqltab_fetch_clients_cb() in contrib/mod_wrap2_sql.c allows a remote attacker to inject arbitrary SQL commands via a crafted… | |||
| CVE-2026-23631 | high | 8.1 | 8.1 | 25d ago | Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-aft… | |||
| CVE-2026-43535 | high | 8.1 | 8.1 | 25d ago | OpenClaw: Collect-mode queue batches could reuse the last sender authorization context | |||
| CVE-2026-6180 | high | 8.1 | 8.1 | 25d ago | A race condition exists in PaperCut MF when processing badge-swipe data from certain HP multifunction devices. Under specific network conditions involving dropped packets and out-of-order sequence co… | |||
| CVE-2026-42088 | high | 8.1 | 8.1 | 26d ago | OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0-rc3, the Script Runner widget allows users to execute Py… | |||
| CVE-2026-29004 | high | 8.1 | 8.1 | 26d ago | BusyBox before commit 42202bf contains a heap buffer overflow vulnerability in the DHCPv6 client (udhcpc6) DNS_SERVERS option handler in networking/udhcp/d6_dhcpc.c that allows network-adjacent attac… | |||
| CVE-2026-42075 | high | 8.1 | 8.1 | 26d ago | Evolver: Path Traversal via `--out` flag in `fetch` command allows Arbitrary File Write | |||
| CVE-2026-40563 | high | 8.1 | 8.1 | 26d ago | Apache Atlas has a Code Injection Vulnerability | |||
| CVE-2026-29199 | high | 8.1 | 8.1 | 26d ago | phpBB before 3.3.16 is vulnerable to Host Header Injection that can lead to password rest link poisoning. When force_server_vars is disabled, the servers hostname may be extracted from the HTTP Host … | |||
| CVE-2026-2554 | high | 8.1 | 8.1 | 28d ago | The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and incl… | |||
| CVE-2026-7611 | high | 8.1 | 8.1 | 28d ago | A vulnerability was found in TRENDnet TEW-821DAP up to 1.12B01. This impacts the function platform_do_upgrade_cameo_dev of the file cameo_dev.sh of the component Firmware Update Handler. Performing a… | |||
| CVE-2026-7610 | high | 8.1 | 8.1 | 28d ago | A vulnerability has been found in TRENDnet TEW-821DAP 1.12B01. This affects an unknown function of the file /www/cgi/ssi of the component Firmware Update. Such manipulation leads to cleartext transmi… | |||
| CVE-2026-7491 | high | 8.1 | 8.1 | 28d ago | School App developed by Zyosoft has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attackers to modify a specific parameter to read and modify other users' data. | |||
| CVE-2026-7606 | high | 8.1 | 8.1 | 28d ago | A weakness has been identified in TRENDnet TEW-821DAP 1.12B01. This issue affects the function find_hwid/new_gui_update_firmware of the component Firmware Update Handler. Executing a manipulation of … | |||
| CVE-2026-7647 | high | 8.1 | 8.1 | 29d ago | The Profile Builder Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to and including 3.14.5. This is due to the use of PHP's maybe_unserialize() function on the atta… | |||
| CVE-2026-37537 | high | 8.1 | 8.1 | 29d ago | collin80/Open-SAE-J1939 thru commit 744024d4306bc387857dfce439558336806acb06 (2023-03-08) contains an integer underflow leading to out-of-bounds write in Transport Protocol Data Transfer handling. At… | |||
| CVE-2026-22166 | high | 8.1 | 8.1 | 29d ago | A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the proce… | |||
| CVE-2026-22165 | high | 8.1 | 8.1 | 29d ago | A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger a write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the pro… | |||
| CVE-2026-43051 | high | 8.1 | 8.1 | 29d ago | RHSA-2026:21745: kernel-rt security update (Important) | |||
| CVE-2026-31779 | high | 8.1 | 8.1 | 29d ago | In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix potential out-of-bounds read in iwl_mvm_nd_match_info_handler() The memcpy function assumes the dynamic a… | |||
| CVE-2026-31771 | high | 8.1 | 8.1 | 29d ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: move wake reason storage into validated event handlers hci_store_wake_reason() is called from hci_event_pac… | |||
| CVE-2026-31708 | high | 8.1 | 8.1 | 29d ago | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix OOB read in smb2_ioctl_query_info QUERY_INFO path smb2_ioctl_query_info() has two response-copy branches: PASSTH… | |||
| CVE-2026-7554 | high | 8.1 | 8.1 | 1mo ago | A vulnerability was determined in D-Link M60 up to 1.20B02. Affected by this issue is some unknown functionality of the file /usr/bin/httpd. This manipulation causes weak password recovery. The attac… | |||
| CVE-2026-6542 | high | 8.1 | 8.1 | 1mo ago | IBM Langflow OSS 1.0.0 through 1.8.4 could allow any user to supply a flow_id to read transaction logs and vertex build data belonging to other users, and to delete persisted vertex build data for an… | |||
| CVE-2026-40904 | high | 8.1 | 8.1 | 1mo ago | Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes multiple dataset and dataRequest end… | |||
| CVE-2026-40600 | high | 8.1 | 8.1 | 1mo ago | Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew allows authenticated users with access to on… | |||
| CVE-2026-36340 | high | 8.1 | 8.1 | 1mo ago | Krayin CRM allows a remote attacker to execute arbitrary code via compose email function | |||
| CVE-2026-7402 | high | 8.1 | 8.1 | 1mo ago | Improper Control of Interaction Frequency vulnerability in MeWare Software Development Inc. PDKS allows Flooding. This issue affects PDKS: from V16.20200313 before VMYR_3.5.2025117. | |||
| CVE-2026-7399 | high | 8.1 | 8.1 | 1mo ago | Authorization bypass through User-Controlled key vulnerability in MeWare Software Development Inc. PDKS allows Privilege Abuse. This issue affects PDKS: from V16.20200313 before VMYR_3.5.2025117. | |||
| CVE-2026-42512 | high | 8.1 | 8.1 | 1mo ago | As dhclient is building an environment to pass to dhclient-script, it may need to resize the array of string pointers. The code which expands the array incorrectly calculates its new size when reque… | |||
| CVE-2026-35547 | high | 8.1 | 8.1 | 1mo ago | When processing the header of an incoming message, libnv failed to properly validate the message size. The lack of validation allows a malicious program to write outside the bounds of a heap allocat… | |||
| CVE-2026-42511 | high | 8.1 | 8.1 | 1mo ago | The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclient.conf directives. When the lease file is subsequently re-parsed by … | |||
| CVE-2026-7426 | high | 8.1 | 8.1 | 1mo ago | Insufficient validation of the prefix length field in IPv6 Router Advertisement processing in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause memory corruption by… | |||
| CVE-2026-7424 | high | 8.1 | 8.1 | 1mo ago | Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network actor to corrupt the device's IPv6 address assignment, DNS configuration, an… | |||
| CVE-2026-7347 | high | 8.1 | 8.1 | 1mo ago | Use after free in Chromoting in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: High) | |||
| CVE-2026-7346 | high | 8.1 | 8.1 | 1mo ago | Inappropriate implementation in Tint in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Hi… |