CVEs from 2026
Total
13,611
critical
critical 1,176
high
high 4,272
medium
medium 4,145
low
low 441
% Critical
8.6%
% with KEV
0.4%
% with exploit
0.7%
Top products
- chrome 417
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42167 | high | 8.1 | 8.1 | 1mo ago | mod_sql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backe… | |||
| CVE-2026-42431 | high | 8.1 | 8.1 | 1mo ago | OpenClaw `node.invoke(browser.proxy)` bypasses `browser.request` persistent profile-mutation guard | |||
| CVE-2026-41383 | high | 8.1 | 8.1 | 1mo ago | OpenClaw: OpenShell mirror mode could delete arbitrary remote directories when roots were mis-scoped | |||
| CVE-2026-27760 | high | 8.1 | 8.1 | 1mo ago | OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in the installer AJAX endpoint that allows unauthenticated attackers to execute arbitrary code by injecting PHP statements… | |||
| CVE-2026-5780 | high | 8.1 | 8.1 | 1mo ago | An insecure direct object reference (IDOR) vulnerability in MphRx's Minerva V3.6.0, specifically in the endpoint '/minerva/moUser/show/'. If this vulnerability is successfully exploited, an authentic… | |||
| CVE-2026-41364 | high | 8.1 | 8.1 | 1mo ago | OpenClaw: SSH sandbox tar upload follows symlinks, enabling arbitrary file write on remote host | |||
| CVE-2026-31613 | high | 8.1 | 8.1 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix OOB reads parsing symlink error response When a CREATE returns STATUS_STOPPED_ON_SYMLINK, smb2_check_message() r… | |||
| CVE-2026-40623 | high | 8.1 | 8.1 | 1mo ago | A vulnerability in SenseLive X3050's web management interface allows critical system and network configuration parameters to be modified without sufficient validation and safety controls. Due to inad… | |||
| CVE-2026-39462 | high | 8.1 | 8.1 | 1mo ago | A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device… | |||
| CVE-2026-27841 | high | 8.1 | 8.1 | 1mo ago | A vulnerability in SenseLive X3050's web management interface allows state-changing operations to be triggered without proper Cross-Site Request Forgery (CSRF) protections. Because the application do… | |||
| CVE-2026-41353 | high | 8.1 | 8.1 | 1mo ago | OpenClaw before 2026.3.22 contains an access control bypass vulnerability in the allowProfiles feature that allows attackers to circumvent profile restrictions through persistent profile mutation and… | |||
| CVE-2026-41342 | high | 8.1 | 8.1 | 1mo ago | OpenClaw: CLI Remote Onboarding Persists Unauthenticated Discovery Endpoint and Exfiltrates Gateway Credentials | |||
| CVE-2026-41246 | high | 8.1 | 8.1 | 1mo ago | Contour has Lua code injection via Cookie Path Rewrite Policy | |||
| CVE-2026-41175 | high | 8.1 | 8.1 | 1mo ago | Statamic: Unsafe method invocation via query value resolution allows data destruction | |||
| CVE-2026-31513 | high | 8.1 | 8.1 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix stack-out-of-bounds read in l2cap_ecred_conn_req Syzbot reported a KASAN stack-out-of-bounds read in l2cap_… | |||
| CVE-2026-31464 | high | 8.1 | 8.1 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Fix OOB access in ibmvfc_discover_targets_done() A malicious or compromised VIO server can return a num_written val… | |||
| CVE-2026-6848 | high | 8.1 | 8.1 | 1mo ago | A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive operations, such as token generation or robot account creation, the re-authentication prompt can be… | |||
| CVE-2026-42084 | high | 8.1 | 8.1 | 1mo ago | OpenC3 COSMOS: Hijacked session token can be used to reset password for persistence | |||
| CVE-2026-40868 | high | 8.1 | 8.1 | 1mo ago | kyverno apicall servicecall implicit bearer token injection leaks kyverno serviceaccount token | |||
| CVE-2026-5966 | high | 8.1 | 8.1 | 1mo ago | ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability. Authenticated remote attackers with web access can exploit Path Traversal to delete arbitrary files on th… | |||
| CVE-2026-40434 | high | 8.1 | 8.1 | 1mo ago | Anviz CrossChex Standard lacks source verification in the client/server channel, enabling TCP packet injection by an attacker on the same network to alter or disrupt application traffic. | |||
| CVE-2026-5718 | high | 8.1 | 8.1 | 1mo ago | The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.3.9.7. This is due to insufficient file type … | |||
| CVE-2026-41113 | high | 8.1 | 8.1 | 1mo ago | sagredo qmail before 2026.04.07 allows tls_quit remote code execution because of popen in notlshosts_auto in qmail-remote.c. | |||
| CVE-2026-40784 | high | 8.1 | 8.1 | 2mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Mahmudul Hasan Arif FluentBoards fluent-boards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue aff… | |||
| CVE-2026-40764 | high | 8.1 | 8.1 | 2mo ago | Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Cross Site Request Forgery.This issue affects Contact Form by WPForms: from n/a through <= 1… | |||
| CVE-2026-23708 | high | 8.1 | 8.1 | 2mo ago | A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 throug… | |||
| CVE-2026-22828 | high | 8.1 | 8.1 | 2mo ago | A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer Cloud 7.6.2 through 7.6.4, FortiManager Cloud 7.6.2 through 7.6.4 may allow a remote unauthenticated attacker to execute arbitrary… | |||
| CVE-2026-28291 | high | 8.1 | 8.1 | 2mo ago | simple-git Affected by Command Execution via Option-Parsing Bypass | |||
| CVE-2026-6011 | high | 8.1 | 8.1 | 2mo ago | OpenClaw vulnerable to SSRF in src/agents/tools/web-fetch.ts | |||
| CVE-2026-5479 | high | 8.1 | 8.1 | 2mo ago | In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSL_EVP_CipherFinal (and related EVP cipher finalization functions) fails to verify the authentication tag before returning p… | |||
| CVE-2026-5466 | high | 8.1 | 8.1 | 2mo ago | wolfSSL's ECCSI signature verifier `wc_VerifyEccsiHash` decodes the `r` and `s` scalars from the signature blob via `mp_read_unsigned_bin` with no check that they lie in `[1, q-1]`. A crafted forged … | |||
| CVE-2026-5188 | high | 8.1 | 8.1 | 2mo ago | An integer underflow issue exists in wolfSSL when parsing the Subject Alternative Name (SAN) extension of X.509 certificates. A malformed certificate can specify an entry length larger than the enclo… | |||
| CVE-2026-5915 | high | 8.1 | 8.1 | 2mo ago | Insufficient validation of untrusted input in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium secur… | |||
| CVE-2026-5913 | high | 8.1 | 8.1 | 2mo ago | Out of bounds read in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2026-28387 | high | 8.1 | 8.1 | 2mo ago | Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-… | |||
| CVE-2026-39371 | high | 8.1 | 8.1 | 2mo ago | RedwoodSDK has a CSRF vulnerability in server function dispatch via GET requests | |||
| CVE-2026-22665 | high | 8.1 | 8.1 | 2mo ago | prompts.chat prior to commit 1464475, contains an identity confusion vulnerability due to inconsistent case-sensitive and case-insensitive handling of usernames across write and read paths, allowing … | |||
| CVE-2026-22661 | high | 8.1 | 8.1 | 2mo ago | prompts.chat prior to commit 0f8d4c3 contains a path traversal vulnerability in skill file handling that allows attackers to write arbitrary files to the client system by crafting malicious ZIP archi… | |||
| CVE-2026-31393 | high | 8.1 | 8.1 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Validate L2CAP_INFO_RSP payload length before access l2cap_information_rsp() checks that cmd_len covers the fix… | |||
| CVE-2026-31392 | high | 8.1 | 8.1 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix krb5 mount with username option Customer reported that some of their krb5 mounts were failing against a single s… | |||
| CVE-2026-5246 | high | 8.1 | 8.1 | 2mo ago | A vulnerability was determined in Cesanta Mongoose up to 7.20. Affected is the function mg_tls_verify_cert_signature of the file mongoose.c of the component P-384 Public Key Handler. Executing a mani… | |||
| CVE-2026-5245 | high | 8.1 | 8.1 | 2mo ago | A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handle_mdns_record of the file mongoose.c of the component mDNS Record Handler. Performing a manipulation of the ar… | |||
| CVE-2026-34472 | high | 7.1 | 8.1 | 2mo ago | Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2_TE and V6.0.10P3N3_TE allows unauthenticated attackers on the local network to retrieve sensitive credentials… | |||
| CVE-2026-25406 | high | 8.1 | 8.1 | 2mo ago | Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeum Tutor LMS Pro tutor-pro allows Authentication Abuse.This issue affects Tutor LMS Pro: from n/a through <= 3.9.4. | |||
| CVE-2026-25357 | high | 8.1 | 8.1 | 2mo ago | Authentication Bypass Using an Alternate Path or Channel vulnerability in azzaroco Ultimate Membership Pro indeed-membership-pro allows Authentication Abuse.This issue affects Ultimate Membership Pro… | |||
| CVE-2026-32067 | high | 8.1 | 8.1 | 2mo ago | OpenClaw has cross-account DM pairing authorization bypass via unscoped pairing store access | |||
| CVE-2026-22324 | high | 8.1 | 8.1 | 2mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Melania allows PHP Local File Inclusion.This issue affects Melania: f… | |||
| CVE-2026-2646 | high | 8.1 | 8.1 | 2mo ago | A heap-buffer-overflow vulnerability exists in wolfSSL's wolfSSL_d2i_SSL_SESSION() function. When deserializing session data with SESSION_CERTS enabled, certificate and session id lengths are read fr… | |||
| CVE-2026-25471 | high | 8.1 | 8.1 | 2mo ago | Authentication Bypass Using an Alternate Path or Channel vulnerability in Themepaste Admin Safety Guard admin-safety-guard allows Password Recovery Exploitation.This issue affects Admin Safety Guard:… | |||
| CVE-2026-27096 | high | 8.1 | 8.1 | 2mo ago | Deserialization of Untrusted Data vulnerability in BuddhaThemes ColorFolio - Freelance Designer WordPress Theme allows Object Injection.This issue affects ColorFolio - Freelance Designer WordPress Th… | |||
| CVE-2026-32841 | high | 8.1 | 8.1 | 2mo ago | Edimax GS-5008PL firmware versions 1.00.54 and prior contain an authentication bypass vulnerability that allows unauthenticated attackers to access the management interface. Attackers can exploit the… | |||
| CVE-2026-30707 | high | 8.1 | 8.1 | 2mo ago | An issue was discovered in SpeedExam Online Examination System (SaaS) after v.FEV2026. It allows Broken Access Control via the ReviewAnswerDetails ASP.NET PageMethod. Authenticated attackers can bypa… | |||
| CVE-2026-3405 | high | 8.1 | 8.1 | 3mo ago | A vulnerability has been found in thinkgem JeeSite up to 5.15.1. The affected element is an unknown function of the component Connection Handler. The manipulation leads to path traversal. It is possi… | |||
| CVE-2026-3404 | high | 8.1 | 8.1 | 3mo ago | A flaw has been found in thinkgem JeeSite up to 5.15.1. Impacted is an unknown function of the file /com/jeesite/common/shiro/cas/CasOutHandler.java of the component Endpoint. Executing a manipulatio… | |||
| CVE-2026-3192 | high | 8.1 | 8.1 | 3mo ago | A security vulnerability has been detected in Chia Blockchain 2.1.0. This issue affects the function _authenticate of the file rpc_server_base.py of the component RPC Credential Handler. The manipula… | |||
| CVE-2026-2957 | high | 8.1 | 8.1 | 3mo ago | A weakness has been identified in qinming99 dst-admin up to 1.5.0. This impacts the function deleteBackup of the file src/main/java/com/tugos/dst/admin/controller/BackupController.java of the compone… | |||
| CVE-2026-2895 | high | 8.1 | 8.1 | 3mo ago | funadmin has Weak Password Recovery Mechanism for Forgotten Password | |||
| CVE-2026-22365 | high | 8.1 | 8.1 | 3mo ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Soleng soleng allows PHP Local File Inclusion.This issue affects S… | |||
| CVE-2026-2705 | high | 8.1 | 8.1 | 3mo ago | A vulnerability was detected in Open Babel up to 3.1.1. The impacted element is the function OBAtom::SetFormalCharge in the library include/openbabel/atom.h of the component MOL2 File Handler. The ma… | |||
| CVE-2026-2110 | high | 8.1 | 8.1 | 4mo ago | A security flaw has been discovered in Tasin1025 SwiftBuy up to 0f5011372e8d1d7edfd642d57d721c9fadc54ec7. Affected by this vulnerability is an unknown functionality of the file /login.php. Performing… | |||
| CVE-2026-2109 | high | 8.1 | 8.1 | 4mo ago | A vulnerability was identified in jsbroks COCO Annotator up to 0.11.1. Affected is an unknown function of the file /api/undo/ of the component Delete Category Handler. Such manipulation of the argume… | |||
| CVE-2026-1203 | high | 8.1 | 8.1 | 4mo ago | A weakness has been identified in CRMEB up to 5.6.3. The impacted element is the function remoteRegister of the file crmeb/app/services/user/LoginServices.php of the component JSON Token Handler. Exe… | |||
| CVE-2026-1112 | high | 8.1 | 8.1 | 4mo ago | A vulnerability was found in Sanluan PublicCMS up to 5.202506.d. Affected is the function delete of the file publiccms-trade/src/main/java/com/publiccms/controller/web/trade/TradeAddressController.ja… | |||
| CVE-2026-49367 | high | 8.0 | 8.0 | 1d ago | In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account | |||
| CVE-2026-35630 | high | 8.0 | 8.0 | 1d ago | OpenClaw before 2026.5.18 contains an authorization bypass vulnerability in QQBot native approval buttons that fails to enforce configured approver identity. Non-approver users can click approval but… | |||
| CVE-2026-37266 | high | 8.0 | 8.0 | 2d ago | An issue in Responsive File Manager Responsive FileManager Version 9.14.0 allows a remote attacker to execute arbitrary code via the force_download.php component | |||
| CVE-2026-23392 | high | — | 8.0 | 3d ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: release flowtable after rcu grace period on error Call synchronize_rcu() after unregistering the hooks from… | |||
| CVE-2026-34078 | high | — | 8.0 | 3d ago | RHSA-2026:21756: flatpak security update (Important) | |||
| CVE-2026-34079 | high | — | 8.0 | 3d ago | RHSA-2026:21756: flatpak security update (Important) | |||
| CVE-2026-45725 | high | — | 8.0 | 3d ago | compliance-trestle Remote Fetching Mechanism has an Arbitrary File Write via Cache Path Traversal | |||
| CVE-2026-47717 | high | — | 8.0 | 3d ago | FUXA's Unauthenticated Project Data Disclosure Exposes Server-Side Scripts and Device Configurations | |||
| CVE-2026-47243 | high | — | 8.0 | 3d ago | Kata guest escape: runtime-rs guest-root to host-root escape via virtiofs | |||
| CVE-2026-45704 | high | — | 8.0 | 3d ago | Pimcore has a CustomReports Share Bypass | |||
| CVE-2026-44982 | high | — | 8.0 | 3d ago | CrowdSec AppSec silently drops request body for chunked / HTTP-2 requests | |||
| CVE-2026-44726 | high | — | 8.0 | 3d ago | Deno's TLS retry copies stale upgrade hook, risking plaintext traffic | |||
| CVE-2026-45617 | high | — | 8.0 | 3d ago | LiquidJS Vulnerable to ReDoS via Quadratic Backtracking in `strip_html` Filter Regex | |||
| CVE-2026-45368 | high | — | 8.0 | 3d ago | Kirby CMS vulnerable to cross-site scripting (XSS) from links in KirbyTags and image blocks in the site frontend | |||
| CVE-2026-45357 | high | — | 8.0 | 3d ago | LiquidJS has a memory and render limit bypass via unbounded width padding in `date` filter (strftime) | |||
| CVE-2026-42553 | high | — | 8.0 | 3d ago | Cinny vulnerable to access token disclosure via invalidated emoji pack avatar URL in service worker | |||
| CVE-2026-45260 | high | — | 8.0 | 3d ago | Pimcore: Missing Authorization in WebDAV MOVE via unchecked asset move handling | |||
| CVE-2026-45162 | high | — | 8.0 | 3d ago | Pimcore has Unsafe PHP Deserialization in Multiple Locations Without allowed_classes Restriction | |||
| CVE-2026-45022 | high | — | 8.0 | 3d ago | go-git is an extensible git implementation library written in pure Go. Prior to 5.19.0 and 6.0.0-alpha.3, go-git may parse malformed Git objects in a way that differs from upstream Git. When commit o… | |||
| CVE-2026-6957 | high | 8.0 | 8.0 | 3d ago | Mattermost Plugins versions <=1.1.5 fail to sanitize filenames received from federated peers before using them to construct export destination paths, which allows an administrator of a remote federat… | |||
| CVE-2026-3012 | high | 8.0 | 8.0 | 3d ago | A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and… | |||
| CVE-2026-44974 | high | — | 8.0 | 4d ago | @hapi/content header parser has a parameter smuggling issue that allows upload-filter bypass via duplicate parameters | |||
| CVE-2026-44741 | high | — | 8.0 | 4d ago | Pimcore Admin Classic Bundle Vulnerable to SQL Injection in Translation Grid Date Filter via Unsanitized Property Parameter | |||
| CVE-2026-44739 | high | — | 8.0 | 4d ago | Pimcore Vulnerable to SQL Injection in Custom Reports Column Configuration | |||
| CVE-2026-44705 | high | — | 8.0 | 4d ago | tmp has Path Traversal via unsanitized prefix/postfix that enables directory escape | |||
| CVE-2026-34043 | high | — | 8.0 | 4d ago | RHSA-2026:21291: .NET 8.0 security update (Important) | |||
| CVE-2026-44177 | high | — | 8.0 | 4d ago | Kirby CMS has pre-authentication path traversal and PHP file inclusion during user lookup | |||
| CVE-2026-44175 | high | — | 8.0 | 4d ago | Kirby CMS vulnerable to cross-site scripting (XSS) from list field content in the site frontend | |||
| CVE-2026-44174 | high | — | 8.0 | 4d ago | Kirby CMS has an Arbitrary Method Call via REST API Search and Collection Query Endpoints | |||
| CVE-2026-43947 | high | — | 8.0 | 4d ago | FUXA Vulnerable to Unauthenticated Remote Code Execution via Script Test Mode Authorization Bypass | |||
| CVE-2026-43946 | high | — | 8.0 | 4d ago | FUXA has an unauthenticated arbitrary tag value disclosure via /api/getTagValue | |||
| CVE-2026-43945 | high | — | 8.0 | 4d ago | FUXA Vulnerable to Pre-auth RCE via Path Manipulation & Configuration Injection | |||
| CVE-2026-42462 | high | — | 8.0 | 4d ago | Fedify has an LD-Signature Bypass via JSON-LD Named-Graph Restructuring | |||
| CVE-2026-42089 | high | — | 8.0 | 4d ago | yeoman-environment Vulnerable to Arbitrary Package Installation without User Confirmation | |||
| CVE-2026-44895 | high | — | 8.0 | 4d ago | @yoda.digital/gitlab-mcp-server's SSE transport has no authentication and wildcard CORS, exposing all 86 GitLab tools | |||
| CVE-2026-48048 | high | — | 8.0 | 4d ago | XWiki Platform's Livetable results still allow reconstructing password hashes using 768 requests | |||
| CVE-2026-8834 | high | 8.0 | 8.0 | 4d ago | IBM HTTP Server 8.5, and 9.0 contains a buffer overflow vulnerability. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to execute remote code or cause … |