CVEs from 2026
Total
13,613
critical
critical 1,176
high
high 4,271
medium
medium 4,150
low
low 441
% Critical
8.6%
% with KEV
0.4%
% with exploit
0.7%
Top products
- chrome 417
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-3054 | medium | 6.1 | 6.1 | 3mo ago | A vulnerability was identified in Alinto SOGo 5.12.3/5.12.4. This impacts an unknown function. The manipulation of the argument hint leads to cross site scripting. The attack can be initiated remotel… | |||
| CVE-2026-3049 | medium | 6.1 | 6.1 | 3mo ago | A vulnerability was detected in horilla-opensource horilla up to 1.0.2. This issue affects the function get of the file horilla_generics/global_search.py of the component Query Parameter Handler. The… | |||
| CVE-2026-3043 | medium | 6.1 | 6.1 | 3mo ago | A flaw has been found in itsourcecode Event Management System 1.0. The impacted element is an unknown function of the file /admin/navbar.php. Executing a manipulation of the argument page can lead to… | |||
| CVE-2026-3028 | medium | 6.1 | 6.1 | 3mo ago | A vulnerability was determined in erzhongxmu JEEWMS up to 3.7. This vulnerability affects the function doAdd of the file src/main/java/com/jeecg/demo/controller/JeecgListDemoController.java. This man… | |||
| CVE-2026-3027 | medium | 6.1 | 6.1 | 3mo ago | A vulnerability was found in erzhongxmu JEEWMS up to 3.7. This affects an unknown part of the file src/main/webapp/plug-in/ueditor/jsp/getContent.jsp of the component UEditor. The manipulation of the… | |||
| CVE-2026-2971 | medium | 6.1 | 6.1 | 3mo ago | A vulnerability was found in a466350665 Smart-SSO up to 2.1.1. Affected by this issue is some unknown functionality of the file smart-sso-server/src/main/resources/templates/login.html of the compone… | |||
| CVE-2026-2547 | medium | 6.1 | 6.1 | 3mo ago | A vulnerability was detected in LigeroSmart up to 6.1.26. The impacted element is the function AgentDashboard of the file /otrs/index.pl. Performing a manipulation of the argument Subaction results i… | |||
| CVE-2026-2546 | medium | 6.1 | 6.1 | 3mo ago | A security vulnerability has been detected in LigeroSmart up to 6.1.26. The affected element is an unknown function of the file /otrs/index.pl. Such manipulation of the argument SortBy leads to cross… | |||
| CVE-2026-2545 | medium | 6.1 | 6.1 | 3mo ago | A weakness has been identified in LigeroSmart up to 6.1.26. Impacted is an unknown function of the file /otrs/index.pl?Action=AgentTicketSearch. This manipulation of the argument Profile causes cross… | |||
| CVE-2026-2242 | medium | 6.1 | 6.1 | 4mo ago | A vulnerability was determined in janet-lang janet up to 1.40.1. This impacts the function janetc_if of the file src/core/specials.c. Executing a manipulation can lead to out-of-bounds read. The atta… | |||
| CVE-2026-2241 | medium | 6.1 | 6.1 | 4mo ago | A vulnerability was found in janet-lang janet up to 1.40.1. This affects the function os_strftime of the file src/core/os.c. Performing a manipulation results in out-of-bounds read. The attack must b… | |||
| CVE-2026-2240 | medium | 6.1 | 6.1 | 4mo ago | A vulnerability has been found in janet-lang janet up to 1.40.1. The impacted element is the function janetc_pop_funcdef of the file src/core/compile.c. Such manipulation leads to out-of-bounds read.… | |||
| CVE-2026-2160 | medium | 6.1 | 6.1 | 4mo ago | A vulnerability has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Master.php?f=save_packa… | |||
| CVE-2026-2159 | medium | 6.1 | 6.1 | 4mo ago | A flaw has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected is an unknown function of the file /tourism/classes/Master.php?f=register of the component Registration. Execut… | |||
| CVE-2026-2154 | medium | 6.1 | 6.1 | 4mo ago | A vulnerability was identified in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Impacted is an unknown function of the file /registration.php of the component Patien… | |||
| CVE-2026-2153 | medium | 6.1 | 6.1 | 4mo ago | A vulnerability was determined in mwielgoszewski doorman up to 0.6. This issue affects the function is_safe_url of the file doorman/users/views.py. Executing a manipulation of the argument Next can l… | |||
| CVE-2026-2150 | medium | 6.1 | 6.1 | 4mo ago | A flaw has been found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this issue is some unknown functionality of the file /checkin.php. This manipulati… | |||
| CVE-2026-2149 | medium | 6.1 | 6.1 | 4mo ago | A vulnerability was detected in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /appointments.ph… | |||
| CVE-2026-1970 | medium | 6.1 | 6.1 | 4mo ago | A flaw has been found in Edimax BR-6258n up to 1.18. This issue affects the function formStaDrvSetup of the file /goform/formStaDrvSetup. This manipulation of the argument submit-url causes open redi… | |||
| CVE-2026-1411 | medium | 6.1 | 6.1 | 4mo ago | A flaw has been found in Beetel 777VR1 up to 01.00.09/01.00.09_55. The affected element is an unknown function of the component UART Interface. This manipulation causes improper access controls. It i… | |||
| CVE-2026-21933 | medium | 6.1 | 6.1 | 4mo ago | RHSA-2026:4832: java-1.8.0-ibm security update (Important) | |||
| CVE-2026-1135 | medium | 6.1 | 6.1 | 4mo ago | A security flaw has been discovered in itsourcecode Society Management System 1.0. This impacts an unknown function of the file /admin/activity.php. The manipulation of the argument Title results in … | |||
| CVE-2026-1134 | medium | 6.1 | 6.1 | 4mo ago | A vulnerability was identified in itsourcecode Society Management System 1.0. This affects an unknown function of the file /admin/expenses.php. The manipulation of the argument detail leads to cross … | |||
| CVE-2026-0858 | medium | 6.1 | 6.1 | 5mo ago | PlantUML is vulnerable to Stored XSS due to insufficient sanitization of interactive attributes in GraphViz diagrams | |||
| CVE-2026-0642 | medium | 6.1 | 6.1 | 5mo ago | A vulnerability was detected in projectworlds House Rental and Property Listing 1.0. This issue affects some unknown processing of the file /app/complaint.php. The manipulation of the argument Name r… | |||
| CVE-2026-0588 | medium | 6.1 | 6.1 | 5mo ago | A weakness has been identified in Xinhu Rainrock RockOA up to 2.7.1. Affected by this vulnerability is an unknown functionality of the file rockfun.php of the component API. This manipulation of the … | |||
| CVE-2026-0586 | medium | 6.1 | 6.1 | 5mo ago | A vulnerability was detected in code-projects Online Product Reservation System 1.0. The affected element is an unknown function of the file handgunner-administrator/prod.php. Performing a manipulati… | |||
| CVE-2026-0580 | medium | 6.1 | 6.1 | 5mo ago | A vulnerability was found in SourceCodester API Key Manager App 1.0. Affected by this vulnerability is an unknown functionality of the component Import Key Handler. Performing a manipulation results … | |||
| CVE-2026-44394 | medium | 6.0 | 6.0 | 2d ago | An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propagate the original token's expiry to the newly issued token. When a federate… | |||
| CVE-2026-43000 | medium | 6.0 | 6.0 | 2d ago | An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to ad… | |||
| CVE-2026-42999 | medium | 6.0 | 6.0 | 2d ago | An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforce_call unconditionally merges the raw JSON request body into the policy enforcement dictionary … | |||
| CVE-2026-42998 | medium | 6.0 | 6.0 | 2d ago | An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone application credential authentication plugin does not verify that the user supplied in the authentication request matches the… | |||
| CVE-2026-0857 | medium | 6.0 | 6.0 | 11d ago | Cleartext Storage of Sensitive Information in Memory vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component. This issue affects Meona Client Launcher Component: thr… | |||
| CVE-2026-8052 | medium | 6.0 | 6.0 | 18d ago | HashiCorp Nomad’s exec2 task driver vulnerable to a symlink attack | |||
| CVE-2026-6959 | medium | 6.0 | 6.0 | 18d ago | HashiCorp Nomad vulnerable to symlink attack | |||
| CVE-2026-41125 | medium | 6.0 | 6.0 | 19d ago | A vulnerability has been identified in blueplanet 100 NX3 M8 (All versions), blueplanet 100 TL3 GEN2 (All versions), blueplanet 105 TL3 (All versions), blueplanet 105 TL3 GEN2 (All versions), bluepla… | |||
| CVE-2026-45005 | medium | 6.0 | 6.0 | 19d ago | OpenClaw's Webhooks SecretRef route secret remains valid after rotation/reload | |||
| CVE-2026-41689 | medium | 6.0 | 6.0 | 23d ago | Wallos is an open-source, self-hostable personal subscription tracker. In versions 4.8.4 and prior, the webhook notification feature reuses an administrator-configured local-target allowlist for ever… | |||
| CVE-2026-47741 | medium | 5.9 | 5.9 | 1d ago | Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, CreateOrderFromCartAction::execute previously created the Order row before checking and incrementing the discount's total_use counter. Un… | |||
| CVE-2026-9793 | medium | 5.9 | 5.9 | 3d ago | A flaw was found in Keycloak. When a JSON Web Encryption (JWE) encrypted request object is submitted, Keycloak may incorrectly process unsigned claims if the decrypted content is raw JSON, bypassing … | |||
| CVE-2026-46538 | medium | 5.9 | 5.9 | 3d ago | Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's constellation client tracks pending task responses by session_id onl… | |||
| CVE-2026-45027 | medium | 5.9 | 5.9 | 3d ago | WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, when a user logs in, html/login.php hashes the submitted password using PHP's hash() function with the SHA-256 algorith… | |||
| CVE-2026-44788 | medium | 5.9 | 5.9 | 4d ago | SharpCompress is a fully managed C# library to deal with many compression types and formats. In 0.47.4 and earlier, a path traversal vulnerability in IArchive.WriteToDirectory() allows a malicious ar… | |||
| CVE-2026-48850 | medium | 5.9 | 5.9 | 5d ago | PuTTY 0.72 before 0.84 has a double free in RSA KEX. | |||
| CVE-2026-42626 | medium | 5.9 | 5.9 | 8d ago | HP ENVY 5000 series printers VERBASPP1N003.2237A.00 do not properly manage concurrent TCP connections to port 9100 (JetDirect/RAW printing). An unauthenticated remote attacker on the same network can… | |||
| CVE-2026-8673 | medium | 5.9 | 5.9 | 8d ago | Unprotected transport of credentials vulnerability in syslink software AG Avantra on Linux, Windows allows Sniffing Attacks. This issue affects Avantra: before 25.3.0. | |||
| CVE-2026-48249 | medium | 5.9 | 5.9 | 9d ago | Open ISES Tickets before 3.44.2 disables TLS certificate verification in rm/incs/mobile_login.inc.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing … | |||
| CVE-2026-48248 | medium | 5.9 | 5.9 | 9d ago | Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/login.inc.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound H… | |||
| CVE-2026-48247 | medium | 5.9 | 5.9 | 9d ago | Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/functions.inc.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbou… | |||
| CVE-2026-48246 | medium | 5.9 | 5.9 | 9d ago | Open ISES Tickets before 3.44.2 disables TLS certificate verification in ajax/reports.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound HTT… | |||
| CVE-2026-44061 | medium | 5.9 | 5.9 | 10d ago | Netatalk 1.5.0 through 4.4.2 uses DES-ECB for authentication with a timing side channel, which allows a remote attacker to recover authentication credentials via timing analysis. | |||
| CVE-2026-9100 | medium | 5.9 | 5.9 | 10d ago | The MongoDB C Driver's legacy GridFS API accepts malformed file metadata from the database without adequate validation. Crafted documents in a GridFS collection may cause any application that reads t… | |||
| CVE-2026-5947 | medium | 5.9 | 5.9 | 11d ago | Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG(0), it begins work to validate that signature. … | |||
| CVE-2026-44608 | medium | 5.9 | 5.9 | 11d ago | NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a locking inconsistency vulnerability that when certain conditions are met (multi-threaded, RPZ XFR reload, RPZ zone with 'rpz-nsip'/'… | |||
| CVE-2026-41470 | medium | 5.9 | 5.9 | 11d ago | LIVE555 before 2026.04.22 contains an authorization bypass vulnerability in RTSP session command handling that allows attackers to replay valid Session tokens from unauthenticated connections. Attack… | |||
| CVE-2026-32134 | medium | 5.9 | 5.9 | 11d ago | NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In versions 0.24.10 and below, when NanoMQ handles high-concurrency reconnect traffic using a reconnect-collision payload, the br… | |||
| CVE-2026-40356 | medium | 5.9 | 5.9 | 12d ago | RHSA-2026:16799: krb5 security update (Important) | |||
| CVE-2026-40355 | medium | 5.9 | 5.9 | 12d ago | RHSA-2026:16799: krb5 security update (Important) | |||
| CVE-2026-41968 | medium | 5.9 | 5.9 | 16d ago | Permission control vulnerability in the manufacturability design module. Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2026-41967 | medium | 5.9 | 5.9 | 16d ago | Permission control vulnerability in the manufacturability design module. Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2026-41961 | medium | 5.9 | 5.9 | 16d ago | Permission control vulnerability in contacts. Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2026-6811 | medium | 5.9 | 5.9 | 16d ago | Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when processing deeply nested BSON documents in unusual circumstances when the source of these BSON documents is… | |||
| CVE-2026-42597 | medium | 5.9 | 5.9 | 16d ago | Gotenberg allows Chromium URL conversion routes to read arbitrary files under /tmp via file:// scheme | |||
| CVE-2026-33381 | medium | 5.9 | 5.9 | 17d ago | When a user's access to mint tokens for a service account is revoked, it is sometimes still possible to do so for a few seconds after the event. The user will eventually lose access to do this. | |||
| CVE-2026-44577 | medium | 5.9 | 5.9 | 17d ago | Next.js has a Denial of Service in the Image Optimization API | |||
| CVE-2026-44572 | medium | 5.9 | 5.9 | 17d ago | Next.js's Middleware / Proxy redirects can be cache-poisoned | |||
| CVE-2026-6253 | medium | 5.9 | 5.9 | 18d ago | curl might erroneously pass on credentials for a first proxy to a second proxy. This can happen when the following conditions are true: 1. curl is setup to use specific different proxies for differ… | |||
| CVE-2026-4873 | medium | 5.9 | 5.9 | 18d ago | A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text (via IMAP, SM… | |||
| CVE-2026-42545 | medium | 5.9 | 5.9 | 18d ago | Granian vulnerable to DoS via WSGI response header panic | |||
| CVE-2026-43930 | medium | 5.9 | 5.9 | 18d ago | parse-server: MFA SMS one-time password accepted twice under concurrent login | |||
| CVE-2026-8261 | medium | 5.9 | 5.9 | 20d ago | A vulnerability was determined in Squirrel up to 3.2. This affects the function SQFunctionProto::Load of the file squirrel/sqobject.cpp. This manipulation causes heap-based buffer overflow. The attac… | |||
| CVE-2026-44837 | medium | 5.9 | 5.9 | 23d ago | view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file … | |||
| CVE-2026-42225 | medium | 5.9 | 5.9 | 23d ago | PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, on GnuTLS builds, the SIP TLS transport (sip_transport_tls) can accept connections with invalid o… | |||
| CVE-2026-39817 | medium | 5.9 | 5.9 | 23d ago | The "go tool pack" subcommand (usually used only by the compiler as an internal tool with known-good inputs) does not sanitize output filenames. Extracting a malicious archive file with the "pack" su… | |||
| CVE-2026-41484 | medium | 5.9 | 5.9 | 24d ago | OneCollector exporter reads unbounded HTTP response bodies | |||
| CVE-2026-41483 | medium | 5.9 | 5.9 | 24d ago | OpenTelemetry.Resources.Azure has an unbounded HTTP response body read | |||
| CVE-2026-5119 | medium | 5.9 | 5.9 | 25d ago | RHSA-2026:14087: libsoup security update (Moderate) | |||
| CVE-2026-34956 | medium | 5.9 | 5.9 | 25d ago | A flaw was found in Open vSwitch. When Open vSwitch is configured with a conntrack flow using FTP helpers over the userspace datapath, a remote attacker can send a specially crafted FTP stream with a… | |||
| CVE-2026-28510 | medium | 5.9 | 5.9 | 26d ago | eLabFTW is an open source electronic lab notebook. In elabftw versions through 5.4.1, the login flow did not reliably preserve the multi-factor authentication state across authentication steps. Under… | |||
| CVE-2026-32148 | medium | 5.9 | 5.9 | 1mo ago | Insufficient Verification of Data Authenticity vulnerability in hexpm hex (Hex.RemoteConverger module) allows dependency integrity bypass via unverified lockfile checksums. Hex stores checksums for … | |||
| CVE-2026-5080 | medium | 5.9 | 5.9 | 1mo ago | Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The session id is generated from summing the character codepoints of the absolute pathname with the proce… | |||
| CVE-2026-41016 | medium | 5.9 | 5.9 | 1mo ago | apache-airflow-providers-smtp: No certificate validation on SMTP STARTTLS connections in SMTP provider | |||
| CVE-2026-42643 | medium | 5.9 | 5.9 | 1mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StellarWP Image Widget image-widget allows Stored XSS.This issue affects Image Widget: from n/a t… | |||
| CVE-2026-7318 | medium | 5.9 | 5.9 | 1mo ago | A vulnerability was detected in elie mcp-project 0.1.0. The affected element is the function search_papers of the file research_server.py. The manipulation of the argument topic results in path trave… | |||
| CVE-2026-33467 | medium | 5.9 | 5.9 | 1mo ago | Elastic Package Registry has Improper Verification of Cryptographic Signature | |||
| CVE-2026-40966 | medium | 5.9 | 5.9 | 1mo ago | Spring AI's VectorStoreChatMemoryAdvisor conversation scoping can lead to cross-tenant memory exfiltration | |||
| CVE-2026-41319 | medium | 5.9 | 5.9 | 1mo ago | MailKit has STARTTLS Response Injection via unflushed stream buffer that enables SASL mechanism downgrade | |||
| CVE-2026-41078 | medium | 5.9 | 5.9 | 1mo ago | OpenTelemetry .NET has potential memory exhaustion via unbounded pooled-list sizing in Jaeger exporter conversion path | |||
| CVE-2026-40182 | medium | 5.9 | 5.9 | 1mo ago | OpenTelemetry dotnet: OTLP exporter reads unbounded HTTP response bodies | |||
| CVE-2026-3621 | medium | 5.9 | 5.9 | 1mo ago | IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere Application Server Liberty is vulnerable to identity spoofing under limited conditions when an application is deploy… | |||
| CVE-2026-32226 | medium | 5.9 | 5.9 | 2mo ago | Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network. | |||
| CVE-2026-34477 | medium | 5.9 | 5.9 | 2mo ago | Apache Log4j Core: `verifyHostName` attribute silently ignored in TLS configuration | |||
| CVE-2026-21717 | medium | 5.9 | 5.9 | 2mo ago | RHSA-2026:7670: nodejs:24 security update (Important) | |||
| CVE-2026-21713 | medium | 5.9 | 5.9 | 2mo ago | RHSA-2026:7670: nodejs:24 security update (Important) | |||
| CVE-2026-39654 | medium | 5.9 | 5.9 | 2mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ashish Ajani WP Simple HTML Sitemap wp-simple-html-sitemap allows DOM-Based XSS.This issue affect… | |||
| CVE-2026-34219 | medium | 5.9 | 5.9 | 2mo ago | libp2p-gossipsub: Remote crash via unchecked Instant overflow in heartbeat backoff expiry handling | |||
| CVE-2026-4988 | medium | 5.9 | 5.9 | 2mo ago | A security flaw has been discovered in Open5GS 2.7.6. This issue affects the function smf_gx_cca_cb/smf_gy_cca_cb/smf_s6b of the component CCA Message Handler. The manipulation results in denial of s… | |||
| CVE-2026-27856 | medium | 5.9 | 5.9 | 2mo ago | Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to determine the configured credentials. Figuring out the credential wi… | |||
| CVE-2026-27855 | medium | 5.9 | 5.9 | 2mo ago | Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP credentials can be cached so that same OTP r… | |||
| CVE-2026-32935 | medium | 5.9 | 5.9 | 2mo ago | phpseclib's AES-CBC unpadding susceptible to padding oracle timing attack |