CVEs from 2026
Total
13,498
critical
critical 1,178
high
high 4,304
medium
medium 4,186
low
low 449
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.8%
Top products
- chrome 417
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-2711 | medium | 5.6 | 5.6 | 3mo ago | A vulnerability has been found in zhutoutoutousan worldquant-miner up to 1.0.9. The impacted element is an unknown function of the file worldquant-miner-master/agent-dify-api/core/helper/ssrf_proxy.p… | |||
| CVE-2026-47335 | medium | 5.5 | 5.5 | 4d ago | Ubuntu Linux 6.8 contains SAUCE patches with a possible NULL pointer dereference in the handling of AppArmor notifications. The bug can be triggered by an unprivileged local user. This can lead to a … | |||
| CVE-2026-47334 | medium | 5.5 | 5.5 | 4d ago | Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly sleep while holding a spinlock in notification handling code. The bug can be triggered by an unprivileged local user an… | |||
| CVE-2026-47332 | medium | 5.5 | 5.5 | 4d ago | Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly validate the size of an internal structure, leading to an out-of-bounds read in notification handling code. The bug can… | |||
| CVE-2026-47326 | medium | 5.5 | 5.5 | 4d ago | Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a memory leak in the handling of big responses to AppArmor notifications. The bug can be triggered by an unprivileged local user. The memory … | |||
| CVE-2026-48735 | medium | 5.5 | 5.5 | 4d ago | pypdf is a free and open-source pure-python PDF library. Prior to 6.12.1, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing large XMP me… | |||
| CVE-2026-48155 | medium | 5.5 | 5.5 | 4d ago | pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting text in l… | |||
| CVE-2026-45703 | medium | — | 5.5 | 4d ago | Pimcore has a WordExport Authorization Bypass for Unauthorized Document Export | |||
| CVE-2026-45309 | medium | — | 5.5 | 4d ago | AsyncSSH `AuthorizedKeysFile %u` path traversal allows attacker-selected authorized keys to authenticate a traversal username | |||
| CVE-2026-44981 | medium | — | 5.5 | 5d ago | CrowdSec LAPI: Denial of Service via Unbounded Gzip Decompression | |||
| CVE-2026-9759 | medium | 5.5 | 5.5 | 5d ago | ROHC protocol dissector crash in Wireshark 4.6.0 to 4.6.5 and 4.4.0 to 4.4.15 allows denial of service | |||
| CVE-2026-45046 | medium | 5.5 | 5.5 | 5d ago | Gryph Agents Payload Filter Fails to Strip Tool Payload for Sensitive Content | |||
| CVE-2026-45334 | medium | — | 5.5 | 5d ago | Kirby CMS's content locks disclose IDs and emails of inaccessible users from `users.access/list` permissions | |||
| CVE-2026-42184 | medium | — | 5.5 | 5d ago | Tauri is a framework for building binaries for all major desktop platforms. From 2.0 to 2.11.0, a flaw in Tauri's is_local_url() function causes it to incorrectly classify remote URLs as trusted loca… | |||
| CVE-2026-48927 | medium | 5.5 | 5.5 | 5d ago | Jenkins buildgraph-view Plugin 1.8 and earlier does not escape the build URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs or views. | |||
| CVE-2026-47104 | medium | 5.5 | 5.5 | 5d ago | libusb before version 1.0.30 contains a one-byte out-of-bounds read vulnerability in parse_iad_array() in descriptor.c that allows attackers to trigger a denial of service by supplying a malformed US… | |||
| CVE-2026-6053 | medium | 5.5 | 5.5 | 5d ago | IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables. | |||
| CVE-2026-5515 | medium | 5.5 | 5.5 | 5d ago | IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user. | |||
| CVE-2026-40830 | medium | 5.5 | 5.5 | 5d ago | A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the admin.mbnetj.php files UpdateParam function due to improper neutralization of special elements in a… | |||
| CVE-2026-40829 | medium | 5.5 | 5.5 | 5d ago | A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the view.html.php files UpdateParam function due to improper neutralization of special elements in a SQ… | |||
| CVE-2026-40828 | medium | 5.5 | 5.5 | 5d ago | A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DeleteSysLogEntry function due to improper neutralization of special elements in a SQL DELETE comma… | |||
| CVE-2026-40827 | medium | 5.5 | 5.5 | 5d ago | A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the _RemoveRequest function due to improper neutralization of special elements in a SQL DELETE command … | |||
| CVE-2026-40825 | medium | 5.5 | 5.5 | 5d ago | A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the accountstatus view devices parameter due to improper neutralization of special elements in a SQL UP… | |||
| CVE-2026-40824 | medium | 5.5 | 5.5 | 5d ago | A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the accountstatus view userid parameter due to improper neutralization of special elements in a SQL UPD… | |||
| CVE-2026-40823 | medium | 5.5 | 5.5 | 5d ago | A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DevSerialReset function due to improper neutralization of special elements in a SQL UPDATE command … | |||
| CVE-2026-44979 | medium | — | 5.5 | 5d ago | @hapi/wreck leaks sensitive `Proxy-Authorization` header across cross-hostname redirects | |||
| CVE-2026-44646 | medium | — | 5.5 | 5d ago | LiquidJS's `{% render %}` tag silently bypasses per-render `ownPropertyOnly:true` via `Context.spawn()` | |||
| CVE-2026-44645 | medium | — | 5.5 | 5d ago | LiquidJS has a renderLimit DoS guard bypass via empty `{% for %}` body | |||
| CVE-2026-44644 | medium | — | 5.5 | 5d ago | LiquidJS's strip_html filter bypass via newline characters in HTML tags enables XSS | |||
| CVE-2026-44587 | medium | — | 5.5 | 5d ago | CarrierWave has a denylisted_content_type bypass via | |||
| CVE-2026-44210 | medium | — | 5.5 | 5d ago | Kata Containers have VM Escape via virtiofsd Argument Injection through Default-Enabled Pod Annotations | |||
| CVE-2026-44176 | medium | — | 5.5 | 5d ago | Kirby CMS's `pages.access` permission is not checked during rendering of page drafts | |||
| CVE-2026-41207 | medium | — | 5.5 | 5d ago | netty-incubator-codec-ohttp's HPKEContext operations may produce empty byte[] on failures | |||
| CVE-2026-44903 | medium | — | 5.5 | 5d ago | Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI (enabled via the command-line flag --enable-f… | |||
| CVE-2026-44844 | medium | — | 5.5 | 6d ago | eml_parser has recursion DoS via nested message/rfc822 attachments | |||
| CVE-2026-48047 | medium | — | 5.5 | 6d ago | XWiki Platform vulnerable to potential arbitrary file writing using path traversal from (subwiki) admin | |||
| CVE-2026-7453 | medium | 5.5 | 5.5 | 6d ago | A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can cause a Stack Exhaustion vulnerability, leading to a denial-of-service condition. | |||
| CVE-2026-7450 | medium | 5.5 | 5.5 | 6d ago | A maliciously crafted PAR file, when parsed through Autodesk 3ds Max, can force a NULL Pointer Dereference vulnerability. Successful exploitation may cause the application to crash, leading to a deni… | |||
| CVE-2026-48693 | medium | 5.5 | 5.5 | 6d ago | FastNetMon Community Edition through 1.2.9 is vulnerable to a local symlink attack via predictable file paths in /tmp. The statistics file path defaults to '/tmp/fastnetmon.dat' (src/fastnetmon.cpp l… | |||
| CVE-2026-4438 | medium | — | 5.5 | 6d ago | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS host… | |||
| CVE-2026-40385 | medium | — | 5.5 | 6d ago | RHSA-2026:20929: libexif security update (Moderate) | |||
| CVE-2026-4046 | medium | — | 5.5 | 6d ago | RHSA-2026:20587: glibc security update (Moderate) | |||
| CVE-2026-4437 | medium | — | 5.5 | 6d ago | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from… | |||
| CVE-2026-40386 | medium | — | 5.5 | 6d ago | RHSA-2026:20929: libexif security update (Moderate) | |||
| CVE-2026-47124 | medium | — | 5.5 | 9d ago | Nezha Monitoring: Nezha WebSocket server stream discloses cross-tenant server telemetry to authenticated members | |||
| CVE-2026-47157 | medium | — | 5.5 | 9d ago | aiograpi: Unsafe signup challenge path handling | |||
| CVE-2026-47120 | medium | — | 5.5 | 9d ago | Nezha Monitoring: RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks (no ownership check) | |||
| CVE-2026-41149 | medium | — | 5.5 | 9d ago | Mermaid: Improper sanitization of `classDef` in state diagrams leads to HTML injection | |||
| CVE-2026-41148 | medium | — | 5.5 | 9d ago | Mermaid: Improper sanitization of `classDefs` in diagrams leads to CSS injection | |||
| CVE-2026-40610 | medium | 5.5 | 5.5 | 10d ago | BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.38 and prior, the build packaging workflow follows attacker-controlled symli… | |||
| CVE-2026-46715 | medium | — | 5.5 | 10d ago | Flask-Security-Too OAuth reauthentication freshness bypass via cross- user OAuth identity acceptance | |||
| CVE-2026-47166 | medium | — | 5.5 | 10d ago | ImageMagick: Heap Buffer Over-Read in distributed pixel cache server | |||
| CVE-2026-47165 | medium | — | 5.5 | 10d ago | ImageMagick: Information Disclosure in distributed pixel cache server because it is not using a challenge–response authentication model | |||
| CVE-2026-46693 | medium | — | 5.5 | 10d ago | ImageMagick: Race Condition in distributed pixel cache server can result in file descriptor hijacking | |||
| CVE-2026-46692 | medium | — | 5.5 | 10d ago | ImageMagick: Heap Buffer Over-Write in distributed pixel cache server | |||
| CVE-2026-46678 | medium | — | 5.5 | 10d ago | Pydantic AI: SSRF cloud-metadata blocklist bypass via IPv4-mapped IPv6 (Incomplete fix of CVE-2026-25580) | |||
| CVE-2026-46671 | medium | — | 5.5 | 10d ago | Rust OneNote File Parser: Path traversal in `Parser::parse_notebook` allows reading files outside the notebook directory | |||
| CVE-2026-46645 | medium | — | 5.5 | 10d ago | SQLAdmin: Authorization Bypass on `ajax_lookup` | |||
| CVE-2026-46609 | medium | — | 5.5 | 10d ago | Umbraco.Cms: XSS/HTML Injection in Umbraco Backoffice confirmation dialog | |||
| CVE-2026-46556 | medium | — | 5.5 | 10d ago | FlaskBB: SSRF in get_image_info() via unrestricted avatar URL | |||
| CVE-2026-46552 | medium | — | 5.5 | 10d ago | NocoDB: Shared-base link access can invite arbitrary users as persistent base members | |||
| CVE-2026-46551 | medium | — | 5.5 | 10d ago | NocoDB: Missing File Size Enforcement in Upload-by-URL Allows Denial of Service via Disk Exhaustion | |||
| CVE-2026-46550 | medium | — | 5.5 | 10d ago | NocoDB: Refresh Token Cookie Set Without `secure` and `sameSite` Flags | |||
| CVE-2026-46548 | medium | — | 5.5 | 10d ago | NocoDB: SSRF Protection Bypass in Notification Webhook Plugins (Slack, Discord, Mattermost, Teams) | |||
| CVE-2026-46547 | medium | — | 5.5 | 10d ago | NocoDB: Reflected Cross-Site Scripting via Page Leaving Redirect URL | |||
| CVE-2026-46683 | medium | — | 5.5 | 11d ago | Snappy : SSRF and local file read via the xsl-style-sheet option | |||
| CVE-2026-46618 | medium | — | 5.5 | 11d ago | Fission builder accepts arbitrary buildcmd strings from Environment.spec.builder.command, allowing the builder pod to invoke arbitrary executables | |||
| CVE-2026-46616 | medium | — | 5.5 | 11d ago | Umbraco.Cms: Open Redirect Vulnerability in Surface Controllers | |||
| CVE-2026-46543 | medium | — | 5.5 | 11d ago | nimiq-blockchain: Genesis batch set request | |||
| CVE-2026-46542 | medium | — | 5.5 | 11d ago | nimiq-keys: Denial of service in Ed25519 multisig delinearization via invalid curve points | |||
| CVE-2026-46539 | medium | — | 5.5 | 11d ago | nimiq-primitives: BlockInclusionProof interlink issue when hops are empty | |||
| CVE-2026-46486 | medium | — | 5.5 | 11d ago | Mobile Verification Toolkit (MVT): Path Traversal via unsanitized File identifiers in iOS Backup processing | |||
| CVE-2026-46403 | medium | — | 5.5 | 11d ago | Klever-Go KVM read-only execution can commit contract delete and upgrade side effects | |||
| CVE-2026-45252 | medium | 5.5 | 5.5 | 11d ago | When a fusefs file system implements extended attributes, the kernel may send a FUSE_LISTXATTR message to the userspace daemon to retrieve the list of extended attributes for a given file. The FUSE … | |||
| CVE-2026-46420 | medium | — | 5.5 | 12d ago | Setup PHP: Command Injection in Repository-Derived PHP Version Resolution | |||
| CVE-2026-45792 | medium | — | 5.5 | 12d ago | RTK improperly trusts project-local filter configuration, allowing silent tampering of command output shown to LLM | |||
| CVE-2026-45068 | medium | — | 5.5 | 12d ago | Symfony has an Argument Injection in SendmailTransport via Dash-Prefixed Recipient Address | |||
| CVE-2026-45070 | medium | — | 5.5 | 12d ago | Symfony has Email Header Injection via Non-Token Characters in Mime Parameter Names | |||
| CVE-2026-45074 | medium | — | 5.5 | 12d ago | Symfony's Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay | |||
| CVE-2026-46638 | medium | — | 5.5 | 12d ago | Twig: `{% sandbox %}{% include %}` skips checkSecurity() on cached templates (incomplete fix for CVE-2024-45411) | |||
| CVE-2026-45064 | medium | — | 5.5 | 12d ago | Symfony's HtmlSanitizer URL Attributes Pass Through BiDi Override Characters → Visual href Spoofing | |||
| CVE-2026-45069 | medium | — | 5.5 | 12d ago | Symfony's OidcTokenHandler Accepts JWTs Missing aud/iss/exp Claims | |||
| CVE-2026-45073 | medium | — | 5.5 | 12d ago | Symfony Vulnerable to SQL Injection in PdoAdapter::doClear() via Unsanitized $prefix | |||
| CVE-2026-46634 | medium | — | 5.5 | 12d ago | Twig: `template_from_string()` escapes a SourcePolicy-driven sandbox via synthesized template name | |||
| CVE-2026-45066 | medium | — | 5.5 | 12d ago | Symfony has an HtmlSanitizer allowLinkHosts() / allowMediaHosts() Bypass via URL-Parser Differentials and <area> Misclassification | |||
| CVE-2026-45075 | medium | — | 5.5 | 12d ago | Synfony's HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid] | |||
| CVE-2026-45065 | medium | — | 5.5 | 12d ago | Symfony has a UrlGenerator Route-Requirement Bypass via Unanchored Regex Alternation → Off-Site //host URL Injection | |||
| CVE-2026-43620 | medium | 5.5 | 5.5 | 12d ago | Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recv_files() in receiver.c that allows a malicious rsync server to crash the rsync client process. Atta… | |||
| CVE-2026-39309 | medium | 5.5 | 5.5 | 12d ago | Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Electron configuration is vulnerable to … | |||
| CVE-2026-23204 | medium | — | 5.5 | 12d ago | RHSA-2026:6037: kernel security update (Moderate) | |||
| CVE-2026-46338 | medium | — | 5.5 | 13d ago | Regression in pymdownx.snippets reintroduces sibling-prefix path traversal bypass despite restrict_base_path | |||
| CVE-2026-45802 | medium | — | 5.5 | 13d ago | FPDI: Memory Exhaustion and Endless Loop in FPDI leads to Denial of Service | |||
| CVE-2026-45796 | medium | — | 5.5 | 13d ago | Coder: Unauthenticated SSRF via Azure Instance Identity Endpoint | |||
| CVE-2026-46357 | medium | — | 5.5 | 13d ago | HAX CMS: Denial of Service using Malicious Import Request | |||
| CVE-2026-45785 | medium | — | 5.5 | 13d ago | OpenMcdf: Uncatchable infinite loop in DirectoryTree.TryGetDirectoryEntry on crafted CFB directory cycle | |||
| CVE-2026-45784 | medium | — | 5.5 | 13d ago | rust-openssl: Potential out-of-bounds write in `CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphers | |||
| CVE-2026-46341 | medium | — | 5.5 | 13d ago | Apify Model Context Protocol (MCP) server: Domain Allowlist Bypass in fetch-apify-docs via String Prefix Matching | |||
| CVE-2026-46337 | medium | — | 5.5 | 13d ago | WWBN AVideo is an open source video platform. In 29.0 and earlier, an unauthenticated remote attacker can read arbitrary image files anywhere on disk that the PHP user can open — including private us… | |||
| CVE-2026-45737 | medium | — | 5.5 | 13d ago | Argo CD: Kubernetes Secret Extraction via ArgoCD ServerSideDiff via sensitive annotations | |||
| CVE-2026-45712 | medium | — | 5.5 | 13d ago | Mailpit: Concurrent map read & write in proxy CSS rewriter - remote unauth crash (fatal error: concurrent map read and map write) |