CVEs from 2026
Total
13,460
critical
critical 1,176
high
high 4,283
medium
medium 4,161
low
low 442
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.8%
Top products
- chrome 417
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-40824 | medium | 5.5 | 5.5 | 4d ago | A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the accountstatus view userid parameter due to improper neutralization of special elements in a SQL UPD… | |||
| CVE-2026-40823 | medium | 5.5 | 5.5 | 4d ago | A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DevSerialReset function due to improper neutralization of special elements in a SQL UPDATE command … | |||
| CVE-2026-44979 | medium | — | 5.5 | 4d ago | @hapi/wreck leaks sensitive `Proxy-Authorization` header across cross-hostname redirects | |||
| CVE-2026-44646 | medium | — | 5.5 | 4d ago | LiquidJS's `{% render %}` tag silently bypasses per-render `ownPropertyOnly:true` via `Context.spawn()` | |||
| CVE-2026-44645 | medium | — | 5.5 | 5d ago | LiquidJS has a renderLimit DoS guard bypass via empty `{% for %}` body | |||
| CVE-2026-44644 | medium | — | 5.5 | 5d ago | LiquidJS's strip_html filter bypass via newline characters in HTML tags enables XSS | |||
| CVE-2026-44596 | medium | — | 5.5 | 5d ago | Yamcs has No Rate Limiting on Authentication Endpoint | |||
| CVE-2026-44595 | medium | — | 5.5 | 5d ago | Yamcs vulnerable to unauthorized user enumeration via IAM API endpoints | |||
| CVE-2026-44587 | medium | — | 5.5 | 5d ago | CarrierWave has a denylisted_content_type bypass via Unescaped Regex Metacharacters | |||
| CVE-2026-44210 | medium | — | 5.5 | 5d ago | Kata Containers have VM Escape via virtiofsd Argument Injection through Default-Enabled Pod Annotations | |||
| CVE-2026-44176 | medium | — | 5.5 | 5d ago | Kirby CMS's `pages.access` permission is not checked during rendering of page drafts | |||
| CVE-2026-42568 | medium | — | 5.5 | 5d ago | Yamcs Vulnerable to LDAP Injection in LdapAuthModule | |||
| CVE-2026-41207 | medium | — | 5.5 | 5d ago | netty-incubator-codec-ohttp's HPKEContext operations may produce empty byte[] on failures | |||
| CVE-2026-44903 | medium | — | 5.5 | 5d ago | Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI (enabled via the command-line flag --enable-f… | |||
| CVE-2026-44844 | medium | — | 5.5 | 5d ago | eml_parser has recursion DoS via nested message/rfc822 attachments | |||
| CVE-2026-48047 | medium | — | 5.5 | 5d ago | XWiki Platform vulnerable to potential arbitrary file writing using path traversal from (subwiki) admin | |||
| CVE-2026-7453 | medium | 5.5 | 5.5 | 5d ago | A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can cause a Stack Exhaustion vulnerability, leading to a denial-of-service condition. | |||
| CVE-2026-7450 | medium | 5.5 | 5.5 | 5d ago | A maliciously crafted PAR file, when parsed through Autodesk 3ds Max, can force a NULL Pointer Dereference vulnerability. Successful exploitation may cause the application to crash, leading to a deni… | |||
| CVE-2026-48693 | medium | 5.5 | 5.5 | 5d ago | FastNetMon Community Edition through 1.2.9 is vulnerable to a local symlink attack via predictable file paths in /tmp. The statistics file path defaults to '/tmp/fastnetmon.dat' (src/fastnetmon.cpp l… | |||
| CVE-2026-40385 | medium | — | 5.5 | 6d ago | RHSA-2026:20929: libexif security update (Moderate) | |||
| CVE-2026-4046 | medium | — | 5.5 | 6d ago | RHSA-2026:20587: glibc security update (Moderate) | |||
| CVE-2026-4437 | medium | — | 5.5 | 6d ago | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from… | |||
| CVE-2026-40386 | medium | — | 5.5 | 6d ago | RHSA-2026:20929: libexif security update (Moderate) | |||
| CVE-2026-4438 | medium | — | 5.5 | 6d ago | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS host… | |||
| CVE-2026-47124 | medium | — | 5.5 | 9d ago | Nezha Monitoring: Nezha WebSocket server stream discloses cross-tenant server telemetry to authenticated members | |||
| CVE-2026-47157 | medium | — | 5.5 | 9d ago | aiograpi: Unsafe signup challenge path handling | |||
| CVE-2026-47120 | medium | — | 5.5 | 9d ago | Nezha Monitoring: RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks (no ownership check) | |||
| CVE-2026-41149 | medium | — | 5.5 | 9d ago | Mermaid: Improper sanitization of `classDef` in state diagrams leads to HTML injection | |||
| CVE-2026-41148 | medium | — | 5.5 | 9d ago | Mermaid: Improper sanitization of `classDefs` in diagrams leads to CSS injection | |||
| CVE-2026-40610 | medium | 5.5 | 5.5 | 9d ago | BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.38 and prior, the build packaging workflow follows attacker-controlled symli… | |||
| CVE-2026-46715 | medium | — | 5.5 | 9d ago | Flask-Security-Too OAuth reauthentication freshness bypass via cross- user OAuth identity acceptance | |||
| CVE-2026-47166 | medium | — | 5.5 | 9d ago | ImageMagick: Heap Buffer Over-Read in distributed pixel cache server | |||
| CVE-2026-47165 | medium | — | 5.5 | 9d ago | ImageMagick: Information Disclosure in distributed pixel cache server because it is not using a challenge–response authentication model | |||
| CVE-2026-46693 | medium | — | 5.5 | 9d ago | ImageMagick: Race Condition in distributed pixel cache server can result in file descriptor hijacking | |||
| CVE-2026-46692 | medium | — | 5.5 | 9d ago | ImageMagick: Heap Buffer Over-Write in distributed pixel cache server | |||
| CVE-2026-46678 | medium | — | 5.5 | 10d ago | Pydantic AI: SSRF cloud-metadata blocklist bypass via IPv4-mapped IPv6 (Incomplete fix of CVE-2026-25580) | |||
| CVE-2026-46671 | medium | — | 5.5 | 10d ago | Rust OneNote File Parser: Path traversal in `Parser::parse_notebook` allows reading files outside the notebook directory | |||
| CVE-2026-46645 | medium | — | 5.5 | 10d ago | SQLAdmin: Authorization Bypass on `ajax_lookup` | |||
| CVE-2026-46609 | medium | — | 5.5 | 10d ago | Umbraco.Cms: XSS/HTML Injection in Umbraco Backoffice confirmation dialog | |||
| CVE-2026-46556 | medium | — | 5.5 | 10d ago | FlaskBB: SSRF in get_image_info() via unrestricted avatar URL | |||
| CVE-2026-46552 | medium | — | 5.5 | 10d ago | NocoDB: Shared-base link access can invite arbitrary users as persistent base members | |||
| CVE-2026-46551 | medium | — | 5.5 | 10d ago | NocoDB: Missing File Size Enforcement in Upload-by-URL Allows Denial of Service via Disk Exhaustion | |||
| CVE-2026-46550 | medium | — | 5.5 | 10d ago | NocoDB: Refresh Token Cookie Set Without `secure` and `sameSite` Flags | |||
| CVE-2026-46548 | medium | — | 5.5 | 10d ago | NocoDB: SSRF Protection Bypass in Notification Webhook Plugins (Slack, Discord, Mattermost, Teams) | |||
| CVE-2026-46547 | medium | — | 5.5 | 10d ago | NocoDB: Reflected Cross-Site Scripting via Page Leaving Redirect URL | |||
| CVE-2026-46683 | medium | — | 5.5 | 10d ago | Snappy : SSRF and local file read via the xsl-style-sheet option | |||
| CVE-2026-46618 | medium | — | 5.5 | 10d ago | Fission builder accepts arbitrary buildcmd strings from Environment.spec.builder.command, allowing the builder pod to invoke arbitrary executables | |||
| CVE-2026-46616 | medium | — | 5.5 | 10d ago | Umbraco.Cms: Open Redirect Vulnerability in Surface Controllers | |||
| CVE-2026-46543 | medium | — | 5.5 | 10d ago | nimiq-blockchain: Genesis batch set request | |||
| CVE-2026-46542 | medium | — | 5.5 | 10d ago | nimiq-keys: Denial of service in Ed25519 multisig delinearization via invalid curve points | |||
| CVE-2026-46539 | medium | — | 5.5 | 10d ago | nimiq-primitives: BlockInclusionProof interlink issue when hops are empty | |||
| CVE-2026-46486 | medium | — | 5.5 | 10d ago | Mobile Verification Toolkit (MVT): Path Traversal via unsanitized File identifiers in iOS Backup processing | |||
| CVE-2026-46403 | medium | — | 5.5 | 10d ago | Klever-Go KVM read-only execution can commit contract delete and upgrade side effects | |||
| CVE-2026-45252 | medium | 5.5 | 5.5 | 10d ago | When a fusefs file system implements extended attributes, the kernel may send a FUSE_LISTXATTR message to the userspace daemon to retrieve the list of extended attributes for a given file. The FUSE … | |||
| CVE-2026-46420 | medium | — | 5.5 | 11d ago | Setup PHP: Command Injection in Repository-Derived PHP Version Resolution | |||
| CVE-2026-45792 | medium | — | 5.5 | 11d ago | RTK improperly trusts project-local filter configuration, allowing silent tampering of command output shown to LLM | |||
| CVE-2026-45068 | medium | — | 5.5 | 11d ago | Symfony has an Argument Injection in SendmailTransport via Dash-Prefixed Recipient Address | |||
| CVE-2026-45069 | medium | — | 5.5 | 11d ago | Symfony's OidcTokenHandler Accepts JWTs Missing aud/iss/exp Claims | |||
| CVE-2026-45064 | medium | — | 5.5 | 11d ago | Symfony's HtmlSanitizer URL Attributes Pass Through BiDi Override Characters → Visual href Spoofing | |||
| CVE-2026-45075 | medium | — | 5.5 | 11d ago | Synfony's HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid] | |||
| CVE-2026-45070 | medium | — | 5.5 | 11d ago | Symfony has Email Header Injection via Non-Token Characters in Mime Parameter Names | |||
| CVE-2026-45066 | medium | — | 5.5 | 11d ago | Symfony has an HtmlSanitizer allowLinkHosts() / allowMediaHosts() Bypass via URL-Parser Differentials and <area> Misclassification | |||
| CVE-2026-45065 | medium | — | 5.5 | 11d ago | Symfony has a UrlGenerator Route-Requirement Bypass via Unanchored Regex Alternation → Off-Site //host URL Injection | |||
| CVE-2026-45073 | medium | — | 5.5 | 11d ago | Symfony Vulnerable to SQL Injection in PdoAdapter::doClear() via Unsanitized $prefix | |||
| CVE-2026-45074 | medium | — | 5.5 | 11d ago | Symfony's Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay | |||
| CVE-2026-46638 | medium | — | 5.5 | 11d ago | Twig: `{% sandbox %}{% include %}` skips checkSecurity() on cached templates (incomplete fix for CVE-2024-45411) | |||
| CVE-2026-46634 | medium | — | 5.5 | 11d ago | Twig: `template_from_string()` escapes a SourcePolicy-driven sandbox via synthesized template name | |||
| CVE-2026-43620 | medium | 5.5 | 5.5 | 11d ago | Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recv_files() in receiver.c that allows a malicious rsync server to crash the rsync client process. Atta… | |||
| CVE-2026-39309 | medium | 5.5 | 5.5 | 12d ago | Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Electron configuration is vulnerable to … | |||
| CVE-2026-23204 | medium | — | 5.5 | 12d ago | RHSA-2026:6037: kernel security update (Moderate) | |||
| CVE-2026-46338 | medium | — | 5.5 | 12d ago | Regression in pymdownx.snippets reintroduces sibling-prefix path traversal bypass despite restrict_base_path | |||
| CVE-2026-45802 | medium | — | 5.5 | 12d ago | FPDI: Memory Exhaustion and Endless Loop in FPDI leads to Denial of Service | |||
| CVE-2026-45796 | medium | — | 5.5 | 12d ago | Coder: Unauthenticated SSRF via Azure Instance Identity Endpoint | |||
| CVE-2026-46357 | medium | — | 5.5 | 12d ago | HAX CMS: Denial of Service using Malicious Import Request | |||
| CVE-2026-45785 | medium | — | 5.5 | 12d ago | OpenMcdf: Uncatchable infinite loop in DirectoryTree.TryGetDirectoryEntry on crafted CFB directory cycle | |||
| CVE-2026-45784 | medium | — | 5.5 | 12d ago | rust-openssl: Potential out-of-bounds write in `CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphers | |||
| CVE-2026-46341 | medium | — | 5.5 | 12d ago | Apify Model Context Protocol (MCP) server: Domain Allowlist Bypass in fetch-apify-docs via String Prefix Matching | |||
| CVE-2026-46337 | medium | — | 5.5 | 12d ago | WWBN AVideo is an open source video platform. In 29.0 and earlier, an unauthenticated remote attacker can read arbitrary image files anywhere on disk that the PHP user can open — including private us… | |||
| CVE-2026-45737 | medium | — | 5.5 | 12d ago | Argo CD: Kubernetes Secret Extraction via ArgoCD ServerSideDiff via sensitive annotations | |||
| CVE-2026-45712 | medium | — | 5.5 | 12d ago | Mailpit: Concurrent map read & write in proxy CSS rewriter - remote unauth crash (fatal error: concurrent map read and map write) | |||
| CVE-2026-45711 | medium | — | 5.5 | 12d ago | Mailpit: Path traversal & arbitrary file write in mailpit dump --http via attacker-controlled message IDs | |||
| CVE-2026-45709 | medium | — | 5.5 | 12d ago | Mailpit has an incomplete fix for GHSA-6jxm: HTML check still permits SSRF to private/loopback/IMDS via missing IP-filter dialer | |||
| CVE-2026-45692 | medium | — | 5.5 | 12d ago | Caddy: Remote Admin Authorization Bypass in `/config` API via Array Index Normalization | |||
| CVE-2026-45670 | medium | — | 5.5 | 12d ago | Nuxt: Dev server exposes built source over LAN to malicious sites (incomplete fix for GHSA-4gf7-ff8x-hq99) | |||
| CVE-2026-45669 | medium | — | 5.5 | 12d ago | Nuxt: Reflected XSS in `navigateTo()` external redirect | |||
| CVE-2026-45581 | medium | — | 5.5 | 12d ago | fabric-chaincode-java: TLS Private Key Password Disclosed in INFO Startup Logs in Chaincode-as-a-Service Mode | |||
| CVE-2026-46496 | medium | — | 5.5 | 12d ago | HAX CMS: Stored XSS via '<video-player>' component allows arbitrary JavaScript execution and token theft | |||
| CVE-2026-45409 | medium | — | 5.5 | 12d ago | Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix | |||
| CVE-2026-47317 | medium | 5.5 | 5.5 | 12d ago | Uncontrolled Recursion vulnerability in Samsung Open Source Escargot allows Excessive Allocation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3. | |||
| CVE-2026-47316 | medium | 5.5 | 5.5 | 12d ago | Improper Check or Handling of Exceptional Conditions vulnerability in Samsung Open Source Escargot allows Input Data Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2… | |||
| CVE-2026-47315 | medium | 5.5 | 5.5 | 12d ago | Improper Check for Unusual or Exceptional Conditions vulnerability in Samsung Open Source Escargot allows Input Data Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2… | |||
| CVE-2026-47313 | medium | 5.5 | 5.5 | 12d ago | Memory allocation with excessive size value vulnerability in Samsung Open Source Escargot allows Excessive Allocation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3. | |||
| CVE-2026-47312 | medium | 5.5 | 5.5 | 12d ago | Release of invalid pointer or reference vulnerability in Samsung Open Source Escargot allows Buffer Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3. | |||
| CVE-2026-47309 | medium | 5.5 | 5.5 | 12d ago | Uncontrolled Recursion vulnerability in Samsung Open Source Escargot allows Oversized Serialized Data Payloads. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3. | |||
| CVE-2026-47308 | medium | 5.5 | 5.5 | 12d ago | NULL pointer dereference vulnerability in Samsung Open Source Walrus allows Pointer Manipulation. This issue affects Walrus: f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9. | |||
| CVE-2026-47307 | medium | 5.5 | 5.5 | 12d ago | NULL pointer dereference vulnerability in Samsung Open Source Walrus allows an attacker to cause a denial of service via a crafted WebAssembly module containing deeply nested instructions. This issu… | |||
| CVE-2026-27766 | medium | 5.5 | 5.5 | 12d ago | in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak. | |||
| CVE-2026-25850 | medium | 5.5 | 5.5 | 12d ago | in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak | |||
| CVE-2026-0865 | medium | — | 5.5 | 13d ago | RHSA-2026:4473: python3.11 security update (Moderate) | |||
| CVE-2026-0967 | medium | 5.5 | 5.5 | 13d ago | Moderate: libssh security update |