CVEs from 2026
Total
13,506
critical
critical 1,178
high
high 4,304
medium
medium 4,191
low
low 452
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.8%
Top products
- chrome 417
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-45712 | medium | — | 5.5 | 13d ago | Mailpit: Concurrent map read & write in proxy CSS rewriter - remote unauth crash (fatal error: concurrent map read and map write) | |||
| CVE-2026-45711 | medium | — | 5.5 | 13d ago | Mailpit: Path traversal & arbitrary file write in mailpit dump --http via attacker-controlled message IDs | |||
| CVE-2026-45709 | medium | — | 5.5 | 13d ago | Mailpit has an incomplete fix for GHSA-6jxm: HTML check still permits SSRF to private/loopback/IMDS via missing IP-filter dialer | |||
| CVE-2026-45692 | medium | — | 5.5 | 13d ago | Caddy: Remote Admin Authorization Bypass in `/config` API via Array Index Normalization | |||
| CVE-2026-45670 | medium | — | 5.5 | 13d ago | Nuxt: Dev server exposes built source over LAN to malicious sites (incomplete fix for GHSA-4gf7-ff8x-hq99) | |||
| CVE-2026-45669 | medium | — | 5.5 | 13d ago | Nuxt: Reflected XSS in `navigateTo()` external redirect | |||
| CVE-2026-45581 | medium | — | 5.5 | 13d ago | fabric-chaincode-java: TLS Private Key Password Disclosed in INFO Startup Logs in Chaincode-as-a-Service Mode | |||
| CVE-2026-46496 | medium | — | 5.5 | 13d ago | HAX CMS: Stored XSS via '<video-player>' component allows arbitrary JavaScript execution and token theft | |||
| CVE-2026-45409 | medium | — | 5.5 | 13d ago | Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix | |||
| CVE-2026-47317 | medium | 5.5 | 5.5 | 13d ago | Uncontrolled Recursion vulnerability in Samsung Open Source Escargot allows Excessive Allocation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3. | |||
| CVE-2026-47316 | medium | 5.5 | 5.5 | 13d ago | Improper Check or Handling of Exceptional Conditions vulnerability in Samsung Open Source Escargot allows Input Data Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2… | |||
| CVE-2026-47315 | medium | 5.5 | 5.5 | 13d ago | Improper Check for Unusual or Exceptional Conditions vulnerability in Samsung Open Source Escargot allows Input Data Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2… | |||
| CVE-2026-47313 | medium | 5.5 | 5.5 | 13d ago | Memory allocation with excessive size value vulnerability in Samsung Open Source Escargot allows Excessive Allocation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3. | |||
| CVE-2026-47312 | medium | 5.5 | 5.5 | 13d ago | Release of invalid pointer or reference vulnerability in Samsung Open Source Escargot allows Buffer Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3. | |||
| CVE-2026-47309 | medium | 5.5 | 5.5 | 13d ago | Uncontrolled Recursion vulnerability in Samsung Open Source Escargot allows Oversized Serialized Data Payloads. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3. | |||
| CVE-2026-47308 | medium | 5.5 | 5.5 | 13d ago | NULL pointer dereference vulnerability in Samsung Open Source Walrus allows Pointer Manipulation. This issue affects Walrus: f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9. | |||
| CVE-2026-47307 | medium | 5.5 | 5.5 | 13d ago | NULL pointer dereference vulnerability in Samsung Open Source Walrus allows an attacker to cause a denial of service via a crafted WebAssembly module containing deeply nested instructions. This issu… | |||
| CVE-2026-27766 | medium | 5.5 | 5.5 | 13d ago | in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak. | |||
| CVE-2026-25850 | medium | 5.5 | 5.5 | 13d ago | in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak | |||
| CVE-2026-31677 | medium | 5.5 | 5.5 | 13d ago | In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - limit RX SG extraction by receive buffer budget Make af_alg_get_rsgl() limit each RX scatterlist extraction to t… | |||
| CVE-2026-23040 | medium | — | 5.5 | 13d ago | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211_hwsim: fix typo in frequency notification The NAN notification is for 5745 MHz which corresponds to channel 149 an… | |||
| CVE-2026-0865 | medium | — | 5.5 | 13d ago | RHSA-2026:4473: python3.11 security update (Moderate) | |||
| CVE-2026-30892 | medium | — | 5.5 | 13d ago | Moderate: crun security update | |||
| CVE-2026-32710 | medium | — | 5.5 | 13d ago | MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Un… | |||
| CVE-2026-0967 | medium | 5.5 | 5.5 | 13d ago | Moderate: libssh security update | |||
| CVE-2026-46559 | medium | — | 5.5 | 14d ago | ImageMagick: Heap Buffer Over-Write of a single byte in the JP2 encoder. | |||
| CVE-2026-46557 | medium | — | 5.5 | 14d ago | ImageMagick: Stack overflow in fx operation | |||
| CVE-2026-46523 | medium | — | 5.5 | 14d ago | ImageMagick: Use-After-Free in MSL decoder. | |||
| CVE-2026-46521 | medium | — | 5.5 | 14d ago | ImageMagick: Heap Buffer Over-Write in MIFF encoder when using LZMA compression | |||
| CVE-2026-45664 | medium | — | 5.5 | 14d ago | ImageMagick: Policy Bypass in MNG coder could | |||
| CVE-2026-45624 | medium | — | 5.5 | 14d ago | ImageMagick: Heap Buffer Over-Read of a 4 bytes in distort operation. | |||
| CVE-2026-45554 | medium | — | 5.5 | 14d ago | NiceGUI: Unauthenticated log-volume denial of service in dynamic resource routes | |||
| CVE-2026-45684 | medium | — | 5.5 | 14d ago | OpenTelemetry eBPF Instrumentation: Log enricher writev path can overread and overwrite user buffers | |||
| CVE-2026-45682 | medium | — | 5.5 | 14d ago | OpenTelemetry eBPF Instrumentation: CappedConcurrentHashMap leaks keys after removals | |||
| CVE-2026-45246 | medium | 5.5 | 5.5 | 14d ago | Summarize prior to 0.15.1 contains an insecure file permission vulnerability in the refresh-free configuration rewrite path that allows local users to read sensitive credentials by exploiting default… | |||
| CVE-2026-45681 | medium | — | 5.5 | 14d ago | OpenTelemetry eBPF Instrumentation: CPU-mismatch fallback uses 256-byte buffer with 8KB size | |||
| CVE-2026-45680 | medium | — | 5.5 | 14d ago | OpenTelemetry eBPF Instrumentation: Unbounded BPF internal metrics replay can exhaust CPU | |||
| CVE-2026-45731 | medium | — | 5.5 | 14d ago | WWBN AVideo is an open source video platform. In 29.0 and earlier, view/update.php reads $_POST['updateFile'] as a relative path under updatedb/ and passes it to PHP's file() for line-by-line executi… | |||
| CVE-2026-32849 | medium | 5.5 | 5.5 | 14d ago | NetBSD prior to commit ec8451e contains a signed integer overflow vulnerability in the cryptodev_op() function in sys/opencrypto/cryptodev.c where the local variable iov_len is declared as a signed i… | |||
| CVE-2026-45679 | medium | — | 5.5 | 14d ago | OpenTelemetry eBPF Instrumentation: Redis error text is exported in span status messages | |||
| CVE-2026-45676 | medium | — | 5.5 | 14d ago | OpenTelemetry eBPF Instrumentation: Unsafe fastelf parsing allows malformed ELF to crash agent | |||
| CVE-2026-45031 | medium | — | 5.5 | 14d ago | ImageMagick: Policy Bypass in PSD decoder | |||
| CVE-2026-41568 | medium | — | 5.5 | 14d ago | Docker: Race condition in docker cp allows creation of arbitrary empty files on the host via symlink swap | |||
| CVE-2026-45358 | medium | — | 5.5 | 14d ago | ImageMagick: Out-of-Bounds Read of a single byte in meta encoder | |||
| CVE-2026-45359 | medium | — | 5.5 | 14d ago | ImageMagick: Out-of-Bounds Read in connected components when the user supplies an invalid keep-top define | |||
| CVE-2026-45701 | medium | — | 5.5 | 14d ago | Sulu: Weak Cryptographical usage for API Key generation and Reset Tokens | |||
| CVE-2026-45139 | medium | — | 5.5 | 14d ago | CI4MS Fileeditor allows deletion and rename of critical application files due to missing extension allowlist on destructive operations | |||
| CVE-2026-45138 | medium | — | 5.5 | 14d ago | CI4MS: Stored XSS in Blog Content via Broken `html_purify` Validation Rule | |||
| CVE-2026-42326 | medium | — | 5.5 | 14d ago | ImageMagick: Heap Buffer Over-Read in IPTC encoder | |||
| CVE-2026-45577 | medium | — | 5.5 | 14d ago | Neotoma provides versioned records that persist across agent runs. From 0.6.0 to before 0.11.1, Neotoma can treat public reverse-proxied requests as local when the app receives them over a loopback s… | |||
| CVE-2026-33416 | medium | — | 5.5 | 14d ago | Moderate: libpng security update | |||
| CVE-2026-46383 | medium | 5.5 | 5.5 | 17d ago | Microsoft APM: Windows absolute-path tar member overwrite during legacy-bundle probing in `apm install` | |||
| CVE-2026-45106 | medium | — | 5.5 | 17d ago | Weblate: Stored HTML injection in editor search preview | |||
| CVE-2026-41971 | medium | 5.5 | 5.5 | 17d ago | Permission control vulnerability in the security control module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||
| CVE-2026-44427 | medium | — | 5.5 | 17d ago | MCP Registry has open redirect via protocol-relative path in trailing-slash middleware | |||
| CVE-2026-44662 | medium | — | 5.5 | 18d ago | rust-openssl vulnerable to heap buffer overflow when encrypting with AES key-wrap-with-padding | |||
| CVE-2026-45787 | medium | — | 5.5 | 18d ago | electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confid… | |||
| CVE-2026-42573 | medium | — | 5.5 | 18d ago | Svelte Vulnerable to XSS via DOM Clobbering of Internal Framework State | |||
| CVE-2026-42567 | medium | — | 5.5 | 18d ago | Svelte: ReDoS in `<svelte:element>` Tag Validation | |||
| CVE-2026-42599 | medium | — | 5.5 | 18d ago | Svelte SSR vulnerable to cross-site scripting via spread attributes | |||
| CVE-2026-8586 | medium | 5.5 | 5.5 | 18d ago | Inappropriate implementation in Chromoting in Google Chrome prior to 148.0.7778.168 allowed a local attacker to bypass discretionary access control via a malicious file. (Chromium security severity: … | |||
| CVE-2026-43996 | medium | 5.5 | 5.5 | 18d ago | OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, the bounds check in TGAInput::decode_… | |||
| CVE-2026-45021 | medium | — | 5.5 | 18d ago | Kuma is a modern Envoy-based service mesh that can run on every cloud across both Kubernetes and VMs. Prior to 2.7.25, 2.9.15, 2.11.13, 2.12.10, and 2.13.5, the default kuma-cp config leaks the admin… | |||
| CVE-2026-44968 | medium | — | 5.5 | 18d ago | dbt MCP Server has an Argument Injection in dbt CLI Tool Wrappers via node_selection and resource_type Parameters | |||
| CVE-2026-46469 | medium | 5.5 | 5.5 | 18d ago | An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemux_parse_trak function does not sufficiently validate atom data before per… | |||
| CVE-2026-44544 | medium | — | 5.5 | 18d ago | gittuf's policy can be rolled back to prior valid versions | |||
| CVE-2026-44884 | medium | — | 5.5 | 18d ago | Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before … | |||
| CVE-2026-44885 | medium | 5.5 | 5.5 | 18d ago | Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before … | |||
| CVE-2026-45076 | medium | — | 5.5 | 18d ago | Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, in federated rooms, malicious homeservers can craft room events in such a way that prevents Synapse from providing full h… | |||
| CVE-2026-44722 | medium | — | 5.5 | 18d ago | pyzipper has an encryption bypass for small files encrypted using it | |||
| CVE-2026-42853 | medium | — | 5.5 | 18d ago | @apostrophecms/cli: Command Injection in apos create via Unsanitized Password Input | |||
| CVE-2026-44308 | medium | — | 5.5 | 18d ago | Spring Cloud AWS missing SNS message signature verification allows spoofing of HTTP/HTTPS endpoint notifications | |||
| CVE-2026-44368 | medium | — | 5.5 | 19d ago | pyquorum: Timing side‑channel in mul_mod | |||
| CVE-2026-44363 | medium | — | 5.5 | 19d ago | misp-modules has nsafe remote resource fetching in expansion | |||
| CVE-2026-44479 | medium | 5.5 | 5.5 | 19d ago | Vercel: Non-interactive mode includes CLI arguments in suggested command output | |||
| CVE-2026-44740 | medium | — | 5.5 | 19d ago | go-billy: Lack of depth and cycle detection in symlink resolution may lead to infinite loops and resource exhaustion | |||
| CVE-2026-21022 | medium | 5.5 | 5.5 | 19d ago | Improper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows local attackers to access sensitive information. | |||
| CVE-2026-21016 | medium | 5.5 | 5.5 | 19d ago | Incorrect privilege assignment in LocationManager prior to SMR May-2026 Release 1 allows local attackers to access sensitive information. | |||
| CVE-2026-21015 | medium | 5.5 | 5.5 | 19d ago | Incorrect default permissions in FactoryCamera prior to SMR May-2026 Release 1 allows local attacker to access unique identifier. | |||
| CVE-2026-44720 | medium | — | 5.5 | 19d ago | OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to 2.0.4, a critical authentication vulnerability was identified in OpenLearnX that could allow unauthorized access… | |||
| CVE-2026-31885 | medium | — | 5.5 | 19d ago | Moderate: freerdp security update | |||
| CVE-2026-33985 | medium | — | 5.5 | 19d ago | Moderate: freerdp security update | |||
| CVE-2026-26986 | medium | — | 5.5 | 19d ago | Moderate: freerdp security update | |||
| CVE-2026-27951 | medium | — | 5.5 | 19d ago | Moderate: freerdp security update | |||
| CVE-2026-31884 | medium | — | 5.5 | 19d ago | Moderate: freerdp security update | |||
| CVE-2026-31883 | medium | — | 5.5 | 19d ago | Moderate: freerdp security update | |||
| CVE-2026-29775 | medium | — | 5.5 | 19d ago | Moderate: freerdp security update | |||
| CVE-2026-25952 | medium | — | 5.5 | 19d ago | Moderate: freerdp security update | |||
| CVE-2026-28958 | medium | 5.5 | 5.5 | 19d ago | This issue was addressed with improved data protection. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access sensitive user data. | |||
| CVE-2026-44652 | medium | — | 5.5 | 19d ago | SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0,… | |||
| CVE-2026-44651 | medium | — | 5.5 | 19d ago | SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0,… | |||
| CVE-2026-35504 | medium | 5.5 | 5.5 | 20d ago | PowerSYSTEM Center email notification service is affected by a CRLF injection vulnerability when using SMTPS communication. | |||
| CVE-2026-44217 | medium | — | 5.5 | 20d ago | sse-channel: SSE Injection via unsanitized event fields | |||
| CVE-2026-42445 | medium | 5.5 | 5.5 | 20d ago | NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the UFS/UFS2 filesystem image parser in NanaZip. The function GetAllPat… | |||
| CVE-2026-42444 | medium | 5.5 | 5.5 | 20d ago | NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a denial-of-service vulnerability exists in the littlefs filesystem image parser in NanaZip. The handler's Open method re… | |||
| CVE-2026-42443 | medium | 5.5 | 5.5 | 20d ago | NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an integer divide-by-zero exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when … | |||
| CVE-2026-42442 | medium | 5.5 | 5.5 | 20d ago | NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a null-pointer dereference exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when… | |||
| CVE-2026-42355 | medium | 5.5 | 5.5 | 20d ago | NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the Electron Archive (ASAR) parser in NanaZip. When opening a crafted .… | |||
| CVE-2026-44279 | medium | 5.5 | 5.5 | 20d ago | A improper export of android application components vulnerability in Fortinet FortiTokenAndroid 6.2 all versions, FortiTokenAndroid 6.1 all versions, FortiTokenAndroid 5.2 all versions may allow atta… | |||
| CVE-2026-44278 | medium | 5.5 | 5.5 | 20d ago | A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.2, FortiClientWindows 7.2 all versions may allow attacker to information disclosure via <insert at… |