CVEs from 2026
Total
13,468
critical
critical 1,176
high
high 4,290
medium
medium 4,163
low
low 442
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.8%
Top products
- chrome 417
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-31677 | medium | 5.5 | 5.5 | 13d ago | In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - limit RX SG extraction by receive buffer budget Make af_alg_get_rsgl() limit each RX scatterlist extraction to t… | |||
| CVE-2026-23040 | medium | — | 5.5 | 13d ago | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211_hwsim: fix typo in frequency notification The NAN notification is for 5745 MHz which corresponds to channel 149 an… | |||
| CVE-2026-0865 | medium | — | 5.5 | 13d ago | RHSA-2026:4473: python3.11 security update (Moderate) | |||
| CVE-2026-32710 | medium | — | 5.5 | 13d ago | MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Un… | |||
| CVE-2026-0967 | medium | 5.5 | 5.5 | 13d ago | Moderate: libssh security update | |||
| CVE-2026-30892 | medium | — | 5.5 | 13d ago | Moderate: crun security update | |||
| CVE-2026-46559 | medium | — | 5.5 | 13d ago | ImageMagick: Heap Buffer Over-Write of a single byte in the JP2 encoder. | |||
| CVE-2026-46557 | medium | — | 5.5 | 13d ago | ImageMagick: Stack overflow in fx operation | |||
| CVE-2026-46523 | medium | — | 5.5 | 13d ago | ImageMagick: Use-After-Free in MSL decoder. | |||
| CVE-2026-46521 | medium | — | 5.5 | 13d ago | ImageMagick: Heap Buffer Over-Write in MIFF encoder when using LZMA compression | |||
| CVE-2026-45664 | medium | — | 5.5 | 13d ago | ImageMagick: Policy Bypass in MNG coder could | |||
| CVE-2026-45624 | medium | — | 5.5 | 13d ago | ImageMagick: Heap Buffer Over-Read of a 4 bytes in distort operation. | |||
| CVE-2026-45554 | medium | — | 5.5 | 13d ago | NiceGUI: Unauthenticated log-volume denial of service in dynamic resource routes | |||
| CVE-2026-45684 | medium | — | 5.5 | 13d ago | OpenTelemetry eBPF Instrumentation: Log enricher writev path can overread and overwrite user buffers | |||
| CVE-2026-45682 | medium | — | 5.5 | 13d ago | OpenTelemetry eBPF Instrumentation: CappedConcurrentHashMap leaks keys after removals | |||
| CVE-2026-45246 | medium | 5.5 | 5.5 | 13d ago | Summarize prior to 0.15.1 contains an insecure file permission vulnerability in the refresh-free configuration rewrite path that allows local users to read sensitive credentials by exploiting default… | |||
| CVE-2026-45681 | medium | — | 5.5 | 13d ago | OpenTelemetry eBPF Instrumentation: CPU-mismatch fallback uses 256-byte buffer with 8KB size | |||
| CVE-2026-45680 | medium | — | 5.5 | 13d ago | OpenTelemetry eBPF Instrumentation: Unbounded BPF internal metrics replay can exhaust CPU | |||
| CVE-2026-45731 | medium | — | 5.5 | 13d ago | WWBN AVideo is an open source video platform. In 29.0 and earlier, view/update.php reads $_POST['updateFile'] as a relative path under updatedb/ and passes it to PHP's file() for line-by-line executi… | |||
| CVE-2026-32849 | medium | 5.5 | 5.5 | 13d ago | NetBSD prior to commit ec8451e contains a signed integer overflow vulnerability in the cryptodev_op() function in sys/opencrypto/cryptodev.c where the local variable iov_len is declared as a signed i… | |||
| CVE-2026-45679 | medium | — | 5.5 | 13d ago | OpenTelemetry eBPF Instrumentation: Redis error text is exported in span status messages | |||
| CVE-2026-45676 | medium | — | 5.5 | 13d ago | OpenTelemetry eBPF Instrumentation: Unsafe fastelf parsing allows malformed ELF to crash agent | |||
| CVE-2026-45031 | medium | — | 5.5 | 13d ago | ImageMagick: Policy Bypass in PSD decoder | |||
| CVE-2026-41568 | medium | — | 5.5 | 13d ago | Docker: Race condition in docker cp allows creation of arbitrary empty files on the host via symlink swap | |||
| CVE-2026-45358 | medium | — | 5.5 | 13d ago | ImageMagick: Out-of-Bounds Read of a single byte in meta encoder | |||
| CVE-2026-45359 | medium | — | 5.5 | 13d ago | ImageMagick: Out-of-Bounds Read in connected components when the user supplies an invalid keep-top define | |||
| CVE-2026-45701 | medium | — | 5.5 | 13d ago | Sulu: Weak Cryptographical usage for API Key generation and Reset Tokens | |||
| CVE-2026-45139 | medium | — | 5.5 | 13d ago | CI4MS Fileeditor allows deletion and rename of critical application files due to missing extension allowlist on destructive operations | |||
| CVE-2026-45138 | medium | — | 5.5 | 13d ago | CI4MS: Stored XSS in Blog Content via Broken `html_purify` Validation Rule | |||
| CVE-2026-42326 | medium | — | 5.5 | 13d ago | ImageMagick: Heap Buffer Over-Read in IPTC encoder | |||
| CVE-2026-45577 | medium | — | 5.5 | 13d ago | Neotoma provides versioned records that persist across agent runs. From 0.6.0 to before 0.11.1, Neotoma can treat public reverse-proxied requests as local when the app receives them over a loopback s… | |||
| CVE-2026-33416 | medium | — | 5.5 | 14d ago | Moderate: libpng security update | |||
| CVE-2026-46383 | medium | 5.5 | 5.5 | 16d ago | Microsoft APM: Windows absolute-path tar member overwrite during legacy-bundle probing in `apm install` | |||
| CVE-2026-45106 | medium | — | 5.5 | 16d ago | Weblate: Stored HTML injection in editor search preview | |||
| CVE-2026-41971 | medium | 5.5 | 5.5 | 16d ago | Permission control vulnerability in the security control module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||
| CVE-2026-44427 | medium | — | 5.5 | 17d ago | MCP Registry has open redirect via protocol-relative path in trailing-slash middleware | |||
| CVE-2026-44662 | medium | — | 5.5 | 17d ago | rust-openssl vulnerable to heap buffer overflow when encrypting with AES key-wrap-with-padding | |||
| CVE-2026-45787 | medium | — | 5.5 | 17d ago | electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confid… | |||
| CVE-2026-42573 | medium | — | 5.5 | 17d ago | Svelte Vulnerable to XSS via DOM Clobbering of Internal Framework State | |||
| CVE-2026-42567 | medium | — | 5.5 | 17d ago | Svelte: ReDoS in `<svelte:element>` Tag Validation | |||
| CVE-2026-42599 | medium | — | 5.5 | 17d ago | Svelte SSR vulnerable to cross-site scripting via spread attributes | |||
| CVE-2026-8586 | medium | 5.5 | 5.5 | 17d ago | Inappropriate implementation in Chromoting in Google Chrome prior to 148.0.7778.168 allowed a local attacker to bypass discretionary access control via a malicious file. (Chromium security severity: … | |||
| CVE-2026-43996 | medium | 5.5 | 5.5 | 17d ago | OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, the bounds check in TGAInput::decode_… | |||
| CVE-2026-45021 | medium | — | 5.5 | 17d ago | Kuma is a modern Envoy-based service mesh that can run on every cloud across both Kubernetes and VMs. Prior to 2.7.25, 2.9.15, 2.11.13, 2.12.10, and 2.13.5, the default kuma-cp config leaks the admin… | |||
| CVE-2026-44968 | medium | — | 5.5 | 17d ago | dbt MCP Server has an Argument Injection in dbt CLI Tool Wrappers via node_selection and resource_type Parameters | |||
| CVE-2026-46469 | medium | 5.5 | 5.5 | 17d ago | An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemux_parse_trak function does not sufficiently validate atom data before per… | |||
| CVE-2026-44544 | medium | — | 5.5 | 17d ago | gittuf's policy can be rolled back to prior valid versions | |||
| CVE-2026-44884 | medium | — | 5.5 | 17d ago | Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before … | |||
| CVE-2026-44885 | medium | 5.5 | 5.5 | 17d ago | Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before … | |||
| CVE-2026-45076 | medium | — | 5.5 | 17d ago | Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, in federated rooms, malicious homeservers can craft room events in such a way that prevents Synapse from providing full h… | |||
| CVE-2026-44722 | medium | — | 5.5 | 17d ago | pyzipper has an encryption bypass for small files encrypted using it | |||
| CVE-2026-42853 | medium | — | 5.5 | 17d ago | @apostrophecms/cli: Command Injection in apos create via Unsanitized Password Input | |||
| CVE-2026-44308 | medium | — | 5.5 | 17d ago | Spring Cloud AWS missing SNS message signature verification allows spoofing of HTTP/HTTPS endpoint notifications | |||
| CVE-2026-44368 | medium | — | 5.5 | 18d ago | pyquorum: Timing side‑channel in mul_mod | |||
| CVE-2026-44363 | medium | — | 5.5 | 18d ago | misp-modules has nsafe remote resource fetching in expansion | |||
| CVE-2026-44479 | medium | 5.5 | 5.5 | 18d ago | Vercel: Non-interactive mode includes CLI arguments in suggested command output | |||
| CVE-2026-44740 | medium | — | 5.5 | 18d ago | go-billy: Lack of depth and cycle detection in symlink resolution may lead to infinite loops and resource exhaustion | |||
| CVE-2026-21022 | medium | 5.5 | 5.5 | 18d ago | Improper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows local attackers to access sensitive information. | |||
| CVE-2026-21016 | medium | 5.5 | 5.5 | 18d ago | Incorrect privilege assignment in LocationManager prior to SMR May-2026 Release 1 allows local attackers to access sensitive information. | |||
| CVE-2026-21015 | medium | 5.5 | 5.5 | 18d ago | Incorrect default permissions in FactoryCamera prior to SMR May-2026 Release 1 allows local attacker to access unique identifier. | |||
| CVE-2026-44720 | medium | — | 5.5 | 19d ago | OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to 2.0.4, a critical authentication vulnerability was identified in OpenLearnX that could allow unauthorized access… | |||
| CVE-2026-28958 | medium | 5.5 | 5.5 | 19d ago | This issue was addressed with improved data protection. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access sensitive user data. | |||
| CVE-2026-26986 | medium | — | 5.5 | 19d ago | Moderate: freerdp security update | |||
| CVE-2026-31884 | medium | — | 5.5 | 19d ago | Moderate: freerdp security update | |||
| CVE-2026-25952 | medium | — | 5.5 | 19d ago | Moderate: freerdp security update | |||
| CVE-2026-27951 | medium | — | 5.5 | 19d ago | Moderate: freerdp security update | |||
| CVE-2026-29775 | medium | — | 5.5 | 19d ago | Moderate: freerdp security update | |||
| CVE-2026-31883 | medium | — | 5.5 | 19d ago | Moderate: freerdp security update | |||
| CVE-2026-31885 | medium | — | 5.5 | 19d ago | Moderate: freerdp security update | |||
| CVE-2026-33985 | medium | — | 5.5 | 19d ago | Moderate: freerdp security update | |||
| CVE-2026-44652 | medium | — | 5.5 | 19d ago | SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0,… | |||
| CVE-2026-44651 | medium | — | 5.5 | 19d ago | SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0,… | |||
| CVE-2026-35504 | medium | 5.5 | 5.5 | 19d ago | PowerSYSTEM Center email notification service is affected by a CRLF injection vulnerability when using SMTPS communication. | |||
| CVE-2026-44217 | medium | — | 5.5 | 19d ago | sse-channel: SSE Injection via unsanitized event fields | |||
| CVE-2026-42445 | medium | 5.5 | 5.5 | 19d ago | NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the UFS/UFS2 filesystem image parser in NanaZip. The function GetAllPat… | |||
| CVE-2026-42444 | medium | 5.5 | 5.5 | 19d ago | NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a denial-of-service vulnerability exists in the littlefs filesystem image parser in NanaZip. The handler's Open method re… | |||
| CVE-2026-42443 | medium | 5.5 | 5.5 | 19d ago | NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an integer divide-by-zero exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when … | |||
| CVE-2026-42442 | medium | 5.5 | 5.5 | 19d ago | NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a null-pointer dereference exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when… | |||
| CVE-2026-42355 | medium | 5.5 | 5.5 | 19d ago | NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the Electron Archive (ASAR) parser in NanaZip. When opening a crafted .… | |||
| CVE-2026-44279 | medium | 5.5 | 5.5 | 19d ago | A improper export of android application components vulnerability in Fortinet FortiTokenAndroid 6.2 all versions, FortiTokenAndroid 6.1 all versions, FortiTokenAndroid 5.2 all versions may allow atta… | |||
| CVE-2026-44278 | medium | 5.5 | 5.5 | 19d ago | A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.2, FortiClientWindows 7.2 all versions may allow attacker to information disclosure via <insert at… | |||
| CVE-2026-42832 | medium | 5.5 | 5.5 | 19d ago | <p>Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.</p> | |||
| CVE-2026-42303 | medium | — | 5.5 | 19d ago | Ethyca Fides has a Privacy Request Identity Verification Bypass Vulnerability via Duplicate Detection | |||
| CVE-2026-41612 | medium | 5.5 | 5.5 | 19d ago | <p>Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally.</p> | |||
| CVE-2026-41102 | medium | 5.5 | 5.5 | 19d ago | <p>Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally.</p> | |||
| CVE-2026-41101 | medium | 5.5 | 5.5 | 19d ago | <p>Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.</p> | |||
| CVE-2026-35440 | medium | 5.5 | 5.5 | 19d ago | <p>Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.</p> | |||
| CVE-2026-35419 | medium | 5.5 | 5.5 | 19d ago | <p>Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.</p> | |||
| CVE-2026-34663 | medium | 5.5 | 5.5 | 19d ago | Illustrator versions 29.8.6, 30.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to d… | |||
| CVE-2026-34662 | medium | 5.5 | 5.5 | 19d ago | Illustrator versions 29.8.6, 30.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerabil… | |||
| CVE-2026-34339 | medium | 5.5 | 5.5 | 19d ago | <p>Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to deny service locally.</p> | |||
| CVE-2026-32185 | medium | 5.5 | 5.5 | 19d ago | <p>Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.</p> | |||
| CVE-2026-20914 | medium | 5.5 | 5.5 | 19d ago | Null pointer dereference for some Intel(R) QAT software drivers for Windows before version 2.6.0 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with a… | |||
| CVE-2026-20881 | medium | 5.5 | 5.5 | 19d ago | Divide by zero for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authentic… | |||
| CVE-2026-42073 | medium | — | 5.5 | 19d ago | OpenClaude MCP OAuth Callback: State Check Bypass via error Param Leads to DoS | |||
| CVE-2026-34962 | medium | 5.5 | 5.5 | 20d ago | barebox version prior to 2026.04.0 contains a denial-of-service vulnerability in ext4 directory parsing in fs/ext4/ext4_common.c where the ext4fs_iterate_dir() function fails to validate that directo… | |||
| CVE-2026-20696 | medium | 5.5 | 5.5 | 20d ago | An authorization issue was addressed with improved state management. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data. | |||
| CVE-2026-42875 | medium | — | 5.5 | 20d ago | External Secrets Operator has Namespace Isolation Bypass in CAProvider ConfigMap Resolution for SecretStore | |||
| CVE-2026-42050 | medium | 5.5 | 5.5 | 20d ago | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-21 and 6.9.13-46, a malicious MIFF file could trigger an overflow when a user opens it in… | |||
| CVE-2026-42070 | medium | — | 5.5 | 20d ago | Mantis Bug Tracker (MantisBT) is an open source issue tracker. Prior to 2.28.2, the mc_issue_update() function in MantisBT allows users having update_bug_threshold access (UPDATER, with default setti… |