CVEs from 2026
Total
13,450
critical
critical 1,176
high
high 4,281
medium
medium 4,153
low
low 442
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.8%
Top products
- chrome 417
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-21711 | high | — | 8.0 | 2mo ago | RHSA-2026:7670: nodejs:24 security update (Important) | |||
| CVE-2026-21715 | high | — | 8.0 | 2mo ago | RHSA-2026:7670: nodejs:24 security update (Important) | |||
| CVE-2026-21714 | high | — | 8.0 | 2mo ago | RHSA-2026:7670: nodejs:24 security update (Important) | |||
| CVE-2026-21710 | high | — | 8.0 | 2mo ago | RHSA-2026:8339: nodejs:20 security update (Important) | |||
| CVE-2026-2229 | high | — | 8.0 | 2mo ago | RHSA-2026:7670: nodejs:24 security update (Important) | |||
| CVE-2026-2581 | high | — | 8.0 | 2mo ago | RHSA-2026:7670: nodejs:24 security update (Important) | |||
| CVE-2026-30818 | high | 8.0 | 8.0 | 2mo ago | An OS command injection vulnerability in the dnsmasq module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute arbitrary code when a specially crafted configuration file… | |||
| CVE-2026-30815 | high | 8.0 | 8.0 | 2mo ago | An OS command injection vulnerability in the OpenVPN module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute system commands when a specially crafted configuration fil… | |||
| CVE-2026-30814 | high | 8.0 | 8.0 | 2mo ago | A stack-based buffer overflow in the tmpServer module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to trigger a segmentation fault and potentially execute arbitrary code via … | |||
| CVE-2026-34588 | high | — | 8.0 | 2mo ago | Important: openexr security update | |||
| CVE-2026-35611 | high | — | 8.0 | 2mo ago | Addressable has a Regular Expression Denial of Service in Addressable templates | |||
| CVE-2026-32647 | high | — | 8.0 | 2mo ago | RHSA-2026:6907: nginx:1.24 security update (Important) | |||
| CVE-2026-27784 | high | — | 8.0 | 2mo ago | RHSA-2026:6907: nginx:1.24 security update (Important) | |||
| CVE-2026-27654 | high | — | 8.0 | 2mo ago | RHSA-2026:6907: nginx:1.24 security update (Important) | |||
| CVE-2026-27651 | high | — | 8.0 | 2mo ago | RHSA-2026:6907: nginx:1.24 security update (Important) | |||
| CVE-2026-5684 | high | 8.0 | 8.0 | 2mo ago | A vulnerability was determined in Tenda CX12L 16.03.53.12. Affected by this issue is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. Executing a manipulation of the ar… | |||
| CVE-2026-5683 | high | 8.0 | 8.0 | 2mo ago | A vulnerability was found in Tenda CX12L 16.03.53.12. Affected by this vulnerability is the function fromP2pListFilter of the file /goform/P2pListFilter. Performing a manipulation of the argument pag… | |||
| CVE-2026-4177 | high | — | 8.0 | 2mo ago | RHSA-2026:6470: perl-YAML-Syck security update (Important) | |||
| CVE-2026-34230 | high | — | 8.0 | 2mo ago | Rack has quadratic complexity in Rack::Utils.select_best_encoding via wildcard Accept-Encoding header | |||
| CVE-2026-34827 | high | — | 8.0 | 2mo ago | Rack's multipart header parsing allows Denial of Service via escape-heavy quoted parameters | |||
| CVE-2026-34829 | high | — | 8.0 | 2mo ago | Rack's multipart parsing without Content-Length header allows unbounded chunked file uploads | |||
| CVE-2026-34785 | high | — | 8.0 | 2mo ago | Rack::Static prefix matching can expose unintended files under the static root | |||
| CVE-2026-3497 | high | — | 8.0 | 2mo ago | RHSA-2026:6461: openssh security update (Important) | |||
| CVE-2026-34825 | high | — | 8.0 | 2mo ago | NocoBase Has SQL Injection via template variable substitution in workflow SQL node | |||
| CVE-2026-23948 | high | — | 8.0 | 2mo ago | RHSA-2026:6918: freerdp security update (Important) | |||
| CVE-2026-24676 | high | — | 8.0 | 2mo ago | RHSA-2026:6918: freerdp security update (Important) | |||
| CVE-2026-24675 | high | — | 8.0 | 2mo ago | RHSA-2026:6918: freerdp security update (Important) | |||
| CVE-2026-23732 | high | — | 8.0 | 2mo ago | RHSA-2026:6918: freerdp security update (Important) | |||
| CVE-2026-24679 | high | — | 8.0 | 2mo ago | RHSA-2026:6918: freerdp security update (Important) | |||
| CVE-2026-24491 | high | — | 8.0 | 2mo ago | RHSA-2026:6918: freerdp security update (Important) | |||
| CVE-2026-24683 | high | — | 8.0 | 2mo ago | RHSA-2026:6918: freerdp security update (Important) | |||
| CVE-2026-22852 | high | — | 8.0 | 2mo ago | RHSA-2026:6918: freerdp security update (Important) | |||
| CVE-2026-24681 | high | — | 8.0 | 2mo ago | RHSA-2026:6918: freerdp security update (Important) | |||
| CVE-2026-24684 | high | — | 8.0 | 2mo ago | RHSA-2026:6918: freerdp security update (Important) | |||
| CVE-2026-31806 | high | — | 8.0 | 2mo ago | RHSA-2026:6918: freerdp security update (Important) | |||
| CVE-2026-22854 | high | — | 8.0 | 2mo ago | RHSA-2026:6918: freerdp security update (Important) | |||
| CVE-2026-22856 | high | — | 8.0 | 2mo ago | RHSA-2026:6918: freerdp security update (Important) | |||
| CVE-2026-33526 | high | — | 8.0 | 2mo ago | RHSA-2026:8317: squid:4 security update (Important) | |||
| CVE-2026-32748 | high | — | 8.0 | 2mo ago | RHSA-2026:8317: squid:4 security update (Important) | |||
| CVE-2026-3889 | high | — | 8.0 | 2mo ago | RHSA-2026:6917: thunderbird security update (Important) | |||
| CVE-2026-26965 | high | — | 8.0 | 2mo ago | RHSA-2026:6005: freerdp security update (Important) | |||
| CVE-2026-26955 | high | — | 8.0 | 2mo ago | RHSA-2026:6005: freerdp security update (Important) | |||
| CVE-2026-4371 | high | — | 8.0 | 2mo ago | RHSA-2026:6917: thunderbird security update (Important) | |||
| CVE-2026-23191 | high | — | 8.0 | 2mo ago | RHSA-2026:9135: kernel-rt security update (Important) | |||
| CVE-2026-34040 | high | — | 8.0 | 2mo ago | Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patc… | |||
| CVE-2026-28377 | high | — | 8.0 | 2mo ago | Grafana Tempo has Inadequate Encryption Strength | |||
| CVE-2026-4696 | high | — | 8.0 | 2mo ago | RHSA-2026:6917: thunderbird security update (Important) | |||
| CVE-2026-4686 | high | — | 8.0 | 2mo ago | RHSA-2026:6917: thunderbird security update (Important) | |||
| CVE-2026-4687 | high | — | 8.0 | 2mo ago | RHSA-2026:6917: thunderbird security update (Important) | |||
| CVE-2026-4688 | high | — | 8.0 | 2mo ago | RHSA-2026:6917: thunderbird security update (Important) | |||
| CVE-2026-4690 | high | — | 8.0 | 2mo ago | RHSA-2026:6917: thunderbird security update (Important) | |||
| CVE-2026-4717 | high | — | 8.0 | 2mo ago | RHSA-2026:6917: thunderbird security update (Important) | |||
| CVE-2026-4721 | high | — | 8.0 | 2mo ago | RHSA-2026:6917: thunderbird security update (Important) | |||
| CVE-2026-4692 | high | — | 8.0 | 2mo ago | RHSA-2026:6917: thunderbird security update (Important) | |||
| CVE-2026-4708 | high | — | 8.0 | 2mo ago | RHSA-2026:6917: thunderbird security update (Important) | |||
| CVE-2026-4707 | high | — | 8.0 | 2mo ago | RHSA-2026:6917: thunderbird security update (Important) | |||
| CVE-2026-4715 | high | — | 8.0 | 2mo ago | RHSA-2026:6917: thunderbird security update (Important) | |||
| CVE-2026-4712 | high | — | 8.0 | 2mo ago | RHSA-2026:6917: thunderbird security update (Important) | |||
| CVE-2026-4713 | high | — | 8.0 | 2mo ago | RHSA-2026:6917: thunderbird security update (Important) | |||
| CVE-2026-4718 | high | — | 8.0 | 2mo ago | RHSA-2026:6917: thunderbird security update (Important) | |||
| CVE-2026-4720 | high | — | 8.0 | 2mo ago | RHSA-2026:6917: thunderbird security update (Important) | |||
| CVE-2026-4719 | high | — | 8.0 | 2mo ago | RHSA-2026:6917: thunderbird security update (Important) | |||
| CVE-2026-4684 | high | — | 8.0 | 2mo ago | RHSA-2026:6917: thunderbird security update (Important) | |||
| CVE-2026-4709 | high | — | 8.0 | 2mo ago | RHSA-2026:6917: thunderbird security update (Important) | |||
| CVE-2026-4711 | high | — | 8.0 | 2mo ago | RHSA-2026:6917: thunderbird security update (Important) | |||
| CVE-2026-4693 | high | — | 8.0 | 2mo ago | RHSA-2026:6917: thunderbird security update (Important) | |||
| CVE-2026-4704 | high | — | 8.0 | 2mo ago | RHSA-2026:6917: thunderbird security update (Important) | |||
| CVE-2026-4695 | high | — | 8.0 | 2mo ago | RHSA-2026:6917: thunderbird security update (Important) | |||
| CVE-2026-4685 | high | — | 8.0 | 2mo ago | RHSA-2026:6917: thunderbird security update (Important) | |||
| CVE-2026-4697 | high | — | 8.0 | 2mo ago | RHSA-2026:6917: thunderbird security update (Important) | |||
| CVE-2026-4689 | high | — | 8.0 | 2mo ago | RHSA-2026:6917: thunderbird security update (Important) | |||
| CVE-2026-4694 | high | — | 8.0 | 2mo ago | RHSA-2026:6917: thunderbird security update (Important) | |||
| CVE-2026-4700 | high | — | 8.0 | 2mo ago | RHSA-2026:6917: thunderbird security update (Important) | |||
| CVE-2026-4716 | high | — | 8.0 | 2mo ago | RHSA-2026:6917: thunderbird security update (Important) | |||
| CVE-2026-4706 | high | — | 8.0 | 2mo ago | RHSA-2026:6917: thunderbird security update (Important) | |||
| CVE-2026-4699 | high | — | 8.0 | 2mo ago | RHSA-2026:6917: thunderbird security update (Important) | |||
| CVE-2026-4714 | high | — | 8.0 | 2mo ago | RHSA-2026:6917: thunderbird security update (Important) | |||
| CVE-2026-4705 | high | — | 8.0 | 2mo ago | RHSA-2026:6917: thunderbird security update (Important) | |||
| CVE-2026-4701 | high | — | 8.0 | 2mo ago | RHSA-2026:6917: thunderbird security update (Important) | |||
| CVE-2026-4702 | high | — | 8.0 | 2mo ago | RHSA-2026:6917: thunderbird security update (Important) | |||
| CVE-2026-4691 | high | — | 8.0 | 2mo ago | RHSA-2026:6917: thunderbird security update (Important) | |||
| CVE-2026-4710 | high | — | 8.0 | 2mo ago | RHSA-2026:6917: thunderbird security update (Important) | |||
| CVE-2026-33195 | high | — | 8.0 | 2mo ago | Rails Active Storage has possible Path Traversal in DiskService | |||
| CVE-2026-33492 | high | — | 8.0 | 2mo ago | AVideo has Session Fixation via GET PHPSESSID Parameter With Disabled Login Session Regeneration | |||
| CVE-2026-33485 | high | — | 8.0 | 2mo ago | AVideo has an Unauthenticated Blind SQL Injection in RTMP on_publish Callback via Stream Name Parameter | |||
| CVE-2026-33210 | high | — | 8.0 | 2mo ago | Important: ruby:4.0 security update | |||
| CVE-2026-2603 | high | — | 8.0 | 2mo ago | Keycloak: Unauthorized authentication via disabled SAML Identity Provider | |||
| CVE-2026-32933 | high | — | 8.0 | 3mo ago | AutoMapper Vulnerable to Denial of Service (DoS) via Uncontrolled Recursion | |||
| CVE-2026-26127 | high | — | 8.0 | 3mo ago | RHSA-2026:4458: .NET 10.0 security update (Important) | |||
| CVE-2026-26130 | high | — | 8.0 | 3mo ago | RHSA-2026:4458: .NET 10.0 security update (Important) | |||
| CVE-2026-28229 | high | — | 8.0 | 3mo ago | Unauthorized access to Argo Workflows Template | |||
| CVE-2026-2048 | high | — | 8.0 | 3mo ago | RHSA-2026:5113: gimp:2.8 security update (Important) | |||
| CVE-2026-2045 | high | — | 8.0 | 3mo ago | RHSA-2026:5113: gimp:2.8 security update (Important) | |||
| CVE-2026-2044 | high | — | 8.0 | 3mo ago | RHSA-2026:5113: gimp:2.8 security update (Important) | |||
| CVE-2026-0797 | high | — | 8.0 | 3mo ago | RHSA-2026:5113: gimp:2.8 security update (Important) | |||
| CVE-2026-2047 | high | — | 8.0 | 3mo ago | Important: gimp security update | |||
| CVE-2026-2004 | high | — | 8.0 | 3mo ago | RHSA-2026:4064: postgresql:12 security update (Important) | |||
| CVE-2026-2005 | high | — | 8.0 | 3mo ago | RHSA-2026:4064: postgresql:12 security update (Important) | |||
| CVE-2026-2003 | high | — | 8.0 | 3mo ago | RHSA-2026:4063: postgresql:16 security update (Important) | |||
| CVE-2026-2006 | high | — | 8.0 | 3mo ago | RHSA-2026:4064: postgresql:12 security update (Important) |