CVEs from 2026
Total
13,454
critical
critical 1,176
high
high 4,281
medium
medium 4,157
low
low 442
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.8%
Top products
- chrome 417
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-21863 | high | — | 8.0 | 3mo ago | Important: valkey security update | |||
| CVE-2026-27509 | high | 8.0 | 8.0 | 3mo ago | Unitree Go2 firmware versions V1.1.7 through V1.1.9, and V1.1.11 (EDU) do not implement DDS authentication or authorization for the Eclipse CycloneDDS topic rt/api/programming_actuator/request handle… | |||
| CVE-2026-22695 | high | — | 8.0 | 3mo ago | RHSA-2026:4728: libpng security update (Important) | |||
| CVE-2026-22801 | high | — | 8.0 | 3mo ago | RHSA-2026:4728: libpng security update (Important) | |||
| CVE-2026-2760 | high | — | 8.0 | 3mo ago | RHSA-2026:3515: thunderbird security update (Important) | |||
| CVE-2026-2762 | high | — | 8.0 | 3mo ago | RHSA-2026:3515: thunderbird security update (Important) | |||
| CVE-2026-2757 | high | — | 8.0 | 3mo ago | RHSA-2026:3515: thunderbird security update (Important) | |||
| CVE-2026-2758 | high | — | 8.0 | 3mo ago | RHSA-2026:3515: thunderbird security update (Important) | |||
| CVE-2026-2759 | high | — | 8.0 | 3mo ago | RHSA-2026:3515: thunderbird security update (Important) | |||
| CVE-2026-2761 | high | — | 8.0 | 3mo ago | RHSA-2026:3515: thunderbird security update (Important) | |||
| CVE-2026-2763 | high | — | 8.0 | 3mo ago | RHSA-2026:3515: thunderbird security update (Important) | |||
| CVE-2026-2764 | high | — | 8.0 | 3mo ago | RHSA-2026:3515: thunderbird security update (Important) | |||
| CVE-2026-2766 | high | — | 8.0 | 3mo ago | RHSA-2026:3515: thunderbird security update (Important) | |||
| CVE-2026-2767 | high | — | 8.0 | 3mo ago | RHSA-2026:3515: thunderbird security update (Important) | |||
| CVE-2026-2770 | high | — | 8.0 | 3mo ago | RHSA-2026:3515: thunderbird security update (Important) | |||
| CVE-2026-2771 | high | — | 8.0 | 3mo ago | RHSA-2026:3515: thunderbird security update (Important) | |||
| CVE-2026-2773 | high | — | 8.0 | 3mo ago | RHSA-2026:3515: thunderbird security update (Important) | |||
| CVE-2026-2776 | high | — | 8.0 | 3mo ago | RHSA-2026:3515: thunderbird security update (Important) | |||
| CVE-2026-2774 | high | — | 8.0 | 3mo ago | RHSA-2026:3515: thunderbird security update (Important) | |||
| CVE-2026-2791 | high | — | 8.0 | 3mo ago | RHSA-2026:3515: thunderbird security update (Important) | |||
| CVE-2026-2775 | high | — | 8.0 | 3mo ago | RHSA-2026:3515: thunderbird security update (Important) | |||
| CVE-2026-2777 | high | — | 8.0 | 3mo ago | RHSA-2026:3515: thunderbird security update (Important) | |||
| CVE-2026-2765 | high | — | 8.0 | 3mo ago | RHSA-2026:3515: thunderbird security update (Important) | |||
| CVE-2026-2768 | high | — | 8.0 | 3mo ago | RHSA-2026:3515: thunderbird security update (Important) | |||
| CVE-2026-2782 | high | — | 8.0 | 3mo ago | RHSA-2026:3515: thunderbird security update (Important) | |||
| CVE-2026-2783 | high | — | 8.0 | 3mo ago | RHSA-2026:3515: thunderbird security update (Important) | |||
| CVE-2026-2780 | high | — | 8.0 | 3mo ago | RHSA-2026:3515: thunderbird security update (Important) | |||
| CVE-2026-2784 | high | — | 8.0 | 3mo ago | RHSA-2026:3515: thunderbird security update (Important) | |||
| CVE-2026-2785 | high | — | 8.0 | 3mo ago | RHSA-2026:3515: thunderbird security update (Important) | |||
| CVE-2026-2779 | high | — | 8.0 | 3mo ago | RHSA-2026:3515: thunderbird security update (Important) | |||
| CVE-2026-2778 | high | — | 8.0 | 3mo ago | RHSA-2026:3515: thunderbird security update (Important) | |||
| CVE-2026-2447 | high | — | 8.0 | 3mo ago | RHSA-2026:3967: libvpx security update (Important) | |||
| CVE-2026-2788 | high | — | 8.0 | 3mo ago | RHSA-2026:3515: thunderbird security update (Important) | |||
| CVE-2026-2789 | high | — | 8.0 | 3mo ago | RHSA-2026:3515: thunderbird security update (Important) | |||
| CVE-2026-2781 | high | — | 8.0 | 3mo ago | Integer overflow in the Libraries component in NSS. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, Thunderbird 140.8, and Firefox ESR 115.35. | |||
| CVE-2026-2787 | high | — | 8.0 | 3mo ago | RHSA-2026:3515: thunderbird security update (Important) | |||
| CVE-2026-2772 | high | — | 8.0 | 3mo ago | RHSA-2026:3515: thunderbird security update (Important) | |||
| CVE-2026-2793 | high | — | 8.0 | 3mo ago | RHSA-2026:3515: thunderbird security update (Important) | |||
| CVE-2026-2792 | high | — | 8.0 | 3mo ago | RHSA-2026:3515: thunderbird security update (Important) | |||
| CVE-2026-2769 | high | — | 8.0 | 3mo ago | RHSA-2026:3515: thunderbird security update (Important) | |||
| CVE-2026-2790 | high | — | 8.0 | 3mo ago | RHSA-2026:3515: thunderbird security update (Important) | |||
| CVE-2026-25506 | high | — | 8.0 | 3mo ago | RHSA-2026:3032: munge security update (Important) | |||
| CVE-2026-23074 | high | — | 8.0 | 3mo ago | RHSA-2026:3110: kernel-rt security update (Important) | |||
| CVE-2026-22858 | high | — | 8.0 | 3mo ago | RHSA-2026:3334: freerdp security update (Important) | |||
| CVE-2026-22859 | high | — | 8.0 | 3mo ago | RHSA-2026:3334: freerdp security update (Important) | |||
| CVE-2026-22855 | high | — | 8.0 | 3mo ago | RHSA-2026:3334: freerdp security update (Important) | |||
| CVE-2026-25646 | high | — | 8.0 | 3mo ago | RHSA-2026:9686: java-17-openjdk security update (Important) | |||
| CVE-2026-21721 | high | — | 8.0 | 3mo ago | Important: grafana security update | |||
| CVE-2026-21637 | high | — | 8.0 | 3mo ago | RHSA-2026:7670: nodejs:24 security update (Important) | |||
| CVE-2026-26157 | high | 7.0 | 8.0 | 4mo ago | A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may wr… | |||
| CVE-2026-1761 | high | — | 8.0 | 4mo ago | RHSA-2026:2215: libsoup security update (Important) | |||
| CVE-2026-0719 | high | — | 8.0 | 4mo ago | RHSA-2026:2215: libsoup security update (Important) | |||
| CVE-2026-23530 | high | — | 8.0 | 4mo ago | RHSA-2026:2081: freerdp security update (Important) | |||
| CVE-2026-23531 | high | — | 8.0 | 4mo ago | RHSA-2026:2081: freerdp security update (Important) | |||
| CVE-2026-23883 | high | — | 8.0 | 4mo ago | RHSA-2026:2081: freerdp security update (Important) | |||
| CVE-2026-23534 | high | — | 8.0 | 4mo ago | RHSA-2026:2081: freerdp security update (Important) | |||
| CVE-2026-23533 | high | — | 8.0 | 4mo ago | RHSA-2026:2081: freerdp security update (Important) | |||
| CVE-2026-23884 | high | — | 8.0 | 4mo ago | RHSA-2026:2081: freerdp security update (Important) | |||
| CVE-2026-23532 | high | — | 8.0 | 4mo ago | RHSA-2026:2081: freerdp security update (Important) | |||
| CVE-2026-24049 | high | — | 8.0 | 4mo ago | RHSA-2026:2090: python3.12-wheel security update (Important) | |||
| CVE-2026-0994 | high | — | 8.0 | 4mo ago | Important: protobuf security update | |||
| CVE-2026-23490 | high | — | 8.0 | 5mo ago | RHSA-2026:4146: python-pyasn1 security update (Important) | |||
| CVE-2026-0883 | high | — | 8.0 | 5mo ago | RHSA-2026:2220: thunderbird security update (Important) | |||
| CVE-2026-0879 | high | — | 8.0 | 5mo ago | RHSA-2026:2220: thunderbird security update (Important) | |||
| CVE-2026-0880 | high | — | 8.0 | 5mo ago | RHSA-2026:2220: thunderbird security update (Important) | |||
| CVE-2026-0886 | high | — | 8.0 | 5mo ago | RHSA-2026:2220: thunderbird security update (Important) | |||
| CVE-2026-0890 | high | — | 8.0 | 5mo ago | RHSA-2026:2220: thunderbird security update (Important) | |||
| CVE-2026-0891 | high | — | 8.0 | 5mo ago | RHSA-2026:2220: thunderbird security update (Important) | |||
| CVE-2026-0884 | high | — | 8.0 | 5mo ago | RHSA-2026:2220: thunderbird security update (Important) | |||
| CVE-2026-0887 | high | — | 8.0 | 5mo ago | RHSA-2026:2220: thunderbird security update (Important) | |||
| CVE-2026-0882 | high | — | 8.0 | 5mo ago | RHSA-2026:2220: thunderbird security update (Important) | |||
| CVE-2026-0877 | high | — | 8.0 | 5mo ago | RHSA-2026:2220: thunderbird security update (Important) | |||
| CVE-2026-0878 | high | — | 8.0 | 5mo ago | RHSA-2026:2220: thunderbird security update (Important) | |||
| CVE-2026-0885 | high | — | 8.0 | 5mo ago | RHSA-2026:2220: thunderbird security update (Important) | |||
| CVE-2026-20931 | high | 8.0 | 8.0 | 5mo ago | External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network. | |||
| CVE-2026-21441 | high | — | 8.0 | 5mo ago | RHSA-2026:1254: python-urllib3 security update (Important) | |||
| CVE-2026-35266 | high | 7.9 | 7.9 | 3d ago | Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Difficult to exploit vulnerability allows low privileged attacker with network a… | |||
| CVE-2026-44711 | high | 7.9 | 7.9 | 4d ago | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, symlink attacks on pad directory and pad files enable authentication bypass and root file corruption… | |||
| CVE-2026-46076 | high | 7.9 | 7.9 | 4d ago | In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1 Explicitly synthesize a #UD for VMMCALL if L2 is active, L1 doe… | |||
| CVE-2026-41217 | high | 7.9 | 7.9 | 18d ago | A vulnerability exists in an undisclosed BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with resource administrator or administrator role to execute arbitrary system comman… | |||
| CVE-2026-43133 | high | 7.9 | 7.9 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Always use vmcb01 in VMLOAD/VMSAVE emulation Commit cc3ed80ae69f ("KVM: nSVM: always use vmcb01 to for vmsave/vmload o… | |||
| CVE-2026-43001 | high | 7.9 | 7.9 | 1mo ago | An issue was discovered in OpenStack Keystone before 29.0.2. POST /v3/credentials did not validate that the caller-supplied project_id for an EC2-type credential matched the project of the authentica… | |||
| CVE-2026-49366 | high | 7.8 | 7.8 | 2d ago | In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion | |||
| CVE-2026-45555 | high | 7.8 | 7.8 | 2d ago | Roslyn CodeLens MCP Server is a Roslyn-based MCP server providing semantic code intelligence for .NET codebases. From 0.0.9 to 1.17.0, the get_diagnostics MCP tool loads and executes all DiagnosticAn… | |||
| CVE-2026-9987 | high | 7.8 | 7.8 | 2d ago | Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 148.0.7778.216 allowed a local attacker to execute arbitrary code via a malicious file. (Chromium sec… | |||
| CVE-2026-47333 | high | 7.8 | 7.8 | 3d ago | Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which can potentially incorrectly compute the size of an internal buffer, leading to a heap memory out-of-bounds read in notification han… | |||
| CVE-2026-47331 | high | 7.8 | 7.8 | 3d ago | Ubuntu Linux 6.8 contains AppArmor SAUCE patches which fail to acquire a lock when modifying a linked list. An unprivileged local user could trigger the race condition that can lead to a use-after-fr… | |||
| CVE-2026-49237 | high | 7.8 | 7.8 | 3d ago | An issue was discovered in Canonical Multipass for macOS before version 1.16.3 due to an incomplete fix for CVE-2025-5199. While the patch in version 1.16.0 updated the ownership of the multipassd da… | |||
| CVE-2026-46240 | high | 7.8 | 7.8 | 3d ago | In the Linux kernel, the following vulnerability has been resolved: media: iris: Fix use-after-free in iris_release_internal_buffers() The recent change in commit 1dabf00ee206 ("media: iris: gen1: … | |||
| CVE-2026-46227 | high | 7.8 | 7.8 | 3d ago | In the Linux kernel, the following vulnerability has been resolved: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL The SCTP_SENDALL path in sctp_sendmsg() iterates ep->as… | |||
| CVE-2026-46215 | high | 7.8 | 7.8 | 3d ago | In the Linux kernel, the following vulnerability has been resolved: drm: Set old handle to NULL before prime swap in change_handle There was a potential race condition in change_handle. The ioctl b… | |||
| CVE-2026-46210 | high | 7.8 | 7.8 | 3d ago | In the Linux kernel, the following vulnerability has been resolved: media: iris: fix use-after-free of fmt_src during MBPF check During concurrency testing, multiple instances can run in parallel, … | |||
| CVE-2026-46209 | high | 7.8 | 7.8 | 3d ago | In the Linux kernel, the following vulnerability has been resolved: drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs() drm_gem_fb_init_with_funcs() computes sub-s… | |||
| CVE-2026-46208 | high | 7.8 | 7.8 | 3d ago | In the Linux kernel, the following vulnerability has been resolved: batman-adv: stop tp_meter sessions during mesh teardown TP meter sessions remain linked on bat_priv->tp_list after the netlink re… | |||
| CVE-2026-46206 | high | 7.8 | 7.8 | 3d ago | In the Linux kernel, the following vulnerability has been resolved: batman-adv: reject new tp_meter sessions during teardown Prevent tp_meter from starting new sender or receiver sessions after mes… | |||
| CVE-2026-46205 | high | 7.8 | 7.8 | 3d ago | In the Linux kernel, the following vulnerability has been resolved: staging: media: atomisp: Disallow all private IOCTLs Disallow all private IOCTLs. These aren't quite as safe as one could assume … | |||
| CVE-2026-46201 | high | 7.8 | 7.8 | 3d ago | In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix dma-buf attachment leak in xe_gem_prime_import() When xe_dma_buf_init_obj() fails, the attachment from dma_buf_dynami… | |||
| CVE-2026-46197 | high | 7.8 | 7.8 | 3d ago | In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: validate SVM ioctl nattr against buffer size Validate nattr field against the buffer size, preventing out-of-bounds b… | |||
| CVE-2026-46181 | high | 7.8 | 7.8 | 3d ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event() Sashiko points out the radix_tree itself is RCU safe, but nothing ever frees th… | |||
| CVE-2026-46178 | high | 7.8 | 7.8 | 3d ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Fix resource leak on error in mlx4_ib_create_srq() Sashiko points out that mlx4_srq_alloc() was not undone during erro… |