CVEs from 2026
Total
13,839
critical
critical 1,106
high
high 3,908
medium
medium 3,956
low
low 413
% Critical
8.0%
% with KEV
0.4%
% with exploit
0.4%
Top products
- firepower_threat_defense 298
- chrome 298
- firepower_threat_defense_software 295
- gcp 221
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-7301 | critical | 9.8 | 9.8 | 10d ago | SGLangs multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pickle.loads() on incoming messages, enabling RCE when exposed to the intern… | |
| CVE-2026-8721 | critical | 9.8 | 9.8 | 11d ago | Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char *, which routes through Perl's default typemap to Sv… | |
| CVE-2026-8507 | critical | 9.8 | 9.8 | 11d ago | Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws. When parsing a PKCS12 file, with a >= 1 GiB OCTET STRING (or BIT STRING) attribute on a SAFEBAG, via info(… | |
| CVE-2026-8751 | critical | 9.8 | 9.8 | 11d ago | A security flaw has been discovered in h2oai h2o-3 up to 7402. This affects the function importBinaryModel of the file h2o-core/src/main/java/hex/Model.java of the component JAR Handler. Performing a… | |
| CVE-2026-44566 | critical | 9.8 | 9.8 | 12d ago | Open WebUI Vulnerable to Arbitrary File Upload and Path Traversal | |
| CVE-2026-8696 | critical | 9.8 | 9.8 | 12d ago | radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_pids_list() function within the GDB client core that allows remote attackers to cause a denial of service or potentially execute arbi… | |
| CVE-2026-46364 | critical | 9.8 | 9.8 | 13d ago | phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector() and BuiltinCaptcha::saveCaptcha() methods that interpolate unsanitized User-Agent h… | |
| CVE-2026-8695 | critical | 9.8 | 9.8 | 13d ago | radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_threads_list() function that allows remote attackers to trigger memory corruption by sending a valid qfThreadInfo response followed b… | |
| CVE-2026-44717 | critical | 9.8 | 9.8 | 13d ago | MCP Calculate Server is a mathematical calculation service based on MCP protocol and SymPy library. Prior to 0.1.1, the use of eval() to evaluate mathematical expressions without proper input sanitiz… | |
| CVE-2026-45772 | critical | 9.8 | 9.8 | 13d ago | Turbo: Unexpected local code execution during Yarn Berry detection | |
| CVE-2026-5229 | critical | 9.8 | 9.8 | 13d ago | The Form Notify plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.1.10. This is due to the plugin trusting user-controlled cookie data to determine which W… | |
| CVE-2026-26191 | critical | 9.8 | 9.8 | 14d ago | Fleet vulnerable to OS command injection in software packages | |
| CVE-2026-41315 | critical | 9.8 | 9.8 | 14d ago | mdserver-web is a simple Linux panel. From 0.18.0 to 0.18.4, mdserver-web has a front-end unauthorized remote command execution vulnerability. Due to the lack of authentication on the /modify_crond a… | |
| CVE-2026-42589 | critical | 9.8 | 9.8 | 14d ago | Gotenberg has Unauthenticated RCE via ExifTool Metadata Key Injection | |
| CVE-2026-44484 | critical | 9.8 | 9.8 | 14d ago | Compromise of PyTorch Lightning PyPi Package Versions | |
| CVE-2026-2347 | critical | 9.8 | 9.8 | 14d ago | Authorization bypass through User-Controlled key vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Session Hijacking. This issue affects E-Commerce Website: b… | |
| CVE-2026-6510 | critical | 9.8 | 9.8 | 14d ago | The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation via missing authorization in all versions up to, and including, 5.1.2. This is due to missing nonce verification and capa… | |
| CVE-2026-6271 | critical | 9.8 | 9.8 | 14d ago | The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7 via the CV upload handler. This is due to missing file type validation. This m… | |
| CVE-2026-8181 | critical | 9.8 | 9.8 | 14d ago | The Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative) plugin for WordPress is vulnerable to Authentication Bypass in versions 3.4.0 to 3.4.1.1. This is due to inc… | |
| CVE-2026-8500 | critical | 9.8 | 9.8 | 14d ago | Web::Passwd versions through 0.03 for Perl is vulnerable to RCE. Web::Passwd is a small CGI application for managing htpasswd files using the htpasswd command. The user parameter is not validated o… | |
| CVE-2026-42581 | critical | 9.8 | 9.8 | 15d ago | Netty HTTP/1.0 TE+CL Coexistence Bypasses Smuggling Sanitization | |
| CVE-2026-42031 | critical | 9.8 | 9.8 | 15d ago | CKAN has Unauthenticated SQL Injection and Authorization Bypass in `datastore_search_sql` | |
| CVE-2026-45411 | critical | 9.8 | 9.8 | 15d ago | vm2 Has a Sandbox Breakout Using Async Generator | |
| CVE-2026-44009 | critical | 9.8 | 9.8 | 15d ago | vm2 has Sandbox Breakout Through Null Proto Exception | |
| CVE-2026-44008 | critical | 9.8 | 9.8 | 15d ago | vm2 has sandbox breakout via `neutralizeArraySpeciesBatch` | |
| CVE-2026-45083 | critical | 9.8 | 9.8 | 15d ago | Goobi viewer - Core: Unauthenticated Solr Streaming Expression Proxy | |
| CVE-2026-42062 | critical | 9.8 | 9.8 | 15d ago | ELECOM wireless LAN access point devices contain an OS command injection in processing of username parameter. If processing a crafted request, an arbitrary OS command may be executed. No authenticati… | |
| CVE-2026-40621 | critical | 9.8 | 9.8 | 15d ago | ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication. | |
| CVE-2026-32661 | critical | 9.8 | 9.8 | 15d ago | Stack-based buffer overflow vulnerability exists in GUARDIANWALL MailSuite and GUARDIANWALL Mail Security Cloud (SaaS version). If a remote attacker sends a specially crafted request to the product's… | |
| CVE-2026-42854 | critical | 9.8 | 9.8 | 15d ago | arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer multipart form parser in arduino-esp32 allocates a … | |
| CVE-2026-45185 | critical | 9.8 | 9.8 | 16d ago | Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a C… | |
| CVE-2026-44343 | critical | 9.8 | 9.8 | 16d ago | WGDashboard is a dashboard for WireGuard VPN. Prior to 4.3.2, there are critical vulnerabilities affecting WGDashboard that, if exploited, could allow unauthorized parties to access the host file sys… | |
| CVE-2026-44277 | critical | 9.8 | 9.8 | 16d ago | A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attack… | |
| CVE-2026-44183 | critical | 9.8 | 9.8 | 16d ago | Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, TrustedNetworkAuthenticationHandler.… | |
| CVE-2026-41096 | critical | 9.8 | 9.8 | 16d ago | Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network. | |
| CVE-2026-41089 | critical | 9.8 | 9.8 | 16d ago | Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network. | |
| CVE-2026-31239 | critical | 9.8 | 9.8 | 16d ago | mamba language model framework vulnerable to insecure deserialization when loading pre-trained models from HuggingFace Hub | |
| CVE-2026-31238 | critical | 9.8 | 9.8 | 16d ago | Ludwig framework is vulnerable to insecure deserialization in its model serving component | |
| CVE-2026-31237 | critical | 9.8 | 9.8 | 16d ago | Ludwig framework is vulnerable to insecure deserialization through its predict() method. | |
| CVE-2026-31236 | critical | 9.8 | 9.8 | 16d ago | llm CLI tool contains a code injection vulnerability via `--functions` command-line argument | |
| CVE-2026-31235 | critical | 9.8 | 9.8 | 16d ago | imgaug contains an insecure deserialization vulnerability in BackgroundAugmenter class within multicore.py module | |
| CVE-2026-31234 | critical | 9.8 | 9.8 | 16d ago | Horovod contains an insecure deserialization vulnerability in its KVStore HTTP server component | |
| CVE-2026-31233 | critical | 9.8 | 9.8 | 16d ago | Guardrails AI contains a code injection vulnerability in its Hub package installation mechanism | |
| CVE-2026-31231 | critical | 9.8 | 9.8 | 16d ago | Cognee thru v0.4.0 contains a critical remote code execution vulnerability in its notebook cell execution API endpoint. The endpoint is designed to execute arbitrary Python code provided by the user,… | |
| CVE-2026-31230 | critical | 9.8 | 9.8 | 16d ago | The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component (robustness_evaluation_fgsm_pytorch.py). The script uses the un… | |
| CVE-2026-31229 | critical | 9.8 | 9.8 | 16d ago | The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains an insecure deserialization vulnerability (CWE-502) in its Kubeflow component's model loading functionality. When loading model weights f… | |
| CVE-2026-26083 | critical | 9.8 | 9.8 | 16d ago | A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud 5.0.2 through 5.0.5, FortiSandbox PaaS 23.4 all versions, Fort… | |
| CVE-2026-43992 | critical | 9.8 | 9.8 | 16d ago | JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, every MCP write tool (send_tokens, execute_contract, instantiate_contract, upload_wasm, ibc_transfer, etc.) accept… | |
| CVE-2026-43512 | critical | 9.8 | 9.8 | 16d ago | Apache Tomcat - Digest authenticator will authenticate any unknown user | |
| CVE-2026-41293 | critical | 9.8 | 9.8 | 16d ago | Apache Tomcat - HTTP/2 request headers not validated | |
| CVE-2026-34187 | critical | 9.8 | 9.8 | 16d ago | Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via graph container parameter. This issue affects Pandora FMS: from 777 through 800 | |
| CVE-2026-31228 | critical | 9.8 | 9.8 | 16d ago | The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorch models uses the unsafe ev… | |
| CVE-2026-31226 | critical | 9.8 | 9.8 | 16d ago | The TinyZero project thru commit 6652a63c57fa7e5ccde3fc9c598c7176ff15b839 (2025-58-24) contains a critical command injection vulnerability (CWE-78) in its HDFS file operation utilities. The vulnerabi… | |
| CVE-2026-31220 | critical | 9.8 | 9.8 | 16d ago | PySyft server-side arbitrary Python execution after code approval | |
| CVE-2026-31217 | critical | 9.8 | 9.8 | 16d ago | The _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f (2024-07-21) allows arbitrary code execution. When a user … | |
| CVE-2026-31214 | critical | 9.8 | 9.8 | 16d ago | The torch-checkpoint-shrink.py script in the ml-engineering project in commit 0099885db36a8f06556efe1faf552518852cb1e0 (2025-20-27) contains an insecure deserialization vulnerability (CWE-502). The s… | |
| CVE-2026-45393 | critical | 9.8 | 9.8 | 16d ago | Reserved. Details will be published at disclosure. | |
| CVE-2026-45392 | critical | 9.8 | 9.8 | 16d ago | Reserved. Details will be published at disclosure. | |
| CVE-2026-45391 | critical | 9.8 | 9.8 | 16d ago | Reserved. Details will be published at disclosure. | |
| CVE-2026-43914 | critical | 9.8 | 9.8 | 16d ago | Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.4, there is a security vulnerability in Vaultwarden that allows bypassing the login brute-force protection if email 2fa is … | |
| CVE-2026-8305 | critical | 9.8 | 9.8 | 17d ago | A vulnerability was detected in OpenClaw up to 2026.1.24. The impacted element is the function handleBlueBubblesWebhookRequest of the file extensions/bluebubbles/src/monitor.ts of the component blueb… | |
| CVE-2026-7210 | critical | 9.8 | 9.8 | 17d ago | `xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this… | |
| CVE-2026-43995 | critical | 9.8 | 9.8 | 17d ago | Flowise: SSRF Protection Bypass via Direct node-fetch / axios Usage (Patch Enforcement Failure) | |
| CVE-2026-38567 | critical | 9.8 | 9.8 | 17d ago | HireFlow v1.2 is vulnerable to SQL injection in the /login and /search endpoints. User-supplied input is concatenated directly into SQL queries without parameterization. An unauthenticated attacker c… | |
| CVE-2026-35157 | critical | 9.8 | 9.8 | 17d ago | Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability in the UI. An unauthentic… | |
| CVE-2026-8263 | critical | 9.8 | 9.8 | 17d ago | A security flaw has been discovered in Tenda AC6 15.03.06.49_multi_TDE01. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet of the component httpd. Performing a manipula… | |
| CVE-2026-7261 | critical | 9.8 | 9.8 | 18d ago | In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when SoapServer is configured with SOAP_PERSISTENCE_SESSION, the handler object is persisted acr… | |
| CVE-2026-6722 | critical | 9.8 | 9.8 | 18d ago | In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global m… | |
| CVE-2026-6665 | critical | 9.8 | 9.8 | 19d ago | The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat() correctly when building the contents of the SCRAM client-final-message. A malicious backend that sends a SCRAM se… | |
| CVE-2026-42354 | critical | 9.8 | 9.8 | 19d ago | Sentry's improper authentication on SAML SSO process allows user identity linking | |
| CVE-2026-42302 | critical | 9.8 | 9.8 | 19d ago | FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution (RCE). The star… | |
| CVE-2026-37709 | critical | 9.8 | 9.8 | 19d ago | Snipe-IT has insecure permissions in file uploads | |
| CVE-2026-42072 | critical | 9.8 | 9.8 | 20d ago | NornicDB has Improper Network Binding in its Bolt Server, allowing unauthorized remote access | |
| CVE-2026-41889 | critical | 9.8 | 9.8 | 20d ago | pgx: SQL Injection via placeholder confusion with dollar quoted string literals | |
| CVE-2026-38360 | critical | 9.8 | 9.8 | 20d ago | Directory Traversal vulnerability in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execute arbitrary code via the dash_uploader/httprequesthandler.py, aseHttpRequestHan… | |
| CVE-2026-43465 | critical | 9.8 | 9.8 | 20d ago | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: RX, Fix XDP multi-buf frag counting for striding RQ XDP multi-buf programs can modify the layout of the XDP buffer whe… | |
| CVE-2026-43414 | critical | 9.8 | 9.8 | 20d ago | In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Completely fix fcport double free In qla24xx_els_dcmd_iocb() sp->free is set to qla2x00_els_dcmd_sp_free(). When a… | |
| CVE-2026-43402 | critical | 9.8 | 9.8 | 20d ago | In the Linux kernel, the following vulnerability has been resolved: kthread: consolidate kthread exit paths to prevent use-after-free Guillaume reported crashes via corrupted RCU callback function … | |
| CVE-2026-43384 | critical | 9.8 | 9.8 | 20d ago | In the Linux kernel, the following vulnerability has been resolved: net/tcp-ao: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the… | |
| CVE-2026-43379 | critical | 9.8 | 9.8 | 20d ago | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in smb_lazy_parent_lease_break_close() opinfo pointer obtained via rcu_dereference(fp->f_opinfo) is bei… | |
| CVE-2026-43376 | critical | 9.8 | 9.8 | 20d ago | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free by using call_rcu() for oplock_info ksmbd currently frees oplock_info immediately using kfree(), even t… | |
| CVE-2026-41574 | critical | 9.8 | 9.8 | 20d ago | Nhost Vulnerable to Account Takeover via OAuth Email Verification Bypass | |
| CVE-2026-37431 | critical | 9.8 | 9.8 | 20d ago | Beauty Parlour Management System v1.1 was discovered to contain a SQL injection vulnerability via the aptnumber parameter in the /appointment-detail.php endpoint. This vulnerability allows attackers … | |
| CVE-2026-44335 | critical | 9.8 | 9.8 | 20d ago | PraisonAI has an SSRF bypass | |
| CVE-2026-43341 | critical | 9.8 | 9.8 | 20d ago | In the Linux kernel, the following vulnerability has been resolved: net/ipv6: ioam6: prevent schema length wraparound in trace fill ioam6_fill_trace_data() stores the schema contribution to the tra… | |
| CVE-2026-43304 | critical | 9.8 | 9.8 | 20d ago | In the Linux kernel, the following vulnerability has been resolved: libceph: define and enforce CEPH_MAX_KEY_LEN When decoding the key, verify that the key material would fit into a fixed-size buff… | |
| CVE-2026-41509 | critical | 9.8 | 9.8 | 20d ago | CROSS implementation contains reference and optimized implementations of the CROSS post-quantum signature algorithm. Prior to commit fc6b7e7, there is a buffer overflow in crypto_sign_open() caused b… | |
| CVE-2026-41507 | critical | 9.8 | 9.8 | 20d ago | Remote Code Execution (RCE) via String Literal Injection into math-codegen | |
| CVE-2026-41497 | critical | 9.8 | 9.8 | 20d ago | PraisonAI has an incomplete fix for CVE-2026-34935 - OS Command Injection | |
| CVE-2026-8153 | critical | 9.8 | 9.8 | 20d ago | OS command injection in Dashboard Server interface in Universal Robots PolyScope versions prior to 5.25.1 allows unauthenticated attacker to craft commands that will execute code on the robot's OS. | |
| CVE-2026-41501 | critical | 9.8 | 9.8 | 20d ago | electerm has Command Injection via runLinux funtion | |
| CVE-2026-41500 | critical | 9.8 | 9.8 | 20d ago | electerm: electerm_install_script_CommandInjection Vulnerability Report | |
| CVE-2026-8034 | critical | 9.8 | 9.8 | 20d ago | A server-side request forgery (SSRF) vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusi… | |
| CVE-2026-42284 | critical | 9.8 | 9.8 | 21d ago | GitPython: Unsafe option check validates multi_options before shlex.split transformation | |
| CVE-2026-7415 | critical | 9.8 | 9.8 | 21d ago | The MQTT broker embedded in Yarbo firmware v2.3.9 is configured to allow anonymous connections with no topic-level read or write ACLs. Any host on the same network can subscribe to sensitive telemetr… | |
| CVE-2026-7414 | critical | 9.8 | 9.8 | 21d ago | Yarbo firmware v2.3.9 contains hardcoded administrative credentials embedded in the firmware image. These credentials are identical across all devices running this firmware and cannot be changed or r… | |
| CVE-2026-7413 | critical | 9.8 | 9.8 | 21d ago | A hidden, persistent backdoor was found in Yarbo firmware v2.3.9 that provides remote, unauthenticated (or weakly authenticated) access to privileged functionality. The backdoor is undocumented, cann… | |
| CVE-2026-5788 | critical | 9.8 | 9.8 | 21d ago | An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke arbitrary methods. | |
| CVE-2026-36458 | critical | 9.8 | 9.8 | 21d ago | ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cms_content tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered. | |
| CVE-2026-30496 | critical | 9.8 | 9.8 | 21d ago | The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes an HTTP API on TCP port 2345 that allows full unauthenticated remote control of the device. The API supports bot… |