CVEs from 2026
Total
13,321
critical
critical 1,107
high
high 3,936
medium
medium 3,984
low
low 416
% Critical
8.3%
% with KEV
0.4%
% with exploit
0.5%
Top products
- chrome 299
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 221
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-43892 | high | 8.8 | 8.8 | 16d ago | AntSword is a cross-platform website management toolkit. Prior to 2.1.16, incomplete noxss() sanitization leads to 1-click RCE via jquery.terminal format code injection. This vulnerability is fixed i… | |
| CVE-2026-41613 | high | 8.8 | 8.8 | 16d ago | Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network. | |
| CVE-2026-41109 | high | 8.8 | 8.8 | 16d ago | Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature ove… | |
| CVE-2026-41094 | high | 8.8 | 8.8 | 16d ago | Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network. | |
| CVE-2026-41086 | high | 8.8 | 8.8 | 16d ago | Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network. | |
| CVE-2026-40420 | high | 8.8 | 8.8 | 16d ago | Improper access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally. | |
| CVE-2026-40403 | high | 8.8 | 8.8 | 16d ago | Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally. | |
| CVE-2026-40370 | high | 8.8 | 8.8 | 16d ago | External control of file name or path in SQL Server allows an authorized attacker to execute code over a network. | |
| CVE-2026-40365 | high | 8.8 | 8.8 | 16d ago | Insufficient granularity of access control in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |
| CVE-2026-40357 | high | 8.8 | 8.8 | 16d ago | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |
| CVE-2026-35439 | high | 8.8 | 8.8 | 16d ago | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |
| CVE-2026-35436 | high | 8.8 | 8.8 | 16d ago | Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally. | |
| CVE-2026-34329 | high | 8.8 | 8.8 | 16d ago | Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network. | |
| CVE-2026-33112 | high | 8.8 | 8.8 | 16d ago | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |
| CVE-2026-33110 | high | 8.8 | 8.8 | 16d ago | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |
| CVE-2026-31232 | high | 8.8 | 8.8 | 16d ago | The CosyVoice project thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its model loading process. When loading model f… | |
| CVE-2026-25088 | high | 8.8 | 8.8 | 16d ago | An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiNDR 7.6.0 through 7.6.2, FortiNDR 7.4.0 through 7.4.9, FortiNDR 7.2 all versions… | |
| CVE-2026-31224 | high | 8.8 | 8.8 | 16d ago | Snorkel MultitaskClassifier.load uses an unsafe torch.load | |
| CVE-2026-31223 | high | 8.8 | 8.8 | 16d ago | Snorkel BaseLabeler.load uses an unsafe pickle.load | |
| CVE-2026-31219 | high | 8.8 | 8.8 | 16d ago | The _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f (2024-07-21) is vulnerable to insecure deserialization (CW… | |
| CVE-2026-31218 | high | 8.8 | 8.8 | 16d ago | The _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f (2024-07-21) is vulnerable to insecure deserialization (CW… | |
| CVE-2026-30810 | high | 8.8 | 8.8 | 16d ago | Server-Side Request Forgery vulnerability allows Privilege Escalation via API Checker extension. This issue affects Pandora FMS: from 777 through 800 | |
| CVE-2026-30807 | high | 8.8 | 8.8 | 16d ago | Cross-Site Request Forgery vulnerability allows an attacker to perform unauthorized actions via crafted web page. This issue affects Pandora FMS: from 777 through 800 | |
| CVE-2026-8111 | high | 8.8 | 8.8 | 16d ago | SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution. | |
| CVE-2026-43937 | high | 8.8 | 8.8 | 16d ago | YAFNET: Pre-Handler Authorization Bypass on Admin Pages Enables Blind SQL Execution via `/Admin/RunSql` | |
| CVE-2026-2465 | high | 8.8 | 8.8 | 16d ago | Incorrect Authorization vulnerability in E-Kalite Software Hardware Engineering Design and Internet Services Industry and Trade Ltd. Co. Turboard FOR-S allows Privilege Escalation. This issue affect… | |
| CVE-2026-6001 | high | 8.8 | 8.8 | 16d ago | Authorization bypass through User-Controlled key vulnerability in ABIS Technology Ltd. Co. BAPSİS allows Exploitation of Trusted Identifiers. This issue affects BAPSİS: before v.202604152042. | |
| CVE-2026-1185 | high | 8.8 | 8.8 | 16d ago | A configuration file on the local file system had improper input validation which could allow code execution and potentially lead to privilege escalation. This vulnerability can only be exploited if … | |
| CVE-2026-7256 | high | 8.8 | 8.8 | 17d ago | ** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the LAN to execute operat… | |
| CVE-2026-8346 | high | 8.8 | 8.8 | 17d ago | A vulnerability was detected in D-Link DIR-816 1.10CNB05_R1B011D88210. This affects the function portForward. Performing a manipulation of the argument ip_address results in command injection. The at… | |
| CVE-2026-42559 | high | 8.8 | 8.8 | 17d ago | rmcp Streamable HTTP server transport has a DNS rebinding vulnerability | |
| CVE-2026-43284 | high | 8.8 | 8.8 | 17d ago | In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP marks… | |
| CVE-2026-8345 | high | 8.8 | 8.8 | 17d ago | A security vulnerability has been detected in D-Link DIR-816 1.10CNB05_R1B011D88210. Affected by this issue is the function sub_445E7C of the file /goform/singlePortForward. Such manipulation of the … | |
| CVE-2026-8344 | high | 8.8 | 8.8 | 17d ago | A weakness has been identified in D-Link DIR-816 1.10CNB05_R1B011D88210. Affected by this vulnerability is the function sub_445E7C of the file /goform/formDMZ.cgi. This manipulation causes command in… | |
| CVE-2026-41489 | high | 8.8 | 8.8 | 17d ago | Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to before Core 6.4.2 and FTL 6.6.1, two shell scripts executed as root by s… | |
| CVE-2026-36734 | high | 8.8 | 8.8 | 17d ago | EDIMAX BR-6428nS V3 1.15 is vulnerable to Command Injection. An authenticated attacker with access to the network can submit crafted input to the WLAN configuration functionality. Due to insufficient… | |
| CVE-2026-45223 | high | 8.8 | 8.8 | 17d ago | Crabbox before 0.9.0 contains an authentication bypass vulnerability in the coordinator user-token verification path where the verifyUserToken() function fails to reject payloads containing an admin … | |
| CVE-2026-45006 | high | 8.8 | 8.8 | 17d ago | OpenClaw before 2026.4.23 contains an improper access control vulnerability in the gateway tool's config.apply and config.patch operations that allows compromised models to write unsafe configuration… | |
| CVE-2026-42603 | high | 8.8 | 8.8 | 17d ago | OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Prior to 2.1.2, .github/workflows/pre-commit-fix.yaml uses pull_request_ta… | |
| CVE-2026-7816 | high | 8.8 | 8.8 | 17d ago | pgAdmin 4: OS command injection vulnerability in Import/Export query export | |
| CVE-2026-7815 | high | 8.8 | 8.8 | 17d ago | SQL injection vulnerability in pgAdmin 4 Maintenance Tool | |
| CVE-2026-44521 | high | 8.8 | 8.8 | 17d ago | elFinder MySQL has a SQL Injection in its Volume Driver (elFinderVolumeMySQL) | |
| CVE-2026-44345 | high | 8.8 | 8.8 | 17d ago | BentoML Dockerfile command injection via docker.base_image (sister of pending GHSA-w2pm-x38x-jp44 / CVE-2026-33744 / CVE-2026-35043) | |
| CVE-2026-32658 | high | 8.8 | 8.8 | 17d ago | Dell Automation Platform versions prior to 2.0.0.0, contains a missing authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading … | |
| CVE-2026-8264 | high | 8.8 | 8.8 | 18d ago | A weakness has been identified in Tenda AC6 15.03.06.23. Affected by this vulnerability is the function formWifiApScan of the file /goform/WifiApScan of the component httpd. Executing a manipulation … | |
| CVE-2026-8260 | high | 8.8 | 8.8 | 18d ago | A vulnerability was found in D-Link DCS-935L up to 1.10.01. The impacted element is the function SetDeviceSettings of the file /web/cgi-bin/hnap/hnap_service of the component HNAP Service. The manipu… | |
| CVE-2026-28923 | high | 8.8 | 8.8 | 18d ago | A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. A malicious app may be able to break out of its sandbox. | |
| CVE-2026-28995 | high | 8.8 | 8.8 | 18d ago | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. A mali… | |
| CVE-2026-28940 | high | 8.8 | 8.8 | 18d ago | The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5.… | |
| CVE-2026-28978 | high | 8.8 | 8.8 | 18d ago | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. A malicious app may be able to break out of its san… | |
| CVE-2026-8234 | high | 8.8 | 8.8 | 18d ago | A security vulnerability has been detected in EFM ipTIME A8004T 14.18.2. This vulnerability affects the function formWifiBasicSet of the file /goform/WifiBasicSet. The manipulation of the argument se… | |
| CVE-2026-8230 | high | 8.8 | 8.8 | 18d ago | A flaw has been found in Wavlink NU516U1 240425. The impacted element is the function sys_login1 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to os command… | |
| CVE-2026-8229 | high | 8.8 | 8.8 | 18d ago | A vulnerability was detected in Wavlink NU516U1 240425. The affected element is the function WifiBasic of the file /cgi-bin/wireless.cgi. Performing a manipulation of the argument AuthMethod/EncrypTy… | |
| CVE-2026-8228 | high | 8.8 | 8.8 | 18d ago | A security vulnerability has been detected in Wavlink NU516U1 240425. Impacted is the function advance of the file /cgi-bin/wireless.cgi. Such manipulation of the argument wlan_conf/Channel/skiplist/… | |
| CVE-2026-8227 | high | 8.8 | 8.8 | 18d ago | A weakness has been identified in Wavlink NU516U1 240425. This issue affects the function wzdapMesh of the file /cgi-bin/adm.cgi. This manipulation causes os command injection. The attack may be init… | |
| CVE-2026-8192 | high | 8.8 | 8.8 | 19d ago | A security flaw has been discovered in Wavlink NU516U1 M16U1_V240425. This vulnerability affects the function wzdap of the file /cgi-bin/adm.cgi. Performing a manipulation of the argument EncrypType/… | |
| CVE-2026-8191 | high | 8.8 | 8.8 | 19d ago | A vulnerability was identified in Wavlink NU516U1 M16U1_V240425. This affects the function wifi_region of the file /cgi-bin/adm.cgi. Such manipulation of the argument skiplist1/skiplist2 leads to os … | |
| CVE-2026-8190 | high | 8.8 | 8.8 | 19d ago | A vulnerability was determined in Wavlink NU516U1 M16U1_V240425. Affected by this issue is the function wan of the file /cgi-bin/adm.cgi. This manipulation of the argument ppp_username/ppp_passwd/rwa… | |
| CVE-2026-8189 | high | 8.8 | 8.8 | 19d ago | A vulnerability was found in Wavlink NU516U1 M16U1_V240425. Affected by this vulnerability is the function wzdrepeater of the file /cgi-bin/adm.cgi. The manipulation of the argument wlan_bssid/sel_Au… | |
| CVE-2026-8188 | high | 8.8 | 8.8 | 19d ago | A vulnerability has been found in Wavlink NU516U1 M16U1_V240425. Affected is the function change_wifi_password of the file /cgi-bin/adm.cgi. The manipulation of the argument wl_channel/wl_Pass/Encryp… | |
| CVE-2026-44832 | high | 8.8 | 8.8 | 20d ago | Snipe-IT has Privilege Escalation via API Permissions Assignment | |
| CVE-2026-41486 | high | 8.8 | 8.8 | 20d ago | Ray: Remote Code Execution via Parquet Arrow Extension Type Deserialization | |
| CVE-2026-29203 | high | 8.8 | 8.8 | 20d ago | A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing setting root permissions on arbitrary system files or directories. That can cause DoS or local privilege es… | |
| CVE-2026-29202 | high | 8.8 | 8.8 | 20d ago | Insufficient input validation of the `plugin` parameter of the `create_user` plugin allows arbitrary Perl code execution on behalf of the already authenticated account's system user. | |
| CVE-2026-43403 | high | 8.8 | 8.8 | 20d ago | In the Linux kernel, the following vulnerability has been resolved: nsfs: tighten permission checks for ns iteration ioctls Even privileged services should not necessarily be able to see other priv… | |
| CVE-2026-43391 | high | 8.8 | 8.8 | 20d ago | In the Linux kernel, the following vulnerability has been resolved: nsfs: tighten permission checks for handle opening Even privileged services should not necessarily be able to see other privilege… | |
| CVE-2026-43334 | high | 8.8 | 8.8 | 20d ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SMP: force responder MITM requirements before building the pairing response smp_cmd_pairing_req() currently builds the… | |
| CVE-2026-43322 | high | 8.8 | 8.8 | 20d ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: Fix UAF in le_read_features_complete This fixes the following backtrace caused by hci_conn being freed befor… | |
| CVE-2026-39816 | high | 8.8 | 8.8 | 20d ago | Apache NiFi is missing the Restricted annotation with the Execute Code Required Permission | |
| CVE-2026-25077 | high | 8.8 | 8.8 | 20d ago | Account users are allowed by default to register templates to be downloaded directly to the primary storage for deploying instances using the KVM hypervisor. Due to missing file name sanitization, an… | |
| CVE-2026-5127 | high | 8.8 | 8.8 | 20d ago | The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to Deserialization of Untrusted Data in versions up to, and … | |
| CVE-2026-8138 | high | 8.8 | 8.8 | 20d ago | A vulnerability was found in Tenda CX12L 16.03.53.12. This issue affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg”. The manipulation results in stack-based buffer overflow.… | |
| CVE-2026-8137 | high | 8.8 | 8.8 | 20d ago | A vulnerability has been found in Totolink X5000R 9.1.0u.6369_B20230113. This vulnerability affects the function sub_458E40 of the file /boafrm/formDdns. The manipulation of the argument submit-url l… | |
| CVE-2026-42271 | high | 8.8 | 8.8 | 21d ago | LiteLLM: Authenticated command execution via MCP stdio test endpoints | |
| CVE-2026-42203 | high | 8.8 | 8.8 | 21d ago | LiteLLM: Server-Side Template Injection in /prompts/test endpoint | |
| CVE-2026-41900 | high | 8.8 | 8.8 | 21d ago | OpenLearnX has Critical Remote Code Execution Through Python Sandbox Escape via Code Execution Environment | |
| CVE-2026-42215 | high | 8.8 | 8.8 | 21d ago | GitPython has Command Injection via Git options bypass | |
| CVE-2026-5786 | high | 8.8 | 8.8 | 21d ago | An Improper Access Control vulnerability in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote authenticated attacker to gain administrative access. | |
| CVE-2026-30495 | high | 8.8 | 8.8 | 21d ago | The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes Android Debug Bridge (ADB) on TCP port 5555 over the network without requiring authentication. The device is con… | |
| CVE-2026-6002 | high | 8.8 | 8.8 | 21d ago | Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross-Site Scripting (XSS). This issue affec… | |
| CVE-2026-5784 | high | 8.8 | 8.8 | 21d ago | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Stored XSS. This issue affects DivvyD… | |
| CVE-2026-3953 | high | 8.8 | 8.8 | 21d ago | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Gosoft Software Industry and Trade Ltd. Co. Proticaret E-Commerce allows Cross-Site Scripting (XS… | |
| CVE-2026-6692 | high | 8.8 | 8.8 | 21d ago | The Slider Revolution plugin for WordPress is vulnerable to Arbitrary File Upload in versions 7.0.0 to 7.0.10 via the '_get_media_url' and '_check_file_path' function. This is due to insufficient fil… | |
| CVE-2026-41143 | high | 8.8 | 8.8 | 21d ago | YesWiki vulnerable to authenticated SQL Injection via id_fiche in EntryManager::formatDataBeforeSave() | |
| CVE-2026-41139 | high | 8.8 | 8.8 | 21d ago | mathjs Allows Improperly Controlled Modification of Dynamically-Determined Object Attributes | |
| CVE-2026-41640 | high | 8.8 | 8.8 | 22d ago | @nocobase/database has SQL Injection via String Concatenation through Recursive Eager Loading | |
| CVE-2026-41142 | high | 8.8 | 8.8 | 22d ago | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3… | |
| CVE-2026-42550 | high | 8.8 | 8.8 | 22d ago | Flight vulnerable to SQL Injection via unvalidated identifiers in SimplePdo::insert / update / delete | |
| CVE-2026-42844 | high | 8.8 | 8.8 | 22d ago | Low-privileged Grav API users can create super-admin accounts via blueprint-upload | |
| CVE-2026-44115 | high | 8.8 | 8.8 | 22d ago | OpenClaw before 2026.4.22 contains an exec allowlist analysis vulnerability allowing shell expansion hiding in unquoted heredoc bodies. Attackers can bypass allowlist validation by embedding shell ex… | |
| CVE-2026-44110 | high | 8.8 | 8.8 | 22d ago | OpenClaw: Matrix room control-command authorization no longer trusts DM pairing-store entries | |
| CVE-2026-43584 | high | 8.8 | 8.8 | 22d ago | OpenClaw: Exec environment denylist missed high-risk interpreter startup variables | |
| CVE-2026-40076 | high | 8.8 | 8.8 | 22d ago | OpenMRS Module Upload Vulnerable to Path Traversal (Zip Slip) | |
| CVE-2026-8016 | high | 8.8 | 8.8 | 22d ago | Use after free in WebRTC in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low) | |
| CVE-2026-8002 | high | 8.8 | 8.8 | 22d ago | Use after free in Audio in Google Chrome on Mac prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low) | |
| CVE-2026-8000 | high | 8.8 | 8.8 | 22d ago | Insufficient validation of untrusted input in ChromeDriver in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium se… | |
| CVE-2026-7995 | high | 8.8 | 8.8 | 22d ago | Out of bounds read in AdFilter in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Mediu… | |
| CVE-2026-7992 | high | 8.8 | 8.8 | 22d ago | Insufficient validation of untrusted input in UI in Google Chrome on Linux, ChromeOS prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute… | |
| CVE-2026-7991 | high | 8.8 | 8.8 | 22d ago | Use after free in UI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Ch… | |
| CVE-2026-7988 | high | 8.8 | 8.8 | 22d ago | Type Confusion in WebRTC in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) |