CVEs from 2026
Total
13,396
critical
critical 1,126
high
high 3,969
medium
medium 4,021
low
low 420
% Critical
8.4%
% with KEV
0.4%
% with exploit
0.4%
Top products
- chrome 299
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 221
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-8603 | critical | 9.8 | 9.8 | 9d ago | In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an attacker to execute commands as root on the SCADA system. | |||
| CVE-2026-36829 | critical | 9.8 | 9.8 | 9d ago | An authentication bypass vulnerability exists in the embedded HTTP server of Panabit PAP-XM320 up to and including v7.7. The server validates session cookies using a filesystem existence check based … | |||
| CVE-2026-37281 | critical | 9.8 | 9.8 | 9d ago | An OS command injection vulnerability in the /stream-to-vlc Express route in hitarth-gg Zenshin before 2.7.0 allows remote attackers to execute arbitrary commands via the url parameter. | |||
| CVE-2026-31072 | critical | 9.8 | 9.8 | 9d ago | The JSONSerializer and CBORSerializer in APScheduler (all versions including 3.10.x and 4.0.0a5) are vulnerable to Remote Code Execution (RCE) via Insecure Deserialization. The unmarshal_object funct… | |||
| CVE-2026-31070 | critical | 9.8 | 9.8 | 9d ago | The LalanaChami Pharmacy Management System (commit 5c3d028) allows unauthenticated remote attackers to escalate privileges by self-assigning an administrative role during registration. The /api/user/… | |||
| CVE-2026-30118 | critical | 9.8 | 9.8 | 9d ago | scalar/astro v0.1.13 was discovered to contain a Server-Side Request Forgery (SSRF) in the scalar_url query parameter of the Scalar Proxy endpoint. This vulnerability allows unauthenticated attackers… | |||
| CVE-2026-30117 | critical | 9.8 | 9.8 | 9d ago | scalar/astro v0.1.13 was discovered to contain an arbitrary file upload vulnerability in the the scalar_url query parameter of the Scalar Proxy endpoint. This vulnerability allows attackers to execut… | |||
| CVE-2026-44159 | critical | 9.8 | 9.8 | 9d ago | Tyler Identity Local (TID-L) uses documented, default administrative credentials. Users are not required to change the credentials before deployment. TID-L has not been distributed since December 202… | |||
| CVE-2026-47323 | critical | 9.8 | 9.8 | 9d ago | Camel-CXF and Camel-Knative Message Header Injection via Missing Inbound Filtering The CXF and Knative HeaderFilterStrategy implementations (CxfRsHeaderFilterStrategy in camel-cxf-rest, CxfHeaderFil… | |||
| CVE-2026-4883 | critical | 9.8 | 9.8 | 9d ago | The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'piotnetforms_ajax_form_builder' function in all versions up to, and including… | |||
| CVE-2026-43493 | critical | 9.8 | 9.8 | 9d ago | In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Fix handling of MAY_BACKLOG requests MAY_BACKLOG requests can return EBUSY. Handle them by checking for that va… | |||
| CVE-2026-45434 | critical | 9.8 | 9.8 | 9d ago | Improper Authentication vulnerability in Apache OFBiz via Password-Change Logic Flaw Leading to Remote Code Execution This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgr… | |||
| CVE-2026-4885 | critical | 9.8 | 9.8 | 10d ago | The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'pafe_ajax_form_builder' function in all versions up to, an… | |||
| CVE-2026-8838 | critical | 9.8 | 9.8 | 10d ago | Unsafe use of Python's eval() on server-received data in the vector_in() function in amazon-redshift-python-driver before 2.1.14 allows a rogue server or man-in-the-middle actor to execute arbitrary … | |||
| CVE-2026-25244 | critical | 9.8 | 9.8 | 10d ago | WebdriverIO BrowserStack Service has a Command Injection issue | |||
| CVE-2026-8836 | critical | 9.8 | 9.8 | 10d ago | A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmp_parse_inbound_frame of the file src/apps/snmp/snmp_msg.c of the component snmpv3 USM Handler. Performing a manipulation of… | |||
| CVE-2026-45495 | critical | 9.8 | 9.8 | 10d ago | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||
| CVE-2026-7304 | critical | 9.8 | 9.8 | 10d ago | SGLangs multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled, as Python objects loaded via dill.loads() will… | |||
| CVE-2026-7301 | critical | 9.8 | 9.8 | 10d ago | SGLangs multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pickle.loads() on incoming messages, enabling RCE when exposed to the intern… | |||
| CVE-2026-8721 | critical | 9.8 | 9.8 | 11d ago | Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char *, which routes through Perl's default typemap to Sv… | |||
| CVE-2026-8507 | critical | 9.8 | 9.8 | 11d ago | Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws. When parsing a PKCS12 file, with a >= 1 GiB OCTET STRING (or BIT STRING) attribute on a SAFEBAG, via info(… | |||
| CVE-2026-8751 | critical | 9.8 | 9.8 | 11d ago | A security flaw has been discovered in h2oai h2o-3 up to 7402. This affects the function importBinaryModel of the file h2o-core/src/main/java/hex/Model.java of the component JAR Handler. Performing a… | |||
| CVE-2026-44566 | critical | 9.8 | 9.8 | 13d ago | Open WebUI Vulnerable to Arbitrary File Upload and Path Traversal | |||
| CVE-2026-8696 | critical | 9.8 | 9.8 | 13d ago | radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_pids_list() function within the GDB client core that allows remote attackers to cause a denial of service or potentially execute arbi… | |||
| CVE-2026-46364 | critical | 9.8 | 9.8 | 13d ago | phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector() and BuiltinCaptcha::saveCaptcha() methods that interpolate unsanitized User-Agent h… | |||
| CVE-2026-8695 | critical | 9.8 | 9.8 | 13d ago | radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_threads_list() function that allows remote attackers to trigger memory corruption by sending a valid qfThreadInfo response followed b… | |||
| CVE-2026-44717 | critical | 9.8 | 9.8 | 13d ago | MCP Calculate Server is a mathematical calculation service based on MCP protocol and SymPy library. Prior to 0.1.1, the use of eval() to evaluate mathematical expressions without proper input sanitiz… | |||
| CVE-2026-45772 | critical | 9.8 | 9.8 | 13d ago | Turbo: Unexpected local code execution during Yarn Berry detection | |||
| CVE-2026-5229 | critical | 9.8 | 9.8 | 14d ago | The Form Notify plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.1.10. This is due to the plugin trusting user-controlled cookie data to determine which W… | |||
| CVE-2026-45288 | critical | 9.8 | 9.8 | 14d ago | Marten is a .NET Transactional Document DB and Event Store on PostgreSQL. Prior to 8.36.1, Marten's full-text search APIs interpolated the user-supplied regConfig parameter directly into the generate… | |||
| CVE-2026-26191 | critical | 9.8 | 9.8 | 14d ago | Fleet vulnerable to OS command injection in software packages | |||
| CVE-2026-41315 | critical | 9.8 | 9.8 | 14d ago | mdserver-web is a simple Linux panel. From 0.18.0 to 0.18.4, mdserver-web has a front-end unauthorized remote command execution vulnerability. Due to the lack of authentication on the /modify_crond a… | |||
| CVE-2026-42589 | critical | 9.8 | 9.8 | 14d ago | Gotenberg has Unauthenticated RCE via ExifTool Metadata Key Injection | |||
| CVE-2026-44484 | critical | 9.8 | 9.8 | 14d ago | Compromise of PyTorch Lightning PyPi Package Versions | |||
| CVE-2026-2347 | critical | 9.8 | 9.8 | 14d ago | Authorization bypass through User-Controlled key vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Session Hijacking. This issue affects E-Commerce Website: b… | |||
| CVE-2026-6510 | critical | 9.8 | 9.8 | 15d ago | The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation via missing authorization in all versions up to, and including, 5.1.2. This is due to missing nonce verification and capa… | |||
| CVE-2026-6271 | critical | 9.8 | 9.8 | 15d ago | The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7 via the CV upload handler. This is due to missing file type validation. This m… | |||
| CVE-2026-8181 | critical | 9.8 | 9.8 | 15d ago | The Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative) plugin for WordPress is vulnerable to Authentication Bypass in versions 3.4.0 to 3.4.1.1. This is due to inc… | |||
| CVE-2026-8500 | critical | 9.8 | 9.8 | 15d ago | Web::Passwd versions through 0.03 for Perl is vulnerable to RCE. Web::Passwd is a small CGI application for managing htpasswd files using the htpasswd command. The user parameter is not validated o… | |||
| CVE-2026-42581 | critical | 9.8 | 9.8 | 15d ago | Netty HTTP/1.0 TE+CL Coexistence Bypasses Smuggling Sanitization | |||
| CVE-2026-42031 | critical | 9.8 | 9.8 | 15d ago | CKAN has Unauthenticated SQL Injection and Authorization Bypass in `datastore_search_sql` | |||
| CVE-2026-45411 | critical | 9.8 | 9.8 | 15d ago | vm2 Has a Sandbox Breakout Using Async Generator | |||
| CVE-2026-44009 | critical | 9.8 | 9.8 | 15d ago | vm2 has Sandbox Breakout Through Null Proto Exception | |||
| CVE-2026-44008 | critical | 9.8 | 9.8 | 15d ago | vm2 has sandbox breakout via `neutralizeArraySpeciesBatch` | |||
| CVE-2026-45083 | critical | 9.8 | 9.8 | 15d ago | The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. From 4.8.0 to before 26.04.1, the Goobi viewer REST endpoint POST /api/v1/index/stream accepted … | |||
| CVE-2026-42062 | critical | 9.8 | 9.8 | 15d ago | ELECOM wireless LAN access point devices contain an OS command injection in processing of username parameter. If processing a crafted request, an arbitrary OS command may be executed. No authenticati… | |||
| CVE-2026-40621 | critical | 9.8 | 9.8 | 15d ago | ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication. | |||
| CVE-2026-32661 | critical | 9.8 | 9.8 | 16d ago | Stack-based buffer overflow vulnerability exists in GUARDIANWALL MailSuite and GUARDIANWALL Mail Security Cloud (SaaS version). If a remote attacker sends a specially crafted request to the product's… | |||
| CVE-2026-42854 | critical | 9.8 | 9.8 | 16d ago | arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer multipart form parser in arduino-esp32 allocates a … | |||
| CVE-2026-45185 | critical | 9.8 | 9.8 | 16d ago | Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a C… | |||
| CVE-2026-44343 | critical | 9.8 | 9.8 | 16d ago | WGDashboard is a dashboard for WireGuard VPN. Prior to 4.3.2, there are critical vulnerabilities affecting WGDashboard that, if exploited, could allow unauthorized parties to access the host file sys… | |||
| CVE-2026-44183 | critical | 9.8 | 9.8 | 16d ago | Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, TrustedNetworkAuthenticationHandler.… | |||
| CVE-2026-41096 | critical | 9.8 | 9.8 | 16d ago | Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network. | |||
| CVE-2026-41089 | critical | 9.8 | 9.8 | 16d ago | Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network. | |||
| CVE-2026-31239 | critical | 9.8 | 9.8 | 16d ago | mamba language model framework vulnerable to insecure deserialization when loading pre-trained models from HuggingFace Hub | |||
| CVE-2026-31238 | critical | 9.8 | 9.8 | 16d ago | Ludwig framework is vulnerable to insecure deserialization in its model serving component | |||
| CVE-2026-31237 | critical | 9.8 | 9.8 | 16d ago | Ludwig framework is vulnerable to insecure deserialization through its predict() method. | |||
| CVE-2026-31236 | critical | 9.8 | 9.8 | 16d ago | llm CLI tool contains a code injection vulnerability via `--functions` command-line argument | |||
| CVE-2026-31235 | critical | 9.8 | 9.8 | 16d ago | imgaug contains an insecure deserialization vulnerability in BackgroundAugmenter class within multicore.py module | |||
| CVE-2026-31234 | critical | 9.8 | 9.8 | 16d ago | Horovod contains an insecure deserialization vulnerability in its KVStore HTTP server component | |||
| CVE-2026-31233 | critical | 9.8 | 9.8 | 16d ago | Guardrails AI contains a code injection vulnerability in its Hub package installation mechanism | |||
| CVE-2026-31231 | critical | 9.8 | 9.8 | 16d ago | Cognee thru v0.4.0 contains a critical remote code execution vulnerability in its notebook cell execution API endpoint. The endpoint is designed to execute arbitrary Python code provided by the user,… | |||
| CVE-2026-31230 | critical | 9.8 | 9.8 | 16d ago | The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component (robustness_evaluation_fgsm_pytorch.py). The script uses the un… | |||
| CVE-2026-31229 | critical | 9.8 | 9.8 | 16d ago | The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains an insecure deserialization vulnerability (CWE-502) in its Kubeflow component's model loading functionality. When loading model weights f… | |||
| CVE-2026-26083 | critical | 9.8 | 9.8 | 16d ago | A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud 5.0.2 through 5.0.5, FortiSandbox PaaS 23.4 all versions, Fort… | |||
| CVE-2026-43992 | critical | 9.8 | 9.8 | 16d ago | JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, every MCP write tool (send_tokens, execute_contract, instantiate_contract, upload_wasm, ibc_transfer, etc.) accept… | |||
| CVE-2026-43512 | critical | 9.8 | 9.8 | 16d ago | Apache Tomcat - Digest authenticator will authenticate any unknown user | |||
| CVE-2026-41293 | critical | 9.8 | 9.8 | 16d ago | Apache Tomcat - HTTP/2 request headers not validated | |||
| CVE-2026-34187 | critical | 9.8 | 9.8 | 16d ago | Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via graph container parameter. This issue affects Pandora FMS: from 777 through 800 | |||
| CVE-2026-31228 | critical | 9.8 | 9.8 | 16d ago | The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorch models uses the unsafe ev… | |||
| CVE-2026-31226 | critical | 9.8 | 9.8 | 16d ago | The TinyZero project thru commit 6652a63c57fa7e5ccde3fc9c598c7176ff15b839 (2025-58-24) contains a critical command injection vulnerability (CWE-78) in its HDFS file operation utilities. The vulnerabi… | |||
| CVE-2026-31220 | critical | 9.8 | 9.8 | 16d ago | PySyft server-side arbitrary Python execution after code approval | |||
| CVE-2026-31217 | critical | 9.8 | 9.8 | 16d ago | The _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f (2024-07-21) allows arbitrary code execution. When a user … | |||
| CVE-2026-31214 | critical | 9.8 | 9.8 | 16d ago | The torch-checkpoint-shrink.py script in the ml-engineering project in commit 0099885db36a8f06556efe1faf552518852cb1e0 (2025-20-27) contains an insecure deserialization vulnerability (CWE-502). The s… | |||
| CVE-2026-45393 | critical | 9.8 | 9.8 | 17d ago | Reserved. Details will be published at disclosure. | |||
| CVE-2026-45392 | critical | 9.8 | 9.8 | 17d ago | Reserved. Details will be published at disclosure. | |||
| CVE-2026-45391 | critical | 9.8 | 9.8 | 17d ago | Reserved. Details will be published at disclosure. | |||
| CVE-2026-43914 | critical | 9.8 | 9.8 | 17d ago | Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.4, there is a security vulnerability in Vaultwarden that allows bypassing the login brute-force protection if email 2fa is … | |||
| CVE-2026-8305 | critical | 9.8 | 9.8 | 17d ago | A vulnerability was detected in OpenClaw up to 2026.1.24. The impacted element is the function handleBlueBubblesWebhookRequest of the file extensions/bluebubbles/src/monitor.ts of the component blueb… | |||
| CVE-2026-7210 | critical | 9.8 | 9.8 | 17d ago | `xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this… | |||
| CVE-2026-43995 | critical | 9.8 | 9.8 | 17d ago | Flowise: SSRF Protection Bypass via Direct node-fetch / axios Usage (Patch Enforcement Failure) | |||
| CVE-2026-38567 | critical | 9.8 | 9.8 | 17d ago | HireFlow v1.2 is vulnerable to SQL injection in the /login and /search endpoints. User-supplied input is concatenated directly into SQL queries without parameterization. An unauthenticated attacker c… | |||
| CVE-2026-35157 | critical | 9.8 | 9.8 | 17d ago | Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability in the UI. An unauthentic… | |||
| CVE-2026-8263 | critical | 9.8 | 9.8 | 18d ago | A security flaw has been discovered in Tenda AC6 15.03.06.49_multi_TDE01. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet of the component httpd. Performing a manipula… | |||
| CVE-2026-7261 | critical | 9.8 | 9.8 | 19d ago | In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when SoapServer is configured with SOAP_PERSISTENCE_SESSION, the handler object is persisted acr… | |||
| CVE-2026-6722 | critical | 9.8 | 9.8 | 19d ago | In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global m… | |||
| CVE-2026-6665 | critical | 9.8 | 9.8 | 20d ago | The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat() correctly when building the contents of the SCRAM client-final-message. A malicious backend that sends a SCRAM se… | |||
| CVE-2026-42354 | critical | 9.8 | 9.8 | 20d ago | Sentry's improper authentication on SAML SSO process allows user identity linking | |||
| CVE-2026-42302 | critical | 9.8 | 9.8 | 20d ago | FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution (RCE). The star… | |||
| CVE-2026-37709 | critical | 9.8 | 9.8 | 20d ago | Snipe-IT has insecure permissions in file uploads | |||
| CVE-2026-42072 | critical | 9.8 | 9.8 | 20d ago | NornicDB has Improper Network Binding in its Bolt Server, allowing unauthorized remote access | |||
| CVE-2026-41889 | critical | 9.8 | 9.8 | 20d ago | pgx: SQL Injection via placeholder confusion with dollar quoted string literals | |||
| CVE-2026-38360 | critical | 9.8 | 9.8 | 20d ago | Directory Traversal vulnerability in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execute arbitrary code via the dash_uploader/httprequesthandler.py, aseHttpRequestHan… | |||
| CVE-2026-43465 | critical | 9.8 | 9.8 | 20d ago | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: RX, Fix XDP multi-buf frag counting for striding RQ XDP multi-buf programs can modify the layout of the XDP buffer whe… | |||
| CVE-2026-43414 | critical | 9.8 | 9.8 | 20d ago | In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Completely fix fcport double free In qla24xx_els_dcmd_iocb() sp->free is set to qla2x00_els_dcmd_sp_free(). When a… | |||
| CVE-2026-43402 | critical | 9.8 | 9.8 | 20d ago | In the Linux kernel, the following vulnerability has been resolved: kthread: consolidate kthread exit paths to prevent use-after-free Guillaume reported crashes via corrupted RCU callback function … | |||
| CVE-2026-43384 | critical | 9.8 | 9.8 | 20d ago | In the Linux kernel, the following vulnerability has been resolved: net/tcp-ao: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the… | |||
| CVE-2026-43379 | critical | 9.8 | 9.8 | 20d ago | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in smb_lazy_parent_lease_break_close() opinfo pointer obtained via rcu_dereference(fp->f_opinfo) is bei… | |||
| CVE-2026-43376 | critical | 9.8 | 9.8 | 20d ago | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free by using call_rcu() for oplock_info ksmbd currently frees oplock_info immediately using kfree(), even t… | |||
| CVE-2026-41574 | critical | 9.8 | 9.8 | 20d ago | Nhost Vulnerable to Account Takeover via OAuth Email Verification Bypass |