CVEs from 2026
Total
13,460
critical
critical 1,176
high
high 4,283
medium
medium 4,161
low
low 442
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.8%
Top products
- chrome 417
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-43905 | high | 7.8 | 7.8 | 17d ago | OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, jpeg2000input.cpp:395 computes buffer… | |||
| CVE-2026-43904 | high | 7.8 | 7.8 | 17d ago | OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, softimageinput.cpp:469 (mixed RLE) an… | |||
| CVE-2026-43903 | high | 7.8 | 7.8 | 17d ago | OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, sgiinput.cpp:265,274 use OIIO_DASSERT… | |||
| CVE-2026-42283 | high | 7.8 | 7.8 | 17d ago | DevSpace UI Server WebSocket CheckOrigin does not validate source | |||
| CVE-2026-44471 | high | 7.8 | 7.8 | 18d ago | gitoxide is an implementation of git written in Rust. Prior to 0.21.1, a malicious tree can be constructed that will, when checked out with gitoxide, permit writing an attacker-controlled symlink int… | |||
| CVE-2026-30906 | high | 7.8 | 7.8 | 18d ago | Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access. | |||
| CVE-2026-30905 | high | 7.8 | 7.8 | 18d ago | External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via loca… | |||
| CVE-2026-43481 | high | 7.8 | 7.8 | 18d ago | In the Linux kernel, the following vulnerability has been resolved: net-shapers: don't free reply skb after genlmsg_reply() genlmsg_reply() hands the reply skb to netlink, and netlink_unicast() con… | |||
| CVE-2026-43476 | high | 7.8 | 7.8 | 18d ago | In the Linux kernel, the following vulnerability has been resolved: iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas() sizeof(num) evaluates to sizeof(size_t) (8 bytes on 64-bit) in… | |||
| CVE-2026-42290 | high | 7.8 | 7.8 | 18d ago | protobuf.js is Vulnerable to OS Command Injection in the CLI | |||
| CVE-2026-45152 | high | 7.8 | 7.8 | 18d ago | uniget is a universal installer and updater for (container) tools. Prior to 0.27.1, a command injection vulnerability exists in uniget due to unsafe execution of the check field from metadata files u… | |||
| CVE-2026-44724 | high | 7.8 | 7.8 | 18d ago | systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linux, systeminformation is vulnerable to command injection in networkInterfaces() when an active Netwo… | |||
| CVE-2026-44612 | high | 7.8 | 7.8 | 18d ago | Bytello Share (Windows Edition) installer executable provided by Bytello insecurely loads Dynamic Link Libraries. If there is a crafted DLL at the same directory when invoking the affected installer,… | |||
| CVE-2026-21020 | high | 7.8 | 7.8 | 18d ago | Improper export of android application components in OmaCP prior to SMR May-2026 Release 1 allows local attackers to trigger privileged functions. | |||
| CVE-2026-8108 | high | 7.8 | 7.8 | 19d ago | The installation of Fuji Tellus adds a driver to the kernel which grants all users read and write permissions. | |||
| CVE-2026-42191 | high | 7.8 | 7.8 | 19d ago | OpenTelemetry's disk retry default temp path enables local blob injection via OTLP Exporter | |||
| CVE-2026-34690 | high | 7.8 | 7.8 | 19d ago | After Effects versions 26.0, 25.6.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitat… | |||
| CVE-2026-34684 | high | 7.8 | 7.8 | 19d ago | Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation … | |||
| CVE-2026-34683 | high | 7.8 | 7.8 | 19d ago | Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation … | |||
| CVE-2026-34682 | high | 7.8 | 7.8 | 19d ago | Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation … | |||
| CVE-2026-34681 | high | 7.8 | 7.8 | 19d ago | Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation … | |||
| CVE-2026-31221 | high | 7.8 | 7.8 | 19d ago | PyTorch Lightning load_from_checkpoint has an insecure checkpoint deserialization | |||
| CVE-2026-42896 | high | 7.8 | 7.8 | 19d ago | <p>Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.</p> | |||
| CVE-2026-42831 | high | 7.8 | 7.8 | 19d ago | <p>Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.</p> | |||
| CVE-2026-41095 | high | 7.8 | 7.8 | 19d ago | <p>Use after free in Data Deduplication allows an authorized attacker to elevate privileges locally.</p> | |||
| CVE-2026-41088 | high | 7.8 | 7.8 | 19d ago | <p>External control of file name or path in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p> | |||
| CVE-2026-40419 | high | 7.8 | 7.8 | 19d ago | <p>Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.</p> | |||
| CVE-2026-40418 | high | 7.8 | 7.8 | 19d ago | <p>Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.</p> | |||
| CVE-2026-40417 | high | 7.8 | 7.8 | 19d ago | <p>Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally.</p> | |||
| CVE-2026-40408 | high | 7.8 | 7.8 | 19d ago | <p>Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.</p> | |||
| CVE-2026-40407 | high | 7.8 | 7.8 | 19d ago | <p>Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.</p> | |||
| CVE-2026-40399 | high | 7.8 | 7.8 | 19d ago | <p>Stack-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.</p> | |||
| CVE-2026-40398 | high | 7.8 | 7.8 | 19d ago | <p>Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.</p> | |||
| CVE-2026-40397 | high | 7.8 | 7.8 | 19d ago | <p>Integer underflow (wrap or wraparound) in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.</p> | |||
| CVE-2026-40382 | high | 7.8 | 7.8 | 19d ago | <p>Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.</p> | |||
| CVE-2026-40381 | high | 7.8 | 7.8 | 19d ago | <p>Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.</p> | |||
| CVE-2026-40377 | high | 7.8 | 7.8 | 19d ago | <p>Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.</p> | |||
| CVE-2026-40369 | high | 7.8 | 7.8 | 19d ago | <p>Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.</p> | |||
| CVE-2026-40362 | high | 7.8 | 7.8 | 19d ago | <p>Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p> | |||
| CVE-2026-40360 | high | 7.8 | 7.8 | 19d ago | <p>Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.</p> | |||
| CVE-2026-40359 | high | 7.8 | 7.8 | 19d ago | <p>Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.</p> | |||
| CVE-2026-35421 | high | 7.8 | 7.8 | 19d ago | <p>Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally.</p> | |||
| CVE-2026-35420 | high | 7.8 | 7.8 | 19d ago | <p>Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.</p> | |||
| CVE-2026-35417 | high | 7.8 | 7.8 | 19d ago | <p>Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.</p> | |||
| CVE-2026-35415 | high | 7.8 | 7.8 | 19d ago | <p>Integer overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.</p> | |||
| CVE-2026-34687 | high | 7.8 | 7.8 | 19d ago | Illustrator versions 29.8.6, 30.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation… | |||
| CVE-2026-34676 | high | 7.8 | 7.8 | 19d ago | Substance3D - Painter versions 12.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation o… | |||
| CVE-2026-34675 | high | 7.8 | 7.8 | 19d ago | Substance3D - Painter versions 12.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation o… | |||
| CVE-2026-34661 | high | 7.8 | 7.8 | 19d ago | Illustrator versions 29.8.6, 30.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of th… | |||
| CVE-2026-34644 | high | 7.8 | 7.8 | 19d ago | After Effects versions 26.0, 25.6.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Explo… | |||
| CVE-2026-34643 | high | 7.8 | 7.8 | 19d ago | After Effects versions 26.0, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of … | |||
| CVE-2026-34642 | high | 7.8 | 7.8 | 19d ago | After Effects versions 26.0, 25.6.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitati… | |||
| CVE-2026-34640 | high | 7.8 | 7.8 | 19d ago | Media Encoder versions 26.0.2, 25.6.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exp… | |||
| CVE-2026-34639 | high | 7.8 | 7.8 | 19d ago | Media Encoder versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation o… | |||
| CVE-2026-34638 | high | 7.8 | 7.8 | 19d ago | Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this … | |||
| CVE-2026-34637 | high | 7.8 | 7.8 | 19d ago | Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of… | |||
| CVE-2026-34636 | high | 7.8 | 7.8 | 19d ago | Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of… | |||
| CVE-2026-34344 | high | 7.8 | 7.8 | 19d ago | <p>Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.</p> | |||
| CVE-2026-34343 | high | 7.8 | 7.8 | 19d ago | <p>Heap-based buffer overflow in Windows Application Identity (AppID) Subsystem allows an authorized attacker to elevate privileges locally.</p> | |||
| CVE-2026-34338 | high | 7.8 | 7.8 | 19d ago | <p>Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.</p> | |||
| CVE-2026-34336 | high | 7.8 | 7.8 | 19d ago | <p>Buffer over-read in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.</p> | |||
| CVE-2026-34333 | high | 7.8 | 7.8 | 19d ago | <p>Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.</p> | |||
| CVE-2026-34330 | high | 7.8 | 7.8 | 19d ago | <p>Integer overflow or wraparound in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.</p> | |||
| CVE-2026-33841 | high | 7.8 | 7.8 | 19d ago | <p>Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.</p> | |||
| CVE-2026-33840 | high | 7.8 | 7.8 | 19d ago | <p>Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.</p> | |||
| CVE-2026-33838 | high | 7.8 | 7.8 | 19d ago | <p>Double free in Windows Message Queuing allows an authorized attacker to elevate privileges locally.</p> | |||
| CVE-2026-33837 | high | 7.8 | 7.8 | 19d ago | <p>Heap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.</p> | |||
| CVE-2026-33835 | high | 7.8 | 7.8 | 19d ago | <p>Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.</p> | |||
| CVE-2026-33834 | high | 7.8 | 7.8 | 19d ago | <p>Improper access control in Windows Event Logging Service allows an authorized attacker to elevate privileges locally.</p> | |||
| CVE-2026-32204 | high | 7.8 | 7.8 | 19d ago | <p>External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.</p> | |||
| CVE-2026-20767 | high | 7.8 | 7.8 | 19d ago | Improper input validation for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary… | |||
| CVE-2026-20714 | high | 7.8 | 7.8 | 19d ago | Out-of-bounds write for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a escalation of privilege. Unprivileged software adversary with a… | |||
| CVE-2026-8110 | high | 7.8 | 7.8 | 19d ago | Incorrect permissions assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6 allows a local authenticated attacker to escalate their privileges. | |||
| CVE-2026-32687 | high | 7.8 | 7.8 | 19d ago | Postgrex: Channel-name SQL injection in `Postgrex.Notifications.listen/3` | |||
| CVE-2026-44412 | high | 7.8 | 7.8 | 19d ago | A vulnerability has been identified in Solid Edge SE2026 (All versions < V226.0 Update 5). The affected applications contain a stack based overflow vulnerability while parsing specially crafted PAR f… | |||
| CVE-2026-44411 | high | 7.8 | 7.8 | 19d ago | A vulnerability has been identified in Solid Edge SE2026 (All versions < V226.0 Update 5). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR f… | |||
| CVE-2026-34963 | high | 7.8 | 7.8 | 20d ago | barebox version prior to 2026.04.0 contains multiple memory-safety vulnerabilities in the EFI PE loader in efi/loader/pe.c where integer overflow in virtual image size computation using 32-bit arithm… | |||
| CVE-2026-42046 | high | 7.8 | 7.8 | 20d ago | libcaca is a colour ASCII art library. In 0.99.beta20 and earlier, an integer overflow vulnerability in libcaca's canvas import functionality allows an attacker to cause a controlled heap out-of-boun… | |||
| CVE-2026-7818 | high | 7.8 | 7.8 | 20d ago | pgAdmin 4 has deserialization of untrusted data in its FileBackedSessionManager | |||
| CVE-2026-45004 | high | 7.8 | 7.8 | 20d ago | OpenClaw vulnerable to arbitrary code execution via attacker-controlled setup-api.js loaded from cwd during env-key resolution | |||
| CVE-2026-3609 | high | 7.8 | 7.8 | 20d ago | Wellbia's XIGNCODE3 xhunter1.sys kernel driver Privilege Escalation Vulnerability provides access to IRP_MJ_REITS command interface, which allows any user process to request a PROCESS_ALL_ACCESS. Cr… | |||
| CVE-2026-40636 | high | 7.8 | 7.8 | 20d ago | Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a use of hard-coded credentials vulnerability. An unauthenticated attacker with local access could p… | |||
| CVE-2026-28840 | high | 7.8 | 7.8 | 21d ago | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.4. An app may be able to gain root privileges. | |||
| CVE-2026-28915 | high | 7.8 | 7.8 | 21d ago | A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able … | |||
| CVE-2026-28951 | high | 7.8 | 7.8 | 21d ago | An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Ta… | |||
| CVE-2026-28919 | high | 7.8 | 7.8 | 21d ago | A consistency issue was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to gain root privileges. | |||
| CVE-2026-42311 | high | 7.8 | 7.8 | 22d ago | Pillow has an OOB Write with Invalid PSD Tile Extents (Integer Overflow) | |||
| CVE-2026-42301 | high | 7.8 | 7.8 | 22d ago | pyp2spec is Vulnerable to Code Injection | |||
| CVE-2026-43461 | high | 7.8 | 7.8 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: spi: amlogic: spifc-a4: Fix DMA mapping error handling Fix three bugs in aml_sfc_dma_buffer_setup() error paths: 1. Unnecessary g… | |||
| CVE-2026-43460 | high | 7.8 | 7.8 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: spi: rockchip-sfc: Fix double-free in remove() callback The driver uses devm_spi_register_controller() for registration, which au… | |||
| CVE-2026-43458 | high | 7.8 | 7.8 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: serial: caif: hold tty->link reference in ldisc_open and ser_release A reproducer triggers a KASAN slab-use-after-free in pty_wri… | |||
| CVE-2026-43456 | high | 7.8 | 7.8 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: bonding: fix type confusion in bond_setup_by_slave() kernel BUG at net/core/skbuff.c:2306! Oops: invalid opcode: 0000 [#1] SMP KA… | |||
| CVE-2026-43454 | high | 7.8 | 7.8 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix for duplicate device in netdev hooks When handling NETDEV_REGISTER notification, duplicate device regis… | |||
| CVE-2026-43447 | high | 7.8 | 7.8 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: iavf: fix PTP use-after-free during reset Commit 7c01dbfc8a1c5f ("iavf: periodically cache PHC time") introduced a worker to cach… | |||
| CVE-2026-43440 | high | 7.8 | 7.8 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: net/mana: Null service_wq on setup error to prevent double destroy In mana_gd_setup() error path, set gc->service_wq to NULL afte… | |||
| CVE-2026-43438 | high | 7.8 | 7.8 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: sched_ext: Remove redundant css_put() in scx_cgroup_init() The iterator css_for_each_descendant_pre() walks the cgroup hierarchy … | |||
| CVE-2026-43437 | high | 7.8 | 7.8 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain() In the drain loop, the local variable 'runtime' is reas… | |||
| CVE-2026-43434 | high | 7.8 | 7.8 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: rust_binder: check ownership before using vma When installing missing pages (or zapping them), Rust Binder will look up the vma i… | |||
| CVE-2026-43433 | high | 7.8 | 7.8 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: rust_binder: avoid reading the written value in offsets array When sending a transaction, its offsets array is first copied into … | |||
| CVE-2026-43426 | high | 7.8 | 7.8 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: usb: renesas_usbhs: fix use-after-free in ISR during device removal In usbhs_remove(), the driver frees resources (including the … |