CVEs from 2026
Total
13,475
critical
critical 1,177
high
high 4,294
medium
medium 4,165
low
low 442
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.8%
Top products
- chrome 417
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-23280 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Prevent ubuf size overflow The ubuf size calculation may overflow, resulting in an undersized allocation and possi… | |||
| CVE-2026-33851 | high | 7.8 | 7.8 | 2mo ago | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in joncampbell123 doslib.This issue affects doslib: before doslib-20250729. | |||
| CVE-2026-33850 | high | 7.8 | 7.8 | 2mo ago | Out-of-bounds Write vulnerability in WujekFoliarz DualSenseY-v2.This issue affects DualSenseY-v2: before 54. | |||
| CVE-2026-33298 | high | 7.8 | 7.8 | 2mo ago | llama.cpp is an inference of several LLM models in C/C++. Prior to b7824, an integer overflow vulnerability in the `ggml_nbytes` function allows an attacker to bypass memory validation by crafting a … | |||
| CVE-2026-4538 | high | 7.8 | 7.8 | 2mo ago | A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be p… | |||
| CVE-2026-23278 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: always walk all pending catchall elements During transaction processing we might have more than one catchal… | |||
| CVE-2026-23275 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: io_uring: ensure ctx->rings is stable for task work flags manipulation If DEFER_TASKRUN | SETUP_TASKRUN is used and task work is … | |||
| CVE-2026-23274 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels IDLETIMER revision 0 rules reuse existing timers by label and al… | |||
| CVE-2026-23273 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: macvlan: observe an RCU grace period in macvlan_common_newlink() error path valis reported that a race condition still happens af… | |||
| CVE-2026-23272 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: unconditionally bump set->nelems before insertion In case that the set is full, a new element gets publishe… | |||
| CVE-2026-23271 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: perf: Fix __perf_event_overflow() vs perf_remove_from_context() race Make sure that __perf_event_overflow() runs with IRQs disabl… | |||
| CVE-2026-23268 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: apparmor: fix unprivileged local user can do privileged policy management An unprivileged local user can load, replace, and remov… | |||
| CVE-2026-23262 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: gve: Fix stats report corruption on queue count change The driver and the NIC share a region in memory for stats reporting. The N… | |||
| CVE-2026-24062 | high | 7.8 | 7.8 | 2mo ago | The "Privileged Helper" component of the Arturia Software Center (MacOS) does not perform sufficient client code signature validation when a client connects. This leads to an attacker being able to c… | |||
| CVE-2026-23248 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix refcount bug and potential UAF in perf_mmap Syzkaller reported a refcount_t: addition on 0; use-after-free warning… | |||
| CVE-2026-23245 | high | 7.8 | 7.8 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: net/sched: act_gate: snapshot parameters with RCU on replace The gate action can be replaced while the hrtimer callback or dump p… | |||
| CVE-2026-27940 | high | 7.8 | 7.8 | 3mo ago | llama.cpp is an inference of several LLM models in C/C++. Prior to b8146, the gguf_init_from_file_impl() in gguf.cpp is vulnerable to an Integer overflow, leading to an undersized heap allocation. Us… | |||
| CVE-2026-30902 | high | 7.8 | 7.8 | 3mo ago | Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access. | |||
| CVE-2026-30901 | high | 7.8 | 7.8 | 3mo ago | Improper Input Validation in Zoom Rooms for Windows before 6.6.5 in Kiosk Mode may allow an authenticated user to conduct an escalation of privilege via local access. | |||
| CVE-2026-30900 | high | 7.8 | 7.8 | 3mo ago | Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access. | |||
| CVE-2026-3315 | high | 7.8 | 7.8 | 3mo ago | Incorrect Default Permissions, : Execution with Unnecessary Privileges, : Incorrect Permission Assignment for Critical Resource vulnerability in ASSA ABLOY Visionline on Windows allows Configuration/… | |||
| CVE-2026-26738 | high | 7.8 | 7.8 | 3mo ago | Buffer Overflow vulnerability in Uderzo Software SpaceSniffer v.2.0.5.18 allows a remote attacker to execute arbitrary code via a crafted .sns snapshot file. | |||
| CVE-2026-26134 | high | 7.8 | 7.8 | 3mo ago | Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-26128 | high | 7.8 | 7.8 | 3mo ago | Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-26110 | high | 7.8 | 7.8 | 3mo ago | Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-25187 | high | 7.8 | 7.8 | 3mo ago | Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-23239 | high | 7.8 | 7.8 | 3mo ago | In the Linux kernel, the following vulnerability has been resolved: espintcp: Fix race condition in espintcp_close() This issue was discovered during a code audit. After cancel_work_sync() is call… | |||
| CVE-2026-25866 | high | 7.8 | 7.8 | 3mo ago | MobaXterm versions prior to 26.1 contain an uncontrolled search path element vulnerability. The application calls WinExec to execute Notepad++ without a fully qualified executable path when opening r… | |||
| CVE-2026-3796 | high | 7.8 | 7.8 | 3mo ago | A weakness has been identified in Qi-ANXIN QAX Virus Removal up to 2025-10-22. The affected element is the function ZwTerminateProcess in the library QKSecureIO_Imp.sys of the component Mini Filter D… | |||
| CVE-2026-29783 | high | 7.8 | 7.8 | 3mo ago | GitHub Copilot CLI Dangerous Shell Expansion Patterns Enable Arbitrary Code Execution | |||
| CVE-2026-3463 | high | 7.8 | 7.8 | 3mo ago | A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::binary_writer::append of the file source/detail/binary.hpp of the component Compound Document… | |||
| CVE-2026-3394 | high | 7.8 | 7.8 | 3mo ago | A vulnerability was detected in jarikomppa soloud up to 20200207. This affects the function SoLoud::Wav::loadwav of the file src/audiosource/wav/soloud_wav.cpp of the component WAV File Parser. Perfo… | |||
| CVE-2026-3393 | high | 7.8 | 7.8 | 3mo ago | A security vulnerability has been detected in jarikomppa soloud up to 20200207. The impacted element is the function SoLoud::Wav::loadflac of the file src/audiosource/wav/soloud_wav.cpp of the compon… | |||
| CVE-2026-3281 | high | 7.8 | 7.8 | 3mo ago | A vulnerability was detected in libvips 8.19.0. This affects the function vips_bandrank_build of the file libvips/conversion/bandrank.c. Performing a manipulation of the argument index results in hea… | |||
| CVE-2026-3147 | high | 7.8 | 7.8 | 3mo ago | A vulnerability was found in libvips up to 8.18.0. This affects the function vips_foreign_load_csv_build of the file libvips/foreign/csvload.c. The manipulation results in heap-based buffer overflow.… | |||
| CVE-2026-3137 | high | 7.8 | 7.8 | 3mo ago | A security vulnerability has been detected in CodeAstro Food Ordering System 1.0. This affects an unknown function of the file food_ordering.exe. Such manipulation leads to stack-based buffer overflo… | |||
| CVE-2026-2662 | high | 7.8 | 7.8 | 3mo ago | A weakness has been identified in FascinatedBox lily up to 2.3. This vulnerability affects the function count_transforms of the file src/lily_emitter.c. This manipulation causes out-of-bounds read. T… | |||
| CVE-2026-2661 | high | 7.8 | 7.8 | 3mo ago | A security flaw has been discovered in Squirrel up to 3.2. This affects the function SQObjectPtr::operator in the library squirrel/sqobject.h. The manipulation results in heap-based buffer overflow. … | |||
| CVE-2026-2660 | high | 7.8 | 7.8 | 3mo ago | A vulnerability was identified in FascinatedBox lily up to 2.3. Affected by this issue is the function shorthash_for_name of the file src/lily_symtab.c. The manipulation leads to use after free. Loca… | |||
| CVE-2026-2659 | high | 7.8 | 7.8 | 3mo ago | A vulnerability was determined in Squirrel up to 3.2. Affected by this vulnerability is the function SQFuncState::PopTarget of the file src/squirrel/squirrel/sqfuncstate.cpp. Executing a manipulation… | |||
| CVE-2026-2653 | high | 7.8 | 7.8 | 3mo ago | A security flaw has been discovered in admesh up to 0.98.5. This issue affects the function stl_check_normal_vector of the file src/normals.c. Performing a manipulation results in heap-based buffer o… | |||
| CVE-2026-2644 | high | 7.8 | 7.8 | 3mo ago | A weakness has been identified in niklasso minisat up to 2.2.0. This issue affects the function Solver::value in the library core/SolverTypes.h of the component DIMACS File Parser. This manipulation … | |||
| CVE-2026-2627 | high | 7.8 | 7.8 | 3mo ago | A security flaw has been discovered in Softland FBackup up to 9.9. This impacts an unknown function in the library C:\Program Files\Common Files\microsoft shared\ink\HID.dll of the component Backup/R… | |||
| CVE-2026-2016 | high | 7.8 | 7.8 | 4mo ago | A security vulnerability has been detected in happyfish100 libfastcommon up to 1.0.84. Affected by this vulnerability is the function base64_decode of the file src/base64.c. The manipulation leads to… | |||
| CVE-2026-24905 | high | 7.8 | 7.8 | 4mo ago | Inspektor Gadget: Command Injection via malicious buildOptions manipulation | |||
| CVE-2026-1418 | high | 7.8 | 7.8 | 4mo ago | A security vulnerability has been detected in GPAC up to 2.4.0. This affects the function gf_text_import_srt_bifs of the file src/scene_manager/text_to_bifs.c of the component SRT Subtitle Import. Su… | |||
| CVE-2026-1110 | high | 7.8 | 7.8 | 4mo ago | A flaw has been found in cijliu librtsp up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04. This affects the function rtsp_parse_method. This manipulation causes buffer overflow. It is possible to launch… | |||
| CVE-2026-1109 | high | 7.8 | 7.8 | 4mo ago | A vulnerability was detected in cijliu librtsp up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04. The impacted element is the function rtsp_parse_request. The manipulation results in buffer overflow. At… | |||
| CVE-2026-1108 | high | 7.8 | 7.8 | 4mo ago | A security vulnerability has been detected in cijliu librtsp up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04. The affected element is the function rtsp_rely_dumps. The manipulation leads to buffer ove… | |||
| CVE-2026-20864 | high | 7.8 | 7.8 | 5mo ago | Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-20817 | high | 7.8 | 7.8 | 5mo ago | Improper handling of insufficient permissions or privileges in Windows Error Reporting allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-0830 | high | 7.8 | 7.8 | 5mo ago | Processing specially crafted workspace folder names could allow for arbitrary command injection in the Kiro GitLab Merge-Request helper in Kiro IDE before version 0.6.18 when opening maliciously craf… | |||
| CVE-2026-44285 | high | 7.7 | 7.7 | 2d ago | FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery (SSRF) vulnerability allows an authenticated attacker to bypass the global isInternalAddress network pro… | |||
| CVE-2026-10107 | high | 7.7 | 7.7 | 2d ago | MoviePilot v2 contains a server-side request forgery vulnerability in the image proxy endpoint that allows authenticated attackers to request arbitrary URLs by supplying a resource_token cookie and a… | |||
| CVE-2026-42965 | high | 7.7 | 7.7 | 2d ago | A flaw was found in the OpenShift Router. A user with EndpointSlice write access can exploit this vulnerability by creating a Service backed by an FQDN (Fully Qualified Domain Name) EndpointSlice tha… | |||
| CVE-2026-47179 | high | 7.7 | 7.7 | 3d ago | Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.4, ProjectService.GetProjectFileContent returns the contents of any Docker Compose include directiv… | |||
| CVE-2026-46823 | high | 7.7 | 7.7 | 3d ago | Vulnerability in the Oracle Public Sector Financials (International) product of Oracle E-Business Suite (component: Authorization). Supported versions that are affected are 12.2.6-12.2.15. Easily ex… | |||
| CVE-2026-46821 | high | 7.7 | 7.7 | 3d ago | Vulnerability in the Oracle Financials Common Modules product of Oracle E-Business Suite (component: Common Components). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable v… | |||
| CVE-2026-42398 | high | 7.7 | 7.7 | 3d ago | Server-Side Request Forgery (CWE-918) in Kibana allows authenticated users with connector management privileges to bypass the operator-configured connection allowlist. By configuring a Webhook connec… | |||
| CVE-2026-45296 | high | 7.7 | 7.7 | 3d ago | OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, OpenReplay's Python API exposes several app_apikey routes that trust a caller-provided projectKey after validating only that the API… | |||
| CVE-2026-46123 | high | 7.7 | 7.7 | 3d ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: virtio_bt: clamp rx length before skb_put virtbt_rx_work() calls skb_put(skb, len) where len comes directly from virtq… | |||
| CVE-2026-9804 | high | 7.7 | 7.7 | 3d ago | A flaw was found in KubeVirt's virt-exportserver component. An attacker with specific namespace-level access can exploit a path traversal vulnerability in the VMExport directory endpoint. By placing … | |||
| CVE-2026-45548 | high | 7.7 | 7.7 | 4d ago | Budibase: SSRF in AI Extract File Automation Step via Missing IP Blacklist Validation | |||
| CVE-2026-45715 | high | 7.7 | 7.7 | 4d ago | Budibase is an open-source low-code platform. Prior to 3.38.1, the REST datasource integration (packages/server/src/integrations/rest.ts) follows HTTP redirects without re-checking the IP blacklist, … | |||
| CVE-2026-46427 | high | 7.7 | 7.7 | 4d ago | Budibase is an open-source low-code platform. Prior to 3.38.3, removeSecrets at packages/server/src/sdk/workspace/datasources/datasources.ts masks only datasource config fields whose schema type is D… | |||
| CVE-2026-48146 | high | 7.7 | 7.7 | 4d ago | Budibase is an open-source low-code platform. Prior to 3.39.0, the OAuth2 token fetch function in packages/server/src/sdk/workspace/oauth2/utils.ts uses raw fetch(config.url) with no SSRF protection.… | |||
| CVE-2026-45061 | high | 7.7 | 7.7 | 4d ago | Budibase is an open-source low-code platform. Prior to 3.35.10, the Plugin URL upload endpoint (POST /api/plugin) validates the submitted URL with a single substring check: url.includes(".tar.gz"). A… | |||
| CVE-2026-2253 | high | 7.7 | 7.7 | 5d ago | Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities. | |||
| CVE-2026-26147 | high | 7.7 | 7.7 | 9d ago | <p>Improper input validation in Azure Compute Gallery allows an authorized attacker to disclose information over a network.</p> | |||
| CVE-2026-39965 | high | 7.7 | 7.7 | 9d ago | TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain an SSRF via Open Redirect Bypass as the HTTP Request block and Code block validate the initial request URL via validateHttpReqUrl(… | |||
| CVE-2026-34911 | high | 7.7 | 7.7 | 10d ago | A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulat… | |||
| CVE-2026-9133 | high | 7.7 | 7.7 | 11d ago | Active debug code exists in the ARN resolver of amazon-mq rabbitmq-aws before version 0.2.1. A debug ARN scheme (arn:aws-debug:file) accepted by the PUT /api/aws/arn/validate validation endpoint migh… | |||
| CVE-2026-45370 | high | 7.7 | 7.7 | 17d ago | python-utcp: Full Process Environment Exposed to CLI Subprocess - Secrets Leakage via Command Injection | |||
| CVE-2026-45338 | high | 7.7 | 7.7 | 17d ago | Open WebUI Vulnerable to SSRF via OAuth Profile Picture URL in _process_picture_url (oauth.py) | |||
| CVE-2026-45303 | high | 7.7 | 7.7 | 17d ago | Open WebUI has stored XSS via the HTML renedering view | |||
| CVE-2026-44738 | high | 7.7 | 7.7 | 18d ago | Grav: Twig sandbox allows editor-role users to exfiltrate all plugin secrets via Config::toArray() | |||
| CVE-2026-42141 | high | 7.7 | 7.7 | 19d ago | Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.1, an authenticated Server-Side Request Forgery (SSRF) vulnerabi… | |||
| CVE-2026-45218 | high | 7.7 | 7.7 | 19d ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel wp-travel allows Blind SQL Injection.This issue affects WP Travel: from n/a t… | |||
| CVE-2026-27662 | high | 7.7 | 7.7 | 19d ago | Affected devices do not properly restrict access to the web browser via the Control Panel when no corresponding security mechanisms are in place. This could allow an unauthenticated attacker to gain… | |||
| CVE-2026-43890 | high | 7.7 | 7.7 | 20d ago | Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.7.0, the subscriptions.create API endpoint in server/routes/api/subscriptions/subscriptions.ts exhibits a broken aut… | |||
| CVE-2026-34961 | high | 7.7 | 7.7 | 20d ago | barebox prior to version 2026.04.0 contains out-of-bounds read vulnerabilities in ext4 extent parsing due to missing validation of the eh_entries field against buffer capacity in fs/ext4/ext4_common.… | |||
| CVE-2026-33356 | high | 7.7 | 7.7 | 20d ago | In Meari IoT Cloud MQTT Broker deployments running EMQX 4.x, any authenticated low-privilege account can subscribe to global wildcard topics and receive telemetry from devices the user does not own. … | |||
| CVE-2026-42345 | high | 7.7 | 7.7 | 23d ago | FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress() function in packages/service/common/system/utils.ts blocks cloud metadata endpoints using a full… | |||
| CVE-2026-41905 | high | 7.7 | 7.7 | 24d ago | FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, Helper::sanitizeRemoteUrl() in app/Misc/Helper.php follows HTTP redirects via curlGetLastR… | |||
| CVE-2026-41688 | high | 7.7 | 7.7 | 24d ago | Wallos is an open-source, self-hostable personal subscription tracker. In versions 4.8.4 and prior, the incomplete SSRF fix in Wallos validates webhook URLs via gethostbyname() but passes the origina… | |||
| CVE-2026-41413 | high | 7.7 | 7.7 | 24d ago | Istio: SSRF via RequestAuthentication jwksUri | |||
| CVE-2026-44113 | high | 7.7 | 7.7 | 25d ago | OpenClaw: OpenShell FS bridge reads pin and verify the opened file before returning bytes | |||
| CVE-2026-43580 | high | 7.7 | 7.7 | 25d ago | OpenClaw: Browser press/type interaction routes missed complete navigation guard coverage | |||
| CVE-2026-43576 | high | 7.7 | 7.7 | 25d ago | OpenClaw: CDP /json/version WebSocket URL could pivot to untrusted second-hop targets | |||
| CVE-2026-20185 | high | 7.7 | 7.7 | 25d ago | A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco 350 Series Managed Switches (SG350) and Cisco 350X Series Stackable Managed Switches (SG350X) firmware co… | |||
| CVE-2026-20167 | high | 7.7 | 7.7 | 25d ago | A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to cause a DoS condition on a remotely mana… | |||
| CVE-2026-43884 | high | 7.7 | 7.7 | 26d ago | AVideo has SSRF Protection Bypass via HTTP Redirect and DNS Rebinding in isSSRFSafeURL() | |||
| CVE-2026-42997 | high | 7.7 | 7.7 | 26d ago | OpenStack Ironic has an Incorrect Resource Transfer Between Spheres | |||
| CVE-2026-43573 | high | 7.7 | 7.7 | 26d ago | OpenClaw: Existing-session browser interaction routes bypassed SSRF policy enforcement | |||
| CVE-2026-43532 | high | 7.7 | 7.7 | 26d ago | OpenClaw: Discord event cover images bypassed sandbox media normalization | |||
| CVE-2026-43527 | high | 7.7 | 7.7 | 26d ago | OpenClaw: Browser SSRF policy default allowed private-network navigation | |||
| CVE-2026-42438 | high | 7.7 | 7.7 | 26d ago | OpenClaw: Sender policy bypass in host media attachment reads allows unauthorized local file disclosure | |||
| CVE-2026-42436 | high | 7.7 | 7.7 | 26d ago | OpenClaw: Browser snapshot and screenshot routes could expose internal page content after navigation | |||
| CVE-2026-43824 | high | 7.7 | 7.7 | 1mo ago | In Argo CD 3.2.0 before 3.2.11 and 3.3.0 before 3.3.9, ServerSideDiff allows reading cleartext Kubernetes Secret data. | |||
| CVE-2026-41649 | high | 7.7 | 7.7 | 1mo ago | Outline is a service that allows for collaborative documentation. The `shares.create` API endpoint starting in version 0.86.0 and prior to version 1.7.0 has an insecure direct object reference.. When… |