CVEs from 2026
Total
13,464
critical
critical 1,177
high
high 4,294
medium
medium 4,166
low
low 442
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.8%
Top products
- chrome 417
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-8180 | high | 7.5 | 7.5 | 4d ago | IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affecte… | |||
| CVE-2026-48972 | high | 7.5 | 7.5 | 4d ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SeedProd LLC SeedProd Pro allows PHP Local File Inclusion. This issue affects… | |||
| CVE-2026-6938 | high | 7.5 | 7.5 | 4d ago | IBM Db2 12.1.0 through 12.1.4 is vulnerable to authorization bypass when uploading to a remote object storage path with a special query. | |||
| CVE-2026-6052 | high | 7.5 | 7.5 | 4d ago | IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to running out of memory when executing certain queries with MDC tables. | |||
| CVE-2026-6051 | high | 7.5 | 7.5 | 4d ago | IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when executing a specially crafted query with a small statement heap. | |||
| CVE-2026-46102 | high | 7.5 | 7.5 | 4d ago | In the Linux kernel, the following vulnerability has been resolved: net: strparser: fix skb_head leak in strp_abort_strp() When the stream parser is aborted, for example after a message assembly ti… | |||
| CVE-2026-46085 | high | 7.5 | 7.5 | 4d ago | In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix rxkad crypto unalignment handling Fix handling of a packet with a misaligned crypto length. Also handle non-ENOMEM er… | |||
| CVE-2026-46052 | high | 7.5 | 7.5 | 4d ago | In the Linux kernel, the following vulnerability has been resolved: ceph: only d_add() negative dentries when they are unhashed Ceph can call d_add(dentry, NULL) on a negative dentry that is alread… | |||
| CVE-2026-46031 | high | 7.5 | 7.5 | 4d ago | In the Linux kernel, the following vulnerability has been resolved: net: ks8851: Reinstate disabling of BHs around IRQ handler If the driver executes ks8851_irq() AND a TX packet has been sent, the… | |||
| CVE-2026-46027 | high | 7.5 | 7.5 | 4d ago | In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid early lgr access in smc_clc_wait_msg A CLC decline can be received while the handshake is still in an early stage,… | |||
| CVE-2026-46024 | high | 7.5 | 7.5 | 4d ago | In the Linux kernel, the following vulnerability has been resolved: libceph: Prevent potential null-ptr-deref in ceph_handle_auth_reply() If a message of type CEPH_MSG_AUTH_REPLY contains a zero va… | |||
| CVE-2026-3366 | high | 7.5 | 7.5 | 4d ago | IBM InfoSphere Optim Test Data Fabrication 1.0.0, 1.0.0.1, 1.0.0.2, 1.0.2, 1.0.2.2, 1.0.2.3, 1.0.2.4, 1.0.2.5, 1.0.2.6, 1.0.2.7 could allow a remote attacker to traverse directories on the system. An… | |||
| CVE-2026-45944 | high | 7.5 | 7.5 | 4d ago | In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Clear Present bit before tearing down context entry When tearing down a context entry, the current implementation zer… | |||
| CVE-2026-45860 | high | 7.5 | 7.5 | 4d ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conncount: increase the connection clean up limit to 64 After the optimization to only perform one GC per jiffy, a … | |||
| CVE-2026-45859 | high | 7.5 | 7.5 | 4d ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_queue: do shared-unconfirmed check before segmentation Ulrich reports a regression with nfqueue: If an appl… | |||
| CVE-2026-42760 | high | 7.5 | 7.5 | 4d ago | Authentication Bypass Using an Alternate Path or Channel vulnerability in revmakx Backup and Staging by WP Time Capsule wp-time-capsule allows Password Recovery Exploitation.This issue affects Backup… | |||
| CVE-2026-42736 | high | 7.5 | 7.5 | 4d ago | Authorization Bypass Through User-Controlled Key vulnerability in wordplus BP Better Messages bp-better-messages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue aff… | |||
| CVE-2026-40850 | high | 7.5 | 7.5 | 5d ago | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAccountData function due to improper neutralization of special elements in a SQL SELECT command… | |||
| CVE-2026-40819 | high | 7.5 | 7.5 | 5d ago | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the sync_data24 task due to improper neutralization of special elements in a SQL SELECT command. This … | |||
| CVE-2026-40818 | high | 7.5 | 7.5 | 5d ago | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the _mb24confi_getDevice function due to improper neutralization of special elements in a SQL SELECT c… | |||
| CVE-2026-40817 | high | 7.5 | 7.5 | 5d ago | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAlarmProfiles function due to improper neutralization of special elements in a SQL SELECT comma… | |||
| CVE-2026-40816 | high | 7.5 | 7.5 | 5d ago | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the mb24alarm.php files _mb24confi_getTagAlarm function due to improper neutralization of special elem… | |||
| CVE-2026-40815 | high | 7.5 | 7.5 | 5d ago | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the _mb24api_getUserAccount function due to improper neutralization of special elements in a SQL SELEC… | |||
| CVE-2026-40814 | high | 7.5 | 7.5 | 5d ago | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dataapi.php files _mb24confi_getTagAlarm function due to improper neutralization of special elemen… | |||
| CVE-2026-40813 | high | 7.5 | 7.5 | 5d ago | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getLiveValues functions tagid parameter due to improper neutralization of special elements in a SQ… | |||
| CVE-2026-40812 | high | 7.5 | 7.5 | 5d ago | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getLiveValues functions sn parameter due to improper neutralization of special elements in a SQL S… | |||
| CVE-2026-40811 | high | 7.5 | 7.5 | 5d ago | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the ssoabstractservice due to improper neutralization of special elements in a SQL SELECT command. Thi… | |||
| CVE-2026-40810 | high | 7.5 | 7.5 | 5d ago | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the userinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This… | |||
| CVE-2026-9200 | high | 7.5 | 7.5 | 5d ago | The Query Shortcode plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.2.1 via the shortcode function. This makes it possible for authenticated attacke… | |||
| CVE-2026-48959 | high | 7.5 | 7.5 | 5d ago | IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward. fastForward() compares length $offset (the digit count of the offset, 1 to 19) agains… | |||
| CVE-2026-9156 | high | 7.5 | 7.5 | 5d ago | Tanium addressed a denial of service vulnerability in Tanium Server. | |||
| CVE-2026-8946 | high | 7.5 | 7.5 | 5d ago | RHSA-2026:21382: firefox security update (Important) | |||
| CVE-2026-8968 | high | 7.5 | 7.5 | 5d ago | RHSA-2026:21382: firefox security update (Important) | |||
| CVE-2026-8954 | high | 7.5 | 7.5 | 5d ago | RHSA-2026:21382: firefox security update (Important) | |||
| CVE-2026-42899 | high | 7.5 | 7.5 | 5d ago | RHSA-2026:21295: .NET 10.0 security update (Important) | |||
| CVE-2026-44905 | high | 7.5 | 7.5 | 5d ago | Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26.02 and earlier, a denial-of-service vulnerability was identified in the cryptographic verification pipeline of Vanetza… | |||
| CVE-2026-43988 | high | 7.5 | 7.5 | 5d ago | Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26.02 and earlier, a denial-of-service vulnerability was identified in the ASN.1/OER parsing pipeline of Vanetza. When pr… | |||
| CVE-2026-44847 | high | 7.5 | 7.5 | 5d ago | MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.0, MaxKB's webhook trigger endpoint (/api/trigger/v1/webhook/{trigger_id}) is accessible without authentication. The WebhookAuth clas… | |||
| CVE-2026-44209 | high | 7.5 | 7.5 | 5d ago | Banks generates meaningful LLM prompts using a template language that makes sense. Prior to 2.4.2, banks uses jinja2.Environment() (unsandboxed) to render prompt templates. Applications that pass use… | |||
| CVE-2026-8854 | high | 7.5 | 7.5 | 5d ago | IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_mem_cache. | |||
| CVE-2026-8852 | high | 7.5 | 7.5 | 5d ago | IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_fastcgi module. | |||
| CVE-2026-8850 | high | 7.5 | 7.5 | 5d ago | IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_ibm_upload. | |||
| CVE-2026-48901 | high | 7.5 | 7.5 | 5d ago | The InputFilter::getInstance() method omitted a security sensitive parameter from the instance cache key. | |||
| CVE-2026-45728 | high | 7.5 | 7.5 | 5d ago | Algernon: Single-file mode unconditionally enables debug mode | |||
| CVE-2026-8620 | high | 7.5 | 7.5 | 5d ago | IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to HTTP request smuggl… | |||
| CVE-2026-48896 | high | 7.5 | 7.5 | 5d ago | Insufficient state checks lead to a vector that allows to bypass 2FA checks. | |||
| CVE-2026-40384 | high | 7.5 | 7.5 | 5d ago | An improper validation of the search parameter of the com_media files API endpoint leads to a path traversal vulnerability. | |||
| CVE-2026-48897 | high | 7.5 | 7.5 | 5d ago | Insufficient state checks lead to a vector that allows to bypass 2FA checks. | |||
| CVE-2026-48688 | high | 7.5 | 7.5 | 5d ago | FastNetMon Community Edition through 1.2.9 contains multiple out-of-bounds reads in the BGP MP_REACH_NLRI IPv6 attribute decoder. The function decode_mp_reach_ipv6() in src/bgp_protocol.cpp contains … | |||
| CVE-2026-48133 | high | 7.5 | 7.5 | 5d ago | When the Identity Awareness blade is enabled with Browser-Based Authentication, an unauthenticated user may be able to read certain internal files on the Security Gateway. | |||
| CVE-2026-39661 | high | 7.5 | 7.5 | 5d ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Magentech SW Core allows PHP Local File Inclusion. This issue affects SW Core… | |||
| CVE-2026-8047 | high | 7.5 | 7.5 | 6d ago | The affected products perform improper length checking when parsing incoming HTTP requests, resulting in a size-limited out-of-bounds write. An unauthenticated remote attacker can exploit this flaw t… | |||
| CVE-2026-9496 | high | 7.5 | 7.5 | 6d ago | Versions of the package pacote from 11.2.7 are vulnerable to Denial of Service (DoS) via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSp… | |||
| CVE-2026-9538 | high | 7.5 | 7.5 | 6d ago | Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header. _read_tar() reads each entry's payload with $handle->read($$data, $block), … | |||
| CVE-2026-42497 | high | 7.5 | 7.5 | 6d ago | Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. _make_special_file() passes the tar header's linkname to link() without va… | |||
| CVE-2026-45438 | high | 7.5 | 7.5 | 6d ago | Missing Authorization vulnerability in WebToffee Smart Coupons for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Smart Coupons for WooCommer… | |||
| CVE-2026-45209 | high | 7.5 | 7.5 | 6d ago | Missing Authorization vulnerability in edward_plainview MyCryptoCheckout allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MyCryptoCheckout: from n/a throug… | |||
| CVE-2026-48844 | high | 7.5 | 7.5 | 6d ago | Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insecure code evaluation logic in LDAP the autovalues option that could lead to code injection. (Support for code evaluation has been … | |||
| CVE-2026-47073 | high | 7.5 | 7.5 | 6d ago | Unbounded memory consumption in WebSocket client in hackney | |||
| CVE-2026-47067 | high | 7.5 | 7.5 | 6d ago | Atom table exhaustion via unrecognized URL schemes in hackney | |||
| CVE-2026-47072 | high | 7.5 | 7.5 | 6d ago | Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in benoitc hackney allows HTTP Request/Response Splitting. The WebSocket upgrade code in src/hackney_ws.erl copies the host,… | |||
| CVE-2026-47075 | high | 7.5 | 7.5 | 6d ago | Improper Neutralization of CRLF Sequences vulnerability in benoitc hackney allows HTTP Request Splitting. hackney does not percent-encode carriage return (\r) or line feed (\n) characters in the URL … | |||
| CVE-2026-47077 | high | 7.5 | 7.5 | 6d ago | Unbounded body accumulation in HTTP/3 response loop in hackney | |||
| CVE-2026-47071 | high | 7.5 | 7.5 | 6d ago | SOCKS5 TLS upgrade ignores caller timeout in hackney | |||
| CVE-2026-47066 | high | 7.5 | 7.5 | 6d ago | Infinite loop in Alt-Svc header parser in hackney | |||
| CVE-2026-48829 | high | 7.5 | 7.5 | 8d ago | In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c. | |||
| CVE-2026-42827 | high | 7.5 | 7.5 | 9d ago | <p>Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.</p> | |||
| CVE-2026-41104 | high | 7.5 | 7.5 | 9d ago | Deserialization of untrusted data in Microsoft Planetary Computer Pro allows an unauthorized attacker to disclose information over a network. | |||
| CVE-2026-23663 | high | 7.5 | 7.5 | 9d ago | <p>Improper privilege management in Azure Entra ID allows an unauthorized attacker to elevate privileges over a network.</p> | |||
| CVE-2026-8671 | high | 7.5 | 7.5 | 9d ago | Insertion of sensitive information into log file vulnerability in syslink software AG Avantra on Linux, Windows allows Resource Leak Exposure. This issue affects Avantra: before 25.3.0. | |||
| CVE-2026-44417 | high | 7.5 | 7.5 | 9d ago | The fix for CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not complete, meaning that another path in the code might lead to code execution capabilities, if untrusted use… | |||
| CVE-2026-5740 | high | 7.5 | 7.5 | 9d ago | Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to properly validate msgpack-encoded WebSocket frames before memory allocation which allows an unaut… | |||
| CVE-2026-5308 | high | 7.5 | 7.5 | 9d ago | Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to enforce request body size limits on plugin HTTP endpoints which allows an attacker to cause a den… | |||
| CVE-2026-9011 | high | 7.5 | 7.5 | 9d ago | The Ditty – Responsive News Tickers, Sliders, and Lists plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.1.65. This is due to the plugin not properly… | |||
| CVE-2026-8679 | high | 7.5 | 7.5 | 9d ago | The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the handle_playlist_endpoint() function (hooked to temp… | |||
| CVE-2026-4834 | high | 7.5 | 7.5 | 10d ago | The WP ERP Pro plugin for WordPress is vulnerable to SQL Injection via the 'search_key' parameter in all versions up to, and including, 1.5.1. This is due to insufficient escaping on the user supplie… | |||
| CVE-2026-46597 | high | 7.5 | 7.5 | 10d ago | An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs. | |||
| CVE-2026-39829 | high | 7.5 | 7.5 | 10d ago | The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumptio… | |||
| CVE-2026-46473 | high | 7.5 | 7.5 | 10d ago | Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage. | |||
| CVE-2026-45255 | high | 7.5 | 7.5 | 10d ago | When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog(1) to prompt the user to select a network. This is implemented us… | |||
| CVE-2026-42002 | high | 7.5 | 7.5 | 10d ago | Concurrency and locking defects in GSS-TSIG | |||
| CVE-2026-42001 | high | 7.5 | 7.5 | 10d ago | Insufficient Validation of Autoprimary SOA Queries | |||
| CVE-2026-5434 | high | 7.5 | 7.5 | 10d ago | Honeywell Control Network Module (CNM) contains insertion of sensitive information into an unintended directory. An attacker could exploit this vulnerability through probing system files, potentially… | |||
| CVE-2026-44062 | high | 7.5 | 7.5 | 11d ago | A missing output length bounds check in pull_charset_flags() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service via crafted … | |||
| CVE-2026-44060 | high | 7.5 | 7.5 | 11d ago | An integer underflow in dsi_writeinit() in Netatalk 1.5.0 through 4.4.2 allows a remote unauthenticated attacker to cause a denial of service via a crafted DSI write request. | |||
| CVE-2026-44055 | high | 7.5 | 7.5 | 11d ago | A logic error involving bitwise OR operations in Netatalk 3.1.4 through 4.4.2 allows a remote authenticated attacker to inject OS commands and execute arbitrary code. | |||
| CVE-2026-44052 | high | 7.5 | 7.5 | 11d ago | Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials. | |||
| CVE-2026-44049 | high | 7.5 | 7.5 | 11d ago | An out-of-bounds write due to improper null termination in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of serv… | |||
| CVE-2026-40092 | high | 7.5 | 7.5 | 11d ago | nimiq-keys: Unchecked Ed25519 signature length in TaggedPublicKey::verify causes remote node panic via DHT | |||
| CVE-2026-47373 | high | 7.5 | 7.5 | 11d ago | Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying has… | |||
| CVE-2026-9123 | high | 7.5 | 7.5 | 11d ago | Heap buffer overflow in Chromecast in Google Chrome on Android, Linux, ChromeOS prior to 148.0.7778.179 allowed a local attacker to execute arbitrary code inside a sandbox via malicious network traff… | |||
| CVE-2026-9117 | high | 7.5 | 7.5 | 11d ago | Type Confusion in GFX in Google Chrome on Linux, ChromeOS prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a craf… | |||
| CVE-2026-24188 | high | 7.5 | 7.5 | 11d ago | NVIDIA TensorRT contains a vulnerability where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to data tampering. | |||
| CVE-2026-8488 | high | 7.5 | 7.5 | 11d ago | Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation allows Excessive Allocation. This issue affects MOVEit Automation: before 2025.0.11, from 20… | |||
| CVE-2026-8487 | high | 7.5 | 7.5 | 11d ago | Incorrect default permissions vulnerability in Progress Software MOVEit Automation allows Retrieve Embedded Sensitive Data. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 befo… | |||
| CVE-2026-8486 | high | 7.5 | 7.5 | 11d ago | Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation allows Flooding. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 befor… | |||
| CVE-2026-39047 | high | 7.5 | 7.5 | 11d ago | Buffer Overflow vulnerability in EPSON L14150 FL27PB allows a remote attacker to execute arbitrary code via the RAW Printing Service (JetDirect) on TCP port 9100 | |||
| CVE-2026-8485 | high | 7.5 | 7.5 | 11d ago | Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation allows Excessive Allocation. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7. | |||
| CVE-2026-5946 | high | 7.5 | 7.5 | 11d ago | Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`) — for example, `CHAOS` or `HESIOD`, or DNS messages that specify meta-classes… | |||
| CVE-2026-3039 | high | 7.5 | 7.5 | 11d ago | BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typ… |