CVEs from 2026
Total
13,362
critical
critical 1,116
high
high 3,953
medium
medium 4,013
low
low 420
% Critical
8.4%
% with KEV
0.4%
% with exploit
0.4%
Top products
- chrome 299
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 221
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-41500 | critical | 9.8 | 9.8 | 21d ago | electerm: electerm_install_script_CommandInjection Vulnerability Report | |
| CVE-2026-8034 | critical | 9.8 | 9.8 | 21d ago | A server-side request forgery (SSRF) vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusi… | |
| CVE-2026-42284 | critical | 9.8 | 9.8 | 21d ago | GitPython: Unsafe option check validates multi_options before shlex.split transformation | |
| CVE-2026-7415 | critical | 9.8 | 9.8 | 21d ago | The MQTT broker embedded in Yarbo firmware v2.3.9 is configured to allow anonymous connections with no topic-level read or write ACLs. Any host on the same network can subscribe to sensitive telemetr… | |
| CVE-2026-7414 | critical | 9.8 | 9.8 | 21d ago | Yarbo firmware v2.3.9 contains hardcoded administrative credentials embedded in the firmware image. These credentials are identical across all devices running this firmware and cannot be changed or r… | |
| CVE-2026-7413 | critical | 9.8 | 9.8 | 21d ago | A hidden, persistent backdoor was found in Yarbo firmware v2.3.9 that provides remote, unauthenticated (or weakly authenticated) access to privileged functionality. The backdoor is undocumented, cann… | |
| CVE-2026-5788 | critical | 9.8 | 9.8 | 21d ago | An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke arbitrary methods. | |
| CVE-2026-36458 | critical | 9.8 | 9.8 | 21d ago | ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cms_content tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered. | |
| CVE-2026-30496 | critical | 9.8 | 9.8 | 21d ago | The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes an HTTP API on TCP port 2345 that allows full unauthenticated remote control of the device. The API supports bot… | |
| CVE-2026-8091 | critical | 9.8 | 9.8 | 21d ago | Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, Thunderbird 140.10.1, and Firefox ESR 115.35.… | |
| CVE-2026-6508 | critical | 9.8 | 9.8 | 21d ago | Origin Validation Error vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Lidera… | |
| CVE-2026-42010 | critical | 9.8 | 9.8 | 21d ago | Important: gnutls security update | |
| CVE-2026-42217 | critical | 9.8 | 9.8 | 22d ago | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3… | |
| CVE-2026-44109 | critical | 9.8 | 9.8 | 22d ago | OpenClaw: Feishu webhook and card-action validation now fail closed | |
| CVE-2026-43585 | critical | 9.8 | 9.8 | 22d ago | OpenClaw: Gateway HTTP endpoints re-resolve bearer auth after SecretRef rotation | |
| CVE-2026-43575 | critical | 9.8 | 9.8 | 22d ago | OpenClaw versions 2026.2.21 before 2026.4.10 contain an authentication bypass vulnerability in the sandbox noVNC helper route that exposes interactive browser session credentials. Attackers can acces… | |
| CVE-2026-41930 | critical | 9.8 | 9.8 | 22d ago | Vvveb before version 1.0.8.2 contains a hard-coded credentials vulnerability in its docker-compose-apache.yaml configuration that allows unauthenticated attackers to access the bundled phpMyAdmin con… | |
| CVE-2026-43208 | critical | 9.8 | 9.8 | 22d ago | In the Linux kernel, the following vulnerability has been resolved: net: do not pass flow_id to set_rps_cpu() Blamed commit made the assumption that the RPS table for each receive queue would have … | |
| CVE-2026-43198 | critical | 9.8 | 9.8 | 22d ago | In the Linux kernel, the following vulnerability has been resolved: tcp: fix potential race in tcp_v6_syn_recv_sock() Code in tcp_v6_syn_recv_sock() after the call to tcp_v4_syn_recv_sock() is done… | |
| CVE-2026-43186 | critical | 9.8 | 9.8 | 22d ago | In the Linux kernel, the following vulnerability has been resolved: ipv6: ioam: fix heap buffer overflow in __ioam6_fill_trace_data() On the receive path, __ioam6_fill_trace_data() uses trace->node… | |
| CVE-2026-43185 | critical | 9.8 | 9.8 | 22d ago | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix signededness bug in smb_direct_prepare_negotiation() smb_direct_prepare_negotiation() casts an unsigned __u32 value fr… | |
| CVE-2026-43125 | critical | 9.8 | 9.8 | 22d ago | In the Linux kernel, the following vulnerability has been resolved: dlm: validate length in dlm_search_rsb_tree The len parameter in dlm_dump_rsb_name() is not validated and comes from network mess… | |
| CVE-2026-28780 | critical | 9.8 | 9.8 | 23d ago | RHSA-2026:21391: httpd security update (Important) | |
| CVE-2026-35579 | critical | 9.8 | 9.8 | 23d ago | CoreDNS has TSIG authentication bypass on gRPC and QUIC transports | |
| CVE-2026-7854 | critical | 9.8 | 9.8 | 23d ago | A security vulnerability has been detected in D-Link DI-8100 16.07.26A1. Affected by this vulnerability is the function url_rule_asp of the file /url_rule.asp of the component POST Parameter Handler.… | |
| CVE-2026-38428 | critical | 9.8 | 9.8 | 23d ago | Kestra v1.3.3 and before is vulnerable to SQL Injection. The vulnerability occurs because user-controlled input from a GET parameter is directly concatenated into an SQL query without proper sanitiza… | |
| CVE-2026-27960 | critical | 9.8 | 9.8 | 23d ago | OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. In versions 6.6.0 through 6.9.12, there is a privilege escalation vulnerability that can be exploi… | |
| CVE-2026-7853 | critical | 9.8 | 9.8 | 23d ago | A weakness has been identified in D-Link DI-8100 16.07.26A1. Affected is the function sprintf of the file /auto_reboot.asp of the component HTTP Handler. This manipulation of the argument enable/time… | |
| CVE-2026-38431 | critical | 9.8 | 9.8 | 23d ago | ERPNext v15.103.1 and before is vulnerable to Server-Side Template Injection (SSTI). An attacker with permission to create or edit email templates can inject template expressions that are executed on… | |
| CVE-2026-38429 | critical | 9.8 | 9.8 | 23d ago | OpenCMS v20 and before is vulnerable to XML External Entity (XXE) in the Admin Import DB feature due to insecure XML parsing of user supplied .zip files containing a manifest.xml. | |
| CVE-2026-43067 | critical | 9.8 | 9.8 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: ext4: handle wraparound when searching for blocks for indirect mapped blocks Commit 4865c768b563 ("ext4: always allocate blocks o… | |
| CVE-2026-7834 | critical | 9.8 | 9.8 | 23d ago | A security vulnerability has been detected in EFM ipTIME NAS1dual 1.5.24. This issue affects the function get_csrf_whites of the file /cgi/advanced/misc_main.cgi. Such manipulation leads to stack-bas… | |
| CVE-2026-43566 | critical | 9.8 | 9.8 | 23d ago | OpenClaw: Heartbeat owner downgrade missed untrusted webhook wake events | |
| CVE-2026-43534 | critical | 9.8 | 9.8 | 23d ago | OpenClaw: Agent hook events could enqueue trusted system events from unsanitized external input | |
| CVE-2026-7823 | critical | 9.8 | 9.8 | 24d ago | A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setAppFilterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results… | |
| CVE-2026-5294 | critical | 9.8 | 9.8 | 24d ago | The Geeky Bot plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.2.2. This is due to a nopriv AJAX route allowing attacker-controlled model/function dispa… | |
| CVE-2026-5722 | critical | 9.8 | 9.8 | 24d ago | The MoreConvert Pro plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.9.14. This is due to the guest waitlist verification flow not invalidating or r… | |
| CVE-2026-42601 | critical | 9.8 | 9.8 | 24d ago | ArchiveBox Vulnerable to RCE via unvalidated per-crawl config overrides in AddView | |
| CVE-2026-42238 | critical | 9.8 | 9.8 | 24d ago | Nginx-UI is Vulnerable to Unauthenticated Remote Code Execution via Backup Restore | |
| CVE-2026-42222 | critical | 9.8 | 9.8 | 24d ago | Nginx-UI: Unauthenticated first-boot instance claim via POST /api/install allows remote bootstrap takeover | |
| CVE-2026-42221 | critical | 9.8 | 9.8 | 24d ago | Nginx-UI: Unauthenticated First-Run Installer Allows Remote Initial Admin Claim | |
| CVE-2026-42233 | critical | 9.8 | 9.8 | 24d ago | n8n has SQL Injection in Oracle Database Node via Limit Field | |
| CVE-2026-42796 | critical | 9.8 | 9.8 | 24d ago | Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/configure REST endpoint that accepts a plugins query parameter and forwards it to the plugin manager… | |
| CVE-2026-42376 | critical | 9.8 | 9.8 | 24d ago | D-Link DIR-456U Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /etc/init0.d/S80telnetd.sh with the username "Alphanetworks… | |
| CVE-2026-42076 | critical | 9.8 | 9.8 | 24d ago | Evolver: Command Injection via `execSync` in `_extractLLM()` function allows Remote Code Execution | |
| CVE-2026-42027 | critical | 9.8 | 9.8 | 24d ago | Apache OpenNLP ExtensionLoader Vulnerable to Arbitrary Class Instantiation via Model Manifest | |
| CVE-2026-26956 | critical | 9.8 | 9.8 | 24d ago | VM2 Has a WASM Sandbox Escape (Node 25 only) | |
| CVE-2026-25293 | critical | 9.8 | 9.8 | 24d ago | Buffer overflow due to incorrect authorization in PLC FW | |
| CVE-2026-24781 | critical | 9.8 | 9.8 | 24d ago | VM2 Has Sandbox Breakout Through Inspect Function | |
| CVE-2026-24120 | critical | 9.8 | 9.8 | 24d ago | VM2 Has Sandbox Breakout Through Promise Species | |
| CVE-2026-24118 | critical | 9.8 | 9.8 | 24d ago | VM2 Sandbox Breakout Through __lookupGetter__ | |
| CVE-2026-7747 | critical | 9.8 | 9.8 | 24d ago | A security flaw has been discovered in Totolink N300RH 3.2.4-B20220812. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. P… | |
| CVE-2026-7719 | critical | 9.8 | 9.8 | 25d ago | A security flaw has been discovered in Totolink WA300 5.2cu.7112_B20190227. The affected element is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The … | |
| CVE-2026-42370 | critical | 9.8 | 9.8 | 25d ago | A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker ca… | |
| CVE-2026-31402 | critical | 9.8 | 9.8 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache The NFSv4.0 replay cache uses a fixed 112-byte inline buffer (rp_ibuf[NFSD4_… | |
| CVE-2026-42258 | critical | 9.8 | 9.8 | 25d ago | net-imap vulnerable to command Injection via unvalidated Symbol inputs | |
| CVE-2026-42257 | critical | 9.8 | 9.8 | 25d ago | net-imap vulnerable to command Injection via "raw" arguments to multiple commands | |
| CVE-2026-7690 | critical | 9.8 | 9.8 | 25d ago | A weakness has been identified in Wavlink WL-WN570HA1 R70HA1 V1410_221110. This issue affects the function set_sys_adm of the file /cgi-bin/adm.cgi. This manipulation of the argument Username causes … | |
| CVE-2026-7458 | critical | 9.8 | 9.8 | 27d ago | The User Verification by PickPlugins plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.46. This is due to the use of a loose PHP comparison operato… | |
| CVE-2026-4882 | critical | 9.8 | 9.8 | 27d ago | The User Registration Advanced Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'URAF_AJAX::method_upload' function in all versions up to… | |
| CVE-2026-37539 | critical | 9.8 | 9.8 | 27d ago | Buffer overflow vulnerability in cannelloni v2.0.0 in CAN frame parsing in parser.cpp in function parseCANFrame, and decoder.cpp in function decodeFrame allowing remote attackers to cause a denial of… | |
| CVE-2026-37534 | critical | 9.8 | 9.8 | 27d ago | Integer underflow vulnerability in Open-SAE-J1939 thru commit b6caf884df46435e539b1ecbf92b6c29b345bdfe (2025-11-30) in SAE_J1939_Read_Transport_Protocol_Data_Transfer,allows attackers to write to arb… | |
| CVE-2026-37531 | critical | 9.8 | 9.8 | 27d ago | AGL app-framework-main thru 17.1.12 contains a Zip Slip path traversal vulnerability (CWE-22) combined with a TOCTOU race condition (CWE-367) in the widget installation flow. The is_valid_filename fu… | |
| CVE-2026-42473 | critical | 9.8 | 9.8 | 27d ago | Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize() on data from the filesystem in the FileHandler object. | |
| CVE-2026-42472 | critical | 9.8 | 9.8 | 27d ago | Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize() on data from Redis in the RedisHandler object. | |
| CVE-2026-43039 | critical | 9.8 | 9.8 | 27d ago | In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: fix missing data copy and wrong recycle in ZC RX dispatch emac_dispatch_skb_zc() allocates a new skb via n… | |
| CVE-2026-43038 | critical | 9.8 | 9.8 | 27d ago | In the Linux kernel, the following vulnerability has been resolved: ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach() Sashiko AI-review observed: In ip6_err_gen_icmpv6_unreach(), the … | |
| CVE-2026-43037 | critical | 9.8 | 9.8 | 27d ago | In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: clear skb2->cb[] in ip4ip6_err() Oskar Kjos reported the following problem. ip4ip6_err() calls icmp_send() on a clon… | |
| CVE-2026-43011 | critical | 9.8 | 9.8 | 27d ago | In the Linux kernel, the following vulnerability has been resolved: net/x25: Fix potential double free of skb When alloc_skb fails in x25_queue_rx_frame it calls kfree_skb(skb) at line 48 and retur… | |
| CVE-2026-42484 | critical | 9.8 | 9.8 | 27d ago | A heap-based buffer overflow in hex_to_binary in the PKZIP hash parser in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted PKZIP hash fi… | |
| CVE-2026-42483 | critical | 9.8 | 9.8 | 27d ago | A heap-based buffer overflow in the Kerberos hash parser in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted Kerberos hash file. The iss… | |
| CVE-2026-42482 | critical | 9.8 | 9.8 | 27d ago | A stack-based buffer overflow in mangle_to_hex_lower() and mangle_to_hex_upper() in src/rp_cpu.c in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code v… | |
| CVE-2026-31718 | critical | 9.8 | 9.8 | 27d ago | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in __ksmbd_close_fd() via durable scavenger When a durable file handle survives session disconnect (TCP… | |
| CVE-2026-31705 | critical | 9.8 | 9.8 | 27d ago | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out-of-bounds write in smb2_get_ea() EA alignment smb2_get_ea() applies 4-byte alignment padding via memset() after wr… | |
| CVE-2026-42779 | critical | 9.8 | 9.8 | 27d ago | Apache MINA vulnerable to Deserialization of Untrusted Data (CVE-2026-41635 Incomplete Fix) | |
| CVE-2026-42778 | critical | 9.8 | 9.8 | 27d ago | Apache MINA vulnerable to Deserialization of Untrusted Data (CVE-2026-41409 Incomplete Fix) | |
| CVE-2026-7567 | critical | 9.8 | 9.8 | 27d ago | The Temporary Login plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.0.0. This is due to improper input validation in the maybe_login_temporary_user() fun… | |
| CVE-2026-42994 | critical | 9.8 | 9.8 | 28d ago | Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code. This is related to a Checkmarx supply chain incident. | |
| CVE-2026-7546 | critical | 9.8 | 9.8 | 28d ago | A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279_B20210910. The impacted element is the function find_host_ip of the component lighttpd. Such manipulation of the argument Ho… | |
| CVE-2026-7538 | critical | 9.8 | 9.8 | 28d ago | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function Vulnerability of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation o… | |
| CVE-2026-40685 | critical | 9.8 | 9.8 | 28d ago | In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrusted header, because of an incorrect implementation… | |
| CVE-2026-2311 | critical | 9.8 | 9.8 | 28d ago | IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization check. A malicious actor could cause user-controlled code to ru… | |
| CVE-2026-33447 | critical | 9.8 | 9.8 | 28d ago | CVE-2026-33447 is a buffer overflow in a message parsing function of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a special packet that can overwrit… | |
| CVE-2026-33446 | critical | 9.8 | 9.8 | 28d ago | CVE-2026-33446 is a buffer overflow in the authentication sub-system of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a special packet that can overw… | |
| CVE-2026-4670 | critical | 9.8 | 9.8 | 28d ago | Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass. This issue affects MOVEit Automation: from 2025.0.0 before 2025.0.9, from… | |
| CVE-2026-42799 | critical | 9.8 | 9.8 | 28d ago | Out-of-bounds read vulnerability in ASR Kestrel (nr_fw modules) allows Overflow Buffers. This vulnerability is associated with program files Code/Nr/nr_fw/RA/src/NrPwrCtrl.C. This issue affects … | |
| CVE-2026-22070 | critical | 9.8 | 9.8 | 28d ago | ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal. | |
| CVE-2026-34084 | critical | 9.8 | 9.8 | 29d ago | PhpSpreadsheet has SSRF/RCE in IOFactory::load when $filename is user controlled | |
| CVE-2026-26015 | critical | 9.8 | 9.8 | 29d ago | DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before version 0.16.0, an attacker accessing both the official DocsGPT website or any local and public deployment, can craft a … | |
| CVE-2026-38992 | critical | 9.8 | 9.8 | 29d ago | Cockpit is vulnerable to arbitrary code execution | |
| CVE-2026-36841 | critical | 9.8 | 9.8 | 29d ago | TOTOLINK N200RE V5 was discovered to contain a command injection vulnerability via the macstr and bandstr parameters in the formMapDelDevice function. | |
| CVE-2026-42249 | critical | 9.8 | 9.8 | 29d ago | Ollama for Windows contains a Remote Code Execution vulnerability in its update mechanism due to improper handling of attacker‑controlled HTTP response headers. When downloading updates, the applicat… | |
| CVE-2026-42248 | critical | 9.8 | 9.8 | 29d ago | Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables. Unlike other platforms, the Windows implementation of the update verification routine unco… | |
| CVE-2026-41446 | critical | 9.8 | 9.8 | 1mo ago | Snap One WattBox 800 and 820 series firmware versions prior to 2.10.0.0 contain undisclosed diagnostic HTTP endpoints that require only the device MAC address and service tag for authentication, both… | |
| CVE-2026-41386 | critical | 9.8 | 9.8 | 1mo ago | OpenClaw: Unbound bootstrap setup codes allow privilege escalation during pairing | |
| CVE-2026-24178 | critical | 9.8 | 9.8 | 1mo ago | NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key. A succ… | |
| CVE-2026-41873 | critical | 9.8 | 9.8 | 1mo ago | ** UNSUPPORTED WHEN ASSIGNED ** Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Pony Mail leading to admin account takeover. This issue affects all … | |
| CVE-2026-7244 | critical | 9.8 | 9.8 | 1mo ago | A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Th… | |
| CVE-2026-7243 | critical | 9.8 | 9.8 | 1mo ago | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulatio… | |
| CVE-2026-7242 | critical | 9.8 | 9.8 | 1mo ago | A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setOpenVpnClientCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipul… |