CVEs from 2026
Total
13,498
critical
critical 1,178
high
high 4,304
medium
medium 4,186
low
low 449
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.8%
Top products
- chrome 417
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-43101 | high | 7.5 | 7.5 | 26d ago | In the Linux kernel, the following vulnerability has been resolved: ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data() We need to check __in6_dev_get() for possible NULL value… | |||
| CVE-2026-43099 | high | 7.5 | 7.5 | 26d ago | In the Linux kernel, the following vulnerability has been resolved: ipv4: icmp: fix null-ptr-deref in icmp_build_probe() ipv6_stub->ipv6_dev_find() may return ERR_PTR(-EAFNOSUPPORT) when the IPv6 s… | |||
| CVE-2026-1719 | high | 7.5 | 7.5 | 26d ago | The Gravity Bookings Premium plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.5.9 due to insufficient escaping on the user supplied parameter and lack of su… | |||
| CVE-2026-30922 | high | 7.5 | 7.5 | 26d ago | RHSA-2026:13902: resource-agents security update (Important) | |||
| CVE-2026-40075 | high | 7.5 | 7.5 | 26d ago | OpenMRS ModuleResourcesServlet has Path Traversal that Leads to Arbitrary File Read | |||
| CVE-2026-44167 | high | 7.5 | 7.5 | 26d ago | phpseclib has a CVE-2024-27355 mitigation bypass — OID amplification DoS in ASN1::decodeOID() | |||
| CVE-2026-40280 | high | 7.5 | 7.5 | 27d ago | Gotenberg has case-insensitive URL scheme that bypasses webhook and downloadFrom deny-list SSRF protection | |||
| CVE-2026-33489 | high | 7.5 | 7.5 | 27d ago | CoreDNS' transfer stanza selection uses lexicographic compare (subzone ACL bypass) | |||
| CVE-2026-33190 | high | 7.5 | 7.5 | 27d ago | CoreDNS has TSIG authentication bypass on DoT, DoH, DoH3, DoQ, and gRPC | |||
| CVE-2026-32936 | high | 7.5 | 7.5 | 27d ago | CoreDNS DoH GET oversized dns= query parameter causes pre-validation CPU and memory amplification | |||
| CVE-2026-32934 | high | 7.5 | 7.5 | 27d ago | CoreDNS' DoQ worker pool does not bound stream backlog | |||
| CVE-2026-30923 | high | 7.5 | 7.5 | 27d ago | ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occu… | |||
| CVE-2026-43873 | high | 7.5 | 7.5 | 27d ago | AVideo: Unauthenticated Disclosure of CloneSite `myKey` via Error Echo in `cloneClient.json.php` Enables Cross-Site DB Dump of the Configured Clone Server | |||
| CVE-2026-4304 | high | 7.5 | 7.5 | 27d ago | The WeePie Cookie Allow plugin for WordPress is vulnerable to SQL Injection via the 'consent' parameter in all versions up to, and including, 3.4.11 due to insufficient escaping on the user supplied … | |||
| CVE-2026-6918 | high | 7.5 | 7.5 | 27d ago | In Eclipse Open9J versions 0.21 to 0.58, a pre-authentication remote attacker can crash JITServer by sending a 32-byte crafted TCP message. | |||
| CVE-2026-42437 | high | 7.5 | 7.5 | 27d ago | OpenClaw: Voice-call realtime WebSocket accepted oversized frames | |||
| CVE-2026-6322 | high | 7.5 | 7.5 | 27d ago | fast-uri vulnerable to host confusion via percent-encoded authority delimiters | |||
| CVE-2026-3359 | high | 7.5 | 7.5 | 27d ago | The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to SQL Injection via the 'inputs' parameter in versions up to, and including, 1.15.42 due… | |||
| CVE-2026-5192 | high | 7.5 | 7.5 | 27d ago | The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 1.52.1 via the 'upload-1[file][file_path… | |||
| CVE-2026-3456 | high | 7.5 | 7.5 | 27d ago | The GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress is vulnerable to SQL Injection via the 'attributekey' parameter in versions up to, and including, 1… | |||
| CVE-2026-5100 | high | 7.5 | 7.5 | 27d ago | The AWP Classifieds plugin for WordPress is vulnerable to SQL Injection via the 'regions' parameter array keys in versions up to, and including, 4.4.5 due to insufficient escaping on the user supplie… | |||
| CVE-2026-44028 | high | 7.5 | 7.5 | 27d ago | An issue was discovered in Nix before 2.34.7 and Lix before 2.95.2. Unbounded recursion in the NAR (Nix Archive) parser could lead to a stack-to-heap overflow when the parser is run on a coroutine st… | |||
| CVE-2026-27858 | high | 7.5 | 7.5 | 27d ago | Attacker can send a specifically crafted message before authentication that causes managesieve to allocate large amount of memory. Attacker can force managesieve-login to be unavailable by repeated… | |||
| CVE-2026-27857 | high | 7.5 | 7.5 | 27d ago | Sending "NOOP (((...)))" command with 4000 parenthesis open+close results in ~1MB extra memory usage. Longer commands will result in client disconnection. This 1 MB can be left allocated for longer t… | |||
| CVE-2026-35092 | high | 7.5 | 7.5 | 27d ago | A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) pac… | |||
| CVE-2026-7776 | high | 7.5 | 7.5 | 27d ago | Hashicorp Boundary workers are vulnerable to a denial-of-service condition during node enrollment TLS handshakes | |||
| CVE-2026-7768 | high | 7.5 | 7.5 | 28d ago | @fastify/accepts-serializer cached serializer-selection results keyed by the request Accept header without a size limit or eviction policy. A remote unauthenticated client could send many distinct bu… | |||
| CVE-2026-6321 | high | 7.5 | 7.5 | 28d ago | fast-uri vulnerable to path traversal via percent-encoded dot segments | |||
| CVE-2026-43964 | high | 7.5 | 7.5 | 28d ago | Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number. | |||
| CVE-2026-42236 | high | 7.5 | 7.5 | 28d ago | n8n Vulnerable to Unauthenticated Denial of Service via MCP Client Registration | |||
| CVE-2026-42226 | high | 7.5 | 7.5 | 28d ago | n8n's Credential Authorization Bypass in dynamic-node-parameters Allows Foreign API Key Replay | |||
| CVE-2026-42154 | high | 7.5 | 7.5 | 28d ago | Prometheus: Remote read endpoint allows denial of service via crafted snappy payload | |||
| CVE-2026-42151 | high | 7.5 | 7.5 | 28d ago | Prometheus Azure AD remote write OAuth client secret exposed via config API | |||
| CVE-2026-25863 | high | 7.5 | 7.5 | 28d ago | Conditional Fields for Contact Form 7 WordPress plugin through version 2.7.2 contains an uncontrolled resource consumption vulnerability in the Wpcf7cfMailParser class where the hide_hidden_mail_fiel… | |||
| CVE-2026-41471 | high | 7.5 | 7.5 | 28d ago | The Easy PayPal Events & Tickets plugin for WordPress before version 1.4 contains an information disclosure vulnerability in the QR code scanning endpoint that allows unauthenticated attackers to enu… | |||
| CVE-2026-37459 | high | 7.5 | 7.5 | 28d ago | An integer underflow in FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message. | |||
| CVE-2026-32834 | high | 7.5 | 7.5 | 28d ago | Easy PayPal Events & Tickets plugin for WordPress before version 1.4 contains a hardcoded authentication bypass vulnerability in the QR code scanning functionality that allows unauthenticated remote … | |||
| CVE-2026-42440 | high | 7.5 | 7.5 | 28d ago | Apache OpenNLP AbstractModelReader has an OOM Denial of Service via Unbounded Array Allocation | |||
| CVE-2026-37461 | high | 7.5 | 7.5 | 28d ago | GoBGP has an out-of-bounds read in the ParseIP6Extended function | |||
| CVE-2026-29169 | high | 7.5 | 7.5 | 28d ago | A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.mod_dav_lock is not used internally by mod_dav o… | |||
| CVE-2026-34059 | high | 7.5 | 7.5 | 28d ago | Important: httpd security update | |||
| CVE-2026-33846 | high | 7.5 | 7.5 | 28d ago | RHSA-2026:20611: gnutls security update (Important) | |||
| CVE-2026-7737 | high | 7.5 | 7.5 | 28d ago | GoBGP has Improper Restriction of Operations within the Bounds of a Memory Buffer | |||
| CVE-2026-7736 | high | 7.5 | 7.5 | 28d ago | GoBGP has an Integer Underflow Issue | |||
| CVE-2026-7734 | high | 7.5 | 7.5 | 28d ago | GoBGP has an Improper Resource Shutdown or Release | |||
| CVE-2026-42365 | high | 7.5 | 7.5 | 28d ago | A guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted series of HTTP requests can lead to an authentication bypas. … | |||
| CVE-2026-42245 | high | 7.5 | 7.5 | 28d ago | net-imap has quadratic complexity when reading response literals | |||
| CVE-2026-6320 | high | 7.5 | 7.5 | 1mo ago | The Salon Booking System – Free Version plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 10.30.25. This is due to the public booking flow accepting attacker… | |||
| CVE-2026-4062 | high | 7.5 | 7.5 | 1mo ago | The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'object_ids' and 'exclude_object_ids' parameters in all versions up to, and including, 1.13.18. This is due to in… | |||
| CVE-2026-4061 | high | 7.5 | 7.5 | 1mo ago | The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'map_post_type' parameter in all versions up to, and including, 1.13.18. This is due to the `SearchResults` hook … | |||
| CVE-2026-4060 | high | 7.5 | 7.5 | 1mo ago | The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'sort' parameter in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user … | |||
| CVE-2026-7649 | high | 7.5 | 7.5 | 1mo ago | The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in al… | |||
| CVE-2026-37457 | high | 7.5 | 7.5 | 1mo ago | An off-by-one out-of-bounds write vulnerability in the bgp_flowspec_op_decode() function (bgpd/bgp_flowspec_util.c) of FRRouting (FRR) stable/10.0 allows attackers to cause a Denial of Service (DoS) … | |||
| CVE-2026-42485 | high | 7.5 | 7.5 | 1mo ago | AGL agl-service-can-low-level contains a stack buffer overflow in the uds-c library. The send_diagnostic_request function in uds.c allocates a 6-byte stack buffer (MAX_DIAGNOSTIC_PAYLOAD_SIZE=6) but … | |||
| CVE-2026-42467 | high | 7.5 | 7.5 | 1mo ago | An issue was discovered in Open-SAE-J1939 thru commit b6caf884df46435e539b1ecbf92b6c29b345bdfe (2025-11-30) in SAE_J1939_Read_Binary_Data_Transfer_DM16 causing a denial of service via crafted CAN fra… | |||
| CVE-2026-37538 | high | 7.5 | 7.5 | 1mo ago | Buffer overflow vulnerability in socketcand 0.4.2 in file socketcand.c in function main allows attackers to cause a denial of service or other unspecified impacts via crafted bus_name. | |||
| CVE-2026-37530 | high | 7.5 | 7.5 | 1mo ago | AGL agl-service-can-low-level thru 17.1.12 contains a stack buffer overflow in the uds-c library. The send_diagnostic_request function in uds.c allocates a 6-byte stack buffer (MAX_DIAGNOSTIC_PAYLOAD… | |||
| CVE-2026-37554 | high | 7.5 | 7.5 | 1mo ago | An issue was discovered in Vanetza V2X v26.02 allowing remote unauthorized attackers to cause a denial of service. The vulnerability exists in the GeoNetworking packet processing pipeline where OpenS… | |||
| CVE-2026-37504 | high | 7.5 | 7.5 | 1mo ago | Sensitive server_token exposed via GET parameter in V2Board thru 1.7.4. In app/Http/Controllers/Server/UniProxyController.php, the server authentication token is accepted via GET parameter transmissi… | |||
| CVE-2026-43507 | high | 7.5 | 7.5 | 1mo ago | An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5. A Denial of Service can occur via memory exhaustion caused by XML parsing resource amplification from unauthen… | |||
| CVE-2026-43506 | high | 7.5 | 7.5 | 1mo ago | An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5. A Denial of Service can occur via memory exhaustion caused by memory leaks from unauthenticated connections. | |||
| CVE-2026-43057 | high | 7.5 | 7.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: net: correctly handle tunneled traffic on IPV6_CSUM GSO fallback NETIF_F_IPV6_CSUM only advertises support for checksum offload o… | |||
| CVE-2026-43055 | high | 7.5 | 7.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: scsi: target: file: Use kzalloc_flex for aio_cmd The target_core_file doesn't initialize the aio_cmd->iocb for the ki_write_strea… | |||
| CVE-2026-43031 | high | 7.5 | 7.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: net: xilinx: axienet: Fix BQL accounting for multi-BD TX packets When a TX packet spans multiple buffer descriptors (scatter-gath… | |||
| CVE-2026-43029 | high | 7.5 | 7.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: mptcp: fix soft lockup in mptcp_recvmsg() syzbot reported a soft lockup in mptcp_recvmsg() [0]. When receiving data with MSG_PEE… | |||
| CVE-2026-42478 | high | 7.5 | 7.5 | 1mo ago | An issue was discovered in VrmlData_IndexedFaceSet::TShape in the VRML V2.0 parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows attackers to cause a denial of service via a crafted VRML file. … | |||
| CVE-2026-31719 | high | 7.5 | 7.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: crypto: krb5enc - fix async decrypt skipping hash verification krb5enc_dispatch_decrypt() sets req->base.complete as the skcipher… | |||
| CVE-2026-31711 | high | 7.5 | 7.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: smb: server: fix active_num_conn leak on transport allocation failure Commit 77ffbcac4e56 ("smb: server: fix leak of active_num_c… | |||
| CVE-2026-43003 | high | 7.5 | 7.5 | 1mo ago | OpenStack Ironic Python Agent Includes Functionality from Untrusted Control Sphere | |||
| CVE-2026-42403 | high | 7.5 | 7.5 | 1mo ago | Apache Neethi does not properly detect circular references in policy definitions. | |||
| CVE-2026-42402 | high | 7.5 | 7.5 | 1mo ago | Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization | |||
| CVE-2026-40684 | high | 7.5 | 7.5 | 1mo ago | In Exim before 4.99.2, on systems using musl libc (not glibc), an attacker can crash the connection instance when malformed DNS data is present in PTR records. This is caused by a dn_expand oddity in… | |||
| CVE-2026-4503 | high | 7.5 | 7.5 | 1mo ago | IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow could allow an unauthenticated user to view other users' images due to an indirect object reference through a user-controlled key. | |||
| CVE-2026-33449 | high | 7.5 | 7.5 | 1mo ago | CVE-2026-33449 is a buffer overflow in a message handling function of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a cryptographically valid message… | |||
| CVE-2026-40601 | high | 7.5 | 7.5 | 1mo ago | Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes POST /api/chart/:chart_id/query with… | |||
| CVE-2026-40595 | high | 7.5 | 7.5 | 1mo ago | Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes public chart retrieval and export ro… | |||
| CVE-2026-36959 | high | 7.5 | 7.5 | 1mo ago | U-SPEED N300 router V1.0.0 does not implement rate limiting or account lockout protections on the /api/login endpoint. This allows an attacker on the local network to perform unlimited authentication… | |||
| CVE-2026-36958 | high | 7.5 | 7.5 | 1mo ago | A denial-of-service vulnerability exists in the U-SPEED N300 V1.0.0 wireless router. By sending a large number of concurrent HTTP requests to random or non-existent endpoints on the web management in… | |||
| CVE-2026-36957 | high | 7.5 | 7.5 | 1mo ago | Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router V1.0.0 is vulnerable to Denial of Service via the boa web server URI handler. By initiating a high-volume flood of HTTP GET requests to non-existent … | |||
| CVE-2026-2892 | high | 7.5 | 7.5 | 1mo ago | The Otter Blocks plugin for WordPress is vulnerable to Purchase Verification Bypass in all versions up to, and including, 3.1.4. This is due to the 'get_customer_data' method relying on an unsigned '… | |||
| CVE-2026-41882 | high | 7.5 | 7.5 | 1mo ago | In JetBrains IntelliJ IDEA before 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, 2026.1.1 reading arbitrary local files was possible via built-in web server | |||
| CVE-2026-7164 | high | 7.5 | 7.5 | 1mo ago | Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic. Remote attackers can craft packets which cause affec… | |||
| CVE-2026-6520 | high | 7.5 | 7.5 | 1mo ago | OpenFlow v6 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | |||
| CVE-2026-6519 | high | 7.5 | 7.5 | 1mo ago | MBIM protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | |||
| CVE-2026-5657 | high | 7.5 | 7.5 | 1mo ago | iLBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | |||
| CVE-2026-5655 | high | 7.5 | 7.5 | 1mo ago | SDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 allows denial of service | |||
| CVE-2026-5654 | high | 7.5 | 7.5 | 1mo ago | AMR-NB codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | |||
| CVE-2026-5653 | high | 7.5 | 7.5 | 1mo ago | DCP-ETSI protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | |||
| CVE-2026-7379 | high | 7.5 | 7.5 | 1mo ago | Memory leak in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | |||
| CVE-2026-7378 | high | 7.5 | 7.5 | 1mo ago | Crash in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | |||
| CVE-2026-7376 | high | 7.5 | 7.5 | 1mo ago | Crash in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | |||
| CVE-2026-7375 | high | 7.5 | 7.5 | 1mo ago | UDS protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | |||
| CVE-2026-6868 | high | 7.5 | 7.5 | 1mo ago | HTTP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | |||
| CVE-2026-44216 | high | 7.5 | 7.5 | 1mo ago | wasmtime has a panic when allocating a table exceeding the size of the host's address space | |||
| CVE-2026-40902 | high | 7.5 | 7.5 | 1mo ago | PhpSpreadsheet has CPU Denial of Service via Unbounded Row Number in XLSX Row Dimensions | |||
| CVE-2026-40863 | high | 7.5 | 7.5 | 1mo ago | PhpSpreadsheet has CPU Denial of Service via Unbounded Row Index in SpreadsheetML XML Reader | |||
| CVE-2026-6914 | high | 7.5 | 7.5 | 1mo ago | Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server. This issue affects all MongoDB Server v8.2 versions, all MongoDB Serv… | |||
| CVE-2026-42198 | high | 7.5 | 7.5 | 1mo ago | pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS | |||
| CVE-2026-36837 | high | 7.5 | 7.5 | 1mo ago | TOTOLINK A3002RU V3 <= V3.0.0-B20220304.1804 was discovered to contain a stack-based buffer overflow via the hostname parameter in the formMapDelDevice function. | |||
| CVE-2026-42520 | high | 7.5 | 7.5 | 1mo ago | Jenkins Credentials Binding Plugin has a path traversal vulnerability |