CVEs from 2026
Total
13,616
critical
critical 1,176
high
high 4,274
medium
medium 4,150
low
low 441
% Critical
8.6%
% with KEV
0.4%
% with exploit
0.7%
Top products
- chrome 417
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-8248 | medium | 6.5 | 6.5 | 20d ago | A vulnerability was detected in Open5GS up to 2.7.7. The affected element is the function update_authorized_pcc_rule_and_qos of the file /src/smf/npcf-handler.c of the component SMF. The manipulation… | |||
| CVE-2026-45191 | medium | 6.5 | 6.5 | 20d ago | Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, which may allow IP ACL bypass. Mask forms like "/00" and "/01" pass validatio… | |||
| CVE-2026-45190 | medium | 6.5 | 6.5 | 20d ago | Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass. Inputs containing a trailing newline or non-ASCII digit chara… | |||
| CVE-2026-7259 | medium | 6.5 | 6.5 | 21d ago | In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, re… | |||
| CVE-2026-45184 | medium | 6.5 | 6.5 | 21d ago | Kdenlive before 26.04.1 allows dangerous proxy parameters when an attacker-controlled project file is used. | |||
| CVE-2026-45181 | medium | 6.5 | 6.5 | 21d ago | Hex-Rays IDA Pro 9.2 and 9.3 before 9.3sp2 does not block Clang dependency-file generation (via argument injection), which allows attackers to place their code into a plugins directory if the victim … | |||
| CVE-2026-42576 | medium | 6.5 | 6.5 | 21d ago | apko `DiscoverKeys` has a panic on non-rsa jwks key that causes crash during key discovery | |||
| CVE-2026-42183 | medium | 6.5 | 6.5 | 22d ago | Argo Affected by SSO RBAC Delegation Nil Pointer Dereference DoS (gatekeeper.go) | |||
| CVE-2026-41311 | medium | 6.5 | 6.5 | 22d ago | liquidjs has a Denial of Service via circular block reference in layout | |||
| CVE-2026-42346 | medium | 6.5 | 6.5 | 22d ago | Postiz is an AI social media scheduling tool. From version 2.16.6 to before version 2.21.7, all SSRF protections added in v2.21.4–v2.21.6 share a fundamental TOCTOU (Time-of-Check-Time-of-Use) vulner… | |||
| CVE-2026-42209 | medium | 6.5 | 6.5 | 22d ago | FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.1, a remote client with retained publish permission can crash the FlashMQ broker when both set_retained_mes… | |||
| CVE-2026-44200 | medium | 6.5 | 6.5 | 22d ago | Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to pages could copy a page they don't have access to to an area of … | |||
| CVE-2026-42181 | medium | 6.5 | 6.5 | 22d ago | Lemmy has SSRF and internal image disclosure in post link metadata via unvalidated og:image | |||
| CVE-2026-41885 | medium | 6.5 | 6.5 | 22d ago | i18next-locize-backend has URL Injection via Unsanitized Path Parameters | |||
| CVE-2026-41585 | medium | 6.5 | 6.5 | 23d ago | Zebra Vulnerable to Denial of Service via Interrupted JSON-RPC Requests from Authenticated Clients | |||
| CVE-2026-41308 | medium | 6.5 | 6.5 | 23d ago | Password Pusher is an open source application to communicate sensitive information over the web. Prior to versions 1.69.3 and 2.4.2, a security issue in OSS PasswordPusher allowed unauthenticated cre… | |||
| CVE-2026-42277 | medium | 6.5 | 6.5 | 23d ago | Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the GET /chat/file/{file_id} endpoint allows any authenticated user to download any other user's uploaded files by provi… | |||
| CVE-2026-8123 | medium | 6.5 | 6.5 | 23d ago | A vulnerability was determined in Open5GS up to 2.7.7. This impacts the function ogs_sbi_discovery_option_add_snssais in the library /lib/sbi/message.c of the component NSSF. This manipulation causes… | |||
| CVE-2026-8122 | medium | 6.5 | 6.5 | 23d ago | A vulnerability was found in Open5GS up to 2.7.7. This affects the function ogs_sbi_discovery_option_add_service_names in the library /lib/sbi/message.c of the component NSSF. The manipulation result… | |||
| CVE-2026-8121 | medium | 6.5 | 6.5 | 23d ago | A vulnerability has been found in Open5GS up to 2.7.7. The impacted element is the function ogs_sbi_parse_plmn_list in the library /lib/sbi/conv.c of the component NSSF. The manipulation leads to den… | |||
| CVE-2026-8120 | medium | 6.5 | 6.5 | 23d ago | A flaw has been found in Open5GS up to 2.7.7. The affected element is the function nssf_nnrf_nsselection_handle_get_from_amf_or_vnssf of the file /src/nssf/nnssf-handler.c of the component NSSF. Exec… | |||
| CVE-2026-8113 | medium | 6.5 | 6.5 | 23d ago | A vulnerability was determined in 8421bit MiniClaw up to 43905b934cf76489ab28e4d17da28ee97970f91f. Affected by this vulnerability is the function isPathInside of the file src/kernel.ts of the compone… | |||
| CVE-2026-6736 | medium | 6.5 | 6.5 | 23d ago | An authentication bypass vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to create a local user account, bypassing the configured external identity p… | |||
| CVE-2026-33823 | medium | 6.5 | 6.5 | 23d ago | <p>Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network.</p> | |||
| CVE-2026-8142 | medium | 6.5 | 6.5 | 23d ago | VINCE versions 3.0.38 and earlier do not properly verify the From address authenticity due to encoding confusion and use the from address for automated actions such as Ticket creation or Ticket updat… | |||
| CVE-2026-27892 | medium | 6.5 | 6.5 | 23d ago | FacturaScripts Vulnerable to Unstripped Image Metadata (EXIF) Leakage via Library Module File Upload/Download | |||
| CVE-2026-36387 | medium | 6.5 | 6.5 | 23d ago | A Remote Code Execution vulnerability was found in CODEASTRO Membership Management System v1.0 in /add_members.php. This vulnerability affects the file upload functionality, where improper file sanit… | |||
| CVE-2026-41684 | medium | 6.5 | 6.5 | 24d ago | Incus is a system container and virtual machine manager. Prior to version 7.0.0, backup.GetInfo() trusts the inline backup/index.yaml config when present and only falls back to parsing the legacy bac… | |||
| CVE-2026-41647 | medium | 6.5 | 6.5 | 24d ago | Incus is a system container and virtual machine manager. Prior to version 7.0.0, a missing error handling could lead an authenticated Incus user to cause a daemon crash through the import of a trunca… | |||
| CVE-2026-5791 | medium | 6.5 | 6.5 | 24d ago | Cross-Site request forgery (CSRF) vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross Site Request Forgery. This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2. | |||
| CVE-2026-33589 | medium | 6.5 | 6.5 | 24d ago | Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to access local files content from the docker container via path traversal. | |||
| CVE-2026-27421 | medium | 6.5 | 6.5 | 24d ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WProyal Royal Elementor Addons allows Stored XSS. This issue affects Royal Elementor Addons: fro… | |||
| CVE-2026-8063 | medium | 6.5 | 6.5 | 24d ago | An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty pipeline on a view. When resolving a view, the server inspects the aggregation pipeline to determine whe… | |||
| CVE-2026-6214 | medium | 6.5 | 6.5 | 24d ago | The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.53.0. This is due to the listen_for_saving_export_schedule() function in library/cla… | |||
| CVE-2026-4807 | medium | 6.5 | 6.5 | 24d ago | The Appointment Booking Calendar plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.6.10.6. This is due to a flawed authorization logic in the nonce_permiss… | |||
| CVE-2026-40251 | medium | 6.5 | 6.5 | 24d ago | Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage … | |||
| CVE-2026-40197 | medium | 6.5 | 6.5 | 24d ago | Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage … | |||
| CVE-2026-40195 | medium | 6.5 | 6.5 | 24d ago | Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage bucket import logic allows an authenticated user with access to the storage … | |||
| CVE-2026-43583 | medium | 6.5 | 6.5 | 24d ago | OpenClaw: Delivery queue recovery could lose group tool-policy context for media replay | |||
| CVE-2026-43579 | medium | 6.5 | 6.5 | 24d ago | OpenClaw before 2026.4.10 contains an insufficient access control vulnerability in Nostr plugin HTTP profile routes that allows operators with write permissions to persist profile configuration witho… | |||
| CVE-2026-43577 | medium | 6.5 | 6.5 | 24d ago | OpenClaw before 2026.4.9 contains a file read vulnerability allowing attackers to bypass navigation guards through browser act/evaluate interactions. Attackers can pivot into the local CDP origin and… | |||
| CVE-2026-7982 | medium | 6.5 | 6.5 | 24d ago | <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google… | |||
| CVE-2026-7924 | medium | 6.5 | 6.5 | 24d ago | <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google… | |||
| CVE-2026-20168 | medium | 6.5 | 6.5 | 24d ago | A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to retrieve files that they do not have per… | |||
| CVE-2026-41286 | medium | 6.5 | 6.5 | 24d ago | Stack-based Buffer Overflow vulnerability in the WatchGuard Agent discovery service on Windows allows Overflow Buffers. An unauthenticated attacker on the same local network could exploit this vulner… | |||
| CVE-2026-41287 | medium | 6.5 | 6.5 | 25d ago | Stack-based Buffer Overflow vulnerability in the WatchGuard Agent discovery service on Windows allows Overflow Buffers. An unauthenticated attacker on the same local network could exploit this vulner… | |||
| CVE-2026-43975 | medium | 6.5 | 6.5 | 25d ago | Apache Wicket has a Path Traversal issue | |||
| CVE-2026-5753 | medium | 6.5 | 6.5 | 25d ago | The All-in-One WP Migration Unlimited Extension plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.83. This is due to the 'Ai1wmve_Schedules_Controller::s… | |||
| CVE-2026-42610 | medium | 6.5 | 6.5 | 25d ago | Grav Vulnerable to Sensitive Information Disclosure via Accounts Service Bypass | |||
| CVE-2026-41950 | medium | 6.5 | 6.5 | 25d ago | Dify before version 1.14.0 contains an authorization bypass vulnerability that allows authenticated users to read the full contents of files uploaded by other users within the same tenant by supplyin… | |||
| CVE-2026-39402 | medium | 6.5 | 6.5 | 25d ago | lxc is a Linux container runtime. In the setuid helper lxc-user-nic, the delete path contains a logic flaw in the find_line() function that allows an unprivileged user to delete OVS-attached network … | |||
| CVE-2026-32603 | medium | 6.5 | 6.5 | 25d ago | Sandboxie is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, a local denial of service vulnerability exists in the Sandboxie kernel driver. An unprivilege… | |||
| CVE-2026-35192 | medium | 6.5 | 6.5 | 25d ago | An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. Response headers do not vary on cookies if a session is not modified, but `SESSION_SAVE_EVERY_REQUEST` is `True`. A remote attacker … | |||
| CVE-2026-30246 | medium | 6.5 | 6.5 | 26d ago | Fiber's cache middleware default key generator ignores query string, causing response mix-up across distinct query parameters | |||
| CVE-2026-27644 | medium | 6.5 | 6.5 | 26d ago | Traccar is an open source GPS tracking system. In versions between 6.11.1 and 6.13.0, the CSV export functionality writes position data, including user-controlled device and computed attributes, to C… | |||
| CVE-2026-6262 | medium | 6.5 | 6.5 | 26d ago | The Betheme theme for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 28.4. This is due to the upload_icons() function workflow using a user-controlled upload pat… | |||
| CVE-2026-43574 | medium | 6.5 | 6.5 | 26d ago | OpenClaw: Empty approver lists could grant explicit approval authorization | |||
| CVE-2026-43570 | medium | 6.5 | 6.5 | 26d ago | OpenClaw contains a symlink traversal vulnerability | |||
| CVE-2026-43568 | medium | 6.5 | 6.5 | 26d ago | OpenClaw: Memory dreaming config persistence was reachable from operator.write commands | |||
| CVE-2026-43567 | medium | 6.5 | 6.5 | 26d ago | OpenClaw: screen_record outPath bypassed workspace-only filesystem guard | |||
| CVE-2026-43528 | medium | 6.5 | 6.5 | 26d ago | OpenClaw: config.get redaction bypass through sourceConfig and runtimeConfig aliases | |||
| CVE-2026-42433 | medium | 6.5 | 6.5 | 26d ago | OpenClaw: Matrix profile config persistence was reachable from operator.write message tools | |||
| CVE-2026-3454 | medium | 6.5 | 6.5 | 26d ago | The GenerateBlocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.0. This is due to missing object-level authorization checks in the … | |||
| CVE-2026-4362 | medium | 6.5 | 6.5 | 26d ago | The ElementsKit Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `Live_Action::reset()` function in all versions up to… | |||
| CVE-2026-5957 | medium | 6.5 | 6.5 | 26d ago | The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to and including 1.6.5. This is due to a flawed path traversal validation in the create_template() method of … | |||
| CVE-2026-4409 | medium | 6.5 | 6.5 | 26d ago | The Subscribe To Comments Reloaded plugin for WordPress is vulnerable to unauthorized modification of data due to a leaked secret key and usage of a weak hash generation algorithm in all versions up … | |||
| CVE-2026-42223 | medium | 6.5 | 6.5 | 26d ago | Nginx-UI Settings API Exposes Protected Secrets | |||
| CVE-2026-42220 | medium | 6.5 | 6.5 | 26d ago | Nginx-UI: Authenticated settings disclosure exposes node.secret and enables trusted-node authentication abuse, backup exfiltration, and restore-based nginx-ui state rollback | |||
| CVE-2026-42069 | medium | 6.5 | 6.5 | 26d ago | Kirby CMS's read access to site, user and role information is not gated by permissions | |||
| CVE-2026-42228 | medium | 6.5 | 6.5 | 26d ago | n8n Vulnerable to Hijacking of Unauthenticated Chat Execution | |||
| CVE-2026-42227 | medium | 6.5 | 6.5 | 26d ago | n8n has Public API Variables IDOR that Allows Cross-Project Secret Disclosure | |||
| CVE-2026-42092 | medium | 6.5 | 6.5 | 26d ago | titra is an open source time tracking project. In version 0.99.52, the globalsettings Meteor publication returns all global settings without any admin or role check. Any authenticated user can subscr… | |||
| CVE-2026-42091 | medium | 6.5 | 6.5 | 26d ago | goshs has Cross-Origin Arbitrary File Write via Missing CSRF on PUT and Wildcard CORS | |||
| CVE-2026-37458 | medium | 6.5 | 6.5 | 26d ago | Missing input validation in the MP_REACH_NLRI component of FRRouting (FRR) stable/10.0 to stable/10.6 allows authenticated attackers to cause a Denial of Service (DoS) via supplying a crafted UPDATE … | |||
| CVE-2026-33523 | medium | 6.5 | 6.5 | 27d ago | HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers. This issue affects Apache HTTP Server: from through 2.4.66. Users are rec… | |||
| CVE-2026-20450 | medium | 6.5 | 6.5 | 27d ago | In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with… | |||
| CVE-2026-20449 | medium | 6.5 | 6.5 | 27d ago | In Modem, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with n… | |||
| CVE-2026-7714 | medium | 6.5 | 6.5 | 27d ago | A flaw has been found in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this issue is some unknown functionality of the file cps/cwa_functions.py of the component Admin Endpoint. This … | |||
| CVE-2026-42367 | medium | 6.5 | 6.5 | 27d ago | A privilege escalation vulnerability exists in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to credentials leak. An attacker … | |||
| CVE-2026-42256 | medium | 6.5 | 6.5 | 27d ago | net-imap vulnerable to denial of service via high iteration count for `SCRAM-*` authentication | |||
| CVE-2026-5337 | medium | 6.5 | 6.5 | 28d ago | During the analysis, it was identified that authenticated attackers with Subscriber-level access or higher are able to perform an Insecure Direct Object Reference (IDOR) attack. This vulnerability ex… | |||
| CVE-2026-7681 | medium | 6.5 | 6.5 | 28d ago | A security vulnerability has been detected in jsbroks COCO Annotator up to 0.11.1. Affected by this vulnerability is an unknown functionality of the file backend/webserver/api/datasets.py of the comp… | |||
| CVE-2026-7645 | medium | 6.5 | 6.5 | 28d ago | sublinear-time-solver has a Path Traversal Issue | |||
| CVE-2026-7633 | medium | 6.5 | 6.5 | 29d ago | A vulnerability was identified in Totolink N300RH 6.1c.1353_B20190305. This impacts the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument FileName leads to… | |||
| CVE-2026-6457 | medium | 6.5 | 6.5 | 29d ago | The Geo Mashup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'geo_mashup_null_fields' parameter in all versions up to, and including, 1.13.19 due to insufficient escapi… | |||
| CVE-2026-42474 | medium | 6.5 | 6.5 | 29d ago | MixPHP Framework has an SQL injection vulnerability via crafted `data` array | |||
| CVE-2026-42475 | medium | 6.5 | 6.5 | 29d ago | MixPHP Framework has an SQL injection vulnerability | |||
| CVE-2026-26461 | medium | 6.5 | 6.5 | 29d ago | A Command Injection vulnerability in the web management interface in Aver PTC320UV2 0.1.0000.65 allows an unauthenticated attacker to execute arbitrary commands via a crafted web request. | |||
| CVE-2026-23863 | medium | 6.5 | 6.5 | 29d ago | An attachment spoofing issue in WhatsApp for Windows prior to v2.3000.1032164386.258709 could have allowed maliciously formatted documents with embedded NUL bytes in the filename to be shown in the a… | |||
| CVE-2026-43505 | medium | 6.5 | 6.5 | 1mo ago | An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5, when mod_proxy65 is enabled. Because mod_proxy65 mishandles access control in the activation scenario, relayin… | |||
| CVE-2026-43504 | medium | 6.5 | 6.5 | 1mo ago | An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5, when mod_proxy65 is enabled. Because mod_proxy65 mishandles access control in a paused scenario, relaying of u… | |||
| CVE-2026-28909 | medium | 6.5 | 6.5 | 1mo ago | Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext. This issue is fixed in container version 0.12.3. | |||
| CVE-2026-1577 | medium | 6.5 | 6.5 | 1mo ago | IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutr… | |||
| CVE-2026-4502 | medium | 6.5 | 6.5 | 1mo ago | IBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot d… | |||
| CVE-2026-40950 | medium | 6.5 | 6.5 | 1mo ago | CVE-2026-40950 is a buffer overflow vulnerability in the Secure Access server prior to 14.50. Attackers with control of a modified client can send a specially crafted message to the server and caus… | |||
| CVE-2026-3340 | medium | 6.5 | 6.5 | 1mo ago | IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, pote… | |||
| CVE-2026-28532 | medium | 6.5 | 6.5 | 1mo ago | FRRouting before 10.5.3 contains an integer overflow vulnerability in seven OSPF Traffic Engineering and Segment Routing TLV parser functions where a uint16_t accumulator variable truncates uint32_t … | |||
| CVE-2026-3345 | medium | 6.5 | 6.5 | 1mo ago | IBM Langflow Desktop <=1.8.4 Langflow could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../)… | |||
| CVE-2026-42137 | medium | 6.5 | 6.5 | 1mo ago | Kirby CMS's `pages.access/list` and `files.access/list` permissions are not consistently checked in the Panel and REST API | |||
| CVE-2026-40603 | medium | 6.5 | 6.5 | 1mo ago | Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes a legacy dashboard route that return… |