CVEs from 2026
Total
13,359
critical
critical 1,105
high
high 3,911
medium
medium 3,965
low
low 413
% Critical
8.3%
% with KEV
0.4%
% with exploit
0.4%
Top products
- firepower_threat_defense 298
- chrome 298
- firepower_threat_defense_software 295
- gcp 221
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-4575 | low | 2.4 | 2.4 | 2mo ago | A flaw has been found in code-projects Exam Form Submission 1.0. This issue affects some unknown processing of the file /admin/update_s2.php. This manipulation of the argument sname causes cross site… | |
| CVE-2026-4356 | low | 2.4 | 2.4 | 2mo ago | A flaw has been found in itsourcecode University Management System 1.0. Affected is an unknown function of the file /add_result.php. Executing a manipulation of the argument vr can lead to cross site… | |
| CVE-2026-4225 | low | 2.4 | 2.4 | 2mo ago | A security flaw has been discovered in CMS Made Simple up to 2.2.21. Impacted is an unknown function of the file admin/listusers.php of the component User Management Module. Performing a manipulation… | |
| CVE-2026-4168 | low | 2.4 | 2.4 | 2mo ago | A vulnerability was identified in Tecnick TCExam 16.5.0. This impacts an unknown function of the file /admin/code/tce_edit_group.php of the component Group Handler. Such manipulation of the argument … | |
| CVE-2026-4165 | low | 2.4 | 2.4 | 2mo ago | A vulnerability has been found in Worksuite HR, CRM and Project Management up to 5.5.25. The affected element is an unknown function of the file /account/orders/create. The manipulation of the argume… | |
| CVE-2026-3041 | low | 2.4 | 2.4 | 3mo ago | A security vulnerability has been detected in xingfuggz BaykeShop up to 1.3.20. Impacted is an unknown function of the file src/baykeshop/contrib/article/templates/baykeshop/sidebar/custom.html of th… | |
| CVE-2026-2965 | low | 2.4 | 2.4 | 3mo ago | A security flaw has been discovered in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.9. The affected element is an unknown function of the file /admin/SysModule/edit.html of the component System Extensi… | |
| CVE-2026-1705 | low | 2.4 | 2.4 | 4mo ago | A vulnerability was detected in D-Link DSL-6641K N8.TR069.20131126. Affected by this issue is the function ad_virtual_server_vdsl of the component Web Interface. Performing a manipulation of the argu… | |
| CVE-2026-1520 | low | 2.4 | 2.4 | 4mo ago | A vulnerability was identified in rethinkdb up to 2.4.3. Affected by this issue is some unknown functionality of the component Secondary Index Handler. Such manipulation leads to cross site scripting… | |
| CVE-2026-1444 | low | 2.4 | 2.4 | 4mo ago | A vulnerability has been found in iJason-Liu Books_Manager up to 298ba736387ca37810466349af13a0fdf828e99c. This affects an unknown part of the file controllers/books_center/add_book_check.php. Such m… | |
| CVE-2026-45182 | low | 2.2 | 2.2 | 19d ago | GrapheneOS before 2026050400 allows attackers to discover the real IP address of a VPN user as a consequence of a registerQuicConnectionClosePayload optimization, because an application can let syste… | |
| CVE-2026-21725 | low | 2.0 | 2.0 | 3mo ago | A time-of-create-to-time-of-use (TOCTOU) vulnerability lets recently deleted-then-recreated data sources be re-deleted without permission to do so. This requires several very stringent conditions to… | |
| CVE-2026-30904 | low | 1.8 | 1.8 | 15d ago | Protection Mechanism Failure in Zoom Workplace for iOS before version 7.0.0 may allow an authenticated user to conduct a disclosure of information via physical access. |