CVEs from 2026
Total
13,321
critical
critical 1,107
high
high 3,936
medium
medium 3,984
low
low 416
% Critical
8.3%
% with KEV
0.4%
% with exploit
0.5%
Top products
- chrome 299
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 221
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-8063 | medium | 6.5 | 6.5 | 21d ago | An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty pipeline on a view. When resolving a view, the server inspects the aggregation pipeline to determine whe… | |
| CVE-2026-6214 | medium | 6.5 | 6.5 | 22d ago | The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.53.0. This is due to the listen_for_saving_export_schedule() function in library/cla… | |
| CVE-2026-4807 | medium | 6.5 | 6.5 | 22d ago | The Appointment Booking Calendar plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.6.10.6. This is due to a flawed authorization logic in the nonce_permiss… | |
| CVE-2026-40251 | medium | 6.5 | 6.5 | 22d ago | Incus Vulnerable to Panic via Snapshot Bounds Check | |
| CVE-2026-40197 | medium | 6.5 | 6.5 | 22d ago | Incus has a Nil-Pointer Dereference via Custom Volume Import | |
| CVE-2026-40195 | medium | 6.5 | 6.5 | 22d ago | Incus has a Nil-Pointer Dereference Panic via Bucket Metadata | |
| CVE-2026-43583 | medium | 6.5 | 6.5 | 22d ago | OpenClaw: Delivery queue recovery could lose group tool-policy context for media replay | |
| CVE-2026-43579 | medium | 6.5 | 6.5 | 22d ago | OpenClaw before 2026.4.10 contains an insufficient access control vulnerability in Nostr plugin HTTP profile routes that allows operators with write permissions to persist profile configuration witho… | |
| CVE-2026-43577 | medium | 6.5 | 6.5 | 22d ago | OpenClaw before 2026.4.9 contains a file read vulnerability allowing attackers to bypass navigation guards through browser act/evaluate interactions. Attackers can pivot into the local CDP origin and… | |
| CVE-2026-7982 | medium | 6.5 | 6.5 | 22d ago | Uninitialized Use in WebCodecs in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium sec… | |
| CVE-2026-7924 | medium | 6.5 | 6.5 | 22d ago | Uninitialized Use in Dawn in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security… | |
| CVE-2026-20168 | medium | 6.5 | 6.5 | 22d ago | A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to retrieve files that they do not have per… | |
| CVE-2026-41286 | medium | 6.5 | 6.5 | 22d ago | Stack-based Buffer Overflow vulnerability in the WatchGuard Agent discovery service on Windows allows Overflow Buffers. An unauthenticated attacker on the same local network could exploit this vulner… | |
| CVE-2026-41287 | medium | 6.5 | 6.5 | 22d ago | Stack-based Buffer Overflow vulnerability in the WatchGuard Agent discovery service on Windows allows Overflow Buffers. An unauthenticated attacker on the same local network could exploit this vulner… | |
| CVE-2026-43975 | medium | 6.5 | 6.5 | 22d ago | Apache Wicket has a Path Traversal issue | |
| CVE-2026-5753 | medium | 6.5 | 6.5 | 23d ago | The All-in-One WP Migration Unlimited Extension plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.83. This is due to the 'Ai1wmve_Schedules_Controller::s… | |
| CVE-2026-42610 | medium | 6.5 | 6.5 | 23d ago | Grav Vulnerable to Sensitive Information Disclosure via Accounts Service Bypass | |
| CVE-2026-41950 | medium | 6.5 | 6.5 | 23d ago | Dify before version 1.14.0 contains an authorization bypass vulnerability that allows authenticated users to read the full contents of files uploaded by other users within the same tenant by supplyin… | |
| CVE-2026-39402 | medium | 6.5 | 6.5 | 23d ago | lxc is a Linux container runtime. In the setuid helper lxc-user-nic, the delete path contains a logic flaw in the find_line() function that allows an unprivileged user to delete OVS-attached network … | |
| CVE-2026-32603 | medium | 6.5 | 6.5 | 23d ago | Sandboxie is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, a local denial of service vulnerability exists in the Sandboxie kernel driver. An unprivilege… | |
| CVE-2026-35192 | medium | 6.5 | 6.5 | 23d ago | An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. Response headers do not vary on cookies if a session is not modified, but `SESSION_SAVE_EVERY_REQUEST` is `True`. A remote attacker … | |
| CVE-2026-30246 | medium | 6.5 | 6.5 | 23d ago | Fiber's cache middleware default key generator ignores query string, causing response mix-up across distinct query parameters | |
| CVE-2026-27644 | medium | 6.5 | 6.5 | 23d ago | Traccar is an open source GPS tracking system. In versions between 6.11.1 and 6.13.0, the CSV export functionality writes position data, including user-controlled device and computed attributes, to C… | |
| CVE-2026-6262 | medium | 6.5 | 6.5 | 23d ago | The Betheme theme for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 28.4. This is due to the upload_icons() function workflow using a user-controlled upload pat… | |
| CVE-2026-43574 | medium | 6.5 | 6.5 | 23d ago | OpenClaw: Empty approver lists could grant explicit approval authorization | |
| CVE-2026-43570 | medium | 6.5 | 6.5 | 23d ago | OpenClaw contains a symlink traversal vulnerability | |
| CVE-2026-43568 | medium | 6.5 | 6.5 | 23d ago | OpenClaw: Memory dreaming config persistence was reachable from operator.write commands | |
| CVE-2026-43567 | medium | 6.5 | 6.5 | 23d ago | OpenClaw: screen_record outPath bypassed workspace-only filesystem guard | |
| CVE-2026-43528 | medium | 6.5 | 6.5 | 23d ago | OpenClaw: config.get redaction bypass through sourceConfig and runtimeConfig aliases | |
| CVE-2026-42433 | medium | 6.5 | 6.5 | 23d ago | OpenClaw: Matrix profile config persistence was reachable from operator.write message tools | |
| CVE-2026-3454 | medium | 6.5 | 6.5 | 23d ago | The GenerateBlocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.0. This is due to missing object-level authorization checks in the … | |
| CVE-2026-4362 | medium | 6.5 | 6.5 | 24d ago | The ElementsKit Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `Live_Action::reset()` function in all versions up to… | |
| CVE-2026-5957 | medium | 6.5 | 6.5 | 24d ago | The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to and including 1.6.5. This is due to a flawed path traversal validation in the create_template() method of … | |
| CVE-2026-4409 | medium | 6.5 | 6.5 | 24d ago | The Subscribe To Comments Reloaded plugin for WordPress is vulnerable to unauthorized modification of data due to a leaked secret key and usage of a weak hash generation algorithm in all versions up … | |
| CVE-2026-42223 | medium | 6.5 | 6.5 | 24d ago | Nginx-UI Settings API Exposes Protected Secrets | |
| CVE-2026-42220 | medium | 6.5 | 6.5 | 24d ago | Nginx-UI: Authenticated settings disclosure exposes node.secret and enables trusted-node authentication abuse, backup exfiltration, and restore-based nginx-ui state rollback | |
| CVE-2026-42069 | medium | 6.5 | 6.5 | 24d ago | Kirby CMS's read access to site, user and role information is not gated by permissions | |
| CVE-2026-42228 | medium | 6.5 | 6.5 | 24d ago | n8n Vulnerable to Hijacking of Unauthenticated Chat Execution | |
| CVE-2026-42227 | medium | 6.5 | 6.5 | 24d ago | n8n has Public API Variables IDOR that Allows Cross-Project Secret Disclosure | |
| CVE-2026-42092 | medium | 6.5 | 6.5 | 24d ago | titra is an open source time tracking project. In version 0.99.52, the globalsettings Meteor publication returns all global settings without any admin or role check. Any authenticated user can subscr… | |
| CVE-2026-42091 | medium | 6.5 | 6.5 | 24d ago | goshs has Cross-Origin Arbitrary File Write via Missing CSRF on PUT and Wildcard CORS | |
| CVE-2026-37458 | medium | 6.5 | 6.5 | 24d ago | Missing input validation in the MP_REACH_NLRI component of FRRouting (FRR) stable/10.0 to stable/10.6 allows authenticated attackers to cause a Denial of Service (DoS) via supplying a crafted UPDATE … | |
| CVE-2026-33523 | medium | 6.5 | 6.5 | 24d ago | HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers. This issue affects Apache HTTP Server: from through 2.4.66. Users are rec… | |
| CVE-2026-20450 | medium | 6.5 | 6.5 | 24d ago | In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with… | |
| CVE-2026-20449 | medium | 6.5 | 6.5 | 24d ago | In Modem, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with n… | |
| CVE-2026-7714 | medium | 6.5 | 6.5 | 25d ago | A flaw has been found in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this issue is some unknown functionality of the file cps/cwa_functions.py of the component Admin Endpoint. This … | |
| CVE-2026-42367 | medium | 6.5 | 6.5 | 25d ago | A privilege escalation vulnerability exists in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to credentials leak. An attacker … | |
| CVE-2026-42256 | medium | 6.5 | 6.5 | 25d ago | net-imap vulnerable to denial of service via high iteration count for `SCRAM-*` authentication | |
| CVE-2026-5337 | medium | 6.5 | 6.5 | 25d ago | During the analysis, it was identified that authenticated attackers with Subscriber-level access or higher are able to perform an Insecure Direct Object Reference (IDOR) attack. This vulnerability ex… | |
| CVE-2026-7681 | medium | 6.5 | 6.5 | 25d ago | A security vulnerability has been detected in jsbroks COCO Annotator up to 0.11.1. Affected by this vulnerability is an unknown functionality of the file backend/webserver/api/datasets.py of the comp… | |
| CVE-2026-7645 | medium | 6.5 | 6.5 | 26d ago | sublinear-time-solver has a Path Traversal Issue | |
| CVE-2026-7633 | medium | 6.5 | 6.5 | 26d ago | A vulnerability was identified in Totolink N300RH 6.1c.1353_B20190305. This impacts the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument FileName leads to… | |
| CVE-2026-6457 | medium | 6.5 | 6.5 | 26d ago | The Geo Mashup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'geo_mashup_null_fields' parameter in all versions up to, and including, 1.13.19 due to insufficient escapi… | |
| CVE-2026-42475 | medium | 6.5 | 6.5 | 27d ago | MixPHP Framework has an SQL injection vulnerability | |
| CVE-2026-42474 | medium | 6.5 | 6.5 | 27d ago | MixPHP Framework has an SQL injection vulnerability via crafted `data` array | |
| CVE-2026-26461 | medium | 6.5 | 6.5 | 27d ago | A Command Injection vulnerability in the web management interface in Aver PTC320UV2 0.1.0000.65 allows an unauthenticated attacker to execute arbitrary commands via a crafted web request. | |
| CVE-2026-23863 | medium | 6.5 | 6.5 | 27d ago | An attachment spoofing issue in WhatsApp for Windows prior to v2.3000.1032164386.258709 could have allowed maliciously formatted documents with embedded NUL bytes in the filename to be shown in the a… | |
| CVE-2026-43505 | medium | 6.5 | 6.5 | 27d ago | An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5, when mod_proxy65 is enabled. Because mod_proxy65 mishandles access control in the activation scenario, relayin… | |
| CVE-2026-43504 | medium | 6.5 | 6.5 | 27d ago | An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5, when mod_proxy65 is enabled. Because mod_proxy65 mishandles access control in a paused scenario, relaying of u… | |
| CVE-2026-28909 | medium | 6.5 | 6.5 | 28d ago | Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext. This issue is fixed in container version 0.12.3. | |
| CVE-2026-1577 | medium | 6.5 | 6.5 | 28d ago | IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutr… | |
| CVE-2026-4502 | medium | 6.5 | 6.5 | 28d ago | IBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot d… | |
| CVE-2026-40950 | medium | 6.5 | 6.5 | 28d ago | CVE-2026-40950 is a buffer overflow vulnerability in the Secure Access server prior to 14.50. Attackers with control of a modified client can send a specially crafted message to the server and caus… | |
| CVE-2026-3340 | medium | 6.5 | 6.5 | 28d ago | IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, pote… | |
| CVE-2026-28532 | medium | 6.5 | 6.5 | 28d ago | FRRouting before 10.5.3 contains an integer overflow vulnerability in seven OSPF Traffic Engineering and Segment Routing TLV parser functions where a uint16_t accumulator variable truncates uint32_t … | |
| CVE-2026-3345 | medium | 6.5 | 6.5 | 28d ago | IBM Langflow Desktop <=1.8.4 Langflow could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../)… | |
| CVE-2026-42137 | medium | 6.5 | 6.5 | 28d ago | Kirby CMS's `pages.access/list` and `files.access/list` permissions are not consistently checked in the Panel and REST API | |
| CVE-2026-40603 | medium | 6.5 | 6.5 | 28d ago | Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes a legacy dashboard route that return… | |
| CVE-2026-35514 | medium | 6.5 | 6.5 | 28d ago | Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, the endpoint POST /user/invited does not validate any … | |
| CVE-2026-36759 | medium | 6.5 | 6.5 | 28d ago | A Server-Side Request Forgery (SSRF) in the /themes/{name}/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request. | |
| CVE-2026-7382 | medium | 6.5 | 6.5 | 28d ago | Exposure of Sensitive Information to an Unauthorized Actor, Exposure of private personal information to an unauthorized actor vulnerability in MeWare Software Development Inc. PDKS allows Excavation.… | |
| CVE-2026-41658 | medium | 6.5 | 6.5 | 29d ago | Admidio's Missing Authorization on Inventory Module Destructive Endpoints Allows Any Authenticated User to Delete Items | |
| CVE-2026-41655 | medium | 6.5 | 6.5 | 29d ago | Admidio has Path Traversal in ECard Preview that Allows Reading Arbitrary Server Files Including Database Credentials | |
| CVE-2026-7425 | medium | 6.5 | 6.5 | 29d ago | Insufficient option length validation in the IPv6 Router Advertisement parser in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause a denial of service (device crash… | |
| CVE-2026-7423 | medium | 6.5 | 6.5 | 29d ago | Integer underflow in the ICMP and ICMPv6 echo reply handlers in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network user to cause a denial of service (device crash) when outgoing pi… | |
| CVE-2026-7422 | medium | 6.5 | 6.5 | 29d ago | Insufficient packet validation in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to bypass all checksum and minimum-size validation by spoofing the Ethernet source MAC ad… | |
| CVE-2026-41499 | medium | 6.5 | 6.5 | 29d ago | Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, multiple heap-based out-of-bounds WRITE vulnerabilities exis… | |
| CVE-2026-26206 | medium | 6.5 | 6.5 | 29d ago | Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, Wazuh's server API brute-force protection for POST /security… | |
| CVE-2026-38993 | medium | 6.5 | 6.5 | 29d ago | Cockpit is vulnerable to directory traversal | |
| CVE-2026-42521 | medium | 6.5 | 6.5 | 29d ago | Jenkins Matrix Authorization Strategy Plugin: Unsafe deserialization allows invocation of parameterless constructors | |
| CVE-2026-22740 | medium | 6.5 | 6.5 | 29d ago | Spring Framework DoS with Multipart Temp Files in WebFlux | |
| CVE-2026-42412 | medium | 6.5 | 6.5 | 29d ago | Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP User Frontend: from n/a through 4.3.1. | |
| CVE-2026-6238 | medium | 6.5 | 6.5 | 1mo ago | The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing… | |
| CVE-2026-42430 | medium | 6.5 | 6.5 | 1mo ago | OpenClaw: Strict browser SSRF bypass in Playwright redirect handling leaves private targets reachable | |
| CVE-2026-42420 | medium | 6.5 | 6.5 | 1mo ago | OpenClaw: Multiple Code Paths Missing Base64 Pre-Allocation Size Checks | |
| CVE-2026-41911 | medium | 6.5 | 6.5 | 1mo ago | OpenClaw: Feishu docx upload_file/upload_image Bypasses Workspace-Only Filesystem Policy (GHSA-qf48-qfv4-jjm9 Incomplete Fix) | |
| CVE-2026-41408 | medium | 6.5 | 6.5 | 1mo ago | OpenClaw: Tlon media downloads can bypass core safety limits and exhaust disk | |
| CVE-2026-41388 | medium | 6.5 | 6.5 | 1mo ago | OpenClaw: Tlon Startup Migration Rehydrates Empty-Array Revocations From File Config | |
| CVE-2026-41385 | medium | 6.5 | 6.5 | 1mo ago | OpenClaw Nostr privateKey config redaction bypass leaks plaintext signing key via config.get | |
| CVE-2026-41376 | medium | 6.5 | 6.5 | 1mo ago | OpenClaw: Matrix thread root and reply context bypass sender allowlist | |
| CVE-2026-41375 | medium | 6.5 | 6.5 | 1mo ago | OpenClaw: `/phone arm`/`/phone disarm` Bypasses `operator.admin` Scope Check for External Channels | |
| CVE-2026-24204 | medium | 6.5 | 6.5 | 1mo ago | NVIDIA Flare SDK contains a vulnerability where an Attacker may cause an Improper Input Validation by path traversing. A successful exploit of this vulnerability may lead to information disclosure. | |
| CVE-2026-6706 | medium | 6.5 | 6.5 | 1mo ago | Improper access control in the vault documentation feature in Devolutions Server allows an authenticated attacker to read documentation content from unauthorized vaults via a crafted API request. … | |
| CVE-2026-41607 | medium | 6.5 | 6.5 | 1mo ago | Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue. | |
| CVE-2026-40980 | medium | 6.5 | 6.5 | 1mo ago | Spring AI Vulnerable to OOM by attacker-controlled PDF | |
| CVE-2026-41525 | medium | 6.5 | 6.5 | 1mo ago | KDE Dolphin before 25.12.3 allows applications in a Flatpak (or with AppArmor confinement) to open folders outside of the application sandbox without additional scrutiny. Dolphin's implementation of … | |
| CVE-2026-41370 | medium | 6.5 | 6.5 | 1mo ago | OpenClaw before 2026.3.31 contains a path traversal vulnerability in ACP dispatch that allows attackers to read arbitrary files by manipulating inbound channel attachment paths. Remote attackers can … | |
| CVE-2026-41369 | medium | 6.5 | 6.5 | 1mo ago | OpenClaw: Host exec environment sanitization misses package, registry, Docker, compiler, and TLS override variables | |
| CVE-2026-41368 | medium | 6.5 | 6.5 | 1mo ago | OpenClaw before 2026.3.28 contains an environment variable disclosure vulnerability in the jq safe-bin policy that fails to block the $ENV filter. Attackers can bypass safe-bin restrictions by using … | |
| CVE-2026-41363 | medium | 6.5 | 6.5 | 1mo ago | OpenClaw: Feishu extension resolveUploadInput bypasses file-system sandbox and allows arbitrary file reads via upload_image |