CVEs from 2026
Total
13,933
critical
critical 1,210
high
high 4,528
medium
medium 4,381
low
low 483
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.7%
Top products
- chrome 503
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 172
- commerce 104
- commerce_b2b 89
- saml_sso_-_service_provider 77
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-45442 | medium | 4.3 | 4.3 | 14d ago | Missing Authorization vulnerability in Brainstorm Force Presto Player allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Presto Player: from n/a through 4.1.… | |||
| CVE-2026-37981 | medium | 4.3 | 4.3 | 14d ago | A flaw was found in Keycloak. A broken access control vulnerability in the Account Resources user lookup endpoint allows a remote authenticated user, who owns at least one User-Managed Access (UMA) r… | |||
| CVE-2026-8830 | medium | 4.3 | 4.3 | 14d ago | A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. This occurs because the server-side … | |||
| CVE-2026-33514 | medium | 4.3 | 4.3 | 14d ago | Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, an authenticated user on a Discourse instance with the form templates feature… | |||
| CVE-2026-32312 | medium | 4.3 | 4.3 | 14d ago | GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, an authenticated user with forms READ permission can export the structure of unauthorized forms. This issue… | |||
| CVE-2026-8802 | medium | 4.3 | 4.3 | 15d ago | A vulnerability was detected in opensourcepos Open Source Point of Sale up to 3.4.2. This issue affects the function getPicThumb of the file app/Controllers/Items.php. The manipulation of the argumen… | |||
| CVE-2026-6343 | medium | 4.3 | 4.3 | 15d ago | Mattermost doesn't check public/private permissions | |||
| CVE-2026-6339 | medium | 4.3 | 4.3 | 15d ago | Mattermost doesn't validate the X-Requested-With header on the burn-on-read reveal endpoint | |||
| CVE-2026-4286 | medium | 4.3 | 4.3 | 15d ago | Mattermost doesn't check if {{team_id}} was being changed when updating playbooks | |||
| CVE-2026-28732 | medium | 4.3 | 4.3 | 15d ago | Mattermost doesn't enforce slash command trigger-word uniqueness during command updates | |||
| CVE-2026-6342 | medium | 4.3 | 4.3 | 15d ago | Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0 fail to appropriately check for valid namespaces which allows plugin users to create subscriptions to groups that were not whitelisted via … | |||
| CVE-2026-6341 | medium | 4.3 | 4.3 | 15d ago | Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0 fail to have API-level checks on which groups the user can create issues or attach comments to which allows a user that is member of multip… | |||
| CVE-2026-4273 | medium | 4.3 | 4.3 | 15d ago | Mattermost doesn't validate that the RefreshedToken differs from the original invite token during remote cluster invite confirmation | |||
| CVE-2026-3637 | medium | 4.3 | 4.3 | 15d ago | Mattermost doesn't check the create_post channel permission during post edit operations | |||
| CVE-2026-28759 | medium | 4.3 | 4.3 | 15d ago | Mattermost does not verify remote cluster channel access when processing shared channel membership removals | |||
| CVE-2026-8783 | medium | 4.3 | 4.3 | 15d ago | AMF Vulnerable to Improper Resource Shutdown or Release | |||
| CVE-2026-8782 | medium | 4.3 | 4.3 | 15d ago | AMF Vulnerable to Improper Resource Shutdown or Release | |||
| CVE-2026-8781 | medium | 4.3 | 4.3 | 15d ago | AMF Vulnerable to Improper Resource Shutdown or Release | |||
| CVE-2026-8780 | medium | 4.3 | 4.3 | 15d ago | AMF Improperly Restricts Operations within the Bounds of a Memory Buffer | |||
| CVE-2026-8779 | medium | 4.3 | 4.3 | 15d ago | AMF Improperly Restricts Operations within the Bounds of a Memory Buffer | |||
| CVE-2026-45009 | medium | 4.3 | 4.3 | 18d ago | phpMyFAQ before 4.1.2 contains an insufficient authorization vulnerability in admin-api routes that allows authenticated ordinary users to access administrative endpoints by only checking login statu… | |||
| CVE-2026-45387 | medium | 4.3 | 4.3 | 18d ago | Open WebUI: Sharing models for others to use (read permission) also exposes model details (system prompt leakage) | |||
| CVE-2026-45385 | medium | 4.3 | 4.3 | 18d ago | Open WebUI has an IDOR vulnerability in the update_message_by_id API endpoint | |||
| CVE-2026-44559 | medium | 4.3 | 4.3 | 18d ago | Open WebUI Missing Access Check on Channel Members Endpoint for Standard Channels | |||
| CVE-2026-4053 | medium | 4.3 | 4.3 | 18d ago | Mattermost doesn't enforce the PostEditTimeLimit on non-message post fields | |||
| CVE-2026-45007 | medium | 4.3 | 4.3 | 18d ago | phpMyFAQ before 4.1.2 contains missing permission checks in ConfigurationTabController.php where 12 endpoints use userIsAuthenticated() instead of userHasPermission(CONFIGURATION_EDIT). Any authentic… | |||
| CVE-2026-8425 | medium | 4.3 | 4.3 | 18d ago | The Notify Odoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the _updateSettin… | |||
| CVE-2026-7563 | medium | 4.3 | 4.3 | 18d ago | The Classified Listing – AI-Powered Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 5.3.10. This is due to t… | |||
| CVE-2026-45386 | medium | 4.3 | 4.3 | 19d ago | Open WebUI has an IDOR vulnerability in the pin_channel_message API endpoint | |||
| CVE-2026-8576 | medium | 4.3 | 4.3 | 19d ago | Inappropriate implementation in CORS in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security sev… | |||
| CVE-2026-8567 | medium | 4.3 | 4.3 | 19d ago | Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: … | |||
| CVE-2026-8566 | medium | 4.3 | 4.3 | 19d ago | Insufficient policy enforcement in Payments in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium sec… | |||
| CVE-2026-8563 | medium | 4.3 | 4.3 | 19d ago | Insufficient policy enforcement in IFrame Sandbox in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium se… | |||
| CVE-2026-8562 | medium | 4.3 | 4.3 | 19d ago | Side-channel information leakage in Navigation in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Mediu… | |||
| CVE-2026-8560 | medium | 4.3 | 4.3 | 19d ago | Heap buffer overflow in SwiftShader in Google Chrome on Mac and iOS prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium securi… | |||
| CVE-2026-8559 | medium | 4.3 | 4.3 | 19d ago | Integer overflow in Internationalization in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium secu… | |||
| CVE-2026-8552 | medium | 4.3 | 4.3 | 19d ago | Heap buffer overflow in GPU in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity… | |||
| CVE-2026-8537 | medium | 4.3 | 4.3 | 19d ago | Insufficient policy enforcement in ViewTransitions in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: H… | |||
| CVE-2026-8528 | medium | 4.3 | 4.3 | 19d ago | Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to bypass Site Isolation via a … | |||
| CVE-2026-45148 | medium | 4.3 | 4.3 | 19d ago | SiYuan has broken access control in `/api/search/{searchAsset,searchTag,searchWidget,searchTemplate}` publish-mode | |||
| CVE-2026-45147 | medium | 4.3 | 4.3 | 19d ago | SiYuan: Broken access control in `/api/tag/getTag` — Reader role can mutate `Conf.Tag.Sort` and persist to disk | |||
| CVE-2026-44283 | medium | 4.3 | 4.3 | 19d ago | etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requ… | |||
| CVE-2026-45448 | medium | 4.3 | 4.3 | 19d ago | CWE-601 URL redirection to untrusted site ('open redirect') | |||
| CVE-2026-44374 | medium | 4.3 | 4.3 | 19d ago | Backstage is an open framework for building developer portals. Prior to 0.6.11, the unprocessed entities read endpoints in @backstage/plugin-catalog-backend-module-unprocessed do not enforce permissi… | |||
| CVE-2026-6575 | medium | 4.3 | 4.3 | 19d ago | Buffer over-read in PostgreSQL function pg_restore_attribute_stats() accepts array values of unmatched length, which causes query planning to read past end of one array. This allows a table maintain… | |||
| CVE-2026-6474 | medium | 4.3 | 4.3 | 19d ago | Externally-controlled format string in PostgreSQL timeofday() function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 1… | |||
| CVE-2026-5365 | medium | 4.3 | 4.3 | 19d ago | The LatePoint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 5.3.2. This is due to missing nonce verification on the request_cancellation() funct… | |||
| CVE-2026-8144 | medium | 4.3 | 4.3 | 19d ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with projec… | |||
| CVE-2026-6883 | medium | 4.3 | 4.3 | 19d ago | GitLab has remediated an issue in GitLab EE affecting all versions from 15.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to bypass merg… | |||
| CVE-2026-6063 | medium | 4.3 | 4.3 | 19d ago | GitLab has remediated an issue in GitLab EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that under certain conditions could have allowed an authent… | |||
| CVE-2026-3607 | medium | 4.3 | 4.3 | 19d ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.3 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with develo… | |||
| CVE-2026-3074 | medium | 4.3 | 4.3 | 19d ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to downlo… | |||
| CVE-2026-3073 | medium | 4.3 | 4.3 | 19d ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.6 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with develo… | |||
| CVE-2026-1338 | medium | 4.3 | 4.3 | 19d ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with devel… | |||
| CVE-2026-7648 | medium | 4.3 | 4.3 | 19d ago | The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to payment bypass through user-controlled key in all versions up to, and including, 4.3.5. … | |||
| CVE-2026-7525 | medium | 4.3 | 4.3 | 19d ago | The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.7.9. This is due to the plugin not properly verifying tha… | |||
| CVE-2026-44919 | medium | 4.3 | 4.3 | 19d ago | OpenStack Ironic: Pre-Validation Checksum Calculation allows Denial of Service (DoS) via Infinite Block Devices | |||
| CVE-2026-44441 | medium | 4.3 | 4.3 | 20d ago | ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.106.0 and 16.16.0, a malicious user could send a crafted request to an endpoint, which would lead to the server making… | |||
| CVE-2026-28374 | medium | 4.3 | 4.3 | 20d ago | Editors could delete any annotation, even those they do not have read access to. The editor user cannot create or read the annotations. | |||
| CVE-2026-44458 | medium | 4.3 | 4.3 | 20d ago | Hono has CSS Declaration Injection via Style Object Values in JSX SSR | |||
| CVE-2026-42058 | medium | 4.3 | 4.3 | 20d ago | An authenticated attacker's undisclosed requests to BIG-IP iControl REST can lead to an information leak of BIG-IP local user account names. Note: Software versions which have reached End of Technic… | |||
| CVE-2026-4607 | medium | 4.3 | 4.3 | 20d ago | The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.9.8.4. This is due to the plugin not properl… | |||
| CVE-2026-42961 | medium | 4.3 | 4.3 | 20d ago | ELECOM wireless LAN access point devices implement CSRF protection mechanism, but with inadequate handling of CSRF tokens. If a user views a malicious page while logged in, the user may be tricked to… | |||
| CVE-2026-42950 | medium | 4.3 | 4.3 | 20d ago | ELECOM wireless LAN access point devices do not check if language parameter has an appropriate value. If a user views a malicious page while logged in, the admin page on the user's web browser may be… | |||
| CVE-2026-3426 | medium | 4.3 | 4.3 | 20d ago | The RTMKit Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the save_widget() and reset_all_widgets() functions in all … | |||
| CVE-2026-28917 | medium | 4.3 | 4.3 | 20d ago | visionOS 26.5 | |||
| CVE-2026-28901 | medium | 4.3 | 4.3 | 20d ago | visionOS 26.5 | |||
| CVE-2026-28971 | medium | 4.3 | 4.3 | 20d ago | visionOS 26.5 | |||
| CVE-2026-34656 | medium | 4.3 | 4.3 | 21d ago | Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature by… | |||
| CVE-2026-5146 | medium | 4.3 | 4.3 | 21d ago | Improper access control in the notification management endpoints in Devolutions Server allows an unauthenticated attacker to modify or delete arbitrary user notification records via missing session v… | |||
| CVE-2026-42541 | medium | 4.3 | 4.3 | 21d ago | Kubewarden vulnerable to RBAC Reconnaissance via unchecked can_i host capability call | |||
| CVE-2026-40421 | medium | 4.3 | 4.3 | 21d ago | Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | |||
| CVE-2026-40416 | medium | 4.3 | 4.3 | 21d ago | User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2026-35429 | medium | 4.3 | 4.3 | 21d ago | User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2026-32175 | medium | 4.3 | 4.3 | 21d ago | A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to ce… | |||
| CVE-2026-8407 | medium | 4.3 | 4.3 | 21d ago | Missing authorization in the PAM module in Devolutions Server allows an authenticated user with a PAM license but no additional permissions to obtain OTP secret keys and recovery codes via crafted re… | |||
| CVE-2026-42006 | medium | 4.3 | 4.3 | 21d ago | An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of doing this, so there was still another way left op… | |||
| CVE-2026-40020 | medium | 4.3 | 4.3 | 21d ago | Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imap_acl_allow_anyone=no. This causes folders to be spammed to all users. The impact is lim… | |||
| CVE-2026-1934 | medium | 4.3 | 4.3 | 21d ago | The Motors – Car Dealership & Classified Listings plugin for WordPress is vulnerable to Payment Bypass via insecure user meta update in all versions up to, and including, 1.4.103 This is due to the s… | |||
| CVE-2026-7616 | medium | 4.3 | 4.3 | 21d ago | The Zawgyi Embed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the zawgyi_admin… | |||
| CVE-2026-7562 | medium | 4.3 | 4.3 | 21d ago | The WP-Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.3. This is due to the absence of a nonce field in the admin settings form a… | |||
| CVE-2026-7050 | medium | 4.3 | 4.3 | 21d ago | The Forms Rb plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9. This is due to the plugin not properly verifying that a user is authorized to perf… | |||
| CVE-2026-6932 | medium | 4.3 | 4.3 | 21d ago | The Woo Commerce Minimum Weight plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.0.1. This is due to missing nonce verification on the settings u… | |||
| CVE-2026-6710 | medium | 4.3 | 4.3 | 21d ago | The Skysa Text Ticker App plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the Skysa… | |||
| CVE-2026-6709 | medium | 4.3 | 4.3 | 21d ago | The Coinbase Commerce for Contact Form 7 plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.1.2. This is due to a missing capability check and missing nonce… | |||
| CVE-2026-4301 | medium | 4.3 | 4.3 | 21d ago | The Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. The vwrsr_review() AJAX handler la… | |||
| CVE-2026-40136 | medium | 4.3 | 4.3 | 21d ago | SAP Financial Consolidation allows an authenticated attacker to disconnect other users by terminating their sessions temporarily preventing access. However, the application itself cannot be compromis… | |||
| CVE-2026-40134 | medium | 4.3 | 4.3 | 21d ago | Due to insufficient authorization checks in the SAP Incentive and Commission Management application, authenticated users could invoke a remote-enabled function module to perform table update operatio… | |||
| CVE-2026-40129 | medium | 4.3 | 4.3 | 21d ago | Due to a Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform, an authenticated attacker could send specially crafted inputs to the application. If processe… | |||
| CVE-2026-8349 | medium | 4.3 | 4.3 | 21d ago | omec-project amf crashes when processing malformed LocationReports | |||
| CVE-2026-42885 | medium | 4.3 | 4.3 | 22d ago | Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/filesystem/pathexists endpoint uses String.startsWith() to validate that a resolved file path is within a … | |||
| CVE-2026-42884 | medium | 4.3 | 4.3 | 22d ago | Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the GET /api/collections and GET /api/collections/:id endpoints return collections from all libraries without checking w… | |||
| CVE-2026-42565 | medium | 4.3 | 4.3 | 22d ago | @workos/authkit-session has an Open Redirect via state-derived redirect target | |||
| CVE-2026-34754 | medium | 4.3 | 4.3 | 22d ago | MantisBT has an Authorization Bypass that Allows Uploading Attachments to Private Issues via REST API | |||
| CVE-2026-44997 | medium | 4.3 | 4.3 | 22d ago | OpenClaw's ACP child sessions inherit subagent security envelope constraints | |||
| CVE-2026-42865 | medium | 4.3 | 4.3 | 22d ago | Inbox Zero is an AI personal assistant for email. Prior to 2.29.3, the cleaner email stream endpoint used a shared Redis subscription listener, which could deliver thread events for one authenticated… | |||
| CVE-2026-44198 | medium | 4.3 | 4.3 | 22d ago | Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could still access the history report for the page, … | |||
| CVE-2026-39869 | medium | 4.3 | 4.3 | 22d ago | visionOS 26.5 | |||
| CVE-2026-8195 | medium | 4.3 | 4.3 | 24d ago | A vulnerability was detected in JeecgBoot up to 3.9.1. The affected element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/C… | |||
| CVE-2026-8194 | medium | 4.3 | 4.3 | 24d ago | A security vulnerability has been detected in osTicket up to 1.18.3. Impacted is an unknown function of the file include/class.dispatcher.php of the component Dispatcher. The manipulation of the argu… |