CVEs from 2026
Total
13,913
critical
critical 1,208
high
high 4,525
medium
medium 4,366
low
low 483
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.7%
Top products
- chrome 503
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 172
- commerce 104
- commerce_b2b 89
- saml_sso_-_service_provider 77
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-8783 | medium | 4.3 | 4.3 | 15d ago | AMF Vulnerable to Improper Resource Shutdown or Release | |||
| CVE-2026-8782 | medium | 4.3 | 4.3 | 15d ago | AMF Vulnerable to Improper Resource Shutdown or Release | |||
| CVE-2026-8781 | medium | 4.3 | 4.3 | 15d ago | AMF Vulnerable to Improper Resource Shutdown or Release | |||
| CVE-2026-8780 | medium | 4.3 | 4.3 | 15d ago | AMF Improperly Restricts Operations within the Bounds of a Memory Buffer | |||
| CVE-2026-8779 | medium | 4.3 | 4.3 | 15d ago | AMF Improperly Restricts Operations within the Bounds of a Memory Buffer | |||
| CVE-2026-45009 | medium | 4.3 | 4.3 | 17d ago | phpMyFAQ before 4.1.2 contains an insufficient authorization vulnerability in admin-api routes that allows authenticated ordinary users to access administrative endpoints by only checking login statu… | |||
| CVE-2026-45387 | medium | 4.3 | 4.3 | 17d ago | Open WebUI: Sharing models for others to use (read permission) also exposes model details (system prompt leakage) | |||
| CVE-2026-45385 | medium | 4.3 | 4.3 | 17d ago | Open WebUI has an IDOR vulnerability in the update_message_by_id API endpoint | |||
| CVE-2026-44559 | medium | 4.3 | 4.3 | 17d ago | Open WebUI Missing Access Check on Channel Members Endpoint for Standard Channels | |||
| CVE-2026-4053 | medium | 4.3 | 4.3 | 18d ago | Mattermost doesn't enforce the PostEditTimeLimit on non-message post fields | |||
| CVE-2026-45007 | medium | 4.3 | 4.3 | 18d ago | phpMyFAQ before 4.1.2 contains missing permission checks in ConfigurationTabController.php where 12 endpoints use userIsAuthenticated() instead of userHasPermission(CONFIGURATION_EDIT). Any authentic… | |||
| CVE-2026-8425 | medium | 4.3 | 4.3 | 18d ago | The Notify Odoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the _updateSettin… | |||
| CVE-2026-7563 | medium | 4.3 | 4.3 | 18d ago | The Classified Listing – AI-Powered Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 5.3.10. This is due to t… | |||
| CVE-2026-45386 | medium | 4.3 | 4.3 | 18d ago | Open WebUI has an IDOR vulnerability in the pin_channel_message API endpoint | |||
| CVE-2026-8576 | medium | 4.3 | 4.3 | 18d ago | Inappropriate implementation in CORS in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security sev… | |||
| CVE-2026-8567 | medium | 4.3 | 4.3 | 18d ago | Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: … | |||
| CVE-2026-8566 | medium | 4.3 | 4.3 | 18d ago | Insufficient policy enforcement in Payments in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium sec… | |||
| CVE-2026-8563 | medium | 4.3 | 4.3 | 18d ago | Insufficient policy enforcement in IFrame Sandbox in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium se… | |||
| CVE-2026-8562 | medium | 4.3 | 4.3 | 18d ago | Side-channel information leakage in Navigation in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Mediu… | |||
| CVE-2026-8560 | medium | 4.3 | 4.3 | 18d ago | Heap buffer overflow in SwiftShader in Google Chrome on Mac and iOS prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium securi… | |||
| CVE-2026-8559 | medium | 4.3 | 4.3 | 18d ago | Integer overflow in Internationalization in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium secu… | |||
| CVE-2026-8552 | medium | 4.3 | 4.3 | 18d ago | Heap buffer overflow in GPU in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity… | |||
| CVE-2026-8537 | medium | 4.3 | 4.3 | 18d ago | Insufficient policy enforcement in ViewTransitions in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: H… | |||
| CVE-2026-8528 | medium | 4.3 | 4.3 | 18d ago | Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to bypass Site Isolation via a … | |||
| CVE-2026-45148 | medium | 4.3 | 4.3 | 19d ago | SiYuan has broken access control in `/api/search/{searchAsset,searchTag,searchWidget,searchTemplate}` publish-mode | |||
| CVE-2026-45147 | medium | 4.3 | 4.3 | 19d ago | SiYuan: Broken access control in `/api/tag/getTag` — Reader role can mutate `Conf.Tag.Sort` and persist to disk | |||
| CVE-2026-44283 | medium | 4.3 | 4.3 | 19d ago | etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requ… | |||
| CVE-2026-45448 | medium | 4.3 | 4.3 | 19d ago | CWE-601 URL redirection to untrusted site ('open redirect') | |||
| CVE-2026-44374 | medium | 4.3 | 4.3 | 19d ago | Backstage is an open framework for building developer portals. Prior to 0.6.11, the unprocessed entities read endpoints in @backstage/plugin-catalog-backend-module-unprocessed do not enforce permissi… | |||
| CVE-2026-6575 | medium | 4.3 | 4.3 | 19d ago | Buffer over-read in PostgreSQL function pg_restore_attribute_stats() accepts array values of unmatched length, which causes query planning to read past end of one array. This allows a table maintain… | |||
| CVE-2026-6474 | medium | 4.3 | 4.3 | 19d ago | Externally-controlled format string in PostgreSQL timeofday() function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 1… | |||
| CVE-2026-5365 | medium | 4.3 | 4.3 | 19d ago | The LatePoint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 5.3.2. This is due to missing nonce verification on the request_cancellation() funct… | |||
| CVE-2026-8144 | medium | 4.3 | 4.3 | 19d ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with projec… | |||
| CVE-2026-6883 | medium | 4.3 | 4.3 | 19d ago | GitLab has remediated an issue in GitLab EE affecting all versions from 15.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to bypass merg… | |||
| CVE-2026-6063 | medium | 4.3 | 4.3 | 19d ago | GitLab has remediated an issue in GitLab EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that under certain conditions could have allowed an authent… | |||
| CVE-2026-3607 | medium | 4.3 | 4.3 | 19d ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.3 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with develo… | |||
| CVE-2026-3074 | medium | 4.3 | 4.3 | 19d ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to downlo… | |||
| CVE-2026-3073 | medium | 4.3 | 4.3 | 19d ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.6 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with develo… | |||
| CVE-2026-1338 | medium | 4.3 | 4.3 | 19d ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with devel… | |||
| CVE-2026-7648 | medium | 4.3 | 4.3 | 19d ago | The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to payment bypass through user-controlled key in all versions up to, and including, 4.3.5. … | |||
| CVE-2026-7525 | medium | 4.3 | 4.3 | 19d ago | The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.7.9. This is due to the plugin not properly verifying tha… | |||
| CVE-2026-44919 | medium | 4.3 | 4.3 | 19d ago | OpenStack Ironic: Pre-Validation Checksum Calculation allows Denial of Service (DoS) via Infinite Block Devices | |||
| CVE-2026-44441 | medium | 4.3 | 4.3 | 19d ago | ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.106.0 and 16.16.0, a malicious user could send a crafted request to an endpoint, which would lead to the server making… | |||
| CVE-2026-28374 | medium | 4.3 | 4.3 | 19d ago | Editors could delete any annotation, even those they do not have read access to. The editor user cannot create or read the annotations. | |||
| CVE-2026-44458 | medium | 4.3 | 4.3 | 20d ago | Hono has CSS Declaration Injection via Style Object Values in JSX SSR | |||
| CVE-2026-42058 | medium | 4.3 | 4.3 | 20d ago | An authenticated attacker's undisclosed requests to BIG-IP iControl REST can lead to an information leak of BIG-IP local user account names. Note: Software versions which have reached End of Technic… | |||
| CVE-2026-4607 | medium | 4.3 | 4.3 | 20d ago | The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.9.8.4. This is due to the plugin not properl… | |||
| CVE-2026-42961 | medium | 4.3 | 4.3 | 20d ago | ELECOM wireless LAN access point devices implement CSRF protection mechanism, but with inadequate handling of CSRF tokens. If a user views a malicious page while logged in, the user may be tricked to… | |||
| CVE-2026-42950 | medium | 4.3 | 4.3 | 20d ago | ELECOM wireless LAN access point devices do not check if language parameter has an appropriate value. If a user views a malicious page while logged in, the admin page on the user's web browser may be… | |||
| CVE-2026-3426 | medium | 4.3 | 4.3 | 20d ago | The RTMKit Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the save_widget() and reset_all_widgets() functions in all … | |||
| CVE-2026-28971 | medium | 4.3 | 4.3 | 20d ago | visionOS 26.5 | |||
| CVE-2026-28917 | medium | 4.3 | 4.3 | 20d ago | visionOS 26.5 | |||
| CVE-2026-28901 | medium | 4.3 | 4.3 | 20d ago | visionOS 26.5 | |||
| CVE-2026-34656 | medium | 4.3 | 4.3 | 20d ago | Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature by… | |||
| CVE-2026-5146 | medium | 4.3 | 4.3 | 21d ago | Improper access control in the notification management endpoints in Devolutions Server allows an unauthenticated attacker to modify or delete arbitrary user notification records via missing session v… | |||
| CVE-2026-42541 | medium | 4.3 | 4.3 | 21d ago | Kubewarden vulnerable to RBAC Reconnaissance via unchecked can_i host capability call | |||
| CVE-2026-40421 | medium | 4.3 | 4.3 | 21d ago | Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | |||
| CVE-2026-40416 | medium | 4.3 | 4.3 | 21d ago | User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2026-35429 | medium | 4.3 | 4.3 | 21d ago | User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2026-32175 | medium | 4.3 | 4.3 | 21d ago | A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to ce… | |||
| CVE-2026-8407 | medium | 4.3 | 4.3 | 21d ago | Missing authorization in the PAM module in Devolutions Server allows an authenticated user with a PAM license but no additional permissions to obtain OTP secret keys and recovery codes via crafted re… | |||
| CVE-2026-42006 | medium | 4.3 | 4.3 | 21d ago | An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of doing this, so there was still another way left op… | |||
| CVE-2026-40020 | medium | 4.3 | 4.3 | 21d ago | Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imap_acl_allow_anyone=no. This causes folders to be spammed to all users. The impact is lim… | |||
| CVE-2026-1934 | medium | 4.3 | 4.3 | 21d ago | The Motors – Car Dealership & Classified Listings plugin for WordPress is vulnerable to Payment Bypass via insecure user meta update in all versions up to, and including, 1.4.103 This is due to the s… | |||
| CVE-2026-7616 | medium | 4.3 | 4.3 | 21d ago | The Zawgyi Embed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the zawgyi_admin… | |||
| CVE-2026-7562 | medium | 4.3 | 4.3 | 21d ago | The WP-Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.3. This is due to the absence of a nonce field in the admin settings form a… | |||
| CVE-2026-7050 | medium | 4.3 | 4.3 | 21d ago | The Forms Rb plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9. This is due to the plugin not properly verifying that a user is authorized to perf… | |||
| CVE-2026-6932 | medium | 4.3 | 4.3 | 21d ago | The Woo Commerce Minimum Weight plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.0.1. This is due to missing nonce verification on the settings u… | |||
| CVE-2026-6710 | medium | 4.3 | 4.3 | 21d ago | The Skysa Text Ticker App plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the Skysa… | |||
| CVE-2026-6709 | medium | 4.3 | 4.3 | 21d ago | The Coinbase Commerce for Contact Form 7 plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.1.2. This is due to a missing capability check and missing nonce… | |||
| CVE-2026-4301 | medium | 4.3 | 4.3 | 21d ago | The Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. The vwrsr_review() AJAX handler la… | |||
| CVE-2026-40136 | medium | 4.3 | 4.3 | 21d ago | SAP Financial Consolidation allows an authenticated attacker to disconnect other users by terminating their sessions temporarily preventing access. However, the application itself cannot be compromis… | |||
| CVE-2026-40134 | medium | 4.3 | 4.3 | 21d ago | Due to insufficient authorization checks in the SAP Incentive and Commission Management application, authenticated users could invoke a remote-enabled function module to perform table update operatio… | |||
| CVE-2026-40129 | medium | 4.3 | 4.3 | 21d ago | Due to a Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform, an authenticated attacker could send specially crafted inputs to the application. If processe… | |||
| CVE-2026-8349 | medium | 4.3 | 4.3 | 21d ago | omec-project amf crashes when processing malformed LocationReports | |||
| CVE-2026-42885 | medium | 4.3 | 4.3 | 21d ago | Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/filesystem/pathexists endpoint uses String.startsWith() to validate that a resolved file path is within a … | |||
| CVE-2026-42884 | medium | 4.3 | 4.3 | 21d ago | Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the GET /api/collections and GET /api/collections/:id endpoints return collections from all libraries without checking w… | |||
| CVE-2026-42565 | medium | 4.3 | 4.3 | 21d ago | @workos/authkit-session has an Open Redirect via state-derived redirect target | |||
| CVE-2026-34754 | medium | 4.3 | 4.3 | 22d ago | MantisBT has an Authorization Bypass that Allows Uploading Attachments to Private Issues via REST API | |||
| CVE-2026-44997 | medium | 4.3 | 4.3 | 22d ago | OpenClaw's ACP child sessions inherit subagent security envelope constraints | |||
| CVE-2026-42865 | medium | 4.3 | 4.3 | 22d ago | Inbox Zero is an AI personal assistant for email. Prior to 2.29.3, the cleaner email stream endpoint used a shared Redis subscription listener, which could deliver thread events for one authenticated… | |||
| CVE-2026-44198 | medium | 4.3 | 4.3 | 22d ago | Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could still access the history report for the page, … | |||
| CVE-2026-39869 | medium | 4.3 | 4.3 | 22d ago | visionOS 26.5 | |||
| CVE-2026-8195 | medium | 4.3 | 4.3 | 23d ago | A vulnerability was detected in JeecgBoot up to 3.9.1. The affected element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/C… | |||
| CVE-2026-8194 | medium | 4.3 | 4.3 | 23d ago | A security vulnerability has been detected in osTicket up to 1.18.3. Impacted is an unknown function of the file include/class.dispatcher.php of the component Dispatcher. The manipulation of the argu… | |||
| CVE-2026-6667 | medium | 4.3 | 4.3 | 24d ago | PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILL_CLIENT admin command. All users with access to the administration console (which itself requires authorization)… | |||
| CVE-2026-42456 | medium | 4.3 | 4.3 | 24d ago | AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, GET /api/workspace/:slug/tts/:chatId in AnythingLL… | |||
| CVE-2026-42282 | medium | 4.3 | 4.3 | 24d ago | n8n-MCP: Sensitive MCP tool-call arguments logged on authenticated requests in HTTP mode | |||
| CVE-2026-44557 | medium | 4.3 | 4.3 | 25d ago | Open WebUI vulnerable to Global Knowledge Base Enumeration via knowledge-bases Meta-Collection | |||
| CVE-2026-42276 | medium | 4.3 | 4.3 | 25d ago | Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the POST /chat/stop-chat-session/{chat_session_id} endpoint lets any authenticated user stop any other user's active cha… | |||
| CVE-2026-8117 | medium | 4.3 | 4.3 | 25d ago | A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. This issue affects some unknown processing of the file /admin/index.php. Such manipulation of the argument p… | |||
| CVE-2026-44263 | medium | 4.3 | 4.3 | 26d ago | Weblate Vulnerable to Private Translation Enumeration via Screenshot API | |||
| CVE-2026-41687 | medium | 4.3 | 4.3 | 26d ago | Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.8.1, the SSRF protection in endpoints/subscription/add.php (line 42) and endpoints/payments/add.php (line 40)… | |||
| CVE-2026-41685 | medium | 4.3 | 4.3 | 26d ago | Incus is a system container and virtual machine manager. Prior to version 7.0.0, uploads of large amount of data by authenticated users can run the Incus server out of disk space, potentially taking … | |||
| CVE-2026-27415 | medium | 4.3 | 4.3 | 26d ago | Cross-Site Request Forgery (CSRF) vulnerability in PluginUs.Net BEAR allows Cross Site Request Forgery. This issue affects BEAR: from n/a through 1.1.5. | |||
| CVE-2026-44264 | medium | 4.3 | 4.3 | 26d ago | Weblate vulnerable to XSS via crafted Markdown | |||
| CVE-2026-44111 | medium | 4.3 | 4.3 | 26d ago | OpenClaw before 2026.4.15 contains an arbitrary file read vulnerability in the QMD backend memory_get function that allows callers to read any Markdown files within the workspace root. Attackers with… | |||
| CVE-2026-8014 | medium | 4.3 | 4.3 | 27d ago | Inappropriate implementation in Preload in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2026-8013 | medium | 4.3 | 4.3 | 27d ago | Insufficient validation of untrusted input in FedCM in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: L… | |||
| CVE-2026-8011 | medium | 4.3 | 4.3 | 27d ago | Insufficient policy enforcement in Search in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) |