CVEs from 2026
Total
13,880
critical
critical 1,207
high
high 4,522
medium
medium 4,333
low
low 475
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.7%
Top products
- chrome 503
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 172
- commerce 104
- commerce_b2b 89
- saml_sso_-_service_provider 77
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-41660 | high | 7.1 | 7.1 | 1mo ago | Admidio has Inverted 2FA Reset Authorization Check that Lets Group Leaders Strip Admin TOTP | |||
| CVE-2026-27105 | high | 7.1 | 7.1 | 1mo ago | Dell/Alienware Purchased Apps, versions prior to 1.1.31.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could p… | |||
| CVE-2026-42652 | high | 7.1 | 7.1 | 1mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration user-registration allows Reflected XSS.This issue affects User Regist… | |||
| CVE-2026-35155 | high | 7.1 | 7.1 | 1mo ago | Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected Credentials vulnerability. A race condition vulnerability exists that could allow an authenticated low‑privilege… | |||
| CVE-2026-42429 | high | 7.1 | 7.1 | 1mo ago | OpenClaw: Gateway plugin HTTP `auth: gateway` widens identity-bearing `operator.read` requests into runtime `operator.write` | |||
| CVE-2026-42428 | high | 7.1 | 7.1 | 1mo ago | OpenClaw B-M3: ClawHub package downloads are not enforced with integrity verification | |||
| CVE-2026-41379 | high | 7.1 | 7.1 | 1mo ago | OpenClaw: Gateway operator.write Can Reach Admin-Class Talk Voice Config Persistence via chat.send | |||
| CVE-2026-28747 | high | 7.1 | 7.1 | 1mo ago | A weak key generation vulnerability exists in specific firmware versions of Milesight AIOT cameras allows authorization to be bypassed. | |||
| CVE-2026-5941 | high | 7.1 | 7.1 | 1mo ago | Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program crashes during inte… | |||
| CVE-2026-31679 | high | 7.1 | 7.1 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: openvswitch: validate MPLS set/set_masked payload length validate_set() accepted OVS_KEY_ATTR_MPLS as variable-sized payload for … | |||
| CVE-2026-31674 | high | 7.1 | 7.1 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6t_rt: reject oversized addrnr in rt_mt6_check() Reject rt match rules whose addrnr exceeds IP6T_RT_HOPS. rt_mt6() … | |||
| CVE-2026-31626 | high | 7.1 | 7.1 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: initialize le_tmp64 in rtw_BIP_verify() Initialize le_tmp64 to zero in rtw_BIP_verify() to prevent using unin… | |||
| CVE-2026-31614 | high | 7.1 | 7.1 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix off-by-8 bounds check in check_wsl_eas() The bounds check uses (u8 *)ea + nlen + 1 + vlen as the end of the EA n… | |||
| CVE-2026-31568 | high | 7.1 | 7.1 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: s390/mm: Add missing secure storage access fixups for donated memory There are special cases where secure storage access exceptio… | |||
| CVE-2026-41361 | high | 7.1 | 7.1 | 1mo ago | OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fails to block four IPv6 special-use ranges. Attackers can exploit this by crafting URLs targeting internal or non-routable … | |||
| CVE-2026-41347 | high | 7.1 | 7.1 | 1mo ago | OpenClaw: HTTP operator endpoints lack browser-origin validation in trusted-proxy mode | |||
| CVE-2026-6861 | high | 7.1 | 7.1 | 1mo ago | A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs processes specially crafted SVG (Scalable Vector Graphics) CSS (Cascading Style Sheets) data. A local u… | |||
| CVE-2026-31486 | high | 7.1 | 7.1 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: hwmon: (pmbus/core) Protect regulator operations with mutex The regulator operations pmbus_regulator_get_voltage(), pmbus_regulat… | |||
| CVE-2026-31484 | high | 7.1 | 7.1 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: io_uring/fdinfo: fix OOB read in SQE_MIXED wrap check __io_uring_show_fdinfo() iterates over pending SQEs and, for 128-byte SQEs … | |||
| CVE-2026-31470 | high | 7.1 | 7.1 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: virt: tdx-guest: Fix handling of host controlled 'quote' buffer length Validate host controlled value `quote_buf->out_len` that d… | |||
| CVE-2026-6855 | high | 7.1 | 7.1 | 1mo ago | InstructLab vulnerable to Path Traversal | |||
| CVE-2026-31430 | high | 7.1 | 7.1 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: X.509: Fix out-of-bounds access when parsing extensions Leo reports an out-of-bounds access when parsing a certificate with empty… | |||
| CVE-2026-40917 | high | 7.1 | 7.1 | 2mo ago | A flaw was found in GIMP. This vulnerability, a heap buffer over-read in the `icns_slurp()` function, occurs when processing specially crafted ICNS image files. An attacker could provide a malicious … | |||
| CVE-2026-32188 | high | 7.1 | 7.1 | 2mo ago | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | |||
| CVE-2026-26151 | high | 7.1 | 7.1 | 2mo ago | Insufficient ui warning of dangerous operations in Windows Remote Desktop allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2026-5446 | high | 7.1 | 7.1 | 2mo ago | In wolfSSL, ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2 reuse an identical 12-byte GCM nonce for every application-data record. Because wc_AriaEncrypt is stateless and passes the caller-suppl… | |||
| CVE-2026-32590 | high | 7.1 | 7.1 | 2mo ago | A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload process stores intermediate data in the database using a format that, if tampered with, could allow … | |||
| CVE-2026-39671 | high | 7.1 | 7.1 | 2mo ago | Cross-Site Request Forgery (CSRF) vulnerability in Dotstore Extra Fees Plugin for WooCommerce woo-conditional-product-fees-for-checkout allows Cross Site Request Forgery.This issue affects Extra Fees… | |||
| CVE-2026-35176 | high | 7.1 | 7.1 | 2mo ago | openFPGALoader is a utility for programming FPGAs. In 1.1.1 and earlier, a heap-buffer-overflow read vulnerability exists in POFParser::parseSection() that allows out-of-bounds heap memory access whe… | |||
| CVE-2026-35170 | high | 7.1 | 7.1 | 2mo ago | openFPGALoader is a utility for programming FPGAs. In 1.1.1 and earlier, a heap-buffer-overflow read vulnerability exists in BitParser::parseHeader() that allows out-of-bounds heap memory access when… | |||
| CVE-2026-5673 | high | 7.1 | 7.1 | 2mo ago | A flaw was found in libtheora. This heap-based out-of-bounds read vulnerability exists within the AVI (Audio Video Interleave) parser, specifically in the avi_parse_input_file() function. A local att… | |||
| CVE-2026-31407 | high | 7.1 | 7.1 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: add missing netlink policy validations Hyunwoo Kim reports out-of-bounds access in sctp and ctnetlink. The… | |||
| CVE-2026-31395 | high | 7.1 | 7.1 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: bnxt_en: fix OOB access in DBG_BUF_PRODUCER async event handler The ASYNC_EVENT_CMPL_EVENT_ID_DBG_BUF_PRODUCER handler in bnxt_as… | |||
| CVE-2026-34760 | high | 7.1 | 7.1 | 2mo ago | vLLM is an inference and serving engine for large language models (LLMs). From version 0.5.5 to before version 0.18.0, Librosa defaults to using numpy.mean for mono downmixing (to_mono), while the in… | |||
| CVE-2026-32501 | high | 7.1 | 7.1 | 2mo ago | Missing Authorization vulnerability in wp-configurator WP Configurator Pro wp-configurator-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Configurat… | |||
| CVE-2026-32493 | high | 7.1 | 7.1 | 2mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eyecix JobSearch wp-jobsearch allows Reflected XSS.This issue affects JobSearch: from n/a through… | |||
| CVE-2026-24369 | high | 7.1 | 7.1 | 2mo ago | Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Grid: from n/a through < 2.8.0. | |||
| CVE-2026-23327 | high | 7.1 | 7.1 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: cxl/mbox: validate payload size before accessing contents in cxl_payload_from_user_allowed() cxl_payload_from_user_allowed() cast… | |||
| CVE-2026-23305 | high | 7.1 | 7.1 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: accel/rocket: fix unwinding in error path in rocket_probe When rocket_core_init() fails (as could be the case with EPROBE_DEFER),… | |||
| CVE-2026-0819 | high | 7.1 | 7.1 | 2mo ago | A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 SignedData encoding functionality. In wc_PKCS7_BuildSignedAttributes(), when adding custom signed attributes, the code passes an incorr… | |||
| CVE-2026-27070 | high | 7.1 | 7.1 | 3mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPEverest Everest Forms Pro allows Stored XSS.This issue affects Everest Forms Pro: from n/a thro… | |||
| CVE-2026-28073 | high | 7.1 | 7.1 | 3mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tips and Tricks HQ WP eMember allows Reflected XSS.This issue affects WP eMember: from n/a throug… | |||
| CVE-2026-23269 | high | 7.1 | 7.1 | 3mo ago | In the Linux kernel, the following vulnerability has been resolved: apparmor: validate DFA start states are in bounds in unpack_pdb Start states are read from untrusted data and used as indexes int… | |||
| CVE-2026-23244 | high | 7.1 | 7.1 | 3mo ago | In the Linux kernel, the following vulnerability has been resolved: nvme: fix memory allocation in nvme_pr_read_keys() nvme_pr_read_keys() takes num_keys from userspace and uses it to calculate the… | |||
| CVE-2026-3663 | high | 7.1 | 7.1 | 3mo ago | A vulnerability was found in xlnt-community xlnt up to 1.6.1. This issue affects the function xlnt::detail::compound_document_istreambuf::xsgetn of the file source/detail/cryptography/compound_docume… | |||
| CVE-2026-3386 | high | 7.1 | 7.1 | 3mo ago | A flaw has been found in wren-lang wren up to 0.4.0. Affected by this vulnerability is the function emitOp of the file src/vm/wren_compiler.c. This manipulation causes out-of-bounds read. It is possi… | |||
| CVE-2026-28402 | high | 7.1 | 7.1 | 3mo ago | nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.2.2, a malicious or compromised validator that is … | |||
| CVE-2026-2858 | high | 7.1 | 7.1 | 3mo ago | A vulnerability was identified in wren-lang wren up to 0.4.0. This affects the function peekChar of the file src/vm/wren_compiler.c of the component Source File Parser. Such manipulation leads to out… | |||
| CVE-2026-24623 | high | 7.1 | 7.1 | 4mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in saeros1984 Neoforum neoforum allows Reflected XSS.This issue affects Neoforum: from n/a through <… | |||
| CVE-2026-46164 | high | 7.0 | 7.0 | 5d ago | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double free in create_space_info_sub_group() error path When kobject_init_and_add() fails, the call chain is: create_… | |||
| CVE-2026-46154 | high | 7.0 | 7.0 | 5d ago | In the Linux kernel, the following vulnerability has been resolved: sched_ext: Read scx_root under scx_cgroup_ops_rwsem in cgroup setters scx_group_set_{weight,idle,bandwidth}() cache scx_root befo… | |||
| CVE-2026-44604 | high | 7.0 | 7.0 | 5d ago | A command injection vulnerability was discovered in the `rpmuncompress` utility of RPM. When extracting certain archive formats (ZIP, 7z, GEM) to a specified destination directory, the tool inserts t… | |||
| CVE-2026-46029 | high | 7.0 | 7.0 | 5d ago | In the Linux kernel, the following vulnerability has been resolved: mm/slab: return NULL early from kmalloc_nolock() in NMI on UP On UP kernels (!CONFIG_SMP), spin_trylock() is a no-op that uncondi… | |||
| CVE-2026-49000 | high | 7.0 | 7.0 | 6d ago | An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key management, or flawed code implementation, which may lead to data leakag… | |||
| CVE-2026-24200 | high | 7.0 | 7.0 | 6d ago | NVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause a use-after-free for stack memory. A successful exploit of this vulnerability might lead to den… | |||
| CVE-2026-44469 | high | 7.0 | 7.0 | 7d ago | The affected product extracts installation files to a temporary directory with incorrect default permissions during administrative installation. A low-privileged local attacker can exploit a TOCTOU r… | |||
| CVE-2026-29518 | high | 7.0 | 7.0 | 12d ago | Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replac… | |||
| CVE-2026-4137 | high | 7.0 | 7.0 | 14d ago | MLFlow Creates a Temporary File With Insecure Permissions | |||
| CVE-2026-45036 | high | 7.0 | 7.0 | 17d ago | Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, Tabby before 1.0.233 automatically confirms ZMODEM protocol detection on all terminal session output without us… | |||
| CVE-2026-46483 | high | 7.0 | 7.0 | 17d ago | Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tar#Vimuntar() in runtime/autoload/tar.vim when decompressing .tgz archives on Unix-lik… | |||
| CVE-2026-41702 | high | 7.0 | 7.0 | 18d ago | VMware Fusion contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during an operation performed by a SETUID binary. A malicious actor with local non-administrative user privileges… | |||
| CVE-2026-42825 | high | 7.0 | 7.0 | 20d ago | Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-40410 | high | 7.0 | 7.0 | 20d ago | Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-35416 | high | 7.0 | 7.0 | 20d ago | Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-34347 | high | 7.0 | 7.0 | 20d ago | Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-34345 | high | 7.0 | 7.0 | 20d ago | Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-34342 | high | 7.0 | 7.0 | 20d ago | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-34341 | high | 7.0 | 7.0 | 20d ago | Double free in Windows Link-Layer Discovery Protocol (LLDP) allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-34340 | high | 7.0 | 7.0 | 20d ago | Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-34331 | high | 7.0 | 7.0 | 20d ago | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-33839 | high | 7.0 | 7.0 | 20d ago | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-7432 | high | 7.0 | 7.0 | 20d ago | A race condition in Ivanti Secure Access Client before 22.8R6 allows a locally authenticated user to escalate privileges to SYSTEM | |||
| CVE-2026-34596 | high | 7.0 | 7.0 | 27d ago | Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, a Time-of-Check-to-Time-of-Use (TOCTOU) race condition exists during addon installation.… | |||
| CVE-2026-7832 | high | 7.0 | 7.0 | 27d ago | A security flaw has been discovered in IObit Advanced SystemCare 19. This affects an unknown part of the file ASC.exe of the component Service. The manipulation results in symlink following. Attackin… | |||
| CVE-2026-43050 | high | 7.0 | 7.0 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: atm: lec: fix use-after-free in sock_def_readable() A race condition exists between lec_atm_close() setting priv->lecd to NULL an… | |||
| CVE-2026-40973 | high | 7.0 | 7.0 | 1mo ago | Spring Boot accepts predictable temp directory without ownership verification | |||
| CVE-2026-35352 | high | 7.0 | 7.0 | 1mo ago | A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the mkfifo utility of uutils coreutils. The utility creates a FIFO and then performs a path-based chmod to set permissions. A local at… | |||
| CVE-2026-6421 | high | 7.0 | 7.0 | 2mo ago | A vulnerability has been found in Mobatek MobaXterm Home Edition up to 26.1. This affects an unknown part in the library msimg32.dll. The manipulation leads to uncontrolled search path. An attack has… | |||
| CVE-2026-33104 | high | 7.0 | 7.0 | 2mo ago | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-33100 | high | 7.0 | 7.0 | 2mo ago | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-33099 | high | 7.0 | 7.0 | 2mo ago | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-32150 | high | 7.0 | 7.0 | 2mo ago | Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-32086 | high | 7.0 | 7.0 | 2mo ago | Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-32080 | high | 7.0 | 7.0 | 2mo ago | Use after free in Windows WalletService allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-32070 | high | 7.0 | 7.0 | 2mo ago | Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-32068 | high | 7.0 | 7.0 | 2mo ago | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-27922 | high | 7.0 | 7.0 | 2mo ago | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-26182 | high | 7.0 | 7.0 | 2mo ago | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-26177 | high | 7.0 | 7.0 | 2mo ago | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-26173 | high | 7.0 | 7.0 | 2mo ago | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locall… | |||
| CVE-2026-26152 | high | 7.0 | 7.0 | 2mo ago | Insecure storage of sensitive information in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-32224 | high | 7.0 | 7.0 | 2mo ago | Use after free in Windows Server Update Service allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-32219 | high | 7.0 | 7.0 | 2mo ago | Double free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-32195 | high | 7.0 | 7.0 | 2mo ago | Stack-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-32093 | high | 7.0 | 7.0 | 2mo ago | Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-32087 | high | 7.0 | 7.0 | 2mo ago | Heap-based buffer overflow in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-32083 | high | 7.0 | 7.0 | 2mo ago | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-32082 | high | 7.0 | 7.0 | 2mo ago | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-32075 | high | 7.0 | 7.0 | 2mo ago | Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-32073 | high | 7.0 | 7.0 | 2mo ago | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. |