CVEs from 2026
Total
14,089
critical
critical 1,231
high
high 4,634
medium
medium 4,443
low
low 484
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 522
- firepower_threat_defense_software 300
- firepower_threat_defense 298
- gcp 239
- openclaw 172
- commerce 104
- commerce_b2b 89
- grafana 80
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-46424 | medium | 4.2 | 4.2 | 7d ago | Budibase is an open-source low-code platform. Prior to 3.38.2, the public API role unassignment endpoint (POST /api/public/v1/roles/unassign) updates user documents in CouchDB but does not invalidate… | |||
| CVE-2026-9689 | medium | 4.2 | 4.2 | 7d ago | A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers (URIs), a remote at… | |||
| CVE-2026-44067 | medium | 4.2 | 4.2 | 13d ago | A heap over-read in extended attribute (EA) header parsing in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to obtain limited information or cause a minor service disruption via… | |||
| CVE-2026-44065 | medium | 4.2 | 4.2 | 13d ago | An off-by-two error in lp_write() in papd in Netatalk 2.0.0 through 4.4.2 allows an adjacent network attacker to modify limited data or cause a minor service disruption via crafted print data. | |||
| CVE-2026-44063 | medium | 4.2 | 4.2 | 13d ago | An LDAP injection vulnerability in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to manipulate LDAP queries and obtain limited information or modify LDAP entries via crafted fil… | |||
| CVE-2026-9110 | medium | 4.2 | 4.2 | 13d ago | Inappropriate implementation in UI in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML pag… | |||
| CVE-2026-8784 | medium | 4.2 | 4.2 | 16d ago | A vulnerability was detected in npitre cramfs-tools up to 2.2. Affected is the function change_file_status of the file cramfsck.c. Performing a manipulation results in symlink following. The attack r… | |||
| CVE-2026-8584 | medium | 4.2 | 4.2 | 19d ago | Inappropriate implementation in Views in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page… | |||
| CVE-2026-8564 | medium | 4.2 | 4.2 | 19d ago | Incorrect security UI in Downloads in Google Chrome on Android and Mac prior to 148.0.7778.168 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: M… | |||
| CVE-2026-44991 | medium | 4.2 | 4.2 | 22d ago | OpenClaw: Owner-enforced commands could accept wildcard channel senders as command owners | |||
| CVE-2026-8021 | medium | 4.2 | 4.2 | 27d ago | Script injection in UI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (UXSS) via a crafte… | |||
| CVE-2026-7996 | medium | 4.2 | 4.2 | 27d ago | Insufficient validation of untrusted input in SSL in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML … | |||
| CVE-2026-7993 | medium | 4.2 | 4.2 | 27d ago | Insufficient validation of untrusted input in Payments in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to spoof the contents of t… | |||
| CVE-2026-7989 | medium | 4.2 | 4.2 | 27d ago | Insufficient data validation in DataTransfer in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted H… | |||
| CVE-2026-7964 | medium | 4.2 | 4.2 | 27d ago | Insufficient validation of untrusted input in FileSystem in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via… | |||
| CVE-2026-7952 | medium | 4.2 | 4.2 | 27d ago | Insufficient policy enforcement in Extensions in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass discretionary access control via a c… | |||
| CVE-2026-7947 | medium | 4.2 | 4.2 | 27d ago | Insufficient validation of untrusted input in Network in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted H… | |||
| CVE-2026-7943 | medium | 4.2 | 4.2 | 27d ago | Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a cr… | |||
| CVE-2026-7934 | medium | 4.2 | 4.2 | 27d ago | Insufficient validation of untrusted input in Popup Blocker in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass navigation restriction… | |||
| CVE-2026-7912 | medium | 4.2 | 4.2 | 27d ago | Integer overflow in GPU in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. … | |||
| CVE-2026-43883 | medium | 4.2 | 4.2 | 28d ago | AVideo: IDOR in PayPalYPT Plugin Allows Any Authenticated User to Cancel Arbitrary PayPal Subscription Agreements | |||
| CVE-2026-5107 | medium | 4.2 | 4.2 | 2mo ago | A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file bgpd/bgp_evpn.c of the component EVPN Type-2 Route Handler. The manipulation le… | |||
| CVE-2026-2010 | medium | 4.2 | 4.2 | 4mo ago | A vulnerability has been found in Sanluan PublicCMS up to 4.0.202506.d/5.202506.d/6.202506.d. Impacted is the function Paid of the file publiccms-parent/publiccms-trade/src/main/java/com/publiccms/lo… | |||
| CVE-2026-0598 | medium | 4.2 | 4.2 | 4mo ago | A security flaw was identified in the Ansible Lightspeed API conversation endpoints that handle AI chat interactions. The APIs do not properly verify whether a conversation identifier belongs to the … | |||
| CVE-2026-1484 | medium | 4.2 | 4.2 | 4mo ago | A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer bounda… | |||
| CVE-2026-1409 | medium | 4.2 | 4.2 | 4mo ago | A security vulnerability has been detected in Beetel 777VR1 up to 01.00.09/01.00.09_55. This issue affects some unknown processing of the component UART Interface. The manipulation leads to improper … | |||
| CVE-2026-1408 | medium | 4.2 | 4.2 | 4mo ago | A weakness has been identified in Beetel 777VR1 up to 01.00.09/01.00.09_55. This vulnerability affects unknown code of the component UART Interface. Executing a manipulation can lead to weak password… | |||
| CVE-2026-1407 | medium | 4.2 | 4.2 | 4mo ago | A security flaw has been discovered in Beetel 777VR1 up to 01.00.09/01.00.09_55. This affects an unknown part of the component UART Interface. Performing a manipulation results in information disclos… | |||
| CVE-2026-10052 | medium | 4.1 | 4.1 | 5d ago | A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endp… | |||
| CVE-2026-48136 | medium | 4.1 | 4.1 | 8d ago | When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain (CMA) can modify stored metadata associated with Comp… | |||
| CVE-2026-2813 | medium | 4.1 | 4.1 | 13d ago | ArcGIS Server contains an input validation weakness in the login redirection workflow. An Authenticated attacker could exploit this issue by sending a specially crafted request, Successful exploitati… | |||
| CVE-2026-8736 | medium | 4.1 | 4.1 | 17d ago | A security flaw has been discovered in Oinone Pamirs up to 7.2.0. This vulnerability affects the function request.getParameter of the file LocalFileClient.java of the component RestController. Perfor… | |||
| CVE-2026-1163 | medium | 4.1 | 4.1 | 2mo ago | parisneo/lollms has an insufficient session expiration vulnerability | |||
| CVE-2026-28581 | medium | 4.0 | 4.0 | 1d ago | In fixInitiatingUserIfNecessary of CallIntentProcessor.java, there is a possible way to make an emergency call due to a logic error in the code. This could lead to local with null execution privileg… | |||
| CVE-2026-10099 | medium | 4.0 | 4.0 | 5d ago | XX-Net V5.16.6 contains a WebSocket frame parsing vulnerability in the WebSocket_receive_worker routine of simple_http_server.py that allows attackers to cause corrupted application data by sending u… | |||
| CVE-2026-21785 | medium | 4.0 | 4.0 | 6d ago | A misconfigured Content Security Policy (CSP) in HCL BigFix Remote Control Server WebUI (versions 10.1.0.0442 and earlier) fails to define directives without fallbacks, allowing attackers to bypass i… | |||
| CVE-2026-44430 | medium | 4.0 | 4.0 | 19d ago | MCP Registry has an unauthenticated SSRF: HTTP namespace verification dials 6to4 / NAT64 / site-local IPv6 addresses, bypassing private-address allowlist | |||
| CVE-2026-43968 | medium | 4.0 | 4.0 | 22d ago | ninenines cowlib: Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability allows SSE event splitting and injection via unvalidated field values | |||
| CVE-2026-28882 | medium | 4.0 | 4.0 | 23d ago | visionOS 26.4 | |||
| CVE-2026-42798 | medium | 4.0 | 4.0 | 1mo ago | Little CMS (lcms2) 2.16 through 2.18 before 2.19 has an integer overflow in ParseCube in cmscgats.c. | |||
| CVE-2026-41403 | medium | 4.0 | 4.0 | 1mo ago | OpenClaw: diffs viewer misclassifies proxied remote requests as loopback when `allowRemoteViewer` is disabled | |||
| CVE-2026-5507 | medium | 4.0 | 4.0 | 2mo ago | When restoring a session from cache, a pointer from the serialized session data is used in a free operation without validation. An attacker who can poison the session cache could trigger an arbitrary… | |||
| CVE-2026-28826 | medium | 4.0 | 4.0 | 2mo ago | macOS Sonoma 14.8.5 | |||
| CVE-2026-30963 | low | 3.9 | 3.9 | 6d ago | Capsule is a multi-tenancy and policy-based framework for Kubernetes. To defend against namespace hijacking achieved through update/patch operations on namespaces, Capsule uses a webhook to validate … | |||
| CVE-2026-44069 | low | 3.9 | 3.9 | 13d ago | An integer underflow in the volxlate function in Netatalk 3.0.0 through 4.4.2 allows a local privileged user to obtain limited information, modify limited data, or cause a minor service disruption vi… | |||
| CVE-2026-27964 | low | 3.9 | 3.9 | 26d ago | FacturaScripts vulnerable to Reflected Cross-Site Scripting (XSS) via Cookie Manipulation | |||
| CVE-2026-10299 | low | 3.8 | 3.8 | 1d ago | A weakness has been identified in code-projects Online Hospital Management System 1.0. This issue affects some unknown processing of the file viewdoctortimings.php. This manipulation of the argument … | |||
| CVE-2026-40528 | low | 3.8 | 3.8 | 5d ago | OpenSC before 0.27.0, fixed in commit 0358817, contains a stack and heap buffer overrun vulnerability in the do_key_value() function in src/pkcs15init/profile.c that allows attackers to corrupt memor… | |||
| CVE-2026-40510 | low | 3.8 | 3.8 | 5d ago | OpenSC before 0.27.0-rc1, fixed in commit 3f24f0b, contains a stack buffer overflow vulnerability in piv_process_history() in src/libopensc/card-piv.c that allows physically present attackers to trig… | |||
| CVE-2026-6816 | low | 3.8 | 3.8 | 5d ago | An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users. This issue affects TFA Basic Plugins… | |||
| CVE-2026-44410 | low | 3.8 | 3.8 | 8d ago | This vulnerability stems from a business logic flaw.Attackers can exploit legitimate application functions in unintended and abnormal ways, deviating from the designer's expectations, to carry out ma… | |||
| CVE-2026-45683 | low | 3.8 | 3.8 | 15d ago | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the Java TLS ioctl probe reads user-controlled ioctl pointers with bpf_pr… | |||
| CVE-2026-6334 | low | 3.8 | 3.8 | 16d ago | Mattermost doesn't enforce client identity binding during the OAuth authorization code redemption flow | |||
| CVE-2026-6923 | low | 3.8 | 3.8 | 20d ago | A side-channel attack, which requires a physical presence to the TPM, can lead to extraction of an Elliptic Curve Diffie-Hellman (ECDH) key. | |||
| CVE-2026-33585 | low | 3.8 | 3.8 | 20d ago | Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an unexpired browser session.… | |||
| CVE-2026-44459 | low | 3.8 | 3.8 | 21d ago | Hono has improper validation of NumericDate claims (exp, nbf, iat) in JWT verify() | |||
| CVE-2026-34094 | low | 3.8 | 3.8 | 22d ago | Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Page/Article.Php. This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2. | |||
| CVE-2026-44987 | low | 3.8 | 3.8 | 25d ago | SysReptor is a fully customizable pentest reporting platform. Prior to version 2026.29, users with "User Admin" permissions can change the email addresses of users with "Superuser" permissions. If th… | |||
| CVE-2026-4222 | low | 3.8 | 3.8 | 3mo ago | A vulnerability was determined in SSCMS up to 7.4.0. This vulnerability affects the function PathUtils.RemoveParentPath of the file /api/admin/plugins/install/actions/download. This manipulation of t… | |||
| CVE-2026-4044 | low | 3.8 | 3.8 | 3mo ago | A vulnerability was detected in projectsend up to r1945. This affects the function realpath of the file /import-orphans.php of the component Delete Handler. Performing a manipulation of the argument … | |||
| CVE-2026-22411 | low | 3.8 | 3.8 | 4mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Dolcino dolcino allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dolcino: fro… | |||
| CVE-2026-22409 | low | 3.8 | 3.8 | 4mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Justicia justicia allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Justicia: … | |||
| CVE-2026-22407 | low | 3.8 | 3.8 | 4mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Roam roam allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Roam: from n/a thr… | |||
| CVE-2026-22406 | low | 3.8 | 3.8 | 4mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Overton overton allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Overton: fro… | |||
| CVE-2026-22404 | low | 3.8 | 3.8 | 4mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Innovio innovio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Innovio: fro… | |||
| CVE-2026-24761 | low | 3.7 | 3.7 | 1d ago | Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to access metad… | |||
| CVE-2026-10300 | low | 3.7 | 3.7 | 1d ago | A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/lora_manager.py of the component Inference HTTP Endpoint. Such ma… | |||
| CVE-2026-5419 | low | 3.7 | 3.7 | 1d ago | RHSA-2026:20612: gnutls security update (Important) | |||
| CVE-2026-10216 | low | 3.7 | 3.7 | 2d ago | A vulnerability was detected in unitedbyai droidclaw up to 0.5.3. The affected element is an unknown function of the file server/src/routes/pairing.ts of the component claim Endpoint. The manipulatio… | |||
| CVE-2026-10169 | low | 3.7 | 3.7 | 3d ago | A vulnerability was detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected by this vulnerability is the function ajax_forgot_pa… | |||
| CVE-2026-48524 | low | 3.7 | 3.7 | 6d ago | PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.get_signing_key() forces a fresh HTTP request to the JWKS endpoint for every JWT with an unknown kid value, with no ra… | |||
| CVE-2026-44474 | low | 3.7 | 3.7 | 7d ago | Ella Core has handover failures during concurrent Security Mode Command | |||
| CVE-2026-42791 | low | 3.7 | 3.7 | 7d ago | Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows forged OCSP responses signed with an expired responder certificate to be accepted as valid. OCSP re… | |||
| CVE-2026-33552 | low | 3.7 | 3.7 | 7d ago | Northern.tech Mender Enterprise Server before 4.1.1 has Incorrect Access Control. | |||
| CVE-2026-48852 | low | 3.7 | 3.7 | 8d ago | PuTTY 0.71 before 0.84 has an assertion failure in ECDSA signature verification. | |||
| CVE-2026-48847 | low | 3.7 | 3.7 | 8d ago | Roundcube Webmail 1.6.x before 1.6.16, and 1.7.x before 1.7.1 allows pre-authentication arbitrary file deletion via redis/memcache session poisoning bypass. | |||
| CVE-2026-9396 | low | 3.7 | 3.7 | 9d ago | A security flaw has been discovered in Besen BS20 EV Charging Station up to 20260426. Affected by this vulnerability is an unknown functionality of the component Firmware Version Check. The manipulat… | |||
| CVE-2026-9373 | low | 3.7 | 3.7 | 10d ago | A vulnerability has been found in JeecgBoot 3.9.1. This issue affects some unknown processing of the file /openapi/call/ of the component OpenAPI Endpoint. Such manipulation leads to improper authent… | |||
| CVE-2026-9370 | low | 3.7 | 3.7 | 10d ago | A weakness has been identified in ulisesbocchio jasypt-spring-boot up to 3.0.5/4.0.4. Affected by this vulnerability is the function getSecretKeySaltGenerator of the file jasypt-spring-boot/src/main/… | |||
| CVE-2026-9306 | low | 3.7 | 3.7 | 11d ago | A security vulnerability has been detected in QuantumNous new-api up to 0.12.1. This affects the function RelayMidjourneyImage/GetByOnlyMJId of the file router/relay-router.go of the component Midjou… | |||
| CVE-2026-7837 | low | 3.7 | 3.7 | 13d ago | A time-of-check time-of-use (TOCTOU) condition in the ad_flush function in Netatalk 3.0.0 through 4.4.2 involves root-privileged file operations, which may allow a remote attacker to cause limited da… | |||
| CVE-2026-44075 | low | 3.7 | 3.7 | 13d ago | A missing break statement in DSI OpenSession processing in Netatalk 1.5.0 through 4.4.2 causes a DSIOPT_ATTNQUANT switch case to fall through into DSIOPT_SERVQUANT, resulting in unintended session op… | |||
| CVE-2026-44074 | low | 3.7 | 3.7 | 13d ago | Netatalk 2.1.0 through 4.4.2 combines multiple errno values using bitwise OR, resulting in incorrect error codes when multiple error conditions occur simultaneously, which may allow a remote attacker… | |||
| CVE-2026-44071 | low | 3.7 | 3.7 | 13d ago | Netatalk 3.1.2 through 4.4.2 is compiled without FORTIFY_SOURCE, which disables built-in buffer overflow detection at runtime, potentially allowing a remote attacker to cause a minor denial of servic… | |||
| CVE-2026-45232 | low | 3.7 | 3.7 | 14d ago | Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in socket.c that allows network attackers to corrupt stack memor… | |||
| CVE-2026-8491 | low | 3.7 | 3.7 | 14d ago | Node view permissions module enables permissions "View own content" and "View any content" for each content type on permissions page The module doesn't sufficiently handle the case where a user is … | |||
| CVE-2026-8803 | low | 3.7 | 3.7 | 16d ago | A flaw has been found in opensourcepos Open Source Point of Sale up to 3.4.2. Impacted is the function Login of the file app/Models/Employee.php of the component Employee Login. This manipulation cau… | |||
| CVE-2026-44589 | low | 3.7 | 3.7 | 19d ago | nuxt-og-image SSRF — bypass of GHSA-pqhr-mp3f-hrpp / v6.2.5 fix (IPv6 + redirect) | |||
| CVE-2026-44582 | low | 3.7 | 3.7 | 20d ago | Next.js vulnerable to cache poisoning via collisions in React Server Component cache-busting | |||
| CVE-2026-44242 | low | 3.7 | 3.7 | 21d ago | Micronaut has Unbounded `bundleCache` in `ResourceBundleMessageSource` that Allows Memory Exhaustion via `Accept-Language` Header | |||
| CVE-2026-44219 | low | 3.7 | 3.7 | 21d ago | ciguard: SCA HTTP client reads response body without size cap | |||
| CVE-2026-43514 | low | 3.7 | 3.7 | 22d ago | Observable Timing Discrepancy vulnerability when comparing AJP secret in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M… | |||
| CVE-2026-42874 | low | 3.7 | 3.7 | 22d ago | Microdot has HTTP response splitting in Response.set_cookie() | |||
| CVE-2026-44996 | low | 3.7 | 3.7 | 22d ago | OpenClaw before 2026.4.15 contains an arbitrary local file read vulnerability in the webchat audio embedding helper that fails to apply local media root containment checks. Attackers can influence ag… | |||
| CVE-2026-8276 | low | 3.7 | 3.7 | 23d ago | bettercap Has an Integer Coercion Error in modules/mysql_server/mysql_server.go | |||
| CVE-2026-8275 | low | 3.7 | 3.7 | 23d ago | bettercap Has an Integer Coercion Error in the ippReadChunkedBody Function | |||
| CVE-2026-8242 | low | 3.7 | 3.7 | 24d ago | A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. The impacted element is the function doAction of the component Login RMI Interface. Performing a manipulation results… | |||
| CVE-2026-8196 | low | 3.7 | 3.7 | 24d ago | A flaw has been found in JeecgBoot 3.9.1. The impacted element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginControlle… | |||
| CVE-2026-8028 | low | 3.7 | 3.7 | 28d ago | A vulnerability was detected in FlowiseAI Flowise up to 3.0.12. This affects the function verify of the file packages/server/src/enterprise/services/account.service.ts of the component Endpoint. Perf… | |||
| CVE-2026-43863 | low | 3.7 | 3.7 | 1mo ago | mutt before 2.3.2 has an infinite loop in data_object_to_stream in crypt-gpgme.c. |