CVEs from 2026
Total
13,904
critical
critical 1,207
high
high 4,524
medium
medium 4,354
low
low 480
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.7%
Top products
- chrome 503
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 172
- commerce 104
- commerce_b2b 89
- saml_sso_-_service_provider 77
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-32075 | high | 7.0 | 7.0 | 2mo ago | Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-32073 | high | 7.0 | 7.0 | 2mo ago | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-27929 | high | 7.0 | 7.0 | 2mo ago | Time-of-check time-of-use (toctou) race condition in Windows LUAFV allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-27926 | high | 7.0 | 7.0 | 2mo ago | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-27921 | high | 7.0 | 7.0 | 2mo ago | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-27917 | high | 7.0 | 7.0 | 2mo ago | Use after free in Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-27908 | high | 7.0 | 7.0 | 2mo ago | Use after free in Windows TDI Translation Driver (tdx.sys) allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-26174 | high | 7.0 | 7.0 | 2mo ago | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Server Update Service allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-26166 | high | 7.0 | 7.0 | 2mo ago | Double free in Windows Shell allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-26165 | high | 7.0 | 7.0 | 2mo ago | Use after free in Windows Shell allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-25184 | high | 7.0 | 7.0 | 2mo ago | Concurrent execution using shared resource with improper synchronization ('race condition') in Applocker Filter Driver (applockerfltr.sys) allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-31426 | high | 7.0 | 7.0 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: ACPI: EC: clean up handlers on probe failure in acpi_ec_setup() When ec_install_handlers() returns -EPROBE_DEFER on reduced-hardw… | |||
| CVE-2026-4878 | high | 7.0 | 7.0 | 2mo ago | Important: libcap security update | |||
| CVE-2026-5473 | high | 7.0 | 7.0 | 2mo ago | A vulnerability has been found in NASA cFS up to 7.0.0. The impacted element is the function pickle.load of the component Pickle Module. Such manipulation leads to deserialization. The attack needs t… | |||
| CVE-2026-23454 | high | 7.0 | 7.0 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: net: mana: fix use-after-free in mana_hwc_destroy_channel() by reordering teardown A potential race condition exists in mana_hwc_… | |||
| CVE-2026-4962 | high | 7.0 | 7.0 | 2mo ago | A security flaw has been discovered in UltraVNC up to 1.6.4.0. Affected by this issue is some unknown functionality in the library version.dll of the component Service. The manipulation results in un… | |||
| CVE-2026-4824 | high | 7.0 | 7.0 | 2mo ago | A vulnerability has been found in Enter Software Iperius Backup up to 8.7.3. Affected by this issue is some unknown functionality of the component Backup Job Configuration File Handler. The manipulat… | |||
| CVE-2026-4822 | high | 7.0 | 7.0 | 2mo ago | A vulnerability was detected in Enter Software Iperius Backup up to 8.7.3. Affected is an unknown function of the file C:\ProgramData\IperiusBackup\Jobs\ of the component Backup Service. Performing a… | |||
| CVE-2026-23294 | high | 7.0 | 7.0 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix race in devmap on PREEMPT_RT On PREEMPT_RT kernels, the per-CPU xdp_dev_bulk_queue (bq) can be accessed concurrently by … | |||
| CVE-2026-4546 | high | 7.0 | 7.0 | 2mo ago | A weakness has been identified in Flos Freeware Notepad2 4.2.25. This impacts an unknown function in the library TextShaping.dll. Executing a manipulation can lead to uncontrolled search path. The at… | |||
| CVE-2026-4545 | high | 7.0 | 7.0 | 2mo ago | A security flaw has been discovered in Flos Freeware Notepad2 4.2.25. This affects an unknown function in the library PROPSYS.dll. Performing a manipulation results in uncontrolled search path. The a… | |||
| CVE-2026-24285 | high | 7.0 | 7.0 | 3mo ago | Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-3787 | high | 7.0 | 7.0 | 3mo ago | A weakness has been identified in UltraVNC 1.6.4.0 on Windows. This affects an unknown function in the library cryptbase.dll of the component Windows Service. This manipulation causes uncontrolled se… | |||
| CVE-2026-3194 | high | 7.0 | 7.0 | 3mo ago | A flaw has been found in Chia Blockchain 2.1.0. The affected element is the function send_transaction/get_private_key of the component RPC Server Master Passphrase Handler. This manipulation causes m… | |||
| CVE-2026-2913 | high | 7.0 | 7.0 | 3mo ago | A vulnerability was determined in libvips up to 8.19.0. The affected element is the function vips_source_read_to_memory of the file libvips/iofuncs/source.c. This manipulation causes heap-based buffe… | |||
| CVE-2026-2516 | high | 7.0 | 7.0 | 4mo ago | A vulnerability was identified in Unidocs ezPDF DRM Reader and ezPDF Reader 2.0/3.0.0.4. This affects an unknown part in the library SHFOLDER.dll. Such manipulation leads to uncontrolled search path.… | |||
| CVE-2026-26158 | high | 7.0 | 7.0 | 4mo ago | A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or … | |||
| CVE-2026-46361 | medium | 6.9 | 6.9 | 17d ago | phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in search.twig where result.question and result.answerPreview are rendered with the raw filter, disabling autoescape protect… | |||
| CVE-2026-6815 | medium | 5.9 | 6.9 | 21d ago | An arbitrary file write vulnerability exists in Casdoor's Local File System storage provider. Due to insufficient path sanitization, an authenticated attacker with administrative privileges can perfo… | |||
| CVE-2026-45810 | medium | 6.8 | 6.8 | 5h ago | Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.12, and 32.0.0 to before 32.0.3, a missing check of a relation allowed authenticate… | |||
| CVE-2026-9802 | medium | 6.8 | 6.8 | 5d ago | A flaw was found in Keycloak. When revokeRefreshToken=true is enabled and persistent session storage is in use, a server restart can reset internal timing mechanisms. This allows a remote attacker, w… | |||
| CVE-2026-9673 | medium | 6.8 | 6.8 | 5d ago | Versions of the package json-2-csv from 3.15.0 and before 5.5.11 are vulnerable to CSV Injection via the preventCsvInjection option which can be bypassed. An attacker can inject formulas into CSV fil… | |||
| CVE-2026-48545 | medium | 6.8 | 6.8 | 5d ago | Gradio before version 6.15.0 contains a cookie injection vulnerability that allows remote attackers to perform cross-Space session fixation by exploiting a shared module-level HTTP client used across… | |||
| CVE-2026-9617 | medium | 6.8 | 6.8 | 5d ago | PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a table and placing malicious code inside a column identifier. If a superuser calls the k-an… | |||
| CVE-2026-9704 | medium | 6.8 | 6.8 | 6d ago | A flaw was found in Keycloak. An authenticated user with low privileges can exploit this vulnerability by sending an oversized subject_token JSON Web Token (JWT) to the TokenEndpoint. When the token … | |||
| CVE-2026-44707 | medium | 6.8 | 6.8 | 6d ago | Chatwoot is a customer engagement suite. From 2.14.0 to before 4.13.0, a Pre-Account Takeover (Pre-ATO) vulnerability existed in Chatwoot's authentication flow. Because email confirmation was not enf… | |||
| CVE-2026-39311 | medium | 6.8 | 6.8 | 12d ago | Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Versions 0.102.1 and prior contain a critical security flaw where lack of S… | |||
| CVE-2026-20171 | medium | 6.8 | 6.8 | 12d ago | A vulnerability in the Border Gateway Protocol (BGP) enforce-first-as feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow a… | |||
| CVE-2026-45585 | medium | 6.8 | 6.8 | 13d ago | Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coor… | |||
| CVE-2026-35593 | medium | 6.8 | 6.8 | 13d ago | Trilium Notes is an open-source, cross-platform hierarchical note taking application for building large personal knowledge bases. Versions 0.102.1 and prior are vulnerable to Local File Inclusion, al… | |||
| CVE-2026-33741 | medium | 6.8 | 6.8 | 13d ago | EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below allow authenticated users to upload SVG attachments through normal attachment-capable fields and later… | |||
| CVE-2026-4630 | medium | 6.8 | 6.8 | 14d ago | A flaw was found in Keycloak. An authenticated client could exploit an Insecure Direct Object Reference (IDOR) vulnerability in the Authorization Services Protection API endpoint. By knowing or obtai… | |||
| CVE-2026-37982 | medium | 6.8 | 6.8 | 14d ago | A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay `ExecuteActionsActionToken` tokens within Keycloak's WebAuthn (Web Authentication) flow. By intercep… | |||
| CVE-2026-41119 | medium | 6.8 | 6.8 | 15d ago | Dell Live Optics Windows and Personal Edition collectors contain an improper certificate validation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability leadi… | |||
| CVE-2026-41970 | medium | 6.8 | 6.8 | 18d ago | Out-of-bounds write vulnerability in the distributed file system module. Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2026-6008 | medium | 6.8 | 6.8 | 18d ago | Authorization bypass through User-Controlled key vulnerability in Im Park Information Technology, Electronics, Press, Publishing and Advertising, Education Ltd. Co. DijiDemi allows Privilege Abuse. … | |||
| CVE-2026-36742 | medium | 6.8 | 6.8 | 19d ago | Hiseeu C90 v5.7.15 is vulnerable to Insecure Permissions. The UART bootloader is accessible when battery is disconnected (hidden/debug mode). | |||
| CVE-2026-36738 | medium | 6.8 | 6.8 | 19d ago | U-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0 is vulnerable to Incorrect Access Control. The device exposes a UART interface that lacks authentication, authorization, or access control me… | |||
| CVE-2026-24464 | medium | 6.8 | 6.8 | 19d ago | When running in Appliance mode, a directory traversal vulnerability exists in an undisclosed iControl REST endpoint that may allow an authenticated attacker with administrator role privileges to cros… | |||
| CVE-2026-21021 | medium | 6.8 | 6.8 | 20d ago | Improper input validation in Routines prior to SMR May-2026 Release 1 allows physical attackers to launch privileged activity. | |||
| CVE-2026-44305 | medium | 6.8 | 6.8 | 20d ago | Lemur: LDAP Authentication Globally Disables TLS Certificate Verification When LDAP_USE_TLS Is Enabled | |||
| CVE-2026-45026 | medium | 6.8 | 6.8 | 21d ago | WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, a Stored Cross-Site Scripting (XSS) vulnerability allows an authenticated user to inject malicious JavaScript into the … | |||
| CVE-2026-45025 | medium | 6.8 | 6.8 | 21d ago | WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, a Stored Cross-Site Scripting (XSS) vulnerability allows an authenticated user to inject malicious JavaScript into the … | |||
| CVE-2026-42312 | medium | 6.8 | 6.8 | 21d ago | pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the set_config_value() API method (@permission(Perms.SETTINGS)) in src/pyload/core/api/__init__.py gates … | |||
| CVE-2026-1749 | medium | 6.8 | 6.8 | 24d ago | There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission. | |||
| CVE-2026-42291 | medium | 6.8 | 6.8 | 24d ago | SysReptor is a fully customizable pentest reporting platform. From version 2026.4 to before version 2026.27, the endpoints for reading and creating sharing links for personal notes is not properly au… | |||
| CVE-2026-44247 | medium | 6.8 | 6.8 | 24d ago | Volcano is a Kubernetes-native batch scheduling system. Prior to v1.14.2, v1.13.3, and v1.12.4, the Volcano webhook server does not enforce a size limit on incoming HTTP request bodies. Any in-cluste… | |||
| CVE-2026-40003 | medium | 6.8 | 6.8 | 26d ago | ZTE ZX297520V3 BootROM contains a vulnerability that allows arbitrary memory writes via USB. Attackers can exploit the lack of target address validation in the USB download mode to write data to any … | |||
| CVE-2026-6863 | medium | 6.8 | 6.8 | 26d ago | Velocidex Velociraptor has an Incorrect Authorization issue | |||
| CVE-2026-43901 | medium | 6.8 | 6.8 | 27d ago | wireshark-mcp vulnerable to arbitrary file write via export_objects when WIRESHARK_MCP_ALLOWED_DIRS is not configured | |||
| CVE-2026-42194 | medium | 6.8 | 6.8 | 27d ago | Admidio has an incomplete fix for CVE-2026-32812 (SSRF) | |||
| CVE-2026-43875 | medium | 6.8 | 6.8 | 27d ago | AVideo: Password Hash Leak in MobileManager OAuth Redirect URL Enables Account Takeover | |||
| CVE-2026-40934 | medium | 6.8 | 6.8 | 27d ago | Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at ~/.local/share/jupyter/runt… | |||
| CVE-2026-41671 | medium | 6.8 | 6.8 | 1mo ago | Admidio: OIDC Token Introspection Endpoint Returns Active for All Tokens Without Validation | |||
| CVE-2026-0205 | medium | 6.8 | 6.8 | 1mo ago | A post-authentication Path Traversal vulnerability in SonicOS allows an attacker to interact with usually restricted services. | |||
| CVE-2026-0711 | medium | 6.8 | 6.8 | 1mo ago | A post-authentication command injection vulnerability in the EasyMesh-related APIs of Zyxel DX3300-T0 firmware versions through 5.50(ABVY.7.1)C0 could allow an authenticated, adjacent attacker with a… | |||
| CVE-2026-32649 | medium | 6.8 | 6.8 | 1mo ago | A command injection vulnerability exists in the web server of specific firmware versions of Milesight cameras. | |||
| CVE-2026-40970 | medium | 6.8 | 6.8 | 1mo ago | Spring Boot's Elasticsearch auto-configuration doesn't perform hostname verification when connecting to the Elasticsearch server. | |||
| CVE-2026-28525 | medium | 6.8 | 6.8 | 1mo ago | SWUpdate contains an integer underflow vulnerability in the multipart upload parser in mongoose_multipart.c that allows unauthenticated attackers to cause a denial of service by sending a crafted HTT… | |||
| CVE-2026-34314 | medium | 6.8 | 6.8 | 1mo ago | Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected ar… | |||
| CVE-2026-40574 | medium | 6.8 | 6.8 | 1mo ago | OAuth2 Proxy has an Authorization Bypass in Email Domain Validation via Malformed Multi-@ Email Claims | |||
| CVE-2026-40500 | medium | 6.8 | 6.8 | 2mo ago | ProcessWire: server-side request forgery vulnerability in the admin panel's 'Add Module From URL' feature | |||
| CVE-2026-32223 | medium | 6.8 | 6.8 | 2mo ago | Heap-based buffer overflow in Windows USB Print Driver allows an unauthorized attacker to elevate privileges with a physical attack. | |||
| CVE-2026-32202 | medium | 4.3 | 6.8 | 2mo ago | Microsoft Windows Shell contains a protection mechanism failure vulnerability that allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2026-32567 | medium | 6.8 | 6.8 | 2mo ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in icopydoc YML for Yandex Market yml-for-yandex-market allows Path Traversal.This issue affects YML for Y… | |||
| CVE-2026-32496 | medium | 6.8 | 6.8 | 2mo ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in NYSL Spam Protect for Contact Form 7 wp-contact-form-7-spam-blocker allows Path Traversal.This issue af… | |||
| CVE-2026-25328 | medium | 6.8 | 6.8 | 2mo ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in add-ons.org Product File Upload for WooCommerce products-file-upload-for-woocommerce allows Path Traver… | |||
| CVE-2026-2741 | medium | 6.8 | 6.8 | 3mo ago | Vaadin: Specially crafted ZIP archives can escape the intended extraction directory | |||
| CVE-2026-20453 | medium | 6.7 | 6.7 | 20h ago | In geniezone, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. U… | |||
| CVE-2026-48065 | medium | 6.7 | 6.7 | 5d ago | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/conf.c allocates heap memory proportional to n_devices, a count derived from libxml2 XPath evalu… | |||
| CVE-2026-44076 | medium | 6.7 | 6.7 | 12d ago | Insufficient sanitization of volume paths in Netatalk 3.1.0 through 4.4.2 allows a local privileged user to inject OS commands and execute arbitrary code via a crafted volume path. | |||
| CVE-2026-35070 | medium | 6.7 | 6.7 | 13d ago | Dell SmartFabric Storage Software, versions prior to 1.4.5, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker w… | |||
| CVE-2026-42919 | medium | 6.7 | 6.7 | 19d ago | A vulnerability exists in BIG-IP systems that may allow an authenticated attacker with administrative access to escalate their privileges. A successful exploit may allow the attacker to cross a secur… | |||
| CVE-2026-21018 | medium | 6.7 | 6.7 | 20d ago | Out-of-bounds write in SveService prior to SMR May-2026 Release 1 allows local privileged attackers to execute arbitrary code. | |||
| CVE-2026-41097 | medium | 6.7 | 6.7 | 20d ago | Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. | |||
| CVE-2026-32170 | medium | 6.7 | 6.7 | 20d ago | Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-21530 | medium | 6.7 | 6.7 | 20d ago | Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-40638 | medium | 6.7 | 6.7 | 20d ago | Dell PowerScale InsightIQ, versions 5.0.0 through 6.2.0, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this v… | |||
| CVE-2026-26946 | medium | 6.7 | 6.7 | 22d ago | Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper privilege management vulnerability in the OS. A high privileged attacker with local acce… | |||
| CVE-2026-42176 | medium | 6.7 | 6.7 | 24d ago | Scoold is a Q&A and a knowledge sharing platform for teams. Prior to version 1.67.0, Scoold allows the admins configuration value to be modified through /api/config/set/admins with a forged Bearer to… | |||
| CVE-2026-20451 | medium | 6.7 | 6.7 | 29d ago | In slbc, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interacti… | |||
| CVE-2026-20448 | medium | 6.7 | 6.7 | 29d ago | In geniezone, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege if a malicious actor has already obtained the System priv… | |||
| CVE-2026-20447 | medium | 6.7 | 6.7 | 29d ago | In geniezone, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privileg… | |||
| CVE-2026-25852 | medium | 6.7 | 6.7 | 1mo ago | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212. | |||
| CVE-2026-7280 | medium | 6.7 | 6.7 | 1mo ago | AVACAST developed by eMPIA Technology has a Unquoted Service Path vulnerability, allowing privileged local attackers to place a malicious executable file in a specific directory, resulting in arbitra… | |||
| CVE-2026-40977 | medium | 6.7 | 6.7 | 1mo ago | Spring Boot's PID file write follows symlinks at predictable default path | |||
| CVE-2026-41360 | medium | 6.7 | 6.7 | 1mo ago | OpenClaw before 2026.4.2 contains an approval integrity vulnerability in pnpm dlx that fails to bind local script operands consistently with pnpm exec flows. Attackers can replace approved local scri… | |||
| CVE-2026-35154 | medium | 6.7 | 6.7 | 1mo ago | Dell PowerProtect Data Domain appliances, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper … | |||
| CVE-2026-26951 | medium | 6.7 | 6.7 | 1mo ago | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a stack-based buffer overflo… | |||
| CVE-2026-35153 | medium | 6.7 | 6.7 | 2mo ago | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralizat… |