CVEs from 2026
Total
13,913
critical
critical 1,208
high
high 4,525
medium
medium 4,366
low
low 483
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.7%
Top products
- chrome 503
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 172
- commerce 104
- commerce_b2b 89
- saml_sso_-_service_provider 77
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-29220 | medium | 6.5 | 6.5 | 14d ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to v… | |||
| CVE-2026-29207 | medium | 6.5 | 6.5 | 14d ago | Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24… | |||
| CVE-2026-28733 | medium | 6.5 | 6.5 | 14d ago | in OpenHarmony v6.0 and prior versions allow a local attacker arbitrary code execution. | |||
| CVE-2026-27737 | medium | 6.5 | 6.5 | 14d ago | BigBlueButton is an open-source virtual classroom. In versions prior to 3.0.19, the recording playback (presentation format) was not sanitizing user's input in public chat. This allowed for a malicio… | |||
| CVE-2026-8843 | medium | 6.5 | 6.5 | 15d ago | Creating a "2dsphere_bucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A simi… | |||
| CVE-2026-45149 | medium | 6.5 | 6.5 | 15d ago | The brace-expansion library generates arbitrary strings containing a common prefix and suffix. From 5.0.0 to before 5.0.6, the max option was being applied too late. When expanding a single large num… | |||
| CVE-2026-20685 | medium | 6.5 | 6.5 | 15d ago | An attacker in a privileged network position may be able to leak sensitive information. A path handling issue was addressed with improved validation. This issue is fixed in PCC Release 5E290.3. | |||
| CVE-2026-45582 | medium | 6.5 | 6.5 | 15d ago | n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.51.3, the workflow telemetry sanitizer could retain partial fragments of … | |||
| CVE-2026-6345 | medium | 6.5 | 6.5 | 15d ago | Mattermost doesn't prevent disclosure of created user password | |||
| CVE-2026-5163 | medium | 6.5 | 6.5 | 15d ago | Mattermost doesn't verify channel membership when processing AI-assisted message rewrites | |||
| CVE-2026-3471 | medium | 6.5 | 6.5 | 15d ago | Mattermost Desktop App versions <=6.1 6.0.1 5.4.13.0 fail to prevent an invalid URL from loading in a pop-up window in the Mattermost Desktop App which allows a malicious server owner to repeated cra… | |||
| CVE-2026-3117 | medium | 6.5 | 6.5 | 15d ago | Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0 fail to properly check for permissions when processing commands in the Gitlab plugin which allows normal users to uninstall instances or se… | |||
| CVE-2026-6340 | medium | 6.5 | 6.5 | 15d ago | Mattermost doesn't validate 7zip archive structure before processing | |||
| CVE-2026-2325 | medium | 6.5 | 6.5 | 15d ago | Mattermost doesn't limit the size of the request body on the start meeting API endpoint | |||
| CVE-2026-33637 | medium | 6.5 | 6.5 | 15d ago | Faraday has a possible incomplete fix for GHSA-33mh-2634-fwr2: protocol-relative URI objects still bypass host scoping | |||
| CVE-2026-8769 | medium | 6.5 | 6.5 | 15d ago | @ai-sdk/provider-utils has an Uncontrolled Resource Consumption issue | |||
| CVE-2026-8766 | medium | 6.5 | 6.5 | 15d ago | @kilocode/cli Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor | |||
| CVE-2026-8765 | medium | 6.5 | 6.5 | 15d ago | A vulnerability was detected in Kilo-Org kilocode up to 7.0.47. This vulnerability affects the function Bun.file of the file packages/opencode/src/kilocode/review/worktree-diff.ts of the component Fi… | |||
| CVE-2026-8746 | medium | 6.5 | 6.5 | 16d ago | A security flaw has been discovered in Open5GS up to 2.7.7. Affected by this issue is the function discover_handler in the library /lib/sbi/nghttp2-server.c of the component NRF. The manipulation res… | |||
| CVE-2026-8745 | medium | 6.5 | 6.5 | 16d ago | A vulnerability was identified in Open5GS up to 2.7.7. Affected by this vulnerability is the function ogs_timer_add in the library /src/ausf/nausf-handler.c of the component AUSF. The manipulation le… | |||
| CVE-2026-8744 | medium | 6.5 | 6.5 | 16d ago | A vulnerability was determined in Open5GS up to 2.7.7. Affected is the function ogs_sbi_subscription_data_add/ogs_sbi_nf_service_add in the library /lib/sbi/context.c of the component NRF. Executing … | |||
| CVE-2026-8738 | medium | 6.5 | 6.5 | 16d ago | A security vulnerability has been detected in Sanluan PublicCMS 5.202506.d. Impacted is the function TradeOrderController.pay/TradePaymentController.pay/AccountGatewayComponent.pay of the file public… | |||
| CVE-2026-8731 | medium | 6.5 | 6.5 | 16d ago | A vulnerability has been found in Open5GS up to 2.7.7. Affected is the function ogs_sbi_client_add in the library /lib/sbi/client.c of the component NRF. The manipulation of the argument client_pool … | |||
| CVE-2026-8730 | medium | 6.5 | 6.5 | 16d ago | A flaw has been found in Open5GS up to 2.7.6. This impacts the function ogs_sbi_nf_instance_set_id in the library /lib/sbi/context.c of the component NRF. Executing a manipulation of the argument nfI… | |||
| CVE-2026-8729 | medium | 6.5 | 6.5 | 16d ago | A vulnerability was detected in Open5GS up to 2.7.7. This affects an unknown function in the library /lib/sbi/message.c of the component NRF. Performing a manipulation of the argument service-names/s… | |||
| CVE-2026-8728 | medium | 6.5 | 6.5 | 16d ago | A security vulnerability has been detected in Open5GS up to 2.7.7. The impacted element is the function ogs_sbi_discovery_option_parse_plmn_list in the library /lib/sbi/conv.c of the component NRF. S… | |||
| CVE-2026-46719 | medium | 6.5 | 6.5 | 17d ago | Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections. The metric names were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject add… | |||
| CVE-2026-8704 | medium | 6.5 | 6.5 | 17d ago | Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified. | |||
| CVE-2026-45667 | medium | 6.5 | 6.5 | 17d ago | Open WebUI: Unauthenticated endpoint can trigger embedding generation (cost/DoS) | |||
| CVE-2026-45666 | medium | 6.5 | 6.5 | 17d ago | Open WebUI has an Indirect Object Reference (IDOR) in user notes | |||
| CVE-2026-45351 | medium | 6.5 | 6.5 | 17d ago | Open WebUI Exposes System Prompt to Regular User [Non-Admin] | |||
| CVE-2026-45345 | medium | 6.5 | 6.5 | 17d ago | Open WebUI missing authorization check at the model update function - models from other users can be updated | |||
| CVE-2026-44571 | medium | 6.5 | 6.5 | 17d ago | Open WebUI's Improper Authorization in Standard Channels Allows Message Updates with Read Permission | |||
| CVE-2026-45008 | medium | 6.5 | 6.5 | 18d ago | phpMyFAQ before 4.1.2 contains a path traversal vulnerability in Client::deleteClientFolder that allows admins with INSTANCE_DELETE permission to delete arbitrary directories. Attackers can submit tr… | |||
| CVE-2026-44562 | medium | 6.5 | 6.5 | 18d ago | Open WebUI's Model Import Overwrites Any Model Without Ownership Check | |||
| CVE-2026-44560 | medium | 6.5 | 6.5 | 18d ago | Open WebUI has Unauthorized File and Knowledge Base Content Access via RAG Vector Search | |||
| CVE-2026-4054 | medium | 6.5 | 6.5 | 18d ago | Mattermost doesn't validate the response body of proxied images | |||
| CVE-2026-46362 | medium | 6.5 | 6.5 | 18d ago | phpMyFAQ before 4.1.2 contains an authorization bypass vulnerability in AbstractAdministrationController::userHasPermission() that fails to terminate execution after sending a forbidden response. Att… | |||
| CVE-2026-45619 | medium | 6.5 | 6.5 | 18d ago | WWBN AVideo is an open source video platform. In 29.0 and earlier, EpgParser.php, plugin/AI/receiveAsync.json.php, and other locations do not use the $resolvedIP out-param of isSSRFSafeURL() for DNS … | |||
| CVE-2026-45610 | medium | 6.5 | 6.5 | 18d ago | WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a cross-site request forgery vulnerability on the 2FA toggle. plugin/LoginControl/set.json.php accepts POST type=set2FA val… | |||
| CVE-2026-45773 | medium | 6.5 | 6.5 | 18d ago | Trubo: Login callback CSRF/session fixation | |||
| CVE-2026-8669 | medium | 6.5 | 6.5 | 18d ago | Imager versions through 1.030 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files. Imager::File::GIF's i_readgif_multi_low allocates a single per-row buffer GifRow sized… | |||
| CVE-2026-39053 | medium | 6.5 | 6.5 | 18d ago | Oinone Pamirs 7.0.0 contains an XML External Entity (XXE) issue in its XStream-based XML parsing logic. When attacker-controlled XML is passed to framework parsing entry points such as PamirsXmlUtils… | |||
| CVE-2026-39052 | medium | 6.5 | 6.5 | 18d ago | Oinone Pamirs 7.0.0 contains a code execution vulnerability via ScriptRunner. The method ScriptRunner.run(String expression, String type, Map<String, Object> context) evaluates attacker-controlled sc… | |||
| CVE-2026-8503 | medium | 6.5 | 6.5 | 18d ago | Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator re… | |||
| CVE-2026-4683 | medium | 6.5 | 6.5 | 18d ago | The Smartcat Translator for WPML plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'routeData' REST endpoint in all versions up to, and … | |||
| CVE-2026-45339 | medium | 6.5 | 6.5 | 19d ago | Open WebUI's API key endpoint restrictions bypassed via `x-api-key` header — full message processing on restricted endpoints | |||
| CVE-2026-45306 | medium | 6.5 | 6.5 | 19d ago | pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the fix for CVE-2026-33509 prevents setting storage_folder inside PKGDIR or userdir, but does NOT protect… | |||
| CVE-2026-8570 | medium | 6.5 | 6.5 | 19d ago | Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security sev… | |||
| CVE-2026-8550 | medium | 6.5 | 6.5 | 19d ago | Use after free in Google Lens in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memo… | |||
| CVE-2026-26062 | medium | 6.5 | 6.5 | 19d ago | Fleet server may terminate unexpectedly when handling certain gRPC requests | |||
| CVE-2026-22706 | medium | 6.5 | 6.5 | 19d ago | Strapi: Password Reset Does Not Revoke Existing Refresh Sessions | |||
| CVE-2026-42572 | medium | 6.5 | 6.5 | 19d ago | Hatchet affected by cross-tenant information disclosure in `listTasksByDAGIds` | |||
| CVE-2026-41888 | medium | 6.5 | 6.5 | 19d ago | Distribution's tag deletion bypasses `storage.delete.enabled` configuration | |||
| CVE-2026-44514 | medium | 6.5 | 6.5 | 19d ago | Kubetail has a Cross-Site WebSocket Hijacking issue that allows attacker to read Kubernetes logs from authenticated users | |||
| CVE-2026-44884 | medium | 6.5 | 6.5 | 19d ago | Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before … | |||
| CVE-2026-6478 | medium | 6.5 | 6.5 | 19d ago | Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 … | |||
| CVE-2026-6670 | medium | 6.5 | 6.5 | 19d ago | The Media Sync plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.9 via the 'sub_dir' and 'media_items' parameters. This is due to insufficient validation … | |||
| CVE-2026-6225 | medium | 6.5 | 6.5 | 19d ago | The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'project_search' parameter in all versions u… | |||
| CVE-2026-5193 | medium | 6.5 | 6.5 | 19d ago | The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.5.13. This is due to insu… | |||
| CVE-2026-8280 | medium | 6.5 | 6.5 | 19d ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to cause den… | |||
| CVE-2026-4527 | medium | 6.5 | 6.5 | 19d ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to creat… | |||
| CVE-2026-4524 | medium | 6.5 | 6.5 | 19d ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to access… | |||
| CVE-2026-5486 | medium | 6.5 | 6.5 | 19d ago | The Unlimited Elements for Elementor plugin for WordPress is vulnerable to SQL Injection via the 'data[filter_search]' parameter in the get_cat_addons AJAX action in versions up to and including 2.0.… | |||
| CVE-2026-44448 | medium | 6.5 | 6.5 | 19d ago | ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.102.0 and 16.11.0, certain endpoints failed to enforce proper authorization checks, allowing users to modify data beyo… | |||
| CVE-2026-44445 | medium | 6.5 | 6.5 | 19d ago | ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.12.0, an improper restriction of XML external entity (XXE) reference vulnerability in the EDI Module enab… | |||
| CVE-2026-44426 | medium | 6.5 | 6.5 | 19d ago | ShellHub has cross-tenant IDOR in `GET /api/namespaces/:tenant` via API Key bypasses membership check | |||
| CVE-2026-44424 | medium | 6.5 | 6.5 | 19d ago | ShellHub has cross-tenant IDOR in `GET /api/devices/:uid` that discloses device data of any namespace | |||
| CVE-2026-44423 | medium | 6.5 | 6.5 | 19d ago | ShellHub has cross-tenant IDOR in `GET /api/sessions/:uid` that discloses SSH session data | |||
| CVE-2026-44195 | medium | 6.5 | 6.5 | 19d ago | OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, a logic flaw in the OPNsense lockout_handler allows an unauthenticated attacker to continuously reset the authentication fa… | |||
| CVE-2026-33378 | medium | 6.5 | 6.5 | 20d ago | Using the $__timeGroup macro, one can achieve an OOM by overloading the server. This requires a SQL datasource. If the server is set up to auto-restart, the impact is minimal or non-existent, as the … | |||
| CVE-2026-28383 | medium | 6.5 | 6.5 | 20d ago | A request to the Grafana plugin resources endpoint can cause unbounded memory allocation by reading the entire request body into memory. An authenticated user can exploit this to trigger an out-of-me… | |||
| CVE-2026-28380 | medium | 6.5 | 6.5 | 20d ago | Any Editor could delete any snapshot, even if they have no access to read or write them. | |||
| CVE-2026-28379 | medium | 6.5 | 6.5 | 20d ago | A race condition in Grafana Live allows authenticated users with Viewer role to trigger a server crash by sending concurrent requests that cause a fatal map access error. This results in complete ser… | |||
| CVE-2026-28376 | medium | 6.5 | 6.5 | 20d ago | The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a large or streaming request body, potentially leading to out-of-memory conditions. An authenticated us… | |||
| CVE-2026-42580 | medium | 6.5 | 6.5 | 20d ago | Netty vulnerable to HTTP Request Smuggling due to incorrect chunk size parsing | |||
| CVE-2026-22677 | medium | 6.5 | 6.5 | 20d ago | Hermes WebUI prior to 0.51.44 contains a path traversal vulnerability in the session import endpoint that allows authenticated attackers to read arbitrary files by importing a crafted session with an… | |||
| CVE-2026-44456 | medium | 6.5 | 6.5 | 20d ago | Hono: bodyLimit() can be bypassed for chunked / unknown-length requests | |||
| CVE-2026-42946 | medium | 6.5 | 6.5 | 20d ago | A vulnerability exists in the ngx_http_scgi_module and ngx_http_uwsgi_module modules that may result in excessive memory allocation or an over-read of data. When scgi_pass or uwsgi_pass is configured… | |||
| CVE-2026-42937 | medium | 6.5 | 6.5 | 20d ago | Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell (tmsh) arp and ndp commands, and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attack… | |||
| CVE-2026-42781 | medium | 6.5 | 6.5 | 20d ago | When embedded Packet Velocity Acceleration (ePVA) acceleration is configured, undisclosed local ethernet traffic can cause an increase in ePVA and Traffic Management Microkernel (TMM) resource utiliz… | |||
| CVE-2026-41959 | medium | 6.5 | 6.5 | 20d ago | Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell (tmsh) network diagnostics commands and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated… | |||
| CVE-2026-41219 | medium | 6.5 | 6.5 | 20d ago | An improper sanitization vulnerability exists in the BIG-IP QKView utility that allows a low-privileged attacker to read sensitive information from a QKView file. Note: Software versions which ha… | |||
| CVE-2026-40699 | medium | 6.5 | 6.5 | 20d ago | A vulnerability exists in the undisclosed pages in the Configuration utility that may allow a low-privileged authenticated attacker to access to undisclosed sensitive information. Note: Software ver… | |||
| CVE-2026-40462 | medium | 6.5 | 6.5 | 20d ago | Incorrect permission assignment vulnerabilities exist in iControl REST and TMOS shell (tmsh) undisclosed command which may allow an authenticated attacker to view sensitive information. Note: Softwa… | |||
| CVE-2026-40460 | medium | 6.5 | 6.5 | 20d ago | When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limi… | |||
| CVE-2026-35062 | medium | 6.5 | 6.5 | 20d ago | An authenticated iControl SOAP user may be able to obtain information of other accounts. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||
| CVE-2026-31156 | medium | 6.5 | 6.5 | 20d ago | A path injection vulnerability exists in OpenPLC v3 (2c82b0e79c53f8c1f1458eee15fec173400d6e1a) as the binary program compiled from glue_generator.cpp does not perform any validation on the file path … | |||
| CVE-2026-44796 | medium | 6.5 | 6.5 | 20d ago | Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot UI object-bulk-rename endpoints (for example, /dcim/interfaces/rename/) were vulnerable to a… | |||
| CVE-2026-44740 | medium | 6.5 | 6.5 | 20d ago | Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loo… | |||
| CVE-2026-4608 | medium | 6.5 | 6.5 | 20d ago | The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to blind SQL Injection via the 'rid' parameter in all versions up to, and including, 5.9.8.4 due to insuffic… | |||
| CVE-2026-37429 | medium | 6.5 | 6.5 | 20d ago | qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysUserMapper.xml file. This vulnerability allows attackers to access sensitive dat… | |||
| CVE-2026-37428 | medium | 6.5 | 6.5 | 20d ago | qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysDeptMapper.xml file. This vulnerability allows attackers to access sensitive dat… | |||
| CVE-2026-25107 | medium | 6.5 | 6.5 | 20d ago | ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration file of… | |||
| CVE-2026-5545 | medium | 6.5 | 6.5 | 20d ago | libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTP(S) request after a Negotiate-authenticated one, when both use the same host. libcurl features a … | |||
| CVE-2026-4782 | medium | 6.5 | 6.5 | 20d ago | The Avada Builder plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.15.2 via the 'fusion_get_svg_from_file' function with the 'custom_svg' parameter of… | |||
| CVE-2026-7619 | medium | 6.5 | 6.5 | 20d ago | The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, a… | |||
| CVE-2026-8336 | medium | 6.5 | 6.5 | 20d ago | After invoking $_internalJsEmit, which is not intended to be directly accessible, or mapreduce command’s map function in a certain way, an authenticated user can subsequently crash mongod when the se… | |||
| CVE-2026-8202 | medium | 6.5 | 6.5 | 20d ago | Using a densely populated chars mask and a large input string in the MongoDB aggregation operators $trim, $ltrim, and $rtrim, an authenticated user with aggregation permissions can pin CPU utilizatio… | |||
| CVE-2026-8199 | medium | 6.5 | 6.5 | 20d ago | An authenticated user can cause excess memory usage via bitwise match expression AST processing of $bitsAllSet, $bitsAnySet, $bitsAllClear, and $bitsAnyClear. This contributes to memory pressure and … |