CVEs from 2026
Total
13,940
critical
critical 1,209
high
high 4,532
medium
medium 4,385
low
low 483
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.8%
Top products
- chrome 503
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 172
- commerce 104
- commerce_b2b 89
- saml_sso_-_service_provider 77
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-4608 | medium | 6.5 | 6.5 | 20d ago | The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to blind SQL Injection via the 'rid' parameter in all versions up to, and including, 5.9.8.4 due to insuffic… | |||
| CVE-2026-37429 | medium | 6.5 | 6.5 | 20d ago | qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysUserMapper.xml file. This vulnerability allows attackers to access sensitive dat… | |||
| CVE-2026-37428 | medium | 6.5 | 6.5 | 20d ago | qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysDeptMapper.xml file. This vulnerability allows attackers to access sensitive dat… | |||
| CVE-2026-25107 | medium | 6.5 | 6.5 | 20d ago | ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration file of… | |||
| CVE-2026-5545 | medium | 6.5 | 6.5 | 20d ago | libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTP(S) request after a Negotiate-authenticated one, when both use the same host. libcurl features a … | |||
| CVE-2026-4782 | medium | 6.5 | 6.5 | 20d ago | The Avada Builder plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.15.2 via the 'fusion_get_svg_from_file' function with the 'custom_svg' parameter of… | |||
| CVE-2026-7619 | medium | 6.5 | 6.5 | 20d ago | The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, a… | |||
| CVE-2026-8336 | medium | 6.5 | 6.5 | 20d ago | After invoking $_internalJsEmit, which is not intended to be directly accessible, or mapreduce command’s map function in a certain way, an authenticated user can subsequently crash mongod when the se… | |||
| CVE-2026-8202 | medium | 6.5 | 6.5 | 20d ago | Using a densely populated chars mask and a large input string in the MongoDB aggregation operators $trim, $ltrim, and $rtrim, an authenticated user with aggregation permissions can pin CPU utilizatio… | |||
| CVE-2026-8199 | medium | 6.5 | 6.5 | 20d ago | An authenticated user can cause excess memory usage via bitwise match expression AST processing of $bitsAllSet, $bitsAnySet, $bitsAllClear, and $bitsAnyClear. This contributes to memory pressure and … | |||
| CVE-2026-28902 | medium | 6.5 | 6.5 | 21d ago | visionOS 26.5 | |||
| CVE-2026-28942 | medium | 6.5 | 6.5 | 21d ago | visionOS 26.5 | |||
| CVE-2026-28903 | medium | 6.5 | 6.5 | 21d ago | visionOS 26.5 | |||
| CVE-2026-28946 | medium | 6.5 | 6.5 | 21d ago | A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, macOS Tahoe 26.5. Processing maliciously crafted web content may lead to an unexpected Safari… | |||
| CVE-2026-44347 | medium | 6.5 | 6.5 | 21d ago | Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. Prior to 0.23.3, the SSO flow does not validate the state parameter, which makes it possible for an attacker to trick a user in… | |||
| CVE-2026-44223 | medium | 6.5 | 6.5 | 21d ago | vLLM is an inference and serving engine for large language models (LLMs). From to before 0.20.0, the extract_hidden_states speculative decoding proposer in vLLM returns a tensor with an incorrect sh… | |||
| CVE-2026-44204 | medium | 6.5 | 6.5 | 21d ago | Shelf is a platform for tracking physical assets. From 1.12 to before 1.20.1, a SQL injection vulnerability in the sortBy query parameter on the /assets route allows any authenticated user (any role)… | |||
| CVE-2026-42891 | medium | 6.5 | 6.5 | 21d ago | User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2026-42830 | medium | 6.5 | 6.5 | 21d ago | Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-42175 | medium | 6.5 | 6.5 | 21d ago | requests-hardened is Vulnerable to Server-Side Request Forgery | |||
| CVE-2026-40374 | medium | 6.5 | 6.5 | 21d ago | Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker to disclose information over a network. | |||
| CVE-2026-35422 | medium | 6.5 | 6.5 | 21d ago | Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized attacker to bypass a security feature over a network. | |||
| CVE-2026-34350 | medium | 6.5 | 6.5 | 21d ago | Null pointer dereference in Windows Storport Miniport Driver allows an unauthorized attacker to deny service over a network. | |||
| CVE-2026-31244 | medium | 6.5 | 6.5 | 21d ago | The mem0 1.0.0 server lacks authentication and authorization controls for its memory deletion API endpoint (DELETE /memories/{memory_id}). The endpoint allows unauthenticated users to delete arbitrar… | |||
| CVE-2026-31243 | medium | 6.5 | 6.5 | 21d ago | The mem0 1.0.0 server lacks authentication and authorization controls for its memory reset and table re-creation functionality accessible via the DELETE /memories endpoint. An unauthenticated attacke… | |||
| CVE-2026-31241 | medium | 6.5 | 6.5 | 21d ago | mem0 server lacks authentication and authorization controls for its memory deletion API endpoint | |||
| CVE-2026-25690 | medium | 6.5 | 6.5 | 21d ago | An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDeceptor 6.0.0 through 6.0.2, FortiDeceptor 5.3.0 through 5.3.3, FortiDeceptor 5.2… | |||
| CVE-2026-40300 | medium | 6.5 | 6.5 | 21d ago | Zulip is an open-source team collaboration tool. Prior to 12.0, With message_edit_history_visibility_policy set to "moves", /api/v1/messages/{id}/history still returns historical content values, allo… | |||
| CVE-2026-8368 | medium | 6.5 | 6.5 | 21d ago | LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects. On a 3xx response, the redirect handler strips only Host and Cookie before … | |||
| CVE-2026-8109 | medium | 6.5 | 6.5 | 21d ago | An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials. | |||
| CVE-2026-40016 | medium | 6.5 | 6.5 | 21d ago | Attacker can upload a malicious Sieve script over ManageSieve service (or locally) to bypass configured CPU time limits for Sieve up to 130 times of the configured limit. Attacker can use this to deg… | |||
| CVE-2026-6402 | medium | 6.5 | 6.5 | 21d ago | webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins | |||
| CVE-2026-5028 | medium | 6.5 | 6.5 | 21d ago | The Eight Day Week Print Workflow plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'title' parameter in the `pp-get-articles` AJAX action in all versions up to, and includ… | |||
| CVE-2026-7255 | medium | 6.5 | 6.5 | 21d ago | ** UNSUPPORTED WHEN ASSIGNED ** An improper restriction of excessive authentication attempts vulnerability in the web management interface of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could a… | |||
| CVE-2026-40135 | medium | 6.5 | 6.5 | 21d ago | An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authenticated attacker with administrative access to execute specially c… | |||
| CVE-2026-7010 | medium | 6.5 | 6.5 | 22d ago | HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. The unvalidated inputs are the method and URI in the request line, the URL host t… | |||
| CVE-2026-44695 | medium | 6.5 | 6.5 | 22d ago | Outline is a service that allows for collaborative documentation. Prior to 1.7.1, the Slack integration callback for GET /auth/slack.post accepts an unsigned, session-independent OAuth state value. A… | |||
| CVE-2026-43889 | medium | 6.5 | 6.5 | 22d ago | Outline is a service that allows for collaborative documentation. Prior to 1.7.0, the shares.create API accepts both collectionId and documentId simultaneously and, when published=false, only verifie… | |||
| CVE-2026-34960 | medium | 6.5 | 6.5 | 22d ago | barebox prior to version 2026.04.0 contains an out-of-bounds read vulnerability in DHCP option parsing within the dhcp_message_type() function that fails to verify the options pointer remains within … | |||
| CVE-2026-42883 | medium | 6.5 | 6.5 | 22d ago | Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the GET /api/libraries/:id/download endpoint validates that the requesting user has access to the library specified in t… | |||
| CVE-2026-42316 | medium | 6.5 | 6.5 | 22d ago | kafka-sink-azure-kusto Kafka Connect plugin is the official Microsoft sink for Azure Data Explorer (Kusto). Prior to 5.2.3, kafka-sink-azure-kusto did not sanitize user-controlled values inside the k… | |||
| CVE-2026-42315 | medium | 6.5 | 6.5 | 22d ago | pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, when passing a folder name in the set_package_data() API function call inside the data object with key "_… | |||
| CVE-2026-42314 | medium | 6.5 | 6.5 | 22d ago | pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, package folder names are sanitized using insufficient string replacement. The pattern ....// becomes .._ … | |||
| CVE-2026-8292 | medium | 6.5 | 6.5 | 22d ago | A security vulnerability has been detected in Open5GS up to 2.7.7. The affected element is the function yuarel_parse in the library /lib/sbi/conv.c of the component NRF. Such manipulation of the argu… | |||
| CVE-2026-8291 | medium | 6.5 | 6.5 | 22d ago | A weakness has been identified in Open5GS up to 2.7.7. Impacted is the function ogs_nnrf_nfm_handle_nf_profile of the file lib/sbi/nnrf-handler.c of the component NRF. This manipulation causes denial… | |||
| CVE-2026-7820 | medium | 6.5 | 6.5 | 22d ago | pgAdmin 4: Improper restriction of excessive authentication attempts | |||
| CVE-2026-7817 | medium | 6.5 | 6.5 | 22d ago | pgAdmin 4 contains local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities | |||
| CVE-2026-44199 | medium | 6.5 | 6.5 | 22d ago | Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to form pages could delete submissions to form pages they don't hav… | |||
| CVE-2026-44197 | medium | 6.5 | 6.5 | 22d ago | Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could access revisions of the page through the revis… | |||
| CVE-2026-31246 | medium | 6.5 | 6.5 | 22d ago | GPT-Pilot contains a command injection vulnerability in the Executor.run() method | |||
| CVE-2026-8290 | medium | 6.5 | 6.5 | 22d ago | A security flaw has been discovered in Open5GS up to 2.7.7. This issue affects the function smf_nsmf_handle_update_data_in_vsmf of the file /src/smf/nsmf-handler.c of the component SMF. The manipulat… | |||
| CVE-2026-8289 | medium | 6.5 | 6.5 | 22d ago | A vulnerability was identified in Open5GS up to 2.7.7. This vulnerability affects the function smf_nsmf_handle_update_data_in_vsmf of the file /src/smf/nsmf-handler.c of the component SMF. The manipu… | |||
| CVE-2026-8288 | medium | 6.5 | 6.5 | 22d ago | A vulnerability was determined in Open5GS up to 2.7.7. This affects the function gsm_handle_pdu_session_modification_qos_flow_descriptions of the file src/smf/gsm-handler.c of the component SMF. Exec… | |||
| CVE-2026-43826 | medium | 6.5 | 6.5 | 22d ago | The OpenSearch logging provider, when configured with a `host` URL that embeds credentials (for example `https://user:password@server.example.com:9200`), wrote the full host URL — including the embed… | |||
| CVE-2026-41018 | medium | 6.5 | 6.5 | 22d ago | The Elasticsearch logging provider, when configured with a `host` URL that embeds credentials (for example `https://user:password@server.example.com:9200`), wrote the full host URL — including the em… | |||
| CVE-2026-5084 | medium | 6.5 | 6.5 | 22d ago | WebDyne::Session versions through 2.075 for Perl generates the session id insecurely. The session handler generates the session id from an MD5 hash seeded with a call to the built-in rand() function… | |||
| CVE-2026-8270 | medium | 6.5 | 6.5 | 22d ago | A vulnerability was determined in Open5GS up to 2.7.7. The affected element is the function ogs_nas_parse_qos_rules of the component SMF. Executing a manipulation can lead to denial of service. The a… | |||
| CVE-2026-8269 | medium | 6.5 | 6.5 | 22d ago | A vulnerability was found in Open5GS up to 2.7.7. Impacted is the function smf_nsmf_handle_create_sm_context of the component SMF. Performing a manipulation results in denial of service. Remote explo… | |||
| CVE-2026-8268 | medium | 6.5 | 6.5 | 22d ago | A vulnerability has been found in Open5GS up to 2.7.7. This issue affects the function OpenAPI_list_create of the component SMF. Such manipulation leads to denial of service. The attack may be launch… | |||
| CVE-2026-8267 | medium | 6.5 | 6.5 | 22d ago | A flaw has been found in Open5GS up to 2.7.7. This vulnerability affects the function smf_nsmf_handle_created_data_in_vsmf of the component SMF. This manipulation causes denial of service. The attack… | |||
| CVE-2026-8266 | medium | 6.5 | 6.5 | 22d ago | A vulnerability was detected in Open5GS up to 2.7.7. This affects the function gsm_build_pdu_session_establishment_accept of the file /src/smf/gsm-build.c of the component SMF. The manipulation resul… | |||
| CVE-2026-8252 | medium | 6.5 | 6.5 | 23d ago | A vulnerability was determined in Open5GS up to 2.7.7. Affected is the function smf_nsmf_handle_create_data_in_hsmf of the component SMF. Executing a manipulation can lead to null pointer dereference… | |||
| CVE-2026-28972 | medium | 6.5 | 6.5 | 23d ago | visionOS 26.5 | |||
| CVE-2026-28920 | medium | 6.5 | 6.5 | 23d ago | visionOS 26.5 | |||
| CVE-2026-28878 | medium | 6.5 | 6.5 | 23d ago | visionOS 26.4 | |||
| CVE-2026-28918 | medium | 6.5 | 6.5 | 23d ago | visionOS 26.5 | |||
| CVE-2026-28956 | medium | 6.5 | 6.5 | 23d ago | visionOS 26.5 | |||
| CVE-2026-28922 | medium | 6.5 | 6.5 | 23d ago | This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to access private information. | |||
| CVE-2026-8251 | medium | 6.5 | 6.5 | 23d ago | A vulnerability was found in Open5GS up to 2.7.7. This impacts the function update_authorized_pcc_rule_and_qos of the file /src/smf/npcf-handler.c of the component SMF. Performing a manipulation resu… | |||
| CVE-2026-8250 | medium | 6.5 | 6.5 | 23d ago | A vulnerability has been found in Open5GS up to 2.7.7. This affects the function smf_n4_build_qos_flow_to_modify_list of the file /src/smf/n4-build.c of the component SMF. Such manipulation leads to … | |||
| CVE-2026-8249 | medium | 6.5 | 6.5 | 23d ago | A flaw has been found in Open5GS up to 2.7.7. The impacted element is the function update_authorized_pcc_rule_and_qos of the file /src/smf/npcf-handler.c of the component SMF. This manipulation cause… | |||
| CVE-2026-8248 | medium | 6.5 | 6.5 | 23d ago | A vulnerability was detected in Open5GS up to 2.7.7. The affected element is the function update_authorized_pcc_rule_and_qos of the file /src/smf/npcf-handler.c of the component SMF. The manipulation… | |||
| CVE-2026-45191 | medium | 6.5 | 6.5 | 23d ago | Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, which may allow IP ACL bypass. Mask forms like "/00" and "/01" pass validatio… | |||
| CVE-2026-45190 | medium | 6.5 | 6.5 | 23d ago | Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass. Inputs containing a trailing newline or non-ASCII digit chara… | |||
| CVE-2026-7259 | medium | 6.5 | 6.5 | 23d ago | In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, re… | |||
| CVE-2026-45184 | medium | 6.5 | 6.5 | 24d ago | Kdenlive before 26.04.1 allows dangerous proxy parameters when an attacker-controlled project file is used. | |||
| CVE-2026-45181 | medium | 6.5 | 6.5 | 24d ago | Hex-Rays IDA Pro 9.2 and 9.3 before 9.3sp2 does not block Clang dependency-file generation (via argument injection), which allows attackers to place their code into a plugins directory if the victim … | |||
| CVE-2026-42576 | medium | 6.5 | 6.5 | 24d ago | apko `DiscoverKeys` has a panic on non-rsa jwks key that causes crash during key discovery | |||
| CVE-2026-42183 | medium | 6.5 | 6.5 | 24d ago | Argo Affected by SSO RBAC Delegation Nil Pointer Dereference DoS (gatekeeper.go) | |||
| CVE-2026-41311 | medium | 6.5 | 6.5 | 24d ago | liquidjs has a Denial of Service via circular block reference in layout | |||
| CVE-2026-42346 | medium | 6.5 | 6.5 | 25d ago | Postiz is an AI social media scheduling tool. From version 2.16.6 to before version 2.21.7, all SSRF protections added in v2.21.4–v2.21.6 share a fundamental TOCTOU (Time-of-Check-Time-of-Use) vulner… | |||
| CVE-2026-42209 | medium | 6.5 | 6.5 | 25d ago | FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.1, a remote client with retained publish permission can crash the FlashMQ broker when both set_retained_mes… | |||
| CVE-2026-44200 | medium | 6.5 | 6.5 | 25d ago | Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to pages could copy a page they don't have access to to an area of … | |||
| CVE-2026-42181 | medium | 6.5 | 6.5 | 25d ago | Lemmy has SSRF and internal image disclosure in post link metadata via unvalidated og:image | |||
| CVE-2026-41885 | medium | 6.5 | 6.5 | 25d ago | i18next-locize-backend has URL Injection via Unsanitized Path Parameters | |||
| CVE-2026-41585 | medium | 6.5 | 6.5 | 25d ago | Zebra Vulnerable to Denial of Service via Interrupted JSON-RPC Requests from Authenticated Clients | |||
| CVE-2026-41308 | medium | 6.5 | 6.5 | 25d ago | Password Pusher is an open source application to communicate sensitive information over the web. Prior to versions 1.69.3 and 2.4.2, a security issue in OSS PasswordPusher allowed unauthenticated cre… | |||
| CVE-2026-42277 | medium | 6.5 | 6.5 | 25d ago | Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the GET /chat/file/{file_id} endpoint allows any authenticated user to download any other user's uploaded files by provi… | |||
| CVE-2026-8123 | medium | 6.5 | 6.5 | 25d ago | A vulnerability was determined in Open5GS up to 2.7.7. This impacts the function ogs_sbi_discovery_option_add_snssais in the library /lib/sbi/message.c of the component NSSF. This manipulation causes… | |||
| CVE-2026-8122 | medium | 6.5 | 6.5 | 26d ago | A vulnerability was found in Open5GS up to 2.7.7. This affects the function ogs_sbi_discovery_option_add_service_names in the library /lib/sbi/message.c of the component NSSF. The manipulation result… | |||
| CVE-2026-8121 | medium | 6.5 | 6.5 | 26d ago | A vulnerability has been found in Open5GS up to 2.7.7. The impacted element is the function ogs_sbi_parse_plmn_list in the library /lib/sbi/conv.c of the component NSSF. The manipulation leads to den… | |||
| CVE-2026-8120 | medium | 6.5 | 6.5 | 26d ago | A flaw has been found in Open5GS up to 2.7.7. The affected element is the function nssf_nnrf_nsselection_handle_get_from_amf_or_vnssf of the file /src/nssf/nnssf-handler.c of the component NSSF. Exec… | |||
| CVE-2026-8113 | medium | 6.5 | 6.5 | 26d ago | A vulnerability was determined in 8421bit MiniClaw up to 43905b934cf76489ab28e4d17da28ee97970f91f. Affected by this vulnerability is the function isPathInside of the file src/kernel.ts of the compone… | |||
| CVE-2026-6736 | medium | 6.5 | 6.5 | 26d ago | An authentication bypass vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to create a local user account, bypassing the configured external identity p… | |||
| CVE-2026-8142 | medium | 6.5 | 6.5 | 26d ago | VINCE versions 3.0.38 and earlier do not properly verify the From address authenticity due to encoding confusion and use the from address for automated actions such as Ticket creation or Ticket updat… | |||
| CVE-2026-27892 | medium | 6.5 | 6.5 | 26d ago | FacturaScripts Vulnerable to Unstripped Image Metadata (EXIF) Leakage via Library Module File Upload/Download | |||
| CVE-2026-36387 | medium | 6.5 | 6.5 | 26d ago | A Remote Code Execution vulnerability was found in CODEASTRO Membership Management System v1.0 in /add_members.php. This vulnerability affects the file upload functionality, where improper file sanit… | |||
| CVE-2026-41684 | medium | 6.5 | 6.5 | 26d ago | Incus is a system container and virtual machine manager. Prior to version 7.0.0, backup.GetInfo() trusts the inline backup/index.yaml config when present and only falls back to parsing the legacy bac… | |||
| CVE-2026-41647 | medium | 6.5 | 6.5 | 26d ago | Incus is a system container and virtual machine manager. Prior to version 7.0.0, a missing error handling could lead an authenticated Incus user to cause a daemon crash through the import of a trunca… | |||
| CVE-2026-5791 | medium | 6.5 | 6.5 | 26d ago | Cross-Site request forgery (CSRF) vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross Site Request Forgery. This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2. |