CVEs from 2026
Total
13,382
critical
critical 1,134
high
high 4,032
medium
medium 4,056
low
low 427
% Critical
8.5%
% with KEV
0.4%
% with exploit
0.5%
Top products
- chrome 299
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-41385 | medium | 6.5 | 6.5 | 1mo ago | OpenClaw Nostr privateKey config redaction bypass leaks plaintext signing key via config.get | |||
| CVE-2026-41376 | medium | 6.5 | 6.5 | 1mo ago | OpenClaw: Matrix thread root and reply context bypass sender allowlist | |||
| CVE-2026-41375 | medium | 6.5 | 6.5 | 1mo ago | OpenClaw: `/phone arm`/`/phone disarm` Bypasses `operator.admin` Scope Check for External Channels | |||
| CVE-2026-24204 | medium | 6.5 | 6.5 | 1mo ago | NVIDIA Flare SDK contains a vulnerability where an Attacker may cause an Improper Input Validation by path traversing. A successful exploit of this vulnerability may lead to information disclosure. | |||
| CVE-2026-6706 | medium | 6.5 | 6.5 | 1mo ago | Improper access control in the vault documentation feature in Devolutions Server allows an authenticated attacker to read documentation content from unauthorized vaults via a crafted API request. … | |||
| CVE-2026-41607 | medium | 6.5 | 6.5 | 1mo ago | Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue. | |||
| CVE-2026-40980 | medium | 6.5 | 6.5 | 1mo ago | Spring AI Vulnerable to OOM by attacker-controlled PDF | |||
| CVE-2026-41525 | medium | 6.5 | 6.5 | 1mo ago | KDE Dolphin before 25.12.3 allows applications in a Flatpak (or with AppArmor confinement) to open folders outside of the application sandbox without additional scrutiny. Dolphin's implementation of … | |||
| CVE-2026-41370 | medium | 6.5 | 6.5 | 1mo ago | OpenClaw before 2026.3.31 contains a path traversal vulnerability in ACP dispatch that allows attackers to read arbitrary files by manipulating inbound channel attachment paths. Remote attackers can … | |||
| CVE-2026-41369 | medium | 6.5 | 6.5 | 1mo ago | OpenClaw: Host exec environment sanitization misses package, registry, Docker, compiler, and TLS override variables | |||
| CVE-2026-41368 | medium | 6.5 | 6.5 | 1mo ago | OpenClaw before 2026.3.28 contains an environment variable disclosure vulnerability in the jq safe-bin policy that fails to block the $ENV filter. Attackers can bypass safe-bin restrictions by using … | |||
| CVE-2026-41363 | medium | 6.5 | 6.5 | 1mo ago | OpenClaw: Feishu extension resolveUploadInput bypasses file-system sandbox and allows arbitrary file reads via upload_image | |||
| CVE-2026-41465 | medium | 6.5 | 6.5 | 1mo ago | ProjeQtor versions 7.0 through 12.4.3 contain a path traversal vulnerability in the log file viewer at dynamicDialog.php where the logname parameter is not validated against directory traversal seque… | |||
| CVE-2026-41081 | medium | 6.5 | 6.5 | 1mo ago | Apache Storm's Improper Handling of TLS Client Authentication Failure Leads to Anonymous Principal Assignment | |||
| CVE-2026-42255 | medium | 6.5 | 6.5 | 1mo ago | Technitium DNS Server before 15.0 allows DNS traffic amplification via cyclic name server delegation. | |||
| CVE-2026-41481 | medium | 6.5 | 6.5 | 1mo ago | LangChain is a framework for building agents and LLM-powered applications. Prior to langchain-text-splitters 1.1.2, HTMLHeaderTextSplitter.split_text_from_url() validated the initial URL using valid… | |||
| CVE-2026-6968 | medium | 6.5 | 6.5 | 1mo ago | Incomplete path traversal fixes in awslabs/tough before tough-v0.22.0 allow remote authenticated users with delegated signing authority to write files outside intended output directories via absolute… | |||
| CVE-2026-6967 | medium | 6.5 | 6.5 | 1mo ago | awslabs/tough is Missing Delegated Metadata Validation | |||
| CVE-2026-6966 | medium | 6.5 | 6.5 | 1mo ago | awslabs/tough Delegated Roles have a Signature Threshold Bypass | |||
| CVE-2026-41427 | medium | 6.5 | 6.5 | 1mo ago | OAuth 2.1 Provider: Unprivileged users can register OAuth clients | |||
| CVE-2026-42041 | medium | 6.5 | 6.5 | 1mo ago | Axios: Authentication Bypass via Prototype Pollution Gadget in `validateStatus` Merge Strategy | |||
| CVE-2026-42202 | medium | 6.5 | 6.5 | 1mo ago | nova-toggle-5: Improper authorization on toggle endpoint allowed non-Nova users to modify boolean fields | |||
| CVE-2026-5265 | medium | 6.5 | 6.5 | 1mo ago | When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body using the IP header's self-declared total leng… | |||
| CVE-2026-41340 | medium | 6.5 | 6.5 | 1mo ago | OpenClaw before 2026.3.31 contains an authentication boundary vulnerability where Telegram legacy allowFrom migration incorrectly fans default-account trust into all named accounts. Attackers can exp… | |||
| CVE-2026-41334 | medium | 6.5 | 6.5 | 1mo ago | OpenClaw before 2026.3.31 contains a decompression bomb vulnerability in image processing that fails to properly enforce pixel-limit guards on sips. Attackers can exploit this by uploading oversized … | |||
| CVE-2026-41908 | medium | 6.5 | 6.5 | 1mo ago | OpenClaw: Assistant media route missed scope enforcement for trusted-proxy authorization | |||
| CVE-2026-5926 | medium | 6.5 | 6.5 | 1mo ago | IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Acce… | |||
| CVE-2026-41314 | medium | 6.5 | 6.5 | 1mo ago | pypdf: Manipulated FlateDecode image dimensions can exhaust RAM | |||
| CVE-2026-6355 | medium | 6.5 | 6.5 | 1mo ago | A vulnerability in the web application allows unauthorized users to access and manipulate sensitive data across different tenants by exploiting insecure direct object references. This could lead to u… | |||
| CVE-2026-31192 | medium | 6.5 | 6.5 | 1mo ago | Insufficient validation of Chrome extension identifiers in Raindrop.io Bookmark Manager Web App 5.6.76.0 allows attackers to obtain sensitive user data via a crafted request. | |||
| CVE-2026-6834 | medium | 6.5 | 6.5 | 1mo ago | The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated remote attackers to arbitrarily read database contents through a specific API method. | |||
| CVE-2026-6833 | medium | 6.5 | 6.5 | 1mo ago | The a+HRD developed by aEnrich has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents. | |||
| CVE-2026-40924 | medium | 6.5 | 6.5 | 1mo ago | Tekton Pipelines: HTTP Resolver Unbounded Response Body Read Enables Denial of Service via Memory Exhaustion | |||
| CVE-2026-41320 | medium | 6.5 | 6.5 | 1mo ago | Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.54.0 and 14.38.1, a specially crafted request made to a certain endpoint could result in SQL injection, al… | |||
| CVE-2026-40889 | medium | 6.5 | 6.5 | 1mo ago | Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.58.2 and 16.4.2, authenticated users can access unauthorized files by exploiting certain api endpoint. Ver… | |||
| CVE-2026-40888 | medium | 6.5 | 6.5 | 1mo ago | Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.58.1 and 16.4.1, an authenticated user with default role can access unauthorized information by exploiting… | |||
| CVE-2026-40161 | medium | 6.5 | 6.5 | 1mo ago | Tekton Pipelines: Git resolver API mode leaks system-configured API token to user-controlled serverURL | |||
| CVE-2026-30452 | medium | 6.5 | 6.5 | 1mo ago | Textpattern CMS 4.9.0 contains a Broken Access Control vulnerability in the article management system that allows authenticated users with low privileges to modify articles owned by users with higher… | |||
| CVE-2026-25542 | medium | 6.5 | 6.5 | 1mo ago | Tekton Pipelines has VerificationPolicy regex pattern bypass via substring matching | |||
| CVE-2026-39396 | medium | 6.5 | 6.5 | 1mo ago | OpenBao: Decompression Bomb via Unbounded Copy in OCI Plugin Extraction (DoS) | |||
| CVE-2026-6588 | medium | 6.5 | 6.5 | 1mo ago | A weakness has been identified in serge-chat serge up to 1.4TB. The impacted element is the function download_model/delete_model of the file api/src/serge/routers/model.py of the component Model API … | |||
| CVE-2026-6579 | medium | 6.5 | 6.5 | 1mo ago | A weakness has been identified in liangliangyy DjangoBlog up to 2.1.0.0. This impacts an unknown function of the file blog/views.py of the component Clean Endpoint. This manipulation causes missing a… | |||
| CVE-2026-40346 | medium | 6.5 | 6.5 | 1mo ago | NocoBase has SSRF in Workflow HTTP Request and Custom Request Plugins | |||
| CVE-2026-40293 | medium | 6.5 | 6.5 | 1mo ago | OpenFGA: Unauthenticated playground endpoint discloses preshared API key in HTML response | |||
| CVE-2026-33569 | medium | 6.5 | 6.5 | 1mo ago | Anviz CX2 Lite and CX7 administrative sessions occur over HTTP, enabling on‑path attackers to sniff credentials and session data, which can be used to compromise the device. | |||
| CVE-2026-23777 | medium | 6.5 | 6.5 | 1mo ago | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.1… | |||
| CVE-2026-41313 | medium | 6.5 | 6.5 | 1mo ago | pypdf: Possible long runtimes for wrong size values in incremental mode | |||
| CVE-2026-41312 | medium | 6.5 | 6.5 | 1mo ago | pypdf: Manipulated FlateDecode predictor parameters can exhaust RAM | |||
| CVE-2026-3861 | medium | 6.5 | 6.5 | 1mo ago | LINE client for iOS versions prior to 26.3.0 contains a vulnerability in the in-app browser where opening a crafted web page can repeatedly trigger OS-level dialogs due to insufficient safeguards whe… | |||
| CVE-2026-6364 | medium | 6.5 | 6.5 | 1mo ago | Out of bounds read in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted file. (Chromium security se… | |||
| CVE-2026-20081 | medium | 6.5 | 6.5 | 1mo ago | Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attack… | |||
| CVE-2026-20078 | medium | 6.5 | 6.5 | 1mo ago | Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attack… | |||
| CVE-2026-20061 | medium | 6.5 | 6.5 | 1mo ago | A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit… | |||
| CVE-2026-23653 | medium | 6.5 | 6.5 | 2mo ago | Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network. | |||
| CVE-2026-38533 | medium | 6.5 | 6.5 | 2mo ago | An improper authorization vulnerability in the /api/v1/users/{id} endpoint of Snipe-IT v8.4.0 allows authenticated attackers with the users.edit permission to modify sensitive authentication and acco… | |||
| CVE-2026-22576 | medium | 6.5 | 6.5 | 2mo ago | A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all v… | |||
| CVE-2026-22574 | medium | 6.5 | 6.5 | 2mo ago | A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all v… | |||
| CVE-2026-22573 | medium | 6.5 | 6.5 | 2mo ago | An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5 all versions, FortiSOAR PaaS 7.4 all… | |||
| CVE-2026-21742 | medium | 6.5 | 6.5 | 2mo ago | A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3… | |||
| CVE-2026-34264 | medium | 6.5 | 6.5 | 2mo ago | During authorization checks in SAP Human Capital Management for SAP S/4HANA, the system returns specific messages. Due to this, an authenticated user with low privileges could guess and enumerate the… | |||
| CVE-2026-27679 | medium | 6.5 | 6.5 | 2mo ago | Due to missing authorization checks in the SAP S/4HANA frontend OData Service (Manage Reference Structures), an attacker could update and delete child entities via exposed OData services without prop… | |||
| CVE-2026-31280 | medium | 6.5 | 6.5 | 2mo ago | An issue in the Bluetooth RFCOMM service of Parani M10 Motorcycle Intercom v2.1.3 allows unauthorized attackers to cause a Denial of Service (DoS) via supplying crafted RFCOMM frames. | |||
| CVE-2026-6111 | medium | 6.5 | 6.5 | 2mo ago | MetaGPT affected by server-side request forgery in metagpt/utils/common.py | |||
| CVE-2026-5412 | medium | 6.5 | 6.5 | 2mo ago | Juju: CloudSpec method leaking cloud credentials | |||
| CVE-2026-5460 | medium | 6.5 | 6.5 | 2mo ago | A heap use-after-free exists in wolfSSL's TLS 1.3 post-quantum cryptography (PQC) hybrid KeyShare processing. In the error handling path of TLSX_KeyShare_ProcessPqcHybridClient() in src/tls.c, the in… | |||
| CVE-2026-5778 | medium | 6.5 | 6.5 | 2mo ago | Integer underflow in wolfSSL packet sniffer <= 5.9.0 allows an attacker to cause a program crash in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication… | |||
| CVE-2026-5263 | medium | 6.5 | 6.5 | 2mo ago | URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate chain verification in wolfcrypt/src/asn.c. A compromised or malicious sub-CA could issue leaf cert… | |||
| CVE-2026-5329 | medium | 6.5 | 6.5 | 2mo ago | Rapid7 Velociraptor versions prior to 0.76.2 contain an improper input validation vulnerability in the client monitoring message handler on the Velociraptor server (primarily Linux) that allows an au… | |||
| CVE-2026-5919 | medium | 6.5 | 6.5 | 2mo ago | Insufficient validation of untrusted input in WebSockets in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a … | |||
| CVE-2026-2377 | medium | 6.5 | 6.5 | 2mo ago | A flaw was found in mirror-registry. Authenticated users can exploit the log export feature by providing a specially crafted web address (URL). This allows the application's backend to make arbitrary… | |||
| CVE-2026-39651 | medium | 6.5 | 6.5 | 2mo ago | Missing Authorization vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total Poll Lite: from n/a t… | |||
| CVE-2026-39641 | medium | 6.5 | 6.5 | 2mo ago | Cross-Site Request Forgery (CSRF) vulnerability in Skywarrior Blackfyre blackfyre allows Cross Site Request Forgery.This issue affects Blackfyre: from n/a through <= 2.5.4. | |||
| CVE-2026-39639 | medium | 6.5 | 6.5 | 2mo ago | Missing Authorization vulnerability in redpixelstudios RPS Include Content rps-include-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RPS Include C… | |||
| CVE-2026-39633 | medium | 6.5 | 6.5 | 2mo ago | Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Car Rental grandcarrental allows Cross Site Request Forgery.This issue affects Grand Car Rental: from n/a through <= 3.6.9. | |||
| CVE-2026-39488 | medium | 6.5 | 6.5 | 2mo ago | Missing Authorization vulnerability in SureCart SureCart surecart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SureCart: from n/a through <= 4.0.2. | |||
| CVE-2026-35454 | medium | 6.5 | 6.5 | 2mo ago | Code Extension Marketplace: Zip Slip Path Traversal | |||
| CVE-2026-34061 | medium | 6.5 | 6.5 | 2mo ago | nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an elected validator proposer can send an ele… | |||
| CVE-2026-25773 | medium | 6.5 | 6.5 | 2mo ago | Focalboard doesn't sanitize category IDs before incorporating them into dynamic SQL statements | |||
| CVE-2026-35038 | medium | 6.5 | 6.5 | 2mo ago | Signal K Server: Arbitrary Prototype Read via `from` Field Bypass | |||
| CVE-2026-5330 | medium | 6.5 | 6.5 | 2mo ago | A vulnerability was found in SourceCodester/mayuri_k Best Courier Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=delete_user of the component… | |||
| CVE-2026-5316 | medium | 6.5 | 6.5 | 2mo ago | A vulnerability was identified in Nothings stb up to 1.22. The impacted element is the function setup_free of the file stb_vorbis.c. The manipulation leads to allocation of resources. The attack is p… | |||
| CVE-2026-34531 | medium | 6.5 | 6.5 | 2mo ago | Flask-HTTPAuth invokes token verification callback when missing or empty token was given by client | |||
| CVE-2026-4964 | medium | 6.5 | 6.5 | 2mo ago | A security vulnerability has been detected in letta-ai letta 0.16.4. This vulnerability affects the function _convert_message_create_to_message of the file letta/helpers/message_helper.py of the comp… | |||
| CVE-2026-4958 | medium | 6.5 | 6.5 | 2mo ago | A vulnerability has been found in OpenBMB XAgent 1.0.0. This affects the function ReplayServer.on_connect/ReplayServer.send_data of the file XAgentServer/application/websockets/replayer.py of the com… | |||
| CVE-2026-33693 | medium | 6.5 | 6.5 | 2mo ago | Activitypub-Federation has SSRF via 0.0.0.0 bypass in activitypub-federation-rust v4_is_invalid() | |||
| CVE-2026-4825 | medium | 6.5 | 6.5 | 2mo ago | A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file /update_sales.php of the component HTTP GET Parameter Handler. The manipulation of… | |||
| CVE-2026-32541 | medium | 6.5 | 6.5 | 2mo ago | Missing Authorization vulnerability in Premmerce Premmerce Redirect Manager premmerce-redirect-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premm… | |||
| CVE-2026-32535 | medium | 6.5 | 6.5 | 2mo ago | Authorization Bypass Through User-Controlled Key vulnerability in JoomSky JS Help Desk js-support-ticket allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS … | |||
| CVE-2026-32533 | medium | 6.5 | 6.5 | 2mo ago | Authorization Bypass Through User-Controlled Key vulnerability in LatePoint LatePoint latepoint allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LatePoint: f… | |||
| CVE-2026-32527 | medium | 6.5 | 6.5 | 2mo ago | Missing Authorization vulnerability in CRM Perks WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms cf7-insightly allows Exploiting Incorrectly Configured Access Control … | |||
| CVE-2026-32514 | medium | 6.5 | 6.5 | 2mo ago | Missing Authorization vulnerability in Anton Voytenko Petitioner petitioner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Petitioner: from n/a through <= … | |||
| CVE-2026-32483 | medium | 6.5 | 6.5 | 2mo ago | Missing Authorization vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Emai… | |||
| CVE-2026-27046 | medium | 6.5 | 6.5 | 2mo ago | Missing Authorization vulnerability in Kaira StoreCustomizer woocustomizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects StoreCustomizer: from n/a through… | |||
| CVE-2026-25469 | medium | 6.5 | 6.5 | 2mo ago | Missing Authorization vulnerability in ViaBill for WooCommerce ViaBill – WooCommerce viabill-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Via… | |||
| CVE-2026-25465 | medium | 6.5 | 6.5 | 2mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople CP Multi View Event Calendar cp-multi-view-calendar allows Stored XSS.This issue affe… | |||
| CVE-2026-25455 | medium | 6.5 | 6.5 | 2mo ago | Missing Authorization vulnerability in PickPlugins Product Slider for WooCommerce woocommerce-products-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affect… | |||
| CVE-2026-25454 | medium | 6.5 | 6.5 | 2mo ago | Missing Authorization vulnerability in MVPThemes The League the-league allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The League: from n/a through <= 4.4.1. | |||
| CVE-2026-25430 | medium | 6.5 | 6.5 | 2mo ago | Missing Authorization vulnerability in CRM Perks Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms cf7-mailchimp allows Exploiting Incorrectly Configured Access Control Se… | |||
| CVE-2026-25390 | medium | 6.5 | 6.5 | 2mo ago | Missing Authorization vulnerability in Saad Iqbal New User Approve new-user-approve allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects New User Approve: from n… | |||
| CVE-2026-25365 | medium | 6.5 | 6.5 | 2mo ago | Missing Authorization vulnerability in Özgür KARALAR Kargo Takip kargo-takip-turkiye allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kargo Takip: from n/a t… |