CVEs from 2026
Total
13,933
critical
critical 1,210
high
high 4,528
medium
medium 4,381
low
low 483
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.7%
Top products
- chrome 503
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 172
- commerce 104
- commerce_b2b 89
- saml_sso_-_service_provider 77
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-23325 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211() Check frame length before accessing the mgmt fields … | |||
| CVE-2026-23324 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: can: usb: etas_es58x: correctly anchor the urb in the read bulk callback When submitting an urb, that is using the anchor pattern… | |||
| CVE-2026-23323 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: hwmon: (macsmc) Fix regressions in Apple Silicon SMC hwmon driver The recently added macsmc-hwmon driver contained several critic… | |||
| CVE-2026-6502 | unknown | — | — | — | ||||
| CVE-2026-23322 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ipmi: Fix use-after-free and list corruption on sender error The analysis from Breno: When the SMI sender returns an error, smi_… | |||
| CVE-2026-33549 | unknown | — | — | — | SPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended privilege assignment (of administrator privileges) during the editing of an author data structure because of STATUT mishandling. | |||
| CVE-2026-23319 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim The root cause of this bug is that when 'bpf_link_put' reduces the refcou… | |||
| CVE-2026-23321 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: in-kernel: always mark signal+subflow endp as used Syzkaller managed to find a combination of actions that was generat… | |||
| CVE-2026-23318 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Use correct version for UAC3 header validation The entry of the validators table for UAC3 AC header descriptor i… | |||
| CVE-2026-23317 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions Before the referenced fixes these functions used a lookup fun… | |||
| CVE-2026-23316 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: ipv4: fix ARM64 alignment fault in multipath hash seed `struct sysctl_fib_multipath_hash_seed` contains two u32 fields (user… | |||
| CVE-2026-23315 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211() Check frame length before accessing the mgmt fields in… | |||
| CVE-2026-23314 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: regulator: bq257xx: Fix device node reference leak in bq257xx_reg_dt_parse_gpio() In bq257xx_reg_dt_parse_gpio(), if fails to get… | |||
| CVE-2026-5056 | unknown | — | — | — | ||||
| CVE-2026-42489 | unknown | — | — | — | ||||
| CVE-2026-42488 | unknown | — | — | — | ||||
| CVE-2026-42490 | unknown | — | — | — | ||||
| CVE-2026-42487 | unknown | — | — | — | ||||
| CVE-2026-39863 | unknown | — | — | — | Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.1.1, 6.0.6, and 5.8.8, an out-of-bounds access in the core of Kamailio (formerly OpenSER and SER) allows remote attacke… | |||
| CVE-2026-39864 | unknown | — | — | — | Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.0.5 and 5.8.7, an out-of-bounds read in the auth module of Kamailio (formerly OpenSER and SER) allows remote attackers … | |||
| CVE-2026-44227 | unknown | — | — | — | ||||
| CVE-2026-28422 | unknown | — | — | — | Vim is an open source, command line text editor. Prior to version 9.2.0078, a stack-buffer-overflow occurs in `build_stl_str_hl()` when rendering a statusline with a multi-byte fill character on a ve… | |||
| CVE-2026-34714 | unknown | — | — | — | Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE. | |||
| CVE-2026-46718 | unknown | — | — | 17 min ago | Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Apache Calcite. This issue affects Apache Calcite: from 1.5.0 before 1.42. Users are recommended … | |||
| CVE-2026-41115 | unknown | — | — | 17 min ago | An improper authorization vulnerability has been identified in Apache Kafka. The implementation of the CONSUMER_GROUP_DESCRIBE (69) API validates the DESCRIBE operation on the GROUP resource instead… | |||
| CVE-2026-34907 | unknown | — | — | 17 min ago | Wirtualna Uczelnia is vulnerable to Reflected Cross‑Site Scripting (XSS) due to insecure handling of the locale parameter across multiple endpoints. An attacker can craft a malicious URL with JavaScr… | |||
| CVE-2026-34906 | unknown | — | — | 17 min ago | Server-Side Template Injection (SSTI) in Wirtualna Uczelnia allows an unauthenticated attacker to perform Remote Code Execution (RCE). In the endpoint redirectToUrl and parameter redirectUrlParameter… | |||
| CVE-2026-10549 | unknown | — | — | 17 min ago | LDAP filter injection vulnerability in Yandex Database prior to 25.3.1.25 allows a remote attacker with valid LDAP credentials to bypass group membership checks resulting in unauthorized access to th… | |||
| CVE-2026-8293 | unknown | — | — | 3h ago | The Really Simple Security WordPress plugin before 9.5.10.1 does not enforce the second-factor challenge in two of its two-factor authentication REST endpoints, allowing an attacker who knows a user… | |||
| CVE-2026-10510 | unknown | — | — | 7h ago | Cross-Site Scripting (XSS) in GeniexWebView component in Transsion AI Assistant Lifestyle application (com.transsion.aiassistantlifestyle) all versions on Android allows remote attacker to execute ar… | |||
| CVE-2026-0088 | unknown | — | — | 12h ago | In getCallingAppLabel of CertInstaller.java, there is a possible way to hide a sensitive security dialogue due to misleading or insufficient UI. This could lead to local escalation of privilege with … | |||
| CVE-2026-0087 | unknown | — | — | 12h ago | In approvalLevelForDomainInternal of DomainVerificationService.java, there is a possible way to hijack an arbitrary app link due to a logic error in the code. This could lead to local escalation of p… | |||
| CVE-2026-0086 | unknown | — | — | 12h ago | In onCreate of DisableSupervisionActivity.kt, there is a possible way to delete supervision data due to a missing null check. This could lead to local escalation of privilege with no additional execu… | |||
| CVE-2026-0078 | unknown | — | — | 12h ago | In setGlobalProxy of DevicePolicyManagerService.java, there is a possible desync in persistence due to improper input validation. This could lead to local escalation of privilege with no additional e… | |||
| CVE-2026-0077 | unknown | — | — | 12h ago | In resumeConfigurationDispatch of ActivityRecord.java, there is a possible background application launch (bal) due to a logic error in the code. This could lead to local escalation of privilege with … | |||
| CVE-2026-0076 | unknown | — | — | 12h ago | In validateNode of ResourceTypes.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges… | |||
| CVE-2026-0075 | unknown | — | — | 12h ago | In multiple functions, there is a possible way to access the contacts database due to a SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed.… | |||
| CVE-2026-0061 | unknown | — | — | 12h ago | In multiple functions of WindowState.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege wit… | |||
| CVE-2026-0055 | unknown | — | — | 12h ago | In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller (DPC) into an invalid directory due to a path traversal error. This could lead to lo… | |||
| CVE-2026-0048 | unknown | — | — | 12h ago | In hide of WindowState.java, there is a possible way to trick the user into approving permissions due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no addition… | |||
| CVE-2026-0046 | unknown | — | — | 12h ago | In InputInterceptor of Letterbox.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no… | |||
| CVE-2026-0045 | unknown | — | — | 12h ago | In bta_jv_rfcomm_connect of bta_jv_act.cc, there is a possible bypass of bonding for a secure connection due to a logic error in the code. This could lead to local escalation of privilege with no add… | |||
| CVE-2026-0036 | unknown | — | — | 12h ago | In startAnimation of StageCoordinator.java, there is a possible tapjacking issue due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution priv… | |||
| CVE-2026-0009 | unknown | — | — | 12h ago | In multiple locations, there is a possible tapjacking due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interacti… | |||
| CVE-2026-49139 | unknown | — | — | 15h ago | Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the Microsoft Teams channel handler that allows remote attackers to exfiltrate Bot Framework bearer tokens by su… | |||
| CVE-2026-37235 | unknown | — | — | 15h ago | FlexRIC v2.0.0 trusts the xapp_id field from E42 message payloads without binding it to the sender's SCTP association. The validation function valid_xapp_id() only checks that the value is within the… | |||
| CVE-2026-37233 | unknown | — | — | 15h ago | FlexRIC v2.0.0 contains an authorization bypass in the iApp's xApp isolation mechanism. The equality function eq_xapp_ric_gen_id() in src/ric/iApp/xapp_ric_id.c compares m0->xapp_id against itself (m… | |||
| CVE-2026-37232 | unknown | — | — | 15h ago | An issue was discovered in OpenAirInterface5G 2.4.0 (nr-softmodem) in the E2SM-KPM RAN Function's PRB utilization metric calculation. The functions fill_RRU_PrbTotDl() and fill_RRU_PrbTotUl() in open… | |||
| CVE-2026-37231 | unknown | — | — | 15h ago | FlexRIC v2.0.0 uses a uint16_t counter for xapp_id assignment but stores the value in uint32_t message fields. After 65,530+ E42_SETUP_REQUESTs, the 16-bit counter wraps around and produces duplicate… | |||
| CVE-2026-37230 | unknown | — | — | 15h ago | FlexRIC v2.0.0 crashes when the near-RT RIC receives a RIC_INDICATION message with a ran_func_id that does not exist in its registry. The lookup returns NULL, triggering assert() in Debug builds (SIG… | |||
| CVE-2026-37229 | unknown | — | — | 15h ago | FlexRIC v2.0.0 contains a reachable assertion in e2ap_create_pdu() triggered when ASN.1 PER decoding fails. A remote unauthenticated attacker can send any non-PER byte sequence (e.g., a single 0x00 b… | |||
| CVE-2026-37228 | unknown | — | — | 15h ago | FlexRIC v2.0.0 contains a reachable assertion in e2ap_recv_sctp_msg() (src/lib/ep/e2ap_ep.c). The function allocates a fixed 32KB receive buffer and enforces assert(rc < len) on the sctp_recvmsg() re… | |||
| CVE-2026-37226 | unknown | — | — | 15h ago | FlexRIC v2.0.0 crashes when the iApp receives an E42_RIC_SUBSCRIPTION_REQUEST referencing a non-existent E2 Node. The lookup function returns NULL, which is enforced by assert() in Debug builds (SIGA… | |||
| CVE-2026-0072 | unknown | — | — | 15h ago | In addInputMethodListener of com.android.server.inputmethod.InputMethodManagerService, there is a missing permission check. This could lead to local escalation of privilege with no additional executi… | |||
| CVE-2026-8643 | unknown | — | — | 17h ago | pip would treat console_scripts and gui_scripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed out… | |||
| CVE-2026-8931 | unknown | — | — | 19h ago | A critical Remote Code Execution (RCE) vulnerability exists in Disig Web Signer versions 2.0.3 through 2.5.3. | |||
| CVE-2026-42251 | unknown | — | — | 19h ago | Use of hard-coded credentials in KS-SOMED allowed an unauthorized attacker access to FTP server that hosted the application's update packages. The attacker with these credentials could upload a malic… | |||
| CVE-2026-0826 | unknown | — | — | 19h ago | In certain scenarios when the admin has enabled Interactive Connectivity Establishment (ICE), a buffer overflow could enable remote code execution on Poly Voice products on the Linux p… | |||
| CVE-2026-47191 | unknown | — | — | 20h ago | kas checks out SHA-like git branches as valid commits | |||
| CVE-2026-47412 | unknown | — | — | 20h ago | praisonai-platform: Any workspace member can delete the entire workspace via DELETE /workspaces/{id} | |||
| CVE-2026-47415 | unknown | — | — | 20h ago | praisonai-platform: Issue endpoints accept any issue_id without workspace ownership check, cross-workspace read/update/delete IDOR | |||
| CVE-2026-47413 | unknown | — | — | 20h ago | praisonai-platform: Any workspace member can add arbitrary user as owner via POST /workspaces/{id}/members | |||
| CVE-2026-47411 | unknown | — | — | 20h ago | praisonai-platform: Any workspace member can rewrite workspace name, description, and settings via PATCH /workspaces/{id} | |||
| CVE-2026-47417 | unknown | — | — | 20h ago | praisonai-platform: Comment endpoints accept any issue_id without workspace ownership check, cross-workspace comment read and post IDOR | |||
| CVE-2026-47418 | unknown | — | — | 20h ago | praisonai-platform: Project endpoints accept any project_id without workspace ownership check, cross-workspace read/update/delete IDOR | |||
| CVE-2026-47425 | unknown | — | — | 20h ago | rattler has an entry-point path traversal in noarch:python install (arbitrary file write) | |||
| CVE-2026-47428 | unknown | — | — | 20h ago | Vitest browser mode serves unsanitized otelCarrier query parameter as inline script | |||
| CVE-2026-47429 | unknown | — | — | 20h ago | When Vitest UI server is listening, arbitrary file can be read and executed | |||
| CVE-2026-47423 | unknown | — | — | 20h ago | DOMPurify XSS via selectedcontent re-clone | |||
| CVE-2026-48119 | unknown | — | — | 20h ago | Nezha's authenticated agents can forge service-monitor results for other users' services | |||
| CVE-2026-10532 | unknown | — | — | 21h ago | Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core (HardenedObjectInputStream (logback-core) modules) allows Object Injection, albeit heavily restricted. More precis… | |||
| CVE-2026-49298 | unknown | — | — | 1d ago | A bug in Apache Airflow's KubernetesExecutor caused JWT tokens used by worker pods to authenticate against the Execution API to be passed to the worker container as command-line arguments visible in … | |||
| CVE-2026-49267 | unknown | — | — | 1d ago | Apache Airflow's EmailOperator and the underlying `airflow.utils.email` helpers established SMTP STARTTLS connections without verifying the remote certificate when the deployment used `[email] smtp_s… | |||
| CVE-2026-48726 | unknown | — | — | 1d ago | A bug in Apache Airflow's auth manager logout handling left previously-issued JWT tokens valid after the user clicked logout in the UI: the logout flow for `FabAuthManager` and `KeycloakAuthManager` … | |||
| CVE-2026-45360 | unknown | — | — | 1d ago | Apache Airflow's scheduler-side deadline-reference decoder (`SerializedCustomReference.deserialize_reference`) imported and dispatched arbitrary class paths drawn from DAG-author-controlled serialize… | |||
| CVE-2026-42359 | unknown | — | — | 1d ago | A bug in Apache Airflow's XCom PATCH endpoint `PATCH /api/v2/xcomEntries/{key}` allowed an authenticated UI/API user with XCom write permission on a Dag to set XCom entries under reserved key names (… | |||
| CVE-2026-42252 | unknown | — | — | 1d ago | Apache Airflow's official documentation at `core-concepts/dag-run.html` ("Passing Parameters when triggering Dags") showed a verbatim `BashOperator(bash_command="echo value: {{ dag_run.conf['conf1'] … | |||
| CVE-2026-41084 | unknown | — | — | 1d ago | A bug in Apache Airflow's bulk Task Instances API (`PATCH/DELETE /api/v2/dags/{dag_id}/dagRuns/{dag_run_id}/taskInstances`) evaluated authorization against the `dag_id` resolved from the URL path whi… | |||
| CVE-2026-41014 | unknown | — | — | 1d ago | The partitioned_dag_runs endpoints in the Airflow UI enforced only asset-level access control, not per-Dag authorization. An authenticated UI/API user with global Asset:read permission could enumerat… | |||
| CVE-2026-40961 | unknown | — | — | 1d ago | A bug in the login redirect route in Apache Airflow allowed authenticated users to craft URLs that bypassed the `is_safe_url` check, enabling redirection from a trusted Airflow domain to an attacker-… | |||
| CVE-2026-40861 | unknown | — | — | 1d ago | A Dag author could either (a) create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process (read-path attack — e.g. `/etc/passwd` or `airflow.cfg… | |||
| CVE-2026-40549 | unknown | — | — | 1d ago | SOPlanning is vulnerable to Cross‑Site Request Forgery (CSRF) in groupe_save create, modify and delete endpoints. An attacker can craft a malicious website that, when visited by an authenticated user… | |||
| CVE-2026-40548 | unknown | — | — | 1d ago | SOPlanning does not verify uploaded file extension. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive containing a legitimate user.csv file alongside … | |||
| CVE-2026-40547 | unknown | — | — | 1d ago | SOPlanning is vulnerable to Path Traversal in backup endpoints. Authenticated remote attacker is able to exploit a vulnerable endpoint and construct payloads that allow reading and executing files p… | |||
| CVE-2026-40546 | unknown | — | — | 1d ago | SOPlanning is vulnerable to SQL Injection across multiple endpoints and parameters. Attacker with low privileges can inject arbitrary SQL commands, potentially gaining full control over the database.… | |||
| CVE-2026-40545 | unknown | — | — | 1d ago | SOPlanning is vulnerable to Reflected XSS via the taches parameter. An attacker can craft a malicious URL which, when opened by authenticated victim, results in arbitrary JavaScript execution in the … | |||
| CVE-2026-40544 | unknown | — | — | 1d ago | SOPlanning is vulnerable to Stored Cross-Site Scripting (XSS) via /process/upload_backup endpoint. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive c… | |||
| CVE-2026-40543 | unknown | — | — | 1d ago | SOPlanning does not enforce authorization for backup functionalities. An unauthenticated attacker can directly query backup-related endpoints and retrieve backup archives containing user databases wi… | |||
| CVE-2026-35563 | unknown | — | — | 1d ago | It was identified that the LDAP client implementation in version 2.1.7 does not verify if the server certificate matches the intended LDAP hostname. While the underlying code validates the certifica… | |||
| CVE-2026-37234 | unknown | — | — | 1d ago | FlexRIC v2.0.0 allows a single SCTP connection to bind multiple xapp_ids by sending multiple E42_SETUP_REQUESTs. On disconnect, only the first registered xapp_id's resources are cleaned up; subsequen… | |||
| CVE-2026-46242 | unknown | — | — | 3d ago | In the Linux kernel, the following vulnerability has been resolved: eventpoll: fix ep_remove struct eventpoll / struct file UAF ep_remove() (via ep_remove_file()) cleared file->f_ep under file->f_l… | |||
| CVE-2026-47416 | unknown | — | — | 4d ago | praisonai-platform: Any workspace member can promote themselves or others to owner via PATCH /workspaces/{id}/members/{user_id} | |||
| CVE-2026-47409 | unknown | — | — | 4d ago | praisonai-platform: Missing authorization on member removal enables full workspace takeover by any user regardless of role | |||
| CVE-2026-47414 | unknown | — | — | 4d ago | praisonai-platform: Label endpoints' unchecked label_id/issue_id enable cross-workspace label IDOR (edit, delete, link) | |||
| CVE-2026-47406 | unknown | — | — | 4d ago | praisonai-platform: IDOR in dependency endpoints allows cross-workspace issue linking, reading, and deletion due to missing ownership checks | |||
| CVE-2026-47410 | unknown | — | — | 4d ago | praisonai-platform: JWT signing key defaults to hardcoded "dev-secret-change-me", allowing token forgery for any user when PLATFORM_ENV is unset | |||
| CVE-2026-47405 | unknown | — | — | 4d ago | PraisonAI Platform: Missing role checks let any workspace member become owner and control workspace membership | |||
| CVE-2026-47399 | unknown | — | — | 4d ago | PraisonAI Platform workspace-scoped routes allow cross-workspace object access by global object ID | |||
| CVE-2026-47407 | unknown | — | — | 4d ago | PraisonAI Platform has a cross-workspace IDOR + member-role privilege escalation | |||
| CVE-2026-47408 | unknown | — | — | 4d ago | praisonai-platform: list_issue_activity returns activity log for any issue regardless of workspace ownership |