CVEs from 2026
Total
14,084
critical
critical 1,231
high
high 4,630
medium
medium 4,443
low
low 483
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 505
- firepower_threat_defense_software 300
- firepower_threat_defense 298
- gcp 239
- openclaw 172
- commerce 104
- commerce_b2b 89
- grafana 80
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-35717 | unknown | — | — | 11h ago | A stack-based buffer overflow in the export_language.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via a crafted POST… | |||
| CVE-2026-32685 | unknown | — | — | 11h ago | Path traversal vulnerability in Gleam's handling of custom documentation pages allows arbitrary file read and file write outside the intended documentation output directory. The documentation.pages … | |||
| CVE-2026-10611 | unknown | — | — | 11h ago | An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement. In deployments configured with LdapAuth.mixedAuth=true and Security.require_otp=t… | |||
| CVE-2026-34907 | unknown | — | — | 15h ago | Wirtualna Uczelnia is vulnerable to Reflected Cross‑Site Scripting (XSS) due to insecure handling of the locale parameter across multiple endpoints. An attacker can craft a malicious URL with JavaScr… | |||
| CVE-2026-34906 | unknown | — | — | 15h ago | Server-Side Template Injection (SSTI) in Wirtualna Uczelnia allows an unauthenticated attacker to perform Remote Code Execution (RCE). In the endpoint redirectToUrl and parameter redirectUrlParameter… | |||
| CVE-2026-10549 | unknown | — | — | 15h ago | LDAP filter injection vulnerability in Yandex Database prior to 25.3.1.25 allows a remote attacker with valid LDAP credentials to bypass group membership checks resulting in unauthorized access to th… | |||
| CVE-2026-49139 | unknown | — | — | 1d ago | Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the Microsoft Teams channel handler that allows remote attackers to exfiltrate Bot Framework bearer tokens by su… | |||
| CVE-2026-0072 | unknown | — | — | 1d ago | In addInputMethodListener of com.android.server.inputmethod.InputMethodManagerService, there is a missing permission check. This could lead to local escalation of privilege with no additional executi… | |||
| CVE-2026-8643 | unknown | — | — | 1d ago | pip would treat console_scripts and gui_scripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed out… | |||
| CVE-2026-8931 | unknown | — | — | 1d ago | A critical Remote Code Execution (RCE) vulnerability exists in Disig Web Signer versions 2.0.3 through 2.5.3. | |||
| CVE-2026-42251 | unknown | — | — | 1d ago | Use of hard-coded credentials in KS-SOMED allowed an unauthorized attacker access to FTP server that hosted the application's update packages. The attacker with these credentials could upload a malic… | |||
| CVE-2026-0826 | unknown | — | — | 1d ago | In certain scenarios when the admin has enabled Interactive Connectivity Establishment (ICE), a buffer overflow could enable remote code execution on Poly Voice products on the Linux p… | |||
| CVE-2026-47191 | unknown | — | — | 1d ago | kas checks out SHA-like git branches as valid commits | |||
| CVE-2026-47412 | unknown | — | — | 1d ago | praisonai-platform: Any workspace member can delete the entire workspace via DELETE /workspaces/{id} | |||
| CVE-2026-47415 | unknown | — | — | 1d ago | praisonai-platform: Issue endpoints accept any issue_id without workspace ownership check, cross-workspace read/update/delete IDOR | |||
| CVE-2026-47413 | unknown | — | — | 1d ago | praisonai-platform: Any workspace member can add arbitrary user as owner via POST /workspaces/{id}/members | |||
| CVE-2026-47411 | unknown | — | — | 1d ago | praisonai-platform: Any workspace member can rewrite workspace name, description, and settings via PATCH /workspaces/{id} | |||
| CVE-2026-47417 | unknown | — | — | 1d ago | praisonai-platform: Comment endpoints accept any issue_id without workspace ownership check, cross-workspace comment read and post IDOR | |||
| CVE-2026-47418 | unknown | — | — | 1d ago | praisonai-platform: Project endpoints accept any project_id without workspace ownership check, cross-workspace read/update/delete IDOR | |||
| CVE-2026-47425 | unknown | — | — | 1d ago | rattler has an entry-point path traversal in noarch:python install (arbitrary file write) | |||
| CVE-2026-47428 | unknown | — | — | 1d ago | Vitest browser mode serves unsanitized otelCarrier query parameter as inline script | |||
| CVE-2026-47429 | unknown | — | — | 1d ago | When Vitest UI server is listening, arbitrary file can be read and executed | |||
| CVE-2026-47423 | unknown | — | — | 1d ago | DOMPurify XSS via selectedcontent re-clone | |||
| CVE-2026-48119 | unknown | — | — | 1d ago | Nezha's authenticated agents can forge service-monitor results for other users' services | |||
| CVE-2026-10532 | unknown | — | — | 2d ago | Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core (HardenedObjectInputStream (logback-core) modules) allows Object Injection, albeit heavily restricted. More precis… | |||
| CVE-2026-40549 | unknown | — | — | 2d ago | SOPlanning is vulnerable to Cross‑Site Request Forgery (CSRF) in groupe_save create, modify and delete endpoints. An attacker can craft a malicious website that, when visited by an authenticated user… | |||
| CVE-2026-40548 | unknown | — | — | 2d ago | SOPlanning does not verify uploaded file extension. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive containing a legitimate user.csv file alongside … | |||
| CVE-2026-40547 | unknown | — | — | 2d ago | SOPlanning is vulnerable to Path Traversal in backup endpoints. Authenticated remote attacker is able to exploit a vulnerable endpoint and construct payloads that allow reading and executing files p… | |||
| CVE-2026-40546 | unknown | — | — | 2d ago | SOPlanning is vulnerable to SQL Injection across multiple endpoints and parameters. Attacker with low privileges can inject arbitrary SQL commands, potentially gaining full control over the database.… | |||
| CVE-2026-40545 | unknown | — | — | 2d ago | SOPlanning is vulnerable to Reflected XSS via the taches parameter. An attacker can craft a malicious URL which, when opened by authenticated victim, results in arbitrary JavaScript execution in the … | |||
| CVE-2026-40544 | unknown | — | — | 2d ago | SOPlanning is vulnerable to Stored Cross-Site Scripting (XSS) via /process/upload_backup endpoint. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive c… | |||
| CVE-2026-40543 | unknown | — | — | 2d ago | SOPlanning does not enforce authorization for backup functionalities. An unauthenticated attacker can directly query backup-related endpoints and retrieve backup archives containing user databases wi… | |||
| CVE-2026-35563 | unknown | — | — | 2d ago | It was identified that the LDAP client implementation in version 2.1.7 does not verify if the server certificate matches the intended LDAP hostname. While the underlying code validates the certifica… | |||
| CVE-2026-46242 | unknown | — | — | 4d ago | In the Linux kernel, the following vulnerability has been resolved: eventpoll: fix ep_remove struct eventpoll / struct file UAF ep_remove() (via ep_remove_file()) cleared file->f_ep under file->f_l… | |||
| CVE-2026-47416 | unknown | — | — | 4d ago | praisonai-platform: Any workspace member can promote themselves or others to owner via PATCH /workspaces/{id}/members/{user_id} | |||
| CVE-2026-47409 | unknown | — | — | 4d ago | praisonai-platform: Missing authorization on member removal enables full workspace takeover by any user regardless of role | |||
| CVE-2026-47414 | unknown | — | — | 4d ago | praisonai-platform: Label endpoints' unchecked label_id/issue_id enable cross-workspace label IDOR (edit, delete, link) | |||
| CVE-2026-47406 | unknown | — | — | 4d ago | praisonai-platform: IDOR in dependency endpoints allows cross-workspace issue linking, reading, and deletion due to missing ownership checks | |||
| CVE-2026-47410 | unknown | — | — | 4d ago | praisonai-platform: JWT signing key defaults to hardcoded "dev-secret-change-me", allowing token forgery for any user when PLATFORM_ENV is unset | |||
| CVE-2026-47405 | unknown | — | — | 4d ago | PraisonAI Platform: Missing role checks let any workspace member become owner and control workspace membership | |||
| CVE-2026-47399 | unknown | — | — | 4d ago | PraisonAI Platform workspace-scoped routes allow cross-workspace object access by global object ID | |||
| CVE-2026-47407 | unknown | — | — | 4d ago | PraisonAI Platform has a cross-workspace IDOR + member-role privilege escalation | |||
| CVE-2026-47408 | unknown | — | — | 4d ago | praisonai-platform: list_issue_activity returns activity log for any issue regardless of workspace ownership | |||
| CVE-2026-48169 | unknown | — | — | 4d ago | PraisonAI has Cross-Workspace IDOR and Privilege Escalation via Platform API | |||
| CVE-2026-47397 | unknown | — | — | 4d ago | PraisonAI has an Arbitrary File Write in Python API | |||
| CVE-2026-47391 | unknown | — | — | 4d ago | PraisonAI's unauthenticated A2A official example can reach real LLM-driven `eval()` tool execution | |||
| CVE-2026-47394 | unknown | — | — | 4d ago | PraisonAI vulnerable to unauthenticated arbitrary file read via MCP workflow.show, workflow.validate, deploy.validate | |||
| CVE-2026-47392 | unknown | — | — | 4d ago | PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode) | |||
| CVE-2026-47395 | unknown | — | — | 4d ago | PraisonAI CLI automatically resolves @url mentions in prompt text and can read loopback URLs into model context | |||
| CVE-2026-47393 | unknown | — | — | 4d ago | PraisonAI `deploy --type api` emits a Flask server with authentication disabled by default | |||
| CVE-2026-47396 | unknown | — | — | 4d ago | PraisonAI call server exposes unauthenticated agent listing, invocation, and deletion when CALL_SERVER_TOKEN is unset | |||
| CVE-2026-47390 | unknown | — | — | 4d ago | PraisonAI spider_tools SSRF protection bypass via alternate loopback host encodings | |||
| CVE-2026-47398 | unknown | — | — | 4d ago | PraisonAI: Arbitrary code execution via unguarded `spec.loader.exec_module` in `agents_generator.py` - sibling of CVE-2026-44334 | |||
| CVE-2026-47268 | unknown | — | — | 4d ago | Nezha's authenticated DDNS webhook configuration allows blind SSRF from the dashboard host | |||
| CVE-2026-47233 | unknown | — | — | 4d ago | Admidio: Any logged-in user can delete inventory fields via `mode=field_delete` — incomplete fix of #2024 | |||
| CVE-2026-47234 | unknown | — | — | 4d ago | Admidio writes session IDs and auto-login cookie values to application logs | |||
| CVE-2026-47232 | unknown | — | — | 4d ago | Admidio PKCS#12 private key export action lacks CSRF protection | |||
| CVE-2026-47231 | unknown | — | — | 4d ago | Admidio has IDOR in `documents-files.php` `mode=move_save` that lets any folder-uploader exfiltrate files from private folders | |||
| CVE-2026-47230 | unknown | — | — | 4d ago | Admidio: IDOR in documents-files.php allows cross-folder file rename and description changes by unauthorized uploaders | |||
| CVE-2026-47229 | unknown | — | — | 4d ago | Admidio: CSRF in SSO client `enable` action toggles SAML/OIDC clients without token validation | |||
| CVE-2026-47228 | unknown | — | — | 4d ago | Admidio's CSRF in registration `send_login` mode resets arbitrary user passwords | |||
| CVE-2026-47227 | unknown | — | — | 4d ago | Admidio module-administrator can delete or reorder categories owned by other modules via dead authorization check in `modules/categories.php` | |||
| CVE-2026-47226 | unknown | — | — | 4d ago | Admidio: Authorization bypass in file_delete enables cross-folder file removal by authenticated users without delete privileges | |||
| CVE-2026-47213 | unknown | — | — | 4d ago | BoxLite has a Timeout Bypass Vulnerability | |||
| CVE-2026-47211 | unknown | — | — | 4d ago | ouroboros-ai Vulnerable to Remote Code Execution via Untrusted Project-Directory .env | |||
| CVE-2026-47203 | unknown | — | — | 4d ago | Authelia Missing Username Canonicalization in Basic Auth (LDAP) | |||
| CVE-2026-47695 | unknown | — | — | 4d ago | CC-Tweaked has an SSRF Protection Bypass with NAT64 | |||
| CVE-2026-47184 | unknown | — | — | 4d ago | zeroconf has unbounded DNS record cache that allows LAN-local memory exhaustion via multicast flood | |||
| CVE-2026-45151 | unknown | — | — | 4d ago | NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In 0.24.8 and earlier, quic_stream_recv can dereference a null substream pointer when a substream is in reopen state. The code fi… | |||
| CVE-2026-47183 | unknown | — | — | 4d ago | zeroconf: Unbounded exception-dedup state retains packet buffers via traceback frame locals, enabling LAN-local memory exhaustion | |||
| CVE-2026-47180 | unknown | — | — | 4d ago | zeroconf has unbounded recursion in DNS compression-pointer decoder that allows LAN-local denial of service | |||
| CVE-2026-47260 | unknown | — | — | 4d ago | Koel Vulnerable to SSRF via Podcast Episode Enclosure URLs | |||
| CVE-2026-46705 | unknown | — | — | 4d ago | russh server userauth state is not reset when authentication principal changes | |||
| CVE-2026-46702 | unknown | — | — | 4d ago | russh: Post-decompression SSH packet size was not bounded, allowing remote oversized compressed packets | |||
| CVE-2026-47255 | unknown | — | — | 4d ago | AgenticMail API/storage and outbound relay hardening fixes | |||
| CVE-2026-47248 | unknown | — | — | 4d ago | Parse Server's GraphQL "Did you mean ...?" validation suggestions disclose schema to unauthenticated callers | |||
| CVE-2026-38739 | unknown | — | — | 4d ago | ezsystems/ezpublish-legacy has a SQL injection in dfscleanup | |||
| CVE-2026-46690 | unknown | — | — | 4d ago | unbounded-spsc: Sender::send pointer-as-value transmute causes OOB read and fake-Arc drop under TX/RX race | |||
| CVE-2026-47266 | unknown | — | — | 4d ago | formie's unauthenticated front-end submission editing can overwrite existing submissions | |||
| CVE-2026-4387 | unknown | — | — | 4d ago | StrongDM Desktop Application before 23.74.0 (Desktop Client before 53.77.0) on Microsoft Windows stores authentication state, including a JSON Web Token and asymmetric key material, in cleartext in a… | |||
| CVE-2026-47190 | unknown | — | — | 4d ago | IPAM controller service account granted unnecessary full access to Secrets | |||
| CVE-2026-47141 | unknown | — | — | 4d ago | NodeVM observability builtins leak host process and HTTP request data | |||
| CVE-2026-45668 | unknown | — | — | 4d ago | Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Prior to 0.102.2, a malicious ZIP archive imported with safe import enabled… | |||
| CVE-2026-43917 | unknown | — | — | 4d ago | Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.19.0 and earlier, the protectedProcedure middleware only verifies the user is authenticated - it does NOT enforce organization scop… | |||
| CVE-2026-47139 | unknown | — | — | 4d ago | NodeVM network builtin exclusions bypass via internal _http_client and _http_server | |||
| CVE-2026-47140 | unknown | — | — | 4d ago | NodeVM builtin denylist bypass via process and inspector/promises allows host code execution | |||
| CVE-2026-47210 | unknown | — | — | 4d ago | vm2 sandbox escape via JSPI-backed Promise `.finally()` species bypass | |||
| CVE-2026-47137 | unknown | — | — | 4d ago | vm2 has a CVE-2023-37903 patch bypass: nesting:true without explicit require still allows full RCE | |||
| CVE-2026-47209 | unknown | — | — | 4d ago | vm2's Bridge Proxy set trap ignores receiver parameter, enabling host object property injection via prototype chain | |||
| CVE-2026-47135 | unknown | — | — | 4d ago | vm2 has a sandbox escape via unblocked cross-realm Symbol.for keys + missing bridge write-trap symbol checks | |||
| CVE-2026-47208 | unknown | — | — | 4d ago | vm2 is Vulnerable to Sandbox Breakout Through Promise Species | |||
| CVE-2026-47131 | unknown | — | — | 4d ago | vm2 has a Sandbox Escape issue | |||
| CVE-2026-47200 | unknown | — | — | 4d ago | Nuxt's route middleware is not enforced when rendering `.server.vue` pages via `/__nuxt_island/page_*` | |||
| CVE-2026-45742 | unknown | — | — | 4d ago | Gotenberg has a Race Condition via Multipart `downloadFrom` Handling | |||
| CVE-2026-45741 | unknown | — | — | 4d ago | Gotenberg has an SSRF deny-list bypass in IsPublicIP via IPv6 6to4 / NAT64 / site-local prefixes | |||
| CVE-2026-44829 | unknown | — | — | 4d ago | Gotenberg has path traversal in zip entry name via Windows-style separators in upload filename | |||
| CVE-2026-9194 | unknown | — | — | 4d ago | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accid… | |||
| CVE-2026-33386 | unknown | — | — | 4d ago | QuickCMS is vulnerable to Cross-Site Scripting (XSS) through its insecure HTTP-based plugin‑fetching mechanism. A malicious attacker can perform a Man‑in‑the‑Middle (MITM) attack by impersonating the… | |||
| CVE-2026-33384 | unknown | — | — | 4d ago | QuickCMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID f… | |||
| CVE-2026-44495 | unknown | — | — | 4d ago | axios Vulnerable to Credential Theft and Response Hijacking via Prototype Pollution Gadget in Config Merge |