CVEs from 2026
Total
14,075
critical
critical 1,239
high
high 4,664
medium
medium 4,449
low
low 487
% Critical
8.8%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 522
- firepower_threat_defense_software 300
- firepower_threat_defense 298
- gcp 239
- openclaw 172
- commerce 104
- commerce_b2b 89
- grafana 80
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42490 | unknown | — | — | — | ||||
| CVE-2026-44281 | unknown | — | — | 44 min ago | GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, an authenticated user with config READ permission can read a specific asset… | |||
| CVE-2026-42321 | unknown | — | — | 44 min ago | GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS payload in the asset locked tab. Upgrade to 10.0.25 or … | |||
| CVE-2026-42320 | unknown | — | — | 44 min ago | GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 10.0.25 and 11.0.7, a technician can read arbitrary files inside the GLPI_DOC_DIR. Upgrade to 1… | |||
| CVE-2026-42318 | unknown | — | — | 44 min ago | GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 10.0.25 and 11.0.7, low privilege users with access to planning can delete any object in GLPI.… | |||
| CVE-2026-42317 | unknown | — | — | 44 min ago | GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, a technician can delete arbitrary files from the filesystem as long as the … | |||
| CVE-2026-3276 | unknown | — | — | 44 min ago | unicodedata.normalize() can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. Thi… | |||
| CVE-2026-37462 | unknown | — | — | 44 min ago | An integer underflow in the BGPUpdate.DecodeFromBytes function (/bgp/bgp.go) of gobgp v4.3.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message. | |||
| CVE-2026-36748 | unknown | — | — | 44 min ago | RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting (XSS) via Social Media links in user profile. | |||
| CVE-2026-36576 | unknown | — | — | 44 min ago | An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas up to commit 9f50579 allows attackers to execute arbitrary commands via a crafted POST request. | |||
| CVE-2026-36574 | unknown | — | — | 44 min ago | A DLL hijacking vulnerability in Wassimulator (GitHub) CactusViewer v2.3.0 allows attackers to escalate privileges and execute arbitrary code via a crafted DLL. | |||
| CVE-2026-47325 | unknown | — | — | 3h ago | ProjectsAndPrograms school-management-system uses predictable credentials by generating student's and teacher's passwords solely from the user’s date of birth (e.g., 12072000 for 12 July 2000). The a… | |||
| CVE-2026-47324 | unknown | — | — | 3h ago | ProjectsAndPrograms school-management-system is vulnerable to Stored Cross‑Site Scripting (XSS) in multiple attributes of students and teachers objects. An authorized attacker (e.g., a teacher or adm… | |||
| CVE-2026-37460 | unknown | — | — | 3h ago | Missing input validation in the rfapiRibBi2Ri() function (rfapi_rib.c) of FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UP… | |||
| CVE-2026-10729 | unknown | — | — | 3h ago | An HTML injection vulnerability in the notification email for "Slow Redirect" and "Cloned Website" Canarytokens exists in Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross… | |||
| CVE-2026-50052 | unknown | — | — | 13h ago | In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a deficiency in HTTP/2 request parsing can be exploited to launch a backend request desync attack (request smuggling), which in turn can be… | |||
| CVE-2026-9516 | unknown | — | — | 16h ago | Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws. To skip a leading 3-byte UTF-8 BOM, decode_json() advances t… | |||
| CVE-2026-9334 | unknown | — | — | 16h ago | Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeys_as_arrayref is enabled. decode_hv() collapses duplicate object keys into an array reference… | |||
| CVE-2026-44654 | unknown | — | — | 18h ago | LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, a shared-agent editor can delete file records through `DELETE /api/files` that the o… | |||
| CVE-2026-40108 | unknown | — | — | 18h ago | GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, a technician can store an XSS payload in a ITIL costs. This issue has been fixed in version 11.0.7. | |||
| CVE-2026-10719 | unknown | — | — | 18h ago | Out of bounds write in openSeaChest’s --showSupportedFormats in Seagate’s openSeaChest v25.05.3 on all supported platforms allows for writing 1 extra byte outside of allocated memory which sets a val… | |||
| CVE-2026-10718 | unknown | — | — | 19h ago | Out of bounds write in openSeaChest’s Trim/Unmap operation in Seagate’s openSeaChest v26.03.0 on all supported platforms allows for writing extra memory describing a range of LBAs to deallocate 16 by… | |||
| CVE-2026-8936 | unknown | — | — | 19h ago | Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel module when a container created deeply nested directories on a bind-mounted host folder and triggered a dentry invalidation event… | |||
| CVE-2026-42029 | unknown | — | — | 19h ago | Rejected reason: This CVE is a duplicate of another CVE. | |||
| CVE-2026-35212 | unknown | — | — | 19h ago | OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Versions prior to 7.260227.0 are vulnerable to XSS in the rendering of email-message observable bo… | |||
| CVE-2026-10717 | unknown | — | — | 19h ago | Out of bounds write and reads in openSeaChest’s --showSCSIDefects in Seagate’s openSeaChest v25.05.3 on all supported platforms allows for writing defect information out of bounds for very large defe… | |||
| CVE-2026-42507 | unknown | — | — | 19h ago | When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or log… | |||
| CVE-2026-27145 | unknown | — | — | 19h ago | (*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the sa… | |||
| CVE-2026-41569 | unknown | — | — | 20h ago | authentik is an open-source identity provider. Prior to version 2026.2.3, the WS-Federation provider validates the user-supplied wreply parameter using a raw string prefix check rather than proper UR… | |||
| CVE-2026-5385 | unknown | — | — | 21h ago | An unauthenticated user with write access to the knowledge base can store an XSS payload in a knowledge base item. This issue affects glpi: before 11.0.7. | |||
| CVE-2026-48682 | unknown | — | — | 21h ago | FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read in the IPv4 packet parser. In src/simple_packet_parser_ng.cpp, after validating that the packet contains at least sizeof(ipv4… | |||
| CVE-2026-48598 | unknown | — | — | 21h ago | Improper Encoding or Escaping of Output vulnerability in elixir-tesla tesla allows multipart part header injection via unescaped Content-Disposition parameter values. Tesla.Multipart.part_headers_fo… | |||
| CVE-2026-48597 | unknown | — | — | 21h ago | Allocation of Resources Without Limits or Throttling vulnerability in elixir-tesla tesla allows denial of service via atom table exhaustion in Tesla.Adapter.Mint. Tesla.Adapter.Mint.open_conn/2 conv… | |||
| CVE-2026-48596 | unknown | — | — | 21h ago | Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') vulnerability in elixir-tesla tesla allows HTTP header injection via Tesla.Multipart.add_content_type_par… | |||
| CVE-2026-48595 | unknown | — | — | 21h ago | Authorization header leaks to third-party origin on cross-origin redirect in Tesla.Middleware.FollowRedirects | |||
| CVE-2026-48594 | unknown | — | — | 21h ago | Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-tesla tesla allows a denial of service via decompression bomb in HTTP response bodies. When Tesla.Middleware.… | |||
| CVE-2026-47265 | unknown | — | — | 21h ago | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the `cookies` parameter on requests are sent after following a cross-origin r… | |||
| CVE-2026-41577 | unknown | — | — | 21h ago | authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, the SAML source response processor (ResponseProcessor.parse()) does not validate the Conditions element on ass… | |||
| CVE-2026-40181 | unknown | — | — | 21h ago | React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger an open redirect to an external domain due to p… | |||
| CVE-2026-38967 | unknown | — | — | 21h ago | CrowCpp Crow through v1.3.1 HTTP is vulnerable to response header injection via unvalidated response header values. | |||
| CVE-2026-33553 | unknown | — | — | 21h ago | Northern.tech CFEngine Enterprise 3.24.3 before 3.24.4 and 3.27.0 before 3.27.1 allows XSS. | |||
| CVE-2026-30586 | unknown | — | — | 21h ago | Cross Site Scripting vulnerability in usememos Memos v.0.26.0 allows a remote attacker to obtain sensitive information via the SANITIZE_SCHEMA, Memo Rendering Component, and Public/Private Memo View … | |||
| CVE-2026-10701 | unknown | — | — | 21h ago | Incorrect boundary conditions in the Graphics: Text component. This vulnerability was fixed in Firefox 151.0.3. | |||
| CVE-2026-40571 | unknown | — | — | 1d ago | NamelessMC is website software for Minecraft servers. In version 2.2.4, `core/classes/Misc/ProfilePostReactionContext.php` only verifies that the wall post exists and does not enforce blocked/private… | |||
| CVE-2026-40314 | unknown | — | — | 1d ago | NamelessMC is website software for Minecraft servers. In version 2.2.4,`core/classes/Misc/ProfilePostReactionContext.php` only verifies that the wall post exists and does not enforce blocked/private-… | |||
| CVE-2026-35447 | unknown | — | — | 1d ago | NamelessMC is website software for Minecraft servers. In version 2.2.4, the profile page (modules/Core/pages/profile.php) processes wall post submissions and replies before verifying whether the view… | |||
| CVE-2026-35443 | unknown | — | — | 1d ago | NamelessMC is website software for Minecraft servers. In version 2.2.4, `modules/Forum/classes/ForumPostReactionContext.php` only verifies that the caller can view the forum, but it does not re-enfor… | |||
| CVE-2026-1871 | unknown | — | — | 1d ago | TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling due to improper validation of Authorization header field lengths, which can be triggered by a crafted … | |||
| CVE-2026-49754 | unknown | — | — | 1d ago | HTTP/2 CONTINUATION flood in Mint client via unbounded header-block accumulation | |||
| CVE-2026-49753 | unknown | — | — | 1d ago | HTTP response smuggling in Mint HTTP/1 client via lenient Content-Length parsing | |||
| CVE-2026-48862 | unknown | — | — | 1d ago | Unbounded conn.streams growth in Mint HTTP/2 client via unenforced PUSH_PROMISE concurrency | |||
| CVE-2026-48861 | unknown | — | — | 1d ago | CRLF injection in HTTP/1 request line via unvalidated method in Mint | |||
| CVE-2026-45080 | unknown | — | — | 1d ago | Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, improper access control allows disclosure of password hash. This issue has been patched in versio… | |||
| CVE-2026-38978 | unknown | — | — | 1d ago | transmission through 4.1.1 was found to have a clickjacking weakness in the browser-facing WebUI and RPC response paths. | |||
| CVE-2026-35718 | unknown | — | — | 1d ago | A path traversal vulnerability in the /admin/downloadMedias.cgi endpoint of VIVOTEK INC FD8136-VVTK firmware 0300a allows authenticated attackers to read any file on the device via sending a crafted … | |||
| CVE-2026-33398 | unknown | — | — | 1d ago | NamelessMC is website software for Minecraft servers. In version 2.2.4, `modules/Forum/pages/forum/get_quotes.php` only checks whether the caller is logged in, then reads a post by attacker-controlle… | |||
| CVE-2026-30652 | unknown | — | — | 1d ago | A remote buffer overflow vulnerability exists in the /cgi-bin/dido/setdo.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an … | |||
| CVE-2026-10047 | unknown | — | — | 1d ago | The Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the real-mode hook handler, implemented in napoca/kernel/handler.c. The handler uses a guest-controlled S… | |||
| CVE-2026-10046 | unknown | — | — | 1d ago | Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the BIOS INT 0x15 / E820 memory map handler, implemented in napoca/guests/bios_handlers.c. The handler comput… | |||
| CVE-2026-9844 | unknown | — | — | 1d ago | Use of default credentials vulnerability in Roche Diagnostics navify Digital Pathology (RabbitMQ Management interface modules) allows Default Usernames and Passwords. This issue affects navify Digita… | |||
| CVE-2026-43965 | unknown | — | — | 1d ago | Path traversal vulnerability in Gleam's dependency management allows arbitrary directory deletion via malicious build/packages/packages.toml content. Package keys read from build/packages/packages.t… | |||
| CVE-2026-42795 | unknown | — | — | 1d ago | Symlink following vulnerability in Gleam's Hex package export allows files outside the project root to be embedded in the generated package tarball. The file collection helpers (gleam_files, native_… | |||
| CVE-2026-32685 | unknown | — | — | 1d ago | Path traversal vulnerability in Gleam's handling of custom documentation pages allows arbitrary file read and file write outside the intended documentation output directory. The documentation.pages … | |||
| CVE-2026-10611 | unknown | — | — | 1d ago | An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement. In deployments configured with LdapAuth.mixedAuth=true and Security.require_otp=t… | |||
| CVE-2026-34907 | unknown | — | — | 1d ago | Wirtualna Uczelnia is vulnerable to Reflected Cross‑Site Scripting (XSS) due to insecure handling of the locale parameter across multiple endpoints. An attacker can craft a malicious URL with JavaScr… | |||
| CVE-2026-34906 | unknown | — | — | 1d ago | Server-Side Template Injection (SSTI) in Wirtualna Uczelnia allows an unauthenticated attacker to perform Remote Code Execution (RCE). In the endpoint redirectToUrl and parameter redirectUrlParameter… | |||
| CVE-2026-10549 | unknown | — | — | 1d ago | LDAP filter injection vulnerability in Yandex Database prior to 25.3.1.25 allows a remote attacker with valid LDAP credentials to bypass group membership checks resulting in unauthorized access to th… | |||
| CVE-2026-49139 | unknown | — | — | 2d ago | Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the Microsoft Teams channel handler that allows remote attackers to exfiltrate Bot Framework bearer tokens by su… | |||
| CVE-2026-0072 | unknown | — | — | 2d ago | In addInputMethodListener of com.android.server.inputmethod.InputMethodManagerService, there is a missing permission check. This could lead to local escalation of privilege with no additional executi… | |||
| CVE-2026-8643 | unknown | — | — | 2d ago | pip would treat console_scripts and gui_scripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed out… | |||
| CVE-2026-8931 | unknown | — | — | 2d ago | A critical Remote Code Execution (RCE) vulnerability exists in Disig Web Signer versions 2.0.3 through 2.5.3. | |||
| CVE-2026-42251 | unknown | — | — | 2d ago | Use of hard-coded credentials in KS-SOMED allowed an unauthorized attacker access to FTP server that hosted the application's update packages. The attacker with these credentials could upload a malic… | |||
| CVE-2026-0826 | unknown | — | — | 2d ago | In certain scenarios when the admin has enabled Interactive Connectivity Establishment (ICE), a buffer overflow could enable remote code execution on Poly Voice products on the Linux p… | |||
| CVE-2026-47191 | unknown | — | — | 2d ago | kas checks out SHA-like git branches as valid commits | |||
| CVE-2026-47412 | unknown | — | — | 2d ago | praisonai-platform: Any workspace member can delete the entire workspace via DELETE /workspaces/{id} | |||
| CVE-2026-47415 | unknown | — | — | 2d ago | praisonai-platform: Issue endpoints accept any issue_id without workspace ownership check, cross-workspace read/update/delete IDOR | |||
| CVE-2026-47413 | unknown | — | — | 2d ago | praisonai-platform: Any workspace member can add arbitrary user as owner via POST /workspaces/{id}/members | |||
| CVE-2026-47411 | unknown | — | — | 2d ago | praisonai-platform: Any workspace member can rewrite workspace name, description, and settings via PATCH /workspaces/{id} | |||
| CVE-2026-47417 | unknown | — | — | 2d ago | praisonai-platform: Comment endpoints accept any issue_id without workspace ownership check, cross-workspace comment read and post IDOR | |||
| CVE-2026-47418 | unknown | — | — | 2d ago | praisonai-platform: Project endpoints accept any project_id without workspace ownership check, cross-workspace read/update/delete IDOR | |||
| CVE-2026-47425 | unknown | — | — | 2d ago | rattler has an entry-point path traversal in noarch:python install (arbitrary file write) | |||
| CVE-2026-47428 | unknown | — | — | 2d ago | Vitest browser mode serves unsanitized otelCarrier query parameter as inline script | |||
| CVE-2026-47429 | unknown | — | — | 2d ago | When Vitest UI server is listening, arbitrary file can be read and executed | |||
| CVE-2026-47423 | unknown | — | — | 2d ago | DOMPurify XSS via selectedcontent re-clone | |||
| CVE-2026-48119 | unknown | — | — | 2d ago | Nezha's authenticated agents can forge service-monitor results for other users' services | |||
| CVE-2026-10532 | unknown | — | — | 2d ago | Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core (HardenedObjectInputStream (logback-core) modules) allows Object Injection, albeit heavily restricted. More precis… | |||
| CVE-2026-40549 | unknown | — | — | 2d ago | SOPlanning is vulnerable to Cross‑Site Request Forgery (CSRF) in groupe_save create, modify and delete endpoints. An attacker can craft a malicious website that, when visited by an authenticated user… | |||
| CVE-2026-40548 | unknown | — | — | 2d ago | SOPlanning does not verify uploaded file extension. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive containing a legitimate user.csv file alongside … | |||
| CVE-2026-40547 | unknown | — | — | 2d ago | SOPlanning is vulnerable to Path Traversal in backup endpoints. Authenticated remote attacker is able to exploit a vulnerable endpoint and construct payloads that allow reading and executing files p… | |||
| CVE-2026-40546 | unknown | — | — | 2d ago | SOPlanning is vulnerable to SQL Injection across multiple endpoints and parameters. Attacker with low privileges can inject arbitrary SQL commands, potentially gaining full control over the database.… | |||
| CVE-2026-40545 | unknown | — | — | 2d ago | SOPlanning is vulnerable to Reflected XSS via the taches parameter. An attacker can craft a malicious URL which, when opened by authenticated victim, results in arbitrary JavaScript execution in the … | |||
| CVE-2026-40544 | unknown | — | — | 2d ago | SOPlanning is vulnerable to Stored Cross-Site Scripting (XSS) via /process/upload_backup endpoint. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive c… | |||
| CVE-2026-40543 | unknown | — | — | 2d ago | SOPlanning does not enforce authorization for backup functionalities. An unauthenticated attacker can directly query backup-related endpoints and retrieve backup archives containing user databases wi… | |||
| CVE-2026-46242 | unknown | — | — | 4d ago | In the Linux kernel, the following vulnerability has been resolved: eventpoll: fix ep_remove struct eventpoll / struct file UAF ep_remove() (via ep_remove_file()) cleared file->f_ep under file->f_l… | |||
| CVE-2026-47416 | unknown | — | — | 5d ago | praisonai-platform: Any workspace member can promote themselves or others to owner via PATCH /workspaces/{id}/members/{user_id} | |||
| CVE-2026-47409 | unknown | — | — | 5d ago | praisonai-platform: Missing authorization on member removal enables full workspace takeover by any user regardless of role | |||
| CVE-2026-47414 | unknown | — | — | 5d ago | praisonai-platform: Label endpoints' unchecked label_id/issue_id enable cross-workspace label IDOR (edit, delete, link) | |||
| CVE-2026-47406 | unknown | — | — | 5d ago | praisonai-platform: IDOR in dependency endpoints allows cross-workspace issue linking, reading, and deletion due to missing ownership checks | |||
| CVE-2026-47410 | unknown | — | — | 5d ago | praisonai-platform: JWT signing key defaults to hardcoded "dev-secret-change-me", allowing token forgery for any user when PLATFORM_ENV is unset | |||
| CVE-2026-47405 | unknown | — | — | 5d ago | PraisonAI Platform: Missing role checks let any workspace member become owner and control workspace membership |