CVEs from 2026
Total
13,988
critical
critical 1,213
high
high 4,564
medium
medium 4,407
low
low 482
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.8%
Top vendors
Top products
- chrome 503
- firepower_threat_defense_software 300
- firepower_threat_defense 298
- gcp 229
- openclaw 172
- commerce 104
- commerce_b2b 89
- saml_sso_-_service_provider 77
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-40882 | unknown | — | — | 2mo ago | OpenRemote has XXE in Velbus Asset Import | |||
| CVE-2026-6313 | unknown | — | — | 2mo ago | Insufficient policy enforcement in CORS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. … | |||
| CVE-2026-5598 | unknown | — | — | 2mo ago | Bouncy Castle Has Covert Timing Channel Vulnerability | |||
| CVE-2026-5588 | unknown | — | — | 2mo ago | Bouncy Castle Crypto Package For Java: Use of a Broken or Risky Cryptographic Algorithm vulnerability in bcpkix modules | |||
| CVE-2026-3505 | unknown | — | — | 2mo ago | Bouncy Castle Uncontrolled Resource Consumption vulnerability | |||
| CVE-2026-0636 | unknown | — | — | 2mo ago | Bouncy Castle has an LDAP injection | |||
| CVE-2026-40104 | unknown | — | — | 2mo ago | XWiki's REST APIs can list all pages/spaces, leading to unavailability | |||
| CVE-2026-40105 | unknown | — | — | 2mo ago | XWiki has Reflected Cross-Site Scripting (XSS) in page history compare | |||
| CVE-2026-39842 | unknown | — | — | 2mo ago | Expression Injection in OpenRemote | |||
| CVE-2026-33414 | unknown | — | — | 2mo ago | Podman is a tool for managing OCI containers and pods. Versions 4.8.0 through 5.8.1 contain a command injection vulnerability in the HyperV machine backend in pkg/machine/hyperv/stubber.go, where the… | |||
| CVE-2026-40683 | unknown | — | — | 2mo ago | OpenStack Keystone: LDAP identity backend does not convert enabled attribute to boolean | |||
| CVE-2026-40176 | unknown | — | — | 2mo ago | Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command() method, which constructs she… | |||
| CVE-2026-40261 | unknown | — | — | 2mo ago | Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase() method, which appends the $source… | |||
| CVE-2026-40312 | unknown | — | — | 2mo ago | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, an off by one error in the MSL decoder could result in a crash when a malico… | |||
| CVE-2026-40310 | unknown | — | — | 2mo ago | ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below both 7.1.2-19 and 6.9.13-44, contain a heap out-of-bounds write in the JP2 encoder with w… | |||
| CVE-2026-40183 | unknown | — | — | 2mo ago | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, the JXL encoder has an heap write overflow when a user specifies that the im… | |||
| CVE-2026-40169 | unknown | — | — | 2mo ago | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, a crafted image could result in an out of bounds heap write when writing a y… | |||
| CVE-2026-33905 | unknown | — | — | 2mo ago | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, the -sample operation has an out of bounds read when an s… | |||
| CVE-2026-33902 | unknown | — | — | 2mo ago | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a stack overflow vulnerability in ImageMagick's FX expres… | |||
| CVE-2026-37980 | unknown | — | — | 2mo ago | Keycloak: Arbitrary code execution via Stored Cross-Site Scripting (XSS) in organization selection login page | |||
| CVE-2026-33929 | unknown | — | — | 2mo ago | Apache PDFBox Examples: Path Traversal in PDFBox ExtractEmbeddedFiles Example Code | |||
| CVE-2026-40490 | unknown | — | — | 2mo ago | AsyncHttpClient leaks authorization credentials to untrusted domains on cross-origin redirects | |||
| CVE-2026-39984 | unknown | — | — | 2mo ago | Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Versions 2.0.5 and below contain an authorization bypass vulnerability in the VerifyTimestampResponse function. VerifyTimest… | |||
| CVE-2026-33901 | unknown | — | — | 2mo ago | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a heap buffer overflow occurs in the MVG decoder that cou… | |||
| CVE-2026-33908 | unknown | — | — | 2mo ago | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, Magick frees the memory of the XML tree via the `DestroyX… | |||
| CVE-2026-40869 | unknown | — | — | 2mo ago | Decidim amendments can be accepted or rejected by anyone | |||
| CVE-2026-33899 | unknown | — | — | 2mo ago | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-189 and 6.9.13-44, when `Magick` parses an XML file it is possible that a single… | |||
| CVE-2026-34238 | unknown | — | — | 2mo ago | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, an integer overflow in the despeckle operation causes a h… | |||
| CVE-2026-33900 | unknown | — | — | 2mo ago | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, the viff encoder contains an integer truncation/wraparoun… | |||
| CVE-2026-35582 | unknown | — | — | 2mo ago | Emissary has an OS Command Injection via Unvalidated IN_FILE_ENDING / OUT_FILE_ENDING in Executrix | |||
| CVE-2026-35337 | unknown | — | — | 2mo ago | Apache Storm: Deserialization of Untrusted Data vulnerability | |||
| CVE-2026-35565 | unknown | — | — | 2mo ago | Apache Storm UI: Stored Cross-Site Scripting (XSS) via Unsanitized Topology Metadata | |||
| CVE-2026-34177 | unknown | — | — | 2mo ago | Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in isVMLowLevelOptionForbidden (lxd/project/limits/permissions.go), which omits raw.apparmor and raw.qemu.conf from the set of k… | |||
| CVE-2026-34178 | unknown | — | — | 2mo ago | In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml in the supplied tar archive but creates the instance from backup/container/backup.yaml, a … | |||
| CVE-2026-34179 | unknown | — | — | 2mo ago | In Canonical LXD versions 4.12 through 6.7, the doCertificateUpdate function in lxd/certificates.go does not validate the Type field when handling PUT/PATCH requests to /1.0/certificates/{fingerprint… | |||
| CVE-2026-34481 | unknown | — | — | 2mo ago | Apache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in JsonTemplateLayout | |||
| CVE-2026-34478 | unknown | — | — | 2mo ago | Apache Log4j Core: log injection in `Rfc5424Layout` due to silent configuration incompatibility | |||
| CVE-2026-34480 | unknown | — | — | 2mo ago | Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.html#XmlLayout , in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 spec… | |||
| CVE-2026-22750 | unknown | — | — | 2mo ago | Spring Cloud Gateway's SSL bundle configuration silently bypassed | |||
| CVE-2026-33551 | unknown | — | — | 2mo ago | An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application… | |||
| CVE-2026-34487 | unknown | — | — | 2mo ago | Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token. This issue affects Apache Tomcat… | |||
| CVE-2026-34483 | unknown | — | — | 2mo ago | Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 1… | |||
| CVE-2026-32990 | unknown | — | — | 2mo ago | Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614. This issue affects Apache Tomcat: from 11.0.15 through 11.0.19, from 10.1.50 through 10.1.52, fro… | |||
| CVE-2026-29146 | unknown | — | — | 2mo ago | Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from … | |||
| CVE-2026-25854 | unknown | — | — | 2mo ago | Occasional URL redirection to untrusted Site ('Open Redirect') vulnerability in Apache Tomcat via the LoadBalancerDrainingValve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, fro… | |||
| CVE-2026-40046 | unknown | — | — | 2mo ago | Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT vulnerable to Integer Overflow or Wraparound | |||
| CVE-2026-34020 | unknown | — | — | 2mo ago | Apache OpenMeetings Uses GET Request Method With Sensitive Query Strings | |||
| CVE-2026-33005 | unknown | — | — | 2mo ago | Apache OpenMeetings has an Improper Handling of Insufficient Privileges vulnerability | |||
| CVE-2026-33266 | unknown | — | — | 2mo ago | Apache OpenMeetings Uses Hard-coded Cryptographic Key | |||
| CVE-2026-5795 | unknown | — | — | 2mo ago | Eclipse Jetty: Early return from the JASPIAuthenticator code can potentially no clear ThreadLocal variables | |||
| CVE-2026-33229 | unknown | — | — | 2mo ago | XWiki vulnerable to remote code execution with script right through unprotected Velocity scripting API | |||
| CVE-2026-35583 | unknown | — | — | 2mo ago | Emissary has a Path Traversal via Blacklist Bypass in Configuration API | |||
| CVE-2026-35581 | unknown | — | — | 2mo ago | Emissary has a Command Injection via PLACE_NAME Configuration in Executrix | |||
| CVE-2026-35580 | unknown | — | — | 2mo ago | Emissary has GitHub Actions Shell Injection via Workflow Inputs | |||
| CVE-2026-5739 | unknown | — | — | 2mo ago | PowerJob's GroovyEvaluator.evaluate endpoint vulnerable to code injection | |||
| CVE-2026-35571 | unknown | — | — | 2mo ago | Emissary has Stored XSS via Navigation Template Link Injection | |||
| CVE-2026-35568 | unknown | — | — | 2mo ago | Java-SDK has a DNS Rebinding Vulnerability | |||
| CVE-2026-35406 | unknown | — | — | 2mo ago | Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a truncated TCP DNS query followed by a connection reset causes aardvark-dns to enter an unrecoverable… | |||
| CVE-2026-32588 | unknown | — | — | 2mo ago | Apache Cassandra has an authenticated DoS over CQL | |||
| CVE-2026-27315 | unknown | — | — | 2mo ago | Apache Cassandra has sensitive Information Leak in cqlsh | |||
| CVE-2026-27314 | unknown | — | — | 2mo ago | Apache Cassandra is vulnerable to privilege escalation in an mTLS environment using MutualTlsAuthenticator | |||
| CVE-2026-33439 | unknown | — | — | 2mo ago | OpenIdentityPlatform OpenAM: Pre-Authentication Remote Code Execution via `jato.clientSession` Deserialization in OpenAM | |||
| CVE-2026-35554 | unknown | — | — | 2mo ago | Apache Kafka Clients: Kafka Producer Message Corruption and Misrouting via Buffer Pool Race Condition | |||
| CVE-2026-28808 | unknown | — | — | 2mo ago | Incorrect Authorization vulnerability in Erlang OTP (inets modules) allows unauthenticated access to CGI scripts protected by directory rules when served via script_alias. When script_alias maps a U… | |||
| CVE-2026-32144 | unknown | — | — | 2mo ago | Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows OCSP designated-responder authorization bypass via missing signature verification. The OCSP respons… | |||
| CVE-2026-33227 | unknown | — | — | 2mo ago | Apache ActiveMQ: Improper validation and restriction of a classpath path name | |||
| CVE-2026-28810 | unknown | — | — | 2mo ago | Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel (inet_res, inet_db modules) allows DNS Cache Poisoning. The built-in DNS resolver (inet_res) uses a sequential, pr… | |||
| CVE-2026-37977 | unknown | — | — | 2mo ago | Keycloak vulnerable to information disclosure via CORS header injection due to unvalidated JWT azp claim | |||
| CVE-2026-35541 | unknown | — | — | 2mo ago | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison in the password plugin could lead to type confusion that allows a password change without knowing … | |||
| CVE-2026-35540 | unknown | — | — | 2mo ago | An issue was discovered in Roundcube Webmail 1.6.0 before 1.6.14. Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if s… | |||
| CVE-2026-35537 | unknown | — | — | 2mo ago | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsafe deserialization in the redis/memcache session handler may lead to arbitrary file write operations by unauthenticated atta… | |||
| CVE-2026-35543 | unknown | — | — | 2mo ago | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via SVG content (with animate attributes) in an e-mail message. This may lead … | |||
| CVE-2026-35542 | unknown | — | — | 2mo ago | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via a crafted background attribute of a BODY element in an e-mail message. Thi… | |||
| CVE-2026-35539 | unknown | — | — | 2mo ago | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. XSS exists because of insufficient HTML attachment sanitization in preview mode. A victim must preview a text/html attachment. | |||
| CVE-2026-35538 | unknown | — | — | 2mo ago | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsanitized IMAP SEARCH command arguments could lead to IMAP injection or CSRF bypass during mail search. | |||
| CVE-2026-35544 | unknown | — | — | 2mo ago | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to a fixed-position mitigation bypass vi… | |||
| CVE-2026-35545 | unknown | — | — | 2mo ago | An issue was discovered in Roundcube Webmail before 1.5.15 and 1.6.15. The remote image blocking feature can be bypassed via SVG content in an e-mail message. This may lead to information disclosure … | |||
| CVE-2026-4634 | unknown | — | — | 2mo ago | Keycloak: Application-Level DoS via Scope Processing | |||
| CVE-2026-4636 | unknown | — | — | 2mo ago | Keycloak: UMA Policy Resource Injection Allows Unauthorized Cross-User Permission Grants | |||
| CVE-2026-4282 | unknown | — | — | 2mo ago | Keycloak: Privilege escalation via forged authorization codes due to SingleUseObjectProvider isolation flaw | |||
| CVE-2026-4325 | unknown | — | — | 2mo ago | Keycloak: Replay of action tokens via improper handling of single-use entries | |||
| CVE-2026-3872 | unknown | — | — | 2mo ago | Keycloak: Redirect URI validation bypass via ..;/ path traversal in OIDC auth endpoint | |||
| CVE-2026-34525 | unknown | — | — | 2mo ago | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host headers were allowed in aiohttp. This issue has been patched in version 3.13.4. | |||
| CVE-2026-34520 | unknown | — | — | 2mo ago | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, the C parser (the default for most installs) accepted null bytes and control characters in res… | |||
| CVE-2026-34519 | unknown | — | — | 2mo ago | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the reason parameter when creating a Response may be able to inject e… | |||
| CVE-2026-34518 | unknown | — | — | 2mo ago | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, when following redirects to a different origin, aiohttp drops the Authorization header, but re… | |||
| CVE-2026-34517 | unknown | — | — | 2mo ago | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, for some multipart form fields, aiohttp read the entire field into memory before checking clie… | |||
| CVE-2026-34516 | unknown | — | — | 2mo ago | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, a response with an excessive number of multipart headers may be allowed to use more memory tha… | |||
| CVE-2026-34515 | unknown | — | — | 2mo ago | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, on Windows the static resource handler may expose information about a NTLMv2 remote path. This… | |||
| CVE-2026-34514 | unknown | — | — | 2mo ago | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the content_type parameter in aiohttp could use this to inject extra … | |||
| CVE-2026-34513 | unknown | — | — | 2mo ago | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situ… | |||
| CVE-2026-22815 | unknown | — | — | 2mo ago | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restrictions in header/trailer handling could cause uncapped memory usage. This i… | |||
| CVE-2026-20687 | unknown | — | — | 2mo ago | watchOS 26.4 | |||
| CVE-2026-28852 | unknown | — | — | 2mo ago | visionOS 26.4 | |||
| CVE-2026-28864 | unknown | — | — | 2mo ago | visionOS 26.4 | |||
| CVE-2026-20690 | unknown | — | — | 2mo ago | visionOS 26.4 | |||
| CVE-2026-28868 | unknown | — | — | 2mo ago | visionOS 26.4 | |||
| CVE-2026-28876 | unknown | — | — | 2mo ago | visionOS 26.4 | |||
| CVE-2026-28865 | unknown | — | — | 2mo ago | visionOS 26.4 | |||
| CVE-2026-28867 | unknown | — | — | 2mo ago | visionOS 26.4 |