CVEs from 2026
Total
14,084
critical
critical 1,231
high
high 4,631
medium
medium 4,442
low
low 483
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 505
- firepower_threat_defense_software 300
- firepower_threat_defense 298
- gcp 239
- openclaw 172
- commerce 104
- commerce_b2b 89
- grafana 80
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-45005 | medium | 6.0 | 6.0 | 22d ago | OpenClaw's Webhooks SecretRef route secret remains valid after rotation/reload | |||
| CVE-2026-41689 | medium | 6.0 | 6.0 | 26d ago | Wallos is an open-source, self-hostable personal subscription tracker. In versions 4.8.4 and prior, the webhook notification feature reuses an administrator-configured local-target allowlist for ever… | |||
| CVE-2026-25861 | medium | 5.9 | 5.9 | 4h ago | QloApps through 1.7.0, fixed in commit 64e9722, contains a weak cryptographic algorithm vulnerability that allows attackers to compromise user credentials by exploiting the use of MD5 for password ha… | |||
| CVE-2026-10584 | medium | 5.9 | 5.9 | 6h ago | Proxy server in Graph Explorer before 3.0.1 falls back to HTTP when certificate files are missing, which might allow remote threat actors to obtain sensitive information via interception of requests … | |||
| CVE-2026-28116 | medium | 5.9 | 5.9 | 12h ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Emilia Projects Progress Planner allows Stored XSS. This issue affects Progress Planner: from n/… | |||
| CVE-2026-0077 | medium | 5.9 | 5.9 | 1d ago | In resumeConfigurationDispatch of ActivityRecord.java, there is a possible background application launch (bal) due to a logic error in the code. This could lead to local escalation of privilege with … | |||
| CVE-2026-0075 | medium | 5.9 | 5.9 | 1d ago | In multiple functions, there is a possible way to access the contacts database due to a SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed.… | |||
| CVE-2026-0061 | medium | 5.9 | 5.9 | 1d ago | In multiple functions of WindowState.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege wit… | |||
| CVE-2026-45691 | medium | 5.9 | 5.9 | 1d ago | Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, a pre-2FA session cookie (created after successful … | |||
| CVE-2026-45690 | medium | 5.9 | 5.9 | 1d ago | Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authentication bypass vulnerability allowed atta… | |||
| CVE-2026-43625 | medium | 5.9 | 5.9 | 1d ago | CodexBar prior to 0.32.0 contains a session cookie leakage vulnerability that allows network attackers to intercept imported browser session cookies by exploiting improper redirect handling for Amp a… | |||
| CVE-2026-49270 | medium | 5.9 | 5.9 | 2d ago | Exposure of Sensitive Information Through Metadata vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Brokers that are configured with a network connector with syncDurabl… | |||
| CVE-2026-49267 | medium | 5.9 | 5.9 | 2d ago | Apache Airflow's EmailOperator and the underlying `airflow.utils.email` helpers established SMTP STARTTLS connections without verifying the remote certificate when the deployment used `[email] smtp_s… | |||
| CVE-2026-41017 | medium | 5.9 | 5.9 | 2d ago | Apache Airflow's `JWTRefreshMiddleware` set the JWT auth cookie without the `Secure` flag, so deployments running the Airflow API server behind an HTTPS-terminating reverse proxy (e.g. nginx / Envoy … | |||
| CVE-2026-47741 | medium | 5.9 | 5.9 | 4d ago | Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, CreateOrderFromCartAction::execute previously created the Order row before checking and incrementing the discount's total_use counter. Un… | |||
| CVE-2026-9793 | medium | 5.9 | 5.9 | 6d ago | A flaw was found in Keycloak. When a JSON Web Encryption (JWE) encrypted request object is submitted, Keycloak may incorrectly process unsigned claims if the decrypted content is raw JSON, bypassing … | |||
| CVE-2026-46538 | medium | 5.9 | 5.9 | 6d ago | Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's constellation client tracks pending task responses by session_id onl… | |||
| CVE-2026-45027 | medium | 5.9 | 5.9 | 6d ago | WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, when a user logs in, html/login.php hashes the submitted password using PHP's hash() function with the SHA-256 algorith… | |||
| CVE-2026-8606 | medium | 5.9 | 5.9 | 7d ago | A Server-Side Request Forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause the server to issue HTTP requests to internal services via the security… | |||
| CVE-2026-44788 | medium | 5.9 | 5.9 | 7d ago | SharpCompress is a fully managed C# library to deal with many compression types and formats. In 0.47.4 and earlier, a path traversal vulnerability in IArchive.WriteToDirectory() allows a malicious ar… | |||
| CVE-2026-48850 | medium | 5.9 | 5.9 | 8d ago | PuTTY 0.72 before 0.84 has a double free in RSA KEX. | |||
| CVE-2026-42626 | medium | 5.9 | 5.9 | 11d ago | HP ENVY 5000 series printers VERBASPP1N003.2237A.00 do not properly manage concurrent TCP connections to port 9100 (JetDirect/RAW printing). An unauthenticated remote attacker on the same network can… | |||
| CVE-2026-48249 | medium | 5.9 | 5.9 | 12d ago | Open ISES Tickets before 3.44.2 disables TLS certificate verification in rm/incs/mobile_login.inc.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing … | |||
| CVE-2026-48248 | medium | 5.9 | 5.9 | 12d ago | Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/login.inc.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound H… | |||
| CVE-2026-48247 | medium | 5.9 | 5.9 | 12d ago | Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/functions.inc.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbou… | |||
| CVE-2026-48246 | medium | 5.9 | 5.9 | 12d ago | Open ISES Tickets before 3.44.2 disables TLS certificate verification in ajax/reports.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound HTT… | |||
| CVE-2026-44061 | medium | 5.9 | 5.9 | 13d ago | Netatalk 1.5.0 through 4.4.2 uses DES-ECB for authentication with a timing side channel, which allows a remote attacker to recover authentication credentials via timing analysis. | |||
| CVE-2026-9100 | medium | 5.9 | 5.9 | 13d ago | The MongoDB C Driver's legacy GridFS API accepts malformed file metadata from the database without adequate validation. Crafted documents in a GridFS collection may cause any application that reads t… | |||
| CVE-2026-5947 | medium | 5.9 | 5.9 | 14d ago | Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG(0), it begins work to validate that signature. … | |||
| CVE-2026-44608 | medium | 5.9 | 5.9 | 14d ago | NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a locking inconsistency vulnerability that when certain conditions are met (multi-threaded, RPZ XFR reload, RPZ zone with 'rpz-nsip'/'… | |||
| CVE-2026-41470 | medium | 5.9 | 5.9 | 14d ago | LIVE555 before 2026.04.22 contains an authorization bypass vulnerability in RTSP session command handling that allows attackers to replay valid Session tokens from unauthenticated connections. Attack… | |||
| CVE-2026-32134 | medium | 5.9 | 5.9 | 14d ago | NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In versions 0.24.10 and below, when NanoMQ handles high-concurrency reconnect traffic using a reconnect-collision payload, the br… | |||
| CVE-2026-40355 | medium | 5.9 | 5.9 | 15d ago | RHSA-2026:16799: krb5 security update (Important) | |||
| CVE-2026-40356 | medium | 5.9 | 5.9 | 15d ago | RHSA-2026:16799: krb5 security update (Important) | |||
| CVE-2026-45681 | medium | 5.9 | 5.9 | 15d ago | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the per-CPU message-buffer fallback path uses a 256-byte backup buffer bu… | |||
| CVE-2026-45680 | medium | 5.9 | 5.9 | 15d ago | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI replays BPF probe hits into histogram observations by looping once pe… | |||
| CVE-2026-41968 | medium | 5.9 | 5.9 | 19d ago | Permission control vulnerability in the manufacturability design module. Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2026-41967 | medium | 5.9 | 5.9 | 19d ago | Permission control vulnerability in the manufacturability design module. Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2026-41961 | medium | 5.9 | 5.9 | 19d ago | Permission control vulnerability in contacts. Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2026-6811 | medium | 5.9 | 5.9 | 19d ago | Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when processing deeply nested BSON documents in unusual circumstances when the source of these BSON documents is… | |||
| CVE-2026-42597 | medium | 5.9 | 5.9 | 19d ago | Gotenberg allows Chromium URL conversion routes to read arbitrary files under /tmp via file:// scheme | |||
| CVE-2026-33381 | medium | 5.9 | 5.9 | 20d ago | When a user's access to mint tokens for a service account is revoked, it is sometimes still possible to do so for a few seconds after the event. The user will eventually lose access to do this. | |||
| CVE-2026-44577 | medium | 5.9 | 5.9 | 20d ago | Next.js has a Denial of Service in the Image Optimization API | |||
| CVE-2026-44572 | medium | 5.9 | 5.9 | 20d ago | Next.js's Middleware / Proxy redirects can be cache-poisoned | |||
| CVE-2026-6253 | medium | 5.9 | 5.9 | 21d ago | curl might erroneously pass on credentials for a first proxy to a second proxy. This can happen when the following conditions are true: 1. curl is setup to use specific different proxies for differ… | |||
| CVE-2026-4873 | medium | 5.9 | 5.9 | 21d ago | A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text (via IMAP, SM… | |||
| CVE-2026-42545 | medium | 5.9 | 5.9 | 21d ago | Granian vulnerable to DoS via WSGI response header panic | |||
| CVE-2026-43930 | medium | 5.9 | 5.9 | 22d ago | parse-server: MFA SMS one-time password accepted twice under concurrent login | |||
| CVE-2026-8261 | medium | 5.9 | 5.9 | 23d ago | A vulnerability was determined in Squirrel up to 3.2. This affects the function SQFunctionProto::Load of the file squirrel/sqobject.cpp. This manipulation causes heap-based buffer overflow. The attac… | |||
| CVE-2026-42225 | medium | 5.9 | 5.9 | 26d ago | PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, on GnuTLS builds, the SIP TLS transport (sip_transport_tls) can accept connections with invalid o… | |||
| CVE-2026-39817 | medium | 5.9 | 5.9 | 26d ago | The "go tool pack" subcommand (usually used only by the compiler as an internal tool with known-good inputs) does not sanitize output filenames. Extracting a malicious archive file with the "pack" su… | |||
| CVE-2026-41484 | medium | 5.9 | 5.9 | 27d ago | OneCollector exporter reads unbounded HTTP response bodies | |||
| CVE-2026-41483 | medium | 5.9 | 5.9 | 27d ago | OpenTelemetry.Resources.Azure has an unbounded HTTP response body read | |||
| CVE-2026-5119 | medium | 5.9 | 5.9 | 28d ago | A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network… | |||
| CVE-2026-34956 | medium | 5.9 | 5.9 | 28d ago | A flaw was found in Open vSwitch. When Open vSwitch is configured with a conntrack flow using FTP helpers over the userspace datapath, a remote attacker can send a specially crafted FTP stream with a… | |||
| CVE-2026-28510 | medium | 5.9 | 5.9 | 29d ago | eLabFTW is an open source electronic lab notebook. In elabftw versions through 5.4.1, the login flow did not reliably preserve the multi-factor authentication state across authentication steps. Under… | |||
| CVE-2026-32148 | medium | 5.9 | 5.9 | 1mo ago | Insufficient Verification of Data Authenticity vulnerability in hexpm hex (Hex.RemoteConverger module) allows dependency integrity bypass via unverified lockfile checksums. Hex stores checksums for … | |||
| CVE-2026-5080 | medium | 5.9 | 5.9 | 1mo ago | Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The session id is generated from summing the character codepoints of the absolute pathname with the proce… | |||
| CVE-2026-41016 | medium | 5.9 | 5.9 | 1mo ago | apache-airflow-providers-smtp: No certificate validation on SMTP STARTTLS connections in SMTP provider | |||
| CVE-2026-42643 | medium | 5.9 | 5.9 | 1mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StellarWP Image Widget image-widget allows Stored XSS.This issue affects Image Widget: from n/a t… | |||
| CVE-2026-7318 | medium | 5.9 | 5.9 | 1mo ago | A vulnerability was detected in elie mcp-project 0.1.0. The affected element is the function search_papers of the file research_server.py. The manipulation of the argument topic results in path trave… | |||
| CVE-2026-33467 | medium | 5.9 | 5.9 | 1mo ago | Elastic Package Registry has Improper Verification of Cryptographic Signature | |||
| CVE-2026-40966 | medium | 5.9 | 5.9 | 1mo ago | Spring AI's VectorStoreChatMemoryAdvisor conversation scoping can lead to cross-tenant memory exfiltration | |||
| CVE-2026-41319 | medium | 5.9 | 5.9 | 1mo ago | MailKit has STARTTLS Response Injection via unflushed stream buffer that enables SASL mechanism downgrade | |||
| CVE-2026-41078 | medium | 5.9 | 5.9 | 1mo ago | OpenTelemetry .NET has potential memory exhaustion via unbounded pooled-list sizing in Jaeger exporter conversion path | |||
| CVE-2026-40182 | medium | 5.9 | 5.9 | 1mo ago | OpenTelemetry dotnet: OTLP exporter reads unbounded HTTP response bodies | |||
| CVE-2026-3621 | medium | 5.9 | 5.9 | 1mo ago | IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere Application Server Liberty is vulnerable to identity spoofing under limited conditions when an application is deploy… | |||
| CVE-2026-41213 | medium | 5.9 | 5.9 | 2mo ago | @node-oauth/oauth2-server is a module for implementing an OAuth2 server in Node.js. The token exchange path accepts RFC7636-invalid code_verifier values (including one-character strings) for S256 PKC… | |||
| CVE-2026-32226 | medium | 5.9 | 5.9 | 2mo ago | Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network. | |||
| CVE-2026-34477 | medium | 5.9 | 5.9 | 2mo ago | Apache Log4j Core: `verifyHostName` attribute silently ignored in TLS configuration | |||
| CVE-2026-21717 | medium | 5.9 | 5.9 | 2mo ago | RHSA-2026:7670: nodejs:24 security update (Important) | |||
| CVE-2026-21713 | medium | 5.9 | 5.9 | 2mo ago | RHSA-2026:7670: nodejs:24 security update (Important) | |||
| CVE-2026-39654 | medium | 5.9 | 5.9 | 2mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ashish Ajani WP Simple HTML Sitemap wp-simple-html-sitemap allows DOM-Based XSS.This issue affect… | |||
| CVE-2026-34219 | medium | 5.9 | 5.9 | 2mo ago | libp2p-gossipsub: Remote crash via unchecked Instant overflow in heartbeat backoff expiry handling | |||
| CVE-2026-4988 | medium | 5.9 | 5.9 | 2mo ago | A security flaw has been discovered in Open5GS 2.7.6. This issue affects the function smf_gx_cca_cb/smf_gy_cca_cb/smf_s6b of the component CCA Message Handler. The manipulation results in denial of s… | |||
| CVE-2026-27856 | medium | 5.9 | 5.9 | 2mo ago | Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to determine the configured credentials. Figuring out the credential wi… | |||
| CVE-2026-27855 | medium | 5.9 | 5.9 | 2mo ago | Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP credentials can be cached so that same OTP r… | |||
| CVE-2026-32935 | medium | 5.9 | 5.9 | 3mo ago | phpseclib's AES-CBC unpadding susceptible to padding oracle timing attack | |||
| CVE-2026-28044 | medium | 5.9 | 5.9 | 3mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Media WP Rocket allows Stored XSS.This issue affects WP Rocket: from n/a through 3.19.4. | |||
| CVE-2026-27344 | medium | 5.9 | 5.9 | 3mo ago | Missing Authorization vulnerability in inseriswiss inseri core inseri-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects inseri core: from n/a through <= … | |||
| CVE-2026-27601 | medium | 5.9 | 5.9 | 3mo ago | Underscore has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack | |||
| CVE-2026-25004 | medium | 5.9 | 5.9 | 3mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Business Directory cm-business-directory allows Stored XSS.This issue a… | |||
| CVE-2026-1685 | medium | 5.9 | 5.9 | 4mo ago | A vulnerability was identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_40AC74 of the component Login. Such manipulation leads to improper restriction of excessive authe… | |||
| CVE-2026-24621 | medium | 5.9 | 5.9 | 4mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vladimir Statsenko Terms descriptions terms-descriptions allows DOM-Based XSS.This issue affects … | |||
| CVE-2026-24594 | medium | 5.9 | 5.9 | 4mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in livemesh Livemesh Addons for WPBakery Page Builder addons-for-visual-composer allows Stored XSS.T… | |||
| CVE-2026-23976 | medium | 5.9 | 5.9 | 4mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Modula Image Gallery modula-best-grid-gallery allows Stored XSS.This issue affects Modul… | |||
| CVE-2026-10517 | medium | 5.8 | 5.8 | 2d ago | A flaw was found in Clair. The fetcher component makes outbound HTTP requests to attacker-supplied URIs from manifest layer descriptors without IP or scheme filtering. When PSK authentication is not … | |||
| CVE-2026-49129 | medium | 5.8 | 5.8 | 5d ago | Music Player Daemon (MPD) before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPT_FOLLOWLOCATION is set without CURLOPT_REDIR_PROTOCOLS_STR, allow… | |||
| CVE-2026-41009 | medium | 5.8 | 5.8 | 7d ago | When the director sends a long-running request (e.g. compile_package), the agent's reply JSON is consumed by AgentClient. inject_compile_log (line 332-339) reads response['value']['result']['compile_… | |||
| CVE-2026-24201 | medium | 5.8 | 5.8 | 7d ago | NVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause an out-of-bound access. A successful exploit of this vulnerability might lead to data tampering… | |||
| CVE-2026-7385 | medium | 5.8 | 5.8 | 14d ago | The Decent Comments WordPress plugin before 3.0.2 does not restrict access to comment author email addresses and post author email addresses via its REST API endpoint, allowing unauthenticated attack… | |||
| CVE-2026-45557 | medium | 5.8 | 5.8 | 14d ago | Technitium DNS Server aggressively tries to fetch missing RRSIG records or mismatched DNSKEY records. An attacker in control of a domain can cause a vulnerable system to generate excessive network tr… | |||
| CVE-2026-41181 | medium | 5.8 | 5.8 | 18d ago | Traefik's errors middleware forwards Authorization and Cookie headers to separate error page service | |||
| CVE-2026-41960 | medium | 5.8 | 5.8 | 19d ago | Permission control vulnerability in calls. Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2026-3160 | medium | 5.8 | 5.8 | 20d ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to view Jir… | |||
| CVE-2026-44003 | medium | 5.8 | 5.8 | 20d ago | vm2's Transformer Fast-Path Bypass Exposes Internal State Variable | |||
| CVE-2026-44002 | medium | 5.8 | 5.8 | 20d ago | vm2 is Vulnerable to Host File Path Disclosure via Stack Trace Information Leak | |||
| CVE-2026-42926 | medium | 5.8 | 5.8 | 20d ago | When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxy_http_version to 2, and also uses proxy_set_body, an attacker may be able to inject frame headers and payload bytes to the… | |||
| CVE-2026-42279 | medium | 5.8 | 5.8 | 26d ago | solidtime is an open-source time-tracking app. In version 0.12.0, the PUT /api/v1/organizations/{organization}/time-entries/{timeEntry} API accepts a route-bound timeEntry from another organization w… | |||
| CVE-2026-44312 | medium | 5.8 | 5.8 | 27d ago | CSS Parser: Improper Certificate Validation allows MITM injection of remote CSS content |