CVEs from 2026
Total
14,034
critical
critical 1,231
high
high 4,634
medium
medium 4,443
low
low 484
% Critical
8.8%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 522
- firepower_threat_defense_software 300
- firepower_threat_defense 298
- gcp 239
- openclaw 172
- commerce 104
- commerce_b2b 89
- grafana 80
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-45855 | unknown | — | — | 7d ago | In the Linux kernel, the following vulnerability has been resolved: ata: libata-scsi: avoid Non-NCQ command starvation When a non-NCQ command is issued while NCQ commands are being executed, ata_sc… | |||
| CVE-2026-45854 | unknown | — | — | 7d ago | In the Linux kernel, the following vulnerability has been resolved: crypto: inside-secure/eip93 - unregister only available algorithm EIP93 has an options register. This register indicates which cr… | |||
| CVE-2026-45853 | unknown | — | — | 7d ago | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Use kvfree instead of kfree in amdgpu_gmc_get_nps_memranges() amdgpu_discovery_get_nps_info() internally allocates me… | |||
| CVE-2026-45851 | unknown | — | — | 7d ago | In the Linux kernel, the following vulnerability has been resolved: efi: Fix reservation of unaccepted memory table The reserve_unaccepted() function incorrectly calculates the size of the memblock… | |||
| CVE-2026-45850 | unknown | — | — | 7d ago | In the Linux kernel, the following vulnerability has been resolved: ipvs: skip ipv6 extension headers for csum checks Protocol checksum validation fails for IPv6 if there are extension headers befo… | |||
| CVE-2026-45849 | unknown | — | — | 7d ago | In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: add missing lock protection in ocelot_port_xmit_inj() ocelot_port_xmit_inj() calls ocelot_can_inject() and oce… | |||
| CVE-2026-45848 | unknown | — | — | 7d ago | In the Linux kernel, the following vulnerability has been resolved: apparmor: fix NULL sock in aa_sock_file_perm Deal with the potential that sock and sock-sk can be NULL during socket setup or tea… | |||
| CVE-2026-45847 | unknown | — | — | 7d ago | In the Linux kernel, the following vulnerability has been resolved: net: remove WARN_ON_ONCE when accessing forward path array Although unlikely, recent support for IPIP tunnels increases chances o… | |||
| CVE-2026-45846 | unknown | — | — | 7d ago | In the Linux kernel, the following vulnerability has been resolved: bareudp: fix NULL pointer dereference in bareudp_fill_metadata_dst() bareudp_fill_metadata_dst() passes bareudp->sock to udp_tunn… | |||
| CVE-2026-45845 | unknown | — | — | 7d ago | In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: fix NULL pointer dereference in class dump When a TAPRIO child qdisc is deleted via RTM_DELQDISC, taprio_graft… | |||
| CVE-2026-45844 | unknown | — | — | 7d ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: arp_tables: fix IEEE1394 ARP payload parsing Weiming Shi says: "arp_packet_match() unconditionally parses the ARP pay… | |||
| CVE-2026-45842 | unknown | — | — | 7d ago | In the Linux kernel, the following vulnerability has been resolved: slip: reject VJ receive packets on instances with no rstate array slhc_init() accepts rslots == 0 as a valid configuration, with … | |||
| CVE-2026-45841 | unknown | — | — | 7d ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_osf: fix divide-by-zero in OSF_WSS_MODULO nf_osf_match_one() computes ctx->window % f->wss.val in the OSF_WS… | |||
| CVE-2026-45840 | unknown | — | — | 7d ago | In the Linux kernel, the following vulnerability has been resolved: openvswitch: cap upcall PID array size and pre-size vport replies The vport netlink reply helpers allocate a fixed-size skb with … | |||
| CVE-2026-45839 | unknown | — | — | 7d ago | In the Linux kernel, the following vulnerability has been resolved: bpf: reject negative CO-RE accessor indices in bpf_core_parse_spec() CO-RE accessor strings are colon-separated indices that desc… | |||
| CVE-2026-45838 | unknown | — | — | 7d ago | In the Linux kernel, the following vulnerability has been resolved: bpf: fix end-of-list detection in cgroup_storage_get_next_key() list_next_entry() never returns NULL -- when the current element … | |||
| CVE-2026-45837 | unknown | — | — | 7d ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in arena_vm_close on fork arena_vm_open() only bumps vml->mmap_count but never registers the child VMA in… | |||
| CVE-2026-49017 | unknown | — | — | 7d ago | In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty bu… | |||
| CVE-2026-45836 | unknown | — | — | 8d ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_get_sndtimeo_cb() Add the same NULL guard already present in l2cap_sock_resume… | |||
| CVE-2026-45835 | unknown | — | — | 8d ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_new_connection_cb() Add the same NULL guard already present in l2cap_sock_resu… | |||
| CVE-2026-45834 | unknown | — | — | 8d ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_state_change_cb() Add the same NULL guard already present in l2cap_sock_resume… | |||
| CVE-2026-46644 | unknown | — | — | 8d ago | symfony/polyfill-intl-idn: xn-- labels with ASCII-only Punycode payloads are treated as equivalent to their decoded form | |||
| CVE-2026-48761 | unknown | — | — | 8d ago | CVE-2026-48761: HtmlSanitizer UrlAttributeSanitizer Misses URL Attributes on <object>, <applet>, <iframe>, <img> and the URL Inside <meta http-equiv="refresh"> content | |||
| CVE-2026-48760 | unknown | — | — | 8d ago | CVE-2026-48760: HtmlSanitizer URL Parser Deny Gates Underinclusive: Percent-Encoded BiDi Marks and Unicode Whitespace Bypass Visual-Spoofing Defense | |||
| CVE-2026-48784 | unknown | — | — | 8d ago | CVE-2026-48784: UrlGenerator Dot-Segment Encoding Skips Every Other Chained `../` or `./` → Generated URL Collapses Off-Route Under RFC 3986 Normalization | |||
| CVE-2026-48747 | unknown | — | — | 8d ago | CVE-2026-48747: Mailomat Mailer Webhook Parser Reads the HMAC Algorithm from the Request: Signature Algorithm Downgrade | |||
| CVE-2026-48736 | unknown | — | — | 8d ago | CVE-2026-48736: IpUtils::PRIVATE_SUBNETS Omits IPv6 Transition Forms (6to4, NAT64, Teredo, IPv4-compatible): SSRF Bypass in NoPrivateNetworkHttpClient | |||
| CVE-2026-48489 | unknown | — | — | 8d ago | CVE-2026-48489: Security Firewall Bypass via failure_forward Subrequest: Unauthenticated Access to access_control-Protected GET Routes | |||
| CVE-2026-48831 | unknown | — | — | 9d ago | Wine ships a .desktop file that registers itself as a MIME handler for EXE files and several other Windows executable file types. In some configurations, handling of an EXE file causes that file to b… | |||
| CVE-2026-8997 | unknown | — | — | 12d ago | vifm is vulnerable to a heap buffer overflow during the history merge process when saving the state file (vifminfo.json). This flaw occurs because the application lacks a runtime check on the length … | |||
| CVE-2026-43496 | unknown | — | — | 13d ago | In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_red: Replace direct dequeue call with peek and qdisc_dequeue_peeked When red qdisc has children (eg qfq qdisc) who… | |||
| CVE-2026-46626 | unknown | — | — | 14d ago | CVE-2026-46626: SymfonyRuntime CVE-2024-50340 Patch Bypass: Web Requests Can Still Set APP_ENV/APP_DEBUG via parse_str/SAPI Argv Mismatch | |||
| CVE-2026-47732 | unknown | — | — | 14d ago | Sandbox: multiple `__toString()` policy bypasses via unguarded string coercion points | |||
| CVE-2026-45753 | unknown | — | — | 14d ago | Symfony's HtmlSanitizer UrlAttributeSanitizer Omits action/formaction/poster/cite — `javascript`: URI Survives Sanitization (XSS) | |||
| CVE-2026-45756 | unknown | — | — | 14d ago | Symfony's JsonPath Evaluates Attacker-Controlled Regular Expressions in match()/search() Without Limits — ReDoS | |||
| CVE-2026-45755 | unknown | — | — | 14d ago | Symfony's Mailtrap Mailer Webhook Parser Never Verifies the X-Mt-Signature HMAC — Unauthenticated Webhook Event Injection | |||
| CVE-2026-45754 | unknown | — | — | 14d ago | Symfony's Mailjet Mailer Webhook Parser Never Verifies the Configured Secret — Unauthenticated Webhook Event Injection | |||
| CVE-2026-47212 | unknown | — | — | 14d ago | Symfony: Twilio SMS Notifier allows unauthenticated webhook injection due to missing X-Twilio-Signature verification | |||
| CVE-2026-46627 | unknown | — | — | 14d ago | Sandbox does not protect against resource exhaustion | |||
| CVE-2026-47730 | unknown | — | — | 14d ago | XSS in profiler HtmlDumper via unescaped template and profile names | |||
| CVE-2026-43492 | unknown | — | — | 15d ago | In the Linux kernel, the following vulnerability has been resolved: lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl() Yiming reports an integer underflow in mpi_read_raw_from_sgl() … | |||
| CVE-2026-43491 | unknown | — | — | 15d ago | In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the maximum server registration per node Current code does no bound checking on the number of servers added … | |||
| CVE-2026-8726 | unknown | — | — | 15d ago | The extension fails to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "… | |||
| CVE-2026-45829 | unknown | — | — | 16d ago | ChromaDB Python project has a pre-authentication code injection vulnerability | |||
| CVE-2026-8295 | unknown | — | — | 20d ago | An integer overflow vulnerability in the simdjson document-builder API allows incorrect buffer size calculations in "string_builder::escape_and_append()" when processing very large input strings on p… | |||
| CVE-2026-8328 | unknown | — | — | 20d ago | The ftpcp() function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv() was patched to replace server-supplied PASV host addresses with the actual peer address (getpee… | |||
| CVE-2026-43489 | unknown | — | — | 21d ago | In the Linux kernel, the following vulnerability has been resolved: liveupdate: luo_file: remember retrieve() status LUO keeps track of successful retrieve attempts on a LUO file. It does so to av… | |||
| CVE-2026-43488 | unknown | — | — | 21d ago | In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Prevent interrupt storm on host controller error (HCE) The xHCI controller reports a Host Controller Error (HCE) in UA… | |||
| CVE-2026-43487 | unknown | — | — | 21d ago | In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Disable LPM on ST1000DM010-2EP102 According to a user report, the ST1000DM010-2EP102 has problems with LPM, cau… | |||
| CVE-2026-43486 | unknown | — | — | 21d ago | In the Linux kernel, the following vulnerability has been resolved: arm64: contpte: fix set_access_flags() no-op check for SMMU/ATS faults contpte_ptep_set_access_flags() compared the gathered ptep… | |||
| CVE-2026-43485 | unknown | — | — | 21d ago | In the Linux kernel, the following vulnerability has been resolved: nouveau/gsp: drop WARN_ON in ACPI probes These WARN_ONs seem to trigger a lot, and we don't seem to have a plan to fix them, so j… | |||
| CVE-2026-43484 | unknown | — | — | 21d ago | In the Linux kernel, the following vulnerability has been resolved: mmc: core: Avoid bitfield RMW for claim/retune flags Move claimed and retune control flags out of the bitfield word to avoid unre… | |||
| CVE-2026-43483 | unknown | — | — | 21d ago | In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Set/clear CR8 write interception when AVIC is (de)activated Explicitly set/clear CR8 write interception when AVIC is (d… | |||
| CVE-2026-43482 | unknown | — | — | 21d ago | In the Linux kernel, the following vulnerability has been resolved: sched_ext: Disable preemption between scx_claim_exit() and kicking helper work scx_claim_exit() atomically sets exit_kind, which … | |||
| CVE-2026-43480 | unknown | — | — | 21d ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition The acp3x_5682_init() function did not check the r… | |||
| CVE-2026-43479 | unknown | — | — | 21d ago | In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect Remove redundant netif_napi_del() call from disconnect path.… | |||
| CVE-2026-43478 | unknown | — | — | 21d ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: rt1011: Use component to get the dapm context in spk_mode_put The correct helper to use in rt1011_recv_spk_mode_put… | |||
| CVE-2026-43477 | unknown | — | — | 21d ago | In the Linux kernel, the following vulnerability has been resolved: drm/i915/vrr: Configure VRR timings after enabling TRANS_DDI_FUNC_CTL Apparently ICL may hang with an MCE if we write TRANS_VRR_V… | |||
| CVE-2026-28894 | unknown | — | — | 23d ago | macOS Sonoma 14.8.5 | |||
| CVE-2026-1837 | unknown | — | — | 23d ago | visionOS 26.5 | |||
| CVE-2026-6210 | unknown | — | — | 28d ago | A type confusion vulnerability in Qt SVG allows an attacker to cause an application crash via a crafted SVG image. When processing SVG marker references, the renderer retrieves a node by its id at… | |||
| CVE-2026-41305 | unknown | — | — | 1mo ago | PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Syntax Tree. Versions prior to 8.5.10 do not escape `</style>` sequences when s… | |||
| CVE-2026-39973 | unknown | — | — | 1mo ago | Apktool: Path Traversal to Arbitrary File Write | |||
| CVE-2026-41239 | unknown | — | — | 1mo ago | DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Starting in version 1.0.10 and prior to version 3.4.0, `SAFE_FOR_TEMPLATES` strips `{{...}}` expressions from untrust… | |||
| CVE-2026-41238 | unknown | — | — | 1mo ago | DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions 3.0.1 through 3.3.3 are vulnerable to a prototype pollution-based XSS bypass. When an application uses `DOMP… | |||
| CVE-2026-41166 | unknown | — | — | 1mo ago | OpenRemote has Improper Access Control via updateUserRealmRoles function | |||
| CVE-2026-40942 | unknown | — | — | 1mo ago | Data Sharing Framework has an Inverted Time Comparison in OIDC JWKS and Token Cache | |||
| CVE-2026-40939 | unknown | — | — | 1mo ago | Data Sharing Framework is Missing Session Timeout for OIDC Sessions | |||
| CVE-2026-39386 | unknown | — | — | 1mo ago | Neko has a Self-service Privilege Escalation for Authenticated Users in github.com/m1k1o/neko/server | |||
| CVE-2026-32613 | unknown | — | — | 1mo ago | Spinnaker: RCE via expression parsing due to unrestricted context handling | |||
| CVE-2026-32604 | unknown | — | — | 1mo ago | Spinnaker: RCE when using gitrepo artifact types due to improper sanitization of user input on branch and paths | |||
| CVE-2026-6783 | unknown | — | — | 1mo ago | Incorrect boundary conditions, integer overflow in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | |||
| CVE-2026-6782 | unknown | — | — | 1mo ago | Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | |||
| CVE-2026-6781 | unknown | — | — | 1mo ago | Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | |||
| CVE-2026-6778 | unknown | — | — | 1mo ago | Invalid pointer in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | |||
| CVE-2026-6777 | unknown | — | — | 1mo ago | Other issue in the Networking: DNS component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | |||
| CVE-2026-6775 | unknown | — | — | 1mo ago | Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | |||
| CVE-2026-6774 | unknown | — | — | 1mo ago | Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | |||
| CVE-2026-6773 | unknown | — | — | 1mo ago | Denial-of-service due to integer overflow in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | |||
| CVE-2026-6768 | unknown | — | — | 1mo ago | Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | |||
| CVE-2026-6755 | unknown | — | — | 1mo ago | Mitigation bypass in the DOM: postMessage component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | |||
| CVE-2026-33557 | unknown | — | — | 1mo ago | Apache Kafka does not validate JWT tokens in its OAUTHBEARER authentication implementation | |||
| CVE-2026-33558 | unknown | — | — | 1mo ago | Apache Kafka exposes sensitive information in its DEBUG logs | |||
| CVE-2026-40458 | unknown | — | — | 2mo ago | PAC4J has a Cross-Site Request Forgery (CSRF) Vulnerability | |||
| CVE-2026-41245 | unknown | — | — | 2mo ago | Junrar: Path Traversal (Zip-Slip) via Sibling Directory Name Prefix | |||
| CVE-2026-30778 | unknown | — | — | 2mo ago | SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information | |||
| CVE-2026-40478 | unknown | — | — | 2mo ago | Improper neutralization of specific syntax patterns for unauthorized expressions in Thymeleaf | |||
| CVE-2026-40477 | unknown | — | — | 2mo ago | Improper restriction of the scope of accessible objects in Thymeleaf expressions | |||
| CVE-2026-40347 | unknown | — | — | 2mo ago | Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial of service vulnerability when parsing crafted `multipart/form-data` requests with large preamble or… | |||
| CVE-2026-40882 | unknown | — | — | 2mo ago | OpenRemote has XXE in Velbus Asset Import | |||
| CVE-2026-6313 | unknown | — | — | 2mo ago | Insufficient policy enforcement in CORS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. … | |||
| CVE-2026-5598 | unknown | — | — | 2mo ago | Bouncy Castle Has Covert Timing Channel Vulnerability | |||
| CVE-2026-5588 | unknown | — | — | 2mo ago | Bouncy Castle Crypto Package For Java: Use of a Broken or Risky Cryptographic Algorithm vulnerability in bcpkix modules | |||
| CVE-2026-3505 | unknown | — | — | 2mo ago | Bouncy Castle Uncontrolled Resource Consumption vulnerability | |||
| CVE-2026-0636 | unknown | — | — | 2mo ago | Bouncy Castle has an LDAP injection | |||
| CVE-2026-40104 | unknown | — | — | 2mo ago | XWiki's REST APIs can list all pages/spaces, leading to unavailability | |||
| CVE-2026-40105 | unknown | — | — | 2mo ago | XWiki has Reflected Cross-Site Scripting (XSS) in page history compare | |||
| CVE-2026-39842 | unknown | — | — | 2mo ago | Expression Injection in OpenRemote | |||
| CVE-2026-33414 | unknown | — | — | 2mo ago | Podman is a tool for managing OCI containers and pods. Versions 4.8.0 through 5.8.1 contain a command injection vulnerability in the HyperV machine backend in pkg/machine/hyperv/stubber.go, where the… | |||
| CVE-2026-40683 | unknown | — | — | 2mo ago | OpenStack Keystone: LDAP identity backend does not convert enabled attribute to boolean |