CVEs from 2026
Total
14,088
critical
critical 1,231
high
high 4,632
medium
medium 4,444
low
low 484
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 522
- firepower_threat_defense_software 300
- firepower_threat_defense 298
- gcp 239
- openclaw 172
- commerce 104
- commerce_b2b 89
- grafana 80
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42279 | medium | 5.8 | 5.8 | 26d ago | solidtime is an open-source time-tracking app. In version 0.12.0, the PUT /api/v1/organizations/{organization}/time-entries/{timeEntry} API accepts a route-bound timeEntry from another organization w… | |||
| CVE-2026-44312 | medium | 5.8 | 5.8 | 27d ago | CSS Parser: Improper Certificate Validation allows MITM injection of remote CSS content | |||
| CVE-2026-44117 | medium | 5.8 | 5.8 | 27d ago | OpenClaw: QQBot direct media upload skipped URL SSRF validation | |||
| CVE-2026-6817 | medium | 5.8 | 5.8 | 1mo ago | The Quiz Maker by AYS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rate_reason' parameter in all versions up to, and including, 6.7.1.29 due to insufficient input saniti… | |||
| CVE-2026-41372 | medium | 5.8 | 5.8 | 1mo ago | OpenClaw: Trailing-dot localhost CDP hosts could bypass remote loopback protections | |||
| CVE-2026-35376 | medium | 5.8 | 5.8 | 1mo ago | uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition | |||
| CVE-2026-34318 | medium | 5.8 | 5.8 | 1mo ago | Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Difficult to exploit vu… | |||
| CVE-2026-41389 | medium | 5.8 | 5.8 | 1mo ago | OpenClaw: Webchat media embedding enforces local-root containment for tool-result files | |||
| CVE-2026-20073 | medium | 5.8 | 5.8 | 3mo ago | A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to send tra… | |||
| CVE-2026-41918 | medium | 5.7 | 5.7 | 13h ago | A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V4.0). The affected applications stores sensitive information in the browser cache when an authenticated user… | |||
| CVE-2026-40990 | medium | 5.7 | 5.7 | 1d ago | OOM error is possible while attempting to add infinite amount of functions to Function Registry. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring C… | |||
| CVE-2026-40989 | medium | 5.7 | 5.7 | 1d ago | Under infinite recursion in the routing layer, request-handling can cause OOM error. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring Cloud Functio… | |||
| CVE-2026-48189 | medium | 5.7 | 5.7 | 2d ago | An improper Input Validation vulnerability in OTRS Customer Backend module allows to access customer information which are restricted to other groups. Please note that the feature has to be anabled a… | |||
| CVE-2026-48187 | medium | 5.7 | 5.7 | 2d ago | An uncontrolled allocation of resources without limits or throttling in the e-mail handling in OTRS allows excessive allocation which may lead to the abortion of the webserver.This issue affects OTRS… | |||
| CVE-2026-48210 | medium | 5.7 | 5.7 | 2d ago | An improper default configuration in OTRS 2026.3.1 causes ticket article forwarding actions to enforce the “Is visible for customer” flag by default and prevent users from disabling it via the UI. Th… | |||
| CVE-2026-40425 | medium | 5.7 | 5.7 | 4d ago | The administrator account for the Danelec MacGregor Voyage Data Recorder web interface can directly edit sensitive files related to authentication, potentially changing the root password. | |||
| CVE-2026-48066 | medium | 5.7 | 5.7 | 6d ago | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/log.c contains a process-wide static pointer that is written on every PAM invocation with the ad… | |||
| CVE-2026-48999 | medium | 5.7 | 5.7 | 7d ago | Attackers carefully craft malicious scripts, such as JavaScript, and inject them into target systems; when other users access pages containing such malicious content, the scripts are automatically lo… | |||
| CVE-2026-8174 | medium | 5.7 | 5.7 | 8d ago | Zohocorp Zoho Mail wordpress plugin is vulnerable to Cross-Site request forgery (CSRF). This issue affects Zoho Mail wordpress plugin versions before 1.6.2. | |||
| CVE-2026-1815 | medium | 5.7 | 5.7 | 13d ago | Insufficient session expiration vulnerability in Turkiye Electricity Transmission Corporation (TEİAŞ) Mobile Application allows Session Hijacking. This issue affects Mobile Application: from 1.6.2 b… | |||
| CVE-2026-34600 | medium | 5.7 | 5.7 | 14d ago | Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.5.2 and prior contain a logic error in the delta API that allows share recipients … | |||
| CVE-2026-44520 | medium | 5.7 | 5.7 | 19d ago | docling-graph has SSRF via Missing Internal IP Validation in URLInputHandler | |||
| CVE-2026-44440 | medium | 5.7 | 5.7 | 20d ago | ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.101.1 and 16.10.0, an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability on … | |||
| CVE-2026-33570 | medium | 5.7 | 5.7 | 21d ago | PowerSYSTEM Center REST API endpoint for devices allows a low privilege authenticated user to access information normally limited by operational permissions. | |||
| CVE-2026-41250 | medium | 5.7 | 5.7 | 22d ago | Taiga is a project management platform for startups and agile developers. Prior 6.9.1, Taiga front is vulnerable to stored XSS. This vulnerability is fixed in 6.9.1. | |||
| CVE-2026-31252 | medium | 5.7 | 5.7 | 22d ago | CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its model loading component. The framework uses torch.load(… | |||
| CVE-2026-42267 | medium | 5.7 | 5.7 | 28d ago | Kimai vulnerable to formula Injection via tag names in XLSX export | |||
| CVE-2026-31205 | medium | 5.7 | 5.7 | 1mo ago | Cross Site Scripting vulnerability in Pluck CMS before v.4.7.21dev allows a remote attacker to escalate privileges via the editpage.php and the sanitizePageContent function | |||
| CVE-2026-23653 | medium | 5.7 | 5.7 | 2mo ago | Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network. | |||
| CVE-2026-23670 | medium | 5.7 | 5.7 | 2mo ago | Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally. | |||
| CVE-2026-21712 | medium | 5.7 | 5.7 | 2mo ago | RHSA-2026:7670: nodejs:24 security update (Important) | |||
| CVE-2026-30817 | medium | 5.7 | 5.7 | 2mo ago | An external configuration control vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary files when a malicious configuration file is pro… | |||
| CVE-2026-30816 | medium | 5.7 | 5.7 | 2mo ago | An external control of configuration vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary file when a malicious configuration file is p… | |||
| CVE-2026-20024 | medium | 5.7 | 5.7 | 3mo ago | A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an authenticated, adjacent attacker to cause an affected device to reload unexpect… | |||
| CVE-2026-20020 | medium | 5.7 | 5.7 | 3mo ago | A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpe… | |||
| CVE-2026-10222 | medium | 5.6 | 5.6 | 2d ago | A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.30. Affected by this issue is the function _sanitize_env_lines of the file hermes_cli/config.py. The manipulation results… | |||
| CVE-2026-24198 | medium | 5.6 | 5.6 | 7d ago | NVIDIA GPU Display Driver for Linux contains a vulnerability where an advanced attacker could use a race condition to leak sensitive memory, which might cause limited exposure of sensitive informati… | |||
| CVE-2026-48134 | medium | 5.6 | 5.6 | 8d ago | When the DLP is active, the UserCheck Web Portal contains an input-handling issue in the UserChoice flow. Under specific conditions, an attacker who can access the UserCheck Ask page could attempt to… | |||
| CVE-2026-9371 | medium | 5.6 | 5.6 | 10d ago | A security vulnerability has been detected in ItzCrazyKns Vane up to 1.12.1. Affected by this issue is some unknown functionality of the file route.ts of the component API. The manipulation leads to … | |||
| CVE-2026-9365 | medium | 5.6 | 5.6 | 10d ago | A vulnerability has been found in Ettercap up to 0.8.3. The affected element is the function FUNC_DECODER of the file src/dissectors/ec_gg.c of the component GG Dissector. The manipulation of the arg… | |||
| CVE-2026-41966 | medium | 5.6 | 5.6 | 19d ago | Permission control vulnerability in the smart sensing service. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||
| CVE-2026-41965 | medium | 5.6 | 5.6 | 19d ago | Use-After-Free (UAF) vulnerability in the web. Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2026-7669 | medium | 5.6 | 5.6 | 1mo ago | SGLang has an Improper Input Validation/Injection Issue | |||
| CVE-2026-7306 | medium | 5.6 | 5.6 | 1mo ago | A security vulnerability has been detected in Xuxueli xxl-job up to 3.3.2. The impacted element is an unknown function of the file xxl-job-admin/src/main/java/com/xxl/job/admin/scheduler/openapi/Open… | |||
| CVE-2026-7292 | medium | 5.6 | 5.6 | 1mo ago | A security vulnerability has been detected in o2oa up to 10.0. This impacts the function syncFile of the file NodeAgent.java of the component NodeAgent. The manipulation leads to improper authorizati… | |||
| CVE-2026-7141 | medium | 5.6 | 5.6 | 1mo ago | vLLM makes Use of Uninitialized Resource | |||
| CVE-2026-7113 | medium | 5.6 | 5.6 | 1mo ago | A vulnerability was found in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/webhook.py of the component Webhooks Endpoint. The man… | |||
| CVE-2026-7112 | medium | 5.6 | 5.6 | 1mo ago | A vulnerability has been found in NousResearch hermes-agent 0.8.0. Affected by this vulnerability is the function _check_auth of the file gateway/platforms/api_server.py of the component API_SERVER_K… | |||
| CVE-2026-7018 | medium | 5.6 | 5.6 | 1mo ago | A vulnerability was determined in Datavane Datavines up to 13607645e14a4982468cfdbcf75c85cde63bae71. The affected element is an unknown function of the file datavines-core/src/main/java/io/datavines/… | |||
| CVE-2026-6878 | medium | 5.6 | 5.6 | 1mo ago | verl's math_equal() Vulnerable to Arbitrary Code Execution via Unsafe eval() | |||
| CVE-2026-6578 | medium | 5.6 | 5.6 | 1mo ago | A security flaw has been discovered in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component Setting Handler. The manipulation of… | |||
| CVE-2026-6572 | medium | 5.6 | 5.6 | 2mo ago | A security vulnerability has been detected in Collabora KodExplorer up to 4.52. Affected by this issue is some unknown functionality of the file /app/controller/share.class.php of the component fileU… | |||
| CVE-2026-40602 | medium | 5.6 | 5.6 | 2mo ago | The Home Assistant Command-line interface (hass-cli) is a command-line tool for Home Assistant. Up to 1.0.0 of home-assitant-cli an unrestricted environment was used to handle Jninja2 templates inste… | |||
| CVE-2026-40190 | medium | 5.6 | 5.6 | 2mo ago | LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to 0.5.18, the LangSmith JavaScript/TypeScript SDK (langsmith) contains an incomplete prototype pollution fix in… | |||
| CVE-2026-5618 | medium | 5.6 | 5.6 | 2mo ago | A vulnerability was detected in kalcaddle kodbox up to 1.64. This affects an unknown function of the component shareMake/shareCheck. Performing a manipulation of the argument siteFrom/siteTo results … | |||
| CVE-2026-4830 | medium | 5.6 | 5.6 | 2mo ago | A vulnerability was identified in kalcaddle kodbox 1.64. This issue affects the function Add of the file app/controller/explorer/userShare.class.php of the component Public Share Handler. Such manipu… | |||
| CVE-2026-4592 | medium | 5.6 | 5.6 | 2mo ago | A security vulnerability has been detected in kalcaddle kodbox 1.64. This impacts the function loginAfter/tfaVerify of the file /workspace/source-code/plugins/client/controller/tfa/index.class.php of… | |||
| CVE-2026-2711 | medium | 5.6 | 5.6 | 3mo ago | A vulnerability has been found in zhutoutoutousan worldquant-miner up to 1.0.9. The impacted element is an unknown function of the file worldquant-miner-master/agent-dify-api/core/helper/ssrf_proxy.p… | |||
| CVE-2026-10688 | medium | 5.5 | 5.5 | 4h ago | A vulnerability was determined in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The impacted element is the function execute_blender_code of the file /src/blender_mcp/server.py… | |||
| CVE-2026-28578 | medium | 5.5 | 5.5 | 1d ago | In multiple functions of DevicePolicyManagerService.java, there is a possible desync from persistence due to improper input validation. This could lead to local denial of service with no additional e… | |||
| CVE-2026-0085 | medium | 5.5 | 5.5 | 1d ago | In applySimpleFieldMaxSize of DataRowHandler.java, there is a possible way to insert a large contact name due to improper input validation. This could lead to local denial of service with no addition… | |||
| CVE-2026-0079 | medium | 5.5 | 5.5 | 1d ago | In multiple functions of ubsan_throwing_runtime.cpp, there is a possible persistent denial of service due to an integer overflow. This could lead to local denial of service with no additional executi… | |||
| CVE-2026-0074 | medium | 5.5 | 5.5 | 1d ago | In getPreferredSize of LauncherProcessImageListener.kt, there is a possible denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution priv… | |||
| CVE-2026-0070 | medium | 5.5 | 5.5 | 1d ago | In multiple functions of DevicePolicyManagerService.java, there is a possible way to hide a system critical package due to improper input validation. This could lead to local denial of service with n… | |||
| CVE-2026-0069 | medium | 5.5 | 5.5 | 1d ago | In verifySignature of ApkChecksums.java, there is a possible way to cause a crash due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed… | |||
| CVE-2026-0067 | medium | 5.5 | 5.5 | 1d ago | In multiple functions of ubsan_throwing_runtime.cpp, there is a possible way to cause a permanent denial of service due to a logic error in the code. This could lead to local denial of service with n… | |||
| CVE-2026-0060 | medium | 5.5 | 5.5 | 1d ago | In updateState of GraphicsDriverEnableAngleAsSystemDriverController.java, there is a possible persistent dos issue due to an unusual root cause. This could lead to local denial of service with no add… | |||
| CVE-2026-0043 | medium | 5.5 | 5.5 | 1d ago | In multiple functions of ubsan_throwing_runtime.cpp, there is a possible persistent denial of service due to an integer overflow. This could lead to local escalation of privilege with no additional e… | |||
| CVE-2026-0042 | medium | 5.5 | 5.5 | 1d ago | In multiple functions of ubsan_throwing_runtime.cpp, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional executi… | |||
| CVE-2026-0018 | medium | 5.5 | 5.5 | 1d ago | In multiple functions of AccessibilityManagerService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additi… | |||
| CVE-2026-20456 | medium | 5.5 | 5.5 | 2d ago | In wlan STA driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with User execution privileges needed. User interaction is not needed fo… | |||
| CVE-2026-47335 | medium | 5.5 | 5.5 | 5d ago | Ubuntu Linux 6.8 contains SAUCE patches with a possible NULL pointer dereference in the handling of AppArmor notifications. The bug can be triggered by an unprivileged local user. This can lead to a … | |||
| CVE-2026-47334 | medium | 5.5 | 5.5 | 5d ago | Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly sleep while holding a spinlock in notification handling code. The bug can be triggered by an unprivileged local user an… | |||
| CVE-2026-47332 | medium | 5.5 | 5.5 | 5d ago | Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly validate the size of an internal structure, leading to an out-of-bounds read in notification handling code. The bug can… | |||
| CVE-2026-47326 | medium | 5.5 | 5.5 | 5d ago | Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a memory leak in the handling of big responses to AppArmor notifications. The bug can be triggered by an unprivileged local user. The memory … | |||
| CVE-2026-48735 | medium | 5.5 | 5.5 | 5d ago | pypdf is a free and open-source pure-python PDF library. Prior to 6.12.1, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing large XMP me… | |||
| CVE-2026-48155 | medium | 5.5 | 5.5 | 5d ago | pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting text in l… | |||
| CVE-2026-45703 | medium | — | 5.5 | 6d ago | Pimcore has a WordExport Authorization Bypass for Unauthorized Document Export | |||
| CVE-2026-45309 | medium | — | 5.5 | 6d ago | AsyncSSH `AuthorizedKeysFile %u` path traversal allows attacker-selected authorized keys to authenticate a traversal username | |||
| CVE-2026-44981 | medium | — | 5.5 | 6d ago | CrowdSec LAPI: Denial of Service via Unbounded Gzip Decompression | |||
| CVE-2026-9759 | medium | 5.5 | 5.5 | 6d ago | ROHC protocol dissector crash in Wireshark 4.6.0 to 4.6.5 and 4.4.0 to 4.4.15 allows denial of service | |||
| CVE-2026-45046 | medium | 5.5 | 5.5 | 6d ago | Gryph provides a security layer for AI coding agents. Prior to 0.7.0, Gryph implements logging levels that determine what content is logged to a local sqlite database. The README incorrectly mentions… | |||
| CVE-2026-45334 | medium | — | 5.5 | 6d ago | Kirby CMS's content locks disclose IDs and emails of inaccessible users from `users.access/list` permissions | |||
| CVE-2026-48927 | medium | 5.5 | 5.5 | 7d ago | Jenkins buildgraph-view Plugin 1.8 and earlier does not escape the build URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs or views. | |||
| CVE-2026-47104 | medium | 5.5 | 5.5 | 7d ago | libusb before version 1.0.30 contains a one-byte out-of-bounds read vulnerability in parse_iad_array() in descriptor.c that allows attackers to trigger a denial of service by supplying a malformed US… | |||
| CVE-2026-6053 | medium | 5.5 | 5.5 | 7d ago | IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables. | |||
| CVE-2026-5515 | medium | 5.5 | 5.5 | 7d ago | IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user. | |||
| CVE-2026-40830 | medium | 5.5 | 5.5 | 7d ago | A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the admin.mbnetj.php files UpdateParam function due to improper neutralization of special elements in a… | |||
| CVE-2026-40829 | medium | 5.5 | 5.5 | 7d ago | A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the view.html.php files UpdateParam function due to improper neutralization of special elements in a SQ… | |||
| CVE-2026-40828 | medium | 5.5 | 5.5 | 7d ago | A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DeleteSysLogEntry function due to improper neutralization of special elements in a SQL DELETE comma… | |||
| CVE-2026-40827 | medium | 5.5 | 5.5 | 7d ago | A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the _RemoveRequest function due to improper neutralization of special elements in a SQL DELETE command … | |||
| CVE-2026-40825 | medium | 5.5 | 5.5 | 7d ago | A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the accountstatus view devices parameter due to improper neutralization of special elements in a SQL UP… | |||
| CVE-2026-40824 | medium | 5.5 | 5.5 | 7d ago | A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the accountstatus view userid parameter due to improper neutralization of special elements in a SQL UPD… | |||
| CVE-2026-40823 | medium | 5.5 | 5.5 | 7d ago | A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DevSerialReset function due to improper neutralization of special elements in a SQL UPDATE command … | |||
| CVE-2026-44979 | medium | — | 5.5 | 7d ago | @hapi/wreck leaks sensitive `Proxy-Authorization` header across cross-hostname redirects | |||
| CVE-2026-44646 | medium | — | 5.5 | 7d ago | LiquidJS's `{% render %}` tag silently bypasses per-render `ownPropertyOnly:true` via `Context.spawn()` | |||
| CVE-2026-44645 | medium | — | 5.5 | 7d ago | LiquidJS has a renderLimit DoS guard bypass via empty `{% for %}` body | |||
| CVE-2026-44644 | medium | — | 5.5 | 7d ago | LiquidJS's strip_html filter bypass via newline characters in HTML tags enables XSS | |||
| CVE-2026-44587 | medium | — | 5.5 | 7d ago | CarrierWave has a denylisted_content_type bypass via | |||
| CVE-2026-44210 | medium | — | 5.5 | 7d ago | Kata Containers have VM Escape via virtiofsd Argument Injection through Default-Enabled Pod Annotations |