CVEs from 2026
Total
14,089
critical
critical 1,231
high
high 4,634
medium
medium 4,443
low
low 484
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 522
- firepower_threat_defense_software 300
- firepower_threat_defense 298
- gcp 239
- openclaw 172
- commerce 104
- commerce_b2b 89
- grafana 80
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-44587 | medium | — | 5.5 | 7d ago | CarrierWave has a denylisted_content_type bypass via | |||
| CVE-2026-44210 | medium | — | 5.5 | 7d ago | Kata Containers have VM Escape via virtiofsd Argument Injection through Default-Enabled Pod Annotations | |||
| CVE-2026-44176 | medium | — | 5.5 | 7d ago | Kirby CMS's `pages.access` permission is not checked during rendering of page drafts | |||
| CVE-2026-41207 | medium | — | 5.5 | 7d ago | netty-incubator-codec-ohttp's HPKEContext operations may produce empty byte[] on failures | |||
| CVE-2026-44903 | medium | — | 5.5 | 7d ago | Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI (enabled via the command-line flag --enable-f… | |||
| CVE-2026-44844 | medium | — | 5.5 | 7d ago | eml_parser serves as a python module for parsing eml files and returning various information found in the e-mail as well as computed information. Prior to 3.0.1, EmlParser.get_raw_body_text() recurse… | |||
| CVE-2026-48047 | medium | — | 5.5 | 7d ago | XWiki Platform vulnerable to potential arbitrary file writing using path traversal from (subwiki) admin | |||
| CVE-2026-7453 | medium | 5.5 | 5.5 | 7d ago | A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can cause a Stack Exhaustion vulnerability, leading to a denial-of-service condition. | |||
| CVE-2026-7450 | medium | 5.5 | 5.5 | 7d ago | A maliciously crafted PAR file, when parsed through Autodesk 3ds Max, can force a NULL Pointer Dereference vulnerability. Successful exploitation may cause the application to crash, leading to a deni… | |||
| CVE-2026-48693 | medium | 5.5 | 5.5 | 7d ago | FastNetMon Community Edition through 1.2.9 is vulnerable to a local symlink attack via predictable file paths in /tmp. The statistics file path defaults to '/tmp/fastnetmon.dat' (src/fastnetmon.cpp l… | |||
| CVE-2026-4437 | medium | — | 5.5 | 8d ago | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from… | |||
| CVE-2026-4046 | medium | — | 5.5 | 8d ago | RHSA-2026:20587: glibc security update (Moderate) | |||
| CVE-2026-4438 | medium | — | 5.5 | 8d ago | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS host… | |||
| CVE-2026-40385 | medium | — | 5.5 | 8d ago | RHSA-2026:20929: libexif security update (Moderate) | |||
| CVE-2026-40386 | medium | — | 5.5 | 8d ago | RHSA-2026:20929: libexif security update (Moderate) | |||
| CVE-2026-47124 | medium | — | 5.5 | 11d ago | Nezha Monitoring: Nezha WebSocket server stream discloses cross-tenant server telemetry to authenticated members | |||
| CVE-2026-47157 | medium | — | 5.5 | 11d ago | aiograpi: Unsafe signup challenge path handling | |||
| CVE-2026-47120 | medium | — | 5.5 | 11d ago | Nezha Monitoring: RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks (no ownership check) | |||
| CVE-2026-41149 | medium | — | 5.5 | 11d ago | Mermaid: Improper sanitization of `classDef` in state diagrams leads to HTML injection | |||
| CVE-2026-41148 | medium | — | 5.5 | 11d ago | Mermaid: Improper sanitization of `classDefs` in diagrams leads to CSS injection | |||
| CVE-2026-40610 | medium | 5.5 | 5.5 | 11d ago | BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.38 and prior, the build packaging workflow follows attacker-controlled symli… | |||
| CVE-2026-46715 | medium | — | 5.5 | 11d ago | Flask-Security-Too OAuth reauthentication freshness bypass via cross- user OAuth identity acceptance | |||
| CVE-2026-47166 | medium | — | 5.5 | 12d ago | ImageMagick: Heap Buffer Over-Read in distributed pixel cache server | |||
| CVE-2026-47165 | medium | — | 5.5 | 12d ago | ImageMagick: Information Disclosure in distributed pixel cache server because it is not using a challenge–response authentication model | |||
| CVE-2026-46693 | medium | — | 5.5 | 12d ago | ImageMagick: Race Condition in distributed pixel cache server can result in file descriptor hijacking | |||
| CVE-2026-46692 | medium | — | 5.5 | 12d ago | ImageMagick: Heap Buffer Over-Write in distributed pixel cache server | |||
| CVE-2026-46678 | medium | — | 5.5 | 12d ago | Pydantic AI: SSRF cloud-metadata blocklist bypass via IPv4-mapped IPv6 (Incomplete fix of CVE-2026-25580) | |||
| CVE-2026-46671 | medium | — | 5.5 | 12d ago | Rust OneNote File Parser: Path traversal in `Parser::parse_notebook` allows reading files outside the notebook directory | |||
| CVE-2026-46645 | medium | — | 5.5 | 12d ago | SQLAdmin: Authorization Bypass on `ajax_lookup` | |||
| CVE-2026-46609 | medium | — | 5.5 | 12d ago | Umbraco.Cms: XSS/HTML Injection in Umbraco Backoffice confirmation dialog | |||
| CVE-2026-46556 | medium | — | 5.5 | 12d ago | FlaskBB: SSRF in get_image_info() via unrestricted avatar URL | |||
| CVE-2026-46552 | medium | — | 5.5 | 12d ago | NocoDB: Shared-base link access can invite arbitrary users as persistent base members | |||
| CVE-2026-46551 | medium | — | 5.5 | 12d ago | NocoDB: Missing File Size Enforcement in Upload-by-URL Allows Denial of Service via Disk Exhaustion | |||
| CVE-2026-46550 | medium | — | 5.5 | 12d ago | NocoDB: Refresh Token Cookie Set Without `secure` and `sameSite` Flags | |||
| CVE-2026-46548 | medium | — | 5.5 | 12d ago | NocoDB: SSRF Protection Bypass in Notification Webhook Plugins (Slack, Discord, Mattermost, Teams) | |||
| CVE-2026-46547 | medium | — | 5.5 | 12d ago | NocoDB: Reflected Cross-Site Scripting via Page Leaving Redirect URL | |||
| CVE-2026-46683 | medium | — | 5.5 | 12d ago | Snappy : SSRF and local file read via the xsl-style-sheet option | |||
| CVE-2026-46618 | medium | — | 5.5 | 12d ago | Fission builder accepts arbitrary buildcmd strings from Environment.spec.builder.command, allowing the builder pod to invoke arbitrary executables | |||
| CVE-2026-46616 | medium | — | 5.5 | 12d ago | Umbraco.Cms: Open Redirect Vulnerability in Surface Controllers | |||
| CVE-2026-46543 | medium | — | 5.5 | 12d ago | nimiq-blockchain: Genesis batch set request | |||
| CVE-2026-46542 | medium | — | 5.5 | 12d ago | nimiq-keys: Denial of service in Ed25519 multisig delinearization via invalid curve points | |||
| CVE-2026-46539 | medium | — | 5.5 | 12d ago | nimiq-primitives: BlockInclusionProof interlink issue when hops are empty | |||
| CVE-2026-46486 | medium | — | 5.5 | 12d ago | Mobile Verification Toolkit (MVT): Path Traversal via unsanitized File identifiers in iOS Backup processing | |||
| CVE-2026-46403 | medium | — | 5.5 | 13d ago | Klever-Go KVM read-only execution can commit contract delete and upgrade side effects | |||
| CVE-2026-45252 | medium | 5.5 | 5.5 | 13d ago | When a fusefs file system implements extended attributes, the kernel may send a FUSE_LISTXATTR message to the userspace daemon to retrieve the list of extended attributes for a given file. The FUSE … | |||
| CVE-2026-46420 | medium | — | 5.5 | 14d ago | Setup PHP: Command Injection in Repository-Derived PHP Version Resolution | |||
| CVE-2026-45792 | medium | — | 5.5 | 14d ago | RTK improperly trusts project-local filter configuration, allowing silent tampering of command output shown to LLM | |||
| CVE-2026-45498 | medium | 4.0 | 5.5 | 14d ago | Microsoft Defender contains an unspecified vulnerability that allows for denial of service. | |||
| CVE-2026-45069 | medium | — | 5.5 | 14d ago | Symfony's OidcTokenHandler Accepts JWTs Missing aud/iss/exp Claims | |||
| CVE-2026-45073 | medium | — | 5.5 | 14d ago | Symfony Vulnerable to SQL Injection in PdoAdapter::doClear() via Unsanitized $prefix | |||
| CVE-2026-45068 | medium | — | 5.5 | 14d ago | Symfony has an Argument Injection in SendmailTransport via Dash-Prefixed Recipient Address | |||
| CVE-2026-45066 | medium | — | 5.5 | 14d ago | Symfony has an HtmlSanitizer allowLinkHosts() / allowMediaHosts() Bypass via URL-Parser Differentials and <area> Misclassification | |||
| CVE-2026-45065 | medium | — | 5.5 | 14d ago | Symfony has a UrlGenerator Route-Requirement Bypass via Unanchored Regex Alternation → Off-Site //host URL Injection | |||
| CVE-2026-45064 | medium | — | 5.5 | 14d ago | Symfony's HtmlSanitizer URL Attributes Pass Through BiDi Override Characters → Visual href Spoofing | |||
| CVE-2026-45070 | medium | — | 5.5 | 14d ago | Symfony has Email Header Injection via Non-Token Characters in Mime Parameter Names | |||
| CVE-2026-46638 | medium | — | 5.5 | 14d ago | Twig: `{% sandbox %}{% include %}` skips checkSecurity() on cached templates (incomplete fix for CVE-2024-45411) | |||
| CVE-2026-46634 | medium | — | 5.5 | 14d ago | Twig: `template_from_string()` escapes a SourcePolicy-driven sandbox via synthesized template name | |||
| CVE-2026-45074 | medium | — | 5.5 | 14d ago | Symfony's Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay | |||
| CVE-2026-45075 | medium | — | 5.5 | 14d ago | Synfony's HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid] | |||
| CVE-2026-43620 | medium | 5.5 | 5.5 | 14d ago | Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recv_files() in receiver.c that allows a malicious rsync server to crash the rsync client process. Atta… | |||
| CVE-2026-39309 | medium | 5.5 | 5.5 | 14d ago | Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Electron configuration is vulnerable to … | |||
| CVE-2026-46338 | medium | — | 5.5 | 14d ago | Regression in pymdownx.snippets reintroduces sibling-prefix path traversal bypass despite restrict_base_path | |||
| CVE-2026-45802 | medium | — | 5.5 | 14d ago | FPDI: Memory Exhaustion and Endless Loop in FPDI leads to Denial of Service | |||
| CVE-2026-45796 | medium | — | 5.5 | 14d ago | Coder: Unauthenticated SSRF via Azure Instance Identity Endpoint | |||
| CVE-2026-46357 | medium | — | 5.5 | 14d ago | HAX CMS: Denial of Service using Malicious Import Request | |||
| CVE-2026-45785 | medium | — | 5.5 | 14d ago | OpenMcdf: Uncatchable infinite loop in DirectoryTree.TryGetDirectoryEntry on crafted CFB directory cycle | |||
| CVE-2026-45784 | medium | — | 5.5 | 14d ago | rust-openssl: Potential out-of-bounds write in `CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphers | |||
| CVE-2026-46341 | medium | — | 5.5 | 15d ago | Apify Model Context Protocol (MCP) server: Domain Allowlist Bypass in fetch-apify-docs via String Prefix Matching | |||
| CVE-2026-45737 | medium | — | 5.5 | 15d ago | Argo CD: Kubernetes Secret Extraction via ArgoCD ServerSideDiff via sensitive annotations | |||
| CVE-2026-45712 | medium | — | 5.5 | 15d ago | Mailpit: Concurrent map read & write in proxy CSS rewriter - remote unauth crash (fatal error: concurrent map read and map write) | |||
| CVE-2026-45711 | medium | — | 5.5 | 15d ago | Mailpit: Path traversal & arbitrary file write in mailpit dump --http via attacker-controlled message IDs | |||
| CVE-2026-45709 | medium | — | 5.5 | 15d ago | Mailpit has an incomplete fix for GHSA-6jxm: HTML check still permits SSRF to private/loopback/IMDS via missing IP-filter dialer | |||
| CVE-2026-45692 | medium | — | 5.5 | 15d ago | Caddy: Remote Admin Authorization Bypass in `/config` API via Array Index Normalization | |||
| CVE-2026-45670 | medium | — | 5.5 | 15d ago | Nuxt: Dev server exposes built source over LAN to malicious sites (incomplete fix for GHSA-4gf7-ff8x-hq99) | |||
| CVE-2026-45669 | medium | — | 5.5 | 15d ago | Nuxt: Reflected XSS in `navigateTo()` external redirect | |||
| CVE-2026-45581 | medium | — | 5.5 | 15d ago | fabric-chaincode-java: TLS Private Key Password Disclosed in INFO Startup Logs in Chaincode-as-a-Service Mode | |||
| CVE-2026-46496 | medium | — | 5.5 | 15d ago | HAX CMS: Stored XSS via '<video-player>' component allows arbitrary JavaScript execution and token theft | |||
| CVE-2026-45409 | medium | — | 5.5 | 15d ago | Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix | |||
| CVE-2026-27766 | medium | 5.5 | 5.5 | 15d ago | in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak. | |||
| CVE-2026-25850 | medium | 5.5 | 5.5 | 15d ago | in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak | |||
| CVE-2026-31677 | medium | 5.5 | 5.5 | 15d ago | In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - limit RX SG extraction by receive buffer budget Make af_alg_get_rsgl() limit each RX scatterlist extraction to t… | |||
| CVE-2026-30892 | medium | — | 5.5 | 15d ago | Moderate: crun security update | |||
| CVE-2026-23040 | medium | — | 5.5 | 15d ago | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211_hwsim: fix typo in frequency notification The NAN notification is for 5745 MHz which corresponds to channel 149 an… | |||
| CVE-2026-0967 | medium | 5.5 | 5.5 | 15d ago | Moderate: libssh security update | |||
| CVE-2026-0865 | medium | — | 5.5 | 15d ago | User-controlled header names and values containing newlines can allow injecting HTTP headers. | |||
| CVE-2026-32710 | medium | — | 5.5 | 15d ago | MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Un… | |||
| CVE-2026-46559 | medium | — | 5.5 | 15d ago | ImageMagick: Heap Buffer Over-Write of a single byte in the JP2 encoder. | |||
| CVE-2026-46557 | medium | — | 5.5 | 15d ago | ImageMagick: Stack overflow in fx operation | |||
| CVE-2026-46523 | medium | — | 5.5 | 15d ago | ImageMagick: Use-After-Free in MSL decoder. | |||
| CVE-2026-46521 | medium | — | 5.5 | 15d ago | ImageMagick: Heap Buffer Over-Write in MIFF encoder when using LZMA compression | |||
| CVE-2026-45664 | medium | — | 5.5 | 15d ago | ImageMagick: Policy Bypass in MNG coder could | |||
| CVE-2026-45624 | medium | — | 5.5 | 15d ago | ImageMagick: Heap Buffer Over-Read of a 4 bytes in distort operation. | |||
| CVE-2026-45246 | medium | 5.5 | 5.5 | 15d ago | Summarize prior to 0.15.1 contains an insecure file permission vulnerability in the refresh-free configuration rewrite path that allows local users to read sensitive credentials by exploiting default… | |||
| CVE-2026-32849 | medium | 5.5 | 5.5 | 15d ago | NetBSD prior to commit ec8451e contains a signed integer overflow vulnerability in the cryptodev_op() function in sys/opencrypto/cryptodev.c where the local variable iov_len is declared as a signed i… | |||
| CVE-2026-45676 | medium | 5.5 | 5.5 | 15d ago | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI's replacement ELF parser trusts section offsets, counts, and string o… | |||
| CVE-2026-45031 | medium | — | 5.5 | 15d ago | ImageMagick: Policy Bypass in PSD decoder | |||
| CVE-2026-41568 | medium | — | 5.5 | 15d ago | Docker: Race condition in docker cp allows creation of arbitrary empty files on the host via symlink swap | |||
| CVE-2026-45358 | medium | — | 5.5 | 15d ago | ImageMagick: Out-of-Bounds Read of a single byte in meta encoder | |||
| CVE-2026-45359 | medium | — | 5.5 | 15d ago | ImageMagick: Out-of-Bounds Read in connected components when the user supplies an invalid keep-top define | |||
| CVE-2026-45701 | medium | — | 5.5 | 15d ago | Sulu is an open-source PHP content management system based on the Symfony framework. Prior to versions 2.6.23 and 3.0.6, the password reset tokenand API key generation uses a weak cryptographical has… |