CVEs from 2026
Total
14,089
critical
critical 1,231
high
high 4,634
medium
medium 4,443
low
low 484
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 522
- firepower_threat_defense_software 300
- firepower_threat_defense 298
- gcp 239
- openclaw 172
- commerce 104
- commerce_b2b 89
- grafana 80
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-45139 | medium | — | 5.5 | 16d ago | CI4MS Fileeditor allows deletion and rename of critical application files due to missing extension allowlist on destructive operations | |||
| CVE-2026-45138 | medium | — | 5.5 | 16d ago | CI4MS: Stored XSS in Blog Content via Broken `html_purify` Validation Rule | |||
| CVE-2026-42326 | medium | — | 5.5 | 16d ago | ImageMagick: Heap Buffer Over-Read in IPTC encoder | |||
| CVE-2026-45577 | medium | — | 5.5 | 16d ago | Neotoma provides versioned records that persist across agent runs. From 0.6.0 to before 0.11.1, Neotoma can treat public reverse-proxied requests as local when the app receives them over a loopback s… | |||
| CVE-2026-33416 | medium | — | 5.5 | 16d ago | Moderate: libpng security update | |||
| CVE-2026-46383 | medium | 5.5 | 5.5 | 19d ago | Microsoft APM: Windows absolute-path tar member overwrite during legacy-bundle probing in `apm install` | |||
| CVE-2026-45106 | medium | — | 5.5 | 19d ago | Weblate: Stored HTML injection in editor search preview | |||
| CVE-2026-41971 | medium | 5.5 | 5.5 | 19d ago | Permission control vulnerability in the security control module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||
| CVE-2026-44427 | medium | — | 5.5 | 19d ago | MCP Registry has open redirect via protocol-relative path in trailing-slash middleware | |||
| CVE-2026-44662 | medium | — | 5.5 | 19d ago | rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.0 to before 0.10.79, CipherCtxRef::cipher_update, CipherCtxRef::cipher_update_vec, and symm::Crypter::update incorr… | |||
| CVE-2026-45787 | medium | — | 5.5 | 19d ago | electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confid… | |||
| CVE-2026-42573 | medium | — | 5.5 | 19d ago | Svelte Vulnerable to XSS via DOM Clobbering of Internal Framework State | |||
| CVE-2026-42567 | medium | — | 5.5 | 19d ago | Svelte: ReDoS in `<svelte:element>` Tag Validation | |||
| CVE-2026-42599 | medium | — | 5.5 | 19d ago | Svelte SSR vulnerable to cross-site scripting via spread attributes | |||
| CVE-2026-8586 | medium | 5.5 | 5.5 | 19d ago | Inappropriate implementation in Chromoting in Google Chrome prior to 148.0.7778.168 allowed a local attacker to bypass discretionary access control via a malicious file. (Chromium security severity: … | |||
| CVE-2026-43996 | medium | 5.5 | 5.5 | 19d ago | OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, the bounds check in TGAInput::decode_… | |||
| CVE-2026-45021 | medium | — | 5.5 | 19d ago | Kuma is a modern Envoy-based service mesh that can run on every cloud across both Kubernetes and VMs. Prior to 2.7.25, 2.9.15, 2.11.13, 2.12.10, and 2.13.5, the default kuma-cp config leaks the admin… | |||
| CVE-2026-44968 | medium | — | 5.5 | 19d ago | dbt MCP Server has an Argument Injection in dbt CLI Tool Wrappers via node_selection and resource_type Parameters | |||
| CVE-2026-46469 | medium | 5.5 | 5.5 | 19d ago | An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemux_parse_trak function does not sufficiently validate atom data before per… | |||
| CVE-2026-44544 | medium | — | 5.5 | 19d ago | gittuf's policy can be rolled back to prior valid versions | |||
| CVE-2026-44885 | medium | 5.5 | 5.5 | 20d ago | Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before … | |||
| CVE-2026-45076 | medium | — | 5.5 | 20d ago | Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, in federated rooms, malicious homeservers can craft room events in such a way that prevents Synapse from providing full h… | |||
| CVE-2026-45078 | medium | 5.5 | 5.5 | 20d ago | Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, local authenticated users can cause Synapse to starve other requests of CPU and lead to other requests failing, causing o… | |||
| CVE-2026-44722 | medium | — | 5.5 | 20d ago | pyzipper has an encryption bypass for small files encrypted using it | |||
| CVE-2026-42853 | medium | — | 5.5 | 20d ago | @apostrophecms/cli: Command Injection in apos create via Unsanitized Password Input | |||
| CVE-2026-44308 | medium | — | 5.5 | 20d ago | Spring Cloud AWS missing SNS message signature verification allows spoofing of HTTP/HTTPS endpoint notifications | |||
| CVE-2026-44368 | medium | — | 5.5 | 20d ago | pyquorum: Timing side‑channel in mul_mod | |||
| CVE-2026-44363 | medium | — | 5.5 | 20d ago | misp-modules has nsafe remote resource fetching in expansion | |||
| CVE-2026-44479 | medium | 5.5 | 5.5 | 21d ago | Vercel: Non-interactive mode includes CLI arguments in suggested command output | |||
| CVE-2026-21022 | medium | 5.5 | 5.5 | 21d ago | Improper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows local attackers to access sensitive information. | |||
| CVE-2026-21016 | medium | 5.5 | 5.5 | 21d ago | Incorrect privilege assignment in LocationManager prior to SMR May-2026 Release 1 allows local attackers to access sensitive information. | |||
| CVE-2026-21015 | medium | 5.5 | 5.5 | 21d ago | Incorrect default permissions in FactoryCamera prior to SMR May-2026 Release 1 allows local attacker to access unique identifier. | |||
| CVE-2026-44720 | medium | — | 5.5 | 21d ago | OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to 2.0.4, a critical authentication vulnerability was identified in OpenLearnX that could allow unauthorized access… | |||
| CVE-2026-28958 | medium | 5.5 | 5.5 | 21d ago | visionOS 26.5 | |||
| CVE-2026-25952 | medium | — | 5.5 | 21d ago | Moderate: freerdp security update | |||
| CVE-2026-33985 | medium | — | 5.5 | 21d ago | Moderate: freerdp security update | |||
| CVE-2026-31885 | medium | — | 5.5 | 21d ago | Moderate: freerdp security update | |||
| CVE-2026-31884 | medium | — | 5.5 | 21d ago | Moderate: freerdp security update | |||
| CVE-2026-29775 | medium | — | 5.5 | 21d ago | Moderate: freerdp security update | |||
| CVE-2026-31883 | medium | — | 5.5 | 21d ago | Moderate: freerdp security update | |||
| CVE-2026-27951 | medium | — | 5.5 | 21d ago | Moderate: freerdp security update | |||
| CVE-2026-26986 | medium | — | 5.5 | 21d ago | Moderate: freerdp security update | |||
| CVE-2026-44652 | medium | — | 5.5 | 21d ago | SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0,… | |||
| CVE-2026-44651 | medium | — | 5.5 | 21d ago | SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0,… | |||
| CVE-2026-35504 | medium | 5.5 | 5.5 | 21d ago | PowerSYSTEM Center email notification service is affected by a CRLF injection vulnerability when using SMTPS communication. | |||
| CVE-2026-44217 | medium | — | 5.5 | 21d ago | sse-channel: SSE Injection via unsanitized event fields | |||
| CVE-2026-42445 | medium | 5.5 | 5.5 | 21d ago | NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the UFS/UFS2 filesystem image parser in NanaZip. The function GetAllPat… | |||
| CVE-2026-42444 | medium | 5.5 | 5.5 | 21d ago | NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a denial-of-service vulnerability exists in the littlefs filesystem image parser in NanaZip. The handler's Open method re… | |||
| CVE-2026-42443 | medium | 5.5 | 5.5 | 21d ago | NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an integer divide-by-zero exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when … | |||
| CVE-2026-42442 | medium | 5.5 | 5.5 | 21d ago | NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a null-pointer dereference exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when… | |||
| CVE-2026-42355 | medium | 5.5 | 5.5 | 21d ago | NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the Electron Archive (ASAR) parser in NanaZip. When opening a crafted .… | |||
| CVE-2026-44279 | medium | 5.5 | 5.5 | 21d ago | A improper export of android application components vulnerability in Fortinet FortiTokenAndroid 6.2 all versions, FortiTokenAndroid 6.1 all versions, FortiTokenAndroid 5.2 all versions may allow atta… | |||
| CVE-2026-44278 | medium | 5.5 | 5.5 | 21d ago | A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.2, FortiClientWindows 7.2 all versions may allow attacker to information disclosure via <insert at… | |||
| CVE-2026-42303 | medium | — | 5.5 | 21d ago | Ethyca Fides has a Privacy Request Identity Verification Bypass Vulnerability via Duplicate Detection | |||
| CVE-2026-41612 | medium | 5.5 | 5.5 | 21d ago | Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally. | |||
| CVE-2026-35440 | medium | 5.5 | 5.5 | 21d ago | Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | |||
| CVE-2026-35419 | medium | 5.5 | 5.5 | 21d ago | Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally. | |||
| CVE-2026-34663 | medium | 5.5 | 5.5 | 21d ago | Illustrator versions 29.8.6, 30.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to d… | |||
| CVE-2026-34662 | medium | 5.5 | 5.5 | 21d ago | Illustrator versions 29.8.6, 30.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerabil… | |||
| CVE-2026-34339 | medium | 5.5 | 5.5 | 21d ago | Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to deny service locally. | |||
| CVE-2026-32185 | medium | 5.5 | 5.5 | 21d ago | Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally. | |||
| CVE-2026-20914 | medium | 5.5 | 5.5 | 22d ago | Null pointer dereference for some Intel(R) QAT software drivers for Windows before version 2.6.0 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with a… | |||
| CVE-2026-20881 | medium | 5.5 | 5.5 | 22d ago | Divide by zero for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authentic… | |||
| CVE-2026-34962 | medium | 5.5 | 5.5 | 22d ago | barebox version prior to 2026.04.0 contains a denial-of-service vulnerability in ext4 directory parsing in fs/ext4/ext4_common.c where the ext4fs_iterate_dir() function fails to validate that directo… | |||
| CVE-2026-20696 | medium | 5.5 | 5.5 | 22d ago | macOS Tahoe 26.4 | |||
| CVE-2026-42875 | medium | — | 5.5 | 22d ago | External Secrets Operator has Namespace Isolation Bypass in CAProvider ConfigMap Resolution for SecretStore | |||
| CVE-2026-42050 | medium | 5.5 | 5.5 | 22d ago | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-21 and 6.9.13-46, a malicious MIFF file could trigger an overflow when a user opens it in… | |||
| CVE-2026-42070 | medium | — | 5.5 | 22d ago | Mantis Bug Tracker (MantisBT) is an open source issue tracker. Prior to 2.28.2, the mc_issue_update() function in MantisBT allows users having update_bug_threshold access (UPDATER, with default setti… | |||
| CVE-2026-41897 | medium | — | 5.5 | 22d ago | Mantis Bug Tracker (MantisBT) is an open source issue tracker. From 1.0.0 to 2.28.1, lack of validation of filter_target parameter on return_dynamic_filters.php (normally used as an AJAX in View Issu… | |||
| CVE-2026-40598 | medium | — | 5.5 | 22d ago | MantisBT has Potential Referer-Based Reflected HTML Injection / XSS in Tag Update Page | |||
| CVE-2026-34970 | medium | — | 5.5 | 22d ago | MantisBT: Bugnote Revision Page Leaks Private Issue Metadata After Issue Access Is Revoked | |||
| CVE-2026-34744 | medium | — | 5.5 | 22d ago | MantisBT has an authorization bypass that allows reading attachments after losing access to a private issue | |||
| CVE-2026-34579 | medium | — | 5.5 | 22d ago | MantisBT has an authorization bypass in private issue monitoring | |||
| CVE-2026-34390 | medium | — | 5.5 | 22d ago | MantisBT Vulnerable to Privilege Escalation from Manager to Administrator | |||
| CVE-2026-44777 | medium | 5.5 | 5.5 | 22d ago | jq is a command-line JSON processor. In 1.8.2rc1 and earlier, the ordinary module loader recurses without cycle detection when two otherwise valid modules include each other. | |||
| CVE-2026-43896 | medium | 5.5 | 5.5 | 22d ago | jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded recursion in jv_object_merge_recursive() allows a crafted jq program to crash the process with a segfault. The function is reachab… | |||
| CVE-2026-43894 | medium | 5.5 | 5.5 | 22d ago | jq is a command-line JSON processor. In 1.8.1 and earlier, when decNumberFromString is given a number literal of INT_MAX-1 (2147483646) digits, the D2U() macro overflows during signed-int arithmetic.… | |||
| CVE-2026-41257 | medium | 5.5 | 5.5 | 22d ago | jq is a command-line JSON processor. In 1.8.1 and earlier, the jq bytecode VM's data stack tracks its allocation size in a signed int. When the stack grows beyond ≈1 GiB (via deeply nested generator … | |||
| CVE-2026-41256 | medium | 5.5 | 5.5 | 22d ago | jq is a command-line JSON processor. In 1.8.1 and earlier, Top-level jq programs loaded from a file with -f are truncated at the first embedded NUL byte on current upstream HEAD. A crafted filter fil… | |||
| CVE-2026-40612 | medium | 5.5 | 5.5 | 22d ago | jq is a command-line JSON processor. In 1.8.1 and earlier, jv_contains recurses into nested arrays/objects with no depth limit. With a sufficiently nested input structure (built programmatically with… | |||
| CVE-2026-33052 | medium | — | 5.5 | 23d ago | MantisBT Has Authorization Bypass in Global Profile Creation | |||
| CVE-2026-8257 | medium | 5.5 | 5.5 | 23d ago | A vulnerability was detected in WebAssembly Binaryen up to 117. This issue affects the function IRBuilder::makeBrOn of the file src/wasm/wasm-ir-builder.cpp of the component BrOn Parser. Performing a… | |||
| CVE-2026-28870 | medium | 5.5 | 5.5 | 23d ago | visionOS 26.4 | |||
| CVE-2026-28914 | medium | 5.5 | 5.5 | 23d ago | A logic issue was addressed with improved file handling. This issue is fixed in macOS Tahoe 26.5. A maliciously crafted ZIP archive may bypass Gatekeeper checks. | |||
| CVE-2026-28993 | medium | 5.5 | 5.5 | 23d ago | visionOS 26.5 | |||
| CVE-2026-28996 | medium | 5.5 | 5.5 | 23d ago | visionOS 26.5 | |||
| CVE-2026-28877 | medium | 5.5 | 5.5 | 23d ago | visionOS 26.4 | |||
| CVE-2026-28988 | medium | 5.5 | 5.5 | 23d ago | visionOS 26.5 | |||
| CVE-2026-8235 | medium | 5.5 | 5.5 | 24d ago | A vulnerability was detected in 8421bit MiniClaw 0.8.0/0.9.0. This issue affects the function resolveSkillScriptPath of the file src/kernel.ts of the component System Command Handler. The manipulatio… | |||
| CVE-2026-8213 | medium | 5.5 | 5.5 | 24d ago | A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manip… | |||
| CVE-2026-8212 | medium | 5.5 | 5.5 | 24d ago | A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-bas… | |||
| CVE-2026-42333 | medium | — | 5.5 | 24d ago | quarkus-openapi-generator has overly broad path-parameter matching that sends authentication headers to unintended operations | |||
| CVE-2026-42310 | medium | 5.5 | 5.5 | 25d ago | Pillow has a PDF Parsing Trailer Infinite Loop (DoS) | |||
| CVE-2026-42308 | medium | 5.5 | 5.5 | 25d ago | Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer… | |||
| CVE-2026-45130 | medium | 5.5 | 5.5 | 25d ago | Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when loading a crafted spell file (.spl) with UTF-8 enc… | |||
| CVE-2026-42185 | medium | 5.5 | 5.5 | 25d ago | People is an application to handle users and teams, and distribute permissions across La Suite. Prior to version 1.25.0, a user holding the Administrator role on a mail domain could send a crafted in… | |||
| CVE-2026-44737 | medium | — | 5.5 | 25d ago | Grav: Stored XSS via page title (data[header][title]) in admin panel | |||
| CVE-2026-41511 | medium | 5.5 | 5.5 | 25d ago | OpenMcdf is a fully .NET / C# library to manipulate Compound File Binary File Format files, also known as Structured Storage. Prior to version 3.1.3, OpenMcdf does not detect cycles in the directory … | |||
| CVE-2026-43475 | medium | 5.5 | 5.5 | 26d ago | In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT This resolves the follow splat and lock-up when running with PREEMPT_RT … | |||
| CVE-2026-43474 | medium | 5.5 | 5.5 | 26d ago | In the Linux kernel, the following vulnerability has been resolved: fs: init flags_valid before calling vfs_fileattr_get syzbot reported a uninit-value bug in [1]. Similar to the "*get" context wh… |