CVEs from 2026
Total
14,075
critical
critical 1,239
high
high 4,664
medium
medium 4,449
low
low 487
% Critical
8.8%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 522
- firepower_threat_defense_software 300
- firepower_threat_defense 298
- gcp 239
- openclaw 172
- commerce 104
- commerce_b2b 89
- grafana 80
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-27416 | medium | 5.3 | 5.3 | 27d ago | Missing Authorization vulnerability in bPlugins PDF Poster allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF Poster: from n/a through 2.4.1. | |||
| CVE-2026-27329 | medium | 5.3 | 5.3 | 27d ago | Authorization Bypass Through User-Controlled Key vulnerability in YITH YITH WooCommerce Wishlist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects YITH WooC… | |||
| CVE-2026-25468 | medium | 5.3 | 5.3 | 27d ago | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs Happy Addons for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Happy Addons… | |||
| CVE-2026-25436 | medium | 5.3 | 5.3 | 27d ago | Missing Authorization vulnerability in WProyal Royal Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal Elementor Addons: from n/a bef… | |||
| CVE-2026-44600 | medium | 5.3 | 5.3 | 28d ago | Tor before 0.4.9.7 mishandles accounting of the conflux out-of-order queue during the clearing of a queue, aka TROVE-2026-010. | |||
| CVE-2026-44599 | medium | 5.3 | 5.3 | 28d ago | Tor before 0.4.9.7 can attempt or accept BEGIN_DIR via conflux legs, aka TROVE-2026-008. | |||
| CVE-2026-6222 | medium | 5.3 | 5.3 | 28d ago | The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.51.1. This is due to the `processRequest()` method in `Forminator_Admin_Module_Edit_… | |||
| CVE-2026-41417 | medium | 5.3 | 5.3 | 28d ago | Netty: Start-Line Injection in DefaultHttpRequest.setUri() Allows HTTP Request Smuggling and RTSP Request Injection | |||
| CVE-2026-41310 | medium | 5.3 | 5.3 | 28d ago | OpenTelemetry's Zipkin remote endpoint cache could grow without bounds and increase memory pressure | |||
| CVE-2026-44306 | medium | 5.3 | 5.3 | 28d ago | Statamic CMS vulnerable to email enumeration via forgot password endpoint | |||
| CVE-2026-8033 | medium | 5.3 | 5.3 | 28d ago | A vulnerability has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. This affects an unknown function of the file /cdemos/echs/api/v2/ of the component Response Header Handler. Such man… | |||
| CVE-2026-8031 | medium | 5.3 | 5.3 | 28d ago | A vulnerability was detected in PicoTronica e-Clinic Healthcare System ECHS 5.7. The affected element is an unknown function of the file /cdemos/echs/api/v2/patient-records of the component API Endpo… | |||
| CVE-2026-8020 | medium | 5.3 | 5.3 | 28d ago | Uninitialized Use in GPU in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process… | |||
| CVE-2026-7960 | medium | 5.3 | 5.3 | 28d ago | Race in Speech in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted… | |||
| CVE-2026-7955 | medium | 5.3 | 5.3 | 28d ago | Uninitialized Use in GPU in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via… | |||
| CVE-2026-41931 | medium | 5.3 | 5.3 | 28d ago | Vvveb before version 1.0.8.2 contains an information disclosure vulnerability that allows unauthenticated attackers to obtain sensitive server information by triggering unhandled exceptions in the pa… | |||
| CVE-2026-20195 | medium | 5.3 | 5.3 | 28d ago | A vulnerability in an identity management API endpoint of Cisco ISE could allow an unauthenticated, remote attacker to enumerate valid user accounts on an affected device. This vulnerability exist… | |||
| CVE-2026-8026 | medium | 5.3 | 5.3 | 28d ago | Flowise: Bcrypt Password Hash Exposure | |||
| CVE-2026-6860 | medium | 5.3 | 5.3 | 28d ago | Vert.x has a DoS via unbounded server-side SNI SslContext cache growth | |||
| CVE-2026-3208 | medium | 5.3 | 5.3 | 29d ago | The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'mp_pix_image' WooCommerce API endpoint in all ver… | |||
| CVE-2026-43881 | medium | 5.3 | 5.3 | 29d ago | AVideo: Unauthenticated User Enumeration in objects/users.json.php via isCompany Parameter Allows Bypass of the Admin-Only Listing Restriction | |||
| CVE-2026-43880 | medium | 5.3 | 5.3 | 29d ago | AVideo: Unauthenticated Arbitrary Email Sending via sendEmail.json.php Enables Phishing from the Site’s Legitimate From Address | |||
| CVE-2026-34527 | medium | 5.3 | 5.3 | 29d ago | Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, SbieIniServer::HashPassword converts a SHA-1 digest to hexadecimal incorrectly. The high… | |||
| CVE-2026-33420 | medium | 5.3 | 5.3 | 29d ago | Vaultwarden is a Bitwarden-compatible server written in Rust. In version 1.35.4 and earlier, the get_org_collections_details endpoint (GET /api/organizations/{org_id}/collections/details) is missing … | |||
| CVE-2026-6907 | medium | 5.3 | 5.3 | 29d ago | An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. `django.middleware.cache.UpdateCacheMiddleware` erroneously caches requests where the `Vary` header contained an asterisk (`'*'`). T… | |||
| CVE-2026-43002 | medium | 5.3 | 5.3 | 29d ago | OpenStack Horizon has Incorrect Behavior Order | |||
| CVE-2026-5766 | medium | 5.3 | 5.3 | 29d ago | An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated `Content-Length` header can bypass the `FILE_UPLOAD_MAX_MEMORY_SIZE` limit, potentially … | |||
| CVE-2026-43572 | medium | 5.3 | 5.3 | 29d ago | OpenClaw: Microsoft Teams SSO invoke handler missed sender authorization checks | |||
| CVE-2026-43868 | medium | 5.3 | 5.3 | 29d ago | Apache Thrift has a Memory Allocation with Excessive Size Value Vulnerability | |||
| CVE-2026-2729 | medium | 5.3 | 5.3 | 29d ago | The Forminator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.52.0. This is due to the plugin not properly verifying that a user is authorized to p… | |||
| CVE-2026-44029 | medium | 5.3 | 5.3 | 1mo ago | An issue was discovered in Nix before 2.34.7. Writing to arbitrary files can occur via "nix-prefetch-url --unpack" or "nix store prefetch-file --unpack" directory traversal. The fixed versions are 2.… | |||
| CVE-2026-41572 | medium | 5.3 | 5.3 | 1mo ago | Note Mark: Unauthenticated read of notes and assets in soft-deleted public books | |||
| CVE-2026-33007 | medium | 5.3 | 5.3 | 1mo ago | RHSA-2026:22140: httpd:2.4 security update (Important) | |||
| CVE-2026-34032 | medium | 5.3 | 5.3 | 1mo ago | RHSA-2026:22140: httpd:2.4 security update (Important) | |||
| CVE-2026-33857 | medium | 5.3 | 5.3 | 1mo ago | RHSA-2026:22140: httpd:2.4 security update (Important) | |||
| CVE-2026-5335 | medium | 5.3 | 5.3 | 1mo ago | The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to leak sensitive user information. | |||
| CVE-2026-7722 | medium | 5.3 | 5.3 | 1mo ago | Prefect Auth Bypass via endswith() Health Check Exemption | |||
| CVE-2026-7702 | medium | 5.3 | 5.3 | 1mo ago | A vulnerability was detected in toeverything AFFiNE up to 0.26.3. This issue affects the function allowDocPreview of the file /workspace/:workspaceId/:docId of the component Public Markdown Preview E… | |||
| CVE-2026-7686 | medium | 5.3 | 5.3 | 1mo ago | A vulnerability was found in eyeo Adblock Plus up to 4.36.2 on Chrome. Affected by this vulnerability is the function postMessage of the file premium.preload.js of the component Legacy Premium Activa… | |||
| CVE-2026-40561 | medium | 5.3 | 5.3 | 1mo ago | Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starlet incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both head… | |||
| CVE-2026-3504 | medium | 5.3 | 5.3 | 1mo ago | The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.1 via the '/dokan/v1/… | |||
| CVE-2026-4024 | medium | 5.3 | 5.3 | 1mo ago | The Royal Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `wpr_update_form_action_meta` AJAX action in all versio… | |||
| CVE-2026-6449 | medium | 5.3 | 5.3 | 1mo ago | The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Improper Authorization in all versions up to, and including, 2.1.2. This is due to a logical short-circ… | |||
| CVE-2026-4650 | medium | 5.3 | 5.3 | 1mo ago | The FundPress – WordPress Donation Plugin for WordPress is vulnerable to authorization bypass in versions up to and including 2.0.8. This is due to missing authorization and nonce verification in the… | |||
| CVE-2026-7638 | medium | 5.3 | 5.3 | 1mo ago | The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to and including 5.6.0. This is due to miss… | |||
| CVE-2026-7589 | medium | 5.3 | 5.3 | 1mo ago | A vulnerability was determined in ghantakiran splunk-mcp-integration up to 0b86b09d5e5adf0433acd43c975951224613a1a6. Impacted is the function create_csv_export of the file services/csv-export-service… | |||
| CVE-2026-7588 | medium | 5.3 | 5.3 | 1mo ago | A vulnerability was found in ggerve coding-standards-mcp. This issue affects the function get_style_guide/get_best_practices of the file server.py. The manipulation of the argument Language results i… | |||
| CVE-2026-7582 | medium | 5.3 | 5.3 | 1mo ago | A vulnerability was detected in AcademySoftwareFoundation OpenImageIO up to 3.2.0.1-dev. This vulnerability affects unknown code of the file src/dds.imageio/ddsinput.cpp of the component DDS Image Ha… | |||
| CVE-2026-3143 | medium | 5.3 | 5.3 | 1mo ago | The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax… | |||
| CVE-2026-7580 | medium | 5.3 | 5.3 | 1mo ago | A vulnerability was detected in Exiftool up to 13.53. Impacted is the function Process_mrld of the file lib/Image/ExifTool/GM.pm of the component JPEG/QuickTime/MOV/MP4. The manipulation of the argum… | |||
| CVE-2026-7536 | medium | 5.3 | 5.3 | 1mo ago | A vulnerability was determined in Open5GS up to 2.7.7. This vulnerability affects the function bsf_sess_add_by_ip_address of the file /nbsf-management/v1/pcfBindings of the component BSF. Executing a… | |||
| CVE-2026-40686 | medium | 5.3 | 5.3 | 1mo ago | In Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bounds read if large UTF-8 trailing characters are present (malformed UTF-8 header data). Information might be divulged with… | |||
| CVE-2026-6498 | medium | 5.3 | 5.3 | 1mo ago | The Five Star Restaurant Reservations plugin for WordPress is vulnerable to a payment bypass via PHP type juggling in versions up to, and including, 2.7.16 This is due to the valid_payment() function… | |||
| CVE-2026-42800 | medium | 5.3 | 5.3 | 1mo ago | NULL pointer dereference vulnerability in ASR1903 in ASR Lapwing_Linux on Linux (ims_client modules) allows Pointer Manipulation. This vulnerability is associated with program files sip/utils/src/s… | |||
| CVE-2026-7403 | medium | 5.3 | 5.3 | 1mo ago | A security flaw has been discovered in geldata gel-mcp 0.1.0. This impacts the function list_rules/fetch_rule of the file src/gel_mcp/server.py. The manipulation of the argument rule_name results in … | |||
| CVE-2026-7396 | medium | 5.3 | 5.3 | 1mo ago | A vulnerability was identified in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/wecom.py of the component WeChat Work Platform Ad… | |||
| CVE-2026-42644 | medium | 5.3 | 5.3 | 1mo ago | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper BetterDocs betterdocs allows Retrieve Embedded Sensitive Data.This issue affects BetterDocs: fr… | |||
| CVE-2026-42642 | medium | 5.3 | 5.3 | 1mo ago | Missing Authorization vulnerability in StellarWP GiveWP give allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GiveWP: from n/a through <= 4.14.5. | |||
| CVE-2026-22745 | medium | 5.3 | 5.3 | 1mo ago | Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources | |||
| CVE-2026-4019 | medium | 5.3 | 5.3 | 1mo ago | The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to unauthorized data access in all versions up to, and including, 7.4.5 This is due to the REST API endpoint at /wp-json/co… | |||
| CVE-2026-42427 | medium | 5.3 | 5.3 | 1mo ago | OpenClaw: HGRCPATH, CARGO_BUILD_RUSTC_WRAPPER, RUSTC_WRAPPER, and MAKEFLAGS missing from exec env denylist — RCE via build tool env injection (GHSA-cm8v-2vh9-cxf3 class) | |||
| CVE-2026-41407 | medium | 5.3 | 5.3 | 1mo ago | OpenClaw: Shared-secret comparison call sites leaked length information through timing | |||
| CVE-2026-41374 | medium | 5.3 | 5.3 | 1mo ago | OpenClaw runs Discord audio preflight transcription before member authorization | |||
| CVE-2026-40969 | medium | 5.3 | 5.3 | 1mo ago | Spring gRPC AuthenticationException messages are reflected to remote client | |||
| CVE-2026-7271 | medium | 5.3 | 5.3 | 1mo ago | A vulnerability was detected in DV0x creative-ad-agent up to 751b9e5146604dc65049bd0f62dcbdad6212f8a3. Impacted is an unknown function of the file server/sdk-server.ts of the component creative-ad-ag… | |||
| CVE-2026-41606 | medium | 5.3 | 5.3 | 1mo ago | Uncontrolled Recursion vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue. | |||
| CVE-2026-7235 | medium | 5.3 | 5.3 | 1mo ago | A security vulnerability has been detected in ErlichLiu claude-agent-sdk-master up to b185aa7ff0d864581257008077b4010fca1747bf. Affected by this vulnerability is an unknown functionality of the file … | |||
| CVE-2026-4911 | medium | 5.3 | 5.3 | 1mo ago | The Booking Package plugin for WordPress is vulnerable to Price Manipulation in versions up to, and including, 1.7.06 This is due to the intentForStripe() function passing user-controlled $_POST['amo… | |||
| CVE-2026-7217 | medium | 5.3 | 5.3 | 1mo ago | A security vulnerability has been detected in Deepractice PromptX up to 2.4.0. The affected element is the function read_docx/read_xlsx/read_pptx/list_xlsx_sheets/read_pdf of the file packages/mcp-of… | |||
| CVE-2026-7183 | medium | 5.3 | 5.3 | 1mo ago | A vulnerability has been found in aligungr UERANSIM up to 3.2.7. The affected element is the function rls::DecodeRlsMessage in the library src/lib/rls/rls_pdu.cpp of the component Radio Link Simulati… | |||
| CVE-2026-7179 | medium | 5.3 | 5.3 | 1mo ago | A security vulnerability has been detected in OSPG binwalk up to 2.4.3. This vulnerability affects the function read_null_terminated_string of the file src/binwalk/plugins/winceextract.py of the comp… | |||
| CVE-2026-7135 | medium | 5.3 | 5.3 | 1mo ago | A security flaw has been discovered in GPAC up to 26.03-DEV-rev105-g8f39a1eb3-master. Affected by this vulnerability is the function elng_box_read of the file src/isomedia/box_code_base.c of the comp… | |||
| CVE-2026-42037 | medium | 5.3 | 5.3 | 1mo ago | Axios: CRLF Injection in multipart/form-data body via unsanitized blob.type in formDataToStream | |||
| CVE-2026-42036 | medium | 5.3 | 5.3 | 1mo ago | Axios: HTTP adapter streamed responses bypass maxContentLength | |||
| CVE-2026-42034 | medium | 5.3 | 5.3 | 1mo ago | Axios' HTTP adapter-streamed uploads bypass maxBodyLength when maxRedirects: 0 | |||
| CVE-2026-40431 | medium | 5.3 | 5.3 | 1mo ago | A vulnerability exists in SenseLive X3050’s web management interface due to its reliance on unencrypted HTTP for all administrative communication. Because management traffic, including authentication… | |||
| CVE-2026-23865 | medium | 5.3 | 5.3 | 1mo ago | RHSA-2026:9689: java-21-openjdk security update (Important) | |||
| CVE-2026-41354 | medium | 5.3 | 5.3 | 1mo ago | OpenClaw: Zalo replay dedupe keys could suppress messages across chats or senders | |||
| CVE-2026-41351 | medium | 5.3 | 5.3 | 1mo ago | OpenClaw: Telnyx Webhook Replay Detection Bypass via Base64 Signature Re-encoding | |||
| CVE-2026-41345 | medium | 5.3 | 5.3 | 1mo ago | OpenClaw before 2026.3.31 contains a credential exposure vulnerability in media download functionality that forwards Authorization headers across cross-origin redirects. Attackers can exploit this by… | |||
| CVE-2026-41343 | medium | 5.3 | 5.3 | 1mo ago | OpenClaw: LINE webhook handler lacks shared pre-auth concurrency budget before signature verification | |||
| CVE-2026-41337 | medium | 5.3 | 5.3 | 1mo ago | OpenClaw: Voice-call Plivo replay mutates in-process callback origin before replay rejection | |||
| CVE-2026-41335 | medium | 5.3 | 5.3 | 1mo ago | OpenClaw Has a Gateway Control Interface Information Disclosure Vulnerability | |||
| CVE-2026-41332 | medium | 5.3 | 5.3 | 1mo ago | OpenClaw host-env blocklist missing `GIT_TEMPLATE_DIR` and `AWS_CONFIG_FILE` allows code execution via env override | |||
| CVE-2026-2708 | medium | 5.3 | 5.3 | 1mo ago | A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soup_message_headers_append_common() function in libsoup/soup-message-headers.c unconditionally appends each hea… | |||
| CVE-2026-40894 | medium | 5.3 | 5.3 | 1mo ago | OpenTelemetry dotnet: Excessive memory allocation when parsing OpenTelemetry propagation headers | |||
| CVE-2026-40891 | medium | 5.3 | 5.3 | 1mo ago | OpenTelemetry dotnet: Unbounded `grpc-status-details-bin` parsing in OTLP/gRPC retry handling | |||
| CVE-2026-41182 | medium | 5.3 | 5.3 | 1mo ago | LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to version 0.5.19 of the JavaScript SDK and version 0.7.31 of the Python SDK, the LangSmith SDK's output redacti… | |||
| CVE-2026-35345 | medium | 5.3 | 5.3 | 1mo ago | uutils coreutils has a Link Following Issue | |||
| CVE-2026-35061 | medium | 5.3 | 5.3 | 2mo ago | Anviz CX7 Firmware is vulnerable to the most recently captured test photo that can be retrieved without authentication, revealing sensitive operational imagery. | |||
| CVE-2026-33093 | medium | 5.3 | 5.3 | 2mo ago | Anviz CX7 Firmware is vulnerable to an unauthenticated POST to the device that captures a photo with the front facing camera, exposing visual information about the deployment environment. | |||
| CVE-2026-32648 | medium | 5.3 | 5.3 | 2mo ago | Anviz CX2 Lite and CX7 are vulnerable to unauthenticated access that discloses debug configuration details (e.g., SSH/RTTY status), assisting attackers in reconnaissance against the device. | |||
| CVE-2026-6491 | medium | 5.3 | 5.3 | 2mo ago | A security vulnerability has been detected in libvips up to 8.18.2. The affected element is the function im_minpos_vec of the file libvips/deprecated/vips7compat.c of the component nip2 Handler. Such… | |||
| CVE-2026-24749 | medium | 5.3 | 5.3 | 2mo ago | Silverstripe Assets Module has a DBFile::getURL() permission bypass | |||
| CVE-2026-40778 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Majestic Support Majestic Support majestic-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Majestic Support: … | |||
| CVE-2026-40742 | medium | 5.3 | 5.3 | 2mo ago | Missing Authorization vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nelio AB Testing: fr… | |||
| CVE-2026-28421 | medium | 5.3 | 5.3 | 2mo ago | Important: vim security update | |||
| CVE-2026-33829 | medium | 4.3 | 5.3 | 2mo ago | Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2026-6219 | medium | 5.3 | 5.3 | 2mo ago | A vulnerability was determined in aandrew-me ytDownloader up to 3.20.2. This affects the function child_process.exec of the file src/compressor.js of the component Compressor Feature. This manipulati… | |||
| CVE-2026-5504 | medium | 5.3 | 5.3 | 2mo ago | A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In previous versions of wolfS… |