CVEs from 2026
Total
13,512
critical
critical 1,163
high
high 4,146
medium
medium 4,137
low
low 440
% Critical
8.6%
% with KEV
0.4%
% with exploit
0.5%
Top products
- chrome 417
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-44578 | high | 8.6 | 8.6 | 16d ago | Next.js vulnerable to server-side request forgery in applications using WebSocket upgrades | |||
| CVE-2026-44001 | high | 8.6 | 8.6 | 16d ago | vm2 has a Sandbox Escape via Promise Constructor Unhandled Rejection (Process Crash DoS) | |||
| CVE-2026-44697 | high | 8.6 | 8.6 | 17d ago | Klever-Go MultiDataInterceptor has remote OOM via crafted compressed P2P payload | |||
| CVE-2026-33362 | high | 8.6 | 8.6 | 18d ago | In Meari IoT SDK builds embedded in CloudEdge 5.5.0 (build 220), Arenti 1.8.1 (build 220), and white-label Android apps <= 1.8.x (latest observed), multiple security-critical secrets are hardcoded an… | |||
| CVE-2026-41705 | high | 8.6 | 8.6 | 21d ago | Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injection via unsanitized document IDs | |||
| CVE-2026-42352 | high | 8.6 | 8.6 | 21d ago | pygeoapi 0.23.x: Unauthenticated SSRF via OGC API - Processes Subscriber | |||
| CVE-2026-29201 | high | 8.6 | 8.6 | 21d ago | Insufficient input validation of the feature file name in `feature::LOADFEATUREFILE` adminbin call can cause arbitrary file read when a relative file path is passed. | |||
| CVE-2026-41690 | high | 8.6 | 8.6 | 22d ago | i18next-http-middleware: Prototype pollution and path traversal via user-controlled language and namespace parameters | |||
| CVE-2026-41683 | high | 8.6 | 8.6 | 22d ago | i18next-http-middleware: HTTP response splitting and DoS via unsanitised Content-Language header | |||
| CVE-2026-44339 | high | 8.6 | 8.6 | 22d ago | PraisonAI has unsafe tool resolution in `ToolExecutionMixin.execute_tool`: undeclared `__main__` callables execute | |||
| CVE-2026-4935 | high | 8.6 | 8.6 | 22d ago | The OttoKit: All-in-One Automation Platform WordPress plugin before 1.1.23 does not properly sanitize user input before using it in a SQL statement, which could allow unauthenticated attackers to per… | |||
| CVE-2026-42047 | high | 8.6 | 8.6 | 22d ago | Inngest TypeScript SDK exposes environment variables via serve() handler on unhandled HTTP methods | |||
| CVE-2026-44116 | high | 8.6 | 8.6 | 23d ago | OpenClaw validates Zalo outbound photo URLs through the SSRF guard | |||
| CVE-2026-43139 | high | 8.6 | 8.6 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: xfrm6: fix uninitialized saddr in xfrm6_get_saddr() xfrm6_get_saddr() does not check the return value of ipv6_dev_get_saddr(). Wh… | |||
| CVE-2026-7412 | high | 8.6 | 8.6 | 25d ago | Eclipse BaSyx Java Server SDK vulnerable to Server-Side Request Forgery | |||
| CVE-2026-43533 | high | 8.6 | 8.6 | 25d ago | OpenClaw: QQBot media tags could read arbitrary local files through reply text | |||
| CVE-2026-42079 | high | 8.6 | 8.6 | 25d ago | PPTAgent: Arbitrary Code Execution via Python eval() of LLM-Generated Code with Builtins in Scope | |||
| CVE-2026-42469 | high | 8.6 | 8.6 | 28d ago | Buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) 3.3.005. In canformat_canswitch.cpp the parser does not properly validate a CANswitch DLC value, allowing remote attackers to… | |||
| CVE-2026-24222 | high | 8.6 | 8.6 | 1mo ago | NVIDIA NeMoClaw contains a vulnerability in the sandbox environment initialization component, where a remote attacker could cause improper access control by sending prompt-injected content that cause… | |||
| CVE-2026-40967 | high | 8.6 | 8.6 | 1mo ago | Spring AI has a VectorStore FilterExpression Converter injection | |||
| CVE-2026-31611 | high | 8.6 | 8.6 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: ksmbd: require 3 sub-authorities before reading sub_auth[2] parse_dacl() compares each ACE SID against sid_unix_NFS_mode and on m… | |||
| CVE-2026-5367 | high | 8.6 | 8.6 | 1mo ago | A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could ca… | |||
| CVE-2026-4931 | high | 8.6 | 8.6 | 2mo ago | Smart contract Marginal v1 performs unsafe downcast, allowing attackers to settle a large debt position for a negligible asset cost. | |||
| CVE-2026-5577 | high | 8.6 | 8.6 | 2mo ago | A vulnerability has been found in Song-Li cross_browser up to ca690f0fe6954fd9bcda36d071b68ed8682a786a. This affects an unknown part of the file flask/uniquemachine_app.py of the component details En… | |||
| CVE-2026-23457 | high | 8.6 | 8.6 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_sip: fix Content-Length u32 truncation in sip_help_tcp() sip_help_tcp() parses the SIP Content-Length hea… | |||
| CVE-2026-22742 | high | 8.6 | 8.6 | 2mo ago | Spring AI: Insufficient Validation causes SSRF when processing multimodal messages with user-supplied URLs | |||
| CVE-2026-32857 | high | 8.6 | 8.6 | 2mo ago | Firecrawl version 2.8.0 and prior contain a server-side request forgery (SSRF) protection bypass vulnerability in the Playwright scraping service where network policy validation is applied only to th… | |||
| CVE-2026-27764 | high | 8.6 | 8.6 | 3mo ago | The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predi… | |||
| CVE-2026-20748 | high | 8.6 | 8.6 | 3mo ago | The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predi… | |||
| CVE-2026-24912 | high | 8.6 | 8.6 | 3mo ago | The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predi… | |||
| CVE-2026-20082 | high | 8.6 | 8.6 | 3mo ago | A vulnerability in the handling of the embryonic connection limits in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause incomin… | |||
| CVE-2026-46820 | high | 8.5 | 8.5 | 1d ago | Vulnerability in the Oracle Financials Common Modules product of Oracle E-Business Suite (component: Common Components). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable v… | |||
| CVE-2026-48153 | high | 8.5 | 8.5 | 2d ago | Budibase is an open-source low-code platform. Prior to 3.39.0, fetchToken in the OAuth2 SDK makes a POST to a builder-supplied URL with plain node-fetch, skipping the blacklist.isBlacklisted check th… | |||
| CVE-2026-49046 | high | 8.5 | 8.5 | 3d ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Arjun Thakur Duplicate Page and Post allows Blind SQL Injection. This issue affects Duplicate Pa… | |||
| CVE-2026-42730 | high | 8.5 | 8.5 | 3d ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.Th… | |||
| CVE-2026-44706 | high | 8.5 | 8.5 | 3d ago | Chatwoot is a customer engagement suite. From 2.2.0 to before 4.11.2, a SQL injection vulnerability exists in the conversation and contact filter APIs. When filtering by a custom attribute of type da… | |||
| CVE-2026-4480 | high | 8.5 | 8.5 | 4d ago | A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution charac… | |||
| CVE-2026-48837 | high | 8.5 | 8.5 | 4d ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Unlimited Elements For Elementor allows Blind SQL Injection. This issue affects Unlimited Elemen… | |||
| CVE-2026-3515 | high | 8.5 | 8.5 | 6d ago | A vulnerability in the `GitHubRepository` block of the `prefect-github` integration in Prefect version 3.6.18 allows an attacker to inject arbitrary git command-line options via the `reference` field… | |||
| CVE-2026-46372 | high | 8.5 | 8.5 | 10d ago | SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0,… | |||
| CVE-2026-45401 | high | 8.5 | 8.5 | 14d ago | Open WebUI has a SSRF Bypass via HTTP Redirect Following in Web-Fetch and Image-Load Endpoints (not addressed by CVE-2025-65958) | |||
| CVE-2026-45400 | high | 8.5 | 8.5 | 14d ago | Open WebUI has a Server-Side Request Forgery (SSRF) bypass in `validate_url` | |||
| CVE-2026-45331 | high | 8.5 | 8.5 | 15d ago | Open WebUI has a full SSRF Vulnerability in the RAG Web Search Feature | |||
| CVE-2026-44850 | high | 8.5 | 8.5 | 16d ago | Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before … | |||
| CVE-2026-43998 | high | 8.5 | 8.5 | 16d ago | vm2 has a NodeVM require.root bypass via symlink traversal that allows sandbox escape | |||
| CVE-2026-44797 | high | 8.5 | 8.5 | 17d ago | Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot's Webhook data model and associated feature set could be configured by users with sufficient… | |||
| CVE-2026-43989 | high | 8.5 | 8.5 | 17d ago | JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the upload_wasm MCP tool accepted a filesystem path from the agent and uploaded whatever bytes the path resolved t… | |||
| CVE-2026-45214 | high | 8.5 | 8.5 | 18d ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows Blind SQL Injection.This issue affects Xp… | |||
| CVE-2026-45211 | high | 8.5 | 8.5 | 18d ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saad Iqbal APIExperts Square for WooCommerce woosquare allows Blind SQL Injection.This issue affe… | |||
| CVE-2026-42742 | high | 8.5 | 8.5 | 18d ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aman Views for WPForms views-for-wpforms-lite allows Blind SQL Injection.This issue affects Views… | |||
| CVE-2026-42741 | high | 8.5 | 8.5 | 18d ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aman Ninja Forms Views – Display & Edit Ninja Forms Submissions on your site frontend v… | |||
| CVE-2026-42449 | high | 8.5 | 8.5 | 22d ago | n8n-mcp's IPv4-mapped IPv6 addresses bypass SSRF protection in validateUrlSync(), enabling full SSRF for SDK embedders | |||
| CVE-2026-42860 | high | 8.5 | 8.5 | 24d ago | The Open edx Enterprise Service app provides enterprise features to the Open edX platform. From 7.0.2 to 7.0.4, the sync_provider_data endpoint in SAMLProviderDataViewSet fetches SAML metadata from a… | |||
| CVE-2026-42439 | high | 8.5 | 8.5 | 25d ago | OpenClaw: Browser tabs action select and close routes bypassed SSRF policy | |||
| CVE-2026-41914 | high | 8.5 | 8.5 | 1mo ago | OpenClaw QQ Bot Extension missing SSRF Protection on All Media Fetch Paths | |||
| CVE-2026-41371 | high | 8.5 | 8.5 | 1mo ago | OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in chat.send that allows write-scoped gateway callers to trigger admin-only session reset operations. Attackers can rotate targ… | |||
| CVE-2026-41461 | high | 8.5 | 8.5 | 1mo ago | SocialEngine versions 7.8.0 and prior contain a blind server-side request forgery vulnerability in the /core/link/preview endpoint where user-supplied input passed via the uri request parameter is no… | |||
| CVE-2026-41455 | high | 8.5 | 8.5 | 1mo ago | WeKan before 8.35 contains a server-side request forgery vulnerability in webhook integration URL handling where the URL scheme field accepts any string without protocol restriction or destination va… | |||
| CVE-2026-35548 | high | 8.5 | 8.5 | 1mo ago | An issue was discovered in guardsix (formerly Logpoint) ODBC Enrichment Plugins before 5.2.1 (5.2.1 is used in guardsix 7.9.0.0). A logic flaw allowed stored database credentials to be reused after m… | |||
| CVE-2026-40938 | high | 8.5 | 8.5 | 1mo ago | Tekton Pipeline: Git Resolver Unsanitized Revision Parameter Enables git Argument Injection Leading to RCE | |||
| CVE-2026-21997 | high | 8.5 | 8.5 | 1mo ago | Vulnerability in the Oracle Life Sciences Empirica Signal product of Oracle Life Science Applications (component: Common Core). Supported versions that are affected are 9.2.1-9.2.3. Easily exploitab… | |||
| CVE-2026-39486 | high | 8.5 | 8.5 | 2mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Chill Download Monitor download-monitor allows Blind SQL Injection.This issue affects Download… | |||
| CVE-2026-28133 | high | 8.5 | 8.5 | 3mo ago | Unrestricted Upload of File with Dangerous Type vulnerability in WP Chill Filr filr-protection allows Upload a Web Shell to a Web Server.This issue affects Filr: from n/a through <= 1.2.14. | |||
| CVE-2026-24572 | high | 8.5 | 8.5 | 4mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nelio Software Nelio Content nelio-content allows Blind SQL Injection.This issue affects Nelio Co… | |||
| CVE-2026-24367 | high | 8.5 | 8.5 | 4mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler traveler allows Blind SQL Injection.This issue affects Traveler: from n/a thr… | |||
| CVE-2026-6824 | high | 8.4 | 8.4 | 10h ago | A stored cross-site scripting (XSS) vulnerability exists in certain 1xxx series NVR devices due to insufficient sanitization of user-supplied input in specific functional modules. Attackers can injec… | |||
| CVE-2026-49238 | high | 8.4 | 8.4 | 2d ago | An issue was discovered in Canonical Multipass before version 1.16.3. The host-side SFTP server component (sshfs_server), which executes with root privileges on the host, contains a path containment … | |||
| CVE-2026-45108 | high | 8.4 | 8.4 | 2d ago | Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 2.0.0 to before 3.1.5 and 2.3.11, Himmelblau contained an authentication bypass vulnerability in the Device Autho… | |||
| CVE-2026-7365 | high | 8.4 | 8.4 | 3d ago | IBM Operations Analytics - Log Analysis and IBM SmartCloud Analytics - Log Analysis uses default passwords default passwords from the manufacturing process for use during the installation process, w… | |||
| CVE-2026-40851 | high | 8.4 | 8.4 | 3d ago | A local attacker can perform a confusion attack on the cfgparser via a specially crafted file on an USB stick leading to code execution. This can result in a total loss of confidentiality, integrity … | |||
| CVE-2026-2740 | high | 8.4 | 8.4 | 9d ago | Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are vulnerable to Authenticated Remote code execution in the agent mac… | |||
| CVE-2026-45253 | high | 8.4 | 8.4 | 9d ago | ptrace(PT_SC_REMOTE) failed to properly validate parameters for the syscall(2) and __syscall(2) meta-system calls. As a result, a user with the ability to debug a process may trigger arbitrary code … | |||
| CVE-2026-9157 | high | 8.4 | 8.4 | 9d ago | Improper input validation, Unrestricted upload of file with dangerous type vulnerability in Gmission Web Fax allows Remote Code Inclusion. This issue affects Web Fax: from 3.0 before 3.1. | |||
| CVE-2026-5804 | high | 8.4 | 8.4 | 11d ago | An improper authentication vulnerability was discovered in the Motorola Factory Test component (com.motorola.motocit). The application contained a reference to a writable file descriptor in external … | |||
| CVE-2026-25781 | high | 8.4 | 8.4 | 11d ago | in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS and it cannot be recovered. | |||
| CVE-2026-4892 | high | 8.4 | 8.4 | 11d ago | RHSA-2026:20589: dnsmasq security update (Important) | |||
| CVE-2026-41964 | high | 8.4 | 8.4 | 15d ago | Permission control vulnerability in the web. Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2026-25705 | high | 8.4 | 8.4 | 17d ago | Rancher Extensions have arbitrary file access via path traversal | |||
| CVE-2026-40367 | high | 8.4 | 8.4 | 17d ago | <p>Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.</p> | |||
| CVE-2026-40366 | high | 8.4 | 8.4 | 17d ago | <p>Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.</p> | |||
| CVE-2026-40364 | high | 8.4 | 8.4 | 17d ago | <p>Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.</p> | |||
| CVE-2026-40363 | high | 8.4 | 8.4 | 17d ago | <p>Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.</p> | |||
| CVE-2026-40361 | high | 8.4 | 8.4 | 17d ago | <p>Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.</p> | |||
| CVE-2026-40358 | high | 8.4 | 8.4 | 17d ago | <p>Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.</p> | |||
| CVE-2026-43991 | high | 8.4 | 8.4 | 17d ago | JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, substring-based blocklist in plugin-shell's command-safety check could be bypassed by adversarial argument constru… | |||
| CVE-2026-43990 | high | 8.4 | 8.4 | 17d ago | JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, plugin-shell's run_command wrapped every agent-supplied command in 'sh -c' / 'cmd /C' and passed the full argument… | |||
| CVE-2026-44334 | high | 8.4 | 8.4 | 22d ago | PraisonAI has unauthenticated RCE via `tool_override.py` (CVE-2026-40287 patch bypass) | |||
| CVE-2026-43940 | high | 8.4 | 8.4 | 22d ago | Electerm runWidget has a path traversal that leads to arbitrary code execution | |||
| CVE-2026-43274 | high | 8.4 | 8.4 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: mailbox: mchp-ipc-sbi: fix out-of-bounds access in mchp_ipc_get_cluster_aggr_irq() The cluster_cfg array is dynamically allocated… | |||
| CVE-2026-30363 | high | 8.4 | 8.4 | 28d ago | flipperzero-firmware commit ad2a80 was discovered to contain a stack overflow in the "Main" function. | |||
| CVE-2026-37552 | high | 8.4 | 8.4 | 29d ago | Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke TCP server (Server.php:87) receives data from a TCP socket, passes it directly to Opis\Closure\unserialize(),… | |||
| CVE-2026-7111 | high | 8.4 | 8.4 | 1mo ago | Text::CSV_XS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption. The Parse, print, get… | |||
| CVE-2026-41433 | high | 8.4 | 8.4 | 1mo ago | OpenTelemetry eBPF Instrumentation: Privileged Java agent injection allows arbitrary host file overwrite via untrusted TMPDIR | |||
| CVE-2026-5398 | high | 8.4 | 8.4 | 1mo ago | The implementation of TIOCNOTTY failed to clear a back-pointer from the structure representing the controlling terminal to the calling process' session. If the invoking process then exits, the termi… | |||
| CVE-2026-23853 | high | 8.4 | 8.4 | 1mo ago | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.1… | |||
| CVE-2026-33115 | high | 8.4 | 8.4 | 2mo ago | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-33114 | high | 8.4 | 8.4 | 2mo ago | Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-32190 | high | 8.4 | 8.4 | 2mo ago | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-35020 | high | 8.4 | 8.4 | 2mo ago | Rejected reason: This CVE ID has been rejected by the its CVE Numbering Authority (CNA). It was determined that the attack requires an attacker to already control arbitrary environment variables, a l… | |||
| CVE-2026-32845 | high | 8.4 | 8.4 | 2mo ago | cgltf version 1.15 and prior contain an integer overflow vulnerability in the cgltf_validate() function when validating sparse accessors that allows attackers to trigger out-of-bounds reads by supply… |