CVEs from 2026
Total
14,170
critical
critical 1,106
high
high 3,897
medium
medium 3,929
low
low 413
% Critical
7.8%
% with KEV
0.4%
% with exploit
0.4%
Top products
- chrome 298
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- openclaw 166
- gcp 135
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-34926 | medium | 6.7 | 8.2 | 6d ago | Trend Micro Apex One (on-premise) contains a directory traversal vulnerability that could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to depl… | |
| CVE-2026-42897 | medium | 6.1 | 7.6 | 13d ago | Microsoft Exchange Server contains a cross-site scripting vulnerability during web page generation in Outlook Web Access and when certain interaction conditions are met, arbitrary JavaScript can be e… | |
| CVE-2026-46361 | medium | 6.9 | 6.9 | 12d ago | phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in search.twig where result.question and result.answerPreview are rendered with the raw filter, disabling autoescape protect… | |
| CVE-2026-48545 | medium | 6.8 | 6.8 | 8h ago | Gradio before version 6.15.0 contains a cookie injection vulnerability that allows remote attackers to perform cross-Space session fixation by exploiting a shared module-level HTTP client used across… | |
| CVE-2026-9617 | medium | 6.8 | 6.8 | 9h ago | PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a table and placing malicious code inside a column identifier. If a superuser calls the k-an… | |
| CVE-2026-9704 | medium | 6.8 | 6.8 | 10h ago | A flaw was found in Keycloak. An authenticated user with low privileges can exploit this vulnerability by sending an oversized subject_token JSON Web Token (JWT) to the TokenEndpoint. When the token … | |
| CVE-2026-44707 | medium | 6.8 | 6.8 | 1d ago | Chatwoot is a customer engagement suite. From 2.14.0 to before 4.13.0, a Pre-Account Takeover (Pre-ATO) vulnerability existed in Chatwoot's authentication flow. Because email confirmation was not enf… | |
| CVE-2026-39311 | medium | 6.8 | 6.8 | 7d ago | Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Versions 0.102.1 and prior contain a critical security flaw where lack of S… | |
| CVE-2026-20171 | medium | 6.8 | 6.8 | 7d ago | A vulnerability in the Border Gateway Protocol (BGP) enforce-first-as feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow a… | |
| CVE-2026-45585 | medium | 6.8 | 6.8 | 8d ago | Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coor… | |
| CVE-2026-35593 | medium | 6.8 | 6.8 | 8d ago | Trilium Notes is an open-source, cross-platform hierarchical note taking application for building large personal knowledge bases. Versions 0.102.1 and prior are vulnerable to Local File Inclusion, al… | |
| CVE-2026-33741 | medium | 6.8 | 6.8 | 8d ago | EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below allow authenticated users to upload SVG attachments through normal attachment-capable fields and later… | |
| CVE-2026-4630 | medium | 6.8 | 6.8 | 8d ago | A flaw was found in Keycloak. An authenticated client could exploit an Insecure Direct Object Reference (IDOR) vulnerability in the Authorization Services Protection API endpoint. By knowing or obtai… | |
| CVE-2026-37982 | medium | 6.8 | 6.8 | 8d ago | A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay `ExecuteActionsActionToken` tokens within Keycloak's WebAuthn (Web Authentication) flow. By intercep… | |
| CVE-2026-41119 | medium | 6.8 | 6.8 | 10d ago | Dell Live Optics Windows and Personal Edition collectors contain an improper certificate validation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability leadi… | |
| CVE-2026-41970 | medium | 6.8 | 6.8 | 13d ago | Out-of-bounds write vulnerability in the distributed file system module. Impact: Successful exploitation of this vulnerability may affect availability. | |
| CVE-2026-6008 | medium | 6.8 | 6.8 | 13d ago | Authorization bypass through User-Controlled key vulnerability in Im Park Information Technology, Electronics, Press, Publishing and Advertising, Education Ltd. Co. DijiDemi allows Privilege Abuse. … | |
| CVE-2026-36742 | medium | 6.8 | 6.8 | 14d ago | Hiseeu C90 v5.7.15 is vulnerable to Insecure Permissions. The UART bootloader is accessible when battery is disconnected (hidden/debug mode). | |
| CVE-2026-36738 | medium | 6.8 | 6.8 | 14d ago | U-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0 is vulnerable to Incorrect Access Control. The device exposes a UART interface that lacks authentication, authorization, or access control me… | |
| CVE-2026-24464 | medium | 6.8 | 6.8 | 14d ago | When running in Appliance mode, a directory traversal vulnerability exists in an undisclosed iControl REST endpoint that may allow an authenticated attacker with administrator role privileges to cros… | |
| CVE-2026-21021 | medium | 6.8 | 6.8 | 15d ago | Improper input validation in Routines prior to SMR May-2026 Release 1 allows physical attackers to launch privileged activity. | |
| CVE-2026-44305 | medium | 6.8 | 6.8 | 15d ago | Lemur: LDAP Authentication Globally Disables TLS Certificate Verification When LDAP_USE_TLS Is Enabled | |
| CVE-2026-45026 | medium | 6.8 | 6.8 | 16d ago | WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, a Stored Cross-Site Scripting (XSS) vulnerability allows an authenticated user to inject malicious JavaScript into the … | |
| CVE-2026-45025 | medium | 6.8 | 6.8 | 16d ago | WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, a Stored Cross-Site Scripting (XSS) vulnerability allows an authenticated user to inject malicious JavaScript into the … | |
| CVE-2026-42312 | medium | 6.8 | 6.8 | 16d ago | pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the set_config_value() API method (@permission(Perms.SETTINGS)) in src/pyload/core/api/__init__.py gates … | |
| CVE-2026-1749 | medium | 6.8 | 6.8 | 19d ago | There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission. | |
| CVE-2026-42291 | medium | 6.8 | 6.8 | 19d ago | SysReptor is a fully customizable pentest reporting platform. From version 2026.4 to before version 2026.27, the endpoints for reading and creating sharing links for personal notes is not properly au… | |
| CVE-2026-44247 | medium | 6.8 | 6.8 | 19d ago | Volcano is a Kubernetes-native batch scheduling system. Prior to v1.14.2, v1.13.3, and v1.12.4, the Volcano webhook server does not enforce a size limit on incoming HTTP request bodies. Any in-cluste… | |
| CVE-2026-40003 | medium | 6.8 | 6.8 | 21d ago | ZTE ZX297520V3 BootROM contains a vulnerability that allows arbitrary memory writes via USB. Attackers can exploit the lack of target address validation in the USB download mode to write data to any … | |
| CVE-2026-6863 | medium | 6.8 | 6.8 | 21d ago | Velocidex Velociraptor has an Incorrect Authorization issue | |
| CVE-2026-43901 | medium | 6.8 | 6.8 | 22d ago | wireshark-mcp vulnerable to arbitrary file write via export_objects when WIRESHARK_MCP_ALLOWED_DIRS is not configured | |
| CVE-2026-42194 | medium | 6.8 | 6.8 | 22d ago | Admidio has an incomplete fix for CVE-2026-32812 (SSRF) | |
| CVE-2026-43875 | medium | 6.8 | 6.8 | 22d ago | AVideo: Password Hash Leak in MobileManager OAuth Redirect URL Enables Account Takeover | |
| CVE-2026-40934 | medium | 6.8 | 6.8 | 22d ago | Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at ~/.local/share/jupyter/runt… | |
| CVE-2026-41671 | medium | 6.8 | 6.8 | 28d ago | Admidio: OIDC Token Introspection Endpoint Returns Active for All Tokens Without Validation | |
| CVE-2026-0205 | medium | 6.8 | 6.8 | 28d ago | A post-authentication Path Traversal vulnerability in SonicOS allows an attacker to interact with usually restricted services. | |
| CVE-2026-0711 | medium | 6.8 | 6.8 | 1mo ago | A post-authentication command injection vulnerability in the EasyMesh-related APIs of Zyxel DX3300-T0 firmware versions through 5.50(ABVY.7.1)C0 could allow an authenticated, adjacent attacker with a… | |
| CVE-2026-32649 | medium | 6.8 | 6.8 | 1mo ago | A command injection vulnerability exists in the web server of specific firmware versions of Milesight cameras. | |
| CVE-2026-40970 | medium | 6.8 | 6.8 | 1mo ago | Spring Boot's Elasticsearch auto-configuration doesn't perform hostname verification when connecting to the Elasticsearch server. | |
| CVE-2026-28525 | medium | 6.8 | 6.8 | 1mo ago | SWUpdate contains an integer underflow vulnerability in the multipart upload parser in mongoose_multipart.c that allows unauthenticated attackers to cause a denial of service by sending a crafted HTT… | |
| CVE-2026-34314 | medium | 6.8 | 6.8 | 1mo ago | Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected ar… | |
| CVE-2026-40574 | medium | 6.8 | 6.8 | 1mo ago | OAuth2 Proxy has an Authorization Bypass in Email Domain Validation via Malformed Multi-@ Email Claims | |
| CVE-2026-40500 | medium | 6.8 | 6.8 | 1mo ago | ProcessWire: server-side request forgery vulnerability in the admin panel's 'Add Module From URL' feature | |
| CVE-2026-32223 | medium | 6.8 | 6.8 | 1mo ago | Heap-based buffer overflow in Windows USB Print Driver allows an unauthorized attacker to elevate privileges with a physical attack. | |
| CVE-2026-32567 | medium | 6.8 | 6.8 | 2mo ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in icopydoc YML for Yandex Market yml-for-yandex-market allows Path Traversal.This issue affects YML for Y… | |
| CVE-2026-32496 | medium | 6.8 | 6.8 | 2mo ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in NYSL Spam Protect for Contact Form 7 wp-contact-form-7-spam-blocker allows Path Traversal.This issue af… | |
| CVE-2026-25328 | medium | 6.8 | 6.8 | 2mo ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in add-ons.org Product File Upload for WooCommerce products-file-upload-for-woocommerce allows Path Traver… | |
| CVE-2026-2741 | medium | 6.8 | 6.8 | 3mo ago | Vaadin: Specially crafted ZIP archives can escape the intended extraction directory | |
| CVE-2026-48065 | medium | 6.7 | 6.7 | 3h ago | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/conf.c allocates heap memory proportional to n_devices, a count derived from libxml2 XPath evalu… | |
| CVE-2026-44076 | medium | 6.7 | 6.7 | 7d ago | Insufficient sanitization of volume paths in Netatalk 3.1.0 through 4.4.2 allows a local privileged user to inject OS commands and execute arbitrary code via a crafted volume path. | |
| CVE-2026-35070 | medium | 6.7 | 6.7 | 8d ago | Dell SmartFabric Storage Software, versions prior to 1.4.5, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker w… | |
| CVE-2026-42919 | medium | 6.7 | 6.7 | 14d ago | A vulnerability exists in BIG-IP systems that may allow an authenticated attacker with administrative access to escalate their privileges. A successful exploit may allow the attacker to cross a secur… | |
| CVE-2026-21018 | medium | 6.7 | 6.7 | 15d ago | Out-of-bounds write in SveService prior to SMR May-2026 Release 1 allows local privileged attackers to execute arbitrary code. | |
| CVE-2026-41097 | medium | 6.7 | 6.7 | 15d ago | Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. | |
| CVE-2026-32170 | medium | 6.7 | 6.7 | 15d ago | Double free in Windows Rich Text Edit Control allows an authorized attacker to elevate privileges locally. | |
| CVE-2026-21530 | medium | 6.7 | 6.7 | 15d ago | Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally. | |
| CVE-2026-40638 | medium | 6.7 | 6.7 | 15d ago | Dell PowerScale InsightIQ, versions 5.0.0 through 6.2.0, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this v… | |
| CVE-2026-26946 | medium | 6.7 | 6.7 | 17d ago | Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper privilege management vulnerability in the OS. A high privileged attacker with local acce… | |
| CVE-2026-42176 | medium | 6.7 | 6.7 | 19d ago | Scoold is a Q&A and a knowledge sharing platform for teams. Prior to version 1.67.0, Scoold allows the admins configuration value to be modified through /api/config/set/admins with a forged Bearer to… | |
| CVE-2026-20451 | medium | 6.7 | 6.7 | 24d ago | In slbc, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interacti… | |
| CVE-2026-20448 | medium | 6.7 | 6.7 | 24d ago | In geniezone, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege if a malicious actor has already obtained the System priv… | |
| CVE-2026-20447 | medium | 6.7 | 6.7 | 24d ago | In geniezone, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privileg… | |
| CVE-2026-25852 | medium | 6.7 | 6.7 | 28d ago | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212. | |
| CVE-2026-7280 | medium | 6.7 | 6.7 | 1mo ago | AVACAST developed by eMPIA Technology has a Unquoted Service Path vulnerability, allowing privileged local attackers to place a malicious executable file in a specific directory, resulting in arbitra… | |
| CVE-2026-40977 | medium | 6.7 | 6.7 | 1mo ago | Spring Boot's PID file write follows symlinks at predictable default path | |
| CVE-2026-41360 | medium | 6.7 | 6.7 | 1mo ago | OpenClaw before 2026.4.2 contains an approval integrity vulnerability in pnpm dlx that fails to bind local script operands consistently with pnpm exec flows. Attackers can replace approved local scri… | |
| CVE-2026-35154 | medium | 6.7 | 6.7 | 1mo ago | Dell PowerProtect Data Domain appliances, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper … | |
| CVE-2026-26951 | medium | 6.7 | 6.7 | 1mo ago | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a stack-based buffer overflo… | |
| CVE-2026-35153 | medium | 6.7 | 6.7 | 1mo ago | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralizat… | |
| CVE-2026-35074 | medium | 6.7 | 6.7 | 1mo ago | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralizat… | |
| CVE-2026-35073 | medium | 6.7 | 6.7 | 1mo ago | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralizat… | |
| CVE-2026-35072 | medium | 6.7 | 6.7 | 1mo ago | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralizat… | |
| CVE-2026-0390 | medium | 6.7 | 6.7 | 1mo ago | Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a security feature locally. | |
| CVE-2026-4105 | medium | 6.7 | 6.7 | 3mo ago | A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop… | |
| CVE-2026-21422 | medium | 6.7 | 6.7 | 3mo ago | Dell PowerScale OneFS, versions 9.10.0.0 through 9.13.1.0, contains an external control of system or configuration setting vulnerability. A high privileged attacker with local access could potentiall… | |
| CVE-2026-22341 | medium | 6.7 | 6.7 | 3mo ago | Authentication Bypass Using an Alternate Path or Channel vulnerability in Case-Themes Booked booked allows Authentication Abuse.This issue affects Booked: from n/a through <= 3.0.0. | |
| CVE-2026-48919 | medium | 6.6 | 6.6 | 9h ago | Jenkins Active Directory Plugin 2.41 and earlier deserializes data from LDAP referrals without validation. | |
| CVE-2026-48918 | medium | 6.6 | 6.6 | 9h ago | Jenkins Active Directory Plugin 2.41 and earlier follows LDAP referrals by default. | |
| CVE-2026-48917 | medium | 6.6 | 6.6 | 9h ago | Jenkins LDAP Plugin 807.v7d7de30930cf and earlier deserializes data from LDAP referrals without validation. | |
| CVE-2026-48916 | medium | 6.6 | 6.6 | 9h ago | Jenkins LDAP Plugin 807.v7d7de30930cf and earlier follows LDAP referrals. | |
| CVE-2026-27768 | medium | 6.6 | 6.6 | 2d ago | SQL Injection affecting the Access Manager role. | |
| CVE-2026-6366 | medium | 6.6 | 6.6 | 8d ago | Drupal core contains a chain of methods that could be exploitable when an insecure deserialization vulnerability exists on the site. This so-called "gadget chain" presents no direct threat, but is a … | |
| CVE-2026-34216 | medium | 6.6 | 6.6 | 8d ago | CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the admin settings update endpoint accepted a fully qualified class name directly from user-supplied requ… | |
| CVE-2026-20905 | medium | 6.6 | 6.6 | 15d ago | Improper input validation for some Intel(R) QAT software drivers for Windows before version 2.6 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an… | |
| CVE-2026-20782 | medium | 6.6 | 6.6 | 15d ago | Buffer overflow for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenti… | |
| CVE-2026-20717 | medium | 6.6 | 6.6 | 15d ago | Improper input validation for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with a… | |
| CVE-2026-35255 | medium | 6.6 | 6.6 | 22d ago | Vulnerability in the Oracle Cloud Native Environment Command Line Interface product of Oracle Open Source Projects. The supported versions that is affected is v2.3.2. Easily exploitable vulnerability… | |
| CVE-2026-42510 | medium | 6.6 | 6.6 | 1mo ago | OpenStack Ironic is Vulnerable to Inclusion of Functionality from Untrusted Control Sphere | |
| CVE-2026-35365 | medium | 6.6 | 6.6 | 1mo ago | uutils coreutils has a Link Following issue | |
| CVE-2026-4114 | medium | 6.6 | 6.6 | 2mo ago | Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN admin to bypass AMC TOTP authentication. | |
| CVE-2026-3401 | medium | 6.6 | 6.6 | 3mo ago | A weakness has been identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown part. This manipulation causes session expiration. Remote exploitation of th… | |
| CVE-2026-47273 | medium | 6.5 | 6.5 | 3h ago | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pam_usb builds XPath expressions from user-supplied identifiers (PAM username, service name) and dev… | |
| CVE-2026-1402 | medium | 6.5 | 6.5 | 5h ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an authen… | |
| CVE-2026-45081 | medium | 6.5 | 6.5 | 6h ago | Frappe HR is an open-source human resources management solution (HRMS). Prior to 16.5.0, authenticated employees could access other employees’ leave details due to improper authorization checks. This… | |
| CVE-2026-48147 | medium | 6.5 | 6.5 | 6h ago | Budibase is an open-source low-code platform. Prior to 3.35.4, the buildMatcherRegex() / matches() functions in packages/backend-core/src/middleware/matchers.ts route patterns are compiled into unanc… | |
| CVE-2026-45719 | medium | 6.5 | 6.5 | 6h ago | Budibase: CouchDB Reduce Injection via Unsanitized Calculation Parameter in V1 Views API | |
| CVE-2026-44317 | medium | 6.5 | 6.5 | 8h ago | free5GC's PCF npcf-policyauthorization POST /app-sessions panics on suppFeat=1 with missing AfRoutReq via nil pointer dereference | |
| CVE-2026-44324 | medium | 6.5 | 6.5 | 8h ago | free5GC's UDR nudr-dr DELETE amf-subscriptions panics on missing UE state via nil interface type assertion (single authenticated request) | |
| CVE-2026-44318 | medium | 6.5 | 6.5 | 8h ago | free5GC's BSF concurrent PUT /nbsf-management/v1/subscriptions/{subId} crashes the BSF process via concurrent map read/write on Subscriptions | |
| CVE-2026-44353 | medium | 6.5 | 6.5 | 8h ago | Streamlink has an arbitrary local file read via file:// URI in HLS and DASH |