Critical vulnerabilities, curated daily for security professionals
đ¯ SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
đ
Today's Security Brief
Thursday's disclosures concentrate heavily on HP products and WordPress plugins, with multiple remote code execution flaws affecting enterprise printing infrastructure and content management deployments. Yesterday brought 15 critical CVEs, down 46% from the prior day's 28, alongside 100 high-priority vulnerabilities matching the previous day's volume. Notable entries include CVE-2026-41228 (CVSS 9.9) enabling HP code execution, CVE-2026-41167 (CVSS 9.1) affecting PostgreSQL host handling, and CVE-2026-40575 (CVSS 9.1) impacting Nginx configurations. Code execution and injection patterns dominate the disclosure set, with WordPress plugin vulnerabilities (CVE-2026-6235, CVE-2026-3844, CVE-2026-4119) creating broad exposure across hosted sites. No patches are currently available across yesterday's disclosures, and 14 entries appear on the CISA KEV list indicating confirmed exploitation activity.
HP products lead critical disclosures with CVE-2026-41228 (CVSS 9.9) enabling code execution and multiple related flaws
15 critical CVEs disclosed, down 46% from the prior day's 28
100 high-priority CVEs disclosed, unchanged from the prior day
Remote code execution and injection patterns dominate, affecting HP, PostgreSQL, Nginx, and multiple WordPress plugins
0% patch availability across yesterday's critical disclosures, requiring compensating controls
14 CVEs confirmed on the CISA KEV list, including Microsoft Exchange, SharePoint, Adobe Acrobat, and PaperCut NG/MF
Immediate action: Prioritize assessment of HP infrastructure, WordPress deployments, PostgreSQL hosts, and Nginx edge services for exposure to yesterday's critical disclosures. With 0% patch availability, apply network segmentation, WAF rules, and access restrictions while monitoring vendor advisories for remediation updates.
đĄ Tip: Swipe CVE cards left to â star, right to â remove
Section Navigation
â ī¸
CISA Known Exploited Vulnerabilities
â ī¸ CISA KEVURGENT
CVE-2012-1854
9.5đ Late Disclosure
MicrosoftVisual Basic for Applications (VBA)
â° Federal Deadline:April 26, 2026(4 days remaining)
Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-60710
9.5
MicrosoftWindows
â° Federal Deadline:April 26, 2026(4 days remaining)
Microsoft Windows Link Following Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2023-21529
9.5đ Late Disclosure
MicrosoftExchange Server
â° Federal Deadline:April 26, 2026(4 days remaining)
Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2023-36424
9.5đ Late Disclosure
MicrosoftWindows
â° Federal Deadline:April 26, 2026(4 days remaining)
Microsoft Windows Out-of-Bounds Read Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2020-9715
9.5đ Late Disclosure
AdobeAcrobat
â° Federal Deadline:April 26, 2026(4 days remaining)
Adobe Acrobat Use-After-Free Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2026-34621
9.5đ
AdobeAcrobat and Reader
â° Federal Deadline:April 26, 2026(4 days remaining)
Adobe Acrobat Reader is vulnerable to prototype pollution, which can result in arbitrary code execution when a victim opens a malicious file.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2009-0238
9.5đ Late Disclosure
MicrosoftOffice
â° Federal Deadline:April 27, 2026(5 days remaining)
Microsoft Office Remote Code Execution - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2026-32201
9.5
MicrosoftSharePoint Server
â° Federal Deadline:April 27, 2026(5 days remaining)
Microsoft SharePoint Server Improper Input Validation Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2026-34197
9.5
ApacheActiveMQ
â° Federal Deadline:April 29, 2026(7 days remaining)
Apache ActiveMQ Improper Input Validation Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-2749
9.5
KenticoKentico Xperience
â° Federal Deadline:May 3, 2026(11 days remaining)
Kentico Xperience Path Traversal Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2023-27351
9.5đ Late Disclosure
PaperCutNG/MF
â° Federal Deadline:May 3, 2026(11 days remaining)
PaperCut NG/MF Improper Authentication Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-32975
9.5
QuestKACE Systems Management Appliance (SMA)
â° Federal Deadline:May 3, 2026(11 days remaining)
Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2024-27199
9.5đ Late Disclosure
JetBrainsTeamCity
â° Federal Deadline:May 3, 2026(11 days remaining)
JetBrains TeamCity Relative Path Traversal Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2026-33825
9.5
MicrosoftDefender
â° Federal Deadline:May 5, 2026(13 days remaining)
Microsoft Defender Insufficient Granularity of Access Control Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
đ¨
Critical Vulnerabilities
CVE-2026-41228
9.9đ
HPcode execution
A path traversal flaw in the Froxlor API allows authenticated customers to execute arbitrary PHP code via the `def_language` parameter.
CVSS Base9.9
â
CRSSelect profile
CVE-2026-41229
9.1đ
HPstring literals
An injection vulnerability in Froxlor's `PhpHelper` allows administrators to inject and execute arbitrary PHP code via unescaped string literals.
CVSS Base9.1
â
CRSSelect profile
CVE-2026-41167
9.1đ
PostgreSQLhost via
Jellystat is vulnerable to SQL injection and subsequent remote code execution due to improper sanitization of user-supplied data in API endpoints.
CVSS Base9.1
â
CRSSelect profile
CVE-2018-25270
9.8đđ Late Disclosure
HPcode by
ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers to execute commands via malicious routing parameters.
CVSS Base9.8
â
CRSSelect profile
CVE-2026-34415
9.8đ
HPcode
Xerte Online Toolkits 3.15 and earlier allow unauthenticated attackers to upload and execute malicious PHP code via an elFinder connector flaw.
CVSS Base9.8
â
CRSSelect profile
CVE-2026-6235
9.8đ
WordPressplugin for
The Sendmachine for WordPress plugin is vulnerable to an authorization bypass, allowing unauthenticated attackers to modify SMTP configurations.
CVSS Base9.8
â
CRSSelect profile
CVE-2018-25272
9.8đđ Late Disclosure
ELBA5ELBA5
ELBA5 5.8.0 contains a hardcoded credential and RCE vulnerability, allowing attackers to execute commands with SYSTEM-level privileges.
CVSS Base9.8
â
CRSSelect profile
CVE-2026-3844
9.8đ
WordPressis vulnerable
The Breeze Cache plugin for WordPress is vulnerable to unauthenticated arbitrary file uploads via the Gravatar fetching function.
CVSS Base9.8
â
CRSSelect profile
CVE-2026-4119
9.1đ
WordPressis vulnerable
The Create DB Tables plugin for WordPress is vulnerable to authorization bypass, allowing authenticated attackers to drop or create database tables.
CVSS Base9.1
â
CRSSelect profile
CVE-2026-40575
9.1đ
Nginxand not
OAuth2 Proxy is vulnerable to authentication bypass when configured with specific headers and skip-auth rules, allowing unauthorized access to protected routes.
CVSS Base9.1
â
CRSSelect profile
CVE-2026-41064
9.3đ
HPAVideo
WWBN AVideo is vulnerable to server-side request forgery (SSRF) and potential command injection due to insufficient URL validation.
CVSS Base9.3
â
CRSSelect profile
CVE-2026-41679
10đ
PaperclipPaperclip
An unauthenticated remote code execution vulnerability exists in Paperclip due to improper handling of API calls in default configurations.
CVSS Base10
â
CRSSelect profile
CVE-2026-6356
9.6đ
InforMultiple Products
A privilege escalation vulnerability in Infor web applications allows standard users to gain super administrator access via parameter manipulation.
CVSS Base9.6
â
CRSSelect profile
CVE-2026-33656
9.1đ
EspoCRMEspoCRM
A path traversal vulnerability in EspoCRM's formula scripting engine allows authenticated administrators to read or write arbitrary files on the server.
CVSS Base9.1
â
CRSSelect profile
CVE-2026-33471
9.6đ
Nimiqnimiq-block
A logic error in the Nimiq block proof verification process allows attackers to bypass quorum requirements using manipulated BLS signatures.
CVSS Base9.6
â
CRSSelect profile
â ī¸
High Priority Updates
CVE-2026-34305
7.5
OracleWebLogic Server
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services)
CVSS Base7.5
â
CRSSelect profile
CVE-2026-34291
8.7
OracleHTTP Server
Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Core)
CVSS Base8.7
â
CRSSelect profile
CVE-2026-21997
8.5
OracleLife Sciences
Vulnerability in the Oracle Life Sciences Empirica Signal product of Oracle Life Science Applications (component: Common Core)
CVSS Base8.5
â
CRSSelect profile
CVE-2026-34309
8.1
OraclePeopleSoft
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security)
CVSS Base8.1
â
CRSSelect profile
CVE-2026-35243
7.8
OracleApplication Development
Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces)
CVSS Base7.8
â
CRSSelect profile
CVE-2026-22011
7.6
OracleApplications DBA
Vulnerability in the Oracle Applications DBA product of Oracle E-Business Suite (component: ADPatch)
CVSS Base7.6
â
CRSSelect profile
CVE-2026-22010
7.5
OracleFinancial Services
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform)
CVSS Base7.5
â
CRSSelect profile
CVE-2026-34290
7.5
OracleIdentity Manager
Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core)
CVSS Base7.5
â
CRSSelect profile
CVE-2026-34297
7.5
OracleHCM Common
Vulnerability in the Oracle HCM Common Architecture product of Oracle E-Business Suite (component: Knowledge Integration)
CVSS Base7.5
â
CRSSelect profile
CVE-2026-34310
7.5
OracleFinancial Services
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform)
CVSS Base7.5
â
CRSSelect profile
CVE-2026-34320
7.5
OracleFinancial Services
Vulnerability in the Oracle Financial Services Customer Screening product of Oracle Financial Services Applications (component: User Interface)
CVSS Base7.5
â
CRSSelect profile
CVE-2026-35229
7.5
OracleDatabase Server
Vulnerability in the Java VM component of Oracle Database Server
CVSS Base7.5
â
CRSSelect profile
CVE-2026-35230
7.5
OracleVM VirtualBox
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core)
CVSS Base7.5
â
CRSSelect profile
CVE-2026-35231
7.5
OracleFinancial Services
Vulnerability in the Oracle Financial Services Transaction Filtering product of Oracle Financial Services Applications (component: User Interface)
CVSS Base7.5
â
CRSSelect profile
CVE-2026-35242
7.5
OracleVM VirtualBox
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core)
CVSS Base7.5
â
CRSSelect profile
CVE-2026-35245
7.5
OracleVM VirtualBox
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core)
CVSS Base7.5
â
CRSSelect profile
CVE-2026-35246
7.5
OracleVM VirtualBox
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core)
CVSS Base7.5
â
CRSSelect profile
CVE-2026-35251
7.5
OracleVM VirtualBox
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core)
CVSS Base7.5
â
CRSSelect profile
CVE-2026-40868
8.1
TeamsMultiple Products
Kyverno is a policy engine designed for cloud native platform engineering teams
CVSS Base8.1
â
CRSSelect profile
CVE-2026-31018
8.8
HPcode detection
In Dolibarr ERP & CRM <= 22
CVSS Base8.8
â
CRSSelect profile
CVE-2026-31019
8.8
HPfunctions related
In the Website module of Dolibarr ERP & CRM 22
CVSS Base8.8
â
CRSSelect profile
CVE-2026-35368
7.8
UnknownMultiple Products
A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option
CVSS Base7.8
â
CRSSelect profile
CVE-2026-32679
7.8
MeetMultiple Products
The installers of LiveOn Meet Client for Windows (Downloader5Installer
CVSS Base7.8
â
CRSSelect profile
CVE-2026-34413
8.6
HPwhere an
Xerte Online Toolkits versions 3
CVSS Base8.6
â
CRSSelect profile
CVE-2026-6746
7.5
UnknownMultiple Products
Use-after-free in the DOM: Core & HTML component
CVSS Base7.5
â
CRSSelect profile
CVE-2026-6754
7.5
JavaScriptMultiple Products
Use-after-free in the JavaScript Engine component
CVSS Base7.5
â
CRSSelect profile
CVE-2026-6756
7.5
MitigationMultiple Products
Mitigation bypass in Firefox for Android
CVSS Base7.5
â
CRSSelect profile
CVE-2026-6758
7.5
UnknownMultiple Products
Use-after-free in the JavaScript: WebAssembly component
CVSS Base7.5
â
CRSSelect profile
CVE-2026-6784
7.5
andMultiple Products
Memory safety bugs present in Firefox 149 and Thunderbird 149
CVSS Base7.5
â
CRSSelect profile
CVE-2026-22016
7.5
AppleMultiple Products
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP)
CVSS Base7.5
â
CRSSelect profile
CVE-2026-34282
7.5
AppleMultiple Products
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking)
CVSS Base7.5
â
CRSSelect profile
CVE-2026-41135
7.5
projectMultiple Products
free5GC UDR is the Policy Control Function (PCF) for free5GC, an an open-source project for 5th generation (5G) mobile core networks
CVSS Base7.5
â
CRSSelect profile
CVE-2026-26354
8.1
DellPowerProtect Data
Dell PowerProtect Data Domain with Domain Operating System (DD OS) of Feature Release versions 7
CVSS Base8.1
â
CRSSelect profile
CVE-2026-40909
8.7
HPMultiple Products
WWBN AVideo is an open source video platform
CVSS Base8.7
â
CRSSelect profile
CVE-2026-40568
8.5
HPMultiple Products
FreeScout is a free self-hosted help desk and shared mailbox
CVSS Base8.5
â
CRSSelect profile
CVE-2026-40925
8.3
F5Multiple Products
WWBN AVideo is an open source video platform
CVSS Base8.3
â
CRSSelect profile
CVE-2026-41056
8.1
HPMultiple Products
WWBN AVideo is an open source video platform
CVSS Base8.1
â
CRSSelect profile
CVE-2026-41060
7.7
HPMultiple Products
WWBN AVideo is an open source video platform
CVSS Base7.7
â
CRSSelect profile
CVE-2026-22753
7.5
HPMultiple Products
Vulnerability in Spring Spring Security
CVSS Base7.5
â
CRSSelect profile
CVE-2026-24177
7.7
NVIDIAKAI Scheduler
NVIDIA KAI Scheduler contains a vulnerability where an attacker could access API endpoints without authorization
CVSS Base7.7
â
CRSSelect profile
CVE-2026-41133
8.8
downloadMultiple Products
pyLoad is a free and open-source download manager written in Python
CVSS Base8.8
â
CRSSelect profile
CVE-2026-35548
8.5
Pluginsof valid
An issue was discovered in guardsix (formerly Logpoint) ODBC Enrichment Plugins before 5
CVSS Base8.5
â
CRSSelect profile
CVE-2026-6819
8.8
HKUDSMultiple Products
HKUDS OpenHarness prior to PR #156 remediation exposes plugin lifecycle commands including /plugin install, /plugin enable, /plugin disable, and /reload-plugins to remote senders by default
CVSS Base8.8
â
CRSSelect profile
CVE-2026-41651
8.8
ArchMultiple Products
PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API
CVSS Base8.8
â
CRSSelect profile
CVE-2026-24189
8.2
NVIDIACUDA
NVIDIA CUDA-Q contains a vulnerability in an endpoint, where an unauthenticated attacker could cause an out-of-bounds read by sending a maliciously crafted request
CVSS Base8.2
â
CRSSelect profile
CVE-2026-4922
8.1
versionshas remediated
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17
CVSS Base8.1
â
CRSSelect profile
CVE-2026-5262
8
versionshas remediated
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16
CVSS Base8
â
CRSSelect profile
CVE-2026-5816
8
versionshas remediated
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18
CVSS Base8
â
CRSSelect profile
CVE-2026-5789
7.8
Archpath in
Vulnerability related to an unquoted search path in CivetWeb v1
CVSS Base7.8
â
CRSSelect profile
CVE-2026-6823
8.2
HKUDSMultiple Products
HKUDS OpenHarness prior to PR #147 remediation contains an insecure default configuration vulnerability where remote channels inherit allow_from = ["*"] permitting arbitrary remote senders to pass admission checks
CVSS Base8.2
â
CRSSelect profile
CVE-2026-41059
8.2
UnknownMultiple Products
OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers
CVSS Base8.2
â
CRSSelect profile
CVE-2026-40161
7.7
GitLabtoken
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines
CVSS Base7.7
â
CRSSelect profile
CVE-2026-6832
8.1
theMultiple Products
Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint that allows authenticated attackers to delete files outside the session directory by supplying an absolute path or path traversal payload in the session_id parameter
CVSS Base8.1
â
CRSSelect profile
CVE-2026-6761
8.8
PrivilegeMultiple Products
Privilege escalation in the Networking component
CVSS Base8.8
â
CRSSelect profile
CVE-2026-6769
8.8
PrivilegeMultiple Products
Privilege escalation in the Debugger component
CVSS Base8.8
â
CRSSelect profile
CVE-2025-70420
8.8
UnknownMultiple Products
A SQL injection vulnerability exists in Genesys Latitude v25
CVSS Base8.8
â
CRSSelect profile
CVE-2026-40882
7.6
UnknownMultiple Products
OpenRemote is an open-source internet-of-things platform
CVSS Base7.6
â
CRSSelect profile
CVE-2026-40611
8.8
EncryptMultiple Products
Let's Encrypt client and ACME library written in Go (Lego)
CVSS Base8.8
â
CRSSelect profile
CVE-2026-6859
8.8
LinuxMultiple Products
A flaw was found in InstructLab
CVSS Base8.8
â
CRSSelect profile
CVE-2026-41208
8.8
UnknownMultiple Products
Paperclip is a Node
CVSS Base8.8
â
CRSSelect profile
CVE-2026-41468
8.7
embedsMultiple Products
Beghelli Sicuro24 SicuroWeb embeds AngularJS 1
CVSS Base8.7
â
CRSSelect profile
CVE-2026-41055
8.6
UnknownMultiple Products
WWBN AVideo is an open source video platform
CVSS Base8.6
â
CRSSelect profile
CVE-2026-41455
8.5
WeKanMultiple Products
WeKan before 8
CVSS Base8.5
â
CRSSelect profile
CVE-2026-41230
8.5
sourceMultiple Products
Froxlor is open source server administration software
CVSS Base8.5
â
CRSSelect profile
CVE-2026-40706
8.4
UnknownMultiple Products
In NTFS-3G 2022
CVSS Base8.4
â
CRSSelect profile
CVE-2026-40931
8.4
UnknownMultiple Products
Compressing is a compressing and uncompressing lib for node
CVSS Base8.4
â
CRSSelect profile
CVE-2026-5398
8.4
UnknownMultiple Products
The implementation of TIOCNOTTY failed to clear a back-pointer from the structure representing the controlling terminal to the calling process' session
CVSS Base8.4
â
CRSSelect profile
CVE-2018-25259
8.4đ Late Disclosure
ServicesMultiple Products
Terminal Services Manager 3
CVSS Base8.4
â
CRSSelect profile
CVE-2018-25260
8.4đ Late Disclosure
MusicMultiple Products
MAGIX Music Editor 3
CVSS Base8.4
â
CRSSelect profile
CVE-2018-25261
8.4đ Late Disclosure
IperiusMultiple Products
Iperius Backup 5
CVSS Base8.4
â
CRSSelect profile
CVE-2018-25265
8.4đ Late Disclosure
scanMultiple Products
LanSpy 2
CVSS Base8.4
â
CRSSelect profile
CVE-2018-25268
8.4đ Late Disclosure
LanSpyMultiple Products
LanSpy 2
CVSS Base8.4
â
CRSSelect profile
CVE-2026-40937
8.3
UnknownMultiple Products
RustFS is a distributed object storage system built in Rust
CVSS Base8.3
â
CRSSelect profile
CVE-2026-41454
8.3
WeKanMultiple Products
WeKan before 8
CVSS Base8.3
â
CRSSelect profile
CVE-2026-40588
8.1
UnrealMultiple Products
blueprintUE is a tool to help Unreal Engine developers
CVSS Base8.1
â
CRSSelect profile
CVE-2026-40905
8.1
ArchMultiple Products
LinkAce is a self-hosted archive to collect website links
CVSS Base8.1
â
CRSSelect profile
CVE-2026-41058
8.1
UnknownMultiple Products
WWBN AVideo is an open source video platform
CVSS Base8.1
â
CRSSelect profile
CVE-2026-6023
8.1
AJAXMultiple Products
In ProgressÂŽ TelerikÂŽ UI for AJAX versions 2024
CVSS Base8.1
â
CRSSelect profile
CVE-2026-41175
8.1
UnknownMultiple Products
Statamic is a Laravel and Git powered content management system (CMS)
CVSS Base8.1
â
CRSSelect profile
CVE-2026-6776
7.8
IncorrectMultiple Products
Incorrect boundary conditions in the WebRTC: Networking component
CVSS Base7.8
â
CRSSelect profile
CVE-2026-6846
7.8
UnknownMultiple Products
A flaw was found in binutils
CVSS Base7.8
â
CRSSelect profile
CVE-2026-40517
7.8
priorMultiple Products
radare2 prior to 6
CVSS Base7.8
â
CRSSelect profile
CVE-2026-40589
7.6
UnknownMultiple Products
FreeScout is a free self-hosted help desk and shared mailbox
CVSS Base7.6
â
CRSSelect profile
CVE-2026-6747
7.5
UnknownMultiple Products
Use-after-free in the WebRTC component
CVSS Base7.5
â
CRSSelect profile
CVE-2026-6749
7.5
InforMultiple Products
Information disclosure due to uninitialized memory in the Graphics: Canvas2D component
CVSS Base7.5
â
CRSSelect profile
CVE-2026-6759
7.5
UnknownMultiple Products
Use-after-free in the Widget: Cocoa component
CVSS Base7.5
â
CRSSelect profile
CVE-2026-6766
7.5
IncorrectMultiple Products
Incorrect boundary conditions in the Libraries component in NSS
CVSS Base7.5
â
CRSSelect profile
CVE-2026-6772
7.5
IncorrectMultiple Products
Incorrect boundary conditions in the Libraries component in NSS
CVSS Base7.5
â
CRSSelect profile
CVE-2026-6773
7.5
UnknownMultiple Products
Denial-of-service due to integer overflow in the Graphics: WebGPU component
CVSS Base7.5
â
CRSSelect profile
CVE-2026-6780
7.5
UnknownMultiple Products
Denial-of-service in the Audio/Video: Playback component
CVSS Base7.5
â
CRSSelect profile
CVE-2026-6781
7.5
UnknownMultiple Products
Denial-of-service in the Audio/Video: Playback component
CVSS Base7.5
â
CRSSelect profile
CVE-2026-6782
7.5
InforMultiple Products
Information disclosure in the IP Protection component
CVSS Base7.5
â
CRSSelect profile
CVE-2026-40586
7.5
UnrealMultiple Products
blueprintUE is a tool to help Unreal Engine developers
CVSS Base7.5
â
CRSSelect profile
CVE-2026-40613
7.5
STUNMultiple Products
Coturn is a free open source implementation of TURN and STUN Server
CVSS Base7.5
â
CRSSelect profile
CVE-2026-33813
7.5
panicsMultiple Products
Parsing a WEBP image with an invalid, large size panics on 32-bit platforms
CVSS Base7.5
â
CRSSelect profile
CVE-2026-40869
7.5
UnknownMultiple Products
Decidim is a participatory democracy framework
CVSS Base7.5
â
CRSSelect profile
CVE-2026-40870
7.5
UnknownMultiple Products
Decidim is a participatory democracy framework
CVSS Base7.5
â
CRSSelect profile
CVE-2026-40879
7.5
UnknownMultiple Products
Nest is a framework for building scalable Node
CVSS Base7.5
â
CRSSelect profile
CVE-2026-40890
7.5
GitHubMultiple Products
The package `github
CVSS Base7.5
â
CRSSelect profile
CVE-2026-40938
7.5
TektonMultiple Products
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines