2026 CVEs

29570 CVEs published in 2026. 2991 critical, 11032 high. Browse by vendor, severity, or with PoCs.

Top CVEs published in 2026
CVESeverityScorePublishedSummary
CVE-2026-56415Critical10.02026-06-30Storage Concentrator (SC & SCVM) contains a command injection vulnerability within the debug.pl script that is reachable without authentication. A remote attac…
CVE-2026-56413Critical10.02026-06-30Storage Concentrator (SC & SCVM) contains a command injection vulnerability in the ms_service.pl service, which listens on TCP port 9000 by default and accepts…
CVE-2026-10134Critical10.02026-06-30IBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret available to the Langflow process, read and modify every flow, conversation, messa…
CVE-2026-48286Critical10.02026-06-30Adobe Campaign Classic (ACC) versions 7.4.3 build 9396 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code…
CVE-2026-48283Critical10.02026-06-30ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary…
CVE-2026-48282Critical10.02026-06-30ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability…
CVE-2026-48281Critical10.02026-06-30ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the…
CVE-2026-48277Critical10.02026-06-30ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the…
CVE-2026-48276Critical10.02026-06-30ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary…
CVE-2026-53576Critical10.02026-06-26Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the authentication filter for the REST API (@Filter("/api/v1/**")) t…
CVE-2026-49869Critical10.02026-06-26Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, AuthenticationFilter in Kestra OSS uses request.getPath().endsWith("…
CVE-2026-54350Critical10.02026-06-26Budibase is an open-source low-code platform. Prior to 3.39.12, an unauthenticated visitor of any published Budibase app reads every document of the backing M…
CVE-2026-57700Critical10.02026-06-25Unrestricted Upload of File with Dangerous Type vulnerability in Daan.Dev OMGF Pro allows Using Malicious Files. This issue affects OMGF Pro: from n/a through…
CVE-2026-54917Critical10.02026-06-25SeaweedFS is a distributed storage system for object storage (S3), file systems, and Iceberg tables. Prior to 4.30, the S3 API gateway and the Iceberg REST cat…
CVE-2026-52813Critical10.02026-06-24Gogs is an open source self-hosted Git service. Prior to 0.14.3, organization names containing path traversal sequences (../) are accepted by Gogs, and reposit…
CVE-2026-12848Critical10.02026-06-24GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by d…
CVE-2026-12847Critical10.02026-06-24GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by d…
CVE-2026-12846Critical10.02026-06-24GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by d…
CVE-2026-12485Critical10.02026-06-24GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by d…
CVE-2026-53622Critical10.02026-06-23Traefik is an HTTP reverse proxy and load balancer. Prior to 3.7.3, there is a critical vulnerability in Traefik's HTTP/3 (QUIC) TLS configuration selection th…