Total CVEs

138,363

Critical Severity

3,557

High Severity

12,776

Last 7 Days

1,993
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 1,121 - 1,140 of 34,768 CVEs
CVE-2026-35258 HIGH - 8.7

Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise WebLogic Server. Successfu...

Vendor: oracle
Product: weblogic_server
Published: Jun 17, 2026
Source: NVD
CVE-2026-12348 HIGH - 7.4

Address bar spoofing in Arc Search for Android allows a remote attacker to display a trusted domain in the address bar while rendering attacker-controlled content, enabling phishing.

Vendor: The Browser Company of New York`
Product: Arc Search
Published: Jun 17, 2026
Source: NVD

Pi Agent: Potential XSS in HTML session exports via Markdown URL sanitization bypass

Vendor: npm
Product: @mariozechner/pi-coding-agent
Published: Jun 16, 2026
Source: GitHub

Gitea: Token scope bypass on web archive download endpoint

Vendor: go
Product: code.gitea.io/gitea
Published: Jun 16, 2026
Source: GitHub
CVE-2026-27783 MEDIUM - 4.3

Gitea: Missing repository-unit authorization on issue-template API endpoints

Vendor: go
Product: code.gitea.io/gitea
Published: Jun 16, 2026
Source: GitHub
CVE-2026-25714 MEDIUM - 4.3

Gitea: Incomplete CVE-2025-68941 fix: /user/orgs missing checkTokenPublicOnly + switch-case logic flaw

Vendor: go
Product: code.gitea.io/gitea
Published: Jun 16, 2026
Source: GitHub
CVE-2026-26231 HIGH - 8.5

Gitea: Authorization Bypass via "Allow edits from maintainers" allows unauthorized commits to any readable repo

Vendor: go
Product: code.gitea.io/gitea
Published: Jun 16, 2026
Source: GitHub
CVE-2026-28699 HIGH - 8.1

Gitea: OAuth2 access token scope enforcement bypass via HTTP Basic authentication

Vendor: go
Product: code.gitea.io/gitea
Published: Jun 16, 2026
Source: GitHub
CVE-2026-52797 HIGH - 8.5

Gogs: Overwriting critical files results in a denial of service

Vendor: go
Product: gogs.io/gogs
Published: Jun 16, 2026
Source: GitHub
CVE-2026-49980 CRITICAL - 9.8

Rclone: Unauthenticated command execution in `rclone rcd --rc-serve` via inline remote instantiation, bypassing CVE-2026-41179 fix

Vendor: go
Product: github.com/rclone/rclone
Published: Jun 16, 2026
Source: GitHub

LiteLLM: Authentication Bypass via Host Header Injection

Vendor: pip
Product: litellm
Published: Jun 16, 2026
Source: GitHub
CVE-2026-28744 HIGH - 8.1

Gitea: Git Smart HTTP Skips Repository Token Scopes for Bearer Tokens

Vendor: go
Product: code.gitea.io/gitea
Published: Jun 16, 2026
Source: GitHub
CVE-2026-54304 HIGH - 7.7

n8n: SecurityScorecard Node Leaks API Token to User-Controlled Host

Vendor: npm
Product: n8n
Published: Jun 16, 2026
Source: GitHub
CVE-2026-54309 HIGH - 10.0

n8n: MCP Browser HTTP Transport Exposes Unauthenticated Browser-Control Sessions

Vendor: npm
Product: n8n
Published: Jun 16, 2026
Source: GitHub
CVE-2026-54305 HIGH - 9.9

n8n: Cross-Tenant Credential Takeover via Dynamic Credentials EE Endpoints

Vendor: npm
Product: n8n
Published: Jun 16, 2026
Source: GitHub
CVE-2026-54307 HIGH - 9.6

n8n: Credential Exfiltration via Permission Bypass

Vendor: npm
Product: n8n
Published: Jun 16, 2026
Source: GitHub
CVE-2026-54314 MEDIUM - 5.9

n8n: Denial of Service via ZIP decompression in webhook workflow

Vendor: npm
Product: n8n
Published: Jun 16, 2026
Source: GitHub
CVE-2026-54302 HIGH - 7.6

n8n: Stored XSS in Chat Trigger Node

Vendor: npm
Product: n8n
Published: Jun 16, 2026
Source: GitHub
CVE-2026-54303 MEDIUM - 7.6

n8n: Reflected XSS via Facebook, WhatsApp, and Microsoft Teams Trigger Webhook Verification Endpoints

Vendor: npm
Product: n8n
Published: Jun 16, 2026
Source: GitHub
CVE-2026-54312 HIGH - 8.5

n8n: Microsoft SQL Node Prototype Pollution

Vendor: npm
Product: n8n
Published: Jun 16, 2026
Source: GitHub