Total CVEs

145,712

Critical Severity

4,267

High Severity

15,730

Last 7 Days

2,323
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 14,981 - 15,000 of 42,117 CVEs
CVE-2026-46703 CRITICAL - 9.6

Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite allows users to specify the OCI image used by containers in the sandbox. However, when processing tar entries in ...

Vendor: pip
Product: boxlite
Published: May 21, 2026
Source: GitHub
CVE-2026-46695 CRITICAL - 10.0

Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite does not restrict the kernel capabilities available inside the container, malicious code can remount the director...

Vendor: pip
Product: boxlite
Published: May 21, 2026
Source: GitHub

@nevware21/ts-utils: Prototype Pollution in objDeepCopy/objCopyProps via for...in without hasOwnProperty

Vendor: npm
Product: @nevware21/ts-utils
Published: May 21, 2026
Source: GitHub
CVE-2026-46680 HIGH - 7.8

containerd is an open-source container runtime. In versions prior to 1.7.32, 2.0.9, 2.2.4 and 2.3.1, containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username, leading to runAsNonRoot evasion. If a crafted image provides an /etc...

Vendor: go
Product: github.com/containerd/containerd
Published: May 21, 2026
Source: GitHub
CVE-2026-46679 HIGH - 7.5

libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 15.0.23, three cooperating omissions in @libp2p/gossipsub allow an unauthenticated single peer to exhaust the Node.js heap of any gossipsub node with default options. This issue has been patched in version 15.0.23.

Vendor: npm
Product: @libp2p/gossipsub
Published: May 21, 2026
Source: GitHub
CVE-2026-46678 MEDIUM - 6.8

Pydantic AI: SSRF cloud-metadata blocklist bypass via IPv4-mapped IPv6 (Incomplete fix of CVE-2026-25580)

Vendor: pip
Product: pydantic-ai
Published: May 21, 2026
Source: GitHub
CVE-2026-46671 MEDIUM - 4.4

Rust OneNote File Parser: Path traversal in `Parser::parse_notebook` allows reading files outside the notebook directory

Vendor: rust
Product: onenote_parser
Published: May 21, 2026
Source: GitHub
CVE-2026-46645 MEDIUM - 4.3

SQLAdmin is a flexible Admin interface for SQLAlchemy models. Prior to version 0.25.1, the ajax_lookup endpoint in application.py bypasses the is_accessible() access control check that all other endpoints enforce. If a developer restricts model access by overriding is_accessible(), an authenticated ...

Vendor: pip
Product: sqladmin
Published: May 21, 2026
Source: GitHub
CVE-2026-46640 HIGH - 8.8

Twig is a template language for PHP. From 3.15.0 until 3.26.0, _self.(<string>) and import-alias dynamic attribute syntax can concatenate an attacker-controlled string into a MacroReferenceExpression name without identifier validation, causing raw PHP to be emitted into the generated template ...

Vendor: composer
Product: twig/twig
Published: May 21, 2026
Source: GitHub
CVE-2026-46639 HIGH - 6.5

Twig is a template language for PHP. From 3.24.0 until 3.26.0, object-destructuring assignment compiles CoreExtension::getAttribute() with the sandbox argument hardcoded to false, disabling property and method policy checks and allowing an attacker with write access to a sandboxed Twig template to r...

Vendor: composer
Product: twig/twig
Published: May 21, 2026
Source: GitHub
CVE-2026-46638 MEDIUM - 8.1

Twig is a template language for PHP. Prior to 3.26.0, {% sandbox %}{% include %} can include a template that was previously loaded outside the sandbox without re-invoking checkSecurity(), allowing the cached template to use tags, filters, and functions that should have been denied by SecurityPolicy:...

Vendor: composer
Product: twig/twig
Published: May 21, 2026
Source: GitHub

Twig is a template language for PHP. Prior to 3.26.0, several filters in twig/markdown-extra and twig/cssinliner-extra are registered with is_safe => [all], causing Twig to treat plain text or HTML output as safe in HTML, JavaScript, CSS, URL, and other contexts where the output is not properly e...

Vendor: composer
Product: twig/markdown-extra
Published: May 21, 2026
Source: GitHub

Twig is a template language for PHP. Prior to 3.26.0, the column filter passes object arrays to PHP array_column(), which reads public and magic properties without reaching CoreExtension::getAttribute() or SandboxExtension::checkPropertyAllowed(), allowing an untrusted template author with column in...

Vendor: composer
Product: twig/twig
Published: May 21, 2026
Source: GitHub
CVE-2026-46634 MEDIUM - 9.8

Twig is a template language for PHP. From 3.9.0 until 3.26.0, template_from_string() compiles an inner template under a synthesized __string_template__<hash> name that can fall outside a SourcePolicyInterface sandbox decision, allowing a sandboxed template that can call template_from_string an...

Vendor: composer
Product: twig/twig
Published: May 21, 2026
Source: GitHub
CVE-2026-46633 CRITICAL - 9.8

Twig is a template language for PHP. Prior to 3.26.0, Compiler::string() does not escape single quotes when a template name from a {% use %} tag is placed inside a PHP single-quoted string literal, allowing a crafted template name to terminate the string and inject arbitrary PHP expressions into the...

Vendor: composer
Product: twig/twig
Published: May 21, 2026
Source: GitHub

Twig is a template language for PHP. Prior to 3.26.0, twig/intl-extra memoises IntlDateFormatter and NumberFormatter instances in arrays keyed by template-controlled filter arguments such as locale, pattern, and attrs, allowing a template to allocate many ICU formatter objects that remain pinned for...

Vendor: composer
Product: twig/intl-extra
Published: May 21, 2026
Source: GitHub

Twig is a template language for PHP. Prior to 3.26.0, the deprecated spaceless filter is registered as safe for HTML, causing Twig autoescaping to emit attacker-controlled markup unescaped when spaceless is applied to untrusted input. This issue is fixed in version 3.26.0.

Vendor: composer
Product: twig/twig
Published: May 21, 2026
Source: GitHub
CVE-2026-46625 HIGH - 7.5

JavaScript Cookie is a JavaScript API for handling cookies, client-side. Prior to version 3.0.7, js-cookie's internal assign() helper copies properties with for...in + plain assignment. When the source object is produced by JSON.parse, the JSON object's "__proto__" member is an o...

Vendor: npm
Product: js-cookie
Published: May 21, 2026
Source: GitHub
CVE-2026-8428 HIGH - 8.8

Concrete CMS 9.5.0 and below emits a CSRF token in the local_available_update.php view ($token->output('do_update')) but the corresponding do_update() method in concrete/controllers/single_page/dashboard/system/update/update.php never calls $this->token->validate('do_update&#...

Vendor: concretecms
Product: concrete_cms
Published: May 21, 2026
Source: NVD
CVE-2026-8426 HIGH - 8.8

Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/update/prepare_remote_upgrade/<remoteMPID>. An attacker who controls the remote package returned for a known marketplace item ID can overwrite the package PHP on disk and force its upgra...

Vendor: concretecms
Product: concrete_cms
Published: May 21, 2026
Source: NVD