CVE
Info.com
  • Browse CVEs
  • Trends
  • Email Alerts
  • About

πŸ“Š CVE Trends & Statistics

Discover trending vulnerabilities and security insights

Last 7 Days Last 30 Days Last 90 Days Last Year
1,286
Total CVEs
125
Critical
483
High
415
Medium
75
Low
6.9
Avg CVSS Score

Severity Distribution

125
Critical
10%
Click to view
483
High
38%
Click to view
415
Medium
32%
Click to view
75
Low
6%
Click to view

Daily CVE Trends

192
Jul 03
70
Jul 04
86
Jul 05
232
Jul 06
174
Jul 07
338
Jul 08
56
Jul 09

Top Affected Vendors

Apache Software Foundation
Click to view all CVEs
50
πŸ”₯ 15
Microsoft
Click to view all CVEs
48
πŸ”₯ 4
Go
Click to view all CVEs
40
πŸ”₯ 4
Coollabsio
Click to view all CVEs
32
πŸ”₯ 4
Gitea
Click to view all CVEs
31
πŸ”₯ 10
Foxit Software Inc.
Click to view all CVEs
28
SourceCodester
Click to view all CVEs
27
Google
Click to view all CVEs
27
Code-projects
Click to view all CVEs
27
Dell
Click to view all CVEs
25
πŸ”₯ 2

Top Affected Products

edge_chromium
Microsoft
Click to view all CVEs
43
πŸ”₯ 1
coolify
Coollabsio
Click to view all CVEs
32
πŸ”₯ 4
Gitea Open Source Git Server
Gitea
Click to view all CVEs
31
πŸ”₯ 10
Foxit PDF Editor, Foxit PDF Reader
Foxit Software Inc.
Click to view all CVEs
28
Chrome
Google
Click to view all CVEs
27
PowerProtect Data Domain
Dell
Click to view all CVEs
25
πŸ”₯ 2
Apache Camel
Apache Software Foundation
Click to view all CVEs
22
πŸ”₯ 7
github.com/coder/coder/v2
Go
Click to view all CVEs
18
FOSSBilling
FOSSBilling
Click to view all CVEs
17
picklescan
Picklescan
Click to view all CVEs
16

πŸ”₯ Recently Published CVEs

CVE-2026-5955 CRITICAL - 9.8

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Inrove Software and Internet Services BiEticaret allows SQL Injection. This issue affects BiEtica...

Published: Jul 09, 2026
CVE-2026-5793 MEDIUM - 6.1

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Inrove Software and Internet Services BiEticaret allows Reflected XSS. This issue affects BiEtica...

Published: Jul 09, 2026
CVE-2026-56460 MEDIUM - 6.5

HCL DevOps Deploy / HCL Launch could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system....

Vendor: HCLSoftware Product: HCL DevOps Deploy / HCL Launch Published: Jul 09, 2026
CVE-2026-56459 MEDIUM - 6.2

HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure. Β The application stores potentially sensitive information in log files that could be read by a local user....

Vendor: HCLSoftware Product: HCL DevOps Deploy / HCL Launch Published: Jul 09, 2026
CVE-2026-56458 MEDIUM - 5.4

HCL DevOps Deploy uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to ...

Vendor: HCLSoftware Product: HCL DevOps Deploy Published: Jul 09, 2026
CVE-2026-2342 CRITICAL - 9.3

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OceanicSoft Informatics Systems Ltd. ValeApp allows Stored XSS. This issue affects ValeApp: throu...

Published: Jul 09, 2026
CVE-2026-1989 HIGH - 7.5

Authorization bypass through User-Controlled key vulnerability in PAVO Financial Technology Solutions Inc. PAVO Pay allows Exploitation of Trusted Identifiers. This issue affects PAVO Pay: through 09...

Published: Jul 09, 2026
CVE-2026-1365 MEDIUM - 6.5

Insertion of sensitive information into sent data vulnerability in Sayax Energy Technologies Inc. OSOS allows Authentication Bypass. This issue affects OSOS: through 09072026.Β NOTE: The vendor was c...

Published: Jul 09, 2026
CVE-2026-15158 CRITICAL - 9.8

The Blocksy Companion plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.1.46 via the save_attachments function. This is due to the Custom Fonts extens...

Vendor: creativethemeshq Product: Blocksy Companion Published: Jul 09, 2026
CVE-2026-12433 MEDIUM - 4.3

The Hydra Booking – Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.2.1 via the /wp-json/hydra-bo...

Vendor: themefic Product: Hydra Booking β€” Appointment Scheduling & Booking Calendar Published: Jul 09, 2026
Browse CVEs Trends Email Alerts About

© 2026 CVEInfo.com - Aggregating CVE Information from Multiple Sources

Data sources: NVD, MITRE, GitHub Security Advisories