CVE
Info.com
  • Browse CVEs
  • Trends
  • Email Alerts
  • About

📊 CVE Trends & Statistics

Discover trending vulnerabilities and security insights

Last 7 Days Last 30 Days Last 90 Days Last Year
1,330
Total CVEs
121
Critical
511
High
470
Medium
81
Low
6.8
Avg CVSS Score

Severity Distribution

121
Critical
9%
Click to view
511
High
38%
Click to view
470
Medium
35%
Click to view
81
Low
6%
Click to view

Daily CVE Trends

192
Jul 03
70
Jul 04
86
Jul 05
232
Jul 06
174
Jul 07
338
Jul 08
183
Jul 09

Top Affected Vendors

Microsoft
Click to view all CVEs
50
🔥 5
Apache Software Foundation
Click to view all CVEs
50
🔥 15
Go
Click to view all CVEs
34
🔥 4
Coollabsio
Click to view all CVEs
33
🔥 4
Gitea
Click to view all CVEs
31
🔥 10
Foxit Software Inc.
Click to view all CVEs
28
SourceCodester
Click to view all CVEs
28
Code-projects
Click to view all CVEs
27
Google
Click to view all CVEs
27
🔥 1
Dell
Click to view all CVEs
25
🔥 2

Top Affected Products

edge_chromium
Microsoft
Click to view all CVEs
44
🔥 1
coolify
Coollabsio
Click to view all CVEs
33
🔥 4
Gitea Open Source Git Server
Gitea
Click to view all CVEs
31
🔥 10
Foxit PDF Editor, Foxit PDF Reader
Foxit Software Inc.
Click to view all CVEs
28
Chrome
Google
Click to view all CVEs
27
🔥 1
PowerProtect Data Domain
Dell
Click to view all CVEs
25
🔥 2
Apache Camel
Apache Software Foundation
Click to view all CVEs
22
🔥 7
github.com/coder/coder/v2
Go
Click to view all CVEs
17
FOSSBilling
FOSSBilling
Click to view all CVEs
17
open-webui
Open-webui
Click to view all CVEs
17

🔥 Recently Published CVEs

CVE-2026-61344 MEDIUM - 5.3

The Superior Court of California Hearing Reminder Service at https://www.hrs.courts.ca.gov exposes an API endpoint that returns court reminder records containing potentially sensitive information with...

Vendor: Superior Court of California, County of Los Angeles Product: Hearing Reminder Service Published: Jul 09, 2026
CVE-2026-61343 HIGH - 7.2

LibreBooking's email template editor save action passes the submitted template name directly into the destination file path, allowing a remote attacker with administrator credentials to write an arbit...

Vendor: LibreBooking Product: LibreBooking Published: Jul 09, 2026
CVE-2026-59827 CRITICAL - 9.9

Metabase is an open-source business intelligence and embedded analytics tool. Prior to 1.58.15, 1.59.12, 1.60.6.3, and 1.61.1.4, Metabase instances with an H2 database connection, including the defaul...

Vendor: metabase Product: metabase Published: Jul 09, 2026
CVE-2026-59826 CRITICAL - 9.1

Metabase is an open-source business intelligence and embedded analytics tool. From 1.55.0 until 1.58.15.1, 1.59.12, 1.60.6.3, and 1.61.2, Metabase did not validate unsafe H2 connection properties on o...

Vendor: metabase Product: metabase Published: Jul 09, 2026
CVE-2026-59817 MEDIUM - 5.3

Ghost is a Node.js content management system. From 6.27.0 before 6.44.0, Ghost's public donation checkout flow allowed an unauthenticated attacker to control donation checkout metadata and obtain full...

Vendor: TryGhost Product: Ghost Published: Jul 09, 2026
CVE-2026-59734 HIGH - 8.8

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, Coolify's app/Jobs/ApplicationDeploymentJob.php generate_healthcheck_comman...

Vendor: coollabsio Product: coolify Published: Jul 09, 2026
CVE-2026-59726 CRITICAL - 10.0

Ruflo is an agent meta-harness for Claude Code and Codex. Prior to 3.16.3, ruflo's default docker-compose deployment exposed the MCP bridge POST /mcp and POST /mcp/:group endpoints without authenticat...

Vendor: ruvnet Product: ruflo Published: Jul 09, 2026
CVE-2026-59721 HIGH - 7.2

Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, the updateInfraConfigs GraphQL mutation in admin/infra.resolver.ts accepts an attacker-controlled MAILER_SMTP_URL value, and ...

Vendor: hoppscotch Product: hoppscotch Published: Jul 09, 2026
CVE-2026-59720 HIGH - 7.5

Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, mock server creation in mock-server.service.ts does not persist the isPublic input field while schema.prisma defaults isPubli...

Vendor: hoppscotch Product: hoppscotch Published: Jul 09, 2026
CVE-2026-59221 HIGH - 7.7

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.6 before 0.10.0, _sanitize_proxy_path in backend/open_webui/routers/terminals.py decoded proxy paths only...

Vendor: open-webui Product: open-webui Published: Jul 09, 2026
Browse CVEs Trends Email Alerts About

© 2026 CVEInfo.com - Aggregating CVE Information from Multiple Sources

Data sources: NVD, MITRE, GitHub Security Advisories