CVE
Info.com
  • Browse CVEs
  • Trends
  • Email Alerts
  • About

📊 CVE Trends & Statistics

Discover trending vulnerabilities and security insights

Last 7 Days Last 30 Days Last 90 Days Last Year
20,950
Total CVEs
2,123
Critical
8,004
High
7,766
Medium
872
Low
6.9
Avg CVSS Score

Severity Distribution

2,123
Critical
10%
Click to view
8,004
High
38%
Click to view
7,766
Medium
37%
Click to view
872
Low
4%
Click to view

Weekly CVE Trends

Apr 19
Apr 26
May 03
May 10
May 17
May 24
May 31
Jun 07
Jun 14
Jun 21
Jun 28
Jul 05
Jul 12

Top Affected Vendors

Linux
Click to view all CVEs
1867
🔥 103
Google
Click to view all CVEs
1609
🔥 141
Go
Click to view all CVEs
478
🔥 61
Npm
Click to view all CVEs
465
🔥 59
Microsoft
Click to view all CVEs
457
🔥 43
Pip
Click to view all CVEs
423
🔥 45
Oracle
Click to view all CVEs
353
🔥 132
Composer
Click to view all CVEs
309
🔥 21
Apache Software Foundation
Click to view all CVEs
301
🔥 60
Adobe
Click to view all CVEs
250
🔥 22

Top Affected Products

Linux
Linux
Click to view all CVEs
1866
🔥 103
chrome
Google
Click to view all CVEs
1482
🔥 137
OpenClaw
OpenClaw
Click to view all CVEs
242
🔥 9
firefox
Mozilla
Click to view all CVEs
136
🔥 25
windows_10_1607
Microsoft
Click to view all CVEs
135
🔥 4
android
Google
Click to view all CVEs
119
🔥 1
gitlab
Gitlab
Click to view all CVEs
71
open-webui
Pip
Click to view all CVEs
70
🔥 1
Capgo
Capgo
Click to view all CVEs
66
🔥 1
Adobe Experience Manager
Adobe
Click to view all CVEs
61

🔥 Recently Published CVEs

CVE-2026-61344 MEDIUM - 5.3

The Superior Court of California Hearing Reminder Service at https://www.hrs.courts.ca.gov exposes an API endpoint that returns court reminder records containing potentially sensitive information with...

Vendor: Superior Court of California, County of Los Angeles Product: Hearing Reminder Service Published: Jul 09, 2026
CVE-2026-61343 HIGH - 7.2

LibreBooking's email template editor save action passes the submitted template name directly into the destination file path, allowing a remote attacker with administrator credentials to write an arbit...

Vendor: LibreBooking Product: LibreBooking Published: Jul 09, 2026
CVE-2026-59827 CRITICAL - 9.9

Metabase is an open-source business intelligence and embedded analytics tool. Prior to 1.58.15, 1.59.12, 1.60.6.3, and 1.61.1.4, Metabase instances with an H2 database connection, including the defaul...

Vendor: metabase Product: metabase Published: Jul 09, 2026
CVE-2026-59826 CRITICAL - 9.1

Metabase is an open-source business intelligence and embedded analytics tool. From 1.55.0 until 1.58.15.1, 1.59.12, 1.60.6.3, and 1.61.2, Metabase did not validate unsafe H2 connection properties on o...

Vendor: metabase Product: metabase Published: Jul 09, 2026
CVE-2026-59817 MEDIUM - 5.3

Ghost is a Node.js content management system. From 6.27.0 before 6.44.0, Ghost's public donation checkout flow allowed an unauthenticated attacker to control donation checkout metadata and obtain full...

Vendor: TryGhost Product: Ghost Published: Jul 09, 2026
CVE-2026-59734 HIGH - 8.8

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, Coolify's app/Jobs/ApplicationDeploymentJob.php generate_healthcheck_comman...

Vendor: coollabsio Product: coolify Published: Jul 09, 2026
CVE-2026-59726 CRITICAL - 10.0

Ruflo is an agent meta-harness for Claude Code and Codex. Prior to 3.16.3, ruflo's default docker-compose deployment exposed the MCP bridge POST /mcp and POST /mcp/:group endpoints without authenticat...

Vendor: ruvnet Product: ruflo Published: Jul 09, 2026
CVE-2026-59721 HIGH - 7.2

Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, the updateInfraConfigs GraphQL mutation in admin/infra.resolver.ts accepts an attacker-controlled MAILER_SMTP_URL value, and ...

Vendor: hoppscotch Product: hoppscotch Published: Jul 09, 2026
CVE-2026-59720 HIGH - 7.5

Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, mock server creation in mock-server.service.ts does not persist the isPublic input field while schema.prisma defaults isPubli...

Vendor: hoppscotch Product: hoppscotch Published: Jul 09, 2026
CVE-2026-59221 HIGH - 7.7

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.6 before 0.10.0, _sanitize_proxy_path in backend/open_webui/routers/terminals.py decoded proxy paths only...

Vendor: open-webui Product: open-webui Published: Jul 09, 2026

💬 Most Discussed CVEs

CVE-2021-47931
MEDIUM 💬 1 comment

Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Title and Text Block parameters in the text editing en...

Browse CVEs Trends Email Alerts About

© 2026 CVEInfo.com - Aggregating CVE Information from Multiple Sources

Data sources: NVD, MITRE, GitHub Security Advisories