Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
20648
Total
1489
Critical
6270
High
6549
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-10644 | MEDIUM | 4.2 | The Microchip SERCOM-G1 UART driver (drivers/serial/uart_mchp_sercom_g1.c), used by the PIC32CM-JH SoC family, contains an out-of-bounds write in its asynchronous (DMA) receive path. When uart_rx_enable() is … | Jun 28, 2026 |
| CVE-2026-10593 | MEDIUM | 6.5 | The Zephyr Bluetooth LE Audio Basic Audio Profile (BAP) unicast client mishandles peer-supplied ASE state notifications. In unicast_client_ep_qos_state() (subsys/bluetooth/audio/bap_unicast_client.c), the handler writes attacker-controlled QoS fields … | Jun 28, 2026 |
| CVE-2026-58058 | MEDIUM | 6.5 | Nmap through 7.99 does not keep the IPv6 extension-header walk within the captured packet in ipv6_get_data_primitive (libnetutil/netutil.cc), so the pointer advances past the buffer and … | Jun 28, 2026 |
| CVE-2026-58057 | MEDIUM | 5.0 | Flowise before 3.1.3 validates Custom MCP stdio environment variables against a denylist using a case-sensitive comparison, so on Windows, where environment names are case-insensitive, supplying … | Jun 28, 2026 |
| CVE-2026-58056 | HIGH | 7.6 | RustDesk gates incoming control messages on per-capability flags rather than on the session's authorized connection type, and a file-transfer session does not clear those flags. … | Jun 28, 2026 |
| CVE-2026-58055 | MEDIUM | 5.4 | nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body onto reusable keep-alive backend connections, re-adding the … | Jun 28, 2026 |
| CVE-2026-58054 | HIGH | 7.2 | MyBB 1.8.40 does not restrict which usergroup a limited Admin Control Panel user may assign when creating or editing users; the user module offers the … | Jun 28, 2026 |
| CVE-2026-58053 | CRITICAL | 9.9 | Gitea act_runner with the Docker backend (through act 0.262.0) passes a workflow's container.options string to the Docker job container's HostConfig and, when configured with privileged: … | Jun 28, 2026 |
| CVE-2026-58052 | LOW | 3.3 | 7-Zip for Windows through 26.02 fails to preserve the Mark-of-the-Web when extracting a crafted RAR5 archive, because its guard that suppresses an archive-supplied Zone.Identifier stream … | Jun 28, 2026 |
| CVE-2026-58051 | MEDIUM | 6.5 | libssh2 through 1.11.1 grows its publickey list with SSH2_REALLOC but does not zero-initialize new entries before parsing populates them, so a parse failure reaching the … | Jun 28, 2026 |
| CVE-2026-58050 | HIGH | 7.0 | libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response and uses it in the allocation num_attrs * sizeof(libssh2_publickey_attribute) without bounds checking, … | Jun 28, 2026 |
| CVE-2026-58049 | HIGH | 8.6 | FFmpeg's RASC video decoder (decode_dlta in libavcodec/rasc.c) performs 32-bit reads and writes at the row cursor before the NEXT_LINE row-boundary check and validates the DLTA … | Jun 28, 2026 |
| CVE-2026-8095 | HIGH | 8.1 | The Frontend File Manager Plugin plugin for WordPress is vulnerable to Authenticated Arbitrary File Deletion in versions up to and including 23.6. This is due … | Jun 28, 2026 |
| CVE-2026-10643 | HIGH | 8.7 | Zephyr's IP socket recvmsg() implementation (subsys/net/lib/sockets/sockets_inet.c, insert_pktinfo()) validated the user-supplied ancillary (msg_control) buffer using only the payload length (msg-msg_controllen < pktinfo_len) before writing a full … | Jun 28, 2026 |
| CVE-2026-49416 | UNKNOWN | — | The CONS_HISTORY ioctl handler did not adequately validate the requested history size. A large value caused an integer overflow in the buffer size calculation, resulting … | Jun 27, 2026 |
| CVE-2026-49414 | UNKNOWN | — | The ELF image activator cleared per-process ASLR preference flags for setuid binaries after the code that computes the PIE base address, rather than before. As … | Jun 27, 2026 |
| CVE-2026-49417 | UNKNOWN | — | Second, the audio buffer backing a mapping could be freed when the device was closed even though the mapping remained valid. The freed memory could … | Jun 27, 2026 |
| CVE-2026-49413 | UNKNOWN | — | The Linuxulator determined whether a binary was set-user-ID or set-group-ID by checking the P_SUGID process flag. During execve(2), this flag is not yet set at … | Jun 27, 2026 |
| CVE-2026-49412 | UNKNOWN | — | The kernel handler for IPV6_MSFILTER dropped a serializing lock in order to copy the source-filter list from userspace, then reacquired the lock. During this window … | Jun 27, 2026 |
| CVE-2026-45259 | UNKNOWN | — | sigqueue(2) was marked as permitted in capability mode with the introduction of Capsicum in 2011, but the implementation of kern_sigqueue did not include a capability … | Jun 27, 2026 |
| CVE-2026-45258 | UNKNOWN | — | dsp_mmap_single() validated the requested mapping by checking the sum of the user-supplied offset and length against the buffer size. This addition could overflow, so that … | Jun 27, 2026 |
| CVE-2026-9242 | MEDIUM | 5.3 | The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Verification of Data … | Jun 27, 2026 |
| CVE-2026-9233 | MEDIUM | 4.3 | The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to authorization bypass in all versions up to, … | Jun 27, 2026 |
| CVE-2026-3462 | MEDIUM | 6.5 | The Frisbii Pay plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'upload_csv' and 'process_batch' functions in … | Jun 27, 2026 |
| CVE-2026-13295 | MEDIUM | 6.4 | The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via panels_data Parameter in all versions up to, and including, 2.34.3 … | Jun 27, 2026 |