NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID Description Published Base Score Attack Vector Severity Actions
CVE-2026-6731 X.509 name constraint bypass via the Subject Common Name when treated as a DNS-type name. A certificate whose Subject CN violates an issuing CA's DNS ... 2026-06-25 7.5 NETWORK HIGH NVD
CVE-2026-6681 The PKCS#7 decode path ignores the caller-supplied output buffer size (outputSz), allowing decoded content to be written past the bounds of the provid... 2026-06-25 5.3 NETWORK MEDIUM NVD
CVE-2026-6679 A heap buffer overflow could occur in the DTLS 1.3 ACK serialization path before the connecting peer is authenticated. The buffer overflow was due to ... 2026-06-25 7.5 NETWORK HIGH NVD
CVE-2026-6678 Integer underflow in wc_PKCS7_DecryptOri when handling crafted Other Recipient Info, leading to incorrect length handling during decryption. 2026-06-25 5.3 NETWORK MEDIUM NVD
CVE-2026-6450 A CRL critical extension bypass exists in ParseCRL_Extensions where critical extensions are not properly enforced, allowing a crafted CRL with an unha... 2026-06-25 5.3 NETWORK MEDIUM NVD
CVE-2026-6412 Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing. 2026-06-25 4.3 NETWORK MEDIUM NVD
CVE-2026-7531 Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 (released in 5.9.1): a malicious TLS 1.3 server ... 2026-06-25 9.8 NETWORK CRITICAL NVD
CVE-2026-57522 Bitwarden Server before 2026.5.0 contains a JSON injection vulnerability in IntegrationTemplateProcessor.ReplaceTokens(), which substitutes user-contr... 2026-06-25 3.5 NETWORK LOW NVD
CVE-2026-57521 Bitwarden Server before 2026.5.0 contains a broken access control vulnerability that allows any authenticated user to access arbitrary organization bi... 2026-06-25 4.3 NETWORK MEDIUM NVD
CVE-2026-57520 Bitwarden Server before 2026.5.0 contains a privilege escalation vulnerability that allows authenticated Custom users with ManageUsers permission to r... 2026-06-25 7.1 NETWORK HIGH NVD
CVE-2026-55964 Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA. Intermediate CA certificates are required to have the keyCertSign key usage w... 2026-06-25 5.3 NETWORK MEDIUM NVD
CVE-2026-55960 Un-negotiated Raw Public Key (RFC 7250) accepted in place of an X.509 certificate, bypassing chain validation. A raw public key has no chain, so Parse... 2026-06-25 7.5 NETWORK HIGH NVD
CVE-2026-55958 Out-of-bounds write in the Renesas TSIP TLS 1.3 transcript buffer. In tsip_StoreMessage() the capacity check guarding the fixed message bag (MSGBAG_SI... 2026-06-25 7.5 NETWORK HIGH NVD
CVE-2026-37454 Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the 3DES-E... 2026-06-25 7.5 NETWORK HIGH NVD
CVE-2026-37453 Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the MSI_SE... 2026-06-25 7.5 NETWORK HIGH NVD