NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID Description Published Base Score Attack Vector Severity Actions
CVE-2026-50548 Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by default, and the sandbox gran... 2026-06-25 9.8 NETWORK CRITICAL NVD
CVE-2026-28898 swift-nio-http2's HTTP/2-to-HTTP/1.1 codec did not validate pseudo-header values for control characters before placing them into the translated HTTP/1... 2026-06-25 5.3 NETWORK MEDIUM NVD
CVE-2026-6291 Bleichenbacher padding oracle in PKCS#7 KTRI decryption. When decrypting PKCS#7 EnvelopedData using RSA PKCS#1 v1.5 key transport, wolfSSL returned di... 2026-06-25 6.5 NETWORK MEDIUM NVD
CVE-2026-6094 Heap buffer overread in wc_PKCS7_DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-suppl... 2026-06-25 9.1 NETWORK CRITICAL NVD
CVE-2026-6091 Partial-chain certificate verification may accept chains that terminate at a peer-supplied, untrusted intermediate certificate rather than a trusted a... 2026-06-25 6.5 NETWORK MEDIUM NVD
CVE-2026-55967 AES-GCM encryption/decryption with extremely large cumulative single message sizes (>64 GiB) were not properly rejected by the streaming APIs, allowin... 2026-06-25 7.5 NETWORK HIGH NVD
CVE-2026-55961 wolfSSL_PKCS7_verify() returning success for a degenerate (certs-only) PKCS#7 object that contains no signer. Such an object has empty signerInfos, so... 2026-06-25 7.5 NETWORK HIGH NVD
CVE-2026-55700 pnpm is a package manager. From 11.3.0 until 11.5.3, `pnpm stage download` derived a local filename from registry-controlled package name and version ... 2026-06-25 7.1 NETWORK HIGH NVD
CVE-2026-55699 pnpm is a package manager. Prior to 10.34.2 and 11.5.3, Manifest bin object keys such as "", ".", and ".." passed pnpm's bin-name guard. When a malici... 2026-06-25 6.5 NETWORK MEDIUM NVD
CVE-2026-55698 pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can persist package-manager bootstrap metadata in the first YAML document of pnpm-lock.ya... 2026-06-25 8.8 NETWORK HIGH NVD
CVE-2026-55697 pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can install configDependencies declared in pnpm-workspace.yaml before command dispatch. B... 2026-06-25 7.5 NETWORK HIGH NVD
CVE-2026-55487 pnpm is a package manager. Prior to 10.34.2 and 11.5.3, the generic peer-suffix normalizer also stripped parenthesized text from git, URL, tarball, fi... 2026-06-25 7.5 NETWORK HIGH NVD
CVE-2026-55180 pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm and pacquet expanded ${ENV_VAR} placeholders from repository-controlled .npmrc and pnpm-w... 2026-06-25 6.5 NETWORK MEDIUM NVD
CVE-2026-54679 jq is a command-line JSON processor. Prior to 1.8.2, on 32bit system, jvp_string_append has a chance of integer/multiple overflowing and then causing ... 2026-06-25 5.5 LOCAL MEDIUM NVD
CVE-2026-50573 pnpm is a package manager. Prior to 10.34.0 and 11.4.0, `pnpm install` in non-frozen mode can accept new remote package content after detecting that t... 2026-06-25 6.8 NETWORK MEDIUM NVD