NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID Description Published Base Score Attack Vector Severity Actions
CVE-2026-53325 In the Linux kernel, the following vulnerability has been resolved: agp/amd64: Fix broken error propagation in agp_amd64_probe() A NULL pointer dere... 2026-06-29 N/A None None NVD
CVE-2026-49048 The Joomla extension JoomCCK exposes a front-end controller task, that builds two SQL statements by directly concatenating a user-supplied request par... 2026-06-28 9.8 NETWORK CRITICAL NVD
CVE-2026-13484 A vulnerability has been found in MLflow up to 4666cffc7912ea606d592fc38d6a75e2935f65e7. The impacted element is an unknown function of the component ... 2026-06-28 5.0 NETWORK MEDIUM NVD
CVE-2026-10646 Zephyr's BSD-sockets getaddrinfo() implementation (subsys/net/lib/sockets/getaddrinfo.c) passes a pointer to a stack-allocated state object (struct ge... 2026-06-28 7.4 NETWORK HIGH NVD
CVE-2026-10644 The Microchip SERCOM-G1 UART driver (drivers/serial/uart_mchp_sercom_g1.c), used by the PIC32CM-JH SoC family, contains an out-of-bounds write in its ... 2026-06-28 4.2 ADJACENT_NETWORK MEDIUM NVD
CVE-2026-10593 The Zephyr Bluetooth LE Audio Basic Audio Profile (BAP) unicast client mishandles peer-supplied ASE state notifications. In unicast_client_ep_qos_stat... 2026-06-28 6.5 ADJACENT_NETWORK MEDIUM NVD
CVE-2026-58058 Nmap through 7.99 does not keep the IPv6 extension-header walk within the captured packet in ipv6_get_data_primitive (libnetutil/netutil.cc), so the p... 2026-06-28 6.5 NETWORK MEDIUM NVD
CVE-2026-58057 Flowise before 3.1.3 validates Custom MCP stdio environment variables against a denylist using a case-sensitive comparison, so on Windows, where envir... 2026-06-28 5.0 NETWORK MEDIUM NVD
CVE-2026-58055 nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body onto reusable keep-aliv... 2026-06-28 5.4 NETWORK MEDIUM NVD
CVE-2026-58052 7-Zip for Windows through 26.02 fails to preserve the Mark-of-the-Web when extracting a crafted RAR5 archive, because its guard that suppresses an arc... 2026-06-28 3.3 LOCAL LOW NVD
CVE-2026-58051 libssh2 through 1.11.1 grows its publickey list with SSH2_REALLOC but does not zero-initialize new entries before parsing populates them, so a parse f... 2026-06-28 6.5 NETWORK MEDIUM NVD
CVE-2026-58050 libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response and uses it in the allocation num_attrs... 2026-06-28 7.0 NETWORK HIGH NVD
CVE-2026-58049 FFmpeg's RASC video decoder (decode_dlta in libavcodec/rasc.c) performs 32-bit reads and writes at the row cursor before the NEXT_LINE row-boundary ch... 2026-06-28 8.6 NETWORK HIGH NVD
CVE-2026-10643 Zephyr's IP socket recvmsg() implementation (subsys/net/lib/sockets/sockets_inet.c, insert_pktinfo()) validated the user-supplied ancillary (msg_contr... 2026-06-28 8.7 LOCAL HIGH NVD
CVE-2026-49416 The CONS_HISTORY ioctl handler did not adequately validate the requested history size. A large value caused an integer overflow in the buffer size ca... 2026-06-27 7.8 LOCAL HIGH NVD