NVD Dashboard
CVEs Received and Processed
NVD Contains
| CVE Vulnerabilities | 366702 |
| Checklists | 896 |
| US-CERT Alerts | 249 |
| US-CERT Vuln Notes | 4486 |
| OVAL Queries | 0 |
| CPE Names | 1770873 |
CVSS V3 Score Distribution
| Severity | Number of Vulns |
|---|
CVSS V2 Score Distribution
| Severity | Number of Vulns |
|---|
For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
-
CVE-2026-59259 - n8n before versions 1.123.61, 2.27.4, and 2.28.1 contains a permission bypass vulnerability in external secrets handling caused by a mismatch between the static validation check and the runtime expression engine. An authenticated user with credent... read CVE-2026-59259
Published: July 15, 2026; 8:18:17 AM -0400V3.1: 6.5 MEDIUM
-
CVE-2026-10668 - The Nuvoton NuMaker HSUSBD USB device-controller driver (drivers/usb/udc/udc_numaker.c) armed the control Data IN stage unconditionally (base->CEPTXCNT = len in numaker_hsusbd_ep_trigger). Because the HSUSBD hardware cannot disarm a control Data I... read CVE-2026-10668
Published: July 12, 2026; 1:16:24 PM -0400V3.1: 4.6 MEDIUM
-
CVE-2026-56353 - n8n contains an authentication bypass in the Chat Trigger node when configured with n8n User Auth (a non-default configuration). In affected releases — before 1.123.22, the 2.0.0 through 2.9.2 line, and 2.10.0 — the authentication check on the Cha... read CVE-2026-56353
Published: July 15, 2026; 8:18:02 AM -0400 -
CVE-2026-56398 - Open WebUI before 0.9.5 contains a stored cross-site scripting vulnerability in the OAuth authentication flow where the picture claim URL MIME type is inferred from file extension rather than Content-Type header, allowing SVG files to bypass the p... read CVE-2026-56398
Published: July 15, 2026; 8:18:02 AM -0400V3.1: 9.0 CRITICAL
-
CVE-2026-56400 - open-webui before 0.3.14 contains a cross-origin resource sharing misconfiguration allowing arbitrary origins with allow_origins=* and authenticated requests to the /api/v1/functions endpoint. Attackers can execute arbitrary code on the openwebui ... read CVE-2026-56400
Published: July 15, 2026; 8:18:03 AM -0400V3.1: 9.6 CRITICAL
-
CVE-2026-61859 - ImageMagick before 7.1.2-26 and 6.9.13-x before 6.9.13-51 contains a policy bypass vulnerability in the -script operation due to missing security policy checks. This allows reading files from paths that are otherwise disallowed by the configured s... read CVE-2026-61859
Published: July 15, 2026; 8:18:20 AM -0400 -
CVE-2026-50670 - Out-of-bounds read in Windows Kernel allows an authorized attacker to elevate privileges locally.
Published: July 14, 2026; 2:18:01 PM -0400V3.1: 7.8 HIGH
-
CVE-2026-61863 - ImageMagick before 7.1.2-26 (and 6.x before 6.9.13-51) contains a memory leak in the TIFF encoder that occurs when a temporary file cannot be created, resulting in a small memory leak.
Published: July 15, 2026; 8:18:21 AM -0400V3.1: 7.5 HIGH
-
CVE-2026-50673 - Null pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.
Published: July 14, 2026; 2:18:01 PM -0400V3.1: 7.8 HIGH
-
CVE-2026-38753 - A use-after-free in the awk_sub() function (editors/awk.c) of Busybox v1.38.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted AWK script.
Published: July 15, 2026; 5:16:36 PM -0400 -
CVE-2026-50688 - Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
Published: July 14, 2026; 2:18:04 PM -0400V3.1: 7.8 HIGH
-
CVE-2026-36590 - An issue in EMQ NanoMQ v.0.24.9 allows a remote attacker to cause a denial of service via the nni_qos_db_set function in broker_tcp.c component
Published: July 15, 2026; 6:16:46 PM -0400 -
CVE-2026-38752 - A stack overflow in the evaluate() function (editors/awk.c) of BusyBox commit 371fe9 allows attackers to cause a Denial of Service (DoS) via supplying a crafted AWK script.
Published: July 15, 2026; 6:16:47 PM -0400 -
CVE-2026-38754 - A heap overflow in the ifsbreakup() function (shell/ash.c) of Busybox v1.38.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted input.
Published: July 15, 2026; 6:16:47 PM -0400 -
CVE-2026-38755 - A heap overflow in the evalcommand() function (shell/ash.c) of Busybox v1.38.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted input.
Published: July 15, 2026; 6:16:47 PM -0400 -
CVE-2026-56643 - Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
Published: July 14, 2026; 2:18:30 PM -0400 -
CVE-2026-56644 - Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
Published: July 14, 2026; 2:18:30 PM -0400 -
CVE-2026-58532 - Integer overflow or wraparound in Windows Kernel allows an authorized attacker to elevate privileges locally.
Published: July 14, 2026; 2:18:40 PM -0400 -
CVE-2026-50327 - Heap-based buffer overflow in Windows Media allows an authorized attacker to execute code locally.
Published: July 14, 2026; 2:17:31 PM -0400 -
CVE-2026-50326 - Use after free in Windows Unified Consent System allows an authorized attacker to elevate privileges locally.
Published: July 14, 2026; 2:17:31 PM -0400