NVD Dashboard
CVEs Received and Processed
NVD Contains
| CVE Vulnerabilities | 366757 |
| Checklists | 896 |
| US-CERT Alerts | 249 |
| US-CERT Vuln Notes | 4486 |
| OVAL Queries | 0 |
| CPE Names | 1770873 |
CVSS V3 Score Distribution
| Severity | Number of Vulns |
|---|
CVSS V2 Score Distribution
| Severity | Number of Vulns |
|---|
For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
-
CVE-2026-50321 - Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Driver allows an authorized attacker to elevate privileges locally.
Published: July 14, 2026; 2:17:30 PM -0400V3.1: 7.0 HIGH
-
CVE-2026-50322 - Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Runtime allows an authorized attacker to elevate privileges locally.
Published: July 14, 2026; 2:17:31 PM -0400 -
CVE-2026-58538 - Heap-based buffer overflow in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
Published: July 14, 2026; 2:18:41 PM -0400 -
CVE-2026-58539 - Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.
Published: July 14, 2026; 2:18:41 PM -0400V3.1: 7.5 HIGH
-
CVE-2026-58540 - Improper authorization in Windows Installer allows an authorized attacker to elevate privileges locally.
Published: July 14, 2026; 2:18:41 PM -0400 -
CVE-2026-58541 - Access of resource using incompatible type ('type confusion') in Windows DWM allows an authorized attacker to elevate privileges locally.
Published: July 14, 2026; 2:18:41 PM -0400 -
CVE-2026-58542 - Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.
Published: July 14, 2026; 2:18:42 PM -0400V3.1: 7.8 HIGH
-
CVE-2026-58543 - Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges with a physical attack.
Published: July 14, 2026; 2:18:42 PM -0400 -
CVE-2026-58546 - Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.
Published: July 14, 2026; 2:18:42 PM -0400V3.1: 6.5 MEDIUM
-
CVE-2026-58547 - Heap-based buffer overflow in Universal Plug and Play (upnp.dll) allows an authorized attacker to elevate privileges locally.
Published: July 14, 2026; 2:18:42 PM -0400V3.1: 7.8 HIGH
-
CVE-2026-58594 - Integer overflow or wraparound in Windows RDP allows an unauthorized attacker to execute code over a network.
Published: July 14, 2026; 2:18:43 PM -0400V3.1: 9.8 CRITICAL
-
CVE-2026-10667 - Zephyr's dynamic kernel-object tracking (kernel/userspace/userspace.c, formerly kernel/userspace.c) maintains a doubly-linked list (obj_list) of dynamically allocated kernel objects. Iteration over this list in k_object_wordlist_foreach() was perf... read CVE-2026-10667
Published: July 12, 2026; 1:16:24 PM -0400 -
CVE-2026-58613 - Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
Published: July 14, 2026; 2:18:44 PM -0400 -
CVE-2026-58617 - Improper access control in Microsoft 365 Copilot for iOS allows an unauthorized attacker to elevate privileges over a network.
Published: July 14, 2026; 2:18:44 PM -0400V3.1: 9.8 CRITICAL
-
CVE-2026-58619 - Use after free in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally.
Published: July 14, 2026; 2:18:44 PM -0400 -
CVE-2026-56353 - n8n contains an authentication bypass in the Chat Trigger node when configured with n8n User Auth (a non-default configuration). In affected releases — before 1.123.22, the 2.0.0 through 2.9.2 line, and 2.10.0 — the authentication check on the Cha... read CVE-2026-56353
Published: July 15, 2026; 8:18:02 AM -0400 -
CVE-2026-59259 - n8n before versions 1.123.61, 2.27.4, and 2.28.1 contains a permission bypass vulnerability in external secrets handling caused by a mismatch between the static validation check and the runtime expression engine. An authenticated user with credent... read CVE-2026-59259
Published: July 15, 2026; 8:18:17 AM -0400V3.1: 6.5 MEDIUM
-
CVE-2026-10668 - The Nuvoton NuMaker HSUSBD USB device-controller driver (drivers/usb/udc/udc_numaker.c) armed the control Data IN stage unconditionally (base->CEPTXCNT = len in numaker_hsusbd_ep_trigger). Because the HSUSBD hardware cannot disarm a control Data I... read CVE-2026-10668
Published: July 12, 2026; 1:16:24 PM -0400V3.1: 4.6 MEDIUM
-
CVE-2026-56398 - Open WebUI before 0.9.5 contains a stored cross-site scripting vulnerability in the OAuth authentication flow where the picture claim URL MIME type is inferred from file extension rather than Content-Type header, allowing SVG files to bypass the p... read CVE-2026-56398
Published: July 15, 2026; 8:18:02 AM -0400V3.1: 9.0 CRITICAL
-
CVE-2026-56400 - open-webui before 0.3.14 contains a cross-origin resource sharing misconfiguration allowing arbitrary origins with allow_origins=* and authenticated requests to the /api/v1/functions endpoint. Attackers can execute arbitrary code on the openwebui ... read CVE-2026-56400
Published: July 15, 2026; 8:18:03 AM -0400V3.1: 9.6 CRITICAL