Total CVEs

145,992

Critical Severity

4,294

High Severity

15,807

Last 7 Days

2,234
Quick preset (or use dates below)
Clear Filters
Showing 6,201 - 6,220 of 145,992 CVEs
CVE-2026-50548 CRITICAL - 9.8

Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by default, and the sandbox grants write access to the command's working directory. A flaw was identified in how the agent could modify the working_directory parameter, which co...

Vendor: cursor
Product: cursor
Published: Jun 25, 2026
Source: NVD

SYMCRYPTO is the SiXG301's host side hardware engine accessed by PSA crypto library that accelerates symmetric cryptographic operations (AES encryption/decryption and hashing). DPA Countermeasures on SYMCRYPTO can be weakened (reduced entropy) by forcing certain seed values if an attacker gai...

Published: Jun 25, 2026
Source: NVD

In AzeoTech DAQFactory versions 21.1 and prior, a Use After Free vulnerability can be exploited by an attacker using specially crafted .ctl files which can result in code execution.

Vendor: AzeoTech
Product: DAQFactory
Published: Jun 25, 2026
Source: NVD

Horner Automation Cscape versions prior to 10.2 SP3 are vulnerable to an Out-of-Bounds Read vulnerability through parsing CSP files. Successful exploitation of this vulnerability could allow an attacker to disclose information and execute arbitrary code.

Vendor: Horner Automation
Product: Cscape
Published: Jun 25, 2026
Source: NVD
CVE-2026-48508 HIGH - 8.8

Lemur has an authorization bypass in StrictRolePermission / AuthorityCreatorPermission

Vendor: pip
Product: lemur
Published: Jun 25, 2026
Source: GitHub
CVE-2026-48504 MEDIUM - 5.3

OpenTelemetry Rust is the Rust OpenTelemetry implementation. In 0.32.0 and earlier, BaggagePropagator::extract_with_context in opentelemetry_sdk did not enforce W3C Baggage size limits before parsing an inbound baggage header, so a large attacker-controlled header could cause unnecessary CPU work an...

Vendor: rust
Product: opentelemetry_sdk
Published: Jun 25, 2026
Source: GitHub
CVE-2026-6291 MEDIUM - 6.5

Bleichenbacher padding oracle in PKCS#7 KTRI decryption. When decrypting PKCS#7 EnvelopedData using RSA PKCS#1 v1.5 key transport, wolfSSL returned distinguishable error codes depending on whether RSA padding validation failed versus whether the decrypted content was malformed. An attacker able to s...

Vendor: wolfssl
Product: wolfssl
Published: Jun 25, 2026
Source: NVD
CVE-2026-6094 CRITICAL - 9.1

Heap buffer overread in wc_PKCS7_DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS.

Vendor: wolfssl
Product: wolfssl
Published: Jun 25, 2026
Source: NVD
CVE-2026-6091 MEDIUM - 6.5

Partial-chain certificate verification may accept chains that terminate at a peer-supplied, untrusted intermediate certificate rather than a trusted anchor. An attacker could present a chain that ends at an intermediate they control and have it accepted as valid. This affects the OpenSSL compatibili...

Vendor: wolfssl
Product: wolfssl
Published: Jun 25, 2026
Source: NVD
CVE-2026-55967 HIGH - 7.5

AES-GCM encryption/decryption with extremely large cumulative single message sizes (>64 GiB) were not properly rejected by the streaming APIs, allowing counter wrap, keystream reuse, and consequent plaintext recovery.

Vendor: wolfSSL
Product: wolfSSL
Published: Jun 25, 2026
Source: NVD
CVE-2026-55961 HIGH - 7.5

wolfSSL_PKCS7_verify() returning success for a degenerate (certs-only) PKCS#7 object that contains no signer. Such an object has empty signerInfos, so the underlying signed-data verification succeeds without authenticating any content. The compatibility-layer verify path now rejects the object when ...

Vendor: wolfSSL
Product: wolfSSL
Published: Jun 25, 2026
Source: NVD
CVE-2026-55700 HIGH - 7.1

pnpm is a package manager. From 11.3.0 until 11.5.3, `pnpm stage download` derived a local filename from registry-controlled package name and version fields. A crafted manifest could escape the selected download directory and overwrite another reachable file. The merged fix validates both fields, de...

Vendor: pnpm
Product: pnpm
Published: Jun 25, 2026
Source: NVD
CVE-2026-55699 MEDIUM - 6.5

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, Manifest bin object keys such as "", ".", and ".." passed pnpm's bin-name guard. When a malicious package was installed globally, later global remove, update, or add-replacement flows could re-derive those nam...

Vendor: pnpm
Product: pnpm
Published: Jun 25, 2026
Source: NVD
CVE-2026-55698 HIGH - 8.8

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can persist package-manager bootstrap metadata in the first YAML document of pnpm-lock.yaml. Before the patch, direct pnpm execution trusted an already resolved packageManagerDependencies entry when the committed env lockfile contained mat...

Vendor: pnpm
Product: pnpm
Published: Jun 25, 2026
Source: NVD
CVE-2026-55697 HIGH - 7.5

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can install configDependencies declared in pnpm-workspace.yaml before command dispatch. Before the patch, a repository could declare pacquet or @pnpm/pacquet as a config dependency and pnpm treated that repository-controlled dependency as ...

Vendor: pnpm
Product: pnpm
Published: Jun 25, 2026
Source: NVD
CVE-2026-55487 HIGH - 7.5

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, the generic peer-suffix normalizer also stripped parenthesized text from git, URL, tarball, file, and other opaque locators. Approval for one source string could therefore authorize a different attacker-controlled source whose locator normalize...

Vendor: pnpm
Product: pnpm
Published: Jun 25, 2026
Source: NVD
CVE-2026-55180 MEDIUM - 6.5

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm and pacquet expanded ${ENV_VAR} placeholders from repository-controlled .npmrc and pnpm-workspace.yaml into registry request destinations and registry credentials. A malicious repository could cause dependency resolution to send victim env...

Vendor: pnpm
Product: pnpm
Published: Jun 25, 2026
Source: NVD
CVE-2026-54679 MEDIUM - 5.5

jq is a command-line JSON processor. Prior to 1.8.2, on 32bit system, jvp_string_append has a chance of integer/multiple overflowing and then causing a massive buffer overrun. This vulnerability is fixed in 1.8.2.

Vendor: jqlang
Product: jq
Published: Jun 25, 2026
Source: NVD
CVE-2026-50573 MEDIUM - 6.8

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, `pnpm install` in non-frozen mode can accept new remote package content after detecting that the downloaded tarball does not match the integrity recorded in pnpm-lock.yaml. When a package is already locked with an integrity value, and the regis...

Vendor: pnpm
Product: pnpm
Published: Jun 25, 2026
Source: NVD
CVE-2026-50021 MEDIUM - 6.8

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's tarball extraction worker skips integrity verification when the integrity field is absent from the lockfile resolution. If an attacker can both modify pnpm-lock.yaml to remove the integrity: field and cause the referenced registry U...

Vendor: pnpm
Product: pnpm
Published: Jun 25, 2026
Source: NVD