The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.
For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
Legal Disclaimer:
Here is where you can read the NVD legal disclaimer.
-
CVE-2026-41121 - Dell Device Management Agent, versions prior to DDMA 26.05, contain an Improper Link Resolution Before File Access ('Link Following’) vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading ... read CVE-2026-41121
Published: July 01, 2026; 3:16:51 PM -0400V3.1: 7.8 HIGH
-
CVE-2026-58521 - Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows SQL Injection. This issue affects Mediawiki - Cargo Extension: from * before 1.43.9,... read CVE-2026-58521
Published: July 01, 2026; 2:16:36 PM -0400V3.1: 9.8 CRITICAL
-
CVE-2026-13323 - In Open VSX Registry before 1.0.2, the /vscode/unpkg/ endpoint serves user-supplied HTML files with Content-Type: text/html and without a Content-Security-Policy or Content-Disposition: attachment response header. An unauthenticated attacker can r... read CVE-2026-13323
Published: July 01, 2026; 8:16:38 AM -0400V3.1: 8.7 HIGH
-
CVE-2026-58519 - Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS. This issue affects Mediawiki - Cargo Extension: from * before 3.9.1.
Published: July 01, 2026; 1:16:23 AM -0400V3.1: 5.4 MEDIUM
-
CVE-2026-53301 - In the Linux kernel, the following vulnerability has been resolved: reset: amlogic: t7: Fix null reset ops Fix missing reset ops causing kernel null pointer dereference. This SOC's reset is currently not used yet.
Published: June 26, 2026; 4:17:23 PM -0400V3.1: 5.5 MEDIUM
-
CVE-2026-53302 - In the Linux kernel, the following vulnerability has been resolved: crypto: eip93 - fix hmac setkey algo selection eip93_hmac_setkey() allocates a temporary ahash transform for computing HMAC ipad/opad key material. The allocation uses the drive... read CVE-2026-53302
Published: June 26, 2026; 4:17:23 PM -0400V3.1: 5.5 MEDIUM
-
CVE-2026-53303 - In the Linux kernel, the following vulnerability has been resolved: f2fs: protect extension_list reading with sb_lock in f2fs_sbi_show() In f2fs_sbi_show(), the extension_list, extension_count and hot_ext_count are read without holding sbi->sb_l... read CVE-2026-53303
Published: June 26, 2026; 4:17:23 PM -0400V3.1: 7.1 HIGH
-
CVE-2026-53304 - In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Resolve soft lockup issue when opening /dev/sgX The parameter def_reserved_size defines the default buffer size reserved for each Sg_fd and should be restricted to a r... read CVE-2026-53304
Published: June 26, 2026; 4:17:23 PM -0400V3.1: 5.5 MEDIUM
-
CVE-2026-53305 - In the Linux kernel, the following vulnerability has been resolved: usb: typec: ps883x: Fix Oops at unbind When trying to unbind a device in order to bind to it vfio-platform as: echo bc0000.geniqup > /sys/bus/platform/devices/bc0000.geniqup... read CVE-2026-53305
Published: June 26, 2026; 4:17:23 PM -0400V3.1: 5.5 MEDIUM
-
CVE-2026-58288 - Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
Published: July 03, 2026; 5:17:03 PM -0400 -
CVE-2026-13455 - PostgreSQL Anonymizer contains a vulnerability that allows unprivileged masked users to repeatedly call the anon.hash() function and collects (seed, hash_output) pairs to perform an offline brute-force attack and deduce the salt. The problem is re... read CVE-2026-13455
Published: June 30, 2026; 12:16:44 PM -0400 -
CVE-2026-53306 - In the Linux kernel, the following vulnerability has been resolved: tty: hvc_iucv: fix off-by-one in number of supported devices MAX_HVC_IUCV_LINES == HVC_ALLOC_TTY_ADAPTERS == 8. This is the number of entries in: static struct hvc_iucv_privat... read CVE-2026-53306
Published: June 26, 2026; 4:17:23 PM -0400V3.1: 5.5 MEDIUM
-
CVE-2026-53307 - In the Linux kernel, the following vulnerability has been resolved: pinctrl: pinconf-generic: Fully validate 'pinmux' property The pinconf_generic_parse_dt_pinmux() assumes that the 'pinmux' property is not empty when present. This might be not ... read CVE-2026-53307
Published: June 26, 2026; 4:17:24 PM -0400V3.1: 5.5 MEDIUM
-
CVE-2026-53308 - In the Linux kernel, the following vulnerability has been resolved: power: supply: max77705: Free allocated workqueue and fix removal order Use devm interface for allocating workqueue to fix two bugs at the same time: 1. Driver leaks the memory... read CVE-2026-53308
Published: June 26, 2026; 4:17:24 PM -0400V3.1: 5.5 MEDIUM
-
CVE-2026-53309 - In the Linux kernel, the following vulnerability has been resolved: ocfs2/dlm: fix off-by-one in dlm_match_regions() region comparison The local-vs-remote region comparison loop uses '<=' instead of '<', causing it to read one entry past the val... read CVE-2026-53309
Published: June 26, 2026; 4:17:24 PM -0400 -
CVE-2026-53310 - In the Linux kernel, the following vulnerability has been resolved: soc/tegra: cbb: Fix cross-fabric target timeout lookup When a fabric receives an error interrupt, the error may have occurred on a different fabric. The target timeout lookup wa... read CVE-2026-53310
Published: June 26, 2026; 4:17:24 PM -0400V3.1: 5.5 MEDIUM
-
CVE-2026-53311 - In the Linux kernel, the following vulnerability has been resolved: fuse: fix uninit-value in fuse_dentry_revalidate() fuse_dentry_revalidate() may be called with a dentry that didn't had ->d_time initialised. The issue was found with KMSAN, wh... read CVE-2026-53311
Published: June 26, 2026; 4:17:24 PM -0400V3.1: 5.5 MEDIUM
-
CVE-2026-53312 - In the Linux kernel, the following vulnerability has been resolved: iommu/riscv: Remove overflows on the invalidation path Since RISC-V supports a sign extended page table it should support a gather->end of ULONG_MAX, but if this happens it will... read CVE-2026-53312
Published: June 26, 2026; 4:17:24 PM -0400V3.1: 5.5 MEDIUM
-
CVE-2026-53313 - In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid NULL dereference in dc_dmub_srv error paths In dc_dmub_srv_log_diagnostic_data() and dc_dmub_srv_enable_dpia_trace(). Both functions check: if (!dc_dm... read CVE-2026-53313
Published: June 26, 2026; 4:17:24 PM -0400V3.1: 5.5 MEDIUM
-
CVE-2026-53314 - In the Linux kernel, the following vulnerability has been resolved: padata: Put CPU offline callback in ONLINE section to allow failure syzbot reported the following warning: DEAD callback error for CPU1 WARNING: kernel/cpu.c:1463 at _c... read CVE-2026-53314
Published: June 26, 2026; 4:17:24 PM -0400V3.1: 5.5 MEDIUM