) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.
For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
Legal Disclaimer:
Here is where you can read the NVD legal disclaimer.
-
CVE-2026-43470 - In the Linux kernel, the following vulnerability has been resolved: nfs: return EISDIR on nfs3_proc_create if d_alias is a dir If we found an alias through nfs3_do_create/nfs_add_or_obtain /d_splice_alias which happens to be a dir dentry, we don... read CVE-2026-43470
Published: May 08, 2026; 11:17:00 AM -0400V3.1: 5.5 MEDIUM
-
CVE-2026-43968 - Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in ninenines cowlib allows SSE event splitting and injection via unvalidated field values. cow_sse:event/1 in cowlib guards the id and event fields against \n but not agai... read CVE-2026-43968
Published: May 11, 2026; 3:16:25 PM -0400V3.1: 4.0 MEDIUM
-
CVE-2026-43969 - Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in ninenines cowlib allows HTTP request splitting and cookie smuggling via unvalidated cookie name and value fields. cow_cookie:cookie/1 in cowlib builds a client-side Coo... read CVE-2026-43969
Published: May 11, 2026; 3:16:25 PM -0400V3.1: 3.2 LOW
-
CVE-2026-43472 - In the Linux kernel, the following vulnerability has been resolved: unshare: fix unshare_fs() handling There's an unpleasant corner case in unshare(2), when we have a CLONE_NEWNS in flags and current->fs hadn't been shared at all; in that case c... read CVE-2026-43472
Published: May 08, 2026; 11:17:00 AM -0400V3.1: 5.5 MEDIUM
-
CVE-2026-2586 - An authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution of arbitrary operating system commands with the pri... read CVE-2026-2586
Published: May 19, 2026; 11:16:28 AM -0400 -
CVE-2026-2587 - A critical Remote Code Execution (RCE) vulnerability was identified in the server-side template rendering mechanism used by the Glassfish gadget handler. The application processes .xml files and evaluates user-supplied values within a context wher... read CVE-2026-2587
Published: May 19, 2026; 11:16:28 AM -0400 -
CVE-2026-43473 - In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Add NULL checks when resetting request and reply queues The driver encountered a crash during resource cleanup when the reply and request queues were NULL due to f... read CVE-2026-43473
Published: May 08, 2026; 11:17:00 AM -0400V3.1: 5.5 MEDIUM
-
CVE-2026-43474 - In the Linux kernel, the following vulnerability has been resolved: fs: init flags_valid before calling vfs_fileattr_get syzbot reported a uninit-value bug in [1]. Similar to the "*get" context where the kernel's internal file_kattr structure i... read CVE-2026-43474
Published: May 08, 2026; 11:17:00 AM -0400V3.1: 5.5 MEDIUM
-
CVE-2026-43475 - In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT This resolves the follow splat and lock-up when running with PREEMPT_RT enabled on Hyper-V: [ 415.140818] BUG: schedul... read CVE-2026-43475
Published: May 08, 2026; 11:17:00 AM -0400V3.1: 5.5 MEDIUM
-
CVE-2026-24160 - NVIDIA TRT-LLM for any platform contains a vulnerability where an attacker could cause an unchecked return value to a null pointer dereference. A successful exploit of this vulnerability might lead to denial of service.
Published: May 20, 2026; 12:16:45 AM -0400V3.1: 7.5 HIGH
-
CVE-2026-22614 - The encryption mechanism used in Eaton's EasySoft project file was insecure and susceptible to brute force attacks, an attacker with access to this file and the local host machine could potentially read the sensitive information stored and tamper ... read CVE-2026-22614
Published: March 10, 2026; 2:18:12 PM -0400 -
CVE-2008-4250 - The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow durin... read CVE-2008-4250
Published: October 23, 2008; 6:00:01 PM -0400V2.0: 10.0 HIGH
-
CVE-2009-1537 - Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary ... read CVE-2009-1537
Published: May 29, 2009; 2:30:00 PM -0400V2.0: 9.3 HIGH
-
CVE-2010-0806 - Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of ... read CVE-2010-0806
Published: March 10, 2010; 5:30:01 PM -0500V2.0: 9.3 HIGH
-
CVE-2010-0249 - Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remo... read CVE-2010-0249
Published: January 15, 2010; 12:30:00 PM -0500 -
CVE-2009-3459 - Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in Oct... read CVE-2009-3459
Published: October 13, 2009; 6:30:00 AM -0400V2.0: 9.3 HIGH
-
CVE-2026-23448 - In the Linux kernel, the following vulnerability has been resolved: net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check cdc_ncm_rx_verify_ndp16() validates that the NDP header and its DPE entries fit within the skb. The first check co... read CVE-2026-23448
Published: April 03, 2026; 12:16:30 PM -0400V3.1: 7.8 HIGH
-
CVE-2026-23449 - In the Linux kernel, the following vulnerability has been resolved: net/sched: teql: Fix double-free in teql_master_xmit Whenever a TEQL devices has a lockless Qdisc as root, qdisc_reset should be called using the seq_lock to avoid racing with t... read CVE-2026-23449
Published: April 03, 2026; 12:16:31 PM -0400 -
CVE-2026-23450 - In the Linux kernel, the following vulnerability has been resolved: net/smc: fix NULL dereference and UAF in smc_tcp_syn_recv_sock() Syzkaller reported a panic in smc_tcp_syn_recv_sock() [1]. smc_tcp_syn_recv_sock() is called in the TCP receive... read CVE-2026-23450
Published: April 03, 2026; 12:16:31 PM -0400 -
CVE-2026-23451 - In the Linux kernel, the following vulnerability has been resolved: bonding: prevent potential infinite loop in bond_header_parse() bond_header_parse() can loop if a stack of two bonding devices is setup, because skb->dev always points to the hi... read CVE-2026-23451
Published: April 03, 2026; 12:16:31 PM -0400