NVD

Icon for NVD Communications and Status Updates Page

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Legal Disclaimer:

Here is where you can read the NVD legal disclaimer.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2026-33642 - Kitty is a cross-platform GPU based terminal. In versions 0.46.2 and below, the handle_compose_command() function in kitty/graphics.c performs bounds validation on composition offsets using unsigned 32-bit arithmetic that is subject to integer wra... read CVE-2026-33642
Published: May 19, 2026; 3:16:49 PM -0400

V3.1: 9.8 CRITICAL
CVE-2026-33633 - Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and below contain a heap buffer overflow in load_image_data() that allows any process which can write to the terminal's stdin to crash kitty immediately. The vulnerability is triggered ... read CVE-2026-33633
Published: May 19, 2026; 2:16:21 PM -0400

V3.1: 8.8 HIGH
CVE-2026-2611 - In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its /ajax-api endpoints. This vulnerability allows a remote attacker to exploit cross-origin requests from a malicious webpage to interact with the MLfl... read CVE-2026-2611
Published: May 19, 2026; 6:16:22 AM -0400
CVE-2026-23263 - In the Linux kernel, the following vulnerability has been resolved: io_uring/zcrx: fix page array leak d9f595b9a65e ("io_uring/zcrx: fix leaking pages on sg init fail") fixed a page leakage but didn't free the page array, release it as well.
Published: March 18, 2026; 2:16:24 PM -0400

V3.1: 5.5 MEDIUM
CVE-2026-23262 - In the Linux kernel, the following vulnerability has been resolved: gve: Fix stats report corruption on queue count change The driver and the NIC share a region in memory for stats reporting. The NIC calculates its offset into this region based ... read CVE-2026-23262
Published: March 18, 2026; 2:16:24 PM -0400

V3.1: 7.8 HIGH
CVE-2026-22678 - Webmin before 2.641 contains a stored cross-site scripting vulnerability in the email template description field of the System and Server Status module that allows low-privileged authenticated attackers to execute arbitrary commands by injecting u... read CVE-2026-22678
Published: May 21, 2026; 6:16:46 PM -0400

V3.1: 5.4 MEDIUM
CVE-2026-23261 - In the Linux kernel, the following vulnerability has been resolved: nvme-fc: release admin tagset if init fails nvme_fabrics creates an NVMe/FC controller in following path: nvmf_dev_write() -> nvmf_create_ctrl() -> nvme_fc_cr... read CVE-2026-23261
Published: March 18, 2026; 2:16:24 PM -0400

V3.1: 5.5 MEDIUM
CVE-2026-24188 - NVIDIA TensorRT contains a vulnerability where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to data tampering.
Published: May 20, 2026; 4:16:36 PM -0400

V3.1: 7.5 HIGH
CVE-2025-26483 - Dell PowerFlex Manager, versions 4.6.2 and prior, contains an Open Redirect Vulnerability. An unauthenticated attacker could potentially exploit this vulnerability, leading to a targeted application user being redirected to arbitrary web URLs. The... read CVE-2025-26483
Published: May 22, 2026; 10:16:24 AM -0400

V3.1: 8.2 HIGH
CVE-2025-32745 - Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information tampering.
Published: May 22, 2026; 10:16:24 AM -0400

V3.1: 6.5 MEDIUM
CVE-2025-32746 - Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Insecure Storage of Sensitive Information vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to sensit... read CVE-2025-32746
Published: May 22, 2026; 10:16:24 AM -0400

V3.1: 5.5 MEDIUM
CVE-2025-32747 - Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
Published: May 22, 2026; 10:16:24 AM -0400

V3.1: 7.8 HIGH
CVE-2025-32749 - Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.
Published: May 22, 2026; 10:16:24 AM -0400

V3.1: 7.5 HIGH
CVE-2025-32751 - Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Insecure Storage of Sensitive Information vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to sensitiv... read CVE-2025-32751
Published: May 22, 2026; 11:16:25 AM -0400
CVE-2025-46371 - Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the ssh. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mec... read CVE-2025-46371
Published: May 22, 2026; 11:16:25 AM -0400

V3.1: 5.5 MEDIUM
CVE-2026-24350 - PluXml CMS is vulnerable to Stored XSS in file uploading functionality. An authenticated attacker can upload an SVG file containing a malicious payload, which will be executed when a victim clicks the link associated with the uploaded image. In ve... read CVE-2026-24350
Published: February 27, 2026; 7:16:02 AM -0500

V3.1: 5.4 MEDIUM
CVE-2026-5363 - Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 (uhttpd modules) allows Password Recovery Exploitation. The web interface encrypts the admin password client-side using RSA-1024 before sending it to the router during l... read CVE-2026-5363
Published: April 15, 2026; 8:16:29 PM -0400

V3.1: 8.8 HIGH
CVE-2026-43089 - In the Linux kernel, the following vulnerability has been resolved: xfrm_user: fix info leak in build_mapping() struct xfrm_usersa_id has a one-byte padding hole after the proto field, which ends up never getting set to zero before copying out t... read CVE-2026-43089
Published: May 06, 2026; 6:16:22 AM -0400

V3.1: 5.5 MEDIUM
CVE-2026-43088 - In the Linux kernel, the following vulnerability has been resolved: net: af_key: zero aligned sockaddr tail in PF_KEY exports PF_KEY export paths use `pfkey_sockaddr_size()` when reserving sockaddr payload space, so IPv6 addresses occupy 32 byte... read CVE-2026-43088
Published: May 06, 2026; 6:16:22 AM -0400

V3.1: 5.5 MEDIUM
CVE-2026-43417 - In the Linux kernel, the following vulnerability has been resolved: sched/mmcid: Handle vfork()/CLONE_VM correctly Matthieu and Jiri reported stalls where a task endlessly loops in mm_get_cid() when scheduling in. It turned out that the logic w... read CVE-2026-43417
Published: May 08, 2026; 11:16:53 AM -0400

V3.1: 5.5 MEDIUM

Created September 20, 2022 , Updated August 27, 2024

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

Legal Disclaimer: