U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
Icon for NVD Communications and Status Updates Page
Communications Page
The NVD now supports CVSS version 4.0!
CVSS v4.0 Support
The letters N V D typed out in binary
2.0 APIs

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2026-23448 - In the Linux kernel, the following vulnerability has been resolved: net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check cdc_ncm_rx_verify_ndp16() validates that the NDP header and its DPE entries fit within the skb. The first check co... read CVE-2026-23448
    Published: April 03, 2026; 12:16:30 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2026-23449 - In the Linux kernel, the following vulnerability has been resolved: net/sched: teql: Fix double-free in teql_master_xmit Whenever a TEQL devices has a lockless Qdisc as root, qdisc_reset should be called using the seq_lock to avoid racing with t... read CVE-2026-23449
    Published: April 03, 2026; 12:16:31 PM -0400

  • CVE-2026-23450 - In the Linux kernel, the following vulnerability has been resolved: net/smc: fix NULL dereference and UAF in smc_tcp_syn_recv_sock() Syzkaller reported a panic in smc_tcp_syn_recv_sock() [1]. smc_tcp_syn_recv_sock() is called in the TCP receive... read CVE-2026-23450
    Published: April 03, 2026; 12:16:31 PM -0400

  • CVE-2026-23451 - In the Linux kernel, the following vulnerability has been resolved: bonding: prevent potential infinite loop in bond_header_parse() bond_header_parse() can loop if a stack of two bonding devices is setup, because skb->dev always points to the hi... read CVE-2026-23451
    Published: April 03, 2026; 12:16:31 PM -0400

  • CVE-2026-23255 - In the Linux kernel, the following vulnerability has been resolved: net: add proper RCU protection to /proc/net/ptype Yin Fengwei reported an RCU stall in ptype_seq_show() and provided a patch. Real issue is that ptype_seq_next() and ptype_seq_... read CVE-2026-23255
    Published: March 18, 2026; 2:16:23 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2026-23256 - In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup In setup_nic_devices(), the initialization loop jumps to the label setup_nic_dev_free on failure. The curre... read CVE-2026-23256
    Published: March 18, 2026; 2:16:23 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2026-23257 - In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup In setup_nic_devices(), the initialization loop jumps to the label setup_nic_dev_free on failure. The curre... read CVE-2026-23257
    Published: March 18, 2026; 2:16:23 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2025-33255 - NVIDIA TRT-LLM for any platform contains a vulnerability in MPI server, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and inform... read CVE-2025-33255
    Published: May 20, 2026; 12:16:43 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2026-24142 - NVIDIA TRT-LLM for any platform contains a deserialization vulnerability and unsafe serialized handle. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure.
    Published: May 20, 2026; 12:16:44 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2026-24160 - NVIDIA TRT-LLM for any platform contains a vulnerability where an attacker could cause an unchecked return value to a null pointer dereference. A successful exploit of this vulnerability might lead to denial of service.
    Published: May 20, 2026; 12:16:45 AM -0400

  • CVE-2026-43074 - In the Linux kernel, the following vulnerability has been resolved: eventpoll: defer struct eventpoll free to RCU grace period In certain situations, ep_free() in eventpoll.c will kfree the epi->ep eventpoll struct while it still being used by a... read CVE-2026-43074
    Published: May 06, 2026; 6:16:20 AM -0400

  • CVE-2026-43075 - In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix out-of-bounds write in ocfs2_write_end_inline KASAN reports a use-after-free write of 4086 bytes in ocfs2_write_end_inline, called from ocfs2_write_end_nolock during ... read CVE-2026-43075
    Published: May 06, 2026; 6:16:20 AM -0400

  • CVE-2026-43076 - In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate inline data i_size during inode read When reading an inode from disk, ocfs2_validate_inode_block() performs various sanity checks but does not validate the size ... read CVE-2026-43076
    Published: May 06, 2026; 6:16:20 AM -0400

  • CVE-2026-43077 - In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Fix minimum RX size check for decryption The check for the minimum receive buffer size did not take the tag size into account during decryption. Fix this b... read CVE-2026-43077
    Published: May 06, 2026; 6:16:20 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2026-43078 - In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl When page reassignment was added to af_alg_pull_tsgl the original loop wasn't updated so it may try to reassi... read CVE-2026-43078
    Published: May 06, 2026; 6:16:20 AM -0400

  • CVE-2026-43067 - In the Linux kernel, the following vulnerability has been resolved: ext4: handle wraparound when searching for blocks for indirect mapped blocks Commit 4865c768b563 ("ext4: always allocate blocks only from groups inode can use") restricts what b... read CVE-2026-43067
    Published: May 05, 2026; 12:16:15 PM -0400

  • CVE-2026-43068 - In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocate block from corrupted group in ext4_mb_find_by_goal() There's issue as follows: ... EXT4-fs (mmcblk0p1): Delayed block allocation failed for inode 206 at log... read CVE-2026-43068
    Published: May 05, 2026; 12:16:16 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2026-43084 - In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_queue: make hash table per queue Sharing a global hash table among all queues is tempting, but it can cause crash: BUG: KASAN: slab-use-after-free in nfqnl... read CVE-2026-43084
    Published: May 06, 2026; 6:16:21 AM -0400

  • CVE-2026-8741 - A vulnerability has been found in EMQX up to 6.2.0. This affects an unknown function of the file apps/emqx/src/emqx_persistent_session_ds.erl of the component QoS 2 PUBLISH Packet Handler. Such manipulation leads to race condition. The attack may ... read CVE-2026-8741
    Published: May 17, 2026; 5:16:35 AM -0400

    V3.1: 3.1 LOW

  • CVE-2026-6365 - Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS). This issue affects Drupal core: from 8.0.0 before 10.5.9, from 10.6.0 before 10.6.7, from ... read CVE-2026-6365
    Published: May 19, 2026; 7:16:58 PM -0400

Created September 20, 2022 , Updated August 27, 2024