NVD

Icon for NVD Communications and Status Updates Page

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Legal Disclaimer:

Here is where you can read the NVD legal disclaimer.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2025-3406 - A vulnerability was found in Nothings stb up to f056911. It has been classified as problematic. Affected is the function stbhw_build_tileset_from_image of the component Header Array Handler. The manipulation of the argument w leads to out-of-bound... read CVE-2025-3406
Published: April 08, 2025; 12:15:31 AM -0400

V3.1: 6.5 MEDIUM
CVE-2025-3408 - A vulnerability was found in Nothings stb up to f056911. It has been rated as critical. Affected by this issue is the function stb_dupreplace. The manipulation leads to integer overflow. The attack may be launched remotely. Continious delivery wit... read CVE-2025-3408
Published: April 08, 2025; 12:15:32 AM -0400

V3.1: 8.8 HIGH
CVE-2025-3407 - A vulnerability was found in Nothings stb up to f056911. It has been declared as critical. Affected by this vulnerability is the function stbhw_build_tileset_from_image. The manipulation of the argument h_count/v_count leads to out-of-bounds read.... read CVE-2025-3407
Published: April 08, 2025; 12:15:31 AM -0400

V3.1: 8.8 HIGH
CVE-2025-3409 - A vulnerability classified as critical has been found in Nothings stb up to f056911. This affects the function stb_include_string. The manipulation of the argument path_to_includes leads to stack-based buffer overflow. It is possible to initiate t... read CVE-2025-3409
Published: April 08, 2025; 1:15:40 AM -0400

V3.1: 8.8 HIGH
CVE-2026-4342 - A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of... read CVE-2026-4342
Published: March 19, 2026; 6:16:43 PM -0400

V3.1: 8.8 HIGH
CVE-2026-24352 - PluXml CMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated... read CVE-2026-24352
Published: February 27, 2026; 7:16:03 AM -0500

V3.1: 9.8 CRITICAL
CVE-2026-24351 - PluXml CMS is vulnerable to Stored XSS in Static Pages editing functionality. Attacker with editing privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. The vendor was notified early... read CVE-2026-24351
Published: February 27, 2026; 7:16:03 AM -0500

V3.1: 5.4 MEDIUM
CVE-2026-31435 - In the Linux kernel, the following vulnerability has been resolved: netfs: Fix read abandonment during retry Under certain circumstances, all the remaining subrequests from a read request will get abandoned during retry. The abandonment process... read CVE-2026-31435
Published: April 22, 2026; 10:16:36 AM -0400
CVE-2026-31436 - In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc() At the end of this function, d is the traversal cursor of flist, but the code completes found ins... read CVE-2026-31436
Published: April 22, 2026; 10:16:36 AM -0400
CVE-2026-31437 - In the Linux kernel, the following vulnerability has been resolved: netfs: Fix NULL pointer dereference in netfs_unbuffered_write() on retry When a write subrequest is marked NETFS_SREQ_NEED_RETRY, the retry path in netfs_unbuffered_write() unco... read CVE-2026-31437
Published: April 22, 2026; 10:16:36 AM -0400

V3.1: 5.5 MEDIUM
CVE-2026-31438 - In the Linux kernel, the following vulnerability has been resolved: netfs: Fix kernel BUG in netfs_limit_iter() for ITER_KVEC iterators When a process crashes and the kernel writes a core dump to a 9P filesystem, __kernel_write() creates an ITER... read CVE-2026-31438
Published: April 22, 2026; 10:16:37 AM -0400

V3.1: 5.5 MEDIUM
CVE-2026-31439 - In the Linux kernel, the following vulnerability has been resolved: dmaengine: xilinx: xdma: Fix regmap init error handling devm_regmap_init_mmio returns an ERR_PTR() upon error, not NULL. Fix the error check and also fix the error message. Use ... read CVE-2026-31439
Published: April 22, 2026; 10:16:37 AM -0400

V3.1: 5.5 MEDIUM
CVE-2026-3960 - A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vulnerability arises due to insufficient security controls in the parameter blacklist mechan... read CVE-2026-3960
Published: April 23, 2026; 6:16:17 AM -0400

V3.1: 9.8 CRITICAL
CVE-2026-8757 - A vulnerability was found in adenhq hive up to 0.11.0. This affects the function _read_events_tail of the file core/framework/server/routes_sessions.py of the component Delete Request Handler. Performing a manipulation results in path traversal. T... read CVE-2026-8757
Published: May 17, 2026; 10:16:21 AM -0400

V3.1: 9.1 CRITICAL
CVE-2026-8765 - A vulnerability was detected in Kilo-Org kilocode up to 7.0.47. This vulnerability affects the function Bun.file of the file packages/opencode/src/kilocode/review/worktree-diff.ts of the component File Diff API Endpoint. Performing a manipulation ... read CVE-2026-8765
Published: May 17, 2026; 7:17:02 PM -0400

V3.1: 6.5 MEDIUM
CVE-2026-8766 - A flaw has been found in Kilo-Org kilocode up to 7.0.47. This issue affects the function Load of the file packages/opencode/src/config/config.ts of the component Environment Variable Handler. Executing a manipulation of the argument KILO_CONFIG_CO... read CVE-2026-8766
Published: May 17, 2026; 7:17:02 PM -0400

V3.1: 6.5 MEDIUM
CVE-2026-25244 - WebdriverIO is a test automation framework for unit, e2e and component testing using WebDriver, WebDriver BiDi and Appium. Versions below 9.24.0 contain a command injection vulnerability leading to remote code execution (RCE) in test orchestration... read CVE-2026-25244
Published: May 18, 2026; 5:16:39 PM -0400
CVE-2026-42844 - Grav is a file-based Web platform. In Grav 2.0.0-beta.2, a low-privileged authenticated API user with api.media.write can abuse /api/v1/blueprint-upload to write an arbitrary YAML file into user/accounts/, then log in as the newly created account ... read CVE-2026-42844
Published: May 12, 2026; 6:16:34 PM -0400

V3.1: 8.8 HIGH
CVE-2026-42290 - protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbts invoked JSDoc by building a shell command string from input file paths and executing it through child_process.exec. File paths containing shell metacharacter... read CVE-2026-42290
Published: May 13, 2026; 12:16:47 PM -0400

V3.1: 7.8 HIGH
CVE-2026-44288 - protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs includes a minimal UTF-8 decoder that accepted overlong UTF-8 byte sequences and decoded them to their canonical characters instead of re... read CVE-2026-44288
Published: May 13, 2026; 12:16:55 PM -0400

Created September 20, 2022 , Updated August 27, 2024

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

Legal Disclaimer: