U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
Icon for NVD Communications and Status Updates Page
Communications Page
The NVD now supports CVSS version 4.0!
CVSS v4.0 Support
The letters N V D typed out in binary
2.0 APIs

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2026-7876 - IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19
    Published: May 27, 2026; 10:17:35 AM -0400

    V3.1: 9.1 CRITICAL

  • CVE-2026-47335 - Ubuntu Linux 6.8 contains SAUCE patches with a possible NULL pointer dereference in the handling of AppArmor notifications. The bug can be triggered by an unprivileged local user. This can lead to a kernel panic.
    Published: May 28, 2026; 3:16:42 PM -0400

  • CVE-2026-47336 - Ubuntu Linux 6.8 contains SAUCE patches with a possible use of an uninitialized variable in AppArmor AF_INET/AF_INET6 socket mediation code. The bug can be triggered by an unprivileged local user and could result in incorrect fine-grained mediatio... read CVE-2026-47336
    Published: May 28, 2026; 3:16:42 PM -0400

  • CVE-2026-47337 - Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AF_INET/AF_INET6 socket mediation. The bug can be triggered by an unprivileged local user. This can lead to a kernel oops.
    Published: May 28, 2026; 3:16:42 PM -0400

  • CVE-2026-33462 - A path traversal vulnerability was identified in Kibana's dashboard management functionality. An authenticated user with limited permissions could create a dashboard with a specially crafted identifier. When an administrator subsequently attempts ... read CVE-2026-33462
    Published: May 28, 2026; 4:16:22 PM -0400

    V3.1: 7.3 HIGH

  • CVE-2026-33463 - Operation on a Resource after Expiration or Termination (CWE-672) in Kibana can lead to unauthorized information disclosure. A logic error in how expiration timestamps were validated allowed a time-bounded access token to remain usable beyond its ... read CVE-2026-33463
    Published: May 28, 2026; 4:16:22 PM -0400

  • CVE-2026-33464 - Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user holding a low-privileged role can submit a specially crafted, oversized payload to an internal Kibana... read CVE-2026-33464
    Published: May 28, 2026; 4:16:23 PM -0400

  • CVE-2026-42401 - Improper Neutralization of Input During Web Page Generation (CWE-79) in Kibana can lead to stored HTML injection. A user with write access to an Elasticsearch index could persist crafted markup which, when subsequently rendered through an affected... read CVE-2026-42401
    Published: May 28, 2026; 4:16:23 PM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2026-34311 - Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Opera). Supported versions that are affected are 5.6.19.24, 5.6.22, 5.6.25.19, 5.6.27.6 and 5.6.28. Easily exploitable vulne... read CVE-2026-34311
    Published: May 28, 2026; 5:16:29 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2026-46820 - Vulnerability in the Oracle Financials Common Modules product of Oracle E-Business Suite (component: Common Components). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with... read CVE-2026-46820
    Published: May 28, 2026; 5:16:31 PM -0400

    V3.1: 8.5 HIGH

  • CVE-2026-46821 - Vulnerability in the Oracle Financials Common Modules product of Oracle E-Business Suite (component: Common Components). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with... read CVE-2026-46821
    Published: May 28, 2026; 5:16:32 PM -0400

  • CVE-2026-46822 - Vulnerability in the Oracle iAssets product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access ... read CVE-2026-46822
    Published: May 28, 2026; 5:16:32 PM -0400

  • CVE-2026-46823 - Vulnerability in the Oracle Public Sector Financials (International) product of Oracle E-Business Suite (component: Authorization). Supported versions that are affected are 12.2.6-12.2.15. Easily exploitable vulnerability allows low privileged at... read CVE-2026-46823
    Published: May 28, 2026; 5:16:32 PM -0400

  • CVE-2026-46824 - Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Site Level Administration). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privile... read CVE-2026-46824
    Published: May 28, 2026; 5:16:32 PM -0400

  • CVE-2026-9959 - Race in WebRTC in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
    Published: May 28, 2026; 7:16:54 PM -0400

  • CVE-2026-9961 - Use after free in SurfaceCapture in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
    Published: May 28, 2026; 7:16:54 PM -0400

  • CVE-2026-9964 - Use after free in Bluetooth in Google Chrome on Mac prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: High)
    Published: May 28, 2026; 7:16:54 PM -0400

  • CVE-2026-9965 - Out of bounds write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
    Published: May 28, 2026; 7:16:54 PM -0400

  • CVE-2026-9966 - Integer overflow in XML in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
    Published: May 28, 2026; 7:16:54 PM -0400

  • CVE-2026-9986 - Insufficient validation of untrusted input in OptimizationGuide in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity... read CVE-2026-9986
    Published: May 28, 2026; 7:16:56 PM -0400

Created September 20, 2022 , Updated August 27, 2024