U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
Icon for New NVD Communications and Status Updates Page
New Communications Page
The NVD now supports CVSS version 4.0!
CVSS v4.0 Support
The letters N V D typed out in binary
2.0 APIs

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2025-38567 - In the Linux kernel, the following vulnerability has been resolved: nfsd: avoid ref leak in nfsd_open_local_fh() If two calls to nfsd_open_local_fh() race and both successfully call nfsd_file_acquire_local(), they will both get an extra referenc... read CVE-2025-38567
    Published: August 19, 2025; 1:15:33 PM -0400

    V3.1: 4.7 MEDIUM

  • CVE-2025-38568 - In the Linux kernel, the following vulnerability has been resolved: net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing TCA_MQPRIO_TC_ENTRY_INDEX is validated using NLA_POLICY_MAX(NLA_U32, TC_QOPT_MAX_QUEUE), which allows the va... read CVE-2025-38568
    Published: August 19, 2025; 1:15:33 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2025-38570 - In the Linux kernel, the following vulnerability has been resolved: eth: fbnic: unlink NAPIs from queues on error to open CI hit a UaF in fbnic in the AF_XDP portion of the queues.py test. The UaF is in the __sk_mark_napi_id_once() call in xsk_b... read CVE-2025-38570
    Published: August 19, 2025; 1:15:33 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2025-38571 - In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix client side handling of tls alerts A security exploit was discovered in NFS over TLS in tls_alert_recv due to its assumption that there is valid data in the msghdr's... read CVE-2025-38571
    Published: August 19, 2025; 1:15:33 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2025-38573 - In the Linux kernel, the following vulnerability has been resolved: spi: cs42l43: Property entry should be a null-terminated array The software node does not specify a count of property entries, so the array must be null-terminated. When unterm... read CVE-2025-38573
    Published: August 19, 2025; 1:15:34 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2025-38580 - In the Linux kernel, the following vulnerability has been resolved: ext4: fix inode use after free in ext4_end_io_rsv_work() In ext4_io_end_defer_completion(), check if io_end->list_vec is empty to avoid adding an io_end that requires no convers... read CVE-2025-38580
    Published: August 19, 2025; 1:15:35 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2025-38582 - In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix double destruction of rsv_qp rsv_qp may be double destroyed in error flow, first in free_mr_init(), and then in hns_roce_exit(). Fix it by moving the free_mr_init(... read CVE-2025-38582
    Published: August 19, 2025; 1:15:35 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2024-36340 - A junction point vulnerability within AMD uProf can allow a local low-privileged attacker to create junction points, potentially resulting in arbitrary file deletion or disclosure.
    Published: May 13, 2025; 10:15:19 AM -0400

  • CVE-2025-29933 - Improper input validation within AMD uProf can allow a local attacker to write out of bounds, potentially resulting in a crash or denial of service
    Published: November 24, 2025; 4:16:02 PM -0500

  • CVE-2025-48502 - Improper input validation within AMD uprof can allow a local attacker to overwrite MSR registers, potentially resulting in crash or denial of service.
    Published: November 21, 2025; 2:15:50 PM -0500

  • CVE-2025-48510 - Improper return value within AMD uProf can allow a local attacker to bypass KSLR, potentially resulting in loss of confidentiality or availability.
    Published: November 24, 2025; 4:16:03 PM -0500

  • CVE-2025-48511 - Improper input validation within AMD uprof can allow a local attacker to write to an arbitrary physical address, potentially resulting in crash or denial of service.
    Published: November 24, 2025; 4:16:03 PM -0500

  • CVE-2025-64720 - LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite... read CVE-2025-64720
    Published: November 24, 2025; 7:15:47 PM -0500

  • CVE-2025-65018 - LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified... read CVE-2025-65018
    Published: November 24, 2025; 7:15:47 PM -0500

  • CVE-2025-64506 - LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_write_ima... read CVE-2025-64506
    Published: November 24, 2025; 7:15:47 PM -0500

  • CVE-2025-64505 - LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize function ... read CVE-2025-64505
    Published: November 24, 2025; 7:15:47 PM -0500

  • CVE-2025-38566 - In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix handling of server side tls alerts Scott Mayhew discovered a security exploit in NFS over TLS in tls_alert_recv() due to its assumption it can read data from the msg... read CVE-2025-38566
    Published: August 19, 2025; 1:15:33 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2025-38605 - In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type() In ath12k_dp_tx_get_encap_type(), the arvif parameter is only used to retrieve the ab pointer. In vdev de... read CVE-2025-38605
    Published: August 19, 2025; 1:15:38 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2025-38600 - In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: fix off by one in mt7925_mcu_hw_scan() The ssid->ssids[] and sreq->ssids[] arrays have MT7925_RNR_SCAN_MAX_BSSIDS elements so this >= needs to be > to preven... read CVE-2025-38600
    Published: August 19, 2025; 1:15:38 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2025-38599 - In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: Fix possible OOB access in mt7996_tx() Fis possible Out-Of-Boundary access in mt7996_tx routine if link_id is set to IEEE80211_LINK_UNSPECIFIED
    Published: August 19, 2025; 1:15:37 PM -0400

    V3.1: 7.1 HIGH

Created September 20, 2022 , Updated August 27, 2024