U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
Icon for New NVD Communications and Status Updates Page
New Communications Page
The NVD now supports CVSS version 4.0!
CVSS v4.0 Support
The letters N V D typed out in binary
2.0 APIs

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2026-23060 - In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec authencesn assumes an ESP/ESN-formatted AAD. When assoclen is shorter than the minimum expected leng... read CVE-2026-23060
    Published: February 04, 2026; 12:16:16 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2026-23061 - In the Linux kernel, the following vulnerability has been resolved: can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak Fix similar memory leak as in commit 7352e1d5932a ("can: gs_usb: gs_usb_receive_bulk_callback(): fix URB me... read CVE-2026-23061
    Published: February 04, 2026; 12:16:16 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2026-23062 - In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro The GET_INSTANCE_ID macro that caused a kernel panic when accessing sysfs attributes: 1. Off-by-one error: T... read CVE-2026-23062
    Published: February 04, 2026; 12:16:16 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2026-23063 - In the Linux kernel, the following vulnerability has been resolved: uacce: ensure safe queue release with state management Directly calling `put_queue` carries risks since it cannot guarantee that resources of `uacce_queue` have been fully relea... read CVE-2026-23063
    Published: February 04, 2026; 12:16:16 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2026-23064 - In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ife: avoid possible NULL deref tcf_ife_encode() must make sure ife_encode() does not return NULL. syzbot reported: Oops: general protection fault, probably for ... read CVE-2026-23064
    Published: February 04, 2026; 12:16:17 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2026-23065 - In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd: Fix memory leak in wbrf_record() The tmp buffer is allocated using kcalloc() but is not freed if acpi_evaluate_dsm() fails. This causes a memory leak in the er... read CVE-2026-23065
    Published: February 04, 2026; 12:16:17 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2026-23066 - In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix recvmsg() unconditional requeue If rxrpc_recvmsg() fails because MSG_DONTWAIT was specified but the call at the front of the recvmsg queue already has its mutex locke... read CVE-2026-23066
    Published: February 04, 2026; 12:16:17 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2026-23067 - In the Linux kernel, the following vulnerability has been resolved: iommu/io-pgtable-arm: fix size_t signedness bug in unmap path __arm_lpae_unmap() returns size_t but was returning -ENOENT (negative error code) when encountering an unmapped PTE... read CVE-2026-23067
    Published: February 04, 2026; 12:16:17 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2026-23068 - In the Linux kernel, the following vulnerability has been resolved: spi: spi-sprd-adi: Fix double free in probe error path The driver currently uses spi_alloc_host() to allocate the controller but registers it using devm_spi_register_controller(... read CVE-2026-23068
    Published: February 04, 2026; 12:16:17 PM -0500

    V3.1: 7.8 HIGH

  • CVE-2026-23069 - In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix potential underflow in virtio_transport_get_credit() The credit calculation in virtio_transport_get_credit() uses unsigned arithmetic: ret = vvs->peer_buf_a... read CVE-2026-23069
    Published: February 04, 2026; 12:16:17 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2026-23654 - Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network.
    Published: March 10, 2026; 2:18:13 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2026-26123 - Cwe is not in rca categories in Microsoft Authenticator allows an unauthorized attacker to disclose information locally.
    Published: March 10, 2026; 4:16:34 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2026-26105 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
    Published: March 10, 2026; 2:18:38 PM -0400

    V3.1: 9.3 CRITICAL

  • CVE-2026-26111 - Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
    Published: March 10, 2026; 2:18:39 PM -0400

  • CVE-2026-31796 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow in icCurvesFromXml() causing heap memory corruption or crash. This vulnerability is fixed in 2.3.1.5.
    Published: March 10, 2026; 2:19:00 PM -0400

  • CVE-2026-31795 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow write in CIccXform3DLut::Apply() corrupting stack memory or crash. This vulnerability is fixed in 2.3.1.5.
    Published: March 10, 2026; 2:18:59 PM -0400

  • CVE-2026-31794 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a segmentation fault from invalid/wild pointer read in CIccCLUT::Interp3d() causing a denial of service. This vulnerability is ... read CVE-2026-31794
    Published: March 10, 2026; 2:18:59 PM -0400

  • CVE-2026-31793 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a segmentation fault due to invalid/wild pointer read in CIccCalculatorFunc::ApplySequence() causing denial of service. This vu... read CVE-2026-31793
    Published: March 10, 2026; 2:18:59 PM -0400

  • CVE-2026-31792 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a null pointer dereference in CIccTagXmlStruct::ParseTag() causing a segmentation fault or denial of service. This vulnerabilit... read CVE-2026-31792
    Published: March 10, 2026; 2:18:59 PM -0400

  • CVE-2026-30987 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow in CIccTagNum<>::GetValues() causing stack memory corruption or crash. This vulnerability is fixed in 2... read CVE-2026-30987
    Published: March 10, 2026; 2:18:58 PM -0400

Created September 20, 2022 , Updated August 27, 2024