U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database

NVD Dashboard

CVEs Received and Processed

CVEs Received and Processed

Please Wait

CVE Status Count

Please Wait

CVSS Score Spread

Please Wait

CVSS V3 Score Distribution

Severity Number of Vulns

CVSS V2 Score Distribution

Severity Number of Vulns


For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2026-43930 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.76 and 9.9.0-alpha.2, a race condition in the MFA SMS one-time password (OTP) login path allows two concurrent /login requests car... read CVE-2026-43930
    Published: May 12, 2026; 10:17:08 AM -0400

    V3.1: 5.9 MEDIUM

  • CVE-2026-31215 - The nexent v1.7.5.2 backend service contains an unauthorized arbitrary file deletion vulnerability in its ElasticSearch service interface. The DELETE /{index_name}/documents endpoint lacks proper authentication and authorization controls and does ... read CVE-2026-31215
    Published: May 12, 2026; 12:16:13 PM -0400

  • CVE-2026-31216 - The nexent v1.7.5.2 backend service contains an unauthorized arbitrary storage file deletion vulnerability in its file management API. The DELETE /storage/{object_name:path} endpoint lacks authentication, authorization, and input validation mechan... read CVE-2026-31216
    Published: May 12, 2026; 12:16:13 PM -0400

  • CVE-2026-31217 - The _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f (2024-07-21) allows arbitrary code execution. When a user supplies a directory path via the --model comman... read CVE-2026-31217
    Published: May 12, 2026; 12:16:13 PM -0400

  • CVE-2026-42191 - OpenTelemetry.Exporter.OpenTelemetryProtocol is the OTLP (OpenTelemetry Protocol) exporter implementation. From 1.8.0 to 1.15.2, the OTLP disk retry feature in OpenTelemetry.Exporter.OpenTelemetryProtocol silently fell back to Path.GetTempPath() w... read CVE-2026-42191
    Published: May 12, 2026; 4:16:41 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2026-43386 - In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix potential out-of-bounds read in rtw_restruct_wmm_ie The current code checks 'i + 5 < in_len' at the end of the if statement. However, it accesses 'in_ie[... read CVE-2026-43386
    Published: May 08, 2026; 11:16:49 AM -0400

    V3.1: 7.1 HIGH

  • CVE-2026-43387 - In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: properly validate the data in rtw_get_ie_ex() Just like in commit 154828bf9559 ("staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser"), we don'... read CVE-2026-43387
    Published: May 08, 2026; 11:16:50 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2026-46300 - In the Linux kernel, the following vulnerability has been resolved: net: skbuff: preserve shared-frag marker during coalescing skb_try_coalesce() can attach paged frags from @from to @to. If @from has SKBFL_SHARED_FRAG set, the resulting @to sk... read CVE-2026-46300
    Published: May 23, 2026; 8:17:02 AM -0400

    V3.1: 7.8 HIGH

  • CVE-2025-32425 - AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. In AutoGPT, the execution process is recorded to the console (stdout/stderr), and deployed in containe... read CVE-2025-32425
    Published: May 13, 2026; 12:16:35 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2026-31156 - A path injection vulnerability exists in OpenPLC v3 (2c82b0e79c53f8c1f1458eee15fec173400d6e1a) as the binary program compiled from glue_generator.cpp does not perform any validation on the file path parameters passed via the command line. The user... read CVE-2026-31156
    Published: May 13, 2026; 12:16:38 PM -0400

  • CVE-2026-23296 - In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix refcount leak for tagset_refcnt This leak will cause a hang when tearing down the SCSI host. For example, iscsid hangs with the following call trace: [130120.65... read CVE-2026-23296
    Published: March 25, 2026; 7:16:24 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2026-23311 - In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix invalid wait context in ctx_sched_in() Lockdep found a bug in the event scheduling when a pinned event was failed and wakes up the threads in the ring buffer like... read CVE-2026-23311
    Published: March 25, 2026; 7:16:27 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2026-43388 - In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: clear walk_control on inactive context in damos_walk() damos_walk() sets ctx->walk_control to the caller-provided control structure before checking whether the co... read CVE-2026-43388
    Published: May 08, 2026; 11:16:50 AM -0400

    V3.1: 7.8 HIGH

  • CVE-2026-23312 - In the Linux kernel, the following vulnerability has been resolved: net: usb: kaweth: validate USB endpoints The kaweth driver should validate that the device it is probing has the proper number and types of USB endpoints it is expecting before ... read CVE-2026-23312
    Published: March 25, 2026; 7:16:27 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2026-43389 - In the Linux kernel, the following vulnerability has been resolved: mm: memfd_luo: always dirty all folios A dirty folio is one which has been written to. A clean folio is its opposite. Since a clean folio has no user data, it can be freed und... read CVE-2026-43389
    Published: May 08, 2026; 11:16:50 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2026-23313 - In the Linux kernel, the following vulnerability has been resolved: i40e: Fix preempt count leak in napi poll tracepoint Using get_cpu() in the tracepoint assignment causes an obvious preempt count leak because nothing invokes put_cpu() to undo ... read CVE-2026-23313
    Published: March 25, 2026; 7:16:27 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2026-43390 - In the Linux kernel, the following vulnerability has been resolved: nstree: tighten permission checks for listing Even privileged services should not necessarily be able to see other privileged service's namespaces so they can't leak information... read CVE-2026-43390
    Published: May 08, 2026; 11:16:50 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2026-6826 - Concrete CMS 9.5.0 and below  is vulnerable to unauthenticated file usage disclosure via missing permission check in the usage controller.  Any unauthenticated visitor can request /ccm/system/dialogs/file/usage/{fID} with any file ID and receive a... read CVE-2026-6826
    Published: May 21, 2026; 5:16:32 PM -0400

    V3.1: 5.3 MEDIUM

  • CVE-2026-8204 - Concrete CMS 9.5.0 and below is vulnerable to authorization Bypass in the Calendar Event Frontend Dialog which can allow cross-calendar data disclosure. A public calendar block can be used as a pivot point to access private calendar data. The Conc... read CVE-2026-8204
    Published: May 21, 2026; 5:16:33 PM -0400

    V3.1: 5.3 MEDIUM

  • CVE-2026-8417 - Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/update/do_update/<pkgHandle>. The do_update() method in concrete/controllers/single_page/dashboard/extend/update.php checks only canInstall... read CVE-2026-8417
    Published: May 21, 2026; 5:16:33 PM -0400

    V3.1: 8.8 HIGH