U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database

NVD Dashboard

CVEs Received and Processed

CVEs Received and Processed

Please Wait

CVE Status Count

Please Wait

CVSS Score Spread

Please Wait

CVSS V3 Score Distribution

Severity Number of Vulns

CVSS V2 Score Distribution

Severity Number of Vulns


For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2026-33642 - Kitty is a cross-platform GPU based terminal. In versions 0.46.2 and below, the handle_compose_command() function in kitty/graphics.c performs bounds validation on composition offsets using unsigned 32-bit arithmetic that is subject to integer wra... read CVE-2026-33642
    Published: May 19, 2026; 3:16:49 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2026-33633 - Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and below contain a heap buffer overflow in load_image_data() that allows any process which can write to the terminal's stdin to crash kitty immediately. The vulnerability is triggered ... read CVE-2026-33633
    Published: May 19, 2026; 2:16:21 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2026-2611 - In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its /ajax-api endpoints. This vulnerability allows a remote attacker to exploit cross-origin requests from a malicious webpage to interact with the MLfl... read CVE-2026-2611
    Published: May 19, 2026; 6:16:22 AM -0400

  • CVE-2026-23263 - In the Linux kernel, the following vulnerability has been resolved: io_uring/zcrx: fix page array leak d9f595b9a65e ("io_uring/zcrx: fix leaking pages on sg init fail") fixed a page leakage but didn't free the page array, release it as well.
    Published: March 18, 2026; 2:16:24 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2026-23262 - In the Linux kernel, the following vulnerability has been resolved: gve: Fix stats report corruption on queue count change The driver and the NIC share a region in memory for stats reporting. The NIC calculates its offset into this region based ... read CVE-2026-23262
    Published: March 18, 2026; 2:16:24 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2026-22678 - Webmin before 2.641 contains a stored cross-site scripting vulnerability in the email template description field of the System and Server Status module that allows low-privileged authenticated attackers to execute arbitrary commands by injecting u... read CVE-2026-22678
    Published: May 21, 2026; 6:16:46 PM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2026-23261 - In the Linux kernel, the following vulnerability has been resolved: nvme-fc: release admin tagset if init fails nvme_fabrics creates an NVMe/FC controller in following path: nvmf_dev_write() -> nvmf_create_ctrl() -> nvme_fc_cr... read CVE-2026-23261
    Published: March 18, 2026; 2:16:24 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2026-24188 - NVIDIA TensorRT contains a vulnerability where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to data tampering.
    Published: May 20, 2026; 4:16:36 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2025-26483 - Dell PowerFlex Manager, versions 4.6.2 and prior, contains an Open Redirect Vulnerability. An unauthenticated attacker could potentially exploit this vulnerability, leading to a targeted application user being redirected to arbitrary web URLs. The... read CVE-2025-26483
    Published: May 22, 2026; 10:16:24 AM -0400

    V3.1: 8.2 HIGH

  • CVE-2025-32745 - Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information tampering.
    Published: May 22, 2026; 10:16:24 AM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2025-32746 - Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Insecure Storage of Sensitive Information vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to sensit... read CVE-2025-32746
    Published: May 22, 2026; 10:16:24 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2025-32747 - Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
    Published: May 22, 2026; 10:16:24 AM -0400

    V3.1: 7.8 HIGH

  • CVE-2025-32749 - Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.
    Published: May 22, 2026; 10:16:24 AM -0400

    V3.1: 7.5 HIGH

  • CVE-2025-32751 - Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Insecure Storage of Sensitive Information vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to sensitiv... read CVE-2025-32751
    Published: May 22, 2026; 11:16:25 AM -0400

  • CVE-2025-46371 - Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the ssh. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mec... read CVE-2025-46371
    Published: May 22, 2026; 11:16:25 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2026-24350 - PluXml CMS is vulnerable to Stored XSS in file uploading functionality. An authenticated attacker can upload an SVG file containing a malicious payload, which will be executed when a victim clicks the link associated with the uploaded image. In ve... read CVE-2026-24350
    Published: February 27, 2026; 7:16:02 AM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2026-5363 - Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 (uhttpd modules) allows Password Recovery Exploitation. The web interface encrypts the admin password client-side using RSA-1024 before sending it to the router during l... read CVE-2026-5363
    Published: April 15, 2026; 8:16:29 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2026-43089 - In the Linux kernel, the following vulnerability has been resolved: xfrm_user: fix info leak in build_mapping() struct xfrm_usersa_id has a one-byte padding hole after the proto field, which ends up never getting set to zero before copying out t... read CVE-2026-43089
    Published: May 06, 2026; 6:16:22 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2026-43088 - In the Linux kernel, the following vulnerability has been resolved: net: af_key: zero aligned sockaddr tail in PF_KEY exports PF_KEY export paths use `pfkey_sockaddr_size()` when reserving sockaddr payload space, so IPv6 addresses occupy 32 byte... read CVE-2026-43088
    Published: May 06, 2026; 6:16:22 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2026-43417 - In the Linux kernel, the following vulnerability has been resolved: sched/mmcid: Handle vfork()/CLONE_VM correctly Matthieu and Jiri reported stalls where a task endlessly loops in mm_get_cid() when scheduling in. It turned out that the logic w... read CVE-2026-43417
    Published: May 08, 2026; 11:16:53 AM -0400

    V3.1: 5.5 MEDIUM