U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database

NVD Dashboard

CVEs Received and Processed

CVEs Received and Processed

Please Wait

CVE Status Count

Please Wait

CVSS Score Spread

Please Wait

CVSS V3 Score Distribution

Severity Number of Vulns

CVSS V2 Score Distribution

Severity Number of Vulns


For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2026-43470 - In the Linux kernel, the following vulnerability has been resolved: nfs: return EISDIR on nfs3_proc_create if d_alias is a dir If we found an alias through nfs3_do_create/nfs_add_or_obtain /d_splice_alias which happens to be a dir dentry, we don... read CVE-2026-43470
    Published: May 08, 2026; 11:17:00 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2026-43968 - Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in ninenines cowlib allows SSE event splitting and injection via unvalidated field values. cow_sse:event/1 in cowlib guards the id and event fields against \n but not agai... read CVE-2026-43968
    Published: May 11, 2026; 3:16:25 PM -0400

    V3.1: 4.0 MEDIUM

  • CVE-2026-43969 - Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in ninenines cowlib allows HTTP request splitting and cookie smuggling via unvalidated cookie name and value fields. cow_cookie:cookie/1 in cowlib builds a client-side Coo... read CVE-2026-43969
    Published: May 11, 2026; 3:16:25 PM -0400

    V3.1: 3.2 LOW

  • CVE-2026-43472 - In the Linux kernel, the following vulnerability has been resolved: unshare: fix unshare_fs() handling There's an unpleasant corner case in unshare(2), when we have a CLONE_NEWNS in flags and current->fs hadn't been shared at all; in that case c... read CVE-2026-43472
    Published: May 08, 2026; 11:17:00 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2026-2586 - An authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution of arbitrary operating system commands with the pri... read CVE-2026-2586
    Published: May 19, 2026; 11:16:28 AM -0400

  • CVE-2026-2587 - A critical Remote Code Execution (RCE) vulnerability was identified in the server-side template rendering mechanism used by the Glassfish gadget handler. The application processes .xml files and evaluates user-supplied values within a context wher... read CVE-2026-2587
    Published: May 19, 2026; 11:16:28 AM -0400

  • CVE-2026-43473 - In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Add NULL checks when resetting request and reply queues The driver encountered a crash during resource cleanup when the reply and request queues were NULL due to f... read CVE-2026-43473
    Published: May 08, 2026; 11:17:00 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2026-43474 - In the Linux kernel, the following vulnerability has been resolved: fs: init flags_valid before calling vfs_fileattr_get syzbot reported a uninit-value bug in [1]. Similar to the "*get" context where the kernel's internal file_kattr structure i... read CVE-2026-43474
    Published: May 08, 2026; 11:17:00 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2026-43475 - In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT This resolves the follow splat and lock-up when running with PREEMPT_RT enabled on Hyper-V: [ 415.140818] BUG: schedul... read CVE-2026-43475
    Published: May 08, 2026; 11:17:00 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2026-24160 - NVIDIA TRT-LLM for any platform contains a vulnerability where an attacker could cause an unchecked return value to a null pointer dereference. A successful exploit of this vulnerability might lead to denial of service.
    Published: May 20, 2026; 12:16:45 AM -0400

    V3.1: 7.5 HIGH

  • CVE-2026-22614 - The encryption mechanism used in Eaton's EasySoft project file was insecure and susceptible to brute force attacks, an attacker with access to this file and the local host machine could potentially read the sensitive information stored and tamper ... read CVE-2026-22614
    Published: March 10, 2026; 2:18:12 PM -0400

  • CVE-2008-4250 - The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow durin... read CVE-2008-4250
    Published: October 23, 2008; 6:00:01 PM -0400

    V2.0: 10.0 HIGH

  • CVE-2009-1537 - Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary ... read CVE-2009-1537
    Published: May 29, 2009; 2:30:00 PM -0400

    V2.0: 9.3 HIGH

  • CVE-2010-0806 - Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of ... read CVE-2010-0806
    Published: March 10, 2010; 5:30:01 PM -0500

    V2.0: 9.3 HIGH

  • CVE-2010-0249 - Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remo... read CVE-2010-0249
    Published: January 15, 2010; 12:30:00 PM -0500

    V3.1: 8.8 HIGH
     V2.0: 9.3 HIGH

  • CVE-2009-3459 - Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in Oct... read CVE-2009-3459
    Published: October 13, 2009; 6:30:00 AM -0400

    V2.0: 9.3 HIGH

  • CVE-2026-23448 - In the Linux kernel, the following vulnerability has been resolved: net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check cdc_ncm_rx_verify_ndp16() validates that the NDP header and its DPE entries fit within the skb. The first check co... read CVE-2026-23448
    Published: April 03, 2026; 12:16:30 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2026-23449 - In the Linux kernel, the following vulnerability has been resolved: net/sched: teql: Fix double-free in teql_master_xmit Whenever a TEQL devices has a lockless Qdisc as root, qdisc_reset should be called using the seq_lock to avoid racing with t... read CVE-2026-23449
    Published: April 03, 2026; 12:16:31 PM -0400

  • CVE-2026-23450 - In the Linux kernel, the following vulnerability has been resolved: net/smc: fix NULL dereference and UAF in smc_tcp_syn_recv_sock() Syzkaller reported a panic in smc_tcp_syn_recv_sock() [1]. smc_tcp_syn_recv_sock() is called in the TCP receive... read CVE-2026-23450
    Published: April 03, 2026; 12:16:31 PM -0400

  • CVE-2026-23451 - In the Linux kernel, the following vulnerability has been resolved: bonding: prevent potential infinite loop in bond_header_parse() bond_header_parse() can loop if a stack of two bonding devices is setup, because skb->dev always points to the hi... read CVE-2026-23451
    Published: April 03, 2026; 12:16:31 PM -0400