U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database

NVD Dashboard

CVEs Received and Processed

CVEs Received and Processed

Please Wait

CVE Status Count

Please Wait

CVSS Score Spread

Please Wait

CVSS V3 Score Distribution

Severity Number of Vulns

CVSS V2 Score Distribution

Severity Number of Vulns


For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2026-43408 - In the Linux kernel, the following vulnerability has been resolved: ceph: add a bunch of missing ceph_path_info initializers ceph_mdsc_build_path() must be called with a zero-initialized ceph_path_info parameter, or else the following ceph_mdsc_... read CVE-2026-43408
    Published: May 08, 2026; 11:16:52 AM -0400

  • CVE-2026-43409 - In the Linux kernel, the following vulnerability has been resolved: kprobes: avoid crash when rmmod/insmod after ftrace killed After we hit ftrace is killed by some errors, the kernel crash if we remove modules in which kprobe probes. BUG: unab... read CVE-2026-43409
    Published: May 08, 2026; 11:16:52 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2026-39461 - libcasper(3) communicates with helper processes via UNIX domain sockets, and uses the select(2) system call to wait for data to become available. However, it does not verify that its socket descriptor fits within select(2)'s descriptor set size l... read CVE-2026-39461
    Published: May 21, 2026; 6:16:25 AM -0400

  • CVE-2026-45251 - A file descriptor can be closed while a thread is blocked in a poll(2) or select(2) call waiting for that descriptor. Because the blocked thread does not hold a reference to the underlying object, this closure may result in the object being freed... read CVE-2026-45251
    Published: May 21, 2026; 6:16:26 AM -0400

  • CVE-2026-45252 - When a fusefs file system implements extended attributes, the kernel may send a FUSE_LISTXATTR message to the userspace daemon to retrieve the list of extended attributes for a given file. The FUSE protocol requires the daemon to return a packed ... read CVE-2026-45252
    Published: May 21, 2026; 6:16:26 AM -0400

  • CVE-2026-45253 - ptrace(PT_SC_REMOTE) failed to properly validate parameters for the syscall(2) and __syscall(2) meta-system calls. As a result, a user with the ability to debug a process may trigger arbitrary code execution in the kernel, even if the target proc... read CVE-2026-45253
    Published: May 21, 2026; 6:16:26 AM -0400

  • CVE-2026-45254 - In the case of the cap_net service, when a key present in the old limit was omitted from the new limit, the missing key was treated as "allow any" instead of being rejected. In certain scenarios, an application that had previously restricted a su... read CVE-2026-45254
    Published: May 21, 2026; 6:16:26 AM -0400

  • CVE-2026-8488 - Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation allows Excessive Allocation. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7.
    Published: May 20, 2026; 12:16:27 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2026-45255 - When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog(1) to prompt the user to select a network. This is implemented using a shell script, and the code which handled n... read CVE-2026-45255
    Published: May 21, 2026; 6:16:26 AM -0400

  • CVE-2026-45250 - The setcred(2) system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-size kernel stack buffer without first validatin... read CVE-2026-45250
    Published: May 21, 2026; 5:16:30 AM -0400

  • CVE-2026-8632 - A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution via operating system command injection.
    Published: May 20, 2026; 5:16:18 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2026-8631 - A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution via an integer overflow in the hpcups processing ... read CVE-2026-8631
    Published: May 20, 2026; 5:16:18 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2026-2812 - ArcGIS Server contains an improper authentication vulnerability in an undocumented administrative endpoint. An unauthenticated attacker could exploit this issue by sending a crafted request to the endpoint. Successful exploitation may result in di... read CVE-2026-2812
    Published: May 20, 2026; 4:16:36 PM -0400

  • CVE-2026-8487 - Incorrect default permissions vulnerability in Progress Software MOVEit Automation allows Retrieve Embedded Sensitive Data. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7.
    Published: May 20, 2026; 12:16:27 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2026-32687 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in elixir-ecto postgrex ('Elixir.Postgrex.Notifications' module) allows SQL Injection. The channel argument passed to 'Elixir.Postgrex.Notification... read CVE-2026-32687
    Published: May 12, 2026; 11:16:12 AM -0400

    V3.1: 7.8 HIGH

  • CVE-2026-8486 - Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation allows Flooding. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7.
    Published: May 20, 2026; 12:16:27 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2026-2813 - ArcGIS Server contains an input validation weakness in the login redirection workflow. An Authenticated attacker could exploit this issue by sending a specially crafted request, Successful exploitation may result in the application redirecting the... read CVE-2026-2813
    Published: May 20, 2026; 4:16:37 PM -0400

    V3.1: 4.1 MEDIUM

  • CVE-2026-42794 - Improper Neutralization of Input During Web Page Generation (XSS) vulnerability in absinthe-graphql absinthe_plug allows reflected cross-site scripting via the GraphiQL interface. 'Elixir.Absinthe.Plug.GraphiQL':js_escape/1 in lib/absinthe/plug/g... read CVE-2026-42794
    Published: May 08, 2026; 12:16:12 PM -0400

    V3.1: 6.1 MEDIUM

  • CVE-2026-40379 - Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized attacker to perform spoofing over a network.
    Published: May 12, 2026; 2:17:16 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2026-23245 - In the Linux kernel, the following vulnerability has been resolved: net/sched: act_gate: snapshot parameters with RCU on replace The gate action can be replaced while the hrtimer callback or dump path is walking the schedule list. Convert the p... read CVE-2026-23245
    Published: March 18, 2026; 7:16:16 AM -0400