U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database

NVD Dashboard

CVEs Received and Processed

CVEs Received and Processed

Please Wait

CVE Status Count

Please Wait

CVSS Score Spread

Please Wait

CVSS V3 Score Distribution

Severity Number of Vulns

CVSS V2 Score Distribution

Severity Number of Vulns


For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2025-38567 - In the Linux kernel, the following vulnerability has been resolved: nfsd: avoid ref leak in nfsd_open_local_fh() If two calls to nfsd_open_local_fh() race and both successfully call nfsd_file_acquire_local(), they will both get an extra referenc... read CVE-2025-38567
    Published: August 19, 2025; 1:15:33 PM -0400

    V3.1: 4.7 MEDIUM

  • CVE-2025-38568 - In the Linux kernel, the following vulnerability has been resolved: net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing TCA_MQPRIO_TC_ENTRY_INDEX is validated using NLA_POLICY_MAX(NLA_U32, TC_QOPT_MAX_QUEUE), which allows the va... read CVE-2025-38568
    Published: August 19, 2025; 1:15:33 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2025-38570 - In the Linux kernel, the following vulnerability has been resolved: eth: fbnic: unlink NAPIs from queues on error to open CI hit a UaF in fbnic in the AF_XDP portion of the queues.py test. The UaF is in the __sk_mark_napi_id_once() call in xsk_b... read CVE-2025-38570
    Published: August 19, 2025; 1:15:33 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2025-38571 - In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix client side handling of tls alerts A security exploit was discovered in NFS over TLS in tls_alert_recv due to its assumption that there is valid data in the msghdr's... read CVE-2025-38571
    Published: August 19, 2025; 1:15:33 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2025-38573 - In the Linux kernel, the following vulnerability has been resolved: spi: cs42l43: Property entry should be a null-terminated array The software node does not specify a count of property entries, so the array must be null-terminated. When unterm... read CVE-2025-38573
    Published: August 19, 2025; 1:15:34 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2025-38580 - In the Linux kernel, the following vulnerability has been resolved: ext4: fix inode use after free in ext4_end_io_rsv_work() In ext4_io_end_defer_completion(), check if io_end->list_vec is empty to avoid adding an io_end that requires no convers... read CVE-2025-38580
    Published: August 19, 2025; 1:15:35 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2025-38582 - In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix double destruction of rsv_qp rsv_qp may be double destroyed in error flow, first in free_mr_init(), and then in hns_roce_exit(). Fix it by moving the free_mr_init(... read CVE-2025-38582
    Published: August 19, 2025; 1:15:35 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2024-36340 - A junction point vulnerability within AMD uProf can allow a local low-privileged attacker to create junction points, potentially resulting in arbitrary file deletion or disclosure.
    Published: May 13, 2025; 10:15:19 AM -0400

  • CVE-2025-29933 - Improper input validation within AMD uProf can allow a local attacker to write out of bounds, potentially resulting in a crash or denial of service
    Published: November 24, 2025; 4:16:02 PM -0500

  • CVE-2025-48502 - Improper input validation within AMD uprof can allow a local attacker to overwrite MSR registers, potentially resulting in crash or denial of service.
    Published: November 21, 2025; 2:15:50 PM -0500

  • CVE-2025-48510 - Improper return value within AMD uProf can allow a local attacker to bypass KSLR, potentially resulting in loss of confidentiality or availability.
    Published: November 24, 2025; 4:16:03 PM -0500

  • CVE-2025-48511 - Improper input validation within AMD uprof can allow a local attacker to write to an arbitrary physical address, potentially resulting in crash or denial of service.
    Published: November 24, 2025; 4:16:03 PM -0500

  • CVE-2025-64720 - LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite... read CVE-2025-64720
    Published: November 24, 2025; 7:15:47 PM -0500

  • CVE-2025-65018 - LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified... read CVE-2025-65018
    Published: November 24, 2025; 7:15:47 PM -0500

  • CVE-2025-64506 - LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_write_ima... read CVE-2025-64506
    Published: November 24, 2025; 7:15:47 PM -0500

  • CVE-2025-64505 - LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize function ... read CVE-2025-64505
    Published: November 24, 2025; 7:15:47 PM -0500

  • CVE-2025-38566 - In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix handling of server side tls alerts Scott Mayhew discovered a security exploit in NFS over TLS in tls_alert_recv() due to its assumption it can read data from the msg... read CVE-2025-38566
    Published: August 19, 2025; 1:15:33 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2025-38605 - In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type() In ath12k_dp_tx_get_encap_type(), the arvif parameter is only used to retrieve the ab pointer. In vdev de... read CVE-2025-38605
    Published: August 19, 2025; 1:15:38 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2025-38600 - In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: fix off by one in mt7925_mcu_hw_scan() The ssid->ssids[] and sreq->ssids[] arrays have MT7925_RNR_SCAN_MAX_BSSIDS elements so this >= needs to be > to preven... read CVE-2025-38600
    Published: August 19, 2025; 1:15:38 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2025-38599 - In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: Fix possible OOB access in mt7996_tx() Fis possible Out-Of-Boundary access in mt7996_tx routine if link_id is set to IEEE80211_LINK_UNSPECIFIED
    Published: August 19, 2025; 1:15:37 PM -0400

    V3.1: 7.1 HIGH