Thanks to visit codestin.com
Credit goes to nvd.nist.gov

U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
Icon for NVD Communications and Status Updates Page
Communications Page
The NVD now supports CVSS version 4.0!
CVSS v4.0 Support
The letters N V D typed out in binary
2.0 APIs

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2026-8346 - A vulnerability was detected in D-Link DIR-816 1.10CNB05_R1B011D88210. This affects the function portForward. Performing a manipulation of the argument ip_address results in command injection. The attack can be initiated remotely. The exploit is n... read CVE-2026-8346
    Published: May 11, 2026; 8:17:03 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2026-43177 - In the Linux kernel, the following vulnerability has been resolved: media: ipu6: Fix RPM reference leak in probe error paths Several error paths in ipu6_pci_probe() were jumping directly to out_ipu6_bus_del_devices without releasing the runtime ... read CVE-2026-43177
    Published: May 06, 2026; 8:16:36 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2026-7431 - An incorrect permission assignment for critical resource of Ivanti Secure Access Client   before 22.8R6 allows a local authenticated user to read or modify sensitive log data via write access to a shared memory section.
    Published: May 12, 2026; 11:16:16 AM -0400

  • CVE-2026-7432 - A race condition in Ivanti Secure Access Client before 22.8R6 allows a locally authenticated user to escalate privileges to SYSTEM
    Published: May 12, 2026; 11:16:17 AM -0400

    V3.1: 7.0 HIGH

  • CVE-2026-43178 - In the Linux kernel, the following vulnerability has been resolved: procfs: fix possible double mmput() in do_procmap_query() When user provides incorrectly sized buffer for build ID for PROCMAP_QUERY we return with -ENAMETOOLONG error. After r... read CVE-2026-43178
    Published: May 06, 2026; 8:16:36 AM -0400

    V3.1: 7.8 HIGH

  • CVE-2026-34675 - Substance3D - Painter versions 12.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a... read CVE-2026-34675
    Published: May 12, 2026; 2:17:11 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2026-34676 - Substance3D - Painter versions 12.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a... read CVE-2026-34676
    Published: May 12, 2026; 2:17:11 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2026-35071 - Dell PowerScale InsightIQ, versions 6.0.0 through 6.2.0, contains an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit t... read CVE-2026-35071
    Published: May 12, 2026; 10:17:02 AM -0400

  • CVE-2026-40638 - Dell PowerScale InsightIQ, versions 5.0.0 through 6.2.0, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.
    Published: May 12, 2026; 10:17:04 AM -0400

  • CVE-2026-43179 - In the Linux kernel, the following vulnerability has been resolved: erofs: fix incorrect early exits for invalid metabox-enabled images Crafted EROFS images with metadata compression enabled can trigger incorrect early returns, leading to folio ... read CVE-2026-43179
    Published: May 06, 2026; 8:16:36 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2026-8388 - Incorrect boundary conditions in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3.
    Published: May 12, 2026; 10:17:11 AM -0400

  • CVE-2026-20696 - An authorization issue was addressed with improved state management. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data.
    Published: May 11, 2026; 5:18:50 PM -0400

  • CVE-2026-28830 - A race condition was addressed with additional validation. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data.
    Published: May 11, 2026; 5:18:51 PM -0400

  • CVE-2025-46311 - An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2. An app may be able to access sensitive user data.
    Published: May 12, 2026; 2:16:35 PM -0400

  • CVE-2026-8260 - A vulnerability was found in D-Link DCS-935L up to 1.10.01. The impacted element is the function SetDeviceSettings of the file /web/cgi-bin/hnap/hnap_service of the component HNAP Service. The manipulation of the argument AdminPassword results in ... read CVE-2026-8260
    Published: May 10, 2026; 10:16:27 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2026-8263 - A security flaw has been discovered in Tenda AC6 15.03.06.49_multi_TDE01. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet of the component httpd. Performing a manipulation of the argument mac/ssid results in os comm... read CVE-2026-8263
    Published: May 10, 2026; 10:16:28 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2026-36983 - D-Link DCS-932L v2.18.01 is vulnerable to Command Injection in the function sub_42EF14 of the file /bin/alphapd. The manipulation of the argument LightSensorControl leads to command injection.
    Published: May 11, 2026; 2:16:32 PM -0400

  • CVE-2026-43180 - In the Linux kernel, the following vulnerability has been resolved: net: usb: kaweth: remove TX queue manipulation in kaweth_set_rx_mode kaweth_set_rx_mode(), the ndo_set_rx_mode callback, calls netif_stop_queue() and netif_wake_queue(). These a... read CVE-2026-43180
    Published: May 06, 2026; 8:16:36 AM -0400

  • CVE-2026-43006 - In the Linux kernel, the following vulnerability has been resolved: io_uring/rsrc: reject zero-length fixed buffer import validate_fixed_range() admits buf_addr at the exact end of the registered region when len is zero, because the check uses s... read CVE-2026-43006
    Published: May 01, 2026; 11:16:44 AM -0400

  • CVE-2026-43005 - In the Linux kernel, the following vulnerability has been resolved: hwmon: (tps53679) Fix array access with zero-length block read i2c_smbus_read_block_data() can return 0, indicating a zero-length read. When this happens, tps53679_identify_chip... read CVE-2026-43005
    Published: May 01, 2026; 11:16:44 AM -0400

    V3.1: 7.1 HIGH

Created September 20, 2022 , Updated August 27, 2024