U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database

NVD Dashboard

CVEs Received and Processed

CVEs Received and Processed

Please Wait

CVE Status Count

Please Wait

CVSS Score Spread

Please Wait

CVSS V3 Score Distribution

Severity Number of Vulns

CVSS V2 Score Distribution

Severity Number of Vulns


For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2026-46152 - In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: drop stray 'static' from fast-RX rx_result ieee80211_invoke_fast_rx() is documented as safe for parallel RX, but its per-invocation rx_result is declared static.... read CVE-2026-46152
    Published: May 28, 2026; 6:16:30 AM -0400

  • CVE-2026-46151 - In the Linux kernel, the following vulnerability has been resolved: usb: usblp: fix heap leak in IEEE 1284 device ID via short response usblp_ctrl_msg() collapses the usb_control_msg() return value to 0/-errno, discarding the actual number of by... read CVE-2026-46151
    Published: May 28, 2026; 6:16:30 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2026-46161 - In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix divide-by-zero in setup_geo() with zero far_copies setup_geo() extracts near_copies (nc) and far_copies (fc) from the user-provided layout parameter without check... read CVE-2026-46161
    Published: May 28, 2026; 6:16:31 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2026-46160 - In the Linux kernel, the following vulnerability has been resolved: btrfs: fix missing last_unlink_trans update when removing a directory When removing a directory we are not updating its last_unlink_trans field, which can result in incorrect fs... read CVE-2026-46160
    Published: May 28, 2026; 6:16:31 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2026-46159 - In the Linux kernel, the following vulnerability has been resolved: btrfs: fix btrfs_ioctl_space_info() slot_count TOCTOU which can lead to info-leak btrfs_ioctl_space_info() has a TOCTOU race between two passes over the block group RAID type li... read CVE-2026-46159
    Published: May 28, 2026; 6:16:31 AM -0400

    V3.1: 4.7 MEDIUM

  • CVE-2026-46150 - In the Linux kernel, the following vulnerability has been resolved: fanotify: fix false positive on permission events fsnotify_get_mark_safe() may return false for a mark on an unrelated group, which results in bypassing the permission check. F... read CVE-2026-46150
    Published: May 28, 2026; 6:16:30 AM -0400

  • CVE-2026-46155 - In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in smb2_compound_op() If a server sends a truncated response but a large OutputBufferLength, and terminates the EA list early, check_wsl_eas()... read CVE-2026-46155
    Published: May 28, 2026; 6:16:31 AM -0400

  • CVE-2026-46158 - In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: ADD_ADDR rtx: always decrease sk refcount When an ADD_ADDR is retransmitted, the sk is held in sk_reset_timer(). It should then be released in all cases at the end. ... read CVE-2026-46158
    Published: May 28, 2026; 6:16:31 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2026-46157 - In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger Currently the runtime.oss.trigger field may be accessed concurrently without protection, which may lead to the dat... read CVE-2026-46157
    Published: May 28, 2026; 6:16:31 AM -0400

  • CVE-2026-46156 - In the Linux kernel, the following vulnerability has been resolved: LoongArch: Fix potential ADE in loongson_gpu_fixup_dma_hang() The switch case in loongson_gpu_fixup_dma_hang() may not DC2 or DC3, and readl(crtc_reg) will access with random ad... read CVE-2026-46156
    Published: May 28, 2026; 6:16:31 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2026-46153 - In the Linux kernel, the following vulnerability has been resolved: 8021q: delete cleared egress QoS mappings vlan_dev_set_egress_priority() currently keeps cleared egress priority mappings in the hash as tombstones. Repeated set/clear cycles wi... read CVE-2026-46153
    Published: May 28, 2026; 6:16:30 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2026-46154 - In the Linux kernel, the following vulnerability has been resolved: sched_ext: Read scx_root under scx_cgroup_ops_rwsem in cgroup setters scx_group_set_{weight,idle,bandwidth}() cache scx_root before acquiring scx_cgroup_ops_rwsem, so the pointe... read CVE-2026-46154
    Published: May 28, 2026; 6:16:31 AM -0400

  • CVE-2026-7473 - On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsulation) tunnel interface—is present, the switch will incorrectly decapsulate... read CVE-2026-7473
    Published: June 05, 2026; 1:17:02 PM -0400

  • CVE-2026-46243 - In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid, uid, creduid, and upcall_target that cifs.upcal... read CVE-2026-46243
    Published: June 01, 2026; 1:17:34 PM -0400

  • CVE-2026-46253 - In the Linux kernel, the following vulnerability has been resolved: pstore/ram: fix buffer overflow in persistent_ram_save_old() persistent_ram_save_old() can be called multiple times for the same persistent_ram_zone (e.g., via ramoops_pstore_re... read CVE-2026-46253
    Published: June 03, 2026; 2:16:26 PM -0400

  • CVE-2026-46252 - In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix locking in regulator_resolve_supply() error path If late enabling of a supply regulator fails in regulator_resolve_supply(), the code currently triggers a l... read CVE-2026-46252
    Published: June 03, 2026; 2:16:25 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2026-46250 - In the Linux kernel, the following vulnerability has been resolved: MIPS: Work around LLVM bug when gp is used as global register variable On MIPS, __current_thread_info is defined as global register variable locating in $gp, and is simply assig... read CVE-2026-46250
    Published: June 03, 2026; 2:16:25 PM -0400

  • CVE-2026-41840 - Spring WebFlux applications are vulnerable to Denial of Service (DoS) attacks when processing multipart requests. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
    Published: June 09, 2026; 1:16:35 AM -0400

  • CVE-2026-46251 - In the Linux kernel, the following vulnerability has been resolved: btrfs: fix block_group_tree dirty_list corruption When the incompat flag EXTENT_TREE_V2 is set, we unconditionally add the block group tree to the switch_commits list before cal... read CVE-2026-46251
    Published: June 03, 2026; 2:16:25 PM -0400

  • CVE-2026-41841 - Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
    Published: June 09, 2026; 1:16:36 AM -0400