NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:April 28, 2026, 4:09 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
801	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: net: usb: kalmia: validate USB endpoints The kalmia driver should validate that the device it is probing has the proper number an…	NVD-CWE-noinfo	CVE-2026-23365	2026-04-25 03:47	2026-03-25	Show	GitHub Exploit DB Packet Storm

802	5.5	MEDIUM Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: net: usb: kalmia: validar puntos finales USB El controlador kalmia debería validar que el dispositivo que está sondeando tiene e…	NVD-CWE-noinfo	CVE-2026-23365	2026-04-25 03:47	2026-03-25	Show	GitHub Exploit DB Packet Storm

803	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: ice: Fix memory leak in ice_set_ringparam() In ice_set_ringparam, tx_rings and xdp_rings are allocated before rx_rings. If the al…	CWE-401 Missing Release of Memory after Effective Lifetime	CVE-2026-23389	2026-04-25 03:45	2026-03-25	Show	GitHub Exploit DB Packet Storm

804	5.5	MEDIUM Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: ice: Corrección de fuga de memoria en ice_set_ringparam() En ice_set_ringparam, tx_rings y xdp_rings se asignan antes de rx_ring…	CWE-401 Missing Release of Memory after Effective Lifetime	CVE-2026-23389	2026-04-25 03:45	2026-03-25	Show	GitHub Exploit DB Packet Storm

805	7.1	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: Squashfs: check metadata block offset is within range Syzkaller reports a "general protection fault in squashfs_copy_data" This …	CWE-125 Out-of-bounds Read	CVE-2026-23388	2026-04-25 03:45	2026-03-25	Show	GitHub Exploit DB Packet Storm

806	7.1	HIGH Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: Squashfs: comprobar que el desplazamiento del bloque de metadatos está dentro del rango Syzkaller informa de un 'fallo de protec…	CWE-125 Out-of-bounds Read	CVE-2026-23388	2026-04-25 03:45	2026-03-25	Show	GitHub Exploit DB Packet Storm

807	7.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: pinctrl: cirrus: cs42l43: Fix double-put in cs42l43_pin_probe() devm_add_action_or_reset() already invokes the action on failure,…	CWE-415 Double Free	CVE-2026-23387	2026-04-25 03:45	2026-03-25	Show	GitHub Exploit DB Packet Storm

808	7.8	HIGH Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: pinctrl: cirrus: cs42l43: Corrección de doble put en cs42l43_pin_probe() devm_add_action_or_reset() ya invoca la acción en caso …	CWE-415 Double Free	CVE-2026-23387	2026-04-25 03:45	2026-03-25	Show	GitHub Exploit DB Packet Storm

809	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL In DQ-QPL mode, gve_tx_clean_pending_packets() incorrec…	NVD-CWE-noinfo	CVE-2026-23386	2026-04-25 03:44	2026-03-25	Show	GitHub Exploit DB Packet Storm

810	5.5	MEDIUM Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: gve: corrige la limpieza incorrecta del búfer en gve_tx_clean_pending_packets para QPL En el modo DQ-QPL, gve_tx_clean_pending_p…	NVD-CWE-noinfo	CVE-2026-23386	2026-04-25 03:44	2026-03-25	Show	GitHub Exploit DB Packet Storm

811	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: clone set on flush only Syzbot with fault injection triggered a failing memory allocation with GFP_KERNEL w…	NVD-CWE-noinfo	CVE-2026-23385	2026-04-25 03:44	2026-03-25	Show	GitHub Exploit DB Packet Storm

812	5.5	MEDIUM Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: netfilter: nf_tables: clonar conjunto solo al vaciar Syzbot con inyección de fallos activó una asignación de memoria fallida con…	NVD-CWE-noinfo	CVE-2026-23385	2026-04-25 03:44	2026-03-25	Show	GitHub Exploit DB Packet Storm

813	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: RDMA/ionic: Fix kernel stack leak in ionic_create_cq() struct ionic_cq_resp resp { __u32 cqid[2]; // offset 0 - PARTI…	CWE-401 Missing Release of Memory after Effective Lifetime	CVE-2026-23384	2026-04-25 03:42	2026-03-25	Show	GitHub Exploit DB Packet Storm

814	5.5	MEDIUM Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: RDMA/ionic: Corrección de fuga de pila del kernel en ionic_create_cq() struct ionic_cq_resp resp { __u32 cqid[2]; //…	CWE-401 Missing Release of Memory after Effective Lifetime	CVE-2026-23384	2026-04-25 03:42	2026-03-25	Show	GitHub Exploit DB Packet Storm

815	7.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing struct bpf_plt contains a u64 target field. Currently…	NVD-CWE-noinfo	CVE-2026-23383	2026-04-25 03:42	2026-03-25	Show	GitHub Exploit DB Packet Storm

816	7.8	HIGH Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: bpf, arm64: Forzar alineación de 8 bytes para el búfer JIT para prevenir el desgarro atómico struct bpf_plt contiene un campo ob…	NVD-CWE-noinfo	CVE-2026-23383	2026-04-25 03:42	2026-03-25	Show	GitHub Exploit DB Packet Storm

817	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them In commit 2ff5baa9b527 ("HID: appleir: Fix potential NULL d…	CWE-476 NULL Pointer Dereference	CVE-2026-23382	2026-04-25 03:42	2026-03-25	Show	GitHub Exploit DB Packet Storm

818	5.5	MEDIUM Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: HID: Añadir protecciones HID_CLAIMED_INPUT en las retrollamadas de raw_event que las omiten En el commit 2ff5baa9b527 ('HID: app…	CWE-476 NULL Pointer Dereference	CVE-2026-23382	2026-04-25 03:42	2026-03-25	Show	GitHub Exploit DB Packet Storm

819	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled When booting with the 'ipv6.disable=1' parameter, the nd_tbl is ne…	CWE-476 NULL Pointer Dereference	CVE-2026-23381	2026-04-25 03:41	2026-03-25	Show	GitHub Exploit DB Packet Storm

820	5.5	MEDIUM Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: net: bridge: corrige la desreferencia NULL de nd_tbl cuando IPv6 está deshabilitado Al arrancar con el parámetro 'ipv6.disable=1…	CWE-476 NULL Pointer Dereference	CVE-2026-23381	2026-04-25 03:41	2026-03-25	Show	GitHub Exploit DB Packet Storm

821	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: net: phy: register phy led_triggers during probe to avoid AB-BA deadlock There is an AB-BA deadlock when both LEDS_TRIGGER_NETDEV…	CWE-667 Improper Locking	CVE-2026-23368	2026-04-25 03:41	2026-03-25	Show	GitHub Exploit DB Packet Storm

822	5.5	MEDIUM Local	linux	linux_kernel	En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: phy: registrar los led_triggers del phy durante la sonda para evitar un interbloqueo AB-BA Existe un interbloqueo AB-BA cuand…	CWE-667 Improper Locking	CVE-2026-23368	2026-04-25 03:41	2026-03-25	Show	GitHub Exploit DB Packet Storm

823	7.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry Endpoint drivers use dw_pcie_ep_raise_msix_irq() to raise an MSI-X…	CWE-787 Out-of-bounds Write	CVE-2026-23361	2026-04-25 03:41	2026-03-25	Show	GitHub Exploit DB Packet Storm

824	7.8	HIGH Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: PCI: dwc: ep: Vaciar escritura MSI-X antes de desmapear su entrada ATU Los controladores de punto final usan dw_pcie_ep_raise_ms…	CWE-787 Out-of-bounds Write	CVE-2026-23361	2026-04-25 03:41	2026-03-25	Show	GitHub Exploit DB Packet Storm

825	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: wifi: radiotap: reject radiotap with unknown bits The radiotap parser is currently only used with the radiotap namespace (not wit…	NVD-CWE-noinfo	CVE-2026-23367	2026-04-25 03:41	2026-03-25	Show	GitHub Exploit DB Packet Storm

826	5.5	MEDIUM Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: wifi: radiotap: rechazar radiotap con bits desconocidos El analizador de radiotap actualmente solo se utiliza con el espacio de …	NVD-CWE-noinfo	CVE-2026-23367	2026-04-25 03:41	2026-03-25	Show	GitHub Exploit DB Packet Storm

827	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: drm/client: Do not destroy NULL modes 'modes' in drm_client_modeset_probe may fail to kcalloc. If this occurs, we jump to 'out',…	CWE-476 NULL Pointer Dereference	CVE-2026-23366	2026-04-25 03:41	2026-03-25	Show	GitHub Exploit DB Packet Storm

828	5.5	MEDIUM Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: drm/cliente: No destruir modos NULL 'modes' en drm_client_modeset_probe puede fallar al kcalloc. Si esto ocurre, saltamos a 'out…	CWE-476 NULL Pointer Dereference	CVE-2026-23366	2026-04-25 03:41	2026-03-25	Show	GitHub Exploit DB Packet Storm

829	7.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: apparmor: fix side-effect bug in match_char() macro usage The match_char() macro evaluates its character parameter multiple times…	CWE-125 Out-of-bounds Read	CVE-2026-23406	2026-04-25 03:40	2026-04-1	Show	GitHub Exploit DB Packet Storm

830	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: apparmor: fix: limit the number of levels of policy namespaces Currently the number of policy namespaces is not bounded relying o…	NVD-CWE-noinfo	CVE-2026-23405	2026-04-25 03:40	2026-04-1	Show	GitHub Exploit DB Packet Storm

831	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: apparmor: replace recursive profile removal with iterative approach The profile removal code uses recursion when removing nested …	NVD-CWE-noinfo	CVE-2026-23404	2026-04-25 03:40	2026-04-1	Show	GitHub Exploit DB Packet Storm

832	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: apparmor: fix memory leak in verify_header The function sets `*ns = NULL` on every call, leaking the namespace string allocated i…	CWE-401 Missing Release of Memory after Effective Lifetime	CVE-2026-23403	2026-04-25 03:39	2026-04-1	Show	GitHub Exploit DB Packet Storm

833	7.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: bridge: cfm: Fix race condition in peer_mep deletion When a peer MEP is being deleted, cancel_delayed_work_sync() is called on cc…	CWE-362 Race Condition	CVE-2026-23393	2026-04-25 03:39	2026-03-25	Show	GitHub Exploit DB Packet Storm

834	7.8	HIGH Local	linux	linux_kernel	En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bridge: cfm: Corrección de condición de carrera en la eliminación de peer_mep Cuando se está eliminando un MEP par, se llama a can…	CWE-362 Race Condition	CVE-2026-23393	2026-04-25 03:39	2026-03-25	Show	GitHub Exploit DB Packet Storm

835	7.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: release flowtable after rcu grace period on error Call synchronize_rcu() after unregistering the hooks from…	CWE-416 Use After Free	CVE-2026-23392	2026-04-25 03:39	2026-03-25	Show	GitHub Exploit DB Packet Storm

836	7.8	HIGH Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: netfilter: nf_tables: liberar la tabla de flujos después del período de gracia de RCU en caso de error Llamar a synchronize_rcu(…	CWE-416 Use After Free	CVE-2026-23392	2026-04-25 03:39	2026-03-25	Show	GitHub Exploit DB Packet Storm

837	7.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_CT: drop pending enqueued packets on template removal Templates refer to objects that can go away while packets are…	NVD-CWE-noinfo	CVE-2026-23391	2026-04-25 03:38	2026-03-25	Show	GitHub Exploit DB Packet Storm

838	7.8	HIGH Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: netfilter: xt_CT: descartar paquetes pendientes encolados al eliminar la plantilla Las plantillas se refieren a objetos que pued…	NVD-CWE-noinfo	CVE-2026-23391	2026-04-25 03:38	2026-03-25	Show	GitHub Exploit DB Packet Storm

839	7.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: tracing/dma: Cap dma_map_sg tracepoint arrays to prevent buffer overflow The dma_map_sg tracepoint can trigger a perf buffer over…	CWE-787 Out-of-bounds Write	CVE-2026-23390	2026-04-25 03:32	2026-03-25	Show	GitHub Exploit DB Packet Storm

840	7.8	HIGH Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: tracing/dma: Limitar los arrays del tracepoint dma_map_sg para prevenir el desbordamiento de búfer El tracepoint dma_map_sg pued…	CWE-787 Out-of-bounds Write	CVE-2026-23390	2026-04-25 03:32	2026-03-25	Show	GitHub Exploit DB Packet Storm

841	9.1	CRITICAL Network	openssl	openssl	Issue summary: Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support can trigger an out-of-bounds read of up to 15 bytes when processing partial cipher block…	CWE-125 Out-of-bounds Read	CVE-2026-28386	2026-04-25 03:28	2026-04-8	Show	GitHub Exploit DB Packet Storm

842	7.5	HIGH Network	apache	log4j	Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces invalid JSON output when log events contain…	CWE-116 Improper Encoding or Escaping of Output	CVE-2026-34481	2026-04-25 03:24	2026-04-11	Show	GitHub Exploit DB Packet Storm

843	7.5	HIGH Network	apache	log4j	Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.html#XmlLayout , in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 spec…	CWE-116 Improper Encoding or Escaping of Output	CVE-2026-34480	2026-04-25 03:21	2026-04-11	Show	GitHub Exploit DB Packet Storm

844	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: can: bcm: fix locking for bcm_op runtime updates Commit c2aba69d0c36 ("can: bcm: add locking for bcm_op runtime updates") added a…	CWE-667 Improper Locking	CVE-2026-23362	2026-04-25 03:21	2026-03-25	Show	GitHub Exploit DB Packet Storm

845	5.5	MEDIUM Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: can: bcm: corregir el bloqueo para las actualizaciones en tiempo de ejecución de bcm_op El commit c2aba69d0c36 ('can: bcm: añadi…	CWE-667 Improper Locking	CVE-2026-23362	2026-04-25 03:21	2026-03-25	Show	GitHub Exploit DB Packet Storm

846	7.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix use-after-free on error path In the error path of sev_tsm_init_locked(), the code dereferences 't' after it has…	CWE-416 Use After Free	CVE-2026-23344	2026-04-25 03:17	2026-03-25	Show	GitHub Exploit DB Packet Storm

847	7.8	HIGH Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: crypto: ccp - Corrección de uso después de liberación en la ruta de error En la ruta de error de sev_tsm_init_locked(), el códig…	CWE-416 Use After Free	CVE-2026-23344	2026-04-25 03:17	2026-03-25	Show	GitHub Exploit DB Packet Storm

848	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: arm64: gcs: Do not set PTE_SHARED on GCS mappings if FEAT_LPA2 is enabled When FEAT_LPA2 is enabled, bits 8-9 of the PTE replace …	NVD-CWE-noinfo	CVE-2026-23345	2026-04-25 03:17	2026-03-25	Show	GitHub Exploit DB Packet Storm

849	5.5	MEDIUM Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: arm64: gcs: No establecer PTE_SHARED en mapeos GCS si FEAT_LPA2 está habilitado Cuando FEAT_LPA2 está habilitado, los bits 8-9 d…	NVD-CWE-noinfo	CVE-2026-23345	2026-04-25 03:17	2026-03-25	Show	GitHub Exploit DB Packet Storm

850	6.5	MEDIUM Network	-	-	A Broken Access Control vulnerability exists in ClassroomIO v0.1.13 where an authenticated low-privileged "student" user can access unauthorized course-level information by modifying intercepted API …	CWE-284 CWE-285 Improper Access Control Improper Authorization	CVE-2025-67259	2026-04-25 03:16	2026-04-25	Show	GitHub Exploit DB Packet Storm