NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:April 29, 2026, 4:51 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1051	4.3	MEDIUM Network	wolfssh	wolfssh	Potential read out of bounds case with wolfSSHd on Windows while handling a terminal resize request. An authenticated user could trigger the out of bounds read after establishing a connection which w…	CWE-126 CWE-125 Buffer Over-read Out-of-bounds Read	CVE-2026-0930	2026-04-25 04:15	2026-04-21	Show	GitHub Exploit DB Packet Storm

1052	7.6	HIGH Network	hkuds	openharness	HKUDS OpenHarness prior to PR #159 remediation contains a session key derivation vulnerability that allows authenticated participants in shared chats or threads to hijack other users' sessions by exp…	CWE-287 Improper Authentication	CVE-2026-6729	2026-04-25 04:14	2026-04-21	Show	GitHub Exploit DB Packet Storm

1053	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: ata: libata: cancel pending work after clearing deferred_qc Syzbot reported a WARN_ON() in ata_scsi_deferred_qc_work(), caused by…	NVD-CWE-noinfo	CVE-2026-23355	2026-04-25 04:13	2026-03-25	Show	GitHub Exploit DB Packet Storm

1054	5.5	MEDIUM Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: ata: libata: cancelar trabajo pendiente después de limpiar deferred_qc Syzbot informó un WARN_ON() en ata_scsi_deferred_qc_work(…	NVD-CWE-noinfo	CVE-2026-23355	2026-04-25 04:13	2026-03-25	Show	GitHub Exploit DB Packet Storm

1055	6.5	MEDIUM Network	nicolargo	glances	Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Glances web server exposes a REST API (`/api/4/*`) that is accessible without authentication and allows cr…	CWE-200 CWE-306 CWE-942 Information Exposure Missing Authentication for Critical Function Permissive Cross-domain Policy with Untrusted Domains	CVE-2026-34839	2026-04-25 04:09	2026-04-21	Show	GitHub Exploit DB Packet Storm

1056	3.3	LOW Local	uutils	coreutils	A logic error in the env utility of uutils coreutils causes a failure to correctly parse command-line arguments when utilizing the -S (split-string) option. In GNU env, backslashes within single quot…	CWE-20 Improper Input Validation	CVE-2026-35377	2026-04-25 04:06	2026-04-23	Show	GitHub Exploit DB Packet Storm

1057	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: drbd: fix "LOGIC BUG" in drbd_al_begin_io_nonblock() Even though we check that we "should" be able to do lc_get_cumulative() whil…	CWE-617 Reachable Assertion	CVE-2026-23356	2026-04-25 04:06	2026-03-25	Show	GitHub Exploit DB Packet Storm

1058	5.5	MEDIUM Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: drbd: corrige el 'LOGIC BUG' en drbd_al_begin_io_nonblock() Aunque verificamos que "deberíamos" poder hacer lc_get_cumulative() …	CWE-617 Reachable Assertion	CVE-2026-23356	2026-04-25 04:06	2026-03-25	Show	GitHub Exploit DB Packet Storm

1059	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: can: mcp251x: fix deadlock in error path of mcp251x_open The mcp251x_open() function call free_irq() in its error path with the m…	CWE-667 Improper Locking	CVE-2026-23357	2026-04-25 04:04	2026-03-25	Show	GitHub Exploit DB Packet Storm

1060	5.5	MEDIUM Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: can: mcp251x: corregir interbloqueo en la ruta de error de mcp251x_open La función mcp251x_open() llama a free_irq() en su ruta …	CWE-667 Improper Locking	CVE-2026-23357	2026-04-25 04:04	2026-03-25	Show	GitHub Exploit DB Packet Storm

1061	4.7	MEDIUM Local	uutils	coreutils	A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the mv utility of uutils coreutils during cross-device moves. The extended attribute (xattr) preservation logic uses multiple path-base…	CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition	CVE-2026-35354	2026-04-25 04:04	2026-04-23	Show	GitHub Exploit DB Packet Storm

1062	6.6	MEDIUM Local	uutils	coreutils	The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership preservation fails. When copying with the -p (preserve) flag, the utility applies the source mode bit…	CWE-281 Improper Preservation of Permissions	CVE-2026-35350	2026-04-25 04:04	2026-04-23	Show	GitHub Exploit DB Packet Storm

1063	5.7	MEDIUM Adjacent	openclaw	openclaw	OpenClaw before 2026.4.2 accepts non-loopback cleartext ws:// gateway endpoints and transmits stored gateway credentials over unencrypted connections. Attackers can forge discovery results or craft s…	CWE-319 Cleartext Transmission of Sensitive Information	CVE-2026-40045	2026-04-25 04:03	2026-04-21	Show	GitHub Exploit DB Packet Storm

1064	7.0	HIGH Local	uutils	coreutils	A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the mkfifo utility of uutils coreutils. The utility creates a FIFO and then performs a path-based chmod to set permissions. A local at…	CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition	CVE-2026-35352	2026-04-25 04:03	2026-04-23	Show	GitHub Exploit DB Packet Storm

1065	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix error handling in slot reset If the device has not recovered after slot reset is called, it goes to out label for…	CWE-908 Use of Uninitialized Resource	CVE-2026-23358	2026-04-25 04:03	2026-03-25	Show	GitHub Exploit DB Packet Storm

1066	5.5	MEDIUM Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: drm/amdgpu: Corregir el manejo de errores en el reinicio de ranura Si el dispositivo no se ha recuperado después de que se llama…	CWE-908 Use of Uninitialized Resource	CVE-2026-23358	2026-04-25 04:03	2026-03-25	Show	GitHub Exploit DB Packet Storm

1067	4.7	MEDIUM Local	uutils	coreutils	The cp utility in uutils coreutils is vulnerable to an information disclosure race condition. Destination files are initially created with umask-derived permissions (e.g., 0644) before being restrict…	CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition	CVE-2026-35357	2026-04-25 04:02	2026-04-23	Show	GitHub Exploit DB Packet Storm

1068	7.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: bpf: Fix stack-out-of-bounds write in devmap get_upper_ifindexes() iterates over all upper devices and writes their indices into …	CWE-787 Out-of-bounds Write	CVE-2026-23359	2026-04-25 04:02	2026-03-25	Show	GitHub Exploit DB Packet Storm

1069	7.8	HIGH Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: bpf: Corrección de escritura fuera de límites de la pila en devmap get_upper_ifindexes() itera sobre todos los dispositivos supe…	CWE-787 Out-of-bounds Write	CVE-2026-23359	2026-04-25 04:02	2026-03-25	Show	GitHub Exploit DB Packet Storm

1070	4.7	MEDIUM Local	uutils	coreutils	A Time-of-Check to Time-of-Use (TOCTOU) vulnerability in the cp utility of uutils coreutils allows an attacker to bypass no-dereference intent. The utility checks if a source path is a symbolic link …	CWE-59 CWE-367 Link Following Time-of-check Time-of-use (TOCTOU) Race Condition	CVE-2026-35359	2026-04-25 04:02	2026-04-23	Show	GitHub Exploit DB Packet Storm

1071	6.3	MEDIUM Local	uutils	coreutils	The touch utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition during file creation. When the utility identifies a missing path, it later attempts creat…	CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition	CVE-2026-35360	2026-04-25 04:02	2026-04-23	Show	GitHub Exploit DB Packet Storm

1072	5.6	MEDIUM Local	uutils	coreutils	A vulnerability in the rm utility of uutils coreutils allows the bypass of safeguard mechanisms intended to protect the current directory. While the utility correctly refuses to delete . or .., it fa…	CWE-22 Path Traversal	CVE-2026-35363	2026-04-25 04:02	2026-04-23	Show	GitHub Exploit DB Packet Storm

1073	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin queue leak on controller reset When nvme_alloc_admin_tag_set() is called during a controller reset, a previous ad…	CWE-401 Missing Release of Memory after Effective Lifetime	CVE-2026-23360	2026-04-25 03:59	2026-03-25	Show	GitHub Exploit DB Packet Storm

1074	5.5	MEDIUM Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: nvme: corrige la fuga de la cola de administración al reiniciar el controlador Cuando se llama a nvme_alloc_admin_tag_set() dura…	CWE-401 Missing Release of Memory after Effective Lifetime	CVE-2026-23360	2026-04-25 03:59	2026-03-25	Show	GitHub Exploit DB Packet Storm

1075	4.3	MEDIUM Adjacent	openbsd	openbsd	In OpenBSD through 7.8, the slaacd and rad daemons have an infinite loop when they receive a crafted ICMPv6 Neighbor Discovery (ND) option (over a local network) with length zero, because of an "nd_o…	CWE-1284 CWE-835 Improper Validation of Specified Quantity in Input Loop with Unreachable Exit Condition ('Infinite Loop')	CVE-2026-41285	2026-04-25 03:59	2026-04-21	Show	GitHub Exploit DB Packet Storm

1076	5.5	MEDIUM Local	uutils	coreutils	The sort utility in uutils coreutils is vulnerable to a process panic when using the --files0-from option with inputs containing non-UTF-8 filenames. The implementation enforces UTF-8 encoding and ut…	CWE-248 Uncaught Exception	CVE-2026-35348	2026-04-25 03:57	2026-04-23	Show	GitHub Exploit DB Packet Storm

1077	7.5	HIGH	softbizscripts	dating_script	Multiple SQL injection vulnerabilities in Softbiz Dating 1.0 allow remote attackers to execute SQL commands via the (1) country and (2) sort_by parameters in (a) search_results.php; (3) browse parame…	NVD-CWE-Other	CVE-2006-3271	2026-04-25 03:56	2006-06-29	Show	GitHub Exploit DB Packet Storm

1078	7.5	HIGH	softbizscripts	dating_script	Vulnerabilidad de múltiples inyección SQL en Softbiz Dating v1.0 permite a los atacantes remotos, ejecutar comandos SQL a través del parámetro (1) country y (2) sort_by en (a) search_results.php; par…	NVD-CWE-Other	CVE-2006-3271	2026-04-25 03:56	2006-06-29	Show	GitHub Exploit DB Packet Storm

1079	6.8	MEDIUM	softbizscripts	image_gallery_script	Cross-site scripting (XSS) vulnerability in image_desc.php in Softbiz Image Gallery allows remote attackers to inject arbitrary web script or HTML via msg parameter. NOTE: the provenance of this inf…	NVD-CWE-Other	CVE-2006-1660	2026-04-25 03:56	2006-04-7	Show	GitHub Exploit DB Packet Storm

1080	6.4	MEDIUM	softbizscripts	image_gallery_script	Multiple SQL injection vulnerabilities in Softbiz Image Gallery allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in image_desc.php, (2) provided parameter in template…	NVD-CWE-Other	CVE-2006-1659	2026-04-25 03:56	2006-04-7	Show	GitHub Exploit DB Packet Storm

1081	7.5	HIGH	softbizscripts	faq_script	SQL injection vulnerability in Softbiz FAQ Script 1.1 and earler allows remote attackers to execute arbitrary SQL commands via the id parameter in (1) index.php, (2) faq_qanda.php, (3) refer_friend.p…	NVD-CWE-Other	CVE-2005-3938	2026-04-25 03:56	2005-12-1	Show	GitHub Exploit DB Packet Storm

1082	7.5	HIGH	softbizscripts	resource_repository_script	Multiple SQL injection vulnerabilities in Softbiz Resource Repository Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) sbres_id parameter in (a) details_res…	NVD-CWE-Other	CVE-2005-3879	2026-04-25 03:56	2005-11-29	Show	GitHub Exploit DB Packet Storm

1083	7.5	HIGH Network	powerdns	authoritative	A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when a PowerDNS secondary server forwards a DNS update request to it.	CWE-400 Uncontrolled Resource Consumption	CVE-2026-33610	2026-04-25 03:53	2026-04-22	Show	GitHub Exploit DB Packet Storm

1084	6.5	MEDIUM Network	powerdns	authoritative	Incomplete escaping of LDAP queries when running with 8bit-dns enabled allows users to perform queries of internal domain subtrees.	CWE-90 LDAP Injection	CVE-2026-33609	2026-04-25 03:52	2026-04-22	Show	GitHub Exploit DB Packet Storm

1085	9.8	CRITICAL Network	powerdns	authoritative	An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to update its configuration to an invalid one, leading to the backend…	CWE-94 Code Injection	CVE-2026-33608	2026-04-25 03:52	2026-04-22	Show	GitHub Exploit DB Packet Storm

1086	8.2	HIGH Network	powerdns	dnsdist	A rogue backend can send a crafted UDP response with a query ID off by one related to the maximum configured value, triggering an out-of-bounds write leading to a denial of service.	CWE-122 Heap-based Buffer Overflow	CVE-2026-33602	2026-04-25 03:52	2026-04-22	Show	GitHub Exploit DB Packet Storm

1087	8.1	HIGH Adjacent	powerdns	dnsdist	A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers request, when requested via either the autoUpgrade (Lua) option to newServer or auto_upgrade (YAML) settings. D…	CWE-125 Out-of-bounds Read	CVE-2026-33599	2026-04-25 03:52	2026-04-22	Show	GitHub Exploit DB Packet Storm

1088	9.1	CRITICAL Network	powerdns	dnsdist	A cached crafted response can cause an out-of-bounds read if custom Lua code calls getDomainListByAddress() or getAddressListByDomain() on a packet cache.	CWE-125 Out-of-bounds Read	CVE-2026-33598	2026-04-25 03:51	2026-04-22	Show	GitHub Exploit DB Packet Storm

1089	7.5	HIGH Network	powerdns	dnsdist	PRSD detection denial of service	CWE-116 Improper Encoding or Escaping of Output	CVE-2026-33597	2026-04-25 03:51	2026-04-22	Show	GitHub Exploit DB Packet Storm

1090	6.5	MEDIUM Adjacent	powerdns	dnsdist	A client might theoretically be able to cause a mismatch between queries sent to a backend and the received responses by sending a flood of perfectly timed queries that are routed to a TCP-only or DN…	CWE-190 Integer Overflow or Wraparound	CVE-2026-33596	2026-04-25 03:50	2026-04-22	Show	GitHub Exploit DB Packet Storm

1091	7.5	HIGH Network	powerdns	dnsdist	A client can trigger excessive memory allocation by generating a lot of errors responses over a single DoQ and DoH3 connection, as some resources were not properly released until the end of the conne…	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2026-33595	2026-04-25 03:49	2026-04-22	Show	GitHub Exploit DB Packet Storm

1092	7.5	HIGH Network	powerdns	dnsdist	A client can trigger a divide by zero error leading to crash by sending a crafted DNSCrypt query.	CWE-369 Divide By Zero	CVE-2026-33593	2026-04-25 03:49	2026-04-22	Show	GitHub Exploit DB Packet Storm

1093	7.1	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211() Check frame length before accessing the mgmt fields …	CWE-125 Out-of-bounds Read	CVE-2026-23363	2026-04-25 03:48	2026-03-25	Show	GitHub Exploit DB Packet Storm

1094	7.1	HIGH Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: wifi: mt76: mt7925: Corrige posible acceso fuera de límites en mt7925_mac_write_txwi_80211() Comprueba la longitud del frame ant…	CWE-125 Out-of-bounds Read	CVE-2026-23363	2026-04-25 03:48	2026-03-25	Show	GitHub Exploit DB Packet Storm

1095	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: net: usb: kalmia: validate USB endpoints The kalmia driver should validate that the device it is probing has the proper number an…	NVD-CWE-noinfo	CVE-2026-23365	2026-04-25 03:47	2026-03-25	Show	GitHub Exploit DB Packet Storm

1096	5.5	MEDIUM Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: net: usb: kalmia: validar puntos finales USB El controlador kalmia debería validar que el dispositivo que está sondeando tiene e…	NVD-CWE-noinfo	CVE-2026-23365	2026-04-25 03:47	2026-03-25	Show	GitHub Exploit DB Packet Storm

1097	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: ice: Fix memory leak in ice_set_ringparam() In ice_set_ringparam, tx_rings and xdp_rings are allocated before rx_rings. If the al…	CWE-401 Missing Release of Memory after Effective Lifetime	CVE-2026-23389	2026-04-25 03:45	2026-03-25	Show	GitHub Exploit DB Packet Storm

1098	5.5	MEDIUM Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: ice: Corrección de fuga de memoria en ice_set_ringparam() En ice_set_ringparam, tx_rings y xdp_rings se asignan antes de rx_ring…	CWE-401 Missing Release of Memory after Effective Lifetime	CVE-2026-23389	2026-04-25 03:45	2026-03-25	Show	GitHub Exploit DB Packet Storm

1099	7.1	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: Squashfs: check metadata block offset is within range Syzkaller reports a "general protection fault in squashfs_copy_data" This …	CWE-125 Out-of-bounds Read	CVE-2026-23388	2026-04-25 03:45	2026-03-25	Show	GitHub Exploit DB Packet Storm

1100	7.1	HIGH Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: Squashfs: comprobar que el desplazamiento del bloque de metadatos está dentro del rango Syzkaller informa de un 'fallo de protec…	CWE-125 Out-of-bounds Read	CVE-2026-23388	2026-04-25 03:45	2026-03-25	Show	GitHub Exploit DB Packet Storm