NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:April 29, 2026, 4:51 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1101	7.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: pinctrl: cirrus: cs42l43: Fix double-put in cs42l43_pin_probe() devm_add_action_or_reset() already invokes the action on failure,…	CWE-415 Double Free	CVE-2026-23387	2026-04-25 03:45	2026-03-25	Show	GitHub Exploit DB Packet Storm

1102	7.8	HIGH Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: pinctrl: cirrus: cs42l43: Corrección de doble put en cs42l43_pin_probe() devm_add_action_or_reset() ya invoca la acción en caso …	CWE-415 Double Free	CVE-2026-23387	2026-04-25 03:45	2026-03-25	Show	GitHub Exploit DB Packet Storm

1103	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL In DQ-QPL mode, gve_tx_clean_pending_packets() incorrec…	NVD-CWE-noinfo	CVE-2026-23386	2026-04-25 03:44	2026-03-25	Show	GitHub Exploit DB Packet Storm

1104	5.5	MEDIUM Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: gve: corrige la limpieza incorrecta del búfer en gve_tx_clean_pending_packets para QPL En el modo DQ-QPL, gve_tx_clean_pending_p…	NVD-CWE-noinfo	CVE-2026-23386	2026-04-25 03:44	2026-03-25	Show	GitHub Exploit DB Packet Storm

1105	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: clone set on flush only Syzbot with fault injection triggered a failing memory allocation with GFP_KERNEL w…	NVD-CWE-noinfo	CVE-2026-23385	2026-04-25 03:44	2026-03-25	Show	GitHub Exploit DB Packet Storm

1106	5.5	MEDIUM Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: netfilter: nf_tables: clonar conjunto solo al vaciar Syzbot con inyección de fallos activó una asignación de memoria fallida con…	NVD-CWE-noinfo	CVE-2026-23385	2026-04-25 03:44	2026-03-25	Show	GitHub Exploit DB Packet Storm

1107	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: RDMA/ionic: Fix kernel stack leak in ionic_create_cq() struct ionic_cq_resp resp { __u32 cqid[2]; // offset 0 - PARTI…	CWE-401 Missing Release of Memory after Effective Lifetime	CVE-2026-23384	2026-04-25 03:42	2026-03-25	Show	GitHub Exploit DB Packet Storm

1108	5.5	MEDIUM Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: RDMA/ionic: Corrección de fuga de pila del kernel en ionic_create_cq() struct ionic_cq_resp resp { __u32 cqid[2]; //…	CWE-401 Missing Release of Memory after Effective Lifetime	CVE-2026-23384	2026-04-25 03:42	2026-03-25	Show	GitHub Exploit DB Packet Storm

1109	7.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing struct bpf_plt contains a u64 target field. Currently…	NVD-CWE-noinfo	CVE-2026-23383	2026-04-25 03:42	2026-03-25	Show	GitHub Exploit DB Packet Storm

1110	7.8	HIGH Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: bpf, arm64: Forzar alineación de 8 bytes para el búfer JIT para prevenir el desgarro atómico struct bpf_plt contiene un campo ob…	NVD-CWE-noinfo	CVE-2026-23383	2026-04-25 03:42	2026-03-25	Show	GitHub Exploit DB Packet Storm

1111	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them In commit 2ff5baa9b527 ("HID: appleir: Fix potential NULL d…	CWE-476 NULL Pointer Dereference	CVE-2026-23382	2026-04-25 03:42	2026-03-25	Show	GitHub Exploit DB Packet Storm

1112	5.5	MEDIUM Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: HID: Añadir protecciones HID_CLAIMED_INPUT en las retrollamadas de raw_event que las omiten En el commit 2ff5baa9b527 ('HID: app…	CWE-476 NULL Pointer Dereference	CVE-2026-23382	2026-04-25 03:42	2026-03-25	Show	GitHub Exploit DB Packet Storm

1113	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled When booting with the 'ipv6.disable=1' parameter, the nd_tbl is ne…	CWE-476 NULL Pointer Dereference	CVE-2026-23381	2026-04-25 03:41	2026-03-25	Show	GitHub Exploit DB Packet Storm

1114	5.5	MEDIUM Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: net: bridge: corrige la desreferencia NULL de nd_tbl cuando IPv6 está deshabilitado Al arrancar con el parámetro 'ipv6.disable=1…	CWE-476 NULL Pointer Dereference	CVE-2026-23381	2026-04-25 03:41	2026-03-25	Show	GitHub Exploit DB Packet Storm

1115	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: net: phy: register phy led_triggers during probe to avoid AB-BA deadlock There is an AB-BA deadlock when both LEDS_TRIGGER_NETDEV…	CWE-667 Improper Locking	CVE-2026-23368	2026-04-25 03:41	2026-03-25	Show	GitHub Exploit DB Packet Storm

1116	5.5	MEDIUM Local	linux	linux_kernel	En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: phy: registrar los led_triggers del phy durante la sonda para evitar un interbloqueo AB-BA Existe un interbloqueo AB-BA cuand…	CWE-667 Improper Locking	CVE-2026-23368	2026-04-25 03:41	2026-03-25	Show	GitHub Exploit DB Packet Storm

1117	7.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry Endpoint drivers use dw_pcie_ep_raise_msix_irq() to raise an MSI-X…	CWE-787 Out-of-bounds Write	CVE-2026-23361	2026-04-25 03:41	2026-03-25	Show	GitHub Exploit DB Packet Storm

1118	7.8	HIGH Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: PCI: dwc: ep: Vaciar escritura MSI-X antes de desmapear su entrada ATU Los controladores de punto final usan dw_pcie_ep_raise_ms…	CWE-787 Out-of-bounds Write	CVE-2026-23361	2026-04-25 03:41	2026-03-25	Show	GitHub Exploit DB Packet Storm

1119	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: wifi: radiotap: reject radiotap with unknown bits The radiotap parser is currently only used with the radiotap namespace (not wit…	NVD-CWE-noinfo	CVE-2026-23367	2026-04-25 03:41	2026-03-25	Show	GitHub Exploit DB Packet Storm

1120	5.5	MEDIUM Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: wifi: radiotap: rechazar radiotap con bits desconocidos El analizador de radiotap actualmente solo se utiliza con el espacio de …	NVD-CWE-noinfo	CVE-2026-23367	2026-04-25 03:41	2026-03-25	Show	GitHub Exploit DB Packet Storm

1121	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: drm/client: Do not destroy NULL modes 'modes' in drm_client_modeset_probe may fail to kcalloc. If this occurs, we jump to 'out',…	CWE-476 NULL Pointer Dereference	CVE-2026-23366	2026-04-25 03:41	2026-03-25	Show	GitHub Exploit DB Packet Storm

1122	5.5	MEDIUM Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: drm/cliente: No destruir modos NULL 'modes' en drm_client_modeset_probe puede fallar al kcalloc. Si esto ocurre, saltamos a 'out…	CWE-476 NULL Pointer Dereference	CVE-2026-23366	2026-04-25 03:41	2026-03-25	Show	GitHub Exploit DB Packet Storm

1123	7.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: apparmor: fix side-effect bug in match_char() macro usage The match_char() macro evaluates its character parameter multiple times…	CWE-125 Out-of-bounds Read	CVE-2026-23406	2026-04-25 03:40	2026-04-1	Show	GitHub Exploit DB Packet Storm

1124	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: apparmor: fix: limit the number of levels of policy namespaces Currently the number of policy namespaces is not bounded relying o…	NVD-CWE-noinfo	CVE-2026-23405	2026-04-25 03:40	2026-04-1	Show	GitHub Exploit DB Packet Storm

1125	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: apparmor: replace recursive profile removal with iterative approach The profile removal code uses recursion when removing nested …	NVD-CWE-noinfo	CVE-2026-23404	2026-04-25 03:40	2026-04-1	Show	GitHub Exploit DB Packet Storm

1126	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: apparmor: fix memory leak in verify_header The function sets `*ns = NULL` on every call, leaking the namespace string allocated i…	CWE-401 Missing Release of Memory after Effective Lifetime	CVE-2026-23403	2026-04-25 03:39	2026-04-1	Show	GitHub Exploit DB Packet Storm

1127	7.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: bridge: cfm: Fix race condition in peer_mep deletion When a peer MEP is being deleted, cancel_delayed_work_sync() is called on cc…	CWE-362 Race Condition	CVE-2026-23393	2026-04-25 03:39	2026-03-25	Show	GitHub Exploit DB Packet Storm

1128	7.8	HIGH Local	linux	linux_kernel	En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bridge: cfm: Corrección de condición de carrera en la eliminación de peer_mep Cuando se está eliminando un MEP par, se llama a can…	CWE-362 Race Condition	CVE-2026-23393	2026-04-25 03:39	2026-03-25	Show	GitHub Exploit DB Packet Storm

1129	7.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: release flowtable after rcu grace period on error Call synchronize_rcu() after unregistering the hooks from…	CWE-416 Use After Free	CVE-2026-23392	2026-04-25 03:39	2026-03-25	Show	GitHub Exploit DB Packet Storm

1130	7.8	HIGH Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: netfilter: nf_tables: liberar la tabla de flujos después del período de gracia de RCU en caso de error Llamar a synchronize_rcu(…	CWE-416 Use After Free	CVE-2026-23392	2026-04-25 03:39	2026-03-25	Show	GitHub Exploit DB Packet Storm

1131	7.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_CT: drop pending enqueued packets on template removal Templates refer to objects that can go away while packets are…	NVD-CWE-noinfo	CVE-2026-23391	2026-04-25 03:38	2026-03-25	Show	GitHub Exploit DB Packet Storm

1132	7.8	HIGH Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: netfilter: xt_CT: descartar paquetes pendientes encolados al eliminar la plantilla Las plantillas se refieren a objetos que pued…	NVD-CWE-noinfo	CVE-2026-23391	2026-04-25 03:38	2026-03-25	Show	GitHub Exploit DB Packet Storm

1133	7.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: tracing/dma: Cap dma_map_sg tracepoint arrays to prevent buffer overflow The dma_map_sg tracepoint can trigger a perf buffer over…	CWE-787 Out-of-bounds Write	CVE-2026-23390	2026-04-25 03:32	2026-03-25	Show	GitHub Exploit DB Packet Storm

1134	7.8	HIGH Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: tracing/dma: Limitar los arrays del tracepoint dma_map_sg para prevenir el desbordamiento de búfer El tracepoint dma_map_sg pued…	CWE-787 Out-of-bounds Write	CVE-2026-23390	2026-04-25 03:32	2026-03-25	Show	GitHub Exploit DB Packet Storm

1135	9.1	CRITICAL Network	openssl	openssl	Issue summary: Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support can trigger an out-of-bounds read of up to 15 bytes when processing partial cipher block…	CWE-125 Out-of-bounds Read	CVE-2026-28386	2026-04-25 03:28	2026-04-8	Show	GitHub Exploit DB Packet Storm

1136	7.5	HIGH Network	apache	log4j	Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces invalid JSON output when log events contain…	CWE-116 Improper Encoding or Escaping of Output	CVE-2026-34481	2026-04-25 03:24	2026-04-11	Show	GitHub Exploit DB Packet Storm

1137	7.5	HIGH Network	apache	log4j	Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.html#XmlLayout , in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 spec…	CWE-116 Improper Encoding or Escaping of Output	CVE-2026-34480	2026-04-25 03:21	2026-04-11	Show	GitHub Exploit DB Packet Storm

1138	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: can: bcm: fix locking for bcm_op runtime updates Commit c2aba69d0c36 ("can: bcm: add locking for bcm_op runtime updates") added a…	CWE-667 Improper Locking	CVE-2026-23362	2026-04-25 03:21	2026-03-25	Show	GitHub Exploit DB Packet Storm

1139	5.5	MEDIUM Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: can: bcm: corregir el bloqueo para las actualizaciones en tiempo de ejecución de bcm_op El commit c2aba69d0c36 ('can: bcm: añadi…	CWE-667 Improper Locking	CVE-2026-23362	2026-04-25 03:21	2026-03-25	Show	GitHub Exploit DB Packet Storm

1140	7.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix use-after-free on error path In the error path of sev_tsm_init_locked(), the code dereferences 't' after it has…	CWE-416 Use After Free	CVE-2026-23344	2026-04-25 03:17	2026-03-25	Show	GitHub Exploit DB Packet Storm

1141	7.8	HIGH Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: crypto: ccp - Corrección de uso después de liberación en la ruta de error En la ruta de error de sev_tsm_init_locked(), el códig…	CWE-416 Use After Free	CVE-2026-23344	2026-04-25 03:17	2026-03-25	Show	GitHub Exploit DB Packet Storm

1142	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: arm64: gcs: Do not set PTE_SHARED on GCS mappings if FEAT_LPA2 is enabled When FEAT_LPA2 is enabled, bits 8-9 of the PTE replace …	NVD-CWE-noinfo	CVE-2026-23345	2026-04-25 03:17	2026-03-25	Show	GitHub Exploit DB Packet Storm

1143	5.5	MEDIUM Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: arm64: gcs: No establecer PTE_SHARED en mapeos GCS si FEAT_LPA2 está habilitado Cuando FEAT_LPA2 está habilitado, los bits 8-9 d…	NVD-CWE-noinfo	CVE-2026-23345	2026-04-25 03:17	2026-03-25	Show	GitHub Exploit DB Packet Storm

1144	6.5	MEDIUM Network	-	-	A Broken Access Control vulnerability exists in ClassroomIO v0.1.13 where an authenticated low-privileged "student" user can access unauthorized course-level information by modifying intercepted API …	CWE-284 CWE-285 Improper Access Control Improper Authorization	CVE-2025-67259	2026-04-25 03:16	2026-04-25	Show	GitHub Exploit DB Packet Storm

1145	6.4	MEDIUM Network	-	-	The Wavr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `wave` shortcode in all versions up to, and including, 0.2.6. This is due to insufficient input sanitizatio…	CWE-79 Cross-site Scripting	CVE-2026-5506	2026-04-25 03:15	2026-04-8	Show	GitHub Exploit DB Packet Storm

1146	6.4	MEDIUM Network	-	-	The WowPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `wowpress` shortcode in all versions up to, and including, 1.0.0. This is due to insufficient input san…	CWE-79 Cross-site Scripting	CVE-2026-5508	2026-04-25 03:15	2026-04-8	Show	GitHub Exploit DB Packet Storm

1147	4.3	MEDIUM Network	-	-	The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to authorization bypass through user-controlled key in all versions up to, and including, 8.8.3. This is due to …	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2026-4330	2026-04-25 03:15	2026-04-8	Show	GitHub Exploit DB Packet Storm

1148	4.4	MEDIUM Network	-	-	The Inquiry Form to Posts or Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Form Header' field in versions up to and including 1.0. This is due to insufficient input…	CWE-79 Cross-site Scripting	CVE-2026-5169	2026-04-25 03:15	2026-04-8	Show	GitHub Exploit DB Packet Storm

1149	5.3	MEDIUM Network	-	-	The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 6.3.7. This is due to the wpas_get_t…	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2026-4654	2026-04-25 03:15	2026-04-8	Show	GitHub Exploit DB Packet Storm

1150	6.4	MEDIUM Network	-	-	The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG Image Widget in versions up to and including 8.4.2. This is due to insufficient inp…	CWE-79 Cross-site Scripting	CVE-2026-4655	2026-04-25 03:15	2026-04-8	Show	GitHub Exploit DB Packet Storm