NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:May 4, 2026, 4:06 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
3551	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: ice: change XDP RxQ frag_size from DMA write length to xdp.frame_sz The only user of frag_size field in XDP RxQ info is bpf_xdp_f…	NVD-CWE-noinfo	CVE-2026-23377	2026-04-25 01:23	2026-03-25	Show	GitHub Exploit DB Packet Storm

3552	5.5	MEDIUM Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: ice: cambiar frag_size de XDP RxQ de la longitud de escritura DMA a xdp.frame_sz El único usuario del campo frag_size en la info…	NVD-CWE-noinfo	CVE-2026-23377	2026-04-25 01:23	2026-03-25	Show	GitHub Exploit DB Packet Storm

3553	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: nvmet-fcloop: Check remoteport port_state before calling done callback In nvme_fc_handle_ls_rqst_work, the lsrsp->done callback i…	NVD-CWE-noinfo	CVE-2026-23376	2026-04-25 01:21	2026-03-25	Show	GitHub Exploit DB Packet Storm

3554	5.5	MEDIUM Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: nvmet-fcloop: Verificar el estado del puerto de remoteport antes de llamar a la función de devolución de llamada 'done' En nvme_…	NVD-CWE-noinfo	CVE-2026-23376	2026-04-25 01:21	2026-03-25	Show	GitHub Exploit DB Packet Storm

3555	-	-	-	-	Rejected reason: This CVE is a duplicate of another CVE.	-	CVE-2026-40609	2026-04-25 01:16	2026-04-25	Show	GitHub Exploit DB Packet Storm

3556	7.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ife: Fix metalist update behavior Whenever an ife action replace changes the metalist, instead of replacing the ol…	CWE-787 Out-of-bounds Write	CVE-2026-23378	2026-04-25 00:57	2026-03-25	Show	GitHub Exploit DB Packet Storm

3557	7.8	HIGH Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: net/sched: act_ife: Corregir el comportamiento de actualización de la metalista Siempre que una acción ife replace cambia la met…	CWE-787 Out-of-bounds Write	CVE-2026-23378	2026-04-25 00:57	2026-03-25	Show	GitHub Exploit DB Packet Storm

3558	7.4	HIGH Network	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: ksmbd: Compare MACs in constant time To prevent timing attacks, MAC comparisons need to be constant-time. Replace the memcmp() wi…	NVD-CWE-noinfo	CVE-2026-23364	2026-04-25 00:46	2026-03-25	Show	GitHub Exploit DB Packet Storm

3559	7.4	HIGH Network	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: ksmbd: Comparar MACs en tiempo constante Para prevenir ataques de temporización, las comparaciones de MAC necesitan ser de tiemp…	NVD-CWE-noinfo	CVE-2026-23364	2026-04-25 00:46	2026-03-25	Show	GitHub Exploit DB Packet Storm

3560	9.8	CRITICAL Network	phpscriptsmall	advance_gift_shop_pro_script	Advance Gift Shop Pro Script 2.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parame…	CWE-89 SQL Injection	CVE-2019-25680	2026-04-25 00:45	2026-04-6	Show	GitHub Exploit DB Packet Storm

3561	9.8	CRITICAL Network	wisdom	pegasus_cms	Pegasus CMS 1.0 contains a remote code execution vulnerability in the extra_fields.php plugin that allows unauthenticated attackers to execute arbitrary commands by exploiting unsafe eval functionali…	CWE-22 Path Traversal	CVE-2019-25687	2026-04-25 00:42	2026-04-6	Show	GitHub Exploit DB Packet Storm

3562	5.3	MEDIUM Network	redhat	build_of_keycloak	A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin Resource Sharing (CORS) header injection vulnerability in Keycloak's User-Managed Access (UMA) token endpoint. This flaw occ…	CWE-346 Origin Validation Error	CVE-2026-37977	2026-04-25 00:39	2026-04-6	Show	GitHub Exploit DB Packet Storm

3563	9.8	CRITICAL Network	weaver	e-cology	Weaver (Fanwei) E-cology 10.0 versions prior to 20260312 contain an unauthenticated remote code execution vulnerability in the /papi/esearch/data/devops/dubboApi/debug/method endpoint that allows att…	CWE-306 Missing Authentication for Critical Function	CVE-2026-22679	2026-04-25 00:31	2026-04-7	Show	GitHub Exploit DB Packet Storm

3564	5.4	MEDIUM Network	papra	papra	Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, transactional email templates in Papra interpolate user.name directly into HTML without escaping or sanitization. …	CWE-79 CWE-80 Cross-site Scripting Basic XSS	CVE-2026-35460	2026-04-25 00:31	2026-04-8	Show	GitHub Exploit DB Packet Storm

3565	4.3	MEDIUM Network	papra	papra	Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, the Papra webhook system allows authenticated users to register arbitrary URLs as webhook endpoints with no valida…	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-35461	2026-04-25 00:29	2026-04-8	Show	GitHub Exploit DB Packet Storm

3566	7.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix double free of ns_name in aa_replace_profiles() if ns_name is NULL after 1071 error = aa_unpack(udata, &lh,…	CWE-415 Double Free	CVE-2026-23408	2026-04-25 00:24	2026-04-1	Show	GitHub Exploit DB Packet Storm

3567	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: apparmor: fix differential encoding verification Differential encoding allows loops to be created if it is abused. To prevent thi…	CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')	CVE-2026-23409	2026-04-25 00:23	2026-04-1	Show	GitHub Exploit DB Packet Storm

3568	7.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: apparmor: fix race on rawdata dereference There is a race condition that leads to a use-after-free situation: because the rawdata…	CWE-362 Race Condition	CVE-2026-23410	2026-04-25 00:23	2026-04-1	Show	GitHub Exploit DB Packet Storm

3569	7.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: apparmor: fix race between freeing data and fs accessing it AppArmor was putting the reference to i_private data on its end after…	CWE-362 Race Condition	CVE-2026-23411	2026-04-25 00:23	2026-04-1	Show	GitHub Exploit DB Packet Storm

3570	7.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: netfilter: bpf: defer hook memory release until rcu readers are done Yiming Qian reports UaF when concurrent process is dumping h…	CWE-416 Use After Free	CVE-2026-23412	2026-04-25 00:23	2026-04-2	Show	GitHub Exploit DB Packet Storm

3571	7.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: clsact: Fix use-after-free in init/destroy rollback asymmetry Fix a use-after-free in the clsact qdisc upon init/destroy rollback…	CWE-416 Use After Free	CVE-2026-23413	2026-04-25 00:22	2026-04-2	Show	GitHub Exploit DB Packet Storm

3572	4.3	MEDIUM Network	papra	papra	Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, API keys with an expiresAt date are never validated against the current time during authentication. Any API key — …	CWE-613 Insufficient Session Expiration	CVE-2026-35462	2026-04-25 00:22	2026-04-8	Show	GitHub Exploit DB Packet Storm

3573	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: tls: Purge async_hold in tls_decrypt_async_wait() The async_hold queue pins encrypted input skbs while the AEAD engine references…	CWE-401 Missing Release of Memory after Effective Lifetime	CVE-2026-23414	2026-04-25 00:22	2026-04-2	Show	GitHub Exploit DB Packet Storm

3574	7.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: futex: Fix UaF between futex_key_to_node_opt() and vma_replace_policy() During futex_key_to_node_opt() execution, vma->vm_policy …	CWE-416 Use After Free	CVE-2026-23415	2026-04-25 00:22	2026-04-2	Show	GitHub Exploit DB Packet Storm

3575	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: mm/mseal: update VMA end correctly on merge Previously we stored the end of the current VMA in curr_end, and then upon iterating …	NVD-CWE-noinfo	CVE-2026-23416	2026-04-25 00:21	2026-04-2	Show	GitHub Exploit DB Packet Storm

3576	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: bpf: Fix constant blinding for PROBE_MEM32 stores BPF_ST \| BPF_PROBE_MEM32 immediate stores are not handled by bpf_jit_blind_insn…	NVD-CWE-noinfo	CVE-2026-23417	2026-04-25 00:21	2026-04-2	Show	GitHub Exploit DB Packet Storm

3577	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: drm/xe/reg_sr: Fix leak on xa_store failure Free the newly allocated entry when xa_store() fails to avoid a memory leak on the er…	CWE-401 Missing Release of Memory after Effective Lifetime	CVE-2026-23418	2026-04-25 00:21	2026-04-3	Show	GitHub Exploit DB Packet Storm

3578	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: net/rds: Fix circular locking dependency in rds_tcp_tune syzbot reported a circular locking dependency in rds_tcp_tune() where sk…	CWE-667 Improper Locking	CVE-2026-23419	2026-04-25 00:21	2026-04-3	Show	GitHub Exploit DB Packet Storm

3579	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: wifi: wlcore: Fix a locking bug Make sure that wl->mutex is locked before it is unlocked. This has been detected by the Clang thr…	CWE-667 Improper Locking	CVE-2026-23420	2026-04-25 00:21	2026-04-3	Show	GitHub Exploit DB Packet Storm

3580	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: drm/xe/configfs: Free ctx_restore_mid_bb in release ctx_restore_mid_bb memory is allocated in wa_bb_store(), but xe_config_device…	NVD-CWE-noinfo	CVE-2026-23421	2026-04-25 00:21	2026-04-3	Show	GitHub Exploit DB Packet Storm

3581	7.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: Fix interrupt storm after receiving bad if_id in IRQ handler Commit 31a7a0bbeb00 ("dpaa2-switch: add bounds check f…	CWE-787 Out-of-bounds Write	CVE-2026-23422	2026-04-25 00:21	2026-04-3	Show	GitHub Exploit DB Packet Storm

3582	4.7	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: af_unix: Give up GC if MSG_PEEK intervened. Igor Ushakov reported that GC purged the receive queue of an alive socket due to a ra…	CWE-362 Race Condition	CVE-2026-23394	2026-04-25 00:20	2026-03-25	Show	GitHub Exploit DB Packet Storm

3583	4.7	MEDIUM Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: af_unix: Abandonar la recolección de basura (GC) si MSG_PEEK intervino. Igor Ushakov informó que la recolección de basura (GC) p…	CWE-362 Race Condition	CVE-2026-23394	2026-04-25 00:20	2026-03-25	Show	GitHub Exploit DB Packet Storm

3584	8.8	HIGH Adjacent	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ Currently the code attempts to accept requests regardless of the co…	NVD-CWE-noinfo	CVE-2026-23395	2026-04-25 00:20	2026-03-25	Show	GitHub Exploit DB Packet Storm

3585	8.8	HIGH Adjacent	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: Bluetooth: L2CAP: Corrección para aceptar múltiples L2CAP_ECRED_CONN_REQ Actualmente, el código intenta aceptar solicitudes inde…	NVD-CWE-noinfo	CVE-2026-23395	2026-04-25 00:20	2026-03-25	Show	GitHub Exploit DB Packet Storm

3586	8.2	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: restrict usage in unprivileged domU The Xen privcmd driver allows to issue arbitrary hypercalls from user space proc…	NVD-CWE-noinfo	CVE-2026-31788	2026-04-25 00:19	2026-03-25	Show	GitHub Exploit DB Packet Storm

3587	8.2	HIGH Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: xen/privcmd: restringir el uso en domU no privilegiado El controlador Xen privcmd permite emitir hiperllamadas arbitrarias desde…	NVD-CWE-noinfo	CVE-2026-31788	2026-04-25 00:19	2026-03-25	Show	GitHub Exploit DB Packet Storm

3588	8.8	HIGH Network	pyload-ng_project	pyload-ng	pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, the ADMIN_ONLY_OPTIONS protection mechanism restricts security-critical configuration values (reconn…	CWE-78 OS Command	CVE-2026-35463	2026-04-25 00:18	2026-04-8	Show	GitHub Exploit DB Packet Storm

3589	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix NULL deref in mesh_matches_local() mesh_matches_local() unconditionally dereferences ie->mesh_config to compa…	CWE-476 NULL Pointer Dereference	CVE-2026-23396	2026-04-25 00:18	2026-03-26	Show	GitHub Exploit DB Packet Storm

3590	5.5	MEDIUM Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: wifi: mac80211: corrige desreferencia de NULL en mesh_matches_local() mesh_matches_local() desreferencia incondicionalmente ie-&…	CWE-476 NULL Pointer Dereference	CVE-2026-23396	2026-04-25 00:18	2026-03-26	Show	GitHub Exploit DB Packet Storm

3591	7.1	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: nfnetlink_osf: validate individual option lengths in fingerprints nfnl_osf_add_callback() validates opt_num bounds and string NUL…	CWE-125 Out-of-bounds Read	CVE-2026-23397	2026-04-25 00:18	2026-03-26	Show	GitHub Exploit DB Packet Storm

3592	7.1	HIGH Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: nfnetlink_osf: validar longitudes de opciones individuales en huellas digitales nfnl_osf_add_callback() valida los límites de op…	CWE-125 Out-of-bounds Read	CVE-2026-23397	2026-04-25 00:18	2026-03-26	Show	GitHub Exploit DB Packet Storm

3593	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: icmp: fix NULL pointer dereference in icmp_tag_validation() icmp_tag_validation() unconditionally dereferences the result of rcu_…	CWE-476 NULL Pointer Dereference	CVE-2026-23398	2026-04-25 00:17	2026-03-26	Show	GitHub Exploit DB Packet Storm

3594	5.5	MEDIUM Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: icmp: soluciona la desreferencia de puntero NULL en icmp_tag_validation() icmp_tag_validation() desreferencia incondicionalmente…	CWE-476 NULL Pointer Dereference	CVE-2026-23398	2026-04-25 00:17	2026-03-26	Show	GitHub Exploit DB Packet Storm

3595	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: nf_tables: nft_dynset: fix possible stateful expression memleak in error path If cloning the second stateful expression in the el…	CWE-401 Missing Release of Memory after Effective Lifetime	CVE-2026-23399	2026-04-25 00:17	2026-03-28	Show	GitHub Exploit DB Packet Storm

3596	5.5	MEDIUM Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: nf_tables: nft_dynset: corregir posible fuga de memoria de expresión con estado en la ruta de error Si la clonación de la segund…	CWE-401 Missing Release of Memory after Effective Lifetime	CVE-2026-23399	2026-04-25 00:17	2026-03-28	Show	GitHub Exploit DB Packet Storm

3597	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: rust_binder: call set_notification_done() without proc lock Consider the following sequence of events on a death listener: 1. The…	CWE-667 Improper Locking	CVE-2026-23400	2026-04-25 00:17	2026-03-29	Show	GitHub Exploit DB Packet Storm

3598	5.5	MEDIUM Local	linux	linux_kernel	En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: rust_binder: llamar a set_notification_done() sin el bloqueo de proc Considere la siguiente secuencia de eventos en un oyente de…	CWE-667 Improper Locking	CVE-2026-23400	2026-04-25 00:17	2026-03-29	Show	GitHub Exploit DB Packet Storm

3599	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE When installing an emulated MMIO SPTE, do so after…	NVD-CWE-noinfo	CVE-2026-23401	2026-04-25 00:17	2026-04-1	Show	GitHub Exploit DB Packet Storm

3600	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Only WARN in direct MMUs when overwriting shadow-present SPTE Adjust KVM's sanity check against overwriting a shado…	NVD-CWE-noinfo	CVE-2026-23402	2026-04-25 00:17	2026-04-1	Show	GitHub Exploit DB Packet Storm