Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

NVIDIA Corporation

BOS ID

-
BOSS-VENDOR-94862

Tags

-
N/A

Related Bos

-
N/A

Note

-

https://www.nvidia.com/ https://www.nvidia.com/en-in/drivers/legalfo/

Mapped CVEsMapped VendorsRelated AssignersReports
991Vulnerabilities found

CVE-2026-24272
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.15% / 4.71%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 20:16
Updated-17 Jul, 2026 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA TensorRT contains a vulnerability where an attacker might cause an overflow to a heap-based buffer. A successful exploit of this vulnerability might lead to code execution.

Action-Not Available
Vendor-NVIDIA Corporation
Product-tensorrtTensorRT
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-24268
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.17% / 6.25%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 20:15
Updated-17 Jul, 2026 | 03:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA TensorRT contains a vulnerability where an attacker might cause a heap-based buffer overflow. A successful exploit of this vulnerability might lead to code execution.

Action-Not Available
Vendor-NVIDIA Corporation
Product-tensorrtTensorRT
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-24238
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.15% / 4.71%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 20:15
Updated-17 Jul, 2026 | 03:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA TensorRT for contains a vulnerability where an attacker might cause an improper validation of array index. A successful exploit of this vulnerability might lead to code execution.

Action-Not Available
Vendor-NVIDIA Corporation
Product-tensorrtTensorRT
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2026-24227
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.70% / 48.91%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 20:14
Updated-17 Jul, 2026 | 03:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA TensorRT for contains a vulnerability where a user might cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution.

Action-Not Available
Vendor-NVIDIA Corporation
Product-tensorrtTensorRT
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-24271
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.12% / 2.18%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 20:09
Updated-15 Jul, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API, where an attacker could cause allocation of GPU resources without limits or throttling. A successful exploit of this vulnerability might lead to denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-TensorRT-LLM
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-47475
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.12% / 2.17%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 20:08
Updated-15 Jul, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API where an attacker could trigger a reachable assertion in the sampler thread. A successful exploit of this vulnerability might lead to denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-TensorRT-LLM
CWE ID-CWE-617
Reachable Assertion
CVE-2026-47470
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.12% / 2.18%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 20:07
Updated-15 Jul, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA TensorRT-LLM for any platform contains a vulnerability in the gRPC server chat API endpoint, where an attacker could cause CWE-20 by local attack. A successful exploit of this vulnerability might lead to denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-TensorRT-LLM
CWE ID-CWE-20
Improper Input Validation
CVE-2026-24226
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.12% / 2.11%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 20:07
Updated-15 Jul, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause improper control of code generation. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-TensorRT-LLM
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2026-24259
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-6.4||MEDIUM
EPSS-0.14% / 3.62%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 20:06
Updated-15 Jul, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause missing authentication for a critical function. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-TensorRT-LLM
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-24220
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-6.4||MEDIUM
EPSS-0.22% / 12.46%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 20:05
Updated-15 Jul, 2026 | 16:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA TensorRT-LLM for any platform contains a vulnerability in visual gen server, where an attacker could cause an unsafe deserialization by unauthorized zeroMQ deserialization. A successful exploit of this vulnerability might lead to code execution.

Action-Not Available
Vendor-NVIDIA Corporation
Product-TensorRT-LLM
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-24234
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 1.69%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 20:04
Updated-15 Jul, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA TensorRT-LLM for Linux contains a vulnerability in the multimodal media fetching functions, where a network-accessible attacker could cause server-side request forgery. A successful exploit of this vulnerability might lead to denial of service and information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-TensorRT-LLM
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-24229
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.3||HIGH
EPSS-0.12% / 2.28%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 20:04
Updated-15 Jul, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA TensorRT-LLM for Linux contains a vulnerability in the disaggregated orchestrator component, where an attacker could read, write, or delete internal cluster state by sending requests to the FastAPI server. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-TensorRT-LLM
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-47473
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.4||HIGH
EPSS-0.13% / 2.89%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 20:03
Updated-15 Jul, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA TensorRT-LLM contains a vulnerability where an attacker could cause a write-what-where condition. A successful exploit of this vulnerability might lead to data tampering, denial of service, and information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-TensorRT-LLM
CWE ID-CWE-123
Write-what-where Condition
CVE-2026-47471
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.5||HIGH
EPSS-0.22% / 11.98%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 20:02
Updated-15 Jul, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA TensorRT-LLM for any platform contains a vulnerability in tensor deserialization, where an attacker could cause a heap based buffer overflow. A successful exploit of this vulnerability might lead to information disclosure, data tampering, or denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-TensorRT-LLM
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-47472
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.23% / 13.25%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 20:01
Updated-15 Jul, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA TensorRT-LLM contains a vulnerability in its inter-process communication layer where an attacker with local same-user access could cause deserialization. A successful exploit of this vulnerability might lead to code execution, information disclosure, data tampering, and denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-TensorRT-LLM
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-24233
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-8.4||HIGH
EPSS-0.26% / 17.83%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 20:00
Updated-15 Jul, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA TensorRT-LLM for Linux contains a vulnerability in the restricted unpickler used for model weight deserialization, where a local, unauthenticated attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-TensorRT-LLM
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-47482
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 19.83%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 19:50
Updated-15 Jul, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause missing release of memory after effective lifetime. A successful exploit of this vulnerability might lead to denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-Triton Inference Server
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2026-47481
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.26% / 17.27%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 19:49
Updated-15 Jul, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause an authentication bypass through an alternative path or channel. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-Triton Inference Server
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2026-47480
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 19.84%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 19:47
Updated-15 Jul, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause an uncaught exception. A successful exploit of this vulnerability might lead to denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-Triton Inference Server
CWE ID-CWE-248
Uncaught Exception
CVE-2026-47479
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 19.83%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 19:46
Updated-15 Jul, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause uncontrolled resource consumption. A successful exploit of this vulnerability might lead to denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-Triton Inference Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-47478
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.5||HIGH
EPSS-0.30% / 22.02%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 19:45
Updated-15 Jul, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause the use of an expired file descriptor. A successful exploit of this vulnerability might lead to denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-Triton Inference Server
CWE ID-CWE-910
Use of Expired File Descriptor
CVE-2026-47477
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.5||HIGH
EPSS-0.31% / 22.72%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 19:45
Updated-15 Jul, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause a stack-based buffer overflow. A successful exploit of this vulnerability might lead to denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-Triton Inference Server
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-47476
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 26.57%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 19:43
Updated-15 Jul, 2026 | 16:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause uncontrolled resource consumption. A successful exploit of this vulnerability might lead to denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-Triton Inference Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-24270
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.84% / 53.81%
||
7 Day CHG~0.00%
Published-01 Jul, 2026 | 15:12
Updated-01 Jul, 2026 | 18:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA AIStore framework contains a vulnerability where an attacker could bypass authentication. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-AIStore framework
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2026-24266
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.72% / 49.68%
||
7 Day CHG~0.00%
Published-01 Jul, 2026 | 15:11
Updated-06 Jul, 2026 | 13:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause a use-after-free issue. A successful exploit of this vulnerability might lead to denial of service.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, Inc
Product-triton_inference_serverlinux_kernelTriton Inference Server
CWE ID-CWE-416
Use After Free
CVE-2026-24264
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.5||HIGH
EPSS-0.77% / 51.64%
||
7 Day CHG~0.00%
Published-01 Jul, 2026 | 15:11
Updated-06 Jul, 2026 | 13:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause improper handling of highly compressed data. A successful exploit of this vulnerability might lead to denial of service.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, Inc
Product-triton_inference_serverlinux_kernelTriton Inference Server
CWE ID-CWE-409
Improper Handling of Highly Compressed Data (Data Amplification)
CVE-2026-24251
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.15% / 5.12%
||
7 Day CHG~0.00%
Published-01 Jul, 2026 | 14:58
Updated-02 Jul, 2026 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of dynamically managed code resources. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, Inc
Product-nemo_megatron_bridgelinux_kernelMegatron-Bridge
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-24250
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.15% / 5.12%
||
7 Day CHG~0.00%
Published-01 Jul, 2026 | 14:58
Updated-02 Jul, 2026 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper validation of allowed inputs. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, Inc
Product-nemo_megatron_bridgelinux_kernelMegatron-Bridge
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-24249
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.16% / 6.01%
||
7 Day CHG~0.00%
Published-01 Jul, 2026 | 14:57
Updated-02 Jul, 2026 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, Inc
Product-nemo_megatron_bridgelinux_kernelMegatron-Bridge
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-24248
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.18% / 7.18%
||
7 Day CHG~0.00%
Published-01 Jul, 2026 | 14:57
Updated-02 Jul, 2026 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of code generation. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, Inc
Product-nemo_megatron_bridgelinux_kernelMegatron-Bridge
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-24247
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.17% / 6.51%
||
7 Day CHG~0.00%
Published-01 Jul, 2026 | 14:56
Updated-02 Jul, 2026 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, Inc
Product-nemo_megatron_bridgelinux_kernelMegatron-Bridge
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-24246
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.17% / 6.51%
||
7 Day CHG~0.00%
Published-01 Jul, 2026 | 14:56
Updated-02 Jul, 2026 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of dynamically managed code resources. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, Inc
Product-nemo_megatron_bridgelinux_kernelMegatron-Bridge
CWE ID-CWE-470
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
CVE-2026-24245
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.15% / 4.98%
||
7 Day CHG~0.00%
Published-01 Jul, 2026 | 14:55
Updated-02 Jul, 2026 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, Inc
Product-nemo_megatron_bridgelinux_kernelMegatron-Bridge
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-24244
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.15% / 4.98%
||
7 Day CHG~0.00%
Published-01 Jul, 2026 | 14:53
Updated-02 Jul, 2026 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, Inc
Product-nemo_megatron_bridgelinux_kernelMegatron-Bridge
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-24243
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.18% / 7.22%
||
7 Day CHG~0.00%
Published-01 Jul, 2026 | 14:49
Updated-02 Jul, 2026 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, Inc
Product-nemo_megatron_bridgelinux_kernelMegatron-Bridge
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-24242
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.15% / 4.46%
||
7 Day CHG~0.00%
Published-01 Jul, 2026 | 14:48
Updated-02 Jul, 2026 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause server-side request forgery. A successful exploit of this vulnerability might lead to information disclosure.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, Inc
Product-nemo_megatron_bridgelinux_kernelMegatron-Bridge
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-24240
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.17% / 6.11%
||
7 Day CHG~0.00%
Published-01 Jul, 2026 | 14:43
Updated-02 Jul, 2026 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, Inc
Product-nemo_megatron_bridgelinux_kernelMegatron-Bridge
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-23351
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-9||CRITICAL
EPSS-0.27% / 18.68%
||
7 Day CHG~0.00%
Published-01 Jul, 2026 | 14:39
Updated-01 Jul, 2026 | 18:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device.

Action-Not Available
Vendor-NVIDIA Corporation
Product-ConnectX LTS22ConnectX LTS24BlueField LTS24BlueField LTS22ConnectX LTS23ConnectX-4 LXConnectX GAConnectX-4BlueField GABlueField LTS23
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-23350
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-9||CRITICAL
EPSS-0.27% / 18.68%
||
7 Day CHG~0.00%
Published-01 Jul, 2026 | 14:36
Updated-01 Jul, 2026 | 18:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device.

Action-Not Available
Vendor-NVIDIA Corporation
Product-ConnectX LTS22ConnectX LTS24BlueField LTS24BlueField LTS22ConnectX LTS23ConnectX GABlueField GABlueField LTS23
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-24260
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-8.5||HIGH
EPSS-0.49% / 38.84%
||
7 Day CHG~0.00%
Published-01 Jul, 2026 | 14:34
Updated-02 Jul, 2026 | 05:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Container Toolkit for Linux contains a vulnerability where an attacker could cause a time-of-check time-of-use race condition. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-GPU OperatorContainer Toolkit
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2026-24228
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.16% / 5.70%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 16:09
Updated-17 Jun, 2026 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA NeMo Framework for Linux contains a vulnerability where an attacker may cause deserialization of untrusted data. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, data tampering, and information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-NeMo Framework
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-24155
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.19% / 9.21%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 16:08
Updated-17 Jun, 2026 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-NeMo Framework
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-24180
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.3||HIGH
EPSS-0.15% / 4.97%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 16:11
Updated-09 Jun, 2026 | 23:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DALI contains a vulnerability in a component where an attacker could cause a heap-based buffer overflow. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-DALI
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-24181
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.3||HIGH
EPSS-0.14% / 3.71%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 16:11
Updated-09 Jun, 2026 | 23:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DALI contains a vulnerability in a component where an attacker could cause an improper index validation. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-DALI
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2026-24237
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.17% / 6.59%
||
7 Day CHG~0.00%
Published-02 Jun, 2026 | 16:49
Updated-04 Jun, 2026 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-nvtabularNVTabular
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-24221
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.17% / 6.59%
||
7 Day CHG~0.00%
Published-02 Jun, 2026 | 16:48
Updated-04 Jun, 2026 | 17:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering and information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-nvtabularNVTabular
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-33221
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.18% / 7.18%
||
7 Day CHG~0.00%
Published-26 May, 2026 | 17:26
Updated-11 Jun, 2026 | 02:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of this vulnerability might lead to data tampering and denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-gpu_display_driverGeForceNVIDIA RTX, Quadro, NVSTeslaGuest driver
CWE ID-CWE-20
Improper Input Validation
CVE-2026-24201
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.14% / 3.97%
||
7 Day CHG~0.00%
Published-26 May, 2026 | 17:25
Updated-27 May, 2026 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause an out-of-bound access. A successful exploit of this vulnerability might lead to data tampering, denial of service, or information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-Virtual GPU Manager
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-24200
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7||HIGH
EPSS-0.17% / 6.34%
||
7 Day CHG~0.00%
Published-26 May, 2026 | 17:24
Updated-27 May, 2026 | 15:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause a use-after-free for stack memory. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.

Action-Not Available
Vendor-NVIDIA Corporation
Product-Virtual GPU Manager
CWE ID-CWE-416
Use After Free
CVE-2026-24194
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.15% / 4.80%
||
7 Day CHG~0.00%
Published-26 May, 2026 | 17:24
Updated-11 Jun, 2026 | 02:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Display Driver for Linux contains a vulnerability in a kernel mode layer handler, where a user could cause improper permission handling. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.

Action-Not Available
Vendor-NVIDIA Corporation
Product-gpu_display_driverGeForceNVIDIA RTX, Quadro, NVSTeslaGuest driver
CWE ID-CWE-281
Improper Preservation of Permissions
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 19
  • 20
  • Next