Vendor CVEs
Nvidia
All CVEs
1,011 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-0946 | 0.03 | — | 0.01 | Apr 22, 2012 | The NVIDIA UNIX driver before 295.40 allows local users to access arbitrary memory locations by leveraging GPU device-node read/write privileges. | |||
| CVE-2006-6340 | 0.03 | — | 0.02 | Dec 7, 2006 | keystone.exe in nVIDIA nView allows attackers to cause a denial of service via a long command line argument. NOTE: it is not clear whether this issue crosses security boundaries. If not, then this is not a vulnerability. | |||
| CVE-2021-1056 | 0.01 | — | 0.02 | Jan 8, 2021 | NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidia.ko) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or… | |||
| CVE-2026-53805 | 0.00 | — | 0.01 | Jun 17, 2026 | NVIDIA Spatial Intelligence Lab's (SIL) GEN3C contains an unauthenticated remote code execution vulnerability in the inference API server where the /request-inference and /seed-model endpoints deserialize raw HTTP request bodies using Python's pickle.loads() without… | |||
| CVE-2026-24159 | 0.00 | — | 0.01 | Mar 24, 2026 | NVIDIA NeMo Framework contains a vulnerability where an attacker may cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure and data tampering. | |||
| CVE-2026-24157 | 0.00 | — | 0.01 | Mar 24, 2026 | NVIDIA NeMo Framework contains a vulnerability in checkpoint loading where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure and data tampering. | |||
| CVE-2026-24141 | 0.00 | — | 0.00 | Mar 24, 2026 | NVIDIA Model Optimizer for Windows and Linux contains a vulnerability in the ONNX quantization feature, where a user could cause unsafe deserialization by providing a specially crafted input file. A successful exploit of this vulnerability might lead to code execution,… | |||
| CVE-2026-24158 | 0.00 | — | 0.00 | Mar 24, 2026 | NVIDIA Triton Inference Server contains a vulnerability in the HTTP endpoint where an attacker may cause a denial of service by providing a large compressed payload. A successful exploit of this vulnerability may lead to denial of service. | |||
| CVE-2025-33254 | 0.00 | — | 0.00 | Mar 24, 2026 | NVIDIA Triton Inference Server contains a vulnerability where an attacker may cause internal state corruption. A successful exploit of this vulnerability may lead to a denial of service. | |||
| CVE-2025-33238 | 0.00 | — | 0.00 | Mar 24, 2026 | NVIDIA Triton Inference Server Sagemaker HTTP server contains a vulnerability where an attacker may cause an exception. A successful exploit of this vulnerability may lead to denial of service. | |||
| CVE-2026-24152 | 0.00 | — | 0.00 | Mar 24, 2026 | NVIDIA Megatron-LM contains a vulnerability in checkpoint loading where an Attacker may cause an RCE by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure,… | |||
| CVE-2026-24151 | 0.00 | — | 0.00 | Mar 24, 2026 | NVIDIA Megatron-LM contains a vulnerability in inferencing where an Attacker may cause an RCE by convincing a user to load a maliciously crafted input. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and… | |||
| CVE-2026-24150 | 0.00 | — | 0.00 | Mar 24, 2026 | NVIDIA Megatron-LM contains a vulnerability in checkpoint loading where an Attacker may cause an RCE by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure,… | |||
| CVE-2025-33248 | 0.00 | — | 0.00 | Mar 24, 2026 | NVIDIA Megatron-LM contains a vulnerability in the hybrid conversion script where an Attacker may cause an RCE by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information… | |||
| CVE-2025-33247 | 0.00 | — | 0.00 | Mar 24, 2026 | NVIDIA Megatron LM contains a vulnerability in quantization configuration loading, which could allow remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. | |||
| CVE-2025-33242 | 0.00 | — | 0.00 | Mar 24, 2026 | NVIDIA B300 MCU contains a vulnerability in the CX8 MCU that could allow a malicious actor to modify unsupported registries, causing a bad state. A successful exploit of this vulnerability might lead to denial of service and data tampering. | |||
| CVE-2025-33216 | 0.00 | — | 0.00 | Mar 24, 2026 | NVIDIA SNAP-4 Container contains a vulnerability in the configuration interface where an attacker on a VM may cause an incorrect calculation of buffer size by sending crafted configurations. A successful exploit of this vulnerability may lead to crash of the SNAP service,… | |||
| CVE-2025-33215 | 0.00 | — | 0.00 | Mar 24, 2026 | NVIDIA SNAP-4 Container contains a vulnerability in the VIRTIO-BLK component where a malicious guest VM may cause use of out-of-range pointer offset by sending crafted messages. A successful exploit of this vulnerability may lead to a denial of service of the DPA and impact the… | |||
| CVE-2026-24241 | 0.00 | — | 0.01 | Feb 24, 2026 | NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an attacker could exploit an improper authentication issue. A successful exploit of this vulnerability might lead to information disclosure. | |||
| CVE-2025-33181 | 0.00 | — | 0.00 | Feb 24, 2026 | NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges. | |||
| CVE-2025-33180 | 0.00 | — | 0.01 | Feb 24, 2026 | NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges. | |||
| CVE-2025-33179 | 0.00 | — | 0.01 | Feb 24, 2026 | NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could run an unauthorized command. A successful exploit of this vulnerability might lead to escalation of privileges. | |||
| CVE-2025-33240 | 0.00 | — | 0.00 | Feb 18, 2026 | NVIDIA Megatron Bridge contains a vulnerability in a data shuffling tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. | |||
| CVE-2025-33239 | 0.00 | — | 0.00 | Feb 18, 2026 | NVIDIA Megatron Bridge contains a vulnerability in a data merging tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. | |||
| CVE-2025-33253 | 0.00 | — | 0.00 | Feb 18, 2026 | NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and… | |||
| CVE-2025-33252 | 0.00 | — | 0.00 | Feb 18, 2026 | NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering. | |||
| CVE-2025-33251 | 0.00 | — | 0.00 | Feb 18, 2026 | NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering. | |||
| CVE-2025-33250 | 0.00 | — | 0.00 | Feb 18, 2026 | NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering. | |||
| CVE-2025-33249 | 0.00 | — | 0.00 | Feb 18, 2026 | NVIDIA NeMo Framework for all platforms contains a vulnerability in a voice-preprocessing script, where malicious input created by an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges,… | |||
| CVE-2025-33246 | 0.00 | — | 0.01 | Feb 18, 2026 | NVIDIA NeMo Framework for all platforms contains a vulnerability in the ASR Evaluator utility, where a user could cause a command injection by supplying crafted input to a configuration parameter. A successful exploit of this vulnerability might lead to code execution,… | |||
| CVE-2025-33245 | 0.00 | — | 0.01 | Feb 18, 2026 | NVIDIA NeMo Framework contains a vulnerability where malicious data could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. | |||
| CVE-2025-33243 | 0.00 | — | 0.00 | Feb 18, 2026 | NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution in distributed environments. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. | |||
| CVE-2025-33241 | 0.00 | — | 0.00 | Feb 18, 2026 | NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by loading a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. | |||
| CVE-2025-33236 | 0.00 | — | 0.00 | Feb 18, 2026 | NVIDIA NeMo Framework contains a vulnerability where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. | |||
| CVE-2025-33231 | 0.00 | — | 0.00 | Jan 20, 2026 | NVIDIA Nsight Systems for Windows contains a vulnerability in the application’s DLL loading mechanism where an attacker could cause an uncontrolled search path element by exploiting insecure DLL search paths. A successful exploit of this vulnerability might lead to code… | |||
| CVE-2025-33230 | 0.00 | — | 0.01 | Jan 20, 2026 | NVIDIA Nsight Systems for Linux contains a vulnerability in the .run installer, where an attacker could cause an OS command injection by supplying a malicious string to the installation path. A successful exploit of this vulnerability might lead to escalation of privileges, code… | |||
| CVE-2025-33229 | 0.00 | — | 0.00 | Jan 20, 2026 | NVIDIA Nsight Visual Studio for Windows contains a vulnerability in Nsight Monitor where an attacker can execute arbitrary code with the same privileges as the NVIDIA Nsight Visual Studio Edition Monitor application. A successful exploit of this vulnerability may lead to… | |||
| CVE-2025-33228 | 0.00 | — | 0.01 | Jan 20, 2026 | NVIDIA Nsight Systems contains a vulnerability in the gfx_hotspot recipe, where an attacker could cause an OS command injection by supplying a malicious string to the process_nsys_rep_cli.py script if the script is invoked manually. A successful exploit of this vulnerability… | |||
| CVE-2025-33206 | 0.00 | — | 0.01 | Jan 14, 2026 | NVIDIA NSIGHT Graphics for Linux contains a vulnerability where an attacker could cause command injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and denial of service. | |||
| CVE-2023-54168 | 0.00 | — | 0.00 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() The ucmd->log_sq_bb_count variable is controlled by the user so this shift can wrap. Fix it by using check_shl_overflow() in the same way that it was… | |||
| CVE-2025-33235 | 0.00 | — | 0.00 | Dec 16, 2025 | NVIDIA Resiliency Extension for Linux contains a vulnerability in the checkpointing core, where an attacker may cause a race condition. A successful exploit of this vulnerability might lead to information disclosure, data tampering, denial of service, or escalation of privileges. | |||
| CVE-2025-33225 | 0.00 | — | 0.00 | Dec 16, 2025 | NVIDIA Resiliency Extension for Linux contains a vulnerability in log aggregation, where an attacker could cause predictable log-file names. A successful exploit of this vulnerability may lead to escalation of privileges, code execution, denial of service, information… | |||
| CVE-2025-33210 | 0.00 | — | 0.01 | Dec 16, 2025 | NVIDIA Isaac Lab contains a deserialization vulnerability. A successful exploit of this vulnerability might lead to code execution. | |||
| CVE-2025-33226 | 0.00 | — | 0.00 | Dec 16, 2025 | NVIDIA NeMo Framework for all platforms contains a vulnerability where malicious data created by an attacker may cause a code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering. | |||
| CVE-2025-33212 | 0.00 | — | 0.00 | Dec 16, 2025 | NVIDIA NeMo Framework contains a vulnerability in model loading that could allow an attacker to exploit improper control mechanisms if a user loads a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges,… | |||
| CVE-2025-33211 | 0.00 | — | 0.01 | Dec 3, 2025 | NVIDIA Triton Server for Linux contains a vulnerability where an attacker may cause an improper validation of specified quantity in input. A successful exploit of this vulnerability may lead to denial of service. | |||
| CVE-2025-33201 | 0.00 | — | 0.01 | Dec 3, 2025 | NVIDIA Triton Inference Server contains a vulnerability where an attacker may cause an improper check for unusual or exceptional conditions issue by sending extra large payloads. A successful exploit of this vulnerability may lead to denial of service. | |||
| CVE-2025-33205 | 0.00 | — | 0.00 | Nov 25, 2025 | NVIDIA NeMo framework contains a vulnerability in a predefined variable, where an attacker could cause inclusion of functionality from an untrusted control sphere by use of a predefined variable. A successful exploit of this vulnerability may lead to code execution. | |||
| CVE-2025-33204 | 0.00 | — | 0.00 | Nov 25, 2025 | NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP and LLM components, where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information… | |||
| CVE-2025-33200 | 0.00 | — | 0.00 | Nov 25, 2025 | NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. A successful exploit of this vulnerability might lead to information disclosure. |
- CVE-2012-0946Apr 22, 2012risk 0.03cvss —epss 0.01
The NVIDIA UNIX driver before 295.40 allows local users to access arbitrary memory locations by leveraging GPU device-node read/write privileges.
- CVE-2006-6340Dec 7, 2006risk 0.03cvss —epss 0.02
keystone.exe in nVIDIA nView allows attackers to cause a denial of service via a long command line argument. NOTE: it is not clear whether this issue crosses security boundaries. If not, then this is not a vulnerability.
- CVE-2021-1056Jan 8, 2021risk 0.01cvss —epss 0.02
NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidia.ko) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or…
- CVE-2026-53805Jun 17, 2026risk 0.00cvss —epss 0.01
NVIDIA Spatial Intelligence Lab's (SIL) GEN3C contains an unauthenticated remote code execution vulnerability in the inference API server where the /request-inference and /seed-model endpoints deserialize raw HTTP request bodies using Python's pickle.loads() without…
- CVE-2026-24159Mar 24, 2026risk 0.00cvss —epss 0.01
NVIDIA NeMo Framework contains a vulnerability where an attacker may cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure and data tampering.
- CVE-2026-24157Mar 24, 2026risk 0.00cvss —epss 0.01
NVIDIA NeMo Framework contains a vulnerability in checkpoint loading where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure and data tampering.
- CVE-2026-24141Mar 24, 2026risk 0.00cvss —epss 0.00
NVIDIA Model Optimizer for Windows and Linux contains a vulnerability in the ONNX quantization feature, where a user could cause unsafe deserialization by providing a specially crafted input file. A successful exploit of this vulnerability might lead to code execution,…
- CVE-2026-24158Mar 24, 2026risk 0.00cvss —epss 0.00
NVIDIA Triton Inference Server contains a vulnerability in the HTTP endpoint where an attacker may cause a denial of service by providing a large compressed payload. A successful exploit of this vulnerability may lead to denial of service.
- CVE-2025-33254Mar 24, 2026risk 0.00cvss —epss 0.00
NVIDIA Triton Inference Server contains a vulnerability where an attacker may cause internal state corruption. A successful exploit of this vulnerability may lead to a denial of service.
- CVE-2025-33238Mar 24, 2026risk 0.00cvss —epss 0.00
NVIDIA Triton Inference Server Sagemaker HTTP server contains a vulnerability where an attacker may cause an exception. A successful exploit of this vulnerability may lead to denial of service.
- CVE-2026-24152Mar 24, 2026risk 0.00cvss —epss 0.00
NVIDIA Megatron-LM contains a vulnerability in checkpoint loading where an Attacker may cause an RCE by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure,…
- CVE-2026-24151Mar 24, 2026risk 0.00cvss —epss 0.00
NVIDIA Megatron-LM contains a vulnerability in inferencing where an Attacker may cause an RCE by convincing a user to load a maliciously crafted input. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and…
- CVE-2026-24150Mar 24, 2026risk 0.00cvss —epss 0.00
NVIDIA Megatron-LM contains a vulnerability in checkpoint loading where an Attacker may cause an RCE by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure,…
- CVE-2025-33248Mar 24, 2026risk 0.00cvss —epss 0.00
NVIDIA Megatron-LM contains a vulnerability in the hybrid conversion script where an Attacker may cause an RCE by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information…
- CVE-2025-33247Mar 24, 2026risk 0.00cvss —epss 0.00
NVIDIA Megatron LM contains a vulnerability in quantization configuration loading, which could allow remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
- CVE-2025-33242Mar 24, 2026risk 0.00cvss —epss 0.00
NVIDIA B300 MCU contains a vulnerability in the CX8 MCU that could allow a malicious actor to modify unsupported registries, causing a bad state. A successful exploit of this vulnerability might lead to denial of service and data tampering.
- CVE-2025-33216Mar 24, 2026risk 0.00cvss —epss 0.00
NVIDIA SNAP-4 Container contains a vulnerability in the configuration interface where an attacker on a VM may cause an incorrect calculation of buffer size by sending crafted configurations. A successful exploit of this vulnerability may lead to crash of the SNAP service,…
- CVE-2025-33215Mar 24, 2026risk 0.00cvss —epss 0.00
NVIDIA SNAP-4 Container contains a vulnerability in the VIRTIO-BLK component where a malicious guest VM may cause use of out-of-range pointer offset by sending crafted messages. A successful exploit of this vulnerability may lead to a denial of service of the DPA and impact the…
- CVE-2026-24241Feb 24, 2026risk 0.00cvss —epss 0.01
NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an attacker could exploit an improper authentication issue. A successful exploit of this vulnerability might lead to information disclosure.
- CVE-2025-33181Feb 24, 2026risk 0.00cvss —epss 0.00
NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges.
- CVE-2025-33180Feb 24, 2026risk 0.00cvss —epss 0.01
NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges.
- CVE-2025-33179Feb 24, 2026risk 0.00cvss —epss 0.01
NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could run an unauthorized command. A successful exploit of this vulnerability might lead to escalation of privileges.
- CVE-2025-33240Feb 18, 2026risk 0.00cvss —epss 0.00
NVIDIA Megatron Bridge contains a vulnerability in a data shuffling tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
- CVE-2025-33239Feb 18, 2026risk 0.00cvss —epss 0.00
NVIDIA Megatron Bridge contains a vulnerability in a data merging tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
- CVE-2025-33253Feb 18, 2026risk 0.00cvss —epss 0.00
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and…
- CVE-2025-33252Feb 18, 2026risk 0.00cvss —epss 0.00
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.
- CVE-2025-33251Feb 18, 2026risk 0.00cvss —epss 0.00
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.
- CVE-2025-33250Feb 18, 2026risk 0.00cvss —epss 0.00
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.
- CVE-2025-33249Feb 18, 2026risk 0.00cvss —epss 0.00
NVIDIA NeMo Framework for all platforms contains a vulnerability in a voice-preprocessing script, where malicious input created by an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges,…
- CVE-2025-33246Feb 18, 2026risk 0.00cvss —epss 0.01
NVIDIA NeMo Framework for all platforms contains a vulnerability in the ASR Evaluator utility, where a user could cause a command injection by supplying crafted input to a configuration parameter. A successful exploit of this vulnerability might lead to code execution,…
- CVE-2025-33245Feb 18, 2026risk 0.00cvss —epss 0.01
NVIDIA NeMo Framework contains a vulnerability where malicious data could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
- CVE-2025-33243Feb 18, 2026risk 0.00cvss —epss 0.00
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution in distributed environments. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
- CVE-2025-33241Feb 18, 2026risk 0.00cvss —epss 0.00
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by loading a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
- CVE-2025-33236Feb 18, 2026risk 0.00cvss —epss 0.00
NVIDIA NeMo Framework contains a vulnerability where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
- CVE-2025-33231Jan 20, 2026risk 0.00cvss —epss 0.00
NVIDIA Nsight Systems for Windows contains a vulnerability in the application’s DLL loading mechanism where an attacker could cause an uncontrolled search path element by exploiting insecure DLL search paths. A successful exploit of this vulnerability might lead to code…
- CVE-2025-33230Jan 20, 2026risk 0.00cvss —epss 0.01
NVIDIA Nsight Systems for Linux contains a vulnerability in the .run installer, where an attacker could cause an OS command injection by supplying a malicious string to the installation path. A successful exploit of this vulnerability might lead to escalation of privileges, code…
- CVE-2025-33229Jan 20, 2026risk 0.00cvss —epss 0.00
NVIDIA Nsight Visual Studio for Windows contains a vulnerability in Nsight Monitor where an attacker can execute arbitrary code with the same privileges as the NVIDIA Nsight Visual Studio Edition Monitor application. A successful exploit of this vulnerability may lead to…
- CVE-2025-33228Jan 20, 2026risk 0.00cvss —epss 0.01
NVIDIA Nsight Systems contains a vulnerability in the gfx_hotspot recipe, where an attacker could cause an OS command injection by supplying a malicious string to the process_nsys_rep_cli.py script if the script is invoked manually. A successful exploit of this vulnerability…
- CVE-2025-33206Jan 14, 2026risk 0.00cvss —epss 0.01
NVIDIA NSIGHT Graphics for Linux contains a vulnerability where an attacker could cause command injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and denial of service.
- CVE-2023-54168Dec 30, 2025risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() The ucmd->log_sq_bb_count variable is controlled by the user so this shift can wrap. Fix it by using check_shl_overflow() in the same way that it was…
- CVE-2025-33235Dec 16, 2025risk 0.00cvss —epss 0.00
NVIDIA Resiliency Extension for Linux contains a vulnerability in the checkpointing core, where an attacker may cause a race condition. A successful exploit of this vulnerability might lead to information disclosure, data tampering, denial of service, or escalation of privileges.
- CVE-2025-33225Dec 16, 2025risk 0.00cvss —epss 0.00
NVIDIA Resiliency Extension for Linux contains a vulnerability in log aggregation, where an attacker could cause predictable log-file names. A successful exploit of this vulnerability may lead to escalation of privileges, code execution, denial of service, information…
- CVE-2025-33210Dec 16, 2025risk 0.00cvss —epss 0.01
NVIDIA Isaac Lab contains a deserialization vulnerability. A successful exploit of this vulnerability might lead to code execution.
- CVE-2025-33226Dec 16, 2025risk 0.00cvss —epss 0.00
NVIDIA NeMo Framework for all platforms contains a vulnerability where malicious data created by an attacker may cause a code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.
- CVE-2025-33212Dec 16, 2025risk 0.00cvss —epss 0.00
NVIDIA NeMo Framework contains a vulnerability in model loading that could allow an attacker to exploit improper control mechanisms if a user loads a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges,…
- CVE-2025-33211Dec 3, 2025risk 0.00cvss —epss 0.01
NVIDIA Triton Server for Linux contains a vulnerability where an attacker may cause an improper validation of specified quantity in input. A successful exploit of this vulnerability may lead to denial of service.
- CVE-2025-33201Dec 3, 2025risk 0.00cvss —epss 0.01
NVIDIA Triton Inference Server contains a vulnerability where an attacker may cause an improper check for unusual or exceptional conditions issue by sending extra large payloads. A successful exploit of this vulnerability may lead to denial of service.
- CVE-2025-33205Nov 25, 2025risk 0.00cvss —epss 0.00
NVIDIA NeMo framework contains a vulnerability in a predefined variable, where an attacker could cause inclusion of functionality from an untrusted control sphere by use of a predefined variable. A successful exploit of this vulnerability may lead to code execution.
- CVE-2025-33204Nov 25, 2025risk 0.00cvss —epss 0.00
NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP and LLM components, where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information…
- CVE-2025-33200Nov 25, 2025risk 0.00cvss —epss 0.00
NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. A successful exploit of this vulnerability might lead to information disclosure.
Page 9 of 21