Vulnerabilities in NVIDIA
742 resultsVexday analysis
O portfólio de vulnerabilidades da NVIDIA reúne 693 CVEs catalogadas, com 18 classificadas como críticas e 58 surgidas nos últimos 90 dias, indicando um fluxo contínuo de descobertas que exige monitoramento ativo. Nenhuma vulnerabilidade consta atualmente no catálogo KEV da CISA, taxa que fica abaixo da média geral do catálogo, sugerindo menor pressão imediata de exploração em campo — mas não ausência de risco. A CVE mais perigosa no momento é CVE-2024-0132, com EPSS de 0,3646, o valor mais elevado observado no conjunto, o que a posiciona como prioridade de remediação. A falha mais recorrente é CWE-125 (leitura fora dos limites de buffer), padrão que tende a afetar componentes de baixo nível como drivers e firmware, onde a superfície de ataque costuma ser ampla e o impacto potencial elevado.
CVE-2026-24175HIGHNVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash by sending a malformed request header tEPSS 0.5%CVE-2020-5963—NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the Inter Process Communication APIs, in which improper access EPSS 0.5%CVE-2025-23360HIGHNVIDIA Nemo Framework contains a vulnerability where a user could cause a relative path traversal issue by arbitrary file write. A successfuEPSS 0.5%CVE-2025-23327HIGHNVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an integer overflow through specEPSS 0.5%CVE-2026-24160MEDIUMNVIDIA TRT-LLM for any platform contains a vulnerability where an attacker could cause an unchecked return value to a null pointer derefereEPSS 0.5%CVE-2023-31011MEDIUMNVIDIA DGX H100 BMC contains a vulnerability in the REST service where an attacker may cause improper input validation. A successful exploitEPSS 0.5%CVE-2024-53880MEDIUMNVIDIA Triton Inference Server contains a vulnerability in the model loading API, where a user could cause an integer overflow or wraparoundEPSS 0.5%CVE-2025-23335MEDIUMNVIDIA Triton Inference Server for Windows and Linux and the Tensor RT backend contain a vulnerability where an attacker could cause an undeEPSS 0.5%CVE-2023-25525HIGHNVIDIA Cumulus Linux contains a vulnerability in forwarding where a VxLAN-encapsulated IPv6 packet received on an SVI interface with DMAC/DIEPSS 0.5%CVE-2023-25532MEDIUMNVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. A successful exploEPSS 0.5%CVE-2022-42288MEDIUMNVIDIA BMC contains a vulnerability in IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid BMC username, wEPSS 0.5%CVE-2020-5992—NVIDIA GeForce NOW application software on Windows, all versions prior to 2.0.25.119, contains a vulnerability in its open-source software dEPSS 0.5%CVE-2019-5681—NVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in the custom NVIDIA API used in the mount system service where user datEPSS 0.5%CVE-2024-0107HIGHNVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-oEPSS 0.5%CVE-2021-1052—NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for EPSS 0.5%CVE-2025-23321HIGHNVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause a divide by zero issue by issuing an EPSS 0.4%CVE-2021-23175HIGHNVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does not correctly apply individual user access cEPSS 0.4%CVE-2024-0116MEDIUMNVIDIA Triton Inference Server contains a vulnerability where a user may cause an out-of-bounds read issue by releasing a shared memory regiEPSS 0.4%CVE-2019-5680—In NVIDIA Jetson TX1 L4T R32 version branch prior to R32.2, Tegra bootloader contains a vulnerability in nvtboot in which the nvtboot-cpu imEPSS 0.4%CVE-2023-25531HIGHNVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. A successful exploEPSS 0.4%