Vulnerabilidades en NVIDIA
742 resultadosAnálisis Vexday
O portfólio de vulnerabilidades da NVIDIA reúne 693 CVEs catalogadas, com 18 classificadas como críticas e 58 surgidas nos últimos 90 dias, indicando um fluxo contínuo de descobertas que exige monitoramento ativo. Nenhuma vulnerabilidade consta atualmente no catálogo KEV da CISA, taxa que fica abaixo da média geral do catálogo, sugerindo menor pressão imediata de exploração em campo — mas não ausência de risco. A CVE mais perigosa no momento é CVE-2024-0132, com EPSS de 0,3646, o valor mais elevado observado no conjunto, o que a posiciona como prioridade de remediação. A falha mais recorrente é CWE-125 (leitura fora dos limites de buffer), padrão que tende a afetar componentes de baixo nível como drivers e firmware, onde a superfície de ataque costuma ser ampla e o impacto potencial elevado.
CVE-2025-23287LOWNVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may access sensitive system-level information. A successfulEPSS 0.1%CVE-2025-23255LOWNVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary where a user may cause an out-of-bounds read by passiEPSS 0.1%CVE-2025-23346LOWNVIDIA CUDA Toolkit contains a vulnerability in cuobjdump, where an unprivileged user can cause a NULL pointer dereference. A successful exEPSS 0.1%CVE-2025-23248LOWNVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a user may cause an out-of-bounds read by passinEPSS 0.1%CVE-2025-23345MEDIUMNVIDIA Display Driver for Windows and Linux contains a vulnerability in a video decoder, where an attacker might cause an out-of-bounds readEPSS 0.1%CVE-2025-23356HIGHNVIDIA Isaac Lab contains a vulnerability in SB3 configuration parsing. A successful exploit of this vulnerability might lead to code executEPSS 0.1%CVE-2025-23262MEDIUMNVIDIA ConnectX contains a vulnerability in the management interface, where an attacker with local access could cause incorrect authorizatioEPSS 0.1%CVE-2025-23246MEDIUMNVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows a guest to conEPSS 0.1%CVE-2023-31020MEDIUMCVEEPSS 0.1%CVE-2026-24201MEDIUMNVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause an out-of-bound access. A successfulEPSS 0.1%CVE-2025-23355MEDIUMNVIDIA Nsight Graphics for Windows contains a vulnerability in an ngfx component, where an attacker could cause a DLL highjacking attack. A EPSS 0.1%CVE-2025-33197MEDIUMNVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a NULL pointer dereference. A successful expEPSS 0.1%CVE-2025-23337MEDIUMNVIDIA HGX & DGX GB200, GB300, B300 contain a vulnerability in the HGX Management Controller (HMC) that may allow a malicious actor with adEPSS 0.1%CVE-2023-0192MEDIUMNVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer handler, where improper privilege management can leaEPSS 0.1%CVE-2025-33191MEDIUMNVIDIA DGX Spark GB10 contains a vulnerability in OSROOT firmware, where an attacker could cause an invalid memory read. A successful exploiEPSS 0.1%CVE-2025-23272MEDIUMNVIDIA nvJPEG library contains a vulnerability where an attacker can cause an out-of-bounds read by means of a specially crafted JPEG file. EPSS 0.1%CVE-2023-25521HIGH
NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause execution with unnecessary privileges by leveraging EPSS 0.1%CVE-2025-23257HIGHNVIDIA DOCA contains a vulnerability in the collectx-clxapidev Debian package that could allow an actor with low privileges to escalate privEPSS 0.1%CVE-2025-23258HIGHNVIDIA DOCA contains a vulnerability in the collectx-dpeserver Debian package for arm64 that could allow an attacker with low privileges to EPSS 0.1%CVE-2026-24181HIGHNVIDIA DALI contains a vulnerability in a component where an attacker could cause an improper index validation. A successful exploit of thisEPSS 0.1%