U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
Icon for New NVD Communications and Status Updates Page
New Communications Page
The NVD now supports CVSS version 4.0!
CVSS v4.0 Support
The letters N V D typed out in binary
2.0 APIs

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2026-3698 - A vulnerability was identified in UTT HiPER 810G up to 1.7.7-171114. This affects the function strcpy of the file /goform/NTP. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and m... read CVE-2026-3698
    Published: March 07, 2026; 9:16:00 PM -0500

    V3.1: 8.8 HIGH

  • CVE-2026-3699 - A security flaw has been discovered in UTT HiPER 810G up to 1.7.7-171114. This impacts the function strcpy of the file /goform/formRemoteControl. The manipulation results in buffer overflow. The attack may be launched remotely. The exploit has bee... read CVE-2026-3699
    Published: March 07, 2026; 10:16:04 PM -0500

    V3.1: 8.8 HIGH

  • CVE-2026-27939 - Statmatic is a Laravel and Git powered content management system (CMS). Starting in version 6.0.0 and prior to version 6.4.0, Authenticated Control Panel users may under certain conditions obtain elevated privileges without completing the intended... read CVE-2026-27939
    Published: February 27, 2026; 5:16:22 PM -0500

  • CVE-2026-3700 - A weakness has been identified in UTT HiPER 810G up to 1.7.7-171114. Affected is the function strcpy of the file /goform/formConfigDnsFilterGlobal. This manipulation causes buffer overflow. Remote exploitation of the attack is possible. The exploi... read CVE-2026-3700
    Published: March 07, 2026; 10:16:05 PM -0500

    V3.1: 8.8 HIGH

  • CVE-2025-10097 - A vulnerability was identified in SimStudioAI sim up to 1.0.0. This impacts an unknown function of the file apps/sim/app/api/function/execute/route.ts. The manipulation of the argument code leads to code injection. The attack is possible to be car... read CVE-2025-10097
    Published: September 08, 2025; 1:15:32 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2025-15578 - Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely. The session id is seeded with the system time (which is available from HTTP response headers), a call to the built-in rand() function, and the PID.
    Published: February 16, 2026; 5:22:40 PM -0500

  • CVE-2026-28515 - openDCIM version 23.04, through commit 4467e9c4, contains a missing authorization vulnerability in install.php and container-install.php. The installer and upgrade handler expose LDAP configuration functionality without enforcing application role ... read CVE-2026-28515
    Published: February 27, 2026; 6:16:05 PM -0500

    V3.1: 8.8 HIGH

  • CVE-2026-28516 - openDCIM version 23.04, through commit 4467e9c4, contains a SQL injection vulnerability in Config::UpdateParameter. The install.php and container-install.php handlers pass user-supplied input directly into SQL statements using string interpolation... read CVE-2026-28516
    Published: February 27, 2026; 6:16:06 PM -0500

    V3.1: 8.8 HIGH

  • CVE-2026-28517 - openDCIM version 23.04, through commit 4467e9c4, contains an OS command injection vulnerability in report_network_map.php. The application retrieves the 'dot' configuration parameter from the database and passes it directly to exec() without valid... read CVE-2026-28517
    Published: February 27, 2026; 6:16:06 PM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2026-2844 - Missing Authentication for Critical Function vulnerability in Microchip TimePictra allows Configuration/Environment Manipulation.This issue affects TimePictra: from 11.0 through 11.3 SP2.
    Published: February 28, 2026; 7:16:37 AM -0500

    V3.1: 7.5 HIGH

  • CVE-2026-3010 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimePictra allows Query System for Information.This issue affects TimePictra: from 11.0 through 11.3 SP2.
    Published: February 28, 2026; 7:16:39 AM -0500

    V3.1: 6.1 MEDIUM

  • CVE-2026-3814 - A security flaw has been discovered in UTT HiPER 810G up to 1.7.7-1711. Affected by this issue is the function strcpy of the file /goform/getOneApConfTempEntry. Performing a manipulation results in buffer overflow. It is possible to initiate the a... read CVE-2026-3814
    Published: March 09, 2026; 6:16:03 AM -0400

    V3.1: 8.8 HIGH

  • CVE-2026-3815 - A weakness has been identified in UTT HiPER 810G up to 1.7.7-1711. This affects the function strcpy of the file /goform/formApMail. Executing a manipulation can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has... read CVE-2026-3815
    Published: March 09, 2026; 7:16:06 AM -0400

    V3.1: 8.8 HIGH

  • CVE-2026-3385 - A vulnerability was detected in wren-lang wren up to 0.4.0. Affected is the function resolveLocal of the file src/vm/wren_compiler.c. The manipulation results in uncontrolled recursion. Attacking locally is a requirement. The exploit is now public... read CVE-2026-3385
    Published: March 01, 2026; 4:15:57 AM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2025-66168 - Apache ActiveMQ does not properly validate the remaining length field which may lead to an overflow during the decoding of malformed packets. When this integer overflow occurs, ActiveMQ may incorrectly compute the total Remaining Length and subseq... read CVE-2025-66168
    Published: March 04, 2026; 4:15:54 AM -0500

    V3.1: 8.8 HIGH

  • CVE-2026-25877 - Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, the application performs authorization checks based solely on the project_id parameter when hand... read CVE-2026-25877
    Published: March 06, 2026; 12:16:28 AM -0500

  • CVE-2026-25887 - Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, there is a remote code execution vulnerability via the MongoDB dataset Query. This issue has bee... read CVE-2026-25887
    Published: March 06, 2026; 12:16:29 AM -0500

  • CVE-2026-25888 - Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, there is a remote code execution vulnerability via a vulnerable API. This issue has been patched... read CVE-2026-25888
    Published: March 06, 2026; 12:16:29 AM -0500

  • CVE-2026-27005 - Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.3, an unauthenticated attacker can inject arbitrary SQL into queries executed against databases con... read CVE-2026-27005
    Published: March 06, 2026; 12:16:30 AM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2026-27603 - Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.4, the chart filter endpoint POST /project/:project_id/chart/:chart_id/filter is missing both verif... read CVE-2026-27603
    Published: March 06, 2026; 12:16:30 AM -0500

    V3.1: 7.5 HIGH

Created September 20, 2022 , Updated August 27, 2024