U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
Icon for New NVD Communications and Status Updates Page
New Communications Page
The NVD now supports CVSS version 4.0!
CVSS v4.0 Support
The letters N V D typed out in binary
2.0 APIs

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2024-30150 - HCL MyCloud is affected by Improper Access Control - an unauthenticated privilege escalation vulnerability which may lead to information disclosure and potential for Server-Side Request Forgery (SSRF) and Denial of Service(DOS) attacks from unauth... read CVE-2024-30150
    Published: February 25, 2025; 6:15:10 PM -0500

    V3.1: 9.1 CRITICAL

  • CVE-2024-49417 - Use of implicit intent for sensitive communication in Smart Touch Call prior to 1.0.0.8 allows local attackers to launch privileged activities. User interaction is required for triggering this vulnerability.
    Published: December 03, 2024; 1:15:09 AM -0500

    V3.1: 3.3 LOW

  • CVE-2024-37472 - Cross Site Scripting (XSS) vulnerability in WofficeIO Woffice allows Reflected XSS.This issue affects Woffice: from n/a through 5.4.8.
    Published: July 04, 2024; 3:15:10 PM -0400

    V3.1: 6.1 MEDIUM

  • CVE-2024-37471 - Cross Site Scripting (XSS) vulnerability in WofficeIO Woffice Core allows Reflected XSS.This issue affects Woffice Core: from n/a through 5.4.8.
    Published: July 04, 2024; 3:15:10 PM -0400

    V3.1: 6.1 MEDIUM

  • CVE-2024-4598 - An information disclosure vulnerability exists in multiple WSO2 products due to improper implementation of the enrich mediator. Authenticated users may be able to view unintended business data from other mediation contexts because the internal sta... read CVE-2024-4598
    Published: September 23, 2025; 7:15:39 AM -0400

  • CVE-2025-11093 - An arbitrary code execution vulnerability exists in multiple WSO2 products due to insufficient restrictions in the GraalJS and NashornJS Script Mediator engines. Authenticated users with elevated privileges can execute arbitrary code within the in... read CVE-2025-11093
    Published: November 05, 2025; 2:15:49 PM -0500

    V3.1: 7.2 HIGH

  • CVE-2024-43184 - IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the We... read CVE-2024-43184
    Published: September 04, 2025; 11:15:45 AM -0400

  • CVE-2025-25048 - IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 could allow an authenticated user to upload files to the system due to improper neutralization of sequences that can resolve to a restric... read CVE-2025-25048
    Published: September 04, 2025; 11:15:46 AM -0400

  • CVE-2025-10978 - A security flaw has been discovered in JeecgBoot up to 3.8.2. The affected element is an unknown function of the file /sys/user/exportXls of the component Filter Handler. The manipulation results in improper authorization. The attack may be perfor... read CVE-2025-10978
    Published: September 25, 2025; 7:15:48 PM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2025-10977 - A vulnerability was identified in JeecgBoot up to 3.8.2. Impacted is an unknown function of the file /sys/tenant/deleteBatch. The manipulation of the argument ids leads to improper authorization. The attack is possible to be carried out remotely. ... read CVE-2025-10977
    Published: September 25, 2025; 7:15:47 PM -0400

    V3.1: 5.3 MEDIUM

  • CVE-2025-10976 - A vulnerability was determined in JeecgBoot up to 3.8.2. This issue affects some unknown processing of the file /api/getDepartUserList. Executing manipulation of the argument departId can lead to improper authorization. The attack can be executed ... read CVE-2025-10976
    Published: September 25, 2025; 6:15:34 PM -0400

    V3.1: 5.3 MEDIUM

  • CVE-2025-14705 - A vulnerability was determined in Shiguangwu sgwbox N3 2.0.25. This affects an unknown function of the component SHARESERVER Feature. This manipulation of the argument params causes command injection. The attack can be initiated remotely. The expl... read CVE-2025-14705
    Published: December 15, 2025; 12:15:51 AM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2025-14704 - A vulnerability was found in Shiguangwu sgwbox N3 2.0.25. The impacted element is an unknown function of the file /eshell of the component API. The manipulation results in path traversal. It is possible to launch the attack remotely. The exploit h... read CVE-2025-14704
    Published: December 15, 2025; 12:15:43 AM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2025-14703 - A vulnerability has been found in Shiguangwu sgwbox N3 2.0.25. The affected element is an unknown function of the file /fsnotify of the component POST Message Handler. The manipulation of the argument token leads to improper authentication. It is ... read CVE-2025-14703
    Published: December 14, 2025; 11:15:36 PM -0500

    V3.1: 5.3 MEDIUM

  • CVE-2025-14708 - A weakness has been identified in Shiguangwu sgwbox N3 2.0.25. Affected by this vulnerability is an unknown functionality of the file /usr/sbin/http_eshell_server of the component WIREDCFGGET Interface. Executing manipulation of the argument param... read CVE-2025-14708
    Published: December 15, 2025; 2:15:51 AM -0500

    V3.1: 7.5 HIGH

  • CVE-2025-14707 - A security flaw has been discovered in Shiguangwu sgwbox N3 2.0.25. Affected is an unknown function of the file /usr/sbin/http_eshell_server of the component DOCKER Feature. Performing manipulation of the argument params results in command injecti... read CVE-2025-14707
    Published: December 15, 2025; 1:15:43 AM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2025-63735 - A reflected Cross site scripting (XSS) vulnerability in Ruckus Unleashed 200.13.6.1.319 via the name parameter to the the captive-portal endpoint selfguestpass/guestAccessSubmit.jsp.
    Published: November 25, 2025; 5:15:47 PM -0500

  • CVE-2025-64055 - An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to access administrative functions of the device (e.g. file upload, firmware update, reboot...) via a crafted authentication bypass.
    Published: December 03, 2025; 4:15:52 PM -0500

  • CVE-2025-64056 - File upload vulnerability in Fanvil x210 V2 2.12.20 allows unauthenticated attackers on the local network to store arbitrary files on the filesystem.
    Published: December 05, 2025; 11:15:50 AM -0500

  • CVE-2025-64057 - Directory traversal vulnerability in Fanvil x210 V2 2.12.20 allows unauthenticated attackers on the local network to store files in arbitrary locations and potentially modify the system configuration or other unspecified impacts.
    Published: December 05, 2025; 10:15:51 AM -0500

Created September 20, 2022 , Updated August 27, 2024