U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
Icon for New NVD Communications and Status Updates Page
New Communications Page
The NVD now supports CVSS version 4.0!
CVSS v4.0 Support
The letters N V D typed out in binary
2.0 APIs

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2021-47765 - AbsoluteTelnet 11.24 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating username and error report fields. Attackers can trigger the crash by inserting 1000 characters into the username o... read CVE-2021-47765
    Published: January 15, 2026; 11:16:07 AM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2021-47764 - AbsoluteTelnet 11.24 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating DialUp connection and license name fields. Attackers can generate a 1000-character payload and paste it into speci... read CVE-2021-47764
    Published: January 15, 2026; 11:16:07 AM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2021-47769 - Isshue Shopping Cart 3.5 contains a persistent cross-site scripting vulnerability in title input fields across stock, customer, and invoice modules. Attackers with privileged user accounts can inject malicious scripts that execute on preview, pote... read CVE-2021-47769
    Published: January 15, 2026; 11:16:08 AM -0500

    V3.1: 4.8 MEDIUM

  • CVE-2023-53894 - phpfm 1.7.9 contains an authentication bypass vulnerability that allows attackers to log in by exploiting loose type comparison in password hash validation. Attackers can craft specific password hashes beginning with 0e or 00e to bypass authentica... read CVE-2023-53894
    Published: December 16, 2025; 12:16:01 PM -0500

  • CVE-2021-47780 - Macro Expert 4.7 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the improperly configured service path to inject malicious execut... read CVE-2021-47780
    Published: January 15, 2026; 7:16:21 PM -0500

    V3.1: 7.8 HIGH

  • CVE-2021-47805 - Disk Savvy 13.6.14 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in service binaries to inject malici... read CVE-2021-47805
    Published: January 15, 2026; 7:16:25 PM -0500

    V3.1: 7.8 HIGH

  • CVE-2025-66686 - A stored Cross-Site Scripting (XSS) vulnerability exists in Perch CMS version 3.2. An authenticated attacker with administrative privileges can inject malicious JavaScript code into the “Help button url” setting within the admin panel. The injecte... read CVE-2025-66686
    Published: January 07, 2026; 12:16:01 PM -0500

  • CVE-2025-66838 - In Aris v10.0.23.0.3587512 and before, the file upload functionality does not enforce any rate limiting or throttling, allowing users to upload files at an unrestricted rate. An attacker can exploit this behavior to rapidly upload a large volume o... read CVE-2025-66838
    Published: January 07, 2026; 11:15:51 AM -0500

  • CVE-2025-66837 - A file upload vulnerability in ARIS 10.0.23.0.3587512 allows attackers to execute arbitrary code via uploading a crafted PDF file/Malware
    Published: January 07, 2026; 12:16:01 PM -0500

  • CVE-2025-46070 - An issue in Automai BotManager v.25.2.0 allows a remote attacker to execute arbitrary code via the BotManager.exe component
    Published: January 12, 2026; 12:15:51 PM -0500

  • CVE-2025-46068 - An issue in Automai Director v.25.2.0 allows a remote attacker to execute arbitrary code via the update mechanism
    Published: January 12, 2026; 12:15:51 PM -0500

  • CVE-2025-46067 - An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges and obtain sensitive information via a crafted js file
    Published: January 12, 2026; 12:15:50 PM -0500

  • CVE-2025-46066 - An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges
    Published: January 12, 2026; 12:15:50 PM -0500

  • CVE-2024-51539 - The Dell Secure Connect Gateway (SCG) Application and Appliance, versions prior to 5.28, contains a SQL injection vulnerability due to improper neutralization of special elements used in an SQL command. This vulnerability can only be exploited loc... read CVE-2024-51539
    Published: February 25, 2025; 9:15:31 AM -0500

  • CVE-2025-15455 - A flaw has been found in bg5sbk MiniCMS up to 1.8. Impacted is the function delete_page of the file /minicms/mc-admin/page.php of the component File Recovery Request Handler. This manipulation causes improper authentication. The attack is possible... read CVE-2025-15455
    Published: January 04, 2026; 11:15:41 PM -0500

    V3.1: 6.5 MEDIUM

  • CVE-2025-31964 - Improper service binding configuration in internal service components in HCL BigFix IVR version 4.2 allows a privileged attacker to impact service availability via exposure of administrative services bound to external network interfaces instead of... read CVE-2025-31964
    Published: January 07, 2026; 7:17:01 AM -0500

    V3.1: 4.9 MEDIUM

  • CVE-2021-47794 - ZesleCP 3.1.9 contains an authenticated remote code execution vulnerability that allows attackers to create malicious FTP accounts with shell injection payloads. Attackers can exploit the FTP account creation endpoint by injecting a reverse shell ... read CVE-2021-47794
    Published: January 15, 2026; 7:16:23 PM -0500

    V3.1: 8.8 HIGH

  • CVE-2024-31771 - Insecure Permission vulnerability in TotalAV v.6.0.740 allows a local attacker to escalate privileges via a crafted file
    Published: May 14, 2024; 11:25:42 AM -0400

  • CVE-2021-47815 - Nsauditor 3.2.3 contains a denial of service vulnerability in the registration code input field that allows attackers to crash the application. Attackers can paste a large buffer of 256 repeated characters into the 'Key' field to trigger an applic... read CVE-2021-47815
    Published: January 15, 2026; 7:16:27 PM -0500

    V3.1: 7.5 HIGH

  • CVE-2024-27460 - A privilege escalation exists in the updater for Plantronics Hub 3.25.1 and below.
    Published: May 14, 2024; 11:12:33 AM -0400

Created September 20, 2022 , Updated August 27, 2024