NVD

Icon for New NVD Communications and Status Updates Page

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Legal Disclaimer:

Here is where you can read the NVD legal disclaimer.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2026-31973 - SAMtools is a program for reading, manipulating and writing bioinformatics file formats. Starting in version 1.17, in the cram-size command, used to write information about how well CRAM files are compressed, a check to see if the `cram_decode_com... read CVE-2026-31973
Published: March 18, 2026; 5:16:26 PM -0400

V3.1: 7.5 HIGH
CVE-2026-31998 - OpenClaw versions 2026.2.22 and 2026.2.23 contain an authorization bypass vulnerability in the synology-chat channel plugin where dmPolicy set to allowlist with empty allowedUserIds fails open. Attackers with Synology sender access can bypass auth... read CVE-2026-31998
Published: March 18, 2026; 10:16:05 PM -0400

V3.1: 9.8 CRITICAL
CVE-2026-31999 - OpenClaw versions 2026.2.26 prior to 2026.3.1 on Windows contain a current working directory injection vulnerability in wrapper resolution for .cmd/.bat files that allows attackers to influence execution behavior through cwd manipulation. Remote a... read CVE-2026-31999
Published: March 18, 2026; 10:16:05 PM -0400

V3.1: 7.8 HIGH
CVE-2026-32000 - OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in the Lobster extension tool execution that uses Windows shell fallback with shell: true after spawn failures. Attackers can inject shell metacharacters in command arg... read CVE-2026-32000
Published: March 18, 2026; 10:16:05 PM -0400

V3.1: 7.8 HIGH
CVE-2026-32321 - ClipBucket v5 is an open source video sharing platform. An authenticated time-based blind SQL injection vulnerability exists in ClipBucket prior to 5.5.3 #80 within the `actions/ajax.php` endpoint. Due to insufficient input sanitization of the `us... read CVE-2026-32321
Published: March 18, 2026; 5:16:26 PM -0400
CVE-2024-42210 - A Stored cross-site scripting (XSS) vulnerability affects HCL Unica Marketing Operations v12.1.8 and lower. Stored cross-site scripting (also known as second-order or persistent XSS) arises when an application receives data from an untrusted sour... read CVE-2024-42210
Published: March 19, 2026; 4:16:18 AM -0400

V3.1: 5.4 MEDIUM
CVE-2026-21788 - HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code. This may allow the at... read CVE-2026-21788
Published: March 19, 2026; 5:16:16 AM -0400
CVE-2026-32636 - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-17 and 6.9.13-42, the NewXMLTree method contains a bug that could result in a crash due to an out of write bounds of a single zero byte. ... read CVE-2026-32636
Published: March 18, 2026; 5:16:26 PM -0400

V3.1: 7.5 HIGH
CVE-2006-10002 - XML::Parser versions through 2.47 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes. A :utf8 PerlIO layer, parse_stream() in Expat.xs could overflow the XML input buffer because ... read CVE-2006-10002
Published: March 19, 2026; 8:16:16 AM -0400

V3.1: 7.5 HIGH
CVE-2006-10003 - XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack. In the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will be written at location (++stackptr), which equa... read CVE-2006-10003
Published: March 19, 2026; 8:16:17 AM -0400

V3.1: 9.8 CRITICAL
CVE-2026-32638 - StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.4, the REST API `getUsers` endpoint in StudioCMS uses the attacker-controlled `rank` query parameter to decide whether owner accounts should be fil... read CVE-2026-32638
Published: March 18, 2026; 5:16:26 PM -0400
CVE-2026-32698 - OpenProject is an open-source, web-based project management software. Versions prior to 16.6.9, 17.0.6, 17.1.3, and 17.2.1 are vulnerable to an SQL injection attack via a custom field's name. When that custom field was used in a Cost Report, the c... read CVE-2026-32698
Published: March 18, 2026; 6:16:24 PM -0400

V3.1: 7.2 HIGH
CVE-2026-31994 - OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script generation due to unsafe handling of cmd metacharacters and expansion-sensitive characters in gateway.cmd files. Local attackers ... read CVE-2026-31994
Published: March 18, 2026; 10:16:04 PM -0400

V3.1: 7.8 HIGH
CVE-2026-31995 - OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a command injection vulnerability in the Lobster extension's Windows shell fallback mechanism that allows attackers to inject arbitrary commands through tool-provided arguments. When spawn fai... read CVE-2026-31995
Published: March 18, 2026; 10:16:04 PM -0400

V3.1: 7.0 HIGH
CVE-2026-32256 - music-metadata is a metadata parser for audio and video media files. Prior to version 11.12.3, music-metadata's ASF parser (`parseExtensionObject()` in `lib/asf/AsfParser.ts:112-158`) enters an infinite loop when a sub-object inside the ASF Header... read CVE-2026-32256
Published: March 18, 2026; 12:17:25 AM -0400
CVE-2026-32254 - Kube-router is a turnkey solution for Kubernetes networking. Prior to version 2.8.0, Kube-router's proxy module does not validate externalIPs or loadBalancer IPs before programming them into the node's network configuration. Version 2.8.0 contains... read CVE-2026-32254
Published: March 18, 2026; 12:17:24 AM -0400
CVE-2025-71220 - In the Linux kernel, the following vulnerability has been resolved: smb/server: call ksmbd_session_rpc_close() on error path in create_smb2_pipe() When ksmbd_iov_pin_rsp() fails, we should call ksmbd_session_rpc_close().
Published: February 14, 2026; 12:15:54 PM -0500

V3.1: 7.8 HIGH
CVE-2026-31996 - OpenClaw versions prior to 2026.2.19 tools.exec.safeBins contains an input validation bypass vulnerability that allows attackers to execute unintended filesystem operations through sort output flags or recursive grep flags. Attackers with command ... read CVE-2026-31996
Published: March 18, 2026; 10:16:04 PM -0400

V3.1: 7.1 HIGH
CVE-2025-71222 - In the Linux kernel, the following vulnerability has been resolved: wifi: wlcore: ensure skb headroom before skb_push This avoids occasional skb_under_panic Oops from wl1271_tx_work. In this case, headroom is less than needed (typically 110 - 94... read CVE-2025-71222
Published: February 14, 2026; 12:15:54 PM -0500

V3.1: 5.5 MEDIUM
CVE-2026-23187 - In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains Fix out-of-range access of bc->domains in imx8m_blk_ctrl_remove().
Published: February 14, 2026; 12:15:56 PM -0500

V3.1: 7.1 HIGH

Created September 20, 2022 , Updated August 27, 2024

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

Legal Disclaimer: