U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
Icon for New NVD Communications and Status Updates Page
New Communications Page
The NVD now supports CVSS version 4.0!
CVSS v4.0 Support
The letters N V D typed out in binary
2.0 APIs

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2021-32292 - An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buffer-overflow exists in the auxiliary sample program json_parse which is located in the function parseit.
    Published: August 22, 2023; 3:16:20 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2020-0618 - A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'.
    Published: February 11, 2020; 5:15:13 PM -0500

    V3.1: 8.8 HIGH
     V2.0: 6.5 MEDIUM

  • CVE-2019-7286 - A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. An application may be able to gain elevated privileges.
    Published: December 18, 2019; 1:15:22 PM -0500

    V3.1: 7.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2019-10149 - A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.
    Published: June 05, 2019; 10:29:11 AM -0400

    V3.1: 9.8 CRITICAL
     V2.0: 10.0 HIGH

  • CVE-2025-27659 - Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows SQL Injection OVE-20230524-0002.
    Published: March 05, 2025; 1:15:37 AM -0500

  • CVE-2025-27658 - Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Authentication Bypass OVE-20230524-0001.
    Published: March 05, 2025; 1:15:37 AM -0500

  • CVE-2025-27660 - Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Cross Site Scripting OVE-20230524-0003.
    Published: March 05, 2025; 1:15:38 AM -0500

  • CVE-2025-27661 - Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Session Fixation OVE-20230524-0004.
    Published: March 05, 2025; 1:15:38 AM -0500

  • CVE-2025-27637 - Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows Cross-Site Scripting V-2024-016.
    Published: March 05, 2025; 1:15:34 AM -0500

  • CVE-2025-27638 - Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows Hardcoded Password V-2024-013.
    Published: March 05, 2025; 1:15:35 AM -0500

  • CVE-2025-27639 - Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows Privilege Escalation V-2024-015.
    Published: March 05, 2025; 1:15:35 AM -0500

  • CVE-2025-27640 - Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows SQL Injection V-2024-012.
    Published: March 05, 2025; 1:15:35 AM -0500

  • CVE-2025-27641 - Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.951 Application 20.0.2368 allows Unauthenticated APIs for Single-Sign On V-2024-009.
    Published: March 05, 2025; 1:15:35 AM -0500

  • CVE-2025-27671 - Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Device Impersonation OVE-20230524-0015.
    Published: March 05, 2025; 1:15:39 AM -0500

  • CVE-2025-27642 - Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Unauthenticated Driver Package Editing V-2024-008.
    Published: March 05, 2025; 1:15:35 AM -0500

  • CVE-2025-27643 - Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Hardcoded AWS API Key V-2024-006.
    Published: March 05, 2025; 1:15:35 AM -0500

  • CVE-2025-27644 - Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Local Privilege Escalation V-2024-007.
    Published: March 05, 2025; 1:15:35 AM -0500

  • CVE-2025-27645 - Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Insecure Extension Installation by Trusting HTTP Permission Methods on the Server Side V-2024-005.
    Published: March 05, 2025; 1:15:36 AM -0500

  • CVE-2025-27646 - Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.913 Application 20.0.2253 allows Edit User Account Exposure V-2024-001.
    Published: March 05, 2025; 1:15:36 AM -0500

  • CVE-2025-27647 - Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.913 Application 20.0.2253 allows Addition of Partial Admin Users Without Authentication V-2024-002.
    Published: March 05, 2025; 1:15:36 AM -0500

Created September 20, 2022 , Updated August 27, 2024