U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
Icon for New NVD Communications and Status Updates Page
New Communications Page
The NVD now supports CVSS version 4.0!
CVSS v4.0 Support
The letters N V D typed out in binary
2.0 APIs

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2026-3384 - A security vulnerability has been detected in ChaiScript up to 6.1.0. This impacts the function chaiscript::eval::AST_Node_Impl::eval/chaiscript::eval::Function_Push_Pop of the file include/chaiscript/language/chaiscript_eval.hpp. The manipulation... read CVE-2026-3384
    Published: March 01, 2026; 3:15:57 AM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2026-3383 - A weakness has been identified in ChaiScript up to 6.1.0. This affects the function chaiscript::Boxed_Number::go of the file include/chaiscript/dispatchkit/boxed_number.hpp. Executing a manipulation can lead to divide by zero. The attack requires ... read CVE-2026-3383
    Published: March 01, 2026; 2:15:59 AM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2026-3382 - A security flaw has been discovered in ChaiScript up to 6.1.0. The impacted element is the function chaiscript::Boxed_Number::get_as of the file include/chaiscript/dispatchkit/boxed_number.hpp. Performing a manipulation results in memory corruptio... read CVE-2026-3382
    Published: March 01, 2026; 1:15:58 AM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2019-25501 - Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the app_id parameter. Attackers can send POST requests to delete_application_ajax.php with craft... read CVE-2019-25501
    Published: March 04, 2026; 1:16:08 PM -0500

    V3.1: 8.2 HIGH

  • CVE-2026-27596 - Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found in Exiv2. The vulnerability is in the preview component, which is ... read CVE-2026-27596
    Published: March 02, 2026; 3:16:27 PM -0500

    V3.1: 7.5 HIGH

  • CVE-2019-25502 - Simple Job Script contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the job_type_value parameter in the jobs endpoint. Attackers can craft requests with SVG payload inje... read CVE-2019-25502
    Published: March 04, 2026; 1:16:08 PM -0500

    V3.1: 6.1 MEDIUM

  • CVE-2026-26949 - Dell Device Management Agent (DDMA), versions prior to 26.02, contain an Incorrect Authorization vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
    Published: March 04, 2026; 1:16:29 PM -0500

    V3.1: 7.8 HIGH

  • CVE-2026-28434 - cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, when a request handler throws a C++ exception and the application has not registered a custom exception handler via set_exception_handler(), the lib... read CVE-2026-28434
    Published: March 04, 2026; 3:16:19 PM -0500

  • CVE-2026-3536 - Integer overflow in ANGLE in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical)
    Published: March 04, 2026; 3:16:20 PM -0500

    V3.1: 8.8 HIGH

  • CVE-2026-28435 - cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, cpp-httplib (httplib.h) does not enforce Server::set_payload_max_length() on the decompressed request body when using HandlerWithContentReader (stre... read CVE-2026-28435
    Published: March 04, 2026; 3:16:19 PM -0500

  • CVE-2026-3537 - Object lifecycle issue in PowerVR in Google Chrome on Android prior to 145.0.7632.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
    Published: March 04, 2026; 3:16:20 PM -0500

    V3.1: 8.8 HIGH

  • CVE-2026-3538 - Integer overflow in Skia in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical)
    Published: March 04, 2026; 3:16:20 PM -0500

    V3.1: 8.8 HIGH

  • CVE-2026-3539 - Object lifecycle issue in DevTools in Google Chrome prior to 145.0.7632.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severit... read CVE-2026-3539
    Published: March 04, 2026; 3:16:20 PM -0500

  • CVE-2026-26196 - Gogs is an open source self-hosted Git service. Prior to version 0.14.2, gogs api still accepts tokens in url params like token and access_token, which can leak through logs, browser history, and referrers. This issue has been patched in version 0... read CVE-2026-26196
    Published: March 05, 2026; 2:16:04 PM -0500

    V3.1: 5.3 MEDIUM

  • CVE-2026-26276 - Gogs is an open source self-hosted Git service. Prior to version 0.14.2, an attacker can store an HTML/JavaScript payload in a repository’s Milestone name, and when another user selects that Milestone on the New Issue page (/issues/new), a DOM-Bas... read CVE-2026-26276
    Published: March 05, 2026; 2:16:04 PM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2025-66319 - Permission control vulnerability in the resource scheduling module. Impact: Successful exploitation of this vulnerability may affect service integrity.
    Published: March 05, 2026; 3:15:56 AM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2026-28537 - Double free vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect availability.
    Published: March 05, 2026; 3:15:58 AM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2026-3545 - Insufficient data validation in Navigation in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
    Published: March 04, 2026; 3:16:21 PM -0500

  • CVE-2026-3540 - Inappropriate implementation in WebAudio in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
    Published: March 04, 2026; 3:16:21 PM -0500

  • CVE-2026-3541 - Inappropriate implementation in CSS in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
    Published: March 04, 2026; 3:16:21 PM -0500

Created September 20, 2022 , Updated August 27, 2024