NVD

Icon for New NVD Communications and Status Updates Page

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Legal Disclaimer:

Here is where you can read the NVD legal disclaimer.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2026-22709 - vm2 is an open source vm/sandbox for Node.js. In vm2 prior to version 3.10.2, `Promise.prototype.then` `Promise.prototype.catch` callback sanitization can be bypassed. This allows attackers to escape the sandbox and run arbitrary code. In lib/setu... read CVE-2026-22709
Published: January 26, 2026; 5:15:55 PM -0500
CVE-2026-24003 - EVerest is an EV charging software stack. In versions up to and including 2025.12.1, it is possible to bypass the sequence state verification including authentication, and send requests that transition to forbidden states relative to the current o... read CVE-2026-24003
Published: January 26, 2026; 5:15:56 PM -0500

V3.1: 5.3 MEDIUM
CVE-2026-24476 - Shaarli is a personal bookmarking service. Prior to version 0.16.0, crafting a malicious tag which starting with `"` prematurely ends the `<input>` tag on the start page and allows an attacker to add arbitrary html leading to a possible XSS attack... read CVE-2026-24476
Published: January 26, 2026; 6:16:09 PM -0500

V3.1: 5.4 MEDIUM
CVE-2026-24486 - Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options `UPLOAD_DIR` and `UPLOAD_KEEP_FILENAME=True`. An attacker can write uploaded f... read CVE-2026-24486
Published: January 26, 2026; 8:16:02 PM -0500

V3.1: 7.5 HIGH
CVE-2026-20628 - A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An ... read CVE-2026-20628
Published: February 11, 2026; 6:16:06 PM -0500
CVE-2026-20671 - A logic issue was addressed with improved checks. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An attacker in a ... read CVE-2026-20671
Published: February 11, 2026; 6:16:09 PM -0500
CVE-2020-37200 - NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration key input that allows attackers to crash the application by supplying oversized input. Attackers can generate a 1000-character payload and paste it into the regis... read CVE-2020-37200
Published: February 11, 2026; 4:16:14 PM -0500

V3.1: 7.5 HIGH
CVE-2021-47723 - STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge... read CVE-2021-47723
Published: December 09, 2025; 4:15:50 PM -0500

V3.1: 8.8 HIGH
CVE-2026-24490 - MobSF is a mobile application security testing tool used. Prior to version 4.4.5, a Stored Cross-site Scripting (XSS) vulnerability in MobSF's Android manifest analysis allows an attacker to execute arbitrary JavaScript in the context of a victim'... read CVE-2026-24490
Published: January 26, 2026; 8:16:02 PM -0500

V3.1: 4.8 MEDIUM
CVE-2020-37201 - NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration name input that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an applic... read CVE-2020-37201
Published: February 11, 2026; 4:16:14 PM -0500

V3.1: 7.5 HIGH
CVE-2026-1361 - ASDA-Soft Stack-based Buffer Overflow Vulnerability
Published: January 26, 2026; 11:16:03 PM -0500

V3.1: 9.8 CRITICAL
CVE-2026-26020 - AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to 0.6.48, an authenticated user could achieve Remote Code Execution (RCE) on the backend server... read CVE-2026-26020
Published: February 12, 2026; 4:16:03 PM -0500

V3.1: 8.8 HIGH
CVE-2026-20675 - The issue was addressed with improved bounds checks. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. Processing a m... read CVE-2026-20675
Published: February 11, 2026; 6:16:09 PM -0500

V3.1: 5.5 MEDIUM
CVE-2026-21720 - Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three seconds, the handler times out and stops listening for the result, so that goroutine block... read CVE-2026-21720
Published: January 27, 2026; 4:15:48 AM -0500
CVE-2025-62616 - AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in SendDiscordFileBlock, the third-party library aiohttp.Clien... read CVE-2025-62616
Published: February 04, 2026; 6:15:55 PM -0500

V3.1: 9.8 CRITICAL
CVE-2026-24793 - Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in azerothcore azerothcore-wotlk (deps/zlib modules). This vulnerability is associated with program files inflate.C. This issue affects azer... read CVE-2026-24793
Published: January 27, 2026; 4:15:48 AM -0500

V3.1: 9.8 CRITICAL
CVE-2024-8499 - The Checkout Field Editor (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘render_review_request_notice’ function in all versions up to, and including, 2.0.3 due to insufficient input... read CVE-2024-8499
Published: October 04, 2024; 9:15:12 AM -0400

V3.1: 6.1 MEDIUM
CVE-2026-24811 - Vulnerability in root-project root (builtins/zlib modules). This vulnerability is associated with program files inffast.C. This issue affects root.
Published: January 27, 2026; 4:15:51 AM -0500

V3.1: 9.8 CRITICAL
CVE-2025-62615 - AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in RSSFeedBlock, the third-party library urllib.request.urlope... read CVE-2025-62615
Published: February 04, 2026; 6:15:55 PM -0500

V3.1: 9.8 CRITICAL
CVE-2021-41773 - A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directo... read CVE-2021-41773
Published: October 05, 2021; 5:15:07 AM -0400

V3.1: 9.8 CRITICAL
V2.0: 4.3 MEDIUM

Created September 20, 2022 , Updated August 27, 2024

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

Legal Disclaimer: