NVD

Icon for New NVD Communications and Status Updates Page

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Legal Disclaimer:

Here is where you can read the NVD legal disclaimer.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2026-33476 - SiYuan is a personal knowledge management system. Prior to version 3.6.2, the Siyuan kernel exposes an unauthenticated file-serving endpoint under `/appearance/*filepath.` Due to improper path sanitization, attackers can perform directory traversa... read CVE-2026-33476
Published: March 20, 2026; 7:16:48 PM -0400
CVE-2026-32002 - OpenClaw versions prior to 2026.2.23 contain a sandbox bypass vulnerability in the sandboxed image tool that fails to enforce tools.fs.workspaceOnly restrictions on mounted sandbox paths, allowing attackers to read out-of-workspace files. Attacker... read CVE-2026-32002
Published: March 19, 2026; 6:16:32 PM -0400

V3.1: 6.5 MEDIUM
CVE-2026-33194 - SiYuan is a personal knowledge management system. Prior to version 3.6.2, the `IsSensitivePath()` function in `kernel/util/path.go` uses a denylist approach that was recently expanded (GHSA-h5vh-m7fg-w5h6, commit 9914fd1) but remains incomplete. M... read CVE-2026-33194
Published: March 20, 2026; 7:16:45 PM -0400
CVE-2026-32001 - OpenClaw versions prior to 2026.2.22 contain an authentication bypass vulnerability that allows clients authenticated with a shared gateway token to connect as role=node without device identity verification. Attackers can exploit this by claiming ... read CVE-2026-32001
Published: March 19, 2026; 6:16:32 PM -0400

V3.1: 5.4 MEDIUM
CVE-2026-33203 - SiYuan is a personal knowledge management system. Prior to version 3.6.2, the SiYuan kernel WebSocket server accepts unauthenticated connections when a specific "auth keepalive" query parameter is present. After connection, incoming messages are p... read CVE-2026-33203
Published: March 20, 2026; 7:16:45 PM -0400
CVE-2026-32818 - Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, the forum module in Admidio does not verify whether the current user has permission to delete forum topics or posts. Both the topic_delete and post_delete actions... read CVE-2026-32818
Published: March 19, 2026; 7:16:44 PM -0400
CVE-2026-33171 - Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.14 and 6.7.0, authenticated Control Panel users could read arbitrary `.json`, `.yaml`, and `.csv` files from the server by manipulating the file dictiona... read CVE-2026-33171
Published: March 20, 2026; 6:16:28 PM -0400
CVE-2026-33172 - Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.14 and 6.7.0, a stored XSS vulnerability in SVG asset reuploads allows authenticated users with asset upload permissions to bypass SVG sanitization and i... read CVE-2026-33172
Published: March 20, 2026; 6:16:28 PM -0400
CVE-2026-33177 - Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.14 and 6.7.0, low-privileged Control Panel users could create taxonomy terms by submitting requests to the field action processing endpoint with attacker... read CVE-2026-33177
Published: March 20, 2026; 6:16:29 PM -0400
CVE-2026-33064 - Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Versions prior to 1.4.2 are vulnerable to procedure panic caused by Nil Pointer Dereference in the /sdm-subscriptions endpoint. A remote attacker can ... read CVE-2026-33064
Published: March 20, 2026; 4:16:12 AM -0400

V3.1: 7.5 HIGH
CVE-2023-53552 - In the Linux kernel, the following vulnerability has been resolved: drm/i915: mark requests for GuC virtual engines to avoid use-after-free References to i915_requests may be trapped by userspace inside a sync_file or dmabuf (dma-resv) and held ... read CVE-2023-53552
Published: October 04, 2025; 12:15:50 PM -0400

V3.1: 7.8 HIGH
CVE-2023-53549 - In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Rework long task execution when adding/deleting entries When adding/deleting large number of elements in one step in ipset, it can take a reasonable amount of ... read CVE-2023-53549
Published: October 04, 2025; 12:15:50 PM -0400

V3.1: 5.5 MEDIUM
CVE-2023-53579 - In the Linux kernel, the following vulnerability has been resolved: gpio: mvebu: fix irq domain leak Uwe Kleine-König pointed out we still have one resource leak in the mvebu driver triggered on driver detach. Let's address it with a custom devm... read CVE-2023-53579
Published: October 04, 2025; 12:15:53 PM -0400

V3.1: 5.5 MEDIUM
CVE-2023-53577 - In the Linux kernel, the following vulnerability has been resolved: bpf, cpumap: Make sure kthread is running before map update returns The following warning was reported when running stress-mode enabled xdp_redirect_cpu with some RT threads: ... read CVE-2023-53577
Published: October 04, 2025; 12:15:53 PM -0400

V3.1: 7.8 HIGH
CVE-2023-53576 - In the Linux kernel, the following vulnerability has been resolved: null_blk: Always check queue mode setting from configfs Make sure to check device queue mode in the null_validate_conf() and return error for NULL_Q_RQ as we don't allow legacy ... read CVE-2023-53576
Published: October 04, 2025; 12:15:53 PM -0400

V3.1: 5.5 MEDIUM
CVE-2023-53555 - In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: initialize damo_filter->list from damos_new_filter() damos_new_filter() is not initializing the list field of newly allocated filter object. However, DAMON sysfs... read CVE-2023-53555
Published: October 04, 2025; 12:15:50 PM -0400

V3.1: 5.5 MEDIUM
CVE-2023-53553 - In the Linux kernel, the following vulnerability has been resolved: HID: hyperv: avoid struct memcpy overrun warning A previous patch addressed the fortified memcpy warning for most builds, but I still see this one with gcc-9: In file included ... read CVE-2023-53553
Published: October 04, 2025; 12:15:50 PM -0400

V3.1: 5.5 MEDIUM
CVE-2023-53554 - In the Linux kernel, the following vulnerability has been resolved: staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() The "exc->key_len" is a u16 that comes from the user. If it's over IW_ENCODING_TOKEN_MAX (64) that could ... read CVE-2023-53554
Published: October 04, 2025; 12:15:50 PM -0400

V3.1: 7.8 HIGH
CVE-2023-53535 - In the Linux kernel, the following vulnerability has been resolved: net: bcmgenet: Add a check for oversized packets Occasionnaly we may get oversized packets from the hardware which exceed the nomimal 2KiB buffer size we allocate SKBs with. Add... read CVE-2023-53535
Published: October 04, 2025; 12:15:48 PM -0400

V3.1: 5.5 MEDIUM
CVE-2023-53537 - In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid use-after-free for cached IPU bio xfstest generic/019 reports a bug: kernel BUG at mm/filemap.c:1619! RIP: 0010:folio_end_writeback+0x8a/0x90 Call Trace: en... read CVE-2023-53537
Published: October 04, 2025; 12:15:48 PM -0400

V3.1: 7.8 HIGH

Created September 20, 2022 , Updated August 27, 2024

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

Legal Disclaimer: