U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
Icon for NVD Communications and Status Updates Page
Communications Page
The NVD now supports CVSS version 4.0!
CVSS v4.0 Support
The letters N V D typed out in binary
2.0 APIs

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2026-48858 - Server-Side Request Forgery (SSRF) vulnerability in Erlang/OTP ftp (ftp_internal module) allows FTP bounce attacks and SSRF via an unvalidated PASV response IP address. The ftp_internal:handle_ctrl_result/2 PASV handler (mode=passive, ipfamily=in... read CVE-2026-48858
    Published: June 10, 2026; 12:17:11 PM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2026-42907 - Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.
    Published: June 09, 2026; 1:17:10 PM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2026-47906 - Dreamweaver Desktop versions 21.7 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user... read CVE-2026-47906
    Published: June 09, 2026; 4:16:59 PM -0400

    V3.1: 8.6 HIGH

  • CVE-2026-47907 - Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside th... read CVE-2026-47907
    Published: June 09, 2026; 4:16:59 PM -0400

    V3.1: 6.3 MEDIUM

  • CVE-2026-47908 - Dreamweaver Desktop versions 21.7 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction i... read CVE-2026-47908
    Published: June 09, 2026; 4:16:59 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2026-47909 - Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside ... read CVE-2026-47909
    Published: June 09, 2026; 4:17:00 PM -0400

    V3.1: 6.3 MEDIUM

  • CVE-2026-47910 - Dreamweaver Desktop versions 21.7 and earlier are affected by an Incorrect Authorization vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside th... read CVE-2026-47910
    Published: June 09, 2026; 4:17:00 PM -0400

    V3.1: 6.3 MEDIUM

  • CVE-2026-47911 - Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interact... read CVE-2026-47911
    Published: June 09, 2026; 5:17:20 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2026-47912 - Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in... read CVE-2026-47912
    Published: June 09, 2026; 5:17:20 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2026-10143 - kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in SCRAM authentication handling that allows a malicious or machine-in-the-middle broker to freeze the client event loop by supplying an excessively large iteration count. In s... read CVE-2026-10143
    Published: June 10, 2026; 6:16:55 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2026-10142 - kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in the protocol parser that allows a malicious broker or machine-in-the-middle attacker to exhaust memory or hang connections by sending a crafted 4-byte frame length value wit... read CVE-2026-10142
    Published: June 10, 2026; 6:16:55 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2026-47913 - Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in... read CVE-2026-47913
    Published: June 09, 2026; 5:17:21 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2026-47914 - Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in... read CVE-2026-47914
    Published: June 09, 2026; 5:17:21 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2026-33113 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
    Published: June 09, 2026; 1:17:04 PM -0400

    V3.1: 6.1 MEDIUM

  • CVE-2026-34692 - Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript w... read CVE-2026-34692
    Published: June 09, 2026; 1:17:05 PM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2026-40376 - Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.
    Published: June 09, 2026; 1:17:06 PM -0400

    V3.1: 8.1 HIGH

  • CVE-2026-44805 - Use after free in Windows Network Controller (NC) Host Agent allows an authorized attacker to deny service locally.
    Published: June 09, 2026; 1:17:16 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2026-45648 - Stack-based buffer overflow in Active Directory Domain Services allows an authorized attacker to execute code over a network.
    Published: June 09, 2026; 1:17:31 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2026-42567 - Svelte is a performance oriented web framework. From version 5.51.5 to before version 5.55.7, an internal regex in the Svelte runtime can take exponential time to test in <svelte:element this={tag}></svelte:element>. This issue has been patched in... read CVE-2026-42567
    Published: June 09, 2026; 1:17:07 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2026-45653 - Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
    Published: June 09, 2026; 1:17:32 PM -0400

    V3.1: 7.0 HIGH

Created September 20, 2022 , Updated August 27, 2024