U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
Icon for New NVD Communications and Status Updates Page
New Communications Page
The NVD now supports CVSS version 4.0!
CVSS v4.0 Support
The letters N V D typed out in binary
2.0 APIs

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2025-13651 - Exposure of Sensitive System Information to an Unauthorized Actor vulnerability in Microcom ZeusWeb allows Web Application Fingerprinting of sensitive data. This issue affects ZeusWeb: 6.1.31.
    Published: February 11, 2026; 4:15:50 AM -0500

    V3.1: 7.5 HIGH

  • CVE-2025-36440 - IBM Concert 1.0.0 through 2.2.0 could allow a local user to obtain sensitive information due to missing function level access control.
    Published: March 25, 2026; 5:16:25 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2025-64646 - IBM Concert 1.0.0 through 2.2.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources.
    Published: March 25, 2026; 5:16:25 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2025-64647 - IBM Concert 1.0.0 through 2.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information
    Published: March 25, 2026; 5:16:25 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2025-64648 - IBM Concert 1.0.0 through 2.2.0 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques.
    Published: March 25, 2026; 5:16:25 PM -0400

    V3.1: 5.9 MEDIUM

  • CVE-2026-2973 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to execute arbitrary JavaScript in a user's browser due to im... read CVE-2026-2973
    Published: March 25, 2026; 1:16:58 PM -0400

  • CVE-2026-2995 - GitLab has remediated an issue in GitLab EE affecting all versions from 15.4 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to add email addresses to targeted user accounts due to improper... read CVE-2026-2995
    Published: March 25, 2026; 1:16:58 PM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2026-3988 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to cause a denial of service by making the GitLab instance ... read CVE-2026-3988
    Published: March 25, 2026; 1:17:09 PM -0400

  • CVE-2026-20607 - A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access protected user data.
    Published: March 24, 2026; 9:17:03 PM -0400

  • CVE-2026-20657 - The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5. Parsing a maliciously crafted file may lead to an unexpected app termination.
    Published: March 24, 2026; 9:17:04 PM -0400

  • CVE-2026-20695 - An information disclosure issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to determine kernel memory layout.
    Published: March 24, 2026; 9:17:06 PM -0400

  • CVE-2026-28816 - A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to delete files for which it does not have permission.
    Published: March 24, 2026; 9:17:06 PM -0400

  • CVE-2026-33215 - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server provides an MQTT client interface. Prior to versions 2.11.15 and 2.12.5, Sessions and Messages can by hijacked via MQTT Client ID malfe... read CVE-2026-33215
    Published: March 24, 2026; 5:16:28 PM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2026-33223 - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, the NATS message header `Nats-Request-Info:` is supposed to be a guarantee of identity by the NATS server, but th... read CVE-2026-33223
    Published: March 25, 2026; 5:16:47 PM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2026-33222 - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, users with JetStream admin API access to restore one stream could restore to other stream names, impacting data w... read CVE-2026-33222
    Published: March 25, 2026; 5:16:47 PM -0400

  • CVE-2026-33247 - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, if a nats-server is run with static credentials for all clients provided via argv (the command-line), then those ... read CVE-2026-33247
    Published: March 25, 2026; 4:16:33 PM -0400

    V3.1: 5.3 MEDIUM

  • CVE-2026-33246 - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server offers a `Nats-Request-Info:` message header, providing information about a request. This is supposed to provide enough information to ... read CVE-2026-33246
    Published: March 25, 2026; 4:16:33 PM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2026-33219 - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a malicious client which can connect to the WebSockets port can cause unbounded memory use in the nats-server bef... read CVE-2026-33219
    Published: March 25, 2026; 4:16:32 PM -0400

  • CVE-2026-33218 - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a client which can connect to the leafnode port can crash the nats-server with a certain malformed message pre-au... read CVE-2026-33218
    Published: March 25, 2026; 4:16:32 PM -0400

  • CVE-2026-33217 - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using ACLs on message subjects, these ACLs were not applied in the `$MQTT.>` namespace, allowing MQTT client... read CVE-2026-33217
    Published: March 25, 2026; 4:16:32 PM -0400

    V3.1: 6.5 MEDIUM

Created September 20, 2022 , Updated August 27, 2024