U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
Icon for NVD Communications and Status Updates Page
Communications Page
The NVD now supports CVSS version 4.0!
CVSS v4.0 Support
The letters N V D typed out in binary
2.0 APIs

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2026-44353 - Streamlink is a CLI utility which pipes video streams from various services into a video player. Prior to 8.4.0, Streamlink's HLS and DASH parsers do not validate the URI scheme of segment entries and other resources. A remote .m3u8 HLS playlist o... read CVE-2026-44353
    Published: May 27, 2026; 1:16:38 PM -0400

  • CVE-2025-13593 - Origin validation error vulnerability in Synology ActiveProtect Agent before 1.1.0-0439 allows local users to write arbitrary files with restricted content when installing.
    Published: May 27, 2026; 5:16:26 AM -0400

    V3.1: 5.0 MEDIUM

  • CVE-2025-66592 - An origin validation error vulnerability in Synology Active Backup for Business Agent before 3.1.0-4967 allows local users to write arbitrary files with restricted content during installation.
    Published: May 27, 2026; 5:16:27 AM -0400

    V3.1: 5.0 MEDIUM

  • CVE-2025-66593 - An origin validation error vulnerability in Synology Assistant before 7.0.6-50085 allows local users to write arbitrary files with restricted content during installation.
    Published: May 27, 2026; 5:16:27 AM -0400

    V3.1: 5.0 MEDIUM

  • CVE-2026-2237 - A use of get request method with sensitive query strings vulnerability in volume encryption of Synology Storage Manager package before 1.0.1-1100 allows local attackers to obtain sensitive information.
    Published: May 27, 2026; 5:16:27 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2024-21182 - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network ... read CVE-2024-21182
    Published: July 16, 2024; 7:15:22 PM -0400

  • CVE-2026-9759 - ROHC protocol dissector crash in Wireshark 4.6.0 to 4.6.5 and 4.4.0 to 4.4.15 allows denial of service
    Published: May 27, 2026; 4:16:46 PM -0400

  • CVE-2025-41265 - Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenti... read CVE-2025-41265
    Published: May 29, 2026; 8:16:21 AM -0400

    V3.1: 7.2 HIGH

  • CVE-2025-41266 - Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenti... read CVE-2025-41266
    Published: May 29, 2026; 8:16:22 AM -0400

    V3.1: 7.2 HIGH

  • CVE-2025-41267 - Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenti... read CVE-2025-41267
    Published: May 29, 2026; 8:16:22 AM -0400

    V3.1: 7.2 HIGH

  • CVE-2025-41268 - Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Administration WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to delete arbitrary files on the Host mac... read CVE-2025-41268
    Published: May 29, 2026; 8:16:23 AM -0400

    V3.1: 9.1 CRITICAL

  • CVE-2025-41269 - Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthe... read CVE-2025-41269
    Published: May 29, 2026; 8:16:23 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2025-41270 - Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthe... read CVE-2025-41270
    Published: May 29, 2026; 8:16:23 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2025-41271 - Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to read arbitrary files from the device.
    Published: May 29, 2026; 8:16:23 AM -0400

    V3.1: 7.5 HIGH

  • CVE-2025-41272 - Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthe... read CVE-2025-41272
    Published: May 29, 2026; 8:16:23 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2025-41273 - Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to bypass auth... read CVE-2025-41273
    Published: May 29, 2026; 8:16:23 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2025-41274 - Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthe... read CVE-2025-41274
    Published: May 29, 2026; 8:16:23 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2025-41275 - Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthe... read CVE-2025-41275
    Published: May 29, 2026; 8:16:23 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2025-41276 - Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthe... read CVE-2025-41276
    Published: May 29, 2026; 8:16:24 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2025-41277 - Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthe... read CVE-2025-41277
    Published: May 29, 2026; 8:16:24 AM -0400

    V3.1: 9.8 CRITICAL

Created September 20, 2022 , Updated August 27, 2024