U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
Icon for New NVD Communications and Status Updates Page
New Communications Page
The NVD now supports CVSS version 4.0!
CVSS v4.0 Support
The letters N V D typed out in binary
2.0 APIs

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2025-66698 - An issue in Semantic machines v5.4.8 allows attackers to bypass authentication via sending a crafted HTTP request to various API endpoints.
    Published: January 13, 2026; 11:15:55 AM -0500

  • CVE-2026-25051 - n8n is an open source workflow automation platform. Prior to version 1.123.2, a Cross-Site Scripting (XSS) vulnerability has been identified in the handling of webhook responses and related HTTP endpoints. Under certain conditions, the Content Sec... read CVE-2026-25051
    Published: February 04, 2026; 12:16:22 PM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2026-25049 - n8n is an open source workflow automation platform. Prior to versions 1.123.17 and 2.5.2, an authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system comma... read CVE-2026-25049
    Published: February 04, 2026; 12:16:22 PM -0500

    V3.1: 9.9 CRITICAL

  • CVE-2026-1196 - A security vulnerability has been detected in MineAdmin 1.x/2.x. Affected is an unknown function of the file /system/getFileInfoById. Such manipulation of the argument ID leads to information disclosure. It is possible to launch the attack remotel... read CVE-2026-1196
    Published: January 19, 2026; 8:15:56 PM -0500

    V3.1: 5.3 MEDIUM

  • CVE-2025-36353 - IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic.
    Published: January 30, 2026; 5:15:53 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2026-1195 - A weakness has been identified in MineAdmin 1.x/2.x. This impacts the function refresh of the file /system/refresh of the component JWT Token Handler. This manipulation causes insufficient verification of data authenticity. It is possible to initi... read CVE-2026-1195
    Published: January 19, 2026; 8:15:56 PM -0500

    V3.1: 7.5 HIGH

  • CVE-2025-36184 - IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 could allow an instance owner to execute malicious code that escalate their privileges to root due to execution of unnecessary privileges operated at a higher than m... read CVE-2025-36184
    Published: January 30, 2026; 5:15:53 PM -0500

    V3.1: 7.2 HIGH

  • CVE-2026-1194 - A security flaw has been discovered in MineAdmin 1.x/2.x. This affects an unknown function of the component Swagger. The manipulation results in information disclosure. The attack may be performed from remote. The exploit has been released to the ... read CVE-2026-1194
    Published: January 19, 2026; 7:15:48 PM -0500

    V3.1: 7.5 HIGH

  • CVE-2026-1193 - A vulnerability was identified in MineAdmin 1.x/2.x. The impacted element is an unknown function of the file /system/cache/view of the component View Interface. The manipulation leads to improper authorization. The attack is possible to be carried... read CVE-2026-1193
    Published: January 19, 2026; 6:16:03 PM -0500

    V3.1: 8.8 HIGH

  • CVE-2025-36123 - IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow a local user to cause a denial of service when copying large table containing XML data due to improper allocation of system resources.
    Published: January 30, 2026; 5:15:53 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2025-36098 - IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service due to improper allocation of resources.
    Published: January 30, 2026; 5:15:53 PM -0500

    V3.1: 6.5 MEDIUM

  • CVE-2025-36070 - IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a denial of service as a trap may occur when selecting from certain types of tables.
    Published: January 30, 2026; 5:15:53 PM -0500

    V3.1: 7.5 HIGH

  • CVE-2025-36001 - IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service using a specially crafted SQL statement including XML that performs uncontrolled r... read CVE-2025-36001
    Published: January 30, 2026; 5:15:53 PM -0500

    V3.1: 6.5 MEDIUM

  • CVE-2025-2668 - IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 is vulnerable to a denial of service as the server may crash when an authenticated user creates a specially crafted query.
    Published: January 30, 2026; 5:15:52 PM -0500

    V3.1: 6.5 MEDIUM

  • CVE-2026-1134 - A vulnerability was identified in itsourcecode Society Management System 1.0. This affects an unknown function of the file /admin/expenses.php. The manipulation of the argument detail leads to cross site scripting. The attack may be initiated remo... read CVE-2026-1134
    Published: January 18, 2026; 11:15:58 PM -0500

    V3.1: 6.1 MEDIUM

  • CVE-2026-1179 - A vulnerability was detected in Yonyou KSOA 9.0. This affects an unknown part of the file /kmf/user_popedom.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument folderid results in sql injection. The attack can be laun... read CVE-2026-1179
    Published: January 19, 2026; 6:16:02 PM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2025-36407 - IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic.
    Published: January 30, 2026; 5:15:54 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2025-36387 - IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 - 11.5.9 could allow an authenticated user to cause a denial of service when given specially crafted query.
    Published: January 30, 2026; 5:15:54 PM -0500

    V3.1: 6.5 MEDIUM

  • CVE-2025-36384 - IBM Db2 for Windows 12.1.0 - 12.1.3 could allow a local user with filesystem access to escalate their privileges due to the use of an unquoted search path element.
    Published: January 30, 2026; 5:15:54 PM -0500

    V3.1: 7.8 HIGH

  • CVE-2025-36366 - IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service by executing a query that invokes the JSON_Object scalar function, which may trigger an unhandled exception leading to abnormal serve... read CVE-2025-36366
    Published: January 30, 2026; 5:15:54 PM -0500

Created September 20, 2022 , Updated August 27, 2024