U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
Icon for New NVD Communications and Status Updates Page
New Communications Page
The NVD now supports CVSS version 4.0!
CVSS v4.0 Support
The letters N V D typed out in binary
2.0 APIs

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2026-4794 - Multiple cross-site scripting (XSS) vulnerabilities in PaperCut NG/MF before 25.0.10 allow authenticated administrator users to inject arbitrary web script or HTML code via different UI fields. This could be used to compromise other admininistrato... read CVE-2026-4794
    Published: March 30, 2026; 9:16:36 PM -0400

    V3.1: 4.8 MEDIUM

  • CVE-2026-5115 - The PaperCut NG/MF (specifically, the embedded application for Konica Minolta devices) is vulnerable to session hijacking. The PaperCut NG/MF Embedded application is a software interface that runs directly on the touch screen of a multi-function d... read CVE-2026-5115
    Published: March 30, 2026; 9:16:36 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2026-27655 - Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions Based on Mailboxes report.
    Published: April 03, 2026; 9:17:07 AM -0400

    V3.1: 4.8 MEDIUM

  • CVE-2026-32714 - SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the KeyCache class in scitokens was vulnerable to SQL Injection because it used Python's str.format() to construct SQL queries with user-supplied data (su... read CVE-2026-32714
    Published: March 30, 2026; 11:15:55 PM -0400

  • CVE-2026-32716 - SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the Enforcer incorrectly validates scope paths by using a simple prefix match (startswith). This allows a token with access to a specific path (e.g., /joh... read CVE-2026-32716
    Published: March 30, 2026; 11:15:57 PM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2025-43202 - This issue was addressed with improved memory handling. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6. Processing a file may lead to memory corruption.
    Published: April 02, 2026; 3:20:03 PM -0400

  • CVE-2025-43219 - The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6. Processing a maliciously crafted image may corrupt process memory.
    Published: April 02, 2026; 3:20:07 PM -0400

  • CVE-2025-43236 - A type confusion issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An attacker may be able to cause unexpected app termination.
    Published: April 02, 2026; 3:20:10 PM -0400

  • CVE-2025-43238 - An integer overflow was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to cause unexpected system termination.
    Published: April 02, 2026; 3:20:10 PM -0400

  • CVE-2025-43257 - This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.6. An app may be able to break out of its sandbox.
    Published: April 02, 2026; 3:20:15 PM -0400

  • CVE-2025-43264 - The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6. Processing a maliciously crafted image may corrupt process memory.
    Published: April 02, 2026; 3:20:17 PM -0400

  • CVE-2024-40858 - A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. An app may be able to access Contacts without user consent.
    Published: April 02, 2026; 3:17:59 PM -0400

  • CVE-2024-44219 - A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. A malicious application with root privileges may be able to access private information.
    Published: April 02, 2026; 3:18:23 PM -0400

  • CVE-2024-44250 - A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.
    Published: April 02, 2026; 3:18:28 PM -0400

  • CVE-2024-44286 - This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. An attacker with physical access can input keyboard events to apps running on a locked device.
    Published: April 02, 2026; 3:18:36 PM -0400

  • CVE-2024-44303 - The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.1. A malicious application may be able to modify protected parts of the file system.
    Published: April 02, 2026; 3:18:38 PM -0400

  • CVE-2026-4849 - A vulnerability was identified in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /modify.php of the component Parameter Handler. The manipulation of the argument firstName leads to cross site scripting. The a... read CVE-2026-4849
    Published: March 26, 2026; 4:16:22 AM -0400

    V3.1: 6.1 MEDIUM

  • CVE-2026-4850 - A security flaw has been discovered in code-projects Simple Laundry System 1.0. Affected is an unknown function of the file /checkregisitem.php of the component Parameter Handler. The manipulation of the argument Long-arm-shirtVol results in sql i... read CVE-2026-4850
    Published: March 26, 2026; 4:16:22 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2026-4908 - A security flaw has been discovered in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /modstaffinfo.php of the component Parameter Handler. The manipulation of the argument userid results in sql injection. Th... read CVE-2026-4908
    Published: March 26, 2026; 11:16:01 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2026-5255 - A vulnerability was detected in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /delstaffinfo.php of the component Parameter Handler. The manipulation of the argument userid results in cross site scripting. The at... read CVE-2026-5255
    Published: April 01, 2026; 2:16:15 AM -0400

    V3.1: 6.1 MEDIUM

Created September 20, 2022 , Updated August 27, 2024