U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
Icon for NVD Communications and Status Updates Page
Communications Page
The NVD now supports CVSS version 4.0!
CVSS v4.0 Support
The letters N V D typed out in binary
2.0 APIs

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2026-46810 - Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: End User Self Service). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker wi... read CVE-2026-46810
    Published: June 17, 2026; 6:53:58 AM -0400

  • CVE-2026-46812 - Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attack... read CVE-2026-46812
    Published: June 17, 2026; 6:53:58 AM -0400

  • CVE-2026-46813 - Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker w... read CVE-2026-46813
    Published: June 17, 2026; 6:53:58 AM -0400

  • CVE-2026-35261 - Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attack... read CVE-2026-35261
    Published: June 17, 2026; 6:40:18 AM -0400

  • CVE-2026-35313 - Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows low privileged attacke... read CVE-2026-35313
    Published: June 17, 2026; 6:40:23 AM -0400

  • CVE-2026-46805 - Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network ac... read CVE-2026-46805
    Published: June 17, 2026; 6:53:58 AM -0400

  • CVE-2026-46806 - Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network ac... read CVE-2026-46806
    Published: June 17, 2026; 6:53:58 AM -0400

  • CVE-2026-46807 - Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: OIM Legacy UI). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with netwo... read CVE-2026-46807
    Published: June 17, 2026; 6:53:58 AM -0400

  • CVE-2026-46808 - Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network acc... read CVE-2026-46808
    Published: June 17, 2026; 6:53:58 AM -0400

  • CVE-2026-53865 - OpenClaw before 2026.5.2 contains a path traversal vulnerability in maintenance task execution that allows workspace-derived service paths to influence trash command selection. Attackers can execute unintended local executables from operator-unint... read CVE-2026-53865
    Published: June 16, 2026; 3:17:04 PM -0400

  • CVE-2026-53866 - OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in shell inline-command parsing that allows authenticated operators to execute unapproved commands. A command request using shell inline-command forms could route through a parse... read CVE-2026-53866
    Published: June 16, 2026; 3:17:05 PM -0400

  • CVE-2026-53840 - OpenClaw before 2026.5.12 contains an information disclosure vulnerability in streamable-http MCP servers that forwards operator-configured custom headers during cross-origin redirects. Attackers controlling or compromising an MCP endpoint can red... read CVE-2026-53840
    Published: June 16, 2026; 3:17:00 PM -0400

  • CVE-2026-53842 - OpenClaw before 2026.5.2 contains an environment variable injection vulnerability allowing workspace .env files to influence Python runtime selection through CLOUDSDK_PYTHON during Gmail setup gcloud execution. Attackers with repository access can... read CVE-2026-53842
    Published: June 16, 2026; 3:17:01 PM -0400

  • CVE-2026-53844 - OpenClaw before 2026.4.29 contains a session visibility check bypass vulnerability in shared memory search that allows authenticated callers to access memory entries without proper authorization. Attackers can skip session visibility guards on the... read CVE-2026-53844
    Published: June 16, 2026; 3:17:01 PM -0400

  • CVE-2026-53845 - OpenClaw before 2026.5.6 contains a hook bypass vulnerability where skill commands routed through the affected dispatch path skip before-tool-call hook coverage. Attackers can exploit this by sending skill commands through the vulnerable dispatch ... read CVE-2026-53845
    Published: June 16, 2026; 3:17:01 PM -0400

  • CVE-2026-53846 - OpenClaw before 2026.4.29 contains a path traversal vulnerability in the install helper that allows workspace .env files to override the npm_execpath configuration used for bundled runtime dependency installation. Attackers with workspace access c... read CVE-2026-53846
    Published: June 16, 2026; 3:17:01 PM -0400

  • CVE-2026-53847 - OpenClaw before 2026.5.6 contains a privilege escalation vulnerability in the Active Memory write scope that allows Gateway operators with operator.write access to modify global configuration without requiring operator.admin privileges. Attackers ... read CVE-2026-53847
    Published: June 16, 2026; 3:17:01 PM -0400

  • CVE-2026-53848 - OpenClaw before 2026.5.26 contains an exec allowlist bypass vulnerability allowing authenticated operators to execute wrapper-level side effects outside allowlisted command intent. Attackers can craft command requests that bypass allowlist validat... read CVE-2026-53848
    Published: June 16, 2026; 3:17:01 PM -0400

  • CVE-2026-45649 - Improper access control in Office for Android allows an unauthorized attacker to perform spoofing locally.
    Published: June 09, 2026; 1:17:32 PM -0400

  • CVE-2026-35265 - Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Security). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network acc... read CVE-2026-35265
    Published: June 17, 2026; 6:40:18 AM -0400

Created September 20, 2022 , Updated August 27, 2024