NVD

Icon for New NVD Communications and Status Updates Page

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Legal Disclaimer:

Here is where you can read the NVD legal disclaimer.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2026-33529 - Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. Prior to version 3.3.2, an authenticated path traversal vulnerability in the configuration import endpoint allows an authenticated user to write arbitrary files outside the config... read CVE-2026-33529
Published: March 26, 2026; 4:16:15 PM -0400

V3.1: 8.8 HIGH
CVE-2026-33532 - `yaml` is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of `yaml` on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/compo... read CVE-2026-33532
Published: March 26, 2026; 4:16:15 PM -0400
CVE-2026-34363 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.65 and 9.7.0-alpha.9, when multiple clients subscribe to the same class via LiveQuery, the event handlers process each su... read CVE-2026-34363
Published: March 31, 2026; 11:16:18 AM -0400

V3.1: 5.3 MEDIUM
CVE-2026-34532 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.67 and 9.7.0-alpha.11, an attacker can bypass Cloud Function validator access controls by appending "prototype.constructo... read CVE-2026-34532
Published: March 31, 2026; 11:16:20 AM -0400

V3.1: 9.1 CRITICAL
CVE-2026-33535 - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9.13-43, an out-of-bounds write of a zero byte exists in the X11 `display` interaction path that could lead to a crash. Versions... read CVE-2026-33535
Published: March 26, 2026; 4:16:15 PM -0400

V3.1: 5.5 MEDIUM
CVE-2026-33536 - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9.13-43, due to an incorrect return value on certain platforms a pointer is incremented past the end of a buffer that is on the ... read CVE-2026-33536
Published: March 26, 2026; 4:16:15 PM -0400

V3.1: 4.7 MEDIUM
CVE-2026-0965 - A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providing a malicious configuration file or when the system is misconfigured. This vulnerability could lead ... read CVE-2026-0965
Published: March 26, 2026; 5:17:00 PM -0400
CVE-2026-34573 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.68 and 9.7.0-alpha.12, the GraphQL query complexity validator can be exploited to cause a denial-of-service by sending a ... read CVE-2026-34573
Published: March 31, 2026; 12:16:33 PM -0400

V3.1: 7.5 HIGH
CVE-2026-0967 - A flaw was found in libssh. A remote attacker, by controlling client configuration files or known_hosts files, could craft specific hostnames that when processed by the `match_pattern()` function can lead to inefficient regular expression backtrac... read CVE-2026-0967
Published: March 26, 2026; 5:17:00 PM -0400

V3.1: 5.5 MEDIUM
CVE-2026-29905 - Kirby CMS through 5.1.4 allows an authenticated user with 'Editor' permissions to cause a persistent Denial of Service (DoS) via a malformed image upload. The application fails to properly validate the return value of the PHP getimagesize() functi... read CVE-2026-29905
Published: March 26, 2026; 1:16:34 PM -0400
CVE-2026-30303 - The command auto-approval module in Axon Code contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of an incompatible command parser (the Unix-based ... read CVE-2026-30303
Published: March 27, 2026; 11:16:52 AM -0400
CVE-2026-34574 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.69 and 9.7.0-alpha.14, an authenticated user can bypass the immutability guard on session fields (expiresAt, createdWith)... read CVE-2026-34574
Published: March 31, 2026; 12:16:33 PM -0400

V3.1: 5.4 MEDIUM
CVE-2026-33687 - Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 contain a vulnerability in the file upload endpoint that allows authenticated users to bypass all file type restrictions. The upload endpoint within t... read CVE-2026-33687
Published: March 26, 2026; 6:16:31 PM -0400
CVE-2026-5170 - A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may caus... read CVE-2026-5170
Published: March 30, 2026; 12:16:10 PM -0400

V3.1: 5.3 MEDIUM
CVE-2026-5215 - A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up ... read CVE-2026-5215
Published: March 31, 2026; 6:16:22 PM -0400

V3.1: 5.3 MEDIUM
CVE-2026-5214 - A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20... read CVE-2026-5214
Published: March 31, 2026; 6:16:22 PM -0400

V3.1: 8.8 HIGH
CVE-2026-5213 - A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up ... read CVE-2026-5213
Published: March 31, 2026; 5:16:34 PM -0400

V3.1: 8.8 HIGH
CVE-2026-5212 - A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up ... read CVE-2026-5212
Published: March 31, 2026; 5:16:33 PM -0400

V3.1: 8.8 HIGH
CVE-2026-5211 - A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 202602... read CVE-2026-5211
Published: March 31, 2026; 4:16:29 PM -0400

V3.1: 8.8 HIGH
CVE-2025-70888 - An issue in mtrojnar Osslsigncode affected at v2.10 and before allows a remote attacker to escalate privileges via the osslsigncode.c component
Published: March 25, 2026; 4:16:22 PM -0400

Created September 20, 2022 , Updated August 27, 2024

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

Legal Disclaimer: