NVD

Icon for New NVD Communications and Status Updates Page

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Legal Disclaimer:

Here is where you can read the NVD legal disclaimer.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2026-28555 - wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to close or reopen any forum topic via the wpforo_close_ajax handler. Attackers submit a valid nonce with an arbitrary topic ID to bypass the ... read CVE-2026-28555
Published: February 28, 2026; 5:16:02 PM -0500

V3.1: 4.3 MEDIUM
CVE-2026-28556 - wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to move, merge, or split any forum topic via the topic_move, topic_merge, and topic_split form action handlers. Attackers with a valid form no... read CVE-2026-28556
Published: February 28, 2026; 5:16:02 PM -0500

V3.1: 5.4 MEDIUM
CVE-2026-28557 - wpForo Forum 2.4.14 contains a missing capability check vulnerability that allows authenticated users to trigger bulk wpForo usergroup reassignment via the wpforo_synch_roles AJAX handler. Attackers access the usergroups admin page, accessible to ... read CVE-2026-28557
Published: February 28, 2026; 5:16:02 PM -0500

V3.1: 6.5 MEDIUM
CVE-2026-28558 - wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows authenticated subscribers to upload SVG files as profile avatars through the avatar upload functionality. Attackers upload a crafted SVG containing CSS injection ... read CVE-2026-28558
Published: February 28, 2026; 5:16:02 PM -0500

V3.1: 5.4 MEDIUM
CVE-2026-28559 - wpForo Forum 2.4.14 contains an information disclosure vulnerability that allows unauthenticated users to retrieve private and unapproved forum topics via the global RSS feed endpoint. Attackers request the RSS feed without a forum ID parameter, b... read CVE-2026-28559
Published: February 28, 2026; 5:16:02 PM -0500

V3.1: 5.3 MEDIUM
CVE-2026-28560 - wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows script injection via forum URL data output into an inline script block using json_encode without the JSON_HEX_TAG flag. Attackers set a forum slug containing a cl... read CVE-2026-28560
Published: February 28, 2026; 5:16:03 PM -0500

V3.1: 4.8 MEDIUM
CVE-2026-3391 - A security flaw has been discovered in FascinatedBox lily up to 2.3. Impacted is the function clear_storages of the file src/lily_emitter.c. The manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit... read CVE-2026-3391
Published: March 01, 2026; 7:15:59 AM -0500

V3.1: 5.5 MEDIUM
CVE-2026-3408 - A vulnerability was identified in Open Babel up to 3.1.1. This impacts the function OBAtom::GetExplicitValence of the file isrc/atom.cpp of the component CDXML File Handler. Such manipulation leads to null pointer dereference. The attack can be la... read CVE-2026-3408
Published: March 01, 2026; 11:16:06 PM -0500

V3.1: 6.5 MEDIUM
CVE-2026-3392 - A weakness has been identified in FascinatedBox lily up to 2.3. The affected element is the function eval_tree of the file src/lily_emitter.c. This manipulation causes null pointer dereference. The attack is restricted to local execution. The expl... read CVE-2026-3392
Published: March 01, 2026; 7:16:00 AM -0500

V3.1: 5.5 MEDIUM
CVE-2026-2474 - Crypt::URandom versions from 0.41 before 0.55 for Perl is vulnerable to a heap buffer overflow in the XS function crypt_urandom_getrandom(). The function does not validate that the length parameter is non-negative. If a negative value (e.g. -1) i... read CVE-2026-2474
Published: February 16, 2026; 4:22:18 PM -0500
CVE-2025-15578 - Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely. The session id is seeded with the system time (which is available from HTTP response headers), a call to the built-in rand() function, and the PID.
Published: February 16, 2026; 5:22:40 PM -0500
CVE-2026-2588 - Crypt::NaCl::Sodium versions through 2.001 for Perl has an integer overflow flaw on 32-bit systems. Sodium.xs casts a STRLEN (size_t) to unsigned long long when passing a length pointer to libsodium functions. On 32-bit systems size_t is typical... read CVE-2026-2588
Published: February 22, 2026; 7:15:59 PM -0500
CVE-2024-58041 - Smolder versions through 1.51 for Perl uses insecure rand() function for cryptographic functions. Smolder 1.51 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographi... read CVE-2024-58041
Published: February 23, 2026; 7:16:17 PM -0500
CVE-2026-3091 - An uncontrolled search path element vulnerability in Synology Presto Client before 2.1.3-0672 allows local users to read or write arbitrary files during installation by placing a malicious DLL in advance in the same directory as the installer.
Published: February 23, 2026; 10:16:03 PM -0500

V3.1: 7.1 HIGH
CVE-2019-25495 - osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the reviews_id parameter. Attackers can send GET requests to product_reviews_write.php wit... read CVE-2019-25495
Published: February 27, 2026; 1:16:05 PM -0500

V3.1: 7.5 HIGH
CVE-2019-25496 - osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the products_id parameter. Attackers can modify the products_id value in product_info.php ... read CVE-2019-25496
Published: February 27, 2026; 1:16:05 PM -0500

V3.1: 7.5 HIGH
CVE-2019-25497 - osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the currency parameter. Attackers can send GET requests to shopping_cart.php with maliciou... read CVE-2019-25497
Published: February 27, 2026; 1:16:05 PM -0500

V3.1: 7.5 HIGH
CVE-2026-27751 - SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a default credentials vulnerability that allows remote attackers to obtain administrative access to the management interface. Attackers can authenticate using the hardcoded default... read CVE-2026-27751
Published: February 27, 2026; 1:16:12 PM -0500

V3.1: 9.8 CRITICAL
CVE-2025-59600 - Memory Corruption when adding user-supplied data without checking available buffer space.
Published: March 02, 2026; 12:16:28 PM -0500

V3.1: 7.8 HIGH
CVE-2026-3269 - A flaw has been found in psi-probe PSI Probe up to 5.3.0. The impacted element is the function handleRequestInternal of the file psi-probe-core/src/main/java/psiprobe/controllers/sessions/ExpireSessionsController.java of the component Session Hand... read CVE-2026-3269
Published: February 26, 2026; 7:16:58 PM -0500

V3.1: 6.5 MEDIUM

Created September 20, 2022 , Updated August 27, 2024

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

Legal Disclaimer: