NVD

Icon for New NVD Communications and Status Updates Page

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Legal Disclaimer:

Here is where you can read the NVD legal disclaimer.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2026-26209 - cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) serialization format. Versions prior to 5.9.0 are vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding deeply nested ... read CVE-2026-26209
Published: March 23, 2026; 3:16:39 PM -0400
CVE-2026-33648 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the restreamer endpoint constructs a log file path by embedding user-controlled `users_id` and `liveTransmitionHistory_id` values from the JSON request body withou... read CVE-2026-33648
Published: March 23, 2026; 3:16:40 PM -0400
CVE-2026-33647 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `ImageGallery::saveFile()` method validates uploaded file content using `finfo` MIME type detection but derives the saved filename extension from the user-supp... read CVE-2026-33647
Published: March 23, 2026; 3:16:40 PM -0400
CVE-2026-30886 - New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.11.4-alpha.2, an Insecure Direct Object Reference (IDOR) vulnerability in the video proxy endpoint (`GET /v1/videos/:task_i... read CVE-2026-30886
Published: March 23, 2026; 4:16:25 PM -0400
CVE-2026-33513 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, an unauthenticated API endpoint (`APIName=locale`) concatenates user input into an `include` path with no canonicalization or whitelist. Path traversal is accepted... read CVE-2026-33513
Published: March 23, 2026; 3:16:40 PM -0400

V3.1: 7.5 HIGH
CVE-2026-32879 - New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Starting in version 0.10.0, a logic flaw in the universal secure verification flow allows an authenticated user with a registered passkey to s... read CVE-2026-32879
Published: March 23, 2026; 4:16:27 PM -0400
CVE-2026-33512 - WWBN AVideo is an open source video platform. In versions up to and including 26.0, the API plugin exposes a `decryptString` action without any authentication. Anyone can submit ciphertext and receive plaintext. Ciphertext is issued publicly (e.g.... read CVE-2026-33512
Published: March 23, 2026; 3:16:40 PM -0400
CVE-2026-30796 - Cleartext Transmission of Sensitive Information vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux (Address book sync API modules) allows Sniffing Attacks. This vulnerability is associated with pr... read CVE-2026-30796
Published: March 05, 2026; 11:16:21 AM -0500

V3.1: 7.5 HIGH
CVE-2025-71092 - In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Fix OOB write in bnxt_re_copy_err_stats() Commit ef56081d1864 ("RDMA/bnxt_re: RoCE related hardware counters update") added three new counters and placed them afte... read CVE-2025-71092
Published: January 13, 2026; 11:16:08 AM -0500

V3.1: 7.8 HIGH
CVE-2025-71093 - In the Linux kernel, the following vulnerability has been resolved: e1000: fix OOB in e1000_tbi_should_accept() In e1000_tbi_should_accept() we read the last byte of the frame via 'data[length - 1]' to evaluate the TBI workaround. If the descrip... read CVE-2025-71093
Published: January 13, 2026; 11:16:09 AM -0500

V3.1: 7.1 HIGH
CVE-2023-22515 - Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized C... read CVE-2023-22515
Published: October 04, 2023; 10:15:10 AM -0400

V3.1: 9.8 CRITICAL
CVE-2026-20131 - A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. This vulnerabilit... read CVE-2026-20131
Published: March 04, 2026; 1:16:27 PM -0500
CVE-2026-20700 - A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An attacker with memory write capability may be able to execute arbi... read CVE-2026-20700
Published: February 11, 2026; 6:16:10 PM -0500
CVE-2025-71094 - In the Linux kernel, the following vulnerability has been resolved: net: usb: asix: validate PHY address before use The ASIX driver reads the PHY address from the USB device via asix_read_phy_addr(). A malicious or faulty device can return an in... read CVE-2025-71094
Published: January 13, 2026; 11:16:09 AM -0500

V3.1: 5.5 MEDIUM
CVE-2025-71095 - In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix the crash issue for zero copy XDP_TX action There is a crash issue when running zero copy XDP_TX action, the crash log is shown below. [ 216.122464] Unable to... read CVE-2025-71095
Published: January 13, 2026; 11:16:09 AM -0500

V3.1: 5.5 MEDIUM
CVE-2026-33286 - Graphiti is a framework that sits on top of models and exposes them via a JSON:API-compliant interface. Versions prior to 1.10.2 have an arbitrary method execution vulnerability that affects Graphiti's JSONAPI write functionality. An attacker can ... read CVE-2026-33286
Published: March 23, 2026; 8:16:30 PM -0400
CVE-2025-71096 - In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly The netlink response for RDMA_NL_LS_OP_IP_RESOLVE should always have a LS_NLA_TYPE_DGID attribute, it is invalid ... read CVE-2025-71096
Published: January 13, 2026; 11:16:09 AM -0500

V3.1: 5.5 MEDIUM
CVE-2025-71097 - In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix reference count leak when using error routes with nexthop objects When a nexthop object is deleted, it is marked as dead and then fib_table_flush() is called to flush ... read CVE-2025-71097
Published: January 13, 2026; 11:16:09 AM -0500

V3.1: 5.5 MEDIUM
CVE-2025-71098 - In the Linux kernel, the following vulnerability has been resolved: ip6_gre: make ip6gre_header() robust Over the years, syzbot found many ways to crash the kernel in ip6gre_header() [1]. This involves team or bonding drivers ability to dynamic... read CVE-2025-71098
Published: January 13, 2026; 11:16:09 AM -0500

V3.1: 5.5 MEDIUM
CVE-2025-71099 - In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fix potential UAF in xe_oa_add_config_ioctl() In xe_oa_add_config_ioctl(), we accessed oa_config->id after dropping metrics_lock. Since this lock protects the lifetim... read CVE-2025-71099
Published: January 13, 2026; 11:16:09 AM -0500

V3.1: 7.8 HIGH

Created September 20, 2022 , Updated August 27, 2024

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

Legal Disclaimer: