U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
Icon for New NVD Communications and Status Updates Page
New Communications Page
The NVD now supports CVSS version 4.0!
CVSS v4.0 Support
The letters N V D typed out in binary
2.0 APIs

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2025-46819 - Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted LUA script to read out-of-bound data or crash the server and subsequent denial of service. The probl... read CVE-2025-46819
    Published: October 03, 2025; 3:15:43 PM -0400

    V3.1: 7.1 HIGH

  • CVE-2025-46818 - Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate different LUA objects and potentially run their own code in the context of ... read CVE-2025-46818
    Published: October 03, 2025; 3:15:43 PM -0400

    V3.1: 7.3 HIGH

  • CVE-2025-49844 - Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to rem... read CVE-2025-49844
    Published: October 03, 2025; 4:15:32 PM -0400

    V3.1: 9.9 CRITICAL

  • CVE-2025-46817 - Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem ex... read CVE-2025-46817
    Published: October 03, 2025; 2:15:35 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2025-48984 - A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.
    Published: October 30, 2025; 8:15:36 PM -0400

  • CVE-2025-48983 - A vulnerability in the Mount service of Veeam Backup & Replication, which allows for remote code execution (RCE) on the Backup infrastructure hosts by an authenticated domain user.
    Published: October 30, 2025; 8:15:36 PM -0400

  • CVE-2025-48982 - This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation if a system administrator is tricked into restoring a malicious file.
    Published: October 30, 2025; 8:15:36 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2025-62265 - Cross-site scripting (XSS) vulnerability in the Blogs widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, 7.3 GA thr... read CVE-2025-62265
    Published: October 30, 2025; 3:16:35 PM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2025-62266 - By default, Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions i... read CVE-2025-62266
    Published: October 30, 2025; 2:15:33 PM -0400

    V3.1: 6.1 MEDIUM

  • CVE-2025-64096 - CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prier to 1.4.2, ... read CVE-2025-64096
    Published: October 30, 2025; 1:15:40 PM -0400

  • CVE-2022-49903 - In the Linux kernel, the following vulnerability has been resolved: ipv6: fix WARNING in ip6_route_net_exit_late() During the initialization of ip6_route_net_init_late(), if file ipv6_route or rt6_stats fails to be created, the initialization is... read CVE-2022-49903
    Published: May 01, 2025; 11:16:15 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2022-49905 - In the Linux kernel, the following vulnerability has been resolved: net/smc: Fix possible leaked pernet namespace in smc_init() In smc_init(), register_pernet_subsys(&smc_net_stat_ops) is called without any error handling. If it fails, registeri... read CVE-2022-49905
    Published: May 01, 2025; 11:16:15 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2022-49907 - In the Linux kernel, the following vulnerability has been resolved: net: mdio: fix undefined behavior in bit shift for __mdiobus_register Shifting signed 32-bit value by 31 bits is undefined, so changing significant bit to unsigned. The UBSAN wa... read CVE-2022-49907
    Published: May 01, 2025; 11:16:15 AM -0400

    V3.1: 7.8 HIGH

  • CVE-2022-49910 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu Fix the race condition between the following two flows that run in parallel: 1. l2cap_reassemble_sdu -> chan... read CVE-2022-49910
    Published: May 01, 2025; 11:16:16 AM -0400

    V3.1: 7.8 HIGH

  • CVE-2022-49911 - In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: enforce documented limit to prevent allocating huge memory Daniel Xu reported that the hash:net,iface type of the ipset subsystem does not limit adding the sam... read CVE-2022-49911
    Published: May 01, 2025; 11:16:16 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2025-62256 - Liferay Portal 7.4.0 through 7.4.3.109, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not properly restrict access to OpenAPI in c... read CVE-2025-62256
    Published: October 23, 2025; 10:15:42 AM -0400

    V3.1: 5.3 MEDIUM

  • CVE-2025-62254 - The ComboServlet in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported version... read CVE-2025-62254
    Published: October 23, 2025; 7:15:37 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2025-62263 - Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.7 through 7.4.3.103, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 service pack 3 through update 36 allow remote attackers to inject arbitrary w... read CVE-2025-62263
    Published: October 27, 2025; 4:15:54 PM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2025-62262 - Information exposure through log file vulnerability in LDAP import feature in Liferay Portal 7.4.0 through 7.4.3.97, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, a... read CVE-2025-62262
    Published: October 27, 2025; 5:15:37 PM -0400

    V3.1: 4.4 MEDIUM

  • CVE-2025-62260 - Liferay Portal 7.4.0 through 7.4.3.99, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not limit the number of objects returned from Headless API requests, which ... read CVE-2025-62260
    Published: October 27, 2025; 6:15:41 PM -0400

    V3.1: 7.5 HIGH

Created September 20, 2022 , Updated August 27, 2024