U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2026-55947 - Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
    Published: July 14, 2026; 2:18:22 PM -0400

  • CVE-2026-55949 - Use of uninitialized resource in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
    Published: July 14, 2026; 2:18:22 PM -0400

  • CVE-2026-56156 - Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
    Published: July 14, 2026; 2:18:22 PM -0400

  • CVE-2026-41681 - rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.39 to before 0.10.78, EVP_DigestFinal() always writes EVP_MD_CTX_size(ctx) to the out buffer. If out is smaller than that, MdCtxRef::digest_final() writes past it... read CVE-2026-41681
    Published: April 24, 2026; 2:16:29 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2026-41676 - rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive (and PkeyCtxRef::derive) sets len = buf.len() and passes it as the in/out length to EVP_PKEY_derive, relying on OpenSSL to ho... read CVE-2026-41676
    Published: April 24, 2026; 2:16:29 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2026-41898 - rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::set_psk_client_callback, set_psk_server_callback, set_cookie_generate_cb, and set_stateless_coo... read CVE-2026-41898
    Published: April 24, 2026; 2:16:29 PM -0400

    V3.1: 5.3 MEDIUM

  • CVE-2026-44172 - MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input, escaping it with mysql_real_escape_string() and sending it to the database using text protocol and... read CVE-2026-44172
    Published: June 12, 2026; 2:16:34 PM -0400

    V3.1: 9.1 CRITICAL

  • CVE-2026-47984 - Adobe Commerce is affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access. Exploitat... read CVE-2026-47984
    Published: July 14, 2026; 4:17:04 PM -0400

    V3.1: 9.1 CRITICAL

  • CVE-2026-45756 - Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 7.3.0-BETA1 until 7.4.12 and 8.0.12, the JsonPath component compiles attacker-controlled match() and search() filter patterns directly into preg... read CVE-2026-45756
    Published: July 14, 2026; 2:17:17 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2026-45077 - Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, the server:log listener (Symfony\Bridge\Monolog\Command\ServerLogCommand) binds to 0.0.0.0:9911 by defau... read CVE-2026-45077
    Published: July 14, 2026; 2:17:17 PM -0400

    V3.1: 8.6 HIGH

  • CVE-2026-47988 - Adobe Commerce is affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access. Exploitat... read CVE-2026-47988
    Published: July 14, 2026; 4:17:04 PM -0400

    V3.1: 9.1 CRITICAL

  • CVE-2026-45074 - Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 7.1.0 until 7.4.12 and 8.0.12, Cas2Handler builds the CAS service parameter from Request::getSchemeAndHttpHost(), which reflects an attacker-con... read CVE-2026-45074
    Published: July 14, 2026; 2:17:16 PM -0400

    V3.1: 8.1 HIGH

  • CVE-2026-55135 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
    Published: July 14, 2026; 2:18:20 PM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2026-47992 - Adobe Commerce is affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could ... read CVE-2026-47992
    Published: July 14, 2026; 4:17:04 PM -0400

  • CVE-2026-47994 - Adobe Commerce is affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser w... read CVE-2026-47994
    Published: July 14, 2026; 4:17:04 PM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2026-12390 - In AzeoTech DAQFactory versions 21.1 and prior, a Type Confusion vulnerability can be exploited by an attacker using specially crafted .ctl files which can result in code execution.
    Published: June 18, 2026; 3:16:22 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2026-21404 - NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation (SOAP) implementation. If the SOAP functionality is enabled, a local attacker can extract credentials to bypass the intended transf... read CVE-2026-21404
    Published: June 04, 2026; 4:16:57 PM -0400

  • CVE-2026-58277 - Improper authorization in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.
    Published: July 14, 2026; 2:18:36 PM -0400

  • CVE-2026-56157 - Improper access control in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
    Published: July 14, 2026; 2:18:22 PM -0400

  • CVE-2026-55034 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
    Published: July 14, 2026; 2:18:14 PM -0400

    V3.1: 8.7 HIGH

Created September 20, 2022 , Updated August 27, 2024