U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
Icon for New NVD Communications and Status Updates Page
New Communications Page
The NVD now supports CVSS version 4.0!
CVSS v4.0 Support
The letters N V D typed out in binary
2.0 APIs

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2025-62399 - Moodle’s mobile and web service authentication endpoints did not sufficiently restrict repeated password attempts, making them susceptible to brute-force attacks.
    Published: October 23, 2025; 8:15:32 AM -0400

  • CVE-2025-62400 - Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information.
    Published: October 23, 2025; 8:15:32 AM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2025-62401 - An issue in Moodle’s timed assignment feature allowed students to bypass the time restriction, potentially giving them more time than allowed to complete an assessment.
    Published: October 23, 2025; 8:15:32 AM -0400

    V3.1: 4.3 MEDIUM

  • CVE-2025-38014 - In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Refactor remove call with idxd_cleanup() helper The idxd_cleanup() helper cleans up perfmon, interrupts, internals and so on. Refactor remove call with the idxd... read CVE-2025-38014
    Published: June 18, 2025; 6:15:32 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2025-38016 - In the Linux kernel, the following vulnerability has been resolved: HID: bpf: abort dispatch if device destroyed The current HID bpf implementation assumes no output report/request will go through it after hid_bpf_destroy_device() has been calle... read CVE-2025-38016
    Published: June 18, 2025; 6:15:33 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2025-38017 - In the Linux kernel, the following vulnerability has been resolved: fs/eventpoll: fix endless busy loop after timeout has expired After commit 0a65bc27bd64 ("eventpoll: Set epoll timeout if it's in the future"), the following program would immed... read CVE-2025-38017
    Published: June 18, 2025; 6:15:33 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2025-38019 - In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_router: Fix use-after-free when deleting GRE net devices The driver only offloads neighbors that are constructed on top of net devices registered by it or their ... read CVE-2025-38019
    Published: June 18, 2025; 6:15:33 AM -0400

    V3.1: 7.8 HIGH

  • CVE-2025-38021 - In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null check of pipe_ctx->plane_state for update_dchubp_dpp Similar to commit 6a057072ddd1 ("drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn2... read CVE-2025-38021
    Published: June 18, 2025; 6:15:33 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2022-49955 - In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: Fix RTAS MSR[HV] handling for Cell The semi-recent changes to MSR handling when entering RTAS (firmware) cause crashes on IBM Cell machines. An example trace: k... read CVE-2022-49955
    Published: June 18, 2025; 7:15:22 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2022-49954 - In the Linux kernel, the following vulnerability has been resolved: Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag syzbot is reporting hung task at __input_unregister_device() [1], for iforce_close() waiting at wait_event_interr... read CVE-2022-49954
    Published: June 18, 2025; 7:15:22 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2022-49953 - In the Linux kernel, the following vulnerability has been resolved: iio: light: cm3605: Fix an error handling path in cm3605_probe() The commit in Fixes also introduced a new error handling path which should goto the existing error handling path... read CVE-2022-49953
    Published: June 18, 2025; 7:15:22 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2022-49952 - In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix memory corruption on probe Add the missing sanity check on the probed-session count to avoid corrupting memory beyond the fixed-size slab-allocated session ar... read CVE-2022-49952
    Published: June 18, 2025; 7:15:22 AM -0400

    V3.1: 7.8 HIGH

  • CVE-2022-49951 - In the Linux kernel, the following vulnerability has been resolved: firmware_loader: Fix use-after-free during unregister In the following code within firmware_upload_unregister(), the call to device_unregister() could result in the dev_release ... read CVE-2022-49951
    Published: June 18, 2025; 7:15:22 AM -0400

    V3.1: 7.8 HIGH

  • CVE-2022-49950 - In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix memory corruption on open The probe session-duplication overflow check incremented the session count also when there were no more available sessions so that m... read CVE-2022-49950
    Published: June 18, 2025; 7:15:22 AM -0400

    V3.1: 7.8 HIGH

  • CVE-2022-49949 - In the Linux kernel, the following vulnerability has been resolved: firmware_loader: Fix memory leak in firmware upload In the case of firmware-upload, an instance of struct fw_upload is allocated in firmware_upload_register(). This data needs t... read CVE-2022-49949
    Published: June 18, 2025; 7:15:21 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2025-40843 - CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. CodeChecker versions up to 6.26.1 contain a buffer overflow vulnerability in the internal ldlogger library, which is execut... read CVE-2025-40843
    Published: October 28, 2025; 3:15:41 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2025-63293 - FairSketch Rise Ultimate Project Manager & CRM 3.9.4 is vulnerable to Insecure Permissions. A remote authenticated user can append comments or upload attachments to tickets for which they lack view or edit authorization, due to missing authorizati... read CVE-2025-63293
    Published: November 03, 2025; 4:19:38 PM -0500

  • CVE-2025-58469 - A cross-site request forgery (CSRF) vulnerability has been reported to affect QuLog Center. The remote attackers can then exploit the vulnerability to gain privileges or hijack user identities. We have already fixed the vulnerability in the follo... read CVE-2025-58469
    Published: November 07, 2025; 11:15:41 AM -0500

    V3.1: 8.8 HIGH

  • CVE-2025-12915 - A vulnerability was found in 70mai X200 up to 20251019. This issue affects some unknown processing of the component Init Script Handler. The manipulation results in file inclusion. The attack requires a local approach. A high complexity level is a... read CVE-2025-12915
    Published: November 08, 2025; 6:15:48 PM -0500

  • CVE-2025-64446 - A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrat... read CVE-2025-64446
    Published: November 14, 2025; 11:15:58 AM -0500

Created September 20, 2022 , Updated August 27, 2024