U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
Icon for NVD Communications and Status Updates Page
Communications Page
The NVD now supports CVSS version 4.0!
CVSS v4.0 Support
The letters N V D typed out in binary
2.0 APIs

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2026-45758 - Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of `guardrails-ai` (0.10.1) to PyPI. Aany user who installed `guardrails-ai==0.10.1` ... read CVE-2026-45758
    Published: June 05, 2026; 4:17:32 PM -0400

  • CVE-2026-10046 - Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the BIOS INT 0x15 / E820 memory map handler, implemented in napoca/guests/bios_handlers.c. The handler computes a destination offset into the guest RealModeM... read CVE-2026-10046
    Published: June 02, 2026; 12:16:31 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2026-10047 - The Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the real-mode hook handler, implemented in napoca/kernel/handler.c. The handler uses a guest-controlled SS:SP-derived offset as an index into the 1MB Rea... read CVE-2026-10047
    Published: June 02, 2026; 12:16:31 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2026-11052 - Type Confusion in GPU in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
    Published: June 04, 2026; 7:17:09 PM -0400

  • CVE-2026-11051 - Out of bounds read in ANGLE in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
    Published: June 04, 2026; 7:17:09 PM -0400

  • CVE-2018-16988 - An issue was discovered in Open XDMoD through 7.5.0. An authentication bypass (account takeover) exists due to a weak password reset mechanism. A brute-force attack against an MD5 rid value requires only 600 guesses in the plausible situation wher... read CVE-2018-16988
    Published: May 02, 2019; 4:29:00 PM -0400

    V3.1: 9.8 CRITICAL
     V2.0: 5.0 MEDIUM

  • CVE-2026-11048 - Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension. (Chromium security severity: ... read CVE-2026-11048
    Published: June 04, 2026; 7:17:09 PM -0400

  • CVE-2026-11047 - Inappropriate implementation in Base in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity... read CVE-2026-11047
    Published: June 04, 2026; 7:17:09 PM -0400

  • CVE-2026-11045 - Insufficient validation of untrusted input in GPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (... read CVE-2026-11045
    Published: June 04, 2026; 7:17:08 PM -0400

  • CVE-2026-45745 - Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Starting in version 1.7.0, Termix Desktop (Electron) disables TLS certificate validation, allowing a machine-in-the-middle attacker to in... read CVE-2026-45745
    Published: June 05, 2026; 2:17:30 PM -0400

  • CVE-2026-11044 - Integer overflow in ANGLE in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
    Published: June 04, 2026; 7:17:08 PM -0400

  • CVE-2026-45746 - Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the File Manager functionality in Termix contains a critical Broken Access Control vulnerability due to improper ... read CVE-2026-45746
    Published: June 05, 2026; 2:17:30 PM -0400

  • CVE-2026-45748 - Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The `POST /ssh/tunnel/connect` endpoint in Termix prior to version 2.3.2 builds an SSH tunnel command by interpolating user-controlled ho... read CVE-2026-45748
    Published: June 05, 2026; 2:17:31 PM -0400

  • CVE-2026-45749 - Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The `POST /users/totp/disable` and `POST /users/totp/backup-codes` endpoints in Termix prior to version 2.3.2 accept the account password... read CVE-2026-45749
    Published: June 05, 2026; 2:17:31 PM -0400

  • CVE-2026-3012 - A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without p... read CVE-2026-3012
    Published: May 27, 2026; 7:16:18 AM -0400

    V3.1: 6.8 MEDIUM

  • CVE-2026-45750 - Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/file_manager/ssh/resolvePath endpoint in the Termix File Manager component unsafely processes the pa... read CVE-2026-45750
    Published: June 05, 2026; 2:17:32 PM -0400

  • CVE-2026-11152 - Object lifecycle issue in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
    Published: June 04, 2026; 7:17:21 PM -0400

  • CVE-2026-11153 - Side-channel information leakage in Forms in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
    Published: June 04, 2026; 7:17:21 PM -0400

  • CVE-2026-11154 - Use after free in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
    Published: June 04, 2026; 7:17:21 PM -0400

  • CVE-2026-11231 - Inappropriate implementation in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a malicious file. (Chromium security severity: Low)
    Published: June 04, 2026; 7:17:30 PM -0400

Created September 20, 2022 , Updated August 27, 2024