U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
Icon for New NVD Communications and Status Updates Page
New Communications Page
The NVD now supports CVSS version 4.0!
CVSS v4.0 Support
The letters N V D typed out in binary
2.0 APIs

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2025-7259 - An authorized user can issue queries with duplicate _id fields, that leads to unexpected behavior in MongoDB Server, which may result to crash. This issue can only be triggered by authorized users and cause Denial of Service. This issue affects Mo... read CVE-2025-7259
    Published: July 07, 2025; 12:15:30 PM -0400

  • CVE-2025-6714 - MongoDB Server's mongos component can become unresponsive to new connections due to incorrect handling of incomplete data. This affects MongoDB when configured with load balancer support. This issue affects MongoDB Server v6.0 prior to 6.0.23, Mon... read CVE-2025-6714
    Published: July 07, 2025; 11:15:29 AM -0400

  • CVE-2025-6713 - An unauthorized user may leverage a specially crafted aggregation pipeline to access data without proper authorization due to improper handling of the $mergeCursors stage in MongoDB Server. This may lead to access to data without further authorisa... read CVE-2025-6713
    Published: July 07, 2025; 11:15:29 AM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2025-6712 - MongoDB Server may be susceptible to disruption caused by high memory usage, potentially leading to server crash. This condition is linked to inefficiencies in memory management related to internal operations. In scenarios where certain internal p... read CVE-2025-6712
    Published: July 07, 2025; 11:15:28 AM -0400

  • CVE-2025-6711 - An issue has been identified in MongoDB Server where unredacted queries may inadvertently appear in server logs when certain error conditions are encountered. This issue affects MongoDB Server v8.0 versions prior to 8.0.5, MongoDB Server v7.0 vers... read CVE-2025-6711
    Published: July 07, 2025; 11:15:28 AM -0400

    V3.1: 4.9 MEDIUM

  • CVE-2025-26390 - A vulnerability has been identified in OZW672 (All versions < V6.0), OZW772 (All versions < V6.0). The web service of affected devices is vulnerable to SQL injection when checking authentication data. This could allow an unauthenticated remote att... read CVE-2025-26390
    Published: May 13, 2025; 6:15:23 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2025-26389 - A vulnerability has been identified in OZW672 (All versions < V8.0), OZW772 (All versions < V8.0). The web service in affected devices does not sanitize the input parameters required for the `exportDiagramPage` endpoint. This could allow an unauth... read CVE-2025-26389
    Published: May 13, 2025; 6:15:23 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2024-33577 - A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain a stack overflow vulnerability while parsing specially strings as argument for one of the application binaries. This could allow an at... read CVE-2024-33577
    Published: May 14, 2024; 12:17:20 PM -0400

  • CVE-2025-10989 - A security flaw has been discovered in yangzongzhuan RuoYi up to 4.8.1. This vulnerability affects unknown code of the file /system/role/authUser/selectAll. Performing manipulation of the argument userIds results in improper authorization. The att... read CVE-2025-10989
    Published: September 25, 2025; 9:15:36 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2025-10993 - A security flaw has been discovered in MuYuCMS up to 2.7. Affected by this issue is some unknown functionality of the file /admin.php of the component Template Management. The manipulation results in code injection. It is possible to launch the at... read CVE-2025-10993
    Published: September 25, 2025; 10:15:51 PM -0400

    V3.1: 7.2 HIGH

  • CVE-2025-10859 - Cookie storage for non-HTML temporary documents was being shared incorrectly with normal browsing content, allowing information from private tabs to escape Incognito mode even after the user closed all tabs This vulnerability affects Firefox for i... read CVE-2025-10859
    Published: September 30, 2025; 9:15:48 AM -0400

  • CVE-2024-31980 - A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.256), Parasolid V36.0 (All versions < V36.0.210), Parasolid V36.1 (All versions < V36.1.185). The affected application contains an out of bounds write past the end of an ... read CVE-2024-31980
    Published: May 14, 2024; 12:16:54 PM -0400

  • CVE-2025-11152 - This vulnerability affects Firefox < 143.0.3.
    Published: September 30, 2025; 9:15:48 AM -0400

  • CVE-2025-11153 - This vulnerability affects Firefox < 143.0.3.
    Published: September 30, 2025; 9:15:48 AM -0400

  • CVE-2024-32635 - A vulnerability has been identified in JT2Go (All versions < V2312.0005), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.10), Teamcenter Visualization V2312 (All versions < V2312.... read CVE-2024-32635
    Published: May 14, 2024; 12:17:04 PM -0400

  • CVE-2024-32636 - A vulnerability has been identified in JT2Go (All versions < V2312.0005), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.10), Teamcenter Visualization V2312 (All versions < V2312.... read CVE-2024-32636
    Published: May 14, 2024; 12:17:05 PM -0400

  • CVE-2024-32637 - A vulnerability has been identified in JT2Go (All versions < V2312.0005), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.10), Teamcenter Visualization V2312 (All versions < V2312.... read CVE-2024-32637
    Published: May 14, 2024; 12:17:06 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2024-26276 - A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versi... read CVE-2024-26276
    Published: April 09, 2024; 5:15:24 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2024-26275 - A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versi... read CVE-2024-26275
    Published: April 09, 2024; 5:15:24 AM -0400

  • CVE-2024-34086 - A vulnerability has been identified in JT2Go (All versions < V2312.0001), Teamcenter Visualization V14.1 (All versions < V14.1.0.13), Teamcenter Visualization V14.2 (All versions < V14.2.0.10), Teamcenter Visualization V14.3 (All versions < V14.3.... read CVE-2024-34086
    Published: May 14, 2024; 12:17:23 PM -0400

Created September 20, 2022 , Updated August 27, 2024