NVD

Icon for New NVD Communications and Status Updates Page

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Legal Disclaimer:

Here is where you can read the NVD legal disclaimer.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2025-15444 - Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium libsodium <= 1.0.20 or a version of libsodium released before December 30, 2025 contains a vulnerability documented as CVE-2025-69277 https:... read CVE-2025-15444
Published: January 05, 2026; 8:16:01 PM -0500
CVE-2026-30910 - Crypt::Sodium::XS versions through 0.001000 for Perl has potential integer overflows. Combined aead encryption, combined signature creation, and bin2hex functions do not check that output size will be less than SIZE_MAX, which could lead to integ... read CVE-2026-30910
Published: March 07, 2026; 9:16:00 PM -0500

V3.1: 7.5 HIGH
CVE-2026-30848 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.8 and 9.5.0-alpha.8, the PagesRouter static file serving route is vulnerable to a path traversal attack that allows unaut... read CVE-2026-30848
Published: March 07, 2026; 12:15:52 PM -0500

V3.1: 3.7 LOW
CVE-2026-30850 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.9 and 9.5.0-alpha.9, the file metadata endpoint (GET /files/:appId/metadata/:filename) does not enforce beforeFind / afte... read CVE-2026-30850
Published: March 07, 2026; 12:15:52 PM -0500

V3.1: 5.9 MEDIUM
CVE-2026-28410 - The Graph is an indexing protocol for querying networks like Ethereum, IPFS, Polygon, and other blockchains. Prior to version 3.0.0, a flaw in the token vesting contracts allows users to access tokens that should still be locked according to their... read CVE-2026-28410
Published: March 05, 2026; 4:16:21 PM -0500

V3.1: 8.1 HIGH
CVE-2026-30854 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. From version 9.3.1-alpha.3 to before version 9.5.0-alpha.10, when graphQLPublicIntrospection is disabled, __type queries nested inside inline f... read CVE-2026-30854
Published: March 07, 2026; 12:15:52 PM -0500

V3.1: 5.3 MEDIUM
CVE-2026-30863 - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.10 and 9.5.0-alpha.11, the Google, Apple, and Facebook authentication adapters use JWT verification to validate identity ... read CVE-2026-30863
Published: March 07, 2026; 12:15:54 PM -0500

V3.1: 9.8 CRITICAL
CVE-2026-3661 - A flaw has been found in Wavlink WL-NU516U1 240425. This affects the function ota_new_upgrade of the file /cgi-bin/adm.cgi. This manipulation of the argument model causes command injection. It is possible to initiate the attack remotely. The explo... read CVE-2026-3661
Published: March 07, 2026; 9:16:05 AM -0500

V3.1: 7.2 HIGH
CVE-2026-27797 - Homarr is an open-source dashboard. Prior to version 1.54.0, an unauthenticated Server-Side Request Forgery (SSRF) vulnerability allows a remote attacker to force the Homarr server to perform arbitrary outbound HTTP requests. This can be used as a... read CVE-2026-27797
Published: March 07, 2026; 1:16:09 AM -0500
CVE-2026-27796 - Homarr is an open-source dashboard. Prior to version 1.54.0, the integration.all tRPC endpoint in Homarr is exposed as a publicProcedure, allowing unauthenticated users to retrieve a complete list of configured integrations. This metadata includes... read CVE-2026-27796
Published: March 07, 2026; 1:16:09 AM -0500

V3.1: 7.5 HIGH
CVE-2026-30244 - Plane is an an open-source project management tool. Prior to version 1.2.2, unauthenticated attackers can enumerate workspace members and extract sensitive information including email addresses, user roles, and internal identifiers. The vulnerabil... read CVE-2026-30244
Published: March 06, 2026; 5:16:01 PM -0500
CVE-2026-30242 - Plane is an an open-source project management tool. Prior to version 1.2.3, the webhook URL validation in plane/app/serializers/webhook.py only checks ip.is_loopback, allowing attackers with workspace ADMIN role to create webhooks pointing to priv... read CVE-2026-30242
Published: March 06, 2026; 5:16:01 PM -0500

V3.1: 8.5 HIGH
CVE-2026-28342 - OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.10.2, the PasswordHash API endpoint allows unauthenticated users to trigger excessive memory allocation by sending concurrent password hashing requests.... read CVE-2026-28342
Published: March 05, 2026; 3:16:15 PM -0500
CVE-2026-28789 - OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.10.3, an unauthenticated denial-of-service vulnerability exists in OliveTin’s OAuth2 login flow. Concurrent requests to /oauth/login can trigger unsynch... read CVE-2026-28789
Published: March 05, 2026; 3:16:16 PM -0500
CVE-2026-28790 - OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.0, OliveTin allows an unauthenticated guest to terminate running actions through KillAction even when authRequireGuestsToLogin: true is enabled. Gues... read CVE-2026-28790
Published: March 05, 2026; 3:16:16 PM -0500
CVE-2026-3698 - A vulnerability was identified in UTT HiPER 810G up to 1.7.7-171114. This affects the function strcpy of the file /goform/NTP. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and m... read CVE-2026-3698
Published: March 07, 2026; 9:16:00 PM -0500

V3.1: 8.8 HIGH
CVE-2026-3699 - A security flaw has been discovered in UTT HiPER 810G up to 1.7.7-171114. This impacts the function strcpy of the file /goform/formRemoteControl. The manipulation results in buffer overflow. The attack may be launched remotely. The exploit has bee... read CVE-2026-3699
Published: March 07, 2026; 10:16:04 PM -0500

V3.1: 8.8 HIGH
CVE-2026-27939 - Statmatic is a Laravel and Git powered content management system (CMS). Starting in version 6.0.0 and prior to version 6.4.0, Authenticated Control Panel users may under certain conditions obtain elevated privileges without completing the intended... read CVE-2026-27939
Published: February 27, 2026; 5:16:22 PM -0500
CVE-2026-3700 - A weakness has been identified in UTT HiPER 810G up to 1.7.7-171114. Affected is the function strcpy of the file /goform/formConfigDnsFilterGlobal. This manipulation causes buffer overflow. Remote exploitation of the attack is possible. The exploi... read CVE-2026-3700
Published: March 07, 2026; 10:16:05 PM -0500

V3.1: 8.8 HIGH
CVE-2025-10097 - A vulnerability was identified in SimStudioAI sim up to 1.0.0. This impacts an unknown function of the file apps/sim/app/api/function/execute/route.ts. The manipulation of the argument code leads to code injection. The attack is possible to be car... read CVE-2025-10097
Published: September 08, 2025; 1:15:32 PM -0400

V3.1: 9.8 CRITICAL

Created September 20, 2022 , Updated August 27, 2024

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

Legal Disclaimer: