NVD

Icon for New NVD Communications and Status Updates Page

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Legal Disclaimer:

Here is where you can read the NVD legal disclaimer.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2025-15456 - A vulnerability has been found in bg5sbk MiniCMS up to 1.8. The affected element is an unknown function of the file /mc-admin/page-edit.php of the component Publish Page Handler. Such manipulation leads to improper authentication. The attack may b... read CVE-2025-15456
Published: January 05, 2026; 12:15:53 AM -0500

V3.1: 7.5 HIGH
CVE-2022-50443 - In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: lvds: fix PM usage counter unbalance in poweron pm_runtime_get_sync will increment pm usage counter even it failed. Forgetting to putting operation will result in ... read CVE-2022-50443
Published: October 01, 2025; 8:15:36 AM -0400

V3.1: 5.5 MEDIUM
CVE-2023-53461 - In the Linux kernel, the following vulnerability has been resolved: io_uring: wait interruptibly for request completions on exit WHen the ring exits, cleanup is done and the final cancelation and waiting on completions is done by io_ring_exit_wo... read CVE-2023-53461
Published: October 01, 2025; 8:15:47 AM -0400

V3.1: 5.5 MEDIUM
CVE-2023-53462 - In the Linux kernel, the following vulnerability has been resolved: hsr: Fix uninit-value access in fill_frame_info() Syzbot reports the following uninit-value access problem. ===================================================== BUG: KMSAN: un... read CVE-2023-53462
Published: October 01, 2025; 8:15:47 AM -0400

V3.1: 5.5 MEDIUM
CVE-2026-0642 - A vulnerability was detected in projectworlds House Rental and Property Listing 1.0. This issue affects some unknown processing of the file /app/complaint.php. The manipulation of the argument Name results in cross site scripting. The attack may b... read CVE-2026-0642
Published: January 07, 2026; 7:17:07 AM -0500

V3.1: 6.1 MEDIUM
CVE-2023-53463 - In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Do not reset dql stats on NON_FATAL err All ibmvnic resets, make a call to netdev_tx_reset_queue() when re-opening the device. netdev_tx_reset_queue() resets the num_qu... read CVE-2023-53463
Published: October 01, 2025; 8:15:48 AM -0400

V3.1: 5.5 MEDIUM
CVE-2025-61246 - indieka900 online-shopping-system-php 1.0 is vulnerable to SQL Injection in master/review_action.php via the proId parameter.
Published: January 08, 2026; 12:15:48 PM -0500
CVE-2025-61549 - Cross-Site Scripting (XSS) is present on the LoginID parameter on the /PSP/app/web/reg/reg_display.asp endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34. Unsanitized user input is reflected in HTTP responses without proper HT... read CVE-2025-61549
Published: January 08, 2026; 12:15:48 PM -0500
CVE-2023-53448 - In the Linux kernel, the following vulnerability has been resolved: fbdev: imxfb: Removed unneeded release_mem_region Remove unnecessary release_mem_region from the error path to prevent mem region from being released twice, which could avoid re... read CVE-2023-53448
Published: October 01, 2025; 8:15:41 AM -0400

V3.1: 5.5 MEDIUM
CVE-2025-67091 - An issue in GL Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. GL.Inet AX1800 Version 4.6.4 & 4.6.8 in the GL.iNet custom opkg wrapper script located at /usr/libexec/opkg-call. The script is executed with root privileges when triggered v... read CVE-2025-67091
Published: January 08, 2026; 11:15:45 AM -0500
CVE-2025-67090 - The LuCI web interface on Gl Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. Fix available in version 4.8.2 GL.Inet AX1800 Version 4.6.4 & 4.6.8 lacks rate limiting or account lockout mechanisms on the authentication endpoint (`/cgi-bin/... read CVE-2025-67090
Published: January 08, 2026; 11:15:45 AM -0500
CVE-2025-67089 - A command injection vulnerability exists in the GL-iNet GL-AXT1800 router firmware v4.6.8. The vulnerability is present in the `plugins.install_package` RPC method, which fails to properly sanitize user input in package names. Authenticated attack... read CVE-2025-67089
Published: January 08, 2026; 11:15:45 AM -0500
CVE-2023-53449 - In the Linux kernel, the following vulnerability has been resolved: s390/dasd: Fix potential memleak in dasd_eckd_init() `dasd_reserve_req` is allocated before `dasd_vol_info_req`, and it also needs to be freed before the error returns, just lik... read CVE-2023-53449
Published: October 01, 2025; 8:15:41 AM -0400

V3.1: 5.5 MEDIUM
CVE-2023-53451 - In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix potential NULL pointer dereference Klocwork tool reported 'cur_dsd' may be dereferenced. Add fix to validate pointer before dereferencing the pointer.
Published: October 01, 2025; 8:15:43 AM -0400

V3.1: 5.5 MEDIUM
CVE-2023-53452 - In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fix potential race condition between napi_init and napi_enable A race condition can happen if netdev is registered, but NAPI isn't initialized yet, and meanwhile us... read CVE-2023-53452
Published: October 01, 2025; 8:15:43 AM -0400

V3.1: 4.7 MEDIUM
CVE-2025-63916 - MyScreenTools v2.2.1.0 contains a critical OS command injection vulnerability in the GIF compression tool. The application fails to properly sanitize user-supplied file paths before passing them to cmd.exe, allowing attackers to execute arbitrary ... read CVE-2025-63916
Published: November 17, 2025; 11:15:50 AM -0500
CVE-2023-53453 - In the Linux kernel, the following vulnerability has been resolved: drm/radeon: free iio for atombios when driver shutdown Fix below kmemleak when unload radeon driver: unreferenced object 0xffff9f8608ede200 (size 512): comm "systemd-udevd", ... read CVE-2023-53453
Published: October 01, 2025; 8:15:43 AM -0400

V3.1: 5.5 MEDIUM
CVE-2025-10543 - In Eclipse Paho Go MQTT v3.1 library (paho.mqtt.golang) versions <=1.5.0 UTF-8 encoded strings, passed into the library, may be incorrectly encoded if their length exceeds 65535 bytes. This may lead to unexpected content in packets sent to the ser... read CVE-2025-10543
Published: December 02, 2025; 4:15:46 AM -0500

V3.1: 5.3 MEDIUM
CVE-2023-53454 - In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: Correct devm device reference for hidinput input_dev name Reference the HID device rather than the input device for the devm allocation of the input_dev name. R... read CVE-2023-53454
Published: October 01, 2025; 8:15:43 AM -0400

V3.1: 7.8 HIGH
CVE-2023-53460 - In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: fix memory leak in rtw_usb_probe() drivers/net/wireless/realtek/rtw88/usb.c:876 rtw_usb_probe() warn: 'hw' from ieee80211_alloc_hw() not released on lines: 811 Fix... read CVE-2023-53460
Published: October 01, 2025; 8:15:47 AM -0400

V3.1: 5.5 MEDIUM

Created September 20, 2022 , Updated August 27, 2024

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

Legal Disclaimer: