NVD

Icon for New NVD Communications and Status Updates Page

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Legal Disclaimer:

Here is where you can read the NVD legal disclaimer.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2026-31944 - LibreChat is a ChatGPT clone with additional features. From 0.8.2 to 0.8.2-rc3, The MCP (Model Context Protocol) OAuth callback endpoint accepts the redirect from the identity provider and stores OAuth tokens for the user who initiated the flow, w... read CVE-2026-31944
Published: March 13, 2026; 3:54:39 PM -0400
CVE-2026-31949 - LibreChat is a ChatGPT clone with additional features. Prior to 0.8.3-rc1, a Denial of Service (DoS) vulnerability exists in the DELETE /api/convos endpoint that allows an authenticated attacker to crash the Node.js server process by sending malfo... read CVE-2026-31949
Published: March 13, 2026; 3:54:39 PM -0400
CVE-2026-22204 - wpDiscuz before 7.6.47 contains an email header injection vulnerability that allows attackers to manipulate mail recipients by injecting malicious data into the comment_author_email cookie. Attackers can craft a malicious cookie value that, when p... read CVE-2026-22204
Published: March 13, 2026; 3:54:10 PM -0400

V3.1: 5.3 MEDIUM
CVE-2026-22209 - wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability in the customCss field that allows administrators to inject malicious scripts by breaking out of style tags. Attackers with admin access can inject payloads like </style><script>... read CVE-2026-22209
Published: March 13, 2026; 3:54:11 PM -0400

V3.1: 4.8 MEDIUM
CVE-2026-22210 - wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through unescaped attachment URLs in HTML output by exploiting the WpdiscuzHelperUpload class. Attackers can craft malicious attach... read CVE-2026-22210
Published: March 13, 2026; 3:54:11 PM -0400

V3.1: 6.1 MEDIUM
CVE-2026-22215 - wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability in the getFollowsPage() function that allows attackers to trigger unauthorized actions without nonce validation. Attackers can craft malicious requests to enumerate follow ... read CVE-2026-22215
Published: March 13, 2026; 3:54:11 PM -0400

V3.1: 5.4 MEDIUM
CVE-2026-22216 - wpDiscuz before 7.6.47 contains a missing rate limiting vulnerability that allows unauthenticated attackers to subscribe arbitrary email addresses to post notifications by sending POST requests to the wpdAddSubscription handler in class.WpdiscuzHe... read CVE-2026-22216
Published: March 13, 2026; 3:54:11 PM -0400

V3.1: 5.3 MEDIUM
CVE-2026-24509 - Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service.
Published: March 11, 2026; 3:16:03 PM -0400

V3.1: 5.5 MEDIUM
CVE-2026-31876 - Notesnook is a note-taking app focused on user privacy & ease of use. Prior to 3.3.9, a Stored Cross-Site Scripting (XSS) vulnerability existed in Notesnook's editor embed component when rendering Twitter/X embed URLs. The tweetToEmbed() function ... read CVE-2026-31876
Published: March 11, 2026; 3:16:04 PM -0400
CVE-2026-31881 - Runtipi is a personal homeserver orchestrator. Prior to 4.8.0, an unauthenticated attacker can reset the operator (admin) password when a password-reset request is active, resulting in full account takeover. The endpoint POST /api/auth/reset-passw... read CVE-2026-31881
Published: March 11, 2026; 3:16:04 PM -0400

V3.1: 9.8 CRITICAL
CVE-2026-32617 - AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, On default installations where no password or API key has been configured, all HTTP endpoints and th... read CVE-2026-32617
Published: March 16, 2026; 10:19:39 AM -0400

V3.1: 7.5 HIGH
CVE-2026-31887 - Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, an insufficient check on the filter types for unauthenticated customers allows access to orders of other customers. This is part of the deepLinkCode support on the store-api.or... read CVE-2026-31887
Published: March 11, 2026; 3:16:04 PM -0400

V3.1: 7.5 HIGH
CVE-2026-31888 - Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, the Store API login endpoint (POST /store-api/account/login) returns different error codes depending on whether the submitted email address belongs to a registered customer (CH... read CVE-2026-31888
Published: March 11, 2026; 3:16:05 PM -0400
CVE-2026-24508 - Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.
Published: March 11, 2026; 4:16:14 PM -0400

V3.1: 5.5 MEDIUM
CVE-2026-32626 - AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, AnythingLLM Desktop contains a Streaming Phase XSS vulnerability in the chat rendering pipeline that... read CVE-2026-32626
Published: March 16, 2026; 10:19:40 AM -0400
CVE-2026-32628 - AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, a SQL injection vulnerability in the built-in SQL Agent plugin allows any user who can invoke the ag... read CVE-2026-32628
Published: March 16, 2026; 10:19:40 AM -0400

V3.1: 8.8 HIGH
CVE-2026-32717 - AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, in multi-user mode, AnythingLLM blocks suspended users on the normal JWT-backed session path, but it... read CVE-2026-32717
Published: March 16, 2026; 10:19:42 AM -0400
CVE-2026-32719 - AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The ImportedPlugin.importCommunityItemFromUrl() function in server/utils/agents/imported.js download... read CVE-2026-32719
Published: March 16, 2026; 10:19:42 AM -0400

V3.1: 6.4 MEDIUM
CVE-2026-24510 - Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
Published: March 11, 2026; 4:16:14 PM -0400

V3.1: 7.8 HIGH
CVE-2026-27478 - Unity Catalog is an open, multi-modal Catalog for data and AI. In 0.4.0 and earlier, a critical authentication bypass vulnerability exists in the Unity Catalog token exchange endpoint (/api/1.0/unity-control/auth/tokens). The endpoint extracts the... read CVE-2026-27478
Published: March 11, 2026; 4:16:14 PM -0400

Created September 20, 2022 , Updated August 27, 2024

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

Legal Disclaimer: