NVD

Icon for New NVD Communications and Status Updates Page

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Legal Disclaimer:

Here is where you can read the NVD legal disclaimer.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2026-32617 - AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, On default installations where no password or API key has been configured, all HTTP endpoints and th... read CVE-2026-32617
Published: March 16, 2026; 10:19:39 AM -0400

V3.1: 7.5 HIGH
CVE-2026-31887 - Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, an insufficient check on the filter types for unauthenticated customers allows access to orders of other customers. This is part of the deepLinkCode support on the store-api.or... read CVE-2026-31887
Published: March 11, 2026; 3:16:04 PM -0400

V3.1: 7.5 HIGH
CVE-2026-31888 - Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, the Store API login endpoint (POST /store-api/account/login) returns different error codes depending on whether the submitted email address belongs to a registered customer (CH... read CVE-2026-31888
Published: March 11, 2026; 3:16:05 PM -0400
CVE-2026-24508 - Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.
Published: March 11, 2026; 4:16:14 PM -0400

V3.1: 5.5 MEDIUM
CVE-2026-32626 - AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, AnythingLLM Desktop contains a Streaming Phase XSS vulnerability in the chat rendering pipeline that... read CVE-2026-32626
Published: March 16, 2026; 10:19:40 AM -0400
CVE-2026-32628 - AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, a SQL injection vulnerability in the built-in SQL Agent plugin allows any user who can invoke the ag... read CVE-2026-32628
Published: March 16, 2026; 10:19:40 AM -0400

V3.1: 8.8 HIGH
CVE-2026-32717 - AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, in multi-user mode, AnythingLLM blocks suspended users on the normal JWT-backed session path, but it... read CVE-2026-32717
Published: March 16, 2026; 10:19:42 AM -0400
CVE-2026-32719 - AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The ImportedPlugin.importCommunityItemFromUrl() function in server/utils/agents/imported.js download... read CVE-2026-32719
Published: March 16, 2026; 10:19:42 AM -0400

V3.1: 6.4 MEDIUM
CVE-2026-24510 - Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
Published: March 11, 2026; 4:16:14 PM -0400

V3.1: 7.8 HIGH
CVE-2026-27478 - Unity Catalog is an open, multi-modal Catalog for data and AI. In 0.4.0 and earlier, a critical authentication bypass vulnerability exists in the Unity Catalog token exchange endpoint (/api/1.0/unity-control/auth/tokens). The endpoint extracts the... read CVE-2026-27478
Published: March 11, 2026; 4:16:14 PM -0400
CVE-2025-47813 - loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie.
Published: July 10, 2025; 1:15:47 PM -0400
CVE-2026-27703 - RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. In 2026.01 and earlier, the default handler for the well_known_core resource coap_well_know... read CVE-2026-27703
Published: March 11, 2026; 4:16:14 PM -0400

V3.1: 9.8 CRITICAL
CVE-2026-31889 - Shopware is an open commerce platform. Prior to 6.6.10.15 and 6.7.8.1, a vulnerability in the Shopware app registration flow that could, under specific conditions, allow attackers to take over the communication channel between a shop and an app. T... read CVE-2026-31889
Published: March 11, 2026; 4:16:15 PM -0400
CVE-2026-32706 - PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, The crsf_rc parser accepts an oversized variable-length known packet and copies it into a fixed 64-byte global buffer without a bounds check. In deployments where crsf_rc ... read CVE-2026-32706
Published: March 16, 2026; 10:19:41 AM -0400

V3.1: 8.1 HIGH
CVE-2026-32705 - PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the BST telemetry probe writes a string terminator using a device-provided length without bounds. A malicious BST device can report an oversized dev_name_len, causing a st... read CVE-2026-32705
Published: March 16, 2026; 10:19:41 AM -0400
CVE-2026-32707 - PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, tattu_can contains an unbounded memcpy in its multi-frame assembly loop, allowing stack memory overwrite when crafted CAN frames are processed. In deployments where tattu_... read CVE-2026-32707
Published: March 16, 2026; 10:19:41 AM -0400

V3.1: 6.1 MEDIUM
CVE-2026-32708 - PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the Zenoh uORB subscriber allocates a stack VLA directly from the incoming payload length without bounds. A remote Zenoh publisher can send an oversized fragmented message... read CVE-2026-32708
Published: March 16, 2026; 10:19:41 AM -0400

V3.1: 8.0 HIGH
CVE-2026-31900 - Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action supports an option, use_pyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pul... read CVE-2026-31900
Published: March 11, 2026; 4:16:15 PM -0400

V3.1: 9.8 CRITICAL
CVE-2026-32715 - AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The two generic system-preferences endpoints allow manager role access, while every other surface th... read CVE-2026-32715
Published: March 16, 2026; 10:19:42 AM -0400
CVE-2026-31957 - Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 3.0.0 to before 3.1.0, if Himmelblau is deployed without a configured tenant domain in himmelblau.conf, authentication is not tenant-scoped. In this mode, Himmel... read CVE-2026-31957
Published: March 11, 2026; 4:16:16 PM -0400

Created September 20, 2022 , Updated August 27, 2024

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

Legal Disclaimer: