U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database

NVD Dashboard

CVEs Received and Processed

CVEs Received and Processed

Please Wait

CVE Status Count

Please Wait

CVSS Score Spread

Please Wait

CVSS V3 Score Distribution

Severity Number of Vulns

CVSS V2 Score Distribution

Severity Number of Vulns


For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2025-26398 - SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If exploited, this vulnerability could lead to a machine-in-the-middle (MITM) attack against users. This vulnerability requires additional software not i... read CVE-2025-26398
    Published: August 12, 2025; 4:15:26 AM -0400

    V3.1: 6.4 MEDIUM

  • CVE-2025-56802 - The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files allowing attackers with local access to decrypt sensitive application data stored in %APPDATA%. A different vulnerability than... read CVE-2025-56802
    Published: October 21, 2025; 3:21:23 PM -0400

  • CVE-2025-9980 - QuickCMS is vulnerable to multiple Stored XSS in page editor functionality (pages-form). Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. By default ... read CVE-2025-9980
    Published: October 23, 2025; 6:15:32 AM -0400

    V3.1: 4.8 MEDIUM

  • CVE-2025-9981 - QuickCMS is vulnerable to multiple Stored XSS in slider editor functionality (sliders-form). Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed on every page. By default admin us... read CVE-2025-9981
    Published: October 23, 2025; 6:15:32 AM -0400

    V3.1: 4.8 MEDIUM

  • CVE-2025-58463 - A relative path traversal vulnerability has been reported to affect Download Station. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have al... read CVE-2025-58463
    Published: November 07, 2025; 11:15:40 AM -0500

    V3.1: 4.9 MEDIUM

  • CVE-2025-58465 - A cross-site scripting (XSS) vulnerability has been reported to affect Download Station. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fi... read CVE-2025-58465
    Published: November 07, 2025; 11:15:41 AM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2025-63152 - Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the wpapsk_crypto parameter of the wlSetExternParameter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
    Published: November 10, 2025; 11:15:45 AM -0500

  • CVE-2025-63147 - Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the deviceId parameter of the saveParentControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
    Published: November 10, 2025; 12:15:34 PM -0500

    V3.1: 7.5 HIGH

  • CVE-2025-63455 - Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
    Published: November 10, 2025; 12:15:34 PM -0500

  • CVE-2025-63149 - Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the urls parameter of the get_parentControl_list_Info function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
    Published: November 10, 2025; 3:15:48 PM -0500

  • CVE-2025-41101 - HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'title' in'/projects/save'.
    Published: November 11, 2025; 7:15:34 AM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2025-41102 - HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'title' in '/events/save'.
    Published: November 11, 2025; 7:15:34 AM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2025-41103 - HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'reply_message' in '/messages/reply'.
    Published: November 11, 2025; 8:15:44 AM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2025-41104 - HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'custom_field_1' in '/estimate_requests/sa... read CVE-2025-41104
    Published: November 11, 2025; 8:15:44 AM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2025-41105 - HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'title' in '/tickets/save'.
    Published: November 11, 2025; 8:15:44 AM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2025-41106 - HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'first_name' in '/clients/save_contact/'.
    Published: November 11, 2025; 8:15:45 AM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2025-37933 - In the Linux kernel, the following vulnerability has been resolved: octeon_ep: Fix host hang issue during device reboot When the host loses heartbeat messages from the device, the driver calls the device-specific ndo_stop function, which frees t... read CVE-2025-37933
    Published: May 20, 2025; 12:15:29 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2025-37934 - In the Linux kernel, the following vulnerability has been resolved: ASoC: simple-card-utils: Fix pointer check in graph_util_parse_link_direction Actually check if the passed pointers are valid, before writing to them. This also fixes a USBAN wa... read CVE-2025-37934
    Published: May 20, 2025; 12:15:30 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2025-37907 - In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix locking order in ivpu_job_submit Fix deadlock in job submission and abort handling. When a thread aborts currently executing jobs due to a fault, it first locks ... read CVE-2025-37907
    Published: May 20, 2025; 12:15:27 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2025-37935 - In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_eth_soc: fix SER panic with 4GB+ RAM If the mtk_poll_rx() function detects the MTK_RESETTING flag, it will jump to release_desc and refill the high word of th... read CVE-2025-37935
    Published: May 20, 2025; 12:15:30 PM -0400

    V3.1: 5.5 MEDIUM