U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database

NVD Dashboard

CVEs Received and Processed

CVEs Received and Processed

Please Wait

CVE Status Count

Please Wait

CVSS Score Spread

Please Wait

CVSS V3 Score Distribution

Severity Number of Vulns

CVSS V2 Score Distribution

Severity Number of Vulns


For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2026-22052 - ONTAP versions 9.12.1 and higher with S3 NAS buckets are susceptible to an information disclosure vulnerability. Successful exploit could allow an authenticated attacker to view a listing of the contents in a directory for which they lack permission.
    Published: March 04, 2026; 7:15:56 PM -0500

    V3.1: 4.3 MEDIUM

  • CVE-2026-21628 - A improperly secured file management feature allows uploads of dangerous data types for unauthenticated users, leading to remote code execution.
    Published: March 05, 2026; 5:15:57 AM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2026-3236 - In affected versions of Octopus Server it was possible to create a new API key from an existing access token resulting in the new API key having a lifetime exceeding the original API key used to mint the access token.
    Published: March 05, 2026; 6:15:54 AM -0500

    V3.1: 4.3 MEDIUM

  • CVE-2025-69534 - Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any appli... read CVE-2025-69534
    Published: March 05, 2026; 10:16:11 AM -0500

    V3.1: 7.5 HIGH

  • CVE-2026-27748 - Avira Internet Security contains an improper link resolution vulnerability in the Software Updater component. During the update process, a privileged service running as SYSTEM deletes a file under C:\\ProgramData without validating whether the pat... read CVE-2026-27748
    Published: March 05, 2026; 10:16:11 AM -0500

    V3.1: 7.1 HIGH

  • CVE-2026-27749 - Avira Internet Security contains a deserialization of untrusted data vulnerability in the System Speedup component. The Avira.SystemSpeedup.RealTimeOptimizer.exe process, which runs with SYSTEM privileges, deserializes data from a file located in ... read CVE-2026-27749
    Published: March 05, 2026; 10:16:11 AM -0500

    V3.1: 7.8 HIGH

  • CVE-2026-27750 - Avira Internet Security contains a time-of-check time-of-use (TOCTOU) vulnerability in the Optimizer component. A privileged service running as SYSTEM identifies directories for cleanup during a scan phase and subsequently deletes them during a se... read CVE-2026-27750
    Published: March 05, 2026; 10:16:12 AM -0500

    V3.1: 7.0 HIGH

  • CVE-2021-35486 - A Cross-Site Request Forgery (CSRF) vulnerability in Nokia IMPACT through 19.11.2.10-20210118042150283 allows a remote attacker to import and overwrite the entire application configuration. Specifically, in /ui/rest-proxy/entity/import, neither th... read CVE-2021-35486
    Published: March 03, 2026; 1:16:21 PM -0500

  • CVE-2026-22866 - Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. In versions 1.6.2 and prior, the `RSASHA256Algorithm` and `RSASHA1Algorithm` contracts fail to validate PKCS#1 v1.5 padding structur... read CVE-2026-22866
    Published: February 25, 2026; 11:23:25 AM -0500

    V3.1: 7.5 HIGH

  • CVE-2026-27704 - The Dart and Flutter SDKs provide software development kits for the Dart programming language. In versions of the Dart SDK prior to 3.11.0 and the Flutter SDK prior to version 3.41.0, when the pub client (`dart pub` and `flutter pub`) extracts a p... read CVE-2026-27704
    Published: February 25, 2026; 11:23:26 AM -0500

    V3.1: 7.5 HIGH

  • CVE-2025-48418 - A hidden functionality vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.0 through 7.2.10, FortiAnalyzer 7.0.0 through 7.0.14, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.... read CVE-2025-48418
    Published: March 10, 2026; 2:17:56 PM -0400

    V3.1: 7.2 HIGH

  • CVE-2025-48840 - An authentication bypass by spoofing vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.8, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote unauthenticated attacker to bypass hostname restrict... read CVE-2025-48840
    Published: March 10, 2026; 2:17:57 PM -0400

  • CVE-2025-49784 - An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions,... read CVE-2025-49784
    Published: March 10, 2026; 2:17:57 PM -0400

    V3.1: 7.2 HIGH

  • CVE-2025-53608 - An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbo... read CVE-2025-53608
    Published: March 10, 2026; 2:17:57 PM -0400

  • CVE-2025-54820 - A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.10, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to execute unauthorized ... read CVE-2025-54820
    Published: March 10, 2026; 2:17:58 PM -0400

  • CVE-2025-55717 - A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiRecorder 7.2.0 through ... read CVE-2025-55717
    Published: March 10, 2026; 2:17:58 PM -0400

    V3.1: 4.0 MEDIUM

  • CVE-2024-14026 - A command injection vulnerability has been reported to affect several QNAP operating system versions. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary comma... read CVE-2024-14026
    Published: March 11, 2026; 4:16:02 AM -0400

    V3.1: 7.8 HIGH

  • CVE-2026-27973 - Audiobookshelf is a self-hosted audiobook and podcast server. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 0.12.0-beta of the Audiobookshelf mobile application that allows arbitrary JavaScript execution through mal... read CVE-2026-27973
    Published: February 25, 2026; 9:16:24 PM -0500

    V3.1: 4.8 MEDIUM

  • CVE-2025-66178 - A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2.0 through 7.2.12, FortiW... read CVE-2025-66178
    Published: March 10, 2026; 2:17:59 PM -0400

  • CVE-2026-27974 - Audiobookshelf is a self-hosted audiobook and podcast server. A cross-site scripting (XSS) vulnerability exists in versions prior to 0.12.0-beta of the Audiobookshelf mobile application that allows arbitrary JavaScript execution through malicious ... read CVE-2026-27974
    Published: February 25, 2026; 10:16:04 PM -0500