U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database

NVD Dashboard

CVEs Received and Processed

CVEs Received and Processed

Please Wait

CVE Status Count

Please Wait

CVSS Score Spread

Please Wait

CVSS V3 Score Distribution

Severity Number of Vulns

CVSS V2 Score Distribution

Severity Number of Vulns


For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2026-4342 - A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of... read CVE-2026-4342
    Published: March 19, 2026; 6:16:43 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2026-32202 - Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network.
    Published: April 14, 2026; 2:17:27 PM -0400

  • CVE-2024-1708 - ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems.
    Published: February 21, 2024; 11:15:50 AM -0500

    V3.1: 8.4 HIGH

  • CVE-2025-52650 - Inline script execution allowed in CSP vulnerability has been identified in HCL AION v2.0
    Published: October 10, 2025; 6:15:35 AM -0400

    V3.1: 6.1 MEDIUM

  • CVE-2025-52646 - HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactio... read CVE-2025-52646
    Published: March 16, 2026; 11:16:18 AM -0400

    V3.1: 5.3 MEDIUM

  • CVE-2025-52644 - HCL AION is affected by a vulnerability where certain user actions are not adequately audited or logged. The absence of proper auditing mechanisms may reduce traceability of user activities and could potentially impact monitoring, accountability, ... read CVE-2025-52644
    Published: March 16, 2026; 11:16:18 AM -0400

    V3.1: 8.2 HIGH

  • CVE-2026-35484 - text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_preset() allows reading any .yaml file on the server filesystem. The parsed YAML key-val... read CVE-2026-35484
    Published: April 07, 2026; 11:17:45 AM -0400

  • CVE-2026-4426 - A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (`pz_log2_bs`) read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by su... read CVE-2026-4426
    Published: March 19, 2026; 11:16:28 AM -0400

  • CVE-2026-2369 - A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a buffer overread. This can allow an attacker to potentially access sensitive information or cause an applicatio... read CVE-2026-2369
    Published: March 19, 2026; 11:16:25 AM -0400

    V3.1: 9.1 CRITICAL

  • CVE-2026-27940 - llama.cpp is an inference of several LLM models in C/C++. Prior to b8146, the gguf_init_from_file_impl() in gguf.cpp is vulnerable to an Integer overflow, leading to an undersized heap allocation. Using the subsequent fread() writes 528+ bytes of ... read CVE-2026-27940
    Published: March 12, 2026; 1:16:49 PM -0400

  • CVE-2026-20064 - A vulnerability in of Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to cause the device to unexpectedly reload, causing a denial of service (DoS) condition. This vulnerability is due to imprope... read CVE-2026-20064
    Published: March 04, 2026; 2:16:16 PM -0500

    V3.1: 6.5 MEDIUM

  • CVE-2026-25205 - Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows out-of-bounds write.This issue affects Escargot:commit hash  97e8115ab1110bc502b4b5e4a0c689a71520d335 .
    Published: April 13, 2026; 1:16:02 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2026-25206 - Out-of-bounds read vulnerability in Samsung Open Source Escargot allows Resource Leak Exposure.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.
    Published: April 13, 2026; 1:16:02 AM -0400

    V3.1: 9.1 CRITICAL

  • CVE-2026-26951 - Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a stack-based buffer overflow vulnerability. A high privileged attacker with... read CVE-2026-26951
    Published: April 20, 2026; 1:16:32 PM -0400

  • CVE-2026-26943 - Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vulnerability. A high privileged attacker with remot... read CVE-2026-26943
    Published: April 20, 2026; 1:16:32 PM -0400

  • CVE-2026-26942 - Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit t... read CVE-2026-26942
    Published: April 20, 2026; 1:16:32 PM -0400

    V3.1: 7.2 HIGH

  • CVE-2026-24506 - Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vulnerability. A high privileged attacker with remot... read CVE-2026-24506
    Published: April 20, 2026; 1:16:32 PM -0400

  • CVE-2026-24505 - Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain an improper input validation vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with roo... read CVE-2026-24505
    Published: April 20, 2026; 1:16:31 PM -0400

  • CVE-2026-24504 - Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper input validation vulnerability. A high privileged attacker with ... read CVE-2026-24504
    Published: April 20, 2026; 1:16:31 PM -0400

  • CVE-2026-22761 - Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain a command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privile... read CVE-2026-22761
    Published: April 20, 2026; 1:16:31 PM -0400

    V3.1: 7.2 HIGH