U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database

NVD Dashboard

CVEs Received and Processed

CVEs Received and Processed

Please Wait

CVE Status Count

Please Wait

CVSS Score Spread

Please Wait

CVSS V3 Score Distribution

Severity Number of Vulns

CVSS V2 Score Distribution

Severity Number of Vulns


For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2026-46748 - A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected system includes a binary that is configured with the cap_dac_override capability. This capability allows the process to bypass file system permission... read CVE-2026-46748
    Published: June 09, 2026; 6:16:44 AM -0400

    V3.1: 7.8 HIGH

  • CVE-2026-46747 - A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected application does not properly sanitize path input in the `GET /api/sftp/uploadFiles` endpoint used for directory listing. This allows path traversal ... read CVE-2026-46747
    Published: June 09, 2026; 6:16:44 AM -0400

    V3.1: 5.3 MEDIUM

  • CVE-2026-48292 - Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a v... read CVE-2026-48292
    Published: June 09, 2026; 5:17:25 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2026-48291 - Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a v... read CVE-2026-48291
    Published: June 09, 2026; 5:17:25 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2026-46749 - A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected application uses a password hashing implementation with a static, hardcoded salt shared across all users and installations, and is configured with an... read CVE-2026-46749
    Published: June 09, 2026; 6:16:44 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2026-48303 - Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not requi... read CVE-2026-48303
    Published: June 09, 2026; 5:17:25 PM -0400

    V3.1: 10.0 CRITICAL

  • CVE-2023-34576 - SQL injection vulnerability in updatepos.php in PrestaShop opartfaq through 1.0.3 allows remote attackers to run arbitrary SQL commands via unspedified vector.
    Published: September 21, 2023; 4:15:10 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2026-47961 - Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. ... read CVE-2026-47961
    Published: June 09, 2026; 5:17:24 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2026-47959 - Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user i... read CVE-2026-47959
    Published: June 09, 2026; 5:17:24 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2023-34575 - SQL injection vulnerability in PrestaShop opartsavecart through 2.0.7 allows remote attackers to run arbitrary SQL commands via OpartSaveCartDefaultModuleFrontController::initContent() and OpartSaveCartDefaultModuleFrontController::displayAjaxSend... read CVE-2023-34575
    Published: September 20, 2023; 6:15:12 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2023-30148 - Multiple Stored Cross Site Scripting (XSS) vulnerabilities in Opart opartmultihtmlblock before version 2.0.12 and Opart multihtmlblock* version 1.0.0, allows remote authenticated users to inject arbitrary web script or HTML via the body_text or bo... read CVE-2023-30148
    Published: October 14, 2023; 12:15:10 AM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2023-36263 - Prestashop opartlimitquantity 1.4.5 and before is vulnerable to SQL Injection. OpartlimitquantityAlertlimitModuleFrontController::displayAjaxPushAlertMessage()` has sensitive SQL calls that can be executed with a trivial http call and exploited to... read CVE-2023-36263
    Published: October 31, 2023; 1:15:58 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2026-41856 - The Spring GraphQL annotation detection mechanism for @Controller data fetchers may not correctly resolve annotations on methods within type hierarchies. This can be an issue if such annotations are used for authorization decisions. When all condi... read CVE-2026-41856
    Published: June 11, 2026; 3:16:28 AM -0400

  • CVE-2026-41700 - Spring for GraphQL applications that have enabled the WebSocket transport are vulnerable to Cross-Site WebSocket Hijacking. An attacker can trick an authenticated user into visiting a malicious page, allowing the attacker to execute arbitrary Grap... read CVE-2026-41700
    Published: June 11, 2026; 3:16:28 AM -0400

  • CVE-2026-46373 - SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.1.0, in deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious ... read CVE-2026-46373
    Published: June 09, 2026; 7:16:59 PM -0400

  • CVE-2026-46374 - SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.2.0, in deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious ... read CVE-2026-46374
    Published: June 09, 2026; 7:16:59 PM -0400

  • CVE-2026-44716 - Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. From version 0.0.90 to before version 1.2.0, a path traversal vulnerability exists in Pipecat's development runner (src/pipecat/runner/ru... read CVE-2026-44716
    Published: June 09, 2026; 8:16:53 PM -0400

  • CVE-2026-22899 - A NULL pointer dereference vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerab... read CVE-2026-22899
    Published: June 10, 2026; 12:17:16 AM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2026-24720 - An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or process... read CVE-2026-24720
    Published: June 10, 2026; 12:17:17 AM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2025-62851 - A path traversal vulnerability has been reported to affect License Center. If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed ... read CVE-2025-62851
    Published: June 10, 2026; 12:17:11 AM -0400

    V3.1: 4.4 MEDIUM