U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database

NVD Dashboard

CVEs Received and Processed

CVEs Received and Processed

Please Wait

CVE Status Count

Please Wait

CVSS Score Spread

Please Wait

CVSS V3 Score Distribution

Severity Number of Vulns

CVSS V2 Score Distribution

Severity Number of Vulns


For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2026-25140 - apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, an attacker who controls or compromises an APK repository used by apko could cause resource exhaustion on the build host. The... read CVE-2026-25140
    Published: February 04, 2026; 2:16:15 PM -0500

  • CVE-2026-25122 - apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.0, expandapk.Split drains the first gzip stream of an APK archive via io.Copy(io.Discard, gzi) without explicit bounds. With an ... read CVE-2026-25122
    Published: February 04, 2026; 2:16:14 PM -0500

  • CVE-2026-25121 - apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, a path traversal vulnerability was discovered in apko's dirFS filesystem abstraction. An attacker who can supply a malicious ... read CVE-2026-25121
    Published: February 04, 2026; 2:16:14 PM -0500

  • CVE-2023-1345 - The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the queue_posts function. This makes it possib... read CVE-2023-1345
    Published: March 10, 2023; 3:15:11 PM -0500

    V3.1: 4.3 MEDIUM

  • CVE-2019-25378 - Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple cross-site scripting vulnerabilities in the proxy.cgi endpoint that allow attackers to inject malicious scripts through parameters including CACHE_SIZE, MAX_SIZE, MIN_SIZE, MAX_OUTG... read CVE-2019-25378
    Published: February 16, 2026; 1:19:41 PM -0500

    V3.1: 6.1 MEDIUM

  • CVE-2023-28798 - An out-of-bounds write to heap in the pacparser library on Zscaler Client Connector on Mac may lead to arbitrary code execution.
    Published: May 02, 2024; 9:23:05 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2023-4162 - A segmentation fault can occur in Brocade Fabric OS after Brocade Fabric OS v9.0 and before Brocade Fabric OS v9.2.0a through the passwdcfg command. This could allow an authenticated privileged user local user to crash a Brocade Fabric OS swi... read CVE-2023-4162
    Published: August 30, 2023; 9:15:08 PM -0400

    V3.1: 4.4 MEDIUM

  • CVE-2025-4663 - An Improper Check for Unusual or Exceptional Conditions vulnerability in Brocade Fabric OS before 9.2.2.a could allow an authenticated, network-based attacker to cause a Denial-of-Service (DoS). The vulnerability is encountered when supportsav... read CVE-2025-4663
    Published: July 08, 2025; 2:15:39 PM -0400

    V3.1: 4.9 MEDIUM

  • CVE-2024-7517 - A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP extension platforms could allow a local authenticated attacker to perform a privileged escalation via crafted use of the portcfg command. This sp... read CVE-2024-7517
    Published: November 21, 2024; 6:15:35 AM -0500

    V3.1: 7.8 HIGH

  • CVE-2025-66405 - Portkey.ai Gateway is a blazing fast AI Gateway with integrated guardrails. Prior to 1.14.0, the gateway determined the destination baseURL by prioritizing the value in the x-portkey-custom-host request header. The proxy route then appends the cli... read CVE-2025-66405
    Published: December 01, 2025; 6:15:53 PM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2025-7808 - The WP Shopify WordPress plugin before 1.5.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
    Published: August 14, 2025; 2:15:28 AM -0400

  • CVE-2026-25521 - Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. In versions from 2.0.12 to before 2.0.39, a prototype pollution vulnerability exists in locutus. Despite a previous fix that attempted to mitigate protot... read CVE-2026-25521
    Published: February 04, 2026; 5:15:59 PM -0500

    V3.1: 8.8 HIGH

  • CVE-2026-25517 - Wagtail is an open source content management system built on Django. Prior to versions 6.3.6, 7.0.4, 7.1.3, 7.2.2, and 7.3, due to a missing permission check on the preview endpoints, a user with access to the Wagtail admin and knowledge of a mode... read CVE-2026-25517
    Published: February 04, 2026; 4:16:02 PM -0500

    V3.1: 2.7 LOW

  • CVE-2026-25481 - Langroid is a framework for building large-language-model-powered applications. Prior to version 0.59.32, there is a bypass to the fix for CVE-2025-46724. TableChatAgent can call pandas_eval tool to evaluate the expression. There is a WAF in langr... read CVE-2026-25481
    Published: February 04, 2026; 3:16:07 PM -0500

    V3.1: 9.6 CRITICAL

  • CVE-2025-68699 - NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In version 0.24.6, NanoMQ has a protocol parsing / forwarding inconsistency when handling shared subscriptions ($share/). A malformed SUBSCRIBE topic such as $share/ab (missing ... read CVE-2025-68699
    Published: February 04, 2026; 3:16:03 PM -0500

  • CVE-2024-0407 - Certain HP Enterprise LaserJet, and HP LaserJet Managed Printers are potentially vulnerable to information disclosure, when connections made by the device back to services enabled by some solutions may have been trusted without the appropriate CA ... read CVE-2024-0407
    Published: February 20, 2024; 8:15:07 PM -0500

  • CVE-2023-4063 - Certain HP OfficeJet Pro printers are potentially vulnerable to a Denial of Service when using an improper eSCL URL GET request.
    Published: March 22, 2024; 2:15:07 PM -0400

  • CVE-2024-2209 - A user with administrative privileges can create a compromised dll file of the same name as the original dll within the HP printer’s Firmware Update Utility (FUU) bundle and place it in the Microsoft Windows default downloads directory which can l... read CVE-2024-2209
    Published: March 26, 2024; 8:15:07 PM -0400

  • CVE-2024-3281 - A vulnerability was discovered in the firmware builds after 8.0.2.3267 and prior to 8.1.3.1301 in CCX devices. A flaw in the firmware build process did not properly restrict access to a resource from an unauthorized actor.
    Published: April 09, 2024; 12:15:08 PM -0400

  • CVE-2026-22780 - Rizin is a UNIX-like reverse engineering framework and command-line toolset. Prior to 0.8.2, a heap overflow can be exploited when a malicious mach0 file, having bogus entries for the dyld chained segments, is parsed by rizin. This vulnerability i... read CVE-2026-22780
    Published: February 02, 2026; 6:16:06 PM -0500

    V3.1: 6.1 MEDIUM