U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database

NVD Dashboard

CVEs Received and Processed

CVEs Received and Processed

Please Wait

CVE Status Count

Please Wait

CVSS Score Spread

Please Wait

CVSS V3 Score Distribution

Severity Number of Vulns

CVSS V2 Score Distribution

Severity Number of Vulns


For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2025-15456 - A vulnerability has been found in bg5sbk MiniCMS up to 1.8. The affected element is an unknown function of the file /mc-admin/page-edit.php of the component Publish Page Handler. Such manipulation leads to improper authentication. The attack may b... read CVE-2025-15456
    Published: January 05, 2026; 12:15:53 AM -0500

    V3.1: 7.5 HIGH

  • CVE-2022-50443 - In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: lvds: fix PM usage counter unbalance in poweron pm_runtime_get_sync will increment pm usage counter even it failed. Forgetting to putting operation will result in ... read CVE-2022-50443
    Published: October 01, 2025; 8:15:36 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2023-53461 - In the Linux kernel, the following vulnerability has been resolved: io_uring: wait interruptibly for request completions on exit WHen the ring exits, cleanup is done and the final cancelation and waiting on completions is done by io_ring_exit_wo... read CVE-2023-53461
    Published: October 01, 2025; 8:15:47 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2023-53462 - In the Linux kernel, the following vulnerability has been resolved: hsr: Fix uninit-value access in fill_frame_info() Syzbot reports the following uninit-value access problem. ===================================================== BUG: KMSAN: un... read CVE-2023-53462
    Published: October 01, 2025; 8:15:47 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2026-0642 - A vulnerability was detected in projectworlds House Rental and Property Listing 1.0. This issue affects some unknown processing of the file /app/complaint.php. The manipulation of the argument Name results in cross site scripting. The attack may b... read CVE-2026-0642
    Published: January 07, 2026; 7:17:07 AM -0500

    V3.1: 6.1 MEDIUM

  • CVE-2023-53463 - In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Do not reset dql stats on NON_FATAL err All ibmvnic resets, make a call to netdev_tx_reset_queue() when re-opening the device. netdev_tx_reset_queue() resets the num_qu... read CVE-2023-53463
    Published: October 01, 2025; 8:15:48 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2025-61246 - indieka900 online-shopping-system-php 1.0 is vulnerable to SQL Injection in master/review_action.php via the proId parameter.
    Published: January 08, 2026; 12:15:48 PM -0500

  • CVE-2025-61549 - Cross-Site Scripting (XSS) is present on the LoginID parameter on the /PSP/app/web/reg/reg_display.asp endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34. Unsanitized user input is reflected in HTTP responses without proper HT... read CVE-2025-61549
    Published: January 08, 2026; 12:15:48 PM -0500

  • CVE-2023-53448 - In the Linux kernel, the following vulnerability has been resolved: fbdev: imxfb: Removed unneeded release_mem_region Remove unnecessary release_mem_region from the error path to prevent mem region from being released twice, which could avoid re... read CVE-2023-53448
    Published: October 01, 2025; 8:15:41 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2025-67091 - An issue in GL Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. GL.Inet AX1800 Version 4.6.4 & 4.6.8 in the GL.iNet custom opkg wrapper script located at /usr/libexec/opkg-call. The script is executed with root privileges when triggered v... read CVE-2025-67091
    Published: January 08, 2026; 11:15:45 AM -0500

  • CVE-2025-67090 - The LuCI web interface on Gl Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. Fix available in version 4.8.2 GL.Inet AX1800 Version 4.6.4 & 4.6.8 lacks rate limiting or account lockout mechanisms on the authentication endpoint (`/cgi-bin/... read CVE-2025-67090
    Published: January 08, 2026; 11:15:45 AM -0500

  • CVE-2025-67089 - A command injection vulnerability exists in the GL-iNet GL-AXT1800 router firmware v4.6.8. The vulnerability is present in the `plugins.install_package` RPC method, which fails to properly sanitize user input in package names. Authenticated attack... read CVE-2025-67089
    Published: January 08, 2026; 11:15:45 AM -0500

  • CVE-2023-53449 - In the Linux kernel, the following vulnerability has been resolved: s390/dasd: Fix potential memleak in dasd_eckd_init() `dasd_reserve_req` is allocated before `dasd_vol_info_req`, and it also needs to be freed before the error returns, just lik... read CVE-2023-53449
    Published: October 01, 2025; 8:15:41 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2023-53451 - In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix potential NULL pointer dereference Klocwork tool reported 'cur_dsd' may be dereferenced. Add fix to validate pointer before dereferencing the pointer.
    Published: October 01, 2025; 8:15:43 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2023-53452 - In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fix potential race condition between napi_init and napi_enable A race condition can happen if netdev is registered, but NAPI isn't initialized yet, and meanwhile us... read CVE-2023-53452
    Published: October 01, 2025; 8:15:43 AM -0400

    V3.1: 4.7 MEDIUM

  • CVE-2025-63916 - MyScreenTools v2.2.1.0 contains a critical OS command injection vulnerability in the GIF compression tool. The application fails to properly sanitize user-supplied file paths before passing them to cmd.exe, allowing attackers to execute arbitrary ... read CVE-2025-63916
    Published: November 17, 2025; 11:15:50 AM -0500

  • CVE-2023-53453 - In the Linux kernel, the following vulnerability has been resolved: drm/radeon: free iio for atombios when driver shutdown Fix below kmemleak when unload radeon driver: unreferenced object 0xffff9f8608ede200 (size 512): comm "systemd-udevd", ... read CVE-2023-53453
    Published: October 01, 2025; 8:15:43 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2025-10543 - In Eclipse Paho Go MQTT v3.1 library (paho.mqtt.golang) versions <=1.5.0 UTF-8 encoded strings, passed into the library, may be incorrectly encoded if their length exceeds 65535 bytes. This may lead to unexpected content in packets sent to the ser... read CVE-2025-10543
    Published: December 02, 2025; 4:15:46 AM -0500

    V3.1: 5.3 MEDIUM

  • CVE-2023-53454 - In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: Correct devm device reference for hidinput input_dev name Reference the HID device rather than the input device for the devm allocation of the input_dev name. R... read CVE-2023-53454
    Published: October 01, 2025; 8:15:43 AM -0400

    V3.1: 7.8 HIGH

  • CVE-2023-53460 - In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: fix memory leak in rtw_usb_probe() drivers/net/wireless/realtek/rtw88/usb.c:876 rtw_usb_probe() warn: 'hw' from ieee80211_alloc_hw() not released on lines: 811 Fix... read CVE-2023-53460
    Published: October 01, 2025; 8:15:47 AM -0400

    V3.1: 5.5 MEDIUM