U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database

NVD Dashboard

CVEs Received and Processed

CVEs Received and Processed

Please Wait

CVE Status Count

Please Wait

CVSS Score Spread

Please Wait

CVSS V3 Score Distribution

Severity Number of Vulns

CVSS V2 Score Distribution

Severity Number of Vulns


For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2026-29082 - Kestra is an event-driven orchestration platform. In versions from 1.1.10 and prior, Kestra’s execution-file preview renders user-supplied Markdown (.md) with markdown-it instantiated as html:true and injects the resulting HTML with Vue’s v-html w... read CVE-2026-29082
    Published: March 06, 2026; 12:16:34 PM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2025-69644 - An issue was discovered in Binutils before 2.46. The objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed debug information. A logic flaw in the handling of DWARF location list headers can cause objdum... read CVE-2025-69644
    Published: March 06, 2026; 1:16:16 PM -0500

  • CVE-2026-3665 - A vulnerability was identified in xlnt-community xlnt up to 1.6.1. The affected element is the function xlnt::detail::xlsx_consumer::read_office_document of the file source/detail/serialization/xlsx_consumer.cpp of the component XLSX File Parser. ... read CVE-2026-3665
    Published: March 07, 2026; 11:15:56 AM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2026-3662 - A vulnerability has been found in Wavlink WL-NU516U1 240425. This vulnerability affects the function usb_p910 of the file /cgi-bin/adm.cgi. Such manipulation of the argument Pr_mode leads to command injection. It is possible to launch the attack r... read CVE-2026-3662
    Published: March 07, 2026; 9:16:06 AM -0500

    V3.1: 7.2 HIGH

  • CVE-2025-69651 - GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted ELF binary with malformed relocation or symbol data. If dump_relocations returns early due to parsing errors, the internal all_... read CVE-2025-69651
    Published: March 06, 2026; 1:16:16 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2026-3664 - A vulnerability was determined in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::compound_document::read_directory of the file source/detail/cryptography/compound_document.cpp of the component Encrypted XLSX File Parser. E... read CVE-2026-3664
    Published: March 07, 2026; 10:15:56 AM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2026-3663 - A vulnerability was found in xlnt-community xlnt up to 1.6.1. This issue affects the function xlnt::detail::compound_document_istreambuf::xsgetn of the file source/detail/cryptography/compound_document.cpp of the component XLSX File Parser. Perfor... read CVE-2026-3663
    Published: March 07, 2026; 10:15:56 AM -0500

    V3.1: 7.1 HIGH

  • CVE-2026-3463 - A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::binary_writer::append of the file source/detail/binary.hpp of the component Compound Document Parser. This manipulation causes heap-based buf... read CVE-2026-3463
    Published: March 03, 2026; 7:16:06 AM -0500

    V3.1: 7.8 HIGH

  • CVE-2026-2703 - A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::decode_base64 of the file source/detail/cryptography/base64.cpp of the component Encrypted XLSX File Parser. Executing a manipulation can lea... read CVE-2026-2703
    Published: February 19, 2026; 2:17:49 AM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2026-30798 - Insufficient Verification of Data Authenticity, Improper Handling of Exceptional Conditions vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Heartbeat sync loop, strategy processing modules) ... read CVE-2026-30798
    Published: March 05, 2026; 11:16:21 AM -0500

    V3.1: 7.5 HIGH

  • CVE-2026-20098 - A vulnerability in the Certificate Management feature of Cisco Meeting Management could allow an authenticated, remote attacker to upload arbitrary files, execute arbitrary commands, and elevate privileges to root on an affected system. This vu... read CVE-2026-20098
    Published: February 04, 2026; 12:16:14 PM -0500

    V3.1: 8.8 HIGH

  • CVE-2026-20111 - A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the interface of an affected system. This v... read CVE-2026-20111
    Published: February 04, 2026; 12:16:14 PM -0500

    V3.1: 4.8 MEDIUM

  • CVE-2026-20123 - A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerabi... read CVE-2026-20123
    Published: February 04, 2026; 12:16:14 PM -0500

    V3.1: 6.1 MEDIUM

  • CVE-2026-28392 - OpenClaw versions prior to 2026.2.14 contain a privilege escalation vulnerability in the Slack slash-command handler that incorrectly authorizes any direct message sender when dmPolicy is set to open (must be configured). Attackers can execute pri... read CVE-2026-28392
    Published: March 05, 2026; 5:16:15 PM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2026-28393 - OpenClaw versions 2.0.0-beta3 prior to 2026.2.14 contain a path traversal vulnerability in hook transform module loading that allows arbitrary JavaScript execution. The hooks.mappings[].transform.module parameter accepts absolute paths and travers... read CVE-2026-28393
    Published: March 05, 2026; 5:16:15 PM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2026-29065 - changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, a Zip Slip vulnerability in the backup restore functionality allows arbitrary file overwrite via path traversal in uploaded ZIP archives. This issue ... read CVE-2026-29065
    Published: March 06, 2026; 2:16:02 AM -0500

    V3.1: 9.1 CRITICAL

  • CVE-2026-28446 - OpenClaw versions prior to 2026.2.1 with the voice-call extension installed and enabled contain an authentication bypass vulnerability in inbound allowlist policy validation that accepts empty caller IDs and uses suffix-based matching instead of s... read CVE-2026-28446
    Published: March 05, 2026; 5:16:16 PM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2025-40638 - A reflected Cross-Site Scripting (XSS) vulnerability has been found in Eventobot. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL using the 'name' parameter in '/search... read CVE-2025-40638
    Published: March 09, 2026; 6:16:00 AM -0400

    V3.1: 6.1 MEDIUM

  • CVE-2025-40639 - A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'promo_send' parameter in the '/assets/php/calculate_discount.php'.
    Published: March 09, 2026; 6:16:01 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2026-3813 - A vulnerability was identified in opencc JFlow up to 5badc00db382d7cb82dad231e6a866b18e0addfe. Affected by this vulnerability is the function Calculate of the file src/main/java/bp/wf/httphandler/WF_CCForm.java. Such manipulation leads to injectio... read CVE-2026-3813
    Published: March 09, 2026; 6:16:03 AM -0400

    V3.1: 9.8 CRITICAL