U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database

NVD Dashboard

CVEs Received and Processed

CVEs Received and Processed

Please Wait

CVE Status Count

Please Wait

CVSS Score Spread

Please Wait

CVSS V3 Score Distribution

Severity Number of Vulns

CVSS V2 Score Distribution

Severity Number of Vulns


For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2026-28463 - OpenClaw exec-approvals allowlist validation checks pre-expansion argv tokens but execution uses real shell expansion, allowing safe bins like head, tail, or grep to read arbitrary local files via glob patterns or environment variables. Authorized... read CVE-2026-28463
    Published: March 05, 2026; 5:16:19 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2026-22760 - Dell Device Management Agent (DDMA), versions prior to 26.02, contain an Improper Check for Unusual or Exceptional Conditions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Denia... read CVE-2026-22760
    Published: March 04, 2026; 12:16:18 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2024-58040 - Crypt::RandomEncryption for Perl version 0.01 uses insecure rand() function during encryption.
    Published: September 30, 2025; 7:37:36 AM -0400

  • CVE-2026-28464 - OpenClaw versions prior to 2026.2.12 use non-constant-time string comparison for hook token validation, allowing attackers to infer tokens through timing measurements. Remote attackers with network access to the hooks endpoint can exploit timing s... read CVE-2026-28464
    Published: March 05, 2026; 5:16:19 PM -0500

    V3.1: 7.5 HIGH

  • CVE-2025-15545 - The backup restore function does not properly validate unexpected or unrecognized tags within the backup file. When such a crafted file is restored, the injected tag is interpreted by a shell, allowing execution of arbitrary commands with root pri... read CVE-2025-15545
    Published: January 29, 2026; 1:16:07 PM -0500

    V3.1: 6.8 MEDIUM

  • CVE-2026-3404 - A flaw has been found in thinkgem JeeSite up to 5.15.1. Impacted is an unknown function of the file /com/jeesite/common/shiro/cas/CasOutHandler.java of the component Endpoint. Executing a manipulation can lead to xml external entity reference. The... read CVE-2026-3404
    Published: March 01, 2026; 9:16:19 PM -0500

    V3.1: 8.1 HIGH

  • CVE-2025-30042 - The CGM CLININET system provides smart card authentication; however, authentication is conducted locally on the client device, and, in reality, only the certificate number is used for access verification. As a result, possession of the certificate... read CVE-2025-30042
    Published: March 02, 2026; 7:16:01 AM -0500

    V3.1: 7.8 HIGH

  • CVE-2025-15509 - The SmartRemote module has insufficient restrictions on loading URLs, which may lead to some information leakage.
    Published: February 27, 2026; 2:17:10 AM -0500

    V3.1: 4.3 MEDIUM

  • CVE-2025-15567 - Insufficient protection mechanisms in the Health Module may lead to partial information disclosure.
    Published: February 27, 2026; 2:17:10 AM -0500

    V3.1: 3.3 LOW

  • CVE-2026-3734 - A flaw has been found in SourceCodester Client Database Management System 1.0. Affected is an unknown function of the file /fetch_manager_details.php of the component Endpoint. This manipulation of the argument manager_id causes improper authoriza... read CVE-2026-3734
    Published: March 08, 2026; 9:16:00 AM -0400

    V3.1: 7.3 HIGH

  • CVE-2026-3702 - A vulnerability was detected in SourceCodester Loan Management System 1.0. Affected by this issue is some unknown functionality of the file /index.php. Performing a manipulation of the argument page results in cross site scripting. The attack is p... read CVE-2026-3702
    Published: March 08, 2026; 12:16:28 AM -0500

    V3.1: 6.1 MEDIUM

  • CVE-2026-3695 - A vulnerability has been found in SourceCodester Modern Image Gallery App 1.0. Impacted is an unknown function of the file /delete.php. Such manipulation of the argument filename leads to path traversal. It is possible to launch the attack remotel... read CVE-2026-3695
    Published: March 07, 2026; 8:15:49 PM -0500

    V3.1: 6.5 MEDIUM

  • CVE-2026-3738 - A vulnerability was identified in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the component Financial Report Page. The manipulation leads to improper authorization. Remote exploitation of the att... read CVE-2026-3738
    Published: March 08, 2026; 10:15:54 AM -0400

    V3.1: 6.3 MEDIUM

  • CVE-2026-3737 - A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown part of the file add_user.php of the component User Creation Handler. Executing a manipulation can lead to improper authorization. The a... read CVE-2026-3737
    Published: March 08, 2026; 10:15:54 AM -0400

    V3.1: 6.3 MEDIUM

  • CVE-2026-3746 - A vulnerability was determined in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Login.php?f=login of the component Login. This manipulation of the argu... read CVE-2026-3746
    Published: March 08, 2026; 12:16:01 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2026-3751 - A vulnerability was detected in SourceCodester Employee Task Management System 1.0. Impacted is an unknown function of the file /daily-attendance-report.php of the component GET Parameter Handler. The manipulation of the argument Date results in s... read CVE-2026-3751
    Published: March 08, 2026; 1:16:08 PM -0400

    V3.1: 7.2 HIGH

  • CVE-2026-3752 - A flaw has been found in SourceCodester Employee Task Management System up to 1.0. The affected element is an unknown function of the file /daily-task-report.php of the component GET Parameter Handler. This manipulation of the argument Date causes... read CVE-2026-3752
    Published: March 08, 2026; 1:16:08 PM -0400

    V3.1: 7.2 HIGH

  • CVE-2026-3758 - A weakness has been identified in projectworlds Online Art Gallery Shop 1.0. Affected by this issue is some unknown functionality of the file /admin/adminHome.php. This manipulation of the argument Info causes sql injection. Remote exploitation of... read CVE-2026-3758
    Published: March 08, 2026; 3:16:00 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2026-3757 - A security flaw has been discovered in projectworlds Online Art Gallery Shop 1.0. Affected by this vulnerability is an unknown functionality of the file /?pass=1. The manipulation of the argument fnm results in sql injection. The attack may be lau... read CVE-2026-3757
    Published: March 08, 2026; 3:16:00 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2026-3759 - A security vulnerability has been detected in projectworlds Online Art Gallery Shop 1.0. This affects an unknown part of the file /admin/adminHome.php. Such manipulation of the argument reach_nm leads to sql injection. The attack can be executed r... read CVE-2026-3759
    Published: March 08, 2026; 3:16:00 PM -0400

    V3.1: 9.8 CRITICAL