U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database

NVD Dashboard

CVEs Received and Processed

CVEs Received and Processed

Please Wait

CVE Status Count

Please Wait

CVSS Score Spread

Please Wait

CVSS V3 Score Distribution

Severity Number of Vulns

CVSS V2 Score Distribution

Severity Number of Vulns


For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2025-48984 - A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.
    Published: October 30, 2025; 8:15:36 PM -0400

  • CVE-2025-48983 - A vulnerability in the Mount service of Veeam Backup & Replication, which allows for remote code execution (RCE) on the Backup infrastructure hosts by an authenticated domain user.
    Published: October 30, 2025; 8:15:36 PM -0400

  • CVE-2025-48982 - This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation if a system administrator is tricked into restoring a malicious file.
    Published: October 30, 2025; 8:15:36 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2025-62265 - Cross-site scripting (XSS) vulnerability in the Blogs widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, 7.3 GA thr... read CVE-2025-62265
    Published: October 30, 2025; 3:16:35 PM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2025-62266 - By default, Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions i... read CVE-2025-62266
    Published: October 30, 2025; 2:15:33 PM -0400

    V3.1: 6.1 MEDIUM

  • CVE-2025-64096 - CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prier to 1.4.2, ... read CVE-2025-64096
    Published: October 30, 2025; 1:15:40 PM -0400

  • CVE-2022-49903 - In the Linux kernel, the following vulnerability has been resolved: ipv6: fix WARNING in ip6_route_net_exit_late() During the initialization of ip6_route_net_init_late(), if file ipv6_route or rt6_stats fails to be created, the initialization is... read CVE-2022-49903
    Published: May 01, 2025; 11:16:15 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2022-49905 - In the Linux kernel, the following vulnerability has been resolved: net/smc: Fix possible leaked pernet namespace in smc_init() In smc_init(), register_pernet_subsys(&smc_net_stat_ops) is called without any error handling. If it fails, registeri... read CVE-2022-49905
    Published: May 01, 2025; 11:16:15 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2022-49907 - In the Linux kernel, the following vulnerability has been resolved: net: mdio: fix undefined behavior in bit shift for __mdiobus_register Shifting signed 32-bit value by 31 bits is undefined, so changing significant bit to unsigned. The UBSAN wa... read CVE-2022-49907
    Published: May 01, 2025; 11:16:15 AM -0400

    V3.1: 7.8 HIGH

  • CVE-2022-49910 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu Fix the race condition between the following two flows that run in parallel: 1. l2cap_reassemble_sdu -> chan... read CVE-2022-49910
    Published: May 01, 2025; 11:16:16 AM -0400

    V3.1: 7.8 HIGH

  • CVE-2022-49911 - In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: enforce documented limit to prevent allocating huge memory Daniel Xu reported that the hash:net,iface type of the ipset subsystem does not limit adding the sam... read CVE-2022-49911
    Published: May 01, 2025; 11:16:16 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2025-62256 - Liferay Portal 7.4.0 through 7.4.3.109, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not properly restrict access to OpenAPI in c... read CVE-2025-62256
    Published: October 23, 2025; 10:15:42 AM -0400

    V3.1: 5.3 MEDIUM

  • CVE-2025-62254 - The ComboServlet in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported version... read CVE-2025-62254
    Published: October 23, 2025; 7:15:37 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2025-62263 - Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.7 through 7.4.3.103, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 service pack 3 through update 36 allow remote attackers to inject arbitrary w... read CVE-2025-62263
    Published: October 27, 2025; 4:15:54 PM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2025-62262 - Information exposure through log file vulnerability in LDAP import feature in Liferay Portal 7.4.0 through 7.4.3.97, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, a... read CVE-2025-62262
    Published: October 27, 2025; 5:15:37 PM -0400

    V3.1: 4.4 MEDIUM

  • CVE-2025-62260 - Liferay Portal 7.4.0 through 7.4.3.99, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not limit the number of objects returned from Headless API requests, which ... read CVE-2025-62260
    Published: October 27, 2025; 6:15:41 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2025-62261 - Liferay Portal 7.4.0 through 7.4.3.99, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 34, and older unsupported versions stores password reset tokens in plain text, whic... read CVE-2025-62261
    Published: October 27, 2025; 6:15:41 PM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2025-62258 - CSRF vulnerability in Headless API in Liferay Portal 7.4.0 through 7.4.3.107, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to execute any He... read CVE-2025-62258
    Published: October 27, 2025; 7:15:38 PM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2025-62257 - Password enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and ol... read CVE-2025-62257
    Published: October 29, 2025; 8:15:34 PM -0400

    V3.1: 5.3 MEDIUM

  • CVE-2022-49879 - In the Linux kernel, the following vulnerability has been resolved: ext4: fix BUG_ON() when directory entry has invalid rec_len The rec_len field in the directory entry has to be a multiple of 4. A corrupted filesystem image can be used to hit ... read CVE-2022-49879
    Published: May 01, 2025; 11:16:12 AM -0400

    V3.1: 5.5 MEDIUM