U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
Icon for New NVD Communications and Status Updates Page
New Communications Page
The NVD now supports CVSS version 4.0!
CVSS v4.0 Support
The letters N V D typed out in binary
2.0 APIs

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2025-14416 - pdfforge PDF Architect DOC File Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of pdfforge PDF Architect. User interaction is required to ... read CVE-2025-14416
    Published: December 23, 2025; 5:15:48 PM -0500

  • CVE-2025-14421 - pdfforge PDF Architect PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of pdfforge PDF Architect. User interaction is ... read CVE-2025-14421
    Published: December 23, 2025; 5:15:49 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2025-14420 - pdfforge PDF Architect CBZ File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of pdfforge PDF Architect. User interaction is required... read CVE-2025-14420
    Published: December 23, 2025; 5:15:49 PM -0500

  • CVE-2025-14419 - pdfforge PDF Architect PDF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of pdfforge PDF Architect. User interaction is required t... read CVE-2025-14419
    Published: December 23, 2025; 5:15:48 PM -0500

  • CVE-2025-14418 - pdfforge PDF Architect XLS File Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of pdfforge PDF Architect. User interaction is required to ... read CVE-2025-14418
    Published: December 23, 2025; 5:15:48 PM -0500

  • CVE-2025-14417 - pdfforge PDF Architect Launch Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of pdfforge PDF Architect. User interaction is required to ex... read CVE-2025-14417
    Published: December 23, 2025; 5:15:48 PM -0500

  • CVE-2025-15231 - A vulnerability was determined in Tenda M3 1.0.0.13(4903). This affects the function formSetRemoteVlanInfo of the file /goform/setVlanInfo. Executing manipulation of the argument ID/vlan/port can lead to stack-based buffer overflow. The attack can... read CVE-2025-15231
    Published: December 30, 2025; 2:15:43 AM -0500

    V3.1: 8.8 HIGH

  • CVE-2025-15230 - A vulnerability was found in Tenda M3 1.0.0.13(4903). Affected by this issue is the function formSetVlanPolicy of the file /goform/setVlanPolicyData. Performing manipulation of the argument qvlan_truck_port results in heap-based buffer overflow. R... read CVE-2025-15230
    Published: December 30, 2025; 2:15:41 AM -0500

    V3.1: 8.8 HIGH

  • CVE-2025-65882 - An issue was discovered in openmptcprouter thru 0.64 in file common/package/utils/sys-upgrade-helper/src/tools/sysupgrade.c in function create_xor_ipad_opad allowing attackers to potentially write arbitrary files or execute arbitrary commands.
    Published: December 09, 2025; 2:15:49 PM -0500

  • CVE-2025-15218 - A weakness has been identified in Tenda AC10U 15.03.06.48/15.03.06.49. Affected by this vulnerability is the function fromadvsetlanip of the file /goform/AdvSetLanip of the component POST Request Parameter Handler. Executing manipulation of the ar... read CVE-2025-15218
    Published: December 29, 2025; 11:15:49 PM -0500

    V3.1: 8.8 HIGH

  • CVE-2025-15217 - A security flaw has been discovered in Tenda AC23 16.03.07.52. Affected is the function formSetPPTPUserList of the component HTTP POST Request Handler. Performing manipulation of the argument list results in buffer overflow. The attack can be init... read CVE-2025-15217
    Published: December 29, 2025; 10:15:51 PM -0500

  • CVE-2025-65741 - Sublime Text 3 Build 3208 or prior for MacOS is vulnerable to Dylib Injection. An attacker could compile a .dylib file and force the execution of this library in the context of the Sublime Text application.
    Published: December 09, 2025; 3:15:54 PM -0500

  • CVE-2025-15216 - A vulnerability was identified in Tenda AC23 16.03.07.52. This impacts the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument bindnum leads to stack-based buffer overflow. It is possible to launch the att... read CVE-2025-15216
    Published: December 29, 2025; 10:15:51 PM -0500

    V3.1: 8.8 HIGH

  • CVE-2025-15215 - A vulnerability was determined in Tenda AC10U 15.03.06.48/15.03.06.49. This affects the function formSetPPTPUserList of the file /goform/setPptpUserList of the component HTTP POST Request Handler. This manipulation of the argument list causes buff... read CVE-2025-15215
    Published: December 29, 2025; 10:15:50 PM -0500

    V3.1: 8.8 HIGH

  • CVE-2025-66625 - Umbraco is an ASP.NET CMS. Due to unsafe handling and deletion of temporary files in versions 10.0.0 through 13.12.0, during the dictionary upload process an attacker with access to the backoffice can trigger predictable requests to temporary file... read CVE-2025-66625
    Published: December 09, 2025; 3:15:55 PM -0500

  • CVE-2025-9056 - Unprotected service in the AudioLink component allows a local attacker to overwrite system files via unauthorized service invocation.
    Published: December 09, 2025; 11:15:58 PM -0500

  • CVE-2025-65815 - A lack of security checks in the file import process of AB TECHNOLOGY Document Reader: PDF, DOC, PPT v65.0 allows attackers to execute a directory traversal.
    Published: December 10, 2025; 12:15:55 PM -0500

  • CVE-2025-63094 - XiangShan Nanhu V2 and XiangShan Kunmighu V3 were discovered to use speculative execution and indirect branch prediction, allowing attackers to access sensitive information via side-channel analysis of the data cache.
    Published: December 10, 2025; 1:16:20 PM -0500

  • CVE-2025-63895 - An issue in the Bluetooth firmware of JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to cause a Denial of Service (DoS) via sending a crafted Link Manager Protocol (LMP) packet.
    Published: December 10, 2025; 3:16:21 PM -0500

  • CVE-2025-15255 - A vulnerability was determined in Tenda W6-S 1.0.0.4(510). This impacts an unknown function of the file /bin/httpd of the component R7websSsecurityHandler. Executing manipulation of the argument Cookie can lead to stack-based buffer overflow. The ... read CVE-2025-15255
    Published: December 30, 2025; 11:15:44 AM -0500

Created September 20, 2022 , Updated August 27, 2024