U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
Icon for New NVD Communications and Status Updates Page
New Communications Page
The NVD now supports CVSS version 4.0!
CVSS v4.0 Support
The letters N V D typed out in binary
2.0 APIs

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2025-15200 - A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. The affected element is the function getExceptionStatisticsByClient/getCommandStatisticsByClient/doIndex of the file src/main/java/com/sohu/cache/web/controller/AppClientDataShowContro... read CVE-2025-15200
    Published: December 29, 2025; 2:15:56 PM -0500

    V3.1: 4.8 MEDIUM

  • CVE-2025-15201 - A flaw has been found in SohuTV CacheCloud up to 3.2.0. The impacted element is the function redirectNoPower of the file src/main/java/com/sohu/cache/web/controller/WebResourceController.java. This manipulation causes cross site scripting. The att... read CVE-2025-15201
    Published: December 29, 2025; 2:15:56 PM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2025-15202 - A vulnerability has been found in SohuTV CacheCloud up to 3.2.0. This affects the function taskQueueList of the file src/main/java/com/sohu/cache/web/controller/TaskController.java. Such manipulation leads to cross site scripting. The attack may b... read CVE-2025-15202
    Published: December 29, 2025; 3:15:41 PM -0500

    V3.1: 4.8 MEDIUM

  • CVE-2025-15203 - A vulnerability was found in SohuTV CacheCloud up to 3.2.0. This impacts the function index of the file src/main/java/com/sohu/cache/web/controller/ResourceController.java. Performing manipulation results in cross site scripting. It is possible to... read CVE-2025-15203
    Published: December 29, 2025; 3:15:41 PM -0500

    V3.1: 4.8 MEDIUM

  • CVE-2025-15204 - A vulnerability was determined in SohuTV CacheCloud up to 3.2.0. Affected is the function doQuartzList of the file src/main/java/com/sohu/cache/web/controller/QuartzManageController.java. Executing manipulation can lead to cross site scripting. It... read CVE-2025-15204
    Published: December 29, 2025; 4:15:43 PM -0500

    V3.1: 4.8 MEDIUM

  • CVE-2025-15219 - A security vulnerability has been detected in SohuTV CacheCloud up to 3.2.0. Affected by this issue is the function doMachineList/doPodList of the file src/main/java/com/sohu/cache/web/controller/MachineManageController.java. The manipulation lead... read CVE-2025-15219
    Published: December 29, 2025; 11:15:49 PM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2025-15220 - A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. This affects the function init of the file src/main/java/com/sohu/cache/web/controller/LoginController.java. The manipulation results in cross site scripting. The attack may be launche... read CVE-2025-15220
    Published: December 30, 2025; 12:16:00 AM -0500

    V3.1: 6.1 MEDIUM

  • CVE-2025-15221 - A flaw has been found in SohuTV CacheCloud up to 3.2.0. This vulnerability affects the function index of the file src/main/java/com/sohu/cache/web/controller/AppDataMigrateController.java. This manipulation causes cross site scripting. Remote expl... read CVE-2025-15221
    Published: December 30, 2025; 12:16:05 AM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2025-15102 - DVP-12SE11T - Password Protection Bypass
    Published: December 30, 2025; 4:15:52 AM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2025-15103 - DVP-12SE11T - Authentication Bypass via Partial Password Disclosure
    Published: December 30, 2025; 4:15:52 AM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2025-15358 - DVP-12SE11T - Denial of Service Vulnerability
    Published: December 30, 2025; 4:15:52 AM -0500

  • CVE-2025-15148 - A flaw has been found in CmsEasy up to 7.7.7. Affected is the function savetemp_action in the library /lib/admin/template_admin.php of the component Backend Template Management Page. Executing manipulation of the argument content/tempdata can lead... read CVE-2025-15148
    Published: December 28, 2025; 1:15:47 PM -0500

    V3.1: 7.2 HIGH

  • CVE-2025-15155 - A vulnerability was detected in floooh sokol up to 16cbcc864012898793cd2bc57f802499a264ea40. The impacted element is the function _sg_pipeline_desc_defaults in the library sokol_gfx.h. The manipulation results in stack-based buffer overflow. The a... read CVE-2025-15155
    Published: December 28, 2025; 5:15:43 PM -0500

    V3.1: 7.8 HIGH

  • CVE-2023-49269 - Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'adults' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed u... read CVE-2023-49269
    Published: December 20, 2023; 1:15:13 PM -0500

  • CVE-2025-14874 - A flaw was found in Nodemailer. This vulnerability allows a denial of service (DoS) via a crafted email address header that triggers infinite recursion in the address parser.
    Published: December 18, 2025; 4:15:44 AM -0500

    V3.1: 7.5 HIGH

  • CVE-2025-40891 - A Stored HTML Injection vulnerability was discovered in the Time Machine Snapshot Diff functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets at two different times ... read CVE-2025-40891
    Published: December 18, 2025; 9:15:59 AM -0500

    V3.1: 4.7 MEDIUM

  • CVE-2025-40892 - A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing a JavaScript payload, o... read CVE-2025-40892
    Published: December 18, 2025; 9:15:59 AM -0500

    V3.1: 8.9 HIGH

  • CVE-2025-40893 - A Stored HTML Injection vulnerability was discovered in the Asset List functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets to inject HTML tags into asset attribut... read CVE-2025-40893
    Published: December 18, 2025; 9:15:59 AM -0500

  • CVE-2025-40898 - A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can p... read CVE-2025-40898
    Published: December 18, 2025; 9:15:59 AM -0500

  • CVE-2025-65559 - An issue was discovered in Open5GS 2.7.5-49-g465e90f, when processing a PFCP Session Establishment Request (type=50), the UPF crashes with a reachable assertion in `lib/pfcp/context.c` (`ogs_pfcp_object_teid_hash_set`) if the CreatePDR?PDI?F-TEID ... read CVE-2025-65559
    Published: December 18, 2025; 2:16:33 PM -0500

Created September 20, 2022 , Updated August 27, 2024