U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
Icon for New NVD Communications and Status Updates Page
New Communications Page
The NVD now supports CVSS version 4.0!
CVSS v4.0 Support
The letters N V D typed out in binary
2.0 APIs

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2025-30667 - NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.
    Published: May 14, 2025; 2:15:30 PM -0400

  • CVE-2025-30668 - Integer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct a denial of service via network access.
    Published: May 14, 2025; 2:15:30 PM -0400

  • CVE-2025-9870 - Razer Synapse 3 RazerPhilipsHueUninstall Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. An attacker must first obtain the abil... read CVE-2025-9870
    Published: October 29, 2025; 4:15:37 PM -0400

  • CVE-2025-9869 - Razer Synapse 3 Macro Module Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. An attacker must first obtain the ability to execu... read CVE-2025-9869
    Published: October 29, 2025; 4:15:36 PM -0400

  • CVE-2025-11465 - Ashlar-Vellum Cobalt CO File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploi... read CVE-2025-11465
    Published: October 29, 2025; 4:15:36 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2025-11464 - Ashlar-Vellum Cobalt CO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is requir... read CVE-2025-11464
    Published: October 29, 2025; 4:15:36 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2025-11463 - Ashlar-Vellum Cobalt XE File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to expl... read CVE-2025-11463
    Published: October 29, 2025; 4:15:36 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2025-11201 - MLflow Tracking Server Model Creation Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflow Tracking Server. Authentication is not required... read CVE-2025-11201
    Published: October 29, 2025; 4:15:35 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2025-11200 - MLflow Weak Password Requirements Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability. The spec... read CVE-2025-11200
    Published: October 29, 2025; 4:15:35 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2025-2347 - A vulnerability was found in IROAD Dash Cam FX2 up to 20250308 and classified as problematic. This issue affects some unknown processing of the component Device Registration. The manipulation of the argument Password with the input qwertyuiop lead... read CVE-2025-2347
    Published: March 16, 2025; 5:15:37 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2025-27617 - Pimcore is an open source data and experience management platform. Prior to version 11.5.4, authenticated users can craft a filter string used to cause a SQL injection. Version 11.5.4 fixes the issue.
    Published: March 11, 2025; 12:15:18 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2025-1610 - A vulnerability was found in LB-LINK AC1900 Router 1.0.2 and classified as critical. Affected by this issue is the function websGetVar of the file /goform/set_blacklist. The manipulation of the argument mac/enable leads to os command injection. Th... read CVE-2025-1610
    Published: February 23, 2025; 9:15:32 PM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2025-1609 - A vulnerability has been found in LB-LINK AC1900 Router 1.0.2 and classified as critical. Affected by this vulnerability is the function websGetVar of the file /goform/set_cmd. The manipulation of the argument cmd leads to os command injection. Th... read CVE-2025-1609
    Published: February 23, 2025; 9:15:32 PM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2025-1608 - A vulnerability, which was classified as critical, was found in LB-LINK AC1900 Router 1.0.2. Affected is the function websGetVar of the file /goform/set_manpwd. The manipulation of the argument routepwd  leads to os command injection. It is possib... read CVE-2025-1608
    Published: February 23, 2025; 8:15:10 PM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2025-1585 - A vulnerability, which was classified as problematic, has been found in otale tale up to 2.0.5. This issue affects the function OptionsService of the file src/main/resources/templates/themes/default/partial/header.html. The manipulation of the arg... read CVE-2025-1585
    Published: February 23, 2025; 9:15:09 AM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2025-25475 - A NULL pointer dereference in the component /libsrc/dcrleccd.cc of DCMTK v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DICOM file.
    Published: February 18, 2025; 6:15:10 PM -0500

  • CVE-2025-25474 - DCMTK v3.6.9+ DEV was discovered to contain a buffer overflow via the component /dcmimgle/diinpxt.h.
    Published: February 18, 2025; 6:15:10 PM -0500

  • CVE-2025-25472 - A buffer overflow in DCMTK git master v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DCM file.
    Published: February 18, 2025; 6:15:10 PM -0500

  • CVE-2025-1377 - A vulnerability, which was classified as problematic, has been found in GNU elfutils 0.192. This issue affects the function gelf_getsymshndx of the file strip.c of the component eu-strip. The manipulation leads to denial of service. The attack nee... read CVE-2025-1377
    Published: February 17, 2025; 12:15:10 AM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2025-1376 - A vulnerability classified as problematic was found in GNU elfutils 0.192. This vulnerability affects the function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip. The manipulation leads to denial of service. It is possibl... read CVE-2025-1376
    Published: February 17, 2025; 12:15:09 AM -0500

    V3.1: 4.7 MEDIUM

Created September 20, 2022 , Updated August 27, 2024