This is a cache of https://nvd.nist.gov/. It is a snapshot of the page as it appeared on 2025-08-19T13:34:54.523+0200.
NVD - Home
U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
Icon for New NVD Communications and Status Updates Page
New Communications Page
The NVD now supports CVSS version 4.0!
CVSS v4.0 Support
The letters N V D typed out in binary
2.0 APIs

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2025-3277 - An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thu... read CVE-2025-3277
    Published: April 14, 2025; 1:15:27 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2025-5998 - The PPWP – Password Protect Pages WordPress plugin before version 1.9.11 allows to put the site content behind a password authorization, however users with subscriber or greater roles can view content via the REST API.
    Published: August 14, 2025; 5:15:26 AM -0400

  • CVE-2025-6704 - An arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to pre-auth remote code execution, if a specific configuration of SPX is enabled in combination with... read CVE-2025-6704
    Published: July 21, 2025; 10:15:30 AM -0400

  • CVE-2024-31896 - IBM SPSS Statistics 26.0, 27.0.1, 28.0.1, and 29.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
    Published: March 25, 2025; 3:15:42 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2025-2629 - There is a DLL hijacking vulnerability due to an uncontrolled search path that exists in NI LabVIEW when loading NI Error Reporting. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to inser... read CVE-2025-2629
    Published: April 09, 2025; 3:15:48 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2025-0986 - IBM PowerVM Hypervisor FW1050.00 through FW1050.30 and FW1060.00 through FW1060.20 could allow a local user, under certain linux processor combability mode configurations, to cause undetected data loss or errors when performing gzip compression us... read CVE-2025-0986
    Published: March 28, 2025; 10:15:19 AM -0400

    V3.1: 4.4 MEDIUM

  • CVE-2025-2630 - There is a DLL hijacking vulnerability due to an uncontrolled search path that exists in NI LabVIEW. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to insert a malicious DLL into the uncon... read CVE-2025-2630
    Published: April 09, 2025; 3:15:48 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2025-2631 - Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW in InitCPUInformation() that may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a sp... read CVE-2025-2631
    Published: April 09, 2025; 4:15:27 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2025-2632 - Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW reading CPU info from cache that may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open ... read CVE-2025-2632
    Published: April 09, 2025; 4:15:27 PM -0400

  • CVE-2025-6920 - A flaw was found in the authentication enforcement mechanism of a model inference API in ai-inference-server. All /v1/* endpoints are expected to enforce API key validation. However, the POST /invocations endpoint failed to do so, resulting in an ... read CVE-2025-6920
    Published: July 01, 2025; 10:15:41 AM -0400

    V3.1: 5.3 MEDIUM

  • CVE-2024-9453 - A vulnerability was found in Red Hat OpenShift Jenkins. The bearer token is not obfuscated in the logs and potentially carries a high risk if those logs are centralized when collected. The token is typically valid for one year. This flaw allows a ... read CVE-2024-9453
    Published: July 04, 2025; 5:15:24 AM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2025-36600 - Dell Client Platform BIOS contains an Improper Access Control Applied to Mirrored or Aliased Memory Regions vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerabili... read CVE-2025-36600
    Published: July 08, 2025; 11:15:27 AM -0400

  • CVE-2023-37405 - IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 stores sensitive data in memory, that could be obtained by an unauthorized user.
    Published: March 27, 2025; 2:17:28 PM -0400

  • CVE-2025-55668 - Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Older, EOL versions may also be affected. Users ar... read CVE-2025-55668
    Published: August 13, 2025; 10:15:33 AM -0400

  • CVE-2025-50612 - A buffer overflow vulnerability has been discovered in the Netis WF2880 v2.1.40207 in the FUN_004743f8 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wl_sec_set in the payload, which may caus... read CVE-2025-50612
    Published: August 13, 2025; 12:15:31 PM -0400

  • CVE-2025-50613 - A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00475e1c function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wds_key_wep in the payload, which can cause t... read CVE-2025-50613
    Published: August 13, 2025; 12:15:31 PM -0400

  • CVE-2025-54472 - Unlimited memory allocation in redis protocol parser in Apache bRPC (all versions < 1.14.1) on all platforms allows attackers to crash the service via network. Root Cause: In the bRPC Redis protocol parser code, memory for arrays or strings of ... read CVE-2025-54472
    Published: August 14, 2025; 5:15:26 AM -0400

  • CVE-2025-48989 - Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.... read CVE-2025-48989
    Published: August 13, 2025; 9:15:34 AM -0400

  • CVE-2025-21472 - Information disclosure while capturing logs as eSE debug messages are logged.
    Published: August 06, 2025; 4:15:28 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2025-27067 - Memory corruption while processing DDI call with invalid buffer.
    Published: August 06, 2025; 4:15:29 AM -0400

    V3.1: 7.8 HIGH

Created September 20, 2022 , Updated August 27, 2024