U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
NOTICE UPDATED - April, 25th 2024

NIST has updated the NVD program announcement page with additional information regarding recent concerns and the temporary delays in enrichment efforts.

The letters N V D typed out in binary
New 2.0 APIs
Emphasis on APIs for web automation
Change Timeline
Icon for CISA Known Exploited Vulnerabilities Catalog Announcement
New Parameters

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2021-47179 - In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() Commit de144ff4234f changes _pnfs_return_layout() to call pnfs_mark_matching_lsegs_return() passing NU... read CVE-2021-47179
    Published: March 25, 2024; 6:15:09 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2021-47173 - In the Linux kernel, the following vulnerability has been resolved: misc/uss720: fix memory leak in uss720_probe uss720_probe forgets to decrease the refcount of usbdev in uss720_probe. Fix this by decreasing the refcount of usbdev by usb_put_de... read CVE-2021-47173
    Published: March 25, 2024; 6:15:09 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2021-47171 - In the Linux kernel, the following vulnerability has been resolved: net: usb: fix memory leak in smsc75xx_bind Syzbot reported memory leak in smsc75xx_bind(). The problem was is non-freed memory in case of errors after memory allocation. backtr... read CVE-2021-47171
    Published: March 25, 2024; 6:15:08 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2023-6837 - Multiple WSO2 products have been identified as vulnerable to perform user impersonatoin using JIT provisioning. In order for this vulnerability to have any impact on your deployment, following conditions must be met: * An IDP configured for fe... read CVE-2023-6837
    Published: December 15, 2023; 5:15:09 AM -0500

    V3.1: 8.2 HIGH

  • CVE-2024-4073 - A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file prodList.php. The manipulation of the argument prod... read CVE-2024-4073
    Published: April 23, 2024; 7:15:49 PM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2022-48656 - In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma-private: Fix refcount leak bug in of_xudma_dev_get() We should call of_node_put() for the reference returned by of_parse_phandle() in fail path or when it... read CVE-2022-48656
    Published: April 28, 2024; 9:15:07 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2022-48657 - In the Linux kernel, the following vulnerability has been resolved: arm64: topology: fix possible overflow in amu_fie_setup() cpufreq_get_hw_max_freq() returns max frequency in kHz as *unsigned int*, while freq_inv_set_max_ratio() gets passed th... read CVE-2022-48657
    Published: April 28, 2024; 9:15:07 AM -0400

    V3.1: 7.8 HIGH

  • CVE-2024-30051 - Windows DWM Core Library Elevation of Privilege Vulnerability
    Published: May 14, 2024; 1:17:21 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2024-4671 - Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
    Published: May 14, 2024; 11:44:15 AM -0400

    V3.1: 9.6 CRITICAL

  • CVE-2023-51384 - In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even i... read CVE-2023-51384
    Published: December 18, 2023; 2:15:08 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2024-30040 - Windows MSHTML Platform Security Feature Bypass Vulnerability
    Published: May 14, 2024; 1:17:12 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2022-30645 - Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires use... read CVE-2022-30645
    Published: September 07, 2023; 10:15:10 AM -0400

    V3.1: 7.8 HIGH

  • CVE-2022-33326 - Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to ... read CVE-2022-33326
    Published: June 30, 2022; 3:15:08 PM -0400

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2022-33325 - Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to ... read CVE-2022-33325
    Published: June 30, 2022; 3:15:08 PM -0400

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2022-30387 - Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=pay_order.
    Published: May 13, 2022; 11:15:10 AM -0400

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2022-30386 - Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_featured.
    Published: May 13, 2022; 11:15:10 AM -0400

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2022-30385 - Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_order.
    Published: May 13, 2022; 11:15:10 AM -0400

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2016-4840 - Coordinate Plus App for Android 1.0.2 and earlier and Coordinate Plus App for iOS 1.0.2 and earlier do not verify SSL certificates.
    Published: April 21, 2017; 10:59:00 AM -0400

    V3.1: 5.9 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2016-4828 - The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress mishandles sessions, which allows remote attackers to obtain access by leveraging knowledge of the e-mail address associated with an account.
    Published: June 25, 2016; 5:59:10 PM -0400

    V3.1: 6.5 MEDIUM
     V2.0: 6.4 MEDIUM

  • CVE-2016-4826 - Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4827.
    Published: June 25, 2016; 5:59:08 PM -0400

    V3.1: 6.1 MEDIUM
     V2.0: 4.3 MEDIUM

Created September 20, 2022 , Updated April 25, 2024