U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
The letters N V D typed out in binary
New 2.0 APIs
Emphasis on APIs for web automation
2022-23 Change Timeline
Icon for CISA Known Exploited Vulnerabilities Catalog Announcement
New Parameters

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2022-43289 - Deark v.1.6.2 was discovered to contain a stack overflow via the do_prism_read_palette() function at /modules/atari-img.c.
    Published: December 19, 2022; 1:15:11 PM -0500

    V3.1: 7.8 HIGH

  • CVE-2022-46543 - Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the mitInterface parameter at /goform/addressNat.
    Published: December 20, 2022; 10:15:12 AM -0500

    V3.1: 7.5 HIGH

  • CVE-2022-46542 - Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the page parameter at /goform/addressNat.
    Published: December 20, 2022; 10:15:12 AM -0500

    V3.1: 7.5 HIGH

  • CVE-2022-46541 - Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the ssid parameter at /goform/fast_setting_wifi_set.
    Published: December 20, 2022; 10:15:12 AM -0500

    V3.1: 7.5 HIGH

  • CVE-2022-46540 - Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the entrys parameter at /goform/addressNat.
    Published: December 20, 2022; 10:15:12 AM -0500

    V3.1: 7.5 HIGH

  • CVE-2022-4647 - Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.2.
    Published: December 21, 2022; 9:15:08 PM -0500

    V3.1: 6.1 MEDIUM

  • CVE-2022-4617 - Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.2.
    Published: December 20, 2022; 8:15:11 PM -0500

    V3.1: 6.1 MEDIUM

  • CVE-2022-43382 - IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a local user with elevated privileges to exploit a vulnerability in the lpd daemon to cause a denial of service. IBM X-Force ID: 238641.
    Published: December 20, 2022; 4:15:11 PM -0500

    V3.1: 4.4 MEDIUM

  • CVE-2022-39166 - IBM Security Guardium 11.4 could allow a privileged user to obtain sensitive information inside of an HTTP response. IBM X-Force ID: 235405.
    Published: December 20, 2022; 4:15:10 PM -0500

    V3.1: 4.9 MEDIUM

  • CVE-2022-38391 - IBM Spectrum Control 5.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 233982.
    Published: December 20, 2022; 4:15:10 PM -0500

    V3.1: 7.5 HIGH

  • CVE-2022-1887 - The search term could have been specified externally to trigger SQL injection. This vulnerability affects Firefox for iOS < 101.
    Published: December 22, 2022; 3:15:13 PM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2021-4221 - If a domain name contained a RTL character, it would cause the domain to be rendered to the right of the path. This could lead to user confusion and spoofing attacks. <br>*This bug only affects Firefox for Android. Other operating systems are unaf... read CVE-2021-4221
    Published: December 22, 2022; 3:15:12 PM -0500

    V3.1: 4.3 MEDIUM

  • CVE-2022-46534 - Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the speed_dir parameter at /goform/SetSpeedWan.
    Published: December 20, 2022; 10:15:12 AM -0500

    V3.1: 7.5 HIGH

  • CVE-2022-46535 - Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the deviceId parameter at /goform/SetClientState.
    Published: December 20, 2022; 10:15:12 AM -0500

    V3.1: 7.5 HIGH

  • CVE-2022-46536 - Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the limitSpeedUp parameter at /goform/SetClientState.
    Published: December 20, 2022; 10:15:12 AM -0500

    V3.1: 7.5 HIGH

  • CVE-2022-46537 - Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the security parameter at /goform/WifiBasicSet.
    Published: December 20, 2022; 10:15:12 AM -0500

    V3.1: 7.5 HIGH

  • CVE-2022-46538 - Tenda F1203 V2.0.1.6 was discovered to contain a command injection vulnerability via the mac parameter at /goform/WriteFacMac.
    Published: December 20, 2022; 10:15:12 AM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2022-30679 - Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may b... read CVE-2022-30679
    Published: December 19, 2022; 3:15:10 PM -0500

    V3.1: 6.1 MEDIUM

  • CVE-2022-46539 - Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the security_5g parameter at /goform/WifiBasicSet.
    Published: December 20, 2022; 10:15:12 AM -0500

    V3.1: 7.5 HIGH

  • CVE-2022-46530 - Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the mac parameter at /goform/GetParentControlInfo.
    Published: December 20, 2022; 10:15:11 AM -0500

    V3.1: 7.5 HIGH