U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
The letters N V D typed out in binary
New 2.0 APIs
Emphasis on APIs for web automation
2022-23 Change Timeline
Icon for CISA Known Exploited Vulnerabilities Catalog Announcement
New Parameters

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2022-42421 - This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil... read CVE-2022-42421
    Published: January 26, 2023; 1:59:58 PM -0500

    V3.1: 7.8 HIGH

  • CVE-2022-42418 - This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil... read CVE-2022-42418
    Published: January 26, 2023; 1:59:58 PM -0500

    V3.1: 7.8 HIGH

  • CVE-2022-42419 - This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil... read CVE-2022-42419
    Published: January 26, 2023; 1:59:58 PM -0500

    V3.1: 7.8 HIGH

  • CVE-2022-42420 - This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil... read CVE-2022-42420
    Published: January 26, 2023; 1:59:58 PM -0500

    V3.1: 7.8 HIGH

  • CVE-2022-42423 - This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil... read CVE-2022-42423
    Published: January 26, 2023; 1:59:58 PM -0500

    V3.1: 7.8 HIGH

  • CVE-2022-42408 - This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic... read CVE-2022-42408
    Published: January 26, 2023; 1:59:57 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2022-42414 - This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic... read CVE-2022-42414
    Published: January 26, 2023; 1:59:58 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2022-42415 - This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil... read CVE-2022-42415
    Published: January 26, 2023; 1:59:58 PM -0500

    V3.1: 7.8 HIGH

  • CVE-2022-42416 - This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil... read CVE-2022-42416
    Published: January 26, 2023; 1:59:58 PM -0500

    V3.1: 7.8 HIGH

  • CVE-2022-42417 - This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil... read CVE-2022-42417
    Published: January 26, 2023; 1:59:58 PM -0500

    V3.1: 7.8 HIGH

  • CVE-2023-0101 - A privilege escalation vulnerability was identified in Nessus versions 8.10.1 through 8.15.8 and 10.0.0 through 10.4.1. An authenticated attacker could potentially execute a specially crafted file to obtain root or NT AUTHORITY / SYSTEM privileges... read CVE-2023-0101
    Published: January 20, 2023; 2:15:17 PM -0500

    V3.1: 8.8 HIGH

  • CVE-2023-23012 - Cross Site Scripting (XSS) vulnerability in craigrodway classroombookings 2.6.4 allows attackers to execute arbitrary code or other unspecified impacts via the input bgcol in file Weeks.php.
    Published: January 20, 2023; 2:15:18 PM -0500

    V3.1: 6.1 MEDIUM

  • CVE-2022-47015 - MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.
    Published: January 20, 2023; 2:15:17 PM -0500

    V3.1: 7.5 HIGH

  • CVE-2022-42409 - This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic... read CVE-2022-42409
    Published: January 26, 2023; 1:59:57 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2022-42410 - This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil... read CVE-2022-42410
    Published: January 26, 2023; 1:59:57 PM -0500

    V3.1: 7.8 HIGH

  • CVE-2022-47012 - Use of uninitialized variable in function gen_eth_recv in GNS3 dynamips 0.2.21.
    Published: January 20, 2023; 2:15:17 PM -0500

    V3.1: 7.5 HIGH

  • CVE-2022-45748 - An issue was discovered with assimp 5.1.4, a use after free occurred in function ColladaParser::ExtractDataObjectFromChannel in file /code/AssetLib/Collada/ColladaParser.cpp.
    Published: January 20, 2023; 2:15:16 PM -0500

    V3.1: 8.8 HIGH

  • CVE-2023-0164 - OrangeScrum version 2.0.11 allows an authenticated external attacker to execute arbitrary commands on the server. This is possible because the application injects an attacker-controlled parameter into a system function.
    Published: January 18, 2023; 5:15:10 PM -0500

    V3.1: 8.8 HIGH

  • CVE-2023-23010 - Cross Site Scripting (XSS) vulnerability in Ecommerce-CodeIgniter-Bootstrap thru commit d5904379ca55014c5df34c67deda982c73dc7fe5 (on Dec 27, 2022), allows attackers to execute arbitrary code via the languages and trans_load parameters in file add_... read CVE-2023-23010
    Published: January 20, 2023; 2:15:18 PM -0500

    V3.1: 6.1 MEDIUM

  • CVE-2023-23014 - Cross Site Scripting (XSS) vulnerability in InventorySystem thru commit e08fbbe17902146313501ed0b5feba81d58f455c (on Apr 23, 2021) via edit_store_name and edit_active inputs in file InventorySystem.php.
    Published: January 20, 2023; 2:15:18 PM -0500

    V3.1: 6.1 MEDIUM