U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
NOTICE

Keyword and keyword exact match searches have been re-enabled. Clarifications on how keyword search operates can be found in the documentation for keyword parameters. For questions and concerns you can contact [email protected] .

The letters N V D typed out in binary
New 2.0 APIs
Emphasis on APIs for web automation
2022-23 Change Timeline
Icon for CISA Known Exploited Vulnerabilities Catalog Announcement
New Parameters

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2022-39987 - A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an authenticated attacker to execute arbitrary OS commands as root via the "entity" POST parameters in /ajax/networking/get_wgkey.php.
    Published: August 01, 2023; 10:15:09 AM -0400

    V3.1: 8.8 HIGH

  • CVE-2022-39986 - A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php.
    Published: August 01, 2023; 10:15:09 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2023-36501 - Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Michael Winkler teachPress plugin <= 9.0.2 versions.
    Published: July 25, 2023; 10:15:10 AM -0400

    V3.1: 6.1 MEDIUM

  • CVE-2023-38303 - An issue was discovered in Webmin 2.021. One can exploit a stored Cross-Site Scripting (XSS) attack to achieve Remote Command Execution (RCE) through the Users and Group's real name parameter.
    Published: July 31, 2023; 11:15:10 AM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2023-38304 - An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality, allowing an attacker to store a malicious payload in the Group Name field when creating a new group.
    Published: July 31, 2023; 11:15:10 AM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2023-33560 - There is a Cross Site Scripting (XSS) vulnerability in "cid" parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3.
    Published: August 01, 2023; 7:15:28 PM -0400

    V3.1: 6.1 MEDIUM

  • CVE-2023-33563 - In PHP Jabbers Time Slots Booking Calendar 3.3 , lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts.
    Published: August 01, 2023; 7:15:29 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2023-33564 - There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3.
    Published: August 01, 2023; 7:15:29 PM -0400

    V3.1: 6.1 MEDIUM

  • CVE-2023-3737 - Inappropriate implementation in Notifications in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to spoof the contents of media notifications via a crafted HTML page. (Chromium security severity: Medium)
    Published: August 01, 2023; 7:15:33 PM -0400

    V3.1: 4.3 MEDIUM

  • CVE-2023-3736 - Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 115.0.5790.98 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
    Published: August 01, 2023; 7:15:33 PM -0400

    V3.1: 4.3 MEDIUM

  • CVE-2023-3735 - Inappropriate implementation in Web API Permission Prompts in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)
    Published: August 01, 2023; 7:15:32 PM -0400

    V3.1: 4.3 MEDIUM

  • CVE-2023-3734 - Inappropriate implementation in Picture In Picture in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
    Published: August 01, 2023; 7:15:32 PM -0400

    V3.1: 4.3 MEDIUM

  • CVE-2023-3733 - Inappropriate implementation in WebApp Installs in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
    Published: August 01, 2023; 7:15:32 PM -0400

    V3.1: 4.3 MEDIUM

  • CVE-2023-3732 - Out of bounds memory access in Mojo in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
    Published: August 01, 2023; 7:15:32 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2023-3731 - Use after free in Diagnostics in Google Chrome on ChromeOS prior to 115.0.5790.98 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security s... read CVE-2023-3731
    Published: August 01, 2023; 7:15:32 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2023-3730 - Use after free in Tab Groups in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: ... read CVE-2023-3730
    Published: August 01, 2023; 7:15:31 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2023-3729 - Use after free in Splitscreen in Google Chrome on ChromeOS prior to 115.0.5790.98 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (Chromium se... read CVE-2023-3729
    Published: August 01, 2023; 7:15:31 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2023-3728 - Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
    Published: August 01, 2023; 7:15:31 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2023-3727 - Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
    Published: August 01, 2023; 7:15:31 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2023-38989 - An issue in the delete function in the UserController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete the Administrator's role information.
    Published: July 31, 2023; 2:15:10 PM -0400

    V3.1: 4.3 MEDIUM