U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
The letters N V D typed out in binary
New 2.0 APIs
Emphasis on APIs for web automation
2022-23 Change Timeline
Icon for CISA Known Exploited Vulnerabilities Catalog Announcement
New Parameters

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2023-42283 - Blind SQL injection in api_id parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query.
    Published: November 07, 2023; 3:15:12 AM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2023-33055 - Memory Corruption in Audio while invoking callback function in driver from ADSP.
    Published: November 07, 2023; 1:15:11 AM -0500

    V3.1: 7.8 HIGH

  • CVE-2023-33056 - Transient DOS in WLAN Firmware when firmware receives beacon including T2LM IE.
    Published: November 07, 2023; 1:15:11 AM -0500

    V3.1: 7.5 HIGH

  • CVE-2023-33059 - Memory corruption in Audio while processing the VOC packet data from ADSP.
    Published: November 07, 2023; 1:15:11 AM -0500

    V3.1: 7.8 HIGH

  • CVE-2023-33061 - Transient DOS in WLAN Firmware while parsing WLAN beacon or probe-response frame.
    Published: November 07, 2023; 1:15:11 AM -0500

    V3.1: 7.5 HIGH

  • CVE-2023-33074 - Memory corruption in Audio when SSR event is triggered after music playback is stopped.
    Published: November 07, 2023; 1:15:11 AM -0500

    V3.1: 7.8 HIGH

  • CVE-2023-39345 - strapi is an open-source headless CMS. Versions prior to 4.13.1 did not properly restrict write access to fielded marked as private in the user registration endpoint. As such malicious users may be able to errantly modify their user records. This ... read CVE-2023-39345
    Published: November 06, 2023; 2:15:09 PM -0500

    V3.1: 7.5 HIGH

  • CVE-2023-46254 - capsule-proxy is a reverse proxy for Capsule kubernetes multi-tenancy framework. A bug in the RoleBinding reflector used by `capsule-proxy` gives ServiceAccount tenant owners the right to list Namespaces of other tenants backed by the same owner k... read CVE-2023-46254
    Published: November 06, 2023; 2:15:09 PM -0500

    V3.1: 4.3 MEDIUM

  • CVE-2023-46731 - XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki doesn't properly escape the section URL parameter that is used in the code for displaying administration sections. This allows any user ... read CVE-2023-46731
    Published: November 06, 2023; 2:15:09 PM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2023-46732 - XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to reflected cross-site scripting (RXSS) via the `rev` parameter that is used in the content of the content menu without e... read CVE-2023-46732
    Published: November 06, 2023; 2:15:09 PM -0500

    V3.1: 6.1 MEDIUM

  • CVE-2022-48192 - Cross-site Scripting vulnerability in Softing smartLink SW-HT before 1.30, which allows an attacker to execute a dynamic script (JavaScript, VBScript) in the context of the application.
    Published: November 06, 2023; 3:15:07 PM -0500

    V3.1: 6.1 MEDIUM

  • CVE-2022-48193 - Weak ciphers in Softing smartLink SW-HT before 1.30 are enabled during secure communication (SSL).
    Published: November 06, 2023; 3:15:07 PM -0500

    V3.1: 7.5 HIGH

  • CVE-2023-5719 - The Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent (%) character, in... read CVE-2023-5719
    Published: November 06, 2023; 3:15:07 PM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2023-5777 - Weintek EasyBuilder Pro contains a vulnerability that, even when the private key is immediately deleted after the crash report transmission is finished, the private key is exposed to the public, which could result in obtaining remote control of... read CVE-2023-5777
    Published: November 06, 2023; 3:15:08 PM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2023-20213 - A vulnerability in the CDP processing feature of Cisco ISE could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of the CDP process on an affected device. This vulnerability is due to insufficient bounds ch... read CVE-2023-20213
    Published: November 01, 2023; 1:15:11 PM -0400

    V3.1: 4.3 MEDIUM

  • CVE-2022-4170 - The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set.
    Published: December 09, 2022; 1:15:20 PM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2023-4842 - The Social Sharing Plugin - Social Warfare plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'social_warfare' shortcode in versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping on user ... read CVE-2023-4842
    Published: November 07, 2023; 7:15:12 AM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2023-4888 - The Simple Like Page Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sfp-page-plugin' shortcode in versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping on user supplied attri... read CVE-2023-4888
    Published: November 07, 2023; 7:15:12 AM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2023-20195 - Two vulnerabilities in Cisco ISE could allow an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. These v... read CVE-2023-20195
    Published: November 01, 2023; 1:15:11 PM -0400

    V3.1: 7.2 HIGH

  • CVE-2023-5567 - The QR Code Tag plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'qrcodetag' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it... read CVE-2023-5567
    Published: November 07, 2023; 7:15:12 AM -0500

    V3.1: 5.4 MEDIUM