U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
The letters N V D typed out in binary
New 2.0 APIs
Emphasis on APIs for web automation
2022-23 Change Timeline
Icon for CISA Known Exploited Vulnerabilities Catalog Announcement
New Parameters

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2023-41129 - Cross-Site Request Forgery (CSRF) vulnerability in Patreon Patreon WordPress.This issue affects Patreon WordPress: from n/a through 1.8.6.
    Published: November 18, 2023; 6:15:09 PM -0500

    V3.1: 8.8 HIGH

  • CVE-2023-47772 - Contributor+ Stored Cross-Site Scripting (XSS) vulnerability in Slider Revolution <= 6.6.14.
    Published: November 20, 2023; 10:15:09 AM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2023-5419 - The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_af2_test_mail function in versions up to, and including, 3.4. This makes it possible for authenticated attac... read CVE-2023-5419
    Published: November 22, 2023; 11:15:12 AM -0500

    V3.1: 4.3 MEDIUM

  • CVE-2023-5417 - The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_update_category function in versions up to, and including, 3.4. This makes it possible for authenticated att... read CVE-2023-5417
    Published: November 22, 2023; 11:15:12 AM -0500

    V3.1: 4.3 MEDIUM

  • CVE-2023-5416 - The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_delete_category function in versions up to, and including, 3.4. This makes it possible for authenticated att... read CVE-2023-5416
    Published: November 22, 2023; 11:15:12 AM -0500

    V3.1: 4.3 MEDIUM

  • CVE-2023-5415 - The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_add_category function in versions up to, and including, 3.4. This makes it possible for authenticated attack... read CVE-2023-5415
    Published: November 22, 2023; 11:15:12 AM -0500

    V3.1: 4.3 MEDIUM

  • CVE-2023-5411 - The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_af2_save_post function in versions up to, and including, 3.4. This makes it possible for authenticated attac... read CVE-2023-5411
    Published: November 22, 2023; 11:15:12 AM -0500

    V3.1: 4.3 MEDIUM

  • CVE-2023-5387 - The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_af2_trigger_dark_mode function in versions up to, and including, 3.4. This makes it possible for authenticat... read CVE-2023-5387
    Published: November 22, 2023; 11:15:11 AM -0500

    V3.1: 4.3 MEDIUM

  • CVE-2023-5386 - The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_delete_posts function in versions up to, and including, 3.4. This makes it possible for authenticated attack... read CVE-2023-5386
    Published: November 22, 2023; 11:15:11 AM -0500

    V3.1: 4.3 MEDIUM

  • CVE-2023-5385 - The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_copy_posts function in versions up to, and including, 3.4. This makes it possible for authenticated attacker... read CVE-2023-5385
    Published: November 22, 2023; 11:15:11 AM -0500

    V3.1: 4.3 MEDIUM

  • CVE-2023-5383 - The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4. This is due to missing or incorrect nonce validation on the fnsf_copy_posts function. This makes it possible for unauthent... read CVE-2023-5383
    Published: November 22, 2023; 11:15:11 AM -0500

    V3.1: 4.3 MEDIUM

  • CVE-2023-5382 - The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4. This is due to missing or incorrect nonce validation on the fnsf_delete_posts function. This makes it possible for unauthe... read CVE-2023-5382
    Published: November 22, 2023; 11:15:11 AM -0500

    V3.1: 4.3 MEDIUM

  • CVE-2023-20533 - Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.
    Published: November 14, 2023; 2:15:15 PM -0500

    V3.1: 7.5 HIGH

  • CVE-2023-22313 - Improper buffer restrictions in some Intel(R) QAT Library software before version 22.07.1 may allow a privileged user to potentially enable information disclosure via local access.
    Published: November 14, 2023; 2:15:17 PM -0500

    V3.1: 2.3 LOW

  • CVE-2023-22327 - Out-of-bounds write in firmware for some Intel(R) FPGA products before version 2.8.1 may allow a privileged user to potentially enable information disclosure via local access.
    Published: November 14, 2023; 2:15:17 PM -0500

    V3.1: 4.4 MEDIUM

  • CVE-2021-46748 - Insufficient bounds checking in the ASP (AMD Secure Processor) may allow an attacker to access memory outside the bounds of what is permissible to a TA (Trusted Application) resulting in a potential denial of service.
    Published: November 14, 2023; 2:15:10 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2021-46766 - Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.
    Published: November 14, 2023; 2:15:10 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2021-46774 - Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.
    Published: November 14, 2023; 2:15:10 PM -0500

    V3.1: 7.5 HIGH

  • CVE-2022-29510 - Improper buffer restrictions in some Intel(R) Server Board M10JNP2SB BIOS firmware before version 7.219 may allow a privileged user to potentially enable escalation of privilege via local access.
    Published: November 14, 2023; 2:15:11 PM -0500

    V3.1: 6.7 MEDIUM

  • CVE-2022-41659 - Improper access control for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access.
    Published: November 14, 2023; 2:15:12 PM -0500

    V3.1: 4.4 MEDIUM