U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
The letters N V D typed out in binary
New 2.0 APIs
Emphasis on APIs for web automation
2022-23 Change Timeline
Icon for CISA Known Exploited Vulnerabilities Catalog Announcement
New Parameters

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2023-46751 - An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer.
    Published: December 06, 2023; 3:15:07 PM -0500

    V3.1: 7.5 HIGH

  • CVE-2023-46353 - In the module "Product Tag Icons Pro" (ticons) before 1.8.4 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The method TiconProduct::getTiconByProductAndTicon() has sensitive SQL calls that can be executed with a trivial http c... read CVE-2023-46353
    Published: December 06, 2023; 6:15:07 PM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2023-46354 - In the module "Orders (CSV, Excel) Export PRO" (ordersexport) < 5.2.0 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can access exports from the mod... read CVE-2023-46354
    Published: December 06, 2023; 6:15:07 PM -0500

    V3.1: 7.5 HIGH

  • CVE-2023-6568 - Cross-site Scripting (XSS) - Reflected in GitHub repository mlflow/mlflow prior to 2.9.0.
    Published: December 07, 2023; 12:15:09 AM -0500

    V3.1: 6.1 MEDIUM

  • CVE-2023-46974 - Cross Site Scripting vulnerability in Best Courier Management System v.1.000 allows a remote attacker to execute arbitrary code via a crafted payload to the page parameter in the URL.
    Published: December 07, 2023; 9:15:08 AM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2023-49372 - JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/save.
    Published: December 05, 2023; 10:15:07 AM -0500

    V3.1: 8.8 HIGH

  • CVE-2023-49447 - JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/update.
    Published: December 05, 2023; 10:15:08 AM -0500

    V3.1: 8.8 HIGH

  • CVE-2023-49373 - JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/slide/delete.
    Published: December 05, 2023; 10:15:07 AM -0500

    V3.1: 8.8 HIGH

  • CVE-2023-49374 - JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/update.
    Published: December 05, 2023; 10:15:07 AM -0500

    V3.1: 8.8 HIGH

  • CVE-2023-49446 - JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/save.
    Published: December 05, 2023; 10:15:08 AM -0500

    V3.1: 8.8 HIGH

  • CVE-2023-49398 - JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/delete.
    Published: December 05, 2023; 10:15:08 AM -0500

    V3.1: 8.8 HIGH

  • CVE-2023-49397 - JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/updateStatus.
    Published: December 05, 2023; 10:15:08 AM -0500

    V3.1: 8.8 HIGH

  • CVE-2023-49375 - JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/update.
    Published: December 05, 2023; 10:15:07 AM -0500

    V3.1: 8.8 HIGH

  • CVE-2023-49376 - JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/delete.
    Published: December 05, 2023; 10:15:07 AM -0500

    V3.1: 8.8 HIGH

  • CVE-2023-49377 - JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/update.
    Published: December 05, 2023; 10:15:08 AM -0500

    V3.1: 8.8 HIGH

  • CVE-2023-49379 - JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /admin/friend_link/save.
    Published: December 05, 2023; 10:15:08 AM -0500

    V3.1: 8.8 HIGH

  • CVE-2023-49378 - JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/form/save.
    Published: December 05, 2023; 10:15:08 AM -0500

    V3.1: 8.8 HIGH

  • CVE-2023-49396 - JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/save.
    Published: December 05, 2023; 10:15:08 AM -0500

    V3.1: 8.8 HIGH

  • CVE-2023-49395 - JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/update.
    Published: December 05, 2023; 10:15:08 AM -0500

    V3.1: 8.8 HIGH

  • CVE-2023-49383 - JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/save.
    Published: December 05, 2023; 10:15:08 AM -0500

    V3.1: 8.8 HIGH