U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
The letters N V D typed out in binary
New 2.0 APIs
Emphasis on APIs for web automation
2022-23 Change Timeline
Icon for CISA Known Exploited Vulnerabilities Catalog Announcement
New Parameters

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2023-6357 - A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device.
    Published: December 05, 2023; 10:15:08 AM -0500

    V3.1: 8.8 HIGH

  • CVE-2023-30581 - The use of __proto__ in process.mainModule.__proto__.require() can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active re... read CVE-2023-30581
    Published: November 22, 2023; 7:15:07 PM -0500

    V3.1: 7.5 HIGH

  • CVE-2023-42581 - Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access data.
    Published: December 04, 2023; 10:15:19 PM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2023-28551 - Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.
    Published: December 04, 2023; 10:15:09 PM -0500

    V3.1: 7.8 HIGH

  • CVE-2023-43305 - An issue in studio kent mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
    Published: December 07, 2023; 9:15:06 PM -0500

    V3.1: 8.2 HIGH

  • CVE-2023-38712 - An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message... read CVE-2023-38712
    Published: August 25, 2023; 5:15:08 PM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2023-24547 - On affected platforms running Arista MOS, the configuration of a BGP password will cause the password to be logged in clear text that can be revealed in local logs or remote logging servers by authenticated users, as well as appear in clear text i... read CVE-2023-24547
    Published: December 05, 2023; 7:15:07 PM -0500

    V3.1: 6.5 MEDIUM

  • CVE-2023-28876 - A Broken Access Control issue in comments to uploaded files in Filerun through Update 20220202 allows attackers to delete comments on files uploaded by other users.
    Published: December 05, 2023; 8:15:07 PM -0500

    V3.1: 4.3 MEDIUM

  • CVE-2023-28875 - A Stored XSS issue in shared files download terms in Filerun Update 20220202 allows attackers to inject JavaScript code that is executed when a user follows the crafted share link.
    Published: December 05, 2023; 8:15:07 PM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2023-33080 - Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.
    Published: December 04, 2023; 10:15:12 PM -0500

    V3.1: 7.5 HIGH

  • CVE-2023-33081 - Transient DOS while converting TWT (Target Wake Time) frame parameters in the OTA broadcast.
    Published: December 04, 2023; 10:15:12 PM -0500

    V3.1: 7.5 HIGH

  • CVE-2023-48930 - xinhu xinhuoa 2.2.1 contains a File upload vulnerability.
    Published: December 05, 2023; 8:15:07 PM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2021-27795 - Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software, which supports the license string format; contain cryptographic issues that could allow for the installation of forged or fraudulent license keys. Th... read CVE-2021-27795
    Published: December 05, 2023; 9:15:06 PM -0500

    V3.1: 8.1 HIGH

  • CVE-2023-48940 - A stored cross-site scripting (XSS) vulnerability in /admin.php of DaiCuo v2.5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
    Published: December 05, 2023; 9:15:06 PM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2023-38710 - An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALID_SPI is sent back. The notify payload's protocol ID is copied from the incoming pa... read CVE-2023-38710
    Published: August 25, 2023; 5:15:08 PM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2023-5871 - A flaw was found in libnbd, due to a malicious Network Block Device (NBD), a protocol for accessing Block Devices such as hard disks over a Network. This issue may allow a malicious NBD server to cause a Denial of Service.
    Published: November 27, 2023; 7:15:07 AM -0500

    V3.1: 5.3 MEDIUM

  • CVE-2023-49093 - HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage. This vulnerability has been patched in version 3.9.0
    Published: December 04, 2023; 12:15:07 AM -0500

    V3.1: 8.8 HIGH

  • CVE-2023-6508 - Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
    Published: December 05, 2023; 9:15:07 PM -0500

    V3.1: 8.8 HIGH

  • CVE-2023-6509 - Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security ... read CVE-2023-6509
    Published: December 05, 2023; 9:15:07 PM -0500

    V3.1: 8.8 HIGH

  • CVE-2023-6510 - Use after free in Media Capture in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security seve... read CVE-2023-6510
    Published: December 05, 2023; 9:15:07 PM -0500

    V3.1: 8.8 HIGH