U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
The letters N V D typed out in binary
New 2.0 APIs
Emphasis on APIs for web automation
2022-23 Change Timeline
Icon for CISA Known Exploited Vulnerabilities Catalog Announcement
New Parameters

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2023-6762 - A vulnerability, which was classified as critical, was found in Thecosy IceCMS 2.0.1. Affected is an unknown function of the file /article/DelectArticleById/ of the component Article Handler. The manipulation leads to permission issues. It is poss... read CVE-2023-6762
    Published: December 13, 2023; 11:15:12 AM -0500

    V3.1: 4.3 MEDIUM

  • CVE-2023-6761 - A vulnerability, which was classified as problematic, has been found in Thecosy IceCMS up to 2.0.1. This issue affects some unknown processing of the component User Data Handler. The manipulation leads to improper access controls. The attack may b... read CVE-2023-6761
    Published: December 13, 2023; 11:15:12 AM -0500

    V3.1: 8.8 HIGH

  • CVE-2023-6758 - A vulnerability was found in Thecosy IceCMS 2.0.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file /adplanet/PlanetCommentList of the component API. The manipulation leads to improper access controls... read CVE-2023-6758
    Published: December 13, 2023; 10:15:08 AM -0500

    V3.1: 4.3 MEDIUM

  • CVE-2023-48635 - Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations s... read CVE-2023-48635
    Published: December 13, 2023; 9:15:46 AM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2023-48634 - Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requ... read CVE-2023-48634
    Published: December 13, 2023; 9:15:46 AM -0500

    V3.1: 7.8 HIGH

  • CVE-2023-48633 - Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user in... read CVE-2023-48633
    Published: December 13, 2023; 9:15:45 AM -0500

    V3.1: 7.8 HIGH

  • CVE-2023-48632 - Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires u... read CVE-2023-48632
    Published: December 13, 2023; 9:15:45 AM -0500

    V3.1: 7.8 HIGH

  • CVE-2023-48630 - Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in th... read CVE-2023-48630
    Published: December 13, 2023; 9:15:45 AM -0500

    V3.1: 7.8 HIGH

  • CVE-2023-48629 - Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in th... read CVE-2023-48629
    Published: December 13, 2023; 9:15:45 AM -0500

    V3.1: 7.8 HIGH

  • CVE-2023-48628 - Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in th... read CVE-2023-48628
    Published: December 13, 2023; 9:15:45 AM -0500

    V3.1: 7.8 HIGH

  • CVE-2023-48627 - Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in th... read CVE-2023-48627
    Published: December 13, 2023; 9:15:44 AM -0500

    V3.1: 7.8 HIGH

  • CVE-2023-48626 - Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in th... read CVE-2023-48626
    Published: December 13, 2023; 9:15:44 AM -0500

    V3.1: 7.8 HIGH

  • CVE-2023-48625 - Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in th... read CVE-2023-48625
    Published: December 13, 2023; 9:15:44 AM -0500

    V3.1: 7.8 HIGH

  • CVE-2023-50137 - JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) in the site management office.
    Published: December 14, 2023; 11:15:52 AM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2023-50102 - JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS).
    Published: December 14, 2023; 11:15:52 AM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2023-50101 - JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via Label management editing.
    Published: December 14, 2023; 11:15:52 AM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2023-48559 - Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript ... read CVE-2023-48559
    Published: December 15, 2023; 6:15:34 AM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2023-48560 - Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript ... read CVE-2023-48560
    Published: December 15, 2023; 6:15:34 AM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2023-48561 - Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript ... read CVE-2023-48561
    Published: December 15, 2023; 6:15:34 AM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2023-48562 - Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript ... read CVE-2023-48562
    Published: December 15, 2023; 6:15:35 AM -0500

    V3.1: 5.4 MEDIUM