NVD Dashboard
CVEs Received and Processed
Time Period | New CVEs Received by NVD | New CVEs Analyzed by NVD | Modified CVEs Received by NVD | Modified CVEs Re-analyzed by NVD |
---|---|---|---|---|
Today | {{data.count}} | |||
This Week | {{data.count}} | |||
This Month | {{data.count}} | |||
Last Month | {{data.count}} | |||
This Year | {{data.count}} |
CVE Status Count
{{data.name}} | {{data.count}} |
NVD Contains
CVE Vulnerabilities | 250330 |
Checklists | 787 |
US-CERT Alerts | 249 |
US-CERT Vuln Notes | 4486 |
OVAL Queries | 10286 |
CPE Names | 1266499 |
CVSS V3 Score Distribution
Severity | Number of Vulns |
---|---|
{{data.name}} | {{data.count}} |
CVSS V2 Score Distribution
Severity | Number of Vulns |
---|---|
{{data.name}} | {{data.count}} |
For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
-
CVE-2023-6837 - Multiple WSO2 products have been identified as vulnerable to perform user impersonatoin using JIT provisioning. In order for this vulnerability to have any impact on your deployment, following conditions must be met: * An IDP configured for fe... read CVE-2023-6837
Published: December 15, 2023; 5:15:09 AM -0500V3.1: 8.2 HIGH
-
CVE-2022-48656 - In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma-private: Fix refcount leak bug in of_xudma_dev_get() We should call of_node_put() for the reference returned by of_parse_phandle() in fail path or when it... read CVE-2022-48656
Published: April 28, 2024; 9:15:07 AM -0400V3.1: 5.5 MEDIUM
-
CVE-2022-48657 - In the Linux kernel, the following vulnerability has been resolved: arm64: topology: fix possible overflow in amu_fie_setup() cpufreq_get_hw_max_freq() returns max frequency in kHz as *unsigned int*, while freq_inv_set_max_ratio() gets passed th... read CVE-2022-48657
Published: April 28, 2024; 9:15:07 AM -0400V3.1: 7.8 HIGH
-
CVE-2024-4671 - Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Published: May 14, 2024; 11:44:15 AM -0400V3.1: 9.6 CRITICAL
-
CVE-2024-4040 - A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gai... read CVE-2024-4040
Published: April 22, 2024; 4:15:07 PM -0400V3.1: 10.0 CRITICAL
-
CVE-2024-3400 - A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to ... read CVE-2024-3400
Published: April 12, 2024; 4:15:06 AM -0400V3.1: 10.0 CRITICAL
-
CVE-2024-3167 - The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘twitter_username’ parameter in versions up to, and including, 2.2.6 due to insufficient input sanitization and output escaping. This makes it possible for a... read CVE-2024-3167
Published: April 09, 2024; 3:15:39 PM -0400V3.1: 6.4 MEDIUM
-
CVE-2024-3159 - Out of bounds memory access in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
Published: April 06, 2024; 11:15:26 AM -0400V3.1: 8.8 HIGH
-
CVE-2024-3158 - Use after free in Bookmarks in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Published: April 06, 2024; 11:15:26 AM -0400V3.1: 8.8 HIGH
-
CVE-2024-3156 - Inappropriate implementation in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Published: April 06, 2024; 11:15:26 AM -0400V3.1: 8.8 HIGH
-
CVE-2024-31497 - In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is ... read CVE-2024-31497
Published: April 15, 2024; 4:15:11 PM -0400V3.1: 5.9 MEDIUM
-
CVE-2024-31353 - Insertion of Sensitive Information into Log File vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8.
Published: April 10, 2024; 12:15:14 PM -0400V3.1: 5.3 MEDIUM
-
CVE-2024-31302 - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in CodePeople Contact Form Email.This issue affects Contact Form Email: from n/a through 1.3.44.
Published: April 10, 2024; 12:15:14 PM -0400V3.1: 5.3 MEDIUM
-
CVE-2024-31138 - In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings
Published: March 28, 2024; 11:15:47 AM -0400V3.1: 5.4 MEDIUM
-
CVE-2024-31137 - In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration
Published: March 28, 2024; 11:15:47 AM -0400V3.1: 6.1 MEDIUM
-
CVE-2024-31135 - In JetBrains TeamCity before 2024.03 open redirect was possible on the login page
Published: March 28, 2024; 11:15:47 AM -0400V3.1: 6.1 MEDIUM
-
CVE-2024-3097 - The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_item function in versions up to, and including, 3.59. This makes it possible for unauthen... read CVE-2024-3097
Published: April 09, 2024; 3:15:39 PM -0400V3.1: 5.3 MEDIUM
-
CVE-2024-30621 - Tenda AX1803 v1.0.0.1 contains a stack overflow via the serverName parameter in the function fromAdvSetMacMtuWan.
Published: April 02, 2024; 10:15:08 AM -0400V3.1: 9.8 CRITICAL
-
CVE-2024-30620 - Tenda AX1803 v1.0.0.1 contains a stack overflow via the serviceName parameter in the function fromAdvSetMacMtuWan.
Published: April 02, 2024; 10:15:08 AM -0400V3.1: 9.8 CRITICAL
-
CVE-2024-30051 - Windows DWM Core Library Elevation of Privilege Vulnerability
Published: May 14, 2024; 1:17:21 PM -0400V3.1: 7.8 HIGH