U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

Icon for CISA Known Exploited Vulnerabilities Catalog Announcement
New Parameters
Icon for CVMAP
Changes to Data Feeds and API
Icon for CVSS
Retirement of CVSS v2

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2022-2694 - A vulnerability was found in SourceCodester Company Website CMS and classified as critical. This issue affects some unknown processing. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been discl... read CVE-2022-2694
    Published: August 06, 2022; 2:15:08 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2022-32543 - An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. A specially-crafted OLE file can lead to a heap buffer overflow which can result in arbitrary code execution. An attacker can provide a malicious file to... read CVE-2022-32543
    Published: August 05, 2022; 6:15:11 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2022-29886 - An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. A specially-crafted OLE file can lead to a heap buffer overflow, which can result in arbitrary code execution. An attacker can provide a malicious file t... read CVE-2022-29886
    Published: August 05, 2022; 6:15:11 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2022-29465 - An out-of-bounds write vulnerability exists in the PSD Header processing memory allocation functionality of Accusoft ImageGear 20.0. A specially-crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trig... read CVE-2022-29465
    Published: August 05, 2022; 6:15:11 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2022-27631 - A memory corruption vulnerability exists in the httpd unescape functionality of DD-WRT Revision 32270 - Revision 48599. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerab... read CVE-2022-27631
    Published: August 05, 2022; 6:15:11 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2021-27798 - ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability in Brocade Fabric OS versions v7.4.1b and v7.3.1d could allow local users to conduct privileged directory transversal. Brocade Fabric OS versions v7.4.1.x and v7.3.x have reached end of life. Brocade... read CVE-2021-27798
    Published: August 05, 2022; 12:15:10 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2022-26376 - A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a n... read CVE-2022-26376
    Published: August 05, 2022; 6:15:11 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2022-31618 - NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can dereference a null pointer, which may lead to denial of service.
    Published: August 05, 2022; 5:15:08 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2022-37451 - Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc.
    Published: August 06, 2022; 2:15:08 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2022-27944 - Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow an exportXFAData NULL pointer dereference.
    Published: August 06, 2022; 4:15:08 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2022-26979 - Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow a NULL pointer dereference when this.Span is used for oState of Collab.addStateModel, because this.Span.text can be NULL.
    Published: August 06, 2022; 5:15:08 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2022-34844 - In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, and all versions of BIG-IQ 8.x, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG-IP or BIG-IQ on Amazon Web Services (AWS) system... read CVE-2022-34844
    Published: August 04, 2022; 2:15:10 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2022-34655 - In BIG-IP Versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an iRule containing the HTTP::payload command is configured on a virtual server, undisclosed traffic can cause Traffic Management Microkernel (TMM) t... read CVE-2022-34655
    Published: August 04, 2022; 2:15:10 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2022-34651 - In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, when an LTM Client or Server SSL profile with TLS 1.3 enabled is configured on a virtual server, along with an iRule that calls HTTP::respond, undisclosed requests can cause the... read CVE-2022-34651
    Published: August 04, 2022; 2:15:10 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2022-33968 - In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, when an LTM monitor or APM SSO is configured on a virtual server, and NTLM challenge-response is in use,... read CVE-2022-33968
    Published: August 04, 2022; 2:15:09 PM -0400

    V3.1: 4.9 MEDIUM

  • CVE-2022-33962 - In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, certain iRules commands may allow an attacker to bypass the access control restrictions for a self IP ad... read CVE-2022-33962
    Published: August 04, 2022; 2:15:09 PM -0400

    V3.1: 6.7 MEDIUM

  • CVE-2022-33947 - In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, a vulnerability exists in undisclosed pages of the BIG-IP DNS Traffic Management User Interface (TMUI) that allows an authenticated ... read CVE-2022-33947
    Published: August 04, 2022; 2:15:09 PM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2022-33203 - In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when a BIG-IP APM access policy with Service Connect agent is configured on a virtual server, undisclosed requests can cause an increase in memory resource ... read CVE-2022-33203
    Published: August 04, 2022; 2:15:09 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2022-32455 - In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when a BIG-IP LTM Client SSL profile is configured on a virtual server to perform client certificate authentication with session t... read CVE-2022-32455
    Published: August 04, 2022; 2:15:09 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2022-31473 - In BIG-IP Versions 16.1.x before 16.1.1 and 15.1.x before 15.1.4, when running in Appliance mode, an authenticated attacker may be able to bypass Appliance mode restrictions due to a directory traversal vulnerability in an undisclosed page within ... read CVE-2022-31473
    Published: August 04, 2022; 2:15:09 PM -0400

    V3.1: 7.7 HIGH