U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
The letters N V D typed out in binary
New 2.0 APIs
Emphasis on APIs for web automation
2022-23 Change Timeline
Icon for CISA Known Exploited Vulnerabilities Catalog Announcement
New Parameters

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2023-34053 - In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: ... read CVE-2023-34053
    Published: November 28, 2023; 4:15:06 AM -0500

    V3.1: 7.5 HIGH

  • CVE-2023-34054 - In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an applicatio... read CVE-2023-34054
    Published: November 28, 2023; 4:15:07 AM -0500

    V3.1: 7.5 HIGH

  • CVE-2023-34055 - In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of ... read CVE-2023-34055
    Published: November 28, 2023; 4:15:07 AM -0500

    V3.1: 6.5 MEDIUM

  • CVE-2023-29063 - The FACSChorus workstation does not prevent physical access to its PCI express (PCIe) slots, which could allow a threat actor to insert a PCI card designed for memory capture. A threat actor can then isolate sensitive information such as a BitLock... read CVE-2023-29063
    Published: November 28, 2023; 4:15:07 PM -0500

    V3.1: 2.4 LOW

  • CVE-2023-6150 - Improper Privilege Management vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users.This issue affects e-municipality module: before v.105.
    Published: November 28, 2023; 5:15:07 AM -0500

    V3.1: 7.5 HIGH

  • CVE-2023-6151 - Improper Privilege Management vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users.This issue affects e-municipality module: before v.105.
    Published: November 28, 2023; 5:15:07 AM -0500

    V3.1: 7.5 HIGH

  • CVE-2023-29062 - The Operating System hosting the FACSChorus application is configured to allow transmission of hashed user credentials upon user action without adequately validating the identity of the requested resource. This is possible through the use of LLMNR... read CVE-2023-29062
    Published: November 28, 2023; 4:15:07 PM -0500

    V3.1: 3.8 LOW

  • CVE-2023-29061 - There is no BIOS password on the FACSChorus workstation. A threat actor with physical access to the workstation can potentially exploit this vulnerability to access the BIOS configuration and modify the drive boot order and BIOS pre-boot authentic... read CVE-2023-29061
    Published: November 28, 2023; 4:15:07 PM -0500

    V3.1: 5.2 MEDIUM

  • CVE-2023-42004 - IBM Security Guardium 11.3, 11.4, and 11.5 is potentially vulnerable to CSV injection. A remote attacker could execute malicious commands due to improper validation of csv file contents. IBM X-Force ID: 265262.
    Published: November 28, 2023; 6:15:07 AM -0500

    V3.1: 8.8 HIGH

  • CVE-2023-49062 - Katran could disclose non-initialized kernel memory as part of an IP header. The issue was present for IPv4 encapsulation and ICMP (v4) Too Big packet generation. After a bpf_xdp_adjust_head call, Katran code didn’t initialize the Identification f... read CVE-2023-49062
    Published: November 28, 2023; 11:15:07 AM -0500

    V3.1: 7.5 HIGH

  • CVE-2023-5981 - A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.
    Published: November 28, 2023; 7:15:07 AM -0500

    V3.1: 5.9 MEDIUM

  • CVE-2023-46944 - An issue in GitKraken GitLens before v.14.0.0 allows an attacker to execute arbitrary code via a crafted file to the Visual Studio Codes workspace trust component.
    Published: November 28, 2023; 5:15:06 PM -0500

    V3.1: 7.8 HIGH

  • CVE-2023-45539 - HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static... read CVE-2023-45539
    Published: November 28, 2023; 3:15:07 PM -0500

    V3.1: 8.2 HIGH

  • CVE-2023-6201 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Univera Computer System Panorama allows Command Injection.This issue affects Panorama: before 8.0.
    Published: November 28, 2023; 7:15:07 AM -0500

    V3.1: 8.8 HIGH

  • CVE-2023-48121 - An authentication bypass vulnerability in the Direct Connection Module in Ezviz CS-C6N-xxx prior to v5.3.x build 20230401, Ezviz CS-CV310-xxx prior to v5.3.x build 20230401, Ezviz CS-C6CN-xxx prior to v5.3.x build 20230401, Ezviz CS-C3N-xxx prior ... read CVE-2023-48121
    Published: November 28, 2023; 2:15:07 PM -0500

    V3.1: 5.3 MEDIUM

  • CVE-2023-29060 - The FACSChorus workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to system information and potentially exfiltrate data.
    Published: November 28, 2023; 3:15:07 PM -0500

    V3.1: 5.7 MEDIUM

  • CVE-2023-41264 - Netwrix Usercube before 6.0.215, in certain misconfigured on-premises installations, allows authentication bypass on deployment endpoints, leading to privilege escalation. This only occurs if the configuration omits the required restSettings.Autho... read CVE-2023-41264
    Published: November 28, 2023; 12:15:07 PM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2023-46589 - Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer h... read CVE-2023-46589
    Published: November 28, 2023; 11:15:06 AM -0500

    V3.1: 7.5 HIGH

  • CVE-2022-41678 - Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution.  In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHan... read CVE-2022-41678
    Published: November 28, 2023; 11:15:06 AM -0500

    V3.1: 8.8 HIGH

  • CVE-2023-6239 - Under rare conditions, the effective permissions of an object might be incorrectly calculated if the object has a specific configuration of metadata-driven permissions in M-Files Server versions 23.9, 23.10, and 23.11 before 23.11.13168.7, potenti... read CVE-2023-6239
    Published: November 28, 2023; 9:15:07 AM -0500

    V3.1: 8.8 HIGH