U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
NOTICE

Keyword and keyword exact match searches have been re-enabled. Clarifications on how keyword search operates can be found in the documentation for keyword parameters. For questions and concerns you can contact nvd@nist.gov .

The letters N V D typed out in binary
New 2.0 APIs
Emphasis on APIs for web automation
2022-23 Change Timeline
Icon for CISA Known Exploited Vulnerabilities Catalog Announcement
New Parameters

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2020-35357 - A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL (GNU Scientific Library), versions 2.5 and 2.6. Processing a maliciously crafted input data for gsl_stats_quantile_from_sorted_data of the library ... read CVE-2020-35357
    Published: August 22, 2023; 3:16:20 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2020-23793 - An issue was discovered in spice-server spice-server-0.14.0-6.el7_6.1.x86_64 of Redhat's VDI product. There is a security vulnerablility that can restart KVMvirtual machine without any authorization. It is not yet known if there will be other othe... read CVE-2020-23793
    Published: August 22, 2023; 3:16:19 PM -0400

    V3.1: 8.6 HIGH

  • CVE-2020-28715 - An issue was discovered in kdmserver service in LeEco LeTV X43 version V2401RCN02C080080B04121S, allows attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS).
    Published: August 21, 2023; 8:15:07 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2022-48571 - memcached 1.6.7 allows a Denial of Service via multi-packet uploads in UDP.
    Published: August 22, 2023; 3:16:32 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2023-24514 - Cross-site Scripting (XSS) vulnerability in Visual Console Module of Pandora FMS could be used to hijack admin users session cookie values, carry out phishing attacks, etc. This issue affects Pandora FMS v767 version and prior versions on all plat... read CVE-2023-24514
    Published: August 22, 2023; 3:16:34 PM -0400

    V3.1: 6.1 MEDIUM

  • CVE-2023-38732 - IBM Robotic Process Automation 21.0.0 through 21.0.7 server could allow an authenticated user to view sensitive information from application logs. IBM X-Force ID: 262289.
    Published: August 22, 2023; 3:16:39 PM -0400

    V3.1: 4.3 MEDIUM

  • CVE-2023-38733 - IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 server could allow an authenticated user to view sensitive information from installation logs. IBM X-Force Id: 262293.
    Published: August 22, 2023; 6:15:08 PM -0400

    V3.1: 4.3 MEDIUM

  • CVE-2023-38734 - IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 is vulnerable to incorrect privilege assignment when importing users from an LDAP directory. IBM X-Force ID: 262481.
    Published: August 22, 2023; 6:15:08 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2023-40370 - IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST request computer policy is enabled. IBM X-Force ID: 263470.
    Published: August 22, 2023; 6:15:08 PM -0400

    V3.1: 5.3 MEDIUM

  • CVE-2023-36281 - An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via the via the a json file to the load_prompt parameter.
    Published: August 22, 2023; 3:16:36 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2023-38665 - Null pointer dereference in ieee_write_file in nasm 2.16rc0 allows attackers to cause a denial of service (crash).
    Published: August 22, 2023; 3:16:39 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2023-30078 - A stack overflow vulnerability exists in function econf_writeFile in file atlibeconf/lib/libeconf.c in libeconf 0.5.1 allows attackers to cause a Denial of service or execute arbitrary code.
    Published: August 22, 2023; 3:16:36 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2023-30079 - A stack overflow vulnerability exists in function read_file in atlibeconf/lib/getfilecontents.c in libeconf 0.5.1 allows attackers to cause a Denial of service or execute arbitrary code.
    Published: August 22, 2023; 3:16:36 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2023-24515 - Server-Side Request Forgery (SSRF) vulnerability in API checker of Pandora FMS. Application does not have a check on the URL scheme used while retrieving API URL. Rather than validating the http/https scheme, the application allows other scheme su... read CVE-2023-24515
    Published: August 22, 2023; 3:16:34 PM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2023-24516 - Cross-site Scripting (XSS) vulnerability in the Pandora FMS Special Days component allows an attacker to use it to steal the session cookie value of admin users easily with little user interaction. This issue affects Pandora FMS v767 version and ... read CVE-2023-24516
    Published: August 22, 2023; 3:16:34 PM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2023-24517 - Unrestricted Upload of File with Dangerous Type vulnerability in the Pandora FMS File Manager component, allows an attacker to make make use of this issue ( unrestricted file upload ) to execute arbitrary system commands. This issue affects Pandor... read CVE-2023-24517
    Published: August 22, 2023; 3:16:34 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2022-48570 - Crypto++ through 8.4 contains a timing side channel in ECDSA signature generation. Function FixedSizeAllocatorWithCleanup could write to memory outside of the allocation if the allocated memory was not 16-byte aligned. NOTE: this issue exists beca... read CVE-2022-48570
    Published: August 22, 2023; 3:16:32 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2022-48564 - read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format.
    Published: August 22, 2023; 3:16:31 PM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2022-47069 - p7zip 16.02 was discovered to contain a heap-buffer-overflow vulnerability via the function NArchive::NZip::CInArchive::FindCd(bool) at CPP/7zip/Archive/Zip/ZipIn.cpp.
    Published: August 22, 2023; 3:16:30 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2022-48554 - File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project.
    Published: August 22, 2023; 3:16:31 PM -0400

    V3.1: 5.5 MEDIUM