U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

The letters N V D typed out in binary
New 2.0 APIs
Emphasis on APIs for web automation
2022-23 Change Timeline
Icon for CISA Known Exploited Vulnerabilities Catalog Announcement
New Parameters

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2022-32786 - An issue in the handling of environment variables was addressed with improved validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to modify protected parts of the file... read CVE-2022-32786
    Published: September 23, 2022; 3:15:12 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2022-32785 - A null pointer dereference was addressed with improved validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing an image may lead to a denial-of-service.
    Published: September 23, 2022; 3:15:12 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2022-22637 - A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. A malicious website may cause unexpected cross-origin behavior.
    Published: September 23, 2022; 3:15:11 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2022-32781 - This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5, Security Update 2022-005 Catalina, macOS Big Sur 11.6.8. An app with root privileges may be able to access private informa... read CVE-2022-32781
    Published: September 23, 2022; 3:15:12 PM -0400

    V3.1: 4.4 MEDIUM

  • CVE-2022-32782 - This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.4. An app with root privileges may be able to access private information.
    Published: September 23, 2022; 3:15:12 PM -0400

    V3.1: 4.4 MEDIUM

  • CVE-2022-22628 - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code ... read CVE-2022-22628
    Published: September 23, 2022; 3:15:11 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2022-22624 - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.
    Published: September 23, 2022; 3:15:10 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2022-22610 - A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to code execution.
    Published: September 23, 2022; 3:15:10 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2022-26700 - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution.
    Published: September 23, 2022; 3:15:11 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2022-32790 - This issue was addressed with improved checks. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, macOS Big Sur 11.6.6, Security Update 2022-004 Catalina. A remote user may be able to cause a denial-of-se... read CVE-2022-32790
    Published: September 23, 2022; 3:15:12 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2022-40097 - Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_currency.php.
    Published: September 26, 2022; 5:15:09 PM -0400

    V3.1: 7.2 HIGH

  • CVE-2022-40098 - Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_expense.php.
    Published: September 26, 2022; 5:15:12 PM -0400

    V3.1: 7.2 HIGH

  • CVE-2022-40099 - Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_expense_category.php.
    Published: September 26, 2022; 5:15:12 PM -0400

    V3.1: 7.2 HIGH

  • CVE-2022-21906 - Windows Defender Application Control Security Feature Bypass Vulnerability.
    Published: January 11, 2022; 4:15:12 PM -0500

    V3.1: 5.5 MEDIUM
     V2.0: 2.1 LOW

  • CVE-2022-22826 - nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
    Published: January 10, 2022; 9:12:57 AM -0500

    V3.1: 8.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2022-22827 - storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
    Published: January 10, 2022; 9:12:57 AM -0500

    V3.1: 8.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2021-4052 - Use after free in web apps in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.
    Published: December 22, 2021; 8:15:08 PM -0500

    V3.1: 8.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2021-4053 - Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
    Published: December 22, 2021; 8:15:08 PM -0500

    V3.1: 8.8 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2021-4054 - Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
    Published: December 22, 2021; 8:15:08 PM -0500

    V3.1: 6.5 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2021-4055 - Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.
    Published: December 22, 2021; 8:15:08 PM -0500

    V3.1: 8.8 HIGH
     V2.0: 6.8 MEDIUM