U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
The letters N V D typed out in binary
New 2.0 APIs
Emphasis on APIs for web automation
2022-23 Change Timeline
Icon for CISA Known Exploited Vulnerabilities Catalog Announcement
New Parameters

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2023-48237 - Vim is an open source command line text editor. In affected versions when shifting lines in operator pending mode and using a very large value, it may be possible to overflow the size of integer. Impact is low, user interaction is required and a c... read CVE-2023-48237
    Published: November 16, 2023; 6:15:09 PM -0500

    V3.1: 4.3 MEDIUM

  • CVE-2023-48231 - Vim is an open source command line text editor. When closing a window, vim may try to access already freed window structure. Exploitation beyond crashing the application has not been shown to be viable. This issue has been addressed in commit `25a... read CVE-2023-48231
    Published: November 16, 2023; 6:15:08 PM -0500

    V3.1: 4.3 MEDIUM

  • CVE-2023-4218 - In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a fo... read CVE-2023-4218
    Published: November 09, 2023; 4:15:08 AM -0500

    V3.1: 5.0 MEDIUM

  • CVE-2023-39544 - CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.
    Published: November 17, 2023; 1:15:33 AM -0500

    V3.1: 8.8 HIGH

  • CVE-2023-39545 - CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.
    Published: November 17, 2023; 1:15:33 AM -0500

    V3.1: 8.8 HIGH

  • CVE-2023-39546 - CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.
    Published: November 17, 2023; 1:15:33 AM -0500

    V3.1: 8.8 HIGH

  • CVE-2023-39548 - CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.
    Published: November 17, 2023; 1:15:34 AM -0500

    V3.1: 8.8 HIGH

  • CVE-2023-48235 - Vim is an open source command line text editor. When parsing relative ex addresses one may unintentionally cause an overflow. Ironically this happens in the existing overflow check, because the line number becomes negative and LONG_MAX - lnum will... read CVE-2023-48235
    Published: November 16, 2023; 6:15:09 PM -0500

    V3.1: 4.3 MEDIUM

  • CVE-2023-39547 - CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.
    Published: November 17, 2023; 1:15:34 AM -0500

    V3.1: 8.8 HIGH

  • CVE-2023-36008 - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
    Published: November 16, 2023; 3:15:28 PM -0500

    V3.1: 6.6 MEDIUM

  • CVE-2023-48111 - Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the time parameter in the function saveParentControlInfo . This vulnerability allows attackers to cause a Denial of Service (DoS) attack
    Published: November 20, 2023; 3:15:07 PM -0500

    V3.1: 7.5 HIGH

  • CVE-2023-48110 - Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow via the urls parameter in the function saveParentControlInfo . This vulnerability allows attackers to cause a Denial of Service (DoS) attack
    Published: November 20, 2023; 3:15:07 PM -0500

    V3.1: 7.5 HIGH

  • CVE-2023-48109 - Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow via the deviceId parameter in the function saveParentControlInfo . This vulnerability allows attackers to cause a Denial of Service (DoS) attack
    Published: November 20, 2023; 3:15:07 PM -0500

    V3.1: 7.5 HIGH

  • CVE-2023-3116 - in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information or rewrite sensitive file through incorrect default permissions.
    Published: November 20, 2023; 7:15:07 AM -0500

    V3.1: 7.1 HIGH

  • CVE-2023-42774 - in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information through incorrect default permissions.
    Published: November 20, 2023; 7:15:08 AM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2023-43612 - in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary file read and write through improper preservation of permissions.
    Published: November 20, 2023; 7:15:08 AM -0500

    V3.1: 7.8 HIGH

  • CVE-2023-46100 - in OpenHarmony v3.2.2 and prior versions allow a local attacker get sensitive buffer information through use of uninitialized resource.
    Published: November 20, 2023; 7:15:08 AM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2023-46705 - in OpenHarmony v3.2.2 and prior versions allow a local attacker causes system information leak through type confusion.
    Published: November 20, 2023; 7:15:08 AM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2023-47217 - in OpenHarmony v3.2.2 and prior versions allow a local attacker cause DOS through buffer overflow.
    Published: November 20, 2023; 7:15:08 AM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2023-6045 - in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through type confusion.
    Published: November 20, 2023; 7:15:09 AM -0500

    V3.1: 7.8 HIGH