U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

The letters N V D typed out in binary
New 2.0 APIs
Emphasis on APIs for web automation
2022-23 Change Timeline
Icon for CISA Known Exploited Vulnerabilities Catalog Announcement
New Parameters

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2022-0516 - A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw ... read CVE-2022-0516
    Published: March 10, 2022; 12:44:56 PM -0500

    V3.1: 7.8 HIGH
     V2.0: 4.6 MEDIUM

  • CVE-2011-4371 - Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
    Published: January 10, 2012; 4:55:01 PM -0500

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2011-4370 - Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4372 a... read CVE-2011-4370
    Published: January 10, 2012; 4:55:00 PM -0500

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2022-42308 - An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can delete arbitrary files by leveraging a path traversal in the pbx_exchange registration code.
    Published: October 03, 2022; 11:15:22 AM -0400

    V3.1: 7.1 HIGH

  • CVE-2022-42307 - An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) Injection attack through the DiscoveryService service.
    Published: October 03, 2022; 11:15:22 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2022-42306 - An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can send a crafted packet to pbx_exchange during registration and cause a NULL pointer exception, effectively crashing the pbx_exc... read CVE-2022-42306
    Published: October 03, 2022; 11:15:22 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2022-42305 - An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a Path traversal attack through the DiscoveryService service.
    Published: October 03, 2022; 11:15:21 AM -0400

    V3.1: 7.5 HIGH

  • CVE-2022-42304 - An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting idm, nbars, and SLP manager code.
    Published: October 03, 2022; 11:15:21 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2022-42303 - An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a second-order SQL Injection attack affecting the NBFSMCLIENT service by leveraging CVE-2022-42302.
    Published: October 03, 2022; 11:15:21 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2022-33883 - A malicious crafted file consumed through Moldflow Synergy, Moldflow Adviser, Moldflow Communicator, and Advanced Material Exchange applications could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabil... read CVE-2022-33883
    Published: October 03, 2022; 11:15:16 AM -0400

    V3.1: 7.8 HIGH

  • CVE-2022-42301 - An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) injection attack through the nbars process.
    Published: October 03, 2022; 11:15:20 AM -0400

    V3.1: 8.8 HIGH

  • CVE-2022-3125 - The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the se... read CVE-2022-3125
    Published: October 03, 2022; 10:15:20 AM -0400

    V3.1: 8.8 HIGH

  • CVE-2022-3124 - The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the co... read CVE-2022-3124
    Published: October 03, 2022; 10:15:19 AM -0400

    V3.1: 5.3 MEDIUM

  • CVE-2022-42300 - An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server nbars process can be crashed resulting in a denial of service. (Note: the watchdog service will automatically restart the proc... read CVE-2022-42300
    Published: October 03, 2022; 11:15:20 AM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2022-2839 - The Zephyr Project Manager WordPress plugin before 3.2.55 does not have any authorisation as well as CSRF in all its AJAX actions, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of san... read CVE-2022-2839
    Published: October 03, 2022; 10:15:17 AM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2022-42299 - An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a denial of service attack through the DiscoveryService service.
    Published: October 03, 2022; 11:15:20 AM -0400

    V3.1: 7.5 HIGH

  • CVE-2022-32173 - In OrchardCore rc1-11259 to v1.2.2 vulnerable to HTML injection, allow an authenticated user with an editor security role to inject a persistent HTML modal dialog component into the dashboard that will affect admin users.
    Published: October 03, 2022; 9:15:09 AM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2022-36551 - A Server Side Request Forgery (SSRF) in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.0 and earlier allows an authenticated user to access arbitrary files on the system. Furthermore, self-registration is enabled b... read CVE-2022-36551
    Published: October 03, 2022; 8:15:09 AM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2022-42002 - SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS applicati... read CVE-2022-42002
    Published: September 30, 2022; 8:15:10 PM -0400

    V3.1: 9.1 CRITICAL

  • CVE-2022-39268 - ### Impact In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, c... read CVE-2022-39268
    Published: September 30, 2022; 5:15:09 PM -0400

    V3.1: 8.1 HIGH