U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

Icon for API Key Announcement
NVD API Key
Icon for CVMAP
NVD Release of CVMAP
Icon for SOAP Retirement
New NVD CVE/CPE API and Legacy SOAP Service Retirement!

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2021-26350 - A TOCTOU race condition in SMU may allow for the caller to obtain and manipulate the address of a message port register which may result in a potential denial of service.
    Published: May 11, 2022; 1:15:08 PM -0400

    V3.1: 4.7 MEDIUM
     V2.0: 1.9 LOW

  • CVE-2022-24910 - A buffer overflow vulnerability exists in the httpd parse_ping_result API functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this ... read CVE-2022-24910
    Published: May 12, 2022; 1:15:10 PM -0400

    V3.1: 6.7 MEDIUM
     V2.0: 4.6 MEDIUM

  • CVE-2022-26782 - Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests ... read CVE-2022-26782
    Published: May 12, 2022; 1:15:11 PM -0400

    V3.1: 8.8 HIGH
     V2.0: 6.5 MEDIUM

  • CVE-2022-26781 - Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests ... read CVE-2022-26781
    Published: May 12, 2022; 1:15:11 PM -0400

    V3.1: 8.8 HIGH
     V2.0: 6.5 MEDIUM

  • CVE-2022-30375 - Sourcecodester Simple Social Networking Site v1.0 is vulnerable to file deletion via /sns/classes/Master.php?f=delete_img.
    Published: May 13, 2022; 10:15:08 AM -0400

    V3.1: 6.5 MEDIUM
     V2.0: 5.5 MEDIUM

  • CVE-2022-0026 - A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\) to execute a progra... read CVE-2022-0026
    Published: May 11, 2022; 1:15:09 PM -0400

    V3.1: 6.7 MEDIUM
     V2.0: 7.2 HIGH

  • CVE-2022-26780 - Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests ... read CVE-2022-26780
    Published: May 12, 2022; 1:15:10 PM -0400

    V3.1: 8.8 HIGH
     V2.0: 6.5 MEDIUM

  • CVE-2022-25995 - A command execution vulnerability exists in the console inhand functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger... read CVE-2022-25995
    Published: May 12, 2022; 1:15:10 PM -0400

    V3.1: 8.8 HIGH
     V2.0: 9.0 HIGH

  • CVE-2022-26002 - A stack-based buffer overflow vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to remote code execution. An attacker can send a sequence of malicious pack... read CVE-2022-26002
    Published: May 12, 2022; 1:15:10 PM -0400

    V3.1: 7.2 HIGH
     V2.0: 6.5 MEDIUM

  • CVE-2022-26007 - An OS command injection vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to command execution. An attacker can send a sequence of requests to trigger this... read CVE-2022-26007
    Published: May 12, 2022; 1:15:10 PM -0400

    V3.1: 7.2 HIGH
     V2.0: 9.0 HIGH

  • CVE-2022-26020 - An information disclosure vulnerability exists in the router configuration export functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to increased privileges. An attacker can send an HTTP request to tr... read CVE-2022-26020
    Published: May 12, 2022; 1:15:10 PM -0400

    V3.1: 6.5 MEDIUM
     V2.0: 4.0 MEDIUM

  • CVE-2022-26042 - An OS command injection vulnerability exists in the daretools binary functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to t... read CVE-2022-26042
    Published: May 12, 2022; 1:15:10 PM -0400

    V3.1: 8.8 HIGH
     V2.0: 6.5 MEDIUM

  • CVE-2022-30376 - Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL Injection via /sns/admin/members/view_member.php?id=.
    Published: May 13, 2022; 10:15:08 AM -0400

    V3.1: 7.2 HIGH
     V2.0: 6.5 MEDIUM

  • CVE-2022-30378 - Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL Injection via /sns/admin/?page=posts/view_post&id=.
    Published: May 13, 2022; 10:15:08 AM -0400

    V3.1: 7.2 HIGH
     V2.0: 6.5 MEDIUM

  • CVE-2022-23705 - A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays, and HPE Nimble Storage Secondary Flash Arrays which could potentially allow the upload, but not execution, of unauthorized... read CVE-2022-23705
    Published: May 09, 2022; 5:15:08 PM -0400

    V3.1: 7.5 HIGH
     V2.0: 5.0 MEDIUM

  • CVE-2022-30379 - Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL Injection via /sns/admin/?page=user/manage_user&id=.
    Published: May 13, 2022; 10:15:08 AM -0400

    V3.1: 7.2 HIGH
     V2.0: 6.5 MEDIUM

  • CVE-2022-26075 - An OS command injection vulnerability exists in the console infactory_wlan functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of r... read CVE-2022-26075
    Published: May 12, 2022; 1:15:10 PM -0400

    V3.1: 8.8 HIGH
     V2.0: 9.0 HIGH

  • CVE-2022-26085 - An OS command injection vulnerability exists in the httpd wlscan_ASP functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request ... read CVE-2022-26085
    Published: May 12, 2022; 1:15:10 PM -0400

    V3.1: 8.8 HIGH
     V2.0: 6.5 MEDIUM

  • CVE-2022-26420 - An OS command injection vulnerability exists in the console infactory_port functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of r... read CVE-2022-26420
    Published: May 12, 2022; 1:15:10 PM -0400

    V3.1: 8.8 HIGH
     V2.0: 9.0 HIGH

  • CVE-2022-26510 - A firmware update vulnerability exists in the iburn firmware checks functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted HTTP request can lead to firmware update. An attacker can send a sequence of requests to trigger this vul... read CVE-2022-26510
    Published: May 12, 2022; 1:15:10 PM -0400

    V3.1: 6.5 MEDIUM
     V2.0: 4.0 MEDIUM