U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2023-45881 - GibbonEdu Gibbon through version 25.0.0 allows /modules/Planner/resources_addQuick_ajaxProcess.php file upload with resultant XSS. The imageAsLinks parameter must be set to Y to return HTML code. The filename attribute of the bodyfile1 parameter i... read CVE-2023-45881
    Published: November 14, 2023; 1:15:29 AM -0500

    V3.1: 6.1 MEDIUM

  • CVE-2023-6128 - Cross-site Scripting (XSS) - Reflected in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
    Published: November 14, 2023; 11:15:28 AM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2023-26156 - Versions of the package chromedriver before 119.0.1 are vulnerable to Command Injection when setting the chromedriver.path to an arbitrary system binary. This could lead to unauthorized access and potentially malicious actions on the host system. ... read CVE-2023-26156
    Published: November 09, 2023; 12:15:09 AM -0500

    V3.1: 7.5 HIGH

  • CVE-2023-46492 - Cross Site Scripting vulnerability in MLDB.ai v.2017.04.17.0 allows a remote attacker to execute arbitrary code via a crafted payload to the public_html/doc/index.html.
    Published: November 09, 2023; 12:15:11 AM -0500

    V3.1: 6.1 MEDIUM

  • CVE-2023-47248 - Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources (for example user... read CVE-2023-47248
    Published: November 09, 2023; 4:15:08 AM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2023-4612 - Improper Authentication vulnerability in Apereo CAS in jakarta.servlet.http.HttpServletRequest.getRemoteAddr method allows Multi-Factor Authentication bypass.This issue affects CAS: through 7.0.0-RC7. It is unknown whether in new versions the issu... read CVE-2023-4612
    Published: November 09, 2023; 9:15:08 AM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2022-41076 - PowerShell Remote Code Execution Vulnerability
    Published: December 13, 2022; 2:15:11 PM -0500

    V3.1: 8.5 HIGH

  • CVE-2022-41089 - .NET Framework Remote Code Execution Vulnerability
    Published: December 13, 2022; 2:15:12 PM -0500

    V3.1: 7.8 HIGH

  • CVE-2022-41115 - Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability
    Published: December 13, 2022; 2:15:12 PM -0500

    V3.1: 6.6 MEDIUM

  • CVE-2022-41121 - Windows Graphics Component Elevation of Privilege Vulnerability
    Published: December 13, 2022; 2:15:12 PM -0500

    V3.1: 7.8 HIGH

  • CVE-2022-44689 - Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability
    Published: December 13, 2022; 2:15:13 PM -0500

    V3.1: 7.8 HIGH

  • CVE-2022-44702 - Windows Terminal Remote Code Execution Vulnerability
    Published: December 13, 2022; 2:15:14 PM -0500

    V3.1: 7.8 HIGH

  • CVE-2022-44704 - Microsoft Windows System Monitor (Sysmon) Elevation of Privilege Vulnerability
    Published: December 13, 2022; 2:15:14 PM -0500

    V3.1: 7.8 HIGH

  • CVE-2023-24585 - An out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.
    Published: November 14, 2023; 5:15:26 AM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2022-44708 - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
    Published: December 13, 2022; 2:15:14 PM -0500

    V3.1: 8.3 HIGH

  • CVE-2022-28143 - A cross-site request forgery (CSRF) vulnerability in Jenkins Proxmox Plugin 0.7.0 and earlier allows attackers to connect to an attacker-specified host using attacker-specified username and password (perform a connection test), disable SSL/TLS val... read CVE-2022-28143
    Published: March 29, 2022; 9:15:08 AM -0400

    V3.1: 6.5 MEDIUM
    V2.0: 4.0 MEDIUM

  • CVE-2022-28142 - Jenkins Proxmox Plugin 0.6.0 and earlier disables SSL/TLS certificate validation globally for the Jenkins controller JVM when configured to ignore SSL/TLS issues.
    Published: March 29, 2022; 9:15:08 AM -0400

    V3.1: 7.5 HIGH
    V2.0: 4.3 MEDIUM

  • CVE-2022-28141 - Jenkins Proxmox Plugin 0.5.0 and earlier stores the Proxmox Datacenter password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
    Published: March 29, 2022; 9:15:08 AM -0400

    V3.1: 6.5 MEDIUM
    V2.0: 4.0 MEDIUM

  • CVE-2023-6084 - A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this issue is some unknown functionality of the file general/vehicle/checkup/delete.php. The manipulation of the argument VU_ID leads to sql injection. ... read CVE-2023-6084
    Published: November 12, 2023; 6:15:07 AM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2022-28140 - Jenkins Flaky Test Handler Plugin 1.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
    Published: March 29, 2022; 9:15:08 AM -0400

    V3.1: 8.1 HIGH
    V2.0: 5.5 MEDIUM