U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
The letters N V D typed out in binary
New 2.0 APIs
Emphasis on APIs for web automation
2022-23 Change Timeline
Icon for CISA Known Exploited Vulnerabilities Catalog Announcement
New Parameters

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2022-44096 - Sanitization Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel.
    Published: November 30, 2022; 12:15:11 AM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2022-44097 - Book Store Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel.
    Published: November 30, 2022; 12:15:11 AM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2022-4222 - A vulnerability was found in SourceCodester Canteen Management System. It has been rated as critical. This issue affects the function query of the file ajax_invoice.php of the component POST Request Handler. The manipulation of the argument search... read CVE-2022-4222
    Published: November 30, 2022; 2:15:09 AM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2022-4228 - A vulnerability classified as problematic has been found in SourceCodester Book Store Management System 1.0. This affects an unknown part of the file /bsms_ci/index.php/user/edit_user/. The manipulation of the argument password leads to informatio... read CVE-2022-4228
    Published: November 30, 2022; 7:15:10 AM -0500

    V3.1: 7.5 HIGH

  • CVE-2022-4229 - A vulnerability classified as critical was found in SourceCodester Book Store Management System 1.0. This vulnerability affects unknown code of the file /bsms_ci/index.php. The manipulation leads to improper access controls. The attack can be init... read CVE-2022-4229
    Published: November 30, 2022; 7:15:10 AM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2022-4232 - A vulnerability, which was classified as critical, was found in SourceCodester Event Registration System 1.0. Affected is an unknown function. The manipulation of the argument cmd leads to unrestricted upload. It is possible to launch the attack r... read CVE-2022-4232
    Published: November 30, 2022; 7:15:10 AM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2022-4177 - Use after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install an extension to potentially exploit heap corruption via a crafted Chrome Extension and UI interaction. (Chromium security seve... read CVE-2022-4177
    Published: November 29, 2022; 7:15:10 PM -0500

    V3.1: 8.8 HIGH

  • CVE-2022-4178 - Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
    Published: November 29, 2022; 7:15:10 PM -0500

    V3.1: 8.8 HIGH

  • CVE-2022-4179 - Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
    Published: November 29, 2022; 7:15:10 PM -0500

    V3.1: 8.8 HIGH

  • CVE-2022-4180 - Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
    Published: November 29, 2022; 7:15:10 PM -0500

    V3.1: 8.8 HIGH

  • CVE-2022-4181 - Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
    Published: November 29, 2022; 7:15:10 PM -0500

    V3.1: 8.8 HIGH

  • CVE-2022-4182 - Inappropriate implementation in Fenced Frames in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass fenced frame restrictions via a crafted HTML page. (Chromium security severity: Medium)
    Published: November 29, 2022; 7:15:10 PM -0500

    V3.1: 4.3 MEDIUM

  • CVE-2022-4183 - Insufficient policy enforcement in Popup Blocker in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
    Published: November 29, 2022; 7:15:10 PM -0500

    V3.1: 4.3 MEDIUM

  • CVE-2022-4184 - Insufficient policy enforcement in Autofill in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Medium)
    Published: November 29, 2022; 7:15:10 PM -0500

    V3.1: 4.3 MEDIUM

  • CVE-2022-4185 - Inappropriate implementation in Navigation in Google Chrome on iOS prior to 108.0.5359.71 allowed a remote attacker to spoof the contents of the modal dialogue via a crafted HTML page. (Chromium security severity: Medium)
    Published: November 29, 2022; 7:15:10 PM -0500

    V3.1: 4.3 MEDIUM

  • CVE-2022-4176 - Out of bounds write in Lacros Graphics in Google Chrome on Chrome OS and Lacros prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions.... read CVE-2022-4176
    Published: November 29, 2022; 7:15:10 PM -0500

    V3.1: 8.8 HIGH

  • CVE-2022-4175 - Use after free in Camera Capture in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
    Published: November 29, 2022; 7:15:10 PM -0500

    V3.1: 8.8 HIGH

  • CVE-2022-4174 - Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
    Published: November 29, 2022; 7:15:09 PM -0500

    V3.1: 8.8 HIGH

  • CVE-2022-4186 - Insufficient validation of untrusted input in Downloads in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass Downloads restrictions via a crafted HTML page. (Chromium security ... read CVE-2022-4186
    Published: November 29, 2022; 7:15:10 PM -0500

    V3.1: 4.3 MEDIUM

  • CVE-2022-4187 - Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)
    Published: November 29, 2022; 7:15:10 PM -0500

    V3.1: 6.5 MEDIUM