U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

Icon for CISA Known Exploited Vulnerabilities Catalog Announcement
New Parameters
Icon for CVMAP
Changes to Data Feeds and API
Icon for CVSS
Retirement of CVSS v2

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2022-37451 - Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc.
    Published: August 06, 2022; 2:15:08 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2022-27944 - Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow an exportXFAData NULL pointer dereference.
    Published: August 06, 2022; 4:15:08 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2022-26979 - Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow a NULL pointer dereference when this.Span is used for oState of Collab.addStateModel, because this.Span.text can be NULL.
    Published: August 06, 2022; 5:15:08 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2022-34844 - In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, and all versions of BIG-IQ 8.x, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG-IP or BIG-IQ on Amazon Web Services (AWS) system... read CVE-2022-34844
    Published: August 04, 2022; 2:15:10 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2022-34655 - In BIG-IP Versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an iRule containing the HTTP::payload command is configured on a virtual server, undisclosed traffic can cause Traffic Management Microkernel (TMM) t... read CVE-2022-34655
    Published: August 04, 2022; 2:15:10 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2022-34651 - In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, when an LTM Client or Server SSL profile with TLS 1.3 enabled is configured on a virtual server, along with an iRule that calls HTTP::respond, undisclosed requests can cause the... read CVE-2022-34651
    Published: August 04, 2022; 2:15:10 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2022-33968 - In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, when an LTM monitor or APM SSO is configured on a virtual server, and NTLM challenge-response is in use,... read CVE-2022-33968
    Published: August 04, 2022; 2:15:09 PM -0400

    V3.1: 4.9 MEDIUM

  • CVE-2022-33962 - In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, certain iRules commands may allow an attacker to bypass the access control restrictions for a self IP ad... read CVE-2022-33962
    Published: August 04, 2022; 2:15:09 PM -0400

    V3.1: 6.7 MEDIUM

  • CVE-2022-33947 - In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, a vulnerability exists in undisclosed pages of the BIG-IP DNS Traffic Management User Interface (TMUI) that allows an authenticated ... read CVE-2022-33947
    Published: August 04, 2022; 2:15:09 PM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2022-33203 - In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when a BIG-IP APM access policy with Service Connect agent is configured on a virtual server, undisclosed requests can cause an increase in memory resource ... read CVE-2022-33203
    Published: August 04, 2022; 2:15:09 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2022-32455 - In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when a BIG-IP LTM Client SSL profile is configured on a virtual server to perform client certificate authentication with session t... read CVE-2022-32455
    Published: August 04, 2022; 2:15:09 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2022-31473 - In BIG-IP Versions 16.1.x before 16.1.1 and 15.1.x before 15.1.4, when running in Appliance mode, an authenticated attacker may be able to bypass Appliance mode restrictions due to a directory traversal vulnerability in an undisclosed page within ... read CVE-2022-31473
    Published: August 04, 2022; 2:15:09 PM -0400

    V3.1: 7.7 HIGH

  • CVE-2022-31119 - Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions of Nextcloud mail would log user passwords to disk in the event of a misconfiguration. Should an attacker gain access to the logs complete access to... read CVE-2022-31119
    Published: August 04, 2022; 2:15:09 PM -0400

    V3.1: 4.9 MEDIUM

  • CVE-2022-36839 - SQL injection vulnerability via IAPService in Samsung Checkout prior to version 5.0.53.1 allows attackers to access IAP information.
    Published: August 05, 2022; 12:15:15 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2022-31614 - NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin) where it may double-free some resources. An attacker may exploit this vulnerability with other vulnerabilities to cause denial of service, code execution, and i... read CVE-2022-31614
    Published: August 05, 2022; 5:15:08 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2022-31609 - NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows the guest VM to allocate resources for which the guest is not authorized. This vulnerability may lead to loss of data integrity and confidentia... read CVE-2022-31609
    Published: August 05, 2022; 5:15:08 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2022-2681 - A vulnerability classified as problematic was found in SourceCodester Online Student Admission System. Affected by this vulnerability is an unknown functionality of the file edit-profile.php of the component Student User Page. The manipulation wit... read CVE-2022-2681
    Published: August 05, 2022; 5:15:08 PM -0400

    V3.1: 6.1 MEDIUM

  • CVE-2022-2680 - A vulnerability classified as critical has been found in SourceCodester Church Management System 1.0. Affected is an unknown function of the file /login.php. The manipulation of the argument username with the input ' OR (SELECT 7064 FROM(SELECT CO... read CVE-2022-2680
    Published: August 05, 2022; 5:15:08 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2022-2678 - A vulnerability was found in SourceCodester Alphaware Simple E-Commerce System. It has been declared as critical. This vulnerability affects unknown code of the file admin_feature.php of the component Background Management Page. The manipulation l... read CVE-2022-2678
    Published: August 05, 2022; 5:15:08 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2022-35735 - In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, an authenticated attacker with Resource Administrator or Manager privileges can create or modify existing monitor objects in the... read CVE-2022-35735
    Published: August 04, 2022; 2:15:10 PM -0400

    V3.1: 7.2 HIGH