U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
The letters N V D typed out in binary
New 2.0 APIs
Emphasis on APIs for web automation
2022-23 Change Timeline
Icon for CISA Known Exploited Vulnerabilities Catalog Announcement
New Parameters

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2015-10105 - A vulnerability, which was classified as critical, was found in IP Blacklist Cloud Plugin up to 3.42 on WordPress. This affects the function valid_js_identifier of the file ip_blacklist_cloud.php of the component CSV File Import. The manipulation ... read CVE-2015-10105
    Published: April 30, 2023; 10:15:39 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2023-27108 - An issue was discovered in KaiOS 3.0. The pre-installed Communications application exposes a Web Activity that returns the user's call log without origin or permission checks. An attacker can inject a JavaScript payload that runs in a browser or a... read CVE-2023-27108
    Published: May 01, 2023; 6:15:09 PM -0400

    V3.1: 5.3 MEDIUM

  • CVE-2023-27035 - An issue discovered in Obsidian Canvas 1.1.9 allows remote attackers to send desktop notifications, record user audio and other unspecified impacts via embedded website on the canvas page.
    Published: May 01, 2023; 6:15:09 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2023-2424 - A vulnerability was found in DedeCMS 5.7.106 and classified as critical. Affected by this issue is the function UpDateMemberModCache of the file uploads/dede/config.php. The manipulation leads to unrestricted upload. The attack may be launched rem... read CVE-2023-2424
    Published: April 29, 2023; 4:15:11 AM -0400

    V3.1: 8.8 HIGH

  • CVE-2023-2236 - A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Both io_install_fixed_file and its callers call fput in a file in case of an error, causing a reference underflow which ... read CVE-2023-2236
    Published: May 01, 2023; 9:15:44 AM -0400

    V3.1: 7.8 HIGH

  • CVE-2023-2248 - A heap out-of-bounds read/write vulnerability in the Linux Kernel traffic control (QoS) subsystem can be exploited to achieve local privilege escalation. The qfq_change_class function does not properly limit the lmax variable which can lead to ou... read CVE-2023-2248
    Published: May 01, 2023; 9:15:44 AM -0400

    V3.1: 7.8 HIGH

  • CVE-2023-2197 - HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKM_AES_CBC_PAD or CKM_AES_CBC encryption mechanisms. An attacker with privileges to modify storage and restart Vault... read CVE-2023-2197
    Published: May 01, 2023; 4:15:14 PM -0400

    V3.1: 2.5 LOW

  • CVE-2023-22923 - A format string vulnerability in a binary of the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker to cause denial-of-service (DoS) conditions on an affected device.
    Published: May 01, 2023; 1:15:09 PM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2023-25786 - Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Thom Stark Eyes Only: User Access Shortcode plugin <= 1.8.2 versions.
    Published: May 03, 2023; 7:15:13 AM -0400

    V3.1: 4.8 MEDIUM

  • CVE-2023-25784 - Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bon Plan Gratos Sticky Ad Bar plugin <= 1.3.1 versions.
    Published: May 03, 2023; 7:15:13 AM -0400

    V3.1: 4.8 MEDIUM

  • CVE-2023-30063 - D-Link DIR-890L FW1.10 A1 is vulnerable to Authentication bypass.
    Published: May 01, 2023; 10:15:09 AM -0400

    V3.1: 7.5 HIGH

  • CVE-2023-30061 - D-Link DIR-879 v105A1 is vulnerable to Authentication Bypass via phpcgi.
    Published: May 01, 2023; 10:15:09 AM -0400

    V3.1: 7.5 HIGH

  • CVE-2023-26987 - An issue discovered in Konga 0.14.9 allows remote attackers to manipulate user accounts regardless of privilege via crafted POST request.
    Published: May 01, 2023; 6:15:09 PM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2022-35898 - OpenText BizManager before 16.6.0.1 does not perform proper validation during the change-password operation. This allows any authenticated user to change the password of any other user, including the Administrator account.
    Published: May 01, 2023; 4:15:14 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2023-22924 - A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker with administrator privileges to cause denial-of-service (DoS) conditions by executing crafted CLI com... read CVE-2023-22924
    Published: May 01, 2023; 1:15:09 PM -0400

    V3.1: 4.9 MEDIUM

  • CVE-2023-29639 - Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via editing an article in the "blog article" page due to the default configuration not utilizing MyBlogUtils.cleanString.
    Published: May 01, 2023; 12:15:11 PM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2023-29641 - Cross Site Scripting (XSS) vulnerability in pandao editor.md thru 1.5.0 allows attackers to inject arbitrary web script or HTML via crafted markdown text.
    Published: May 01, 2023; 12:15:11 PM -0400

    V3.1: 6.1 MEDIUM

  • CVE-2023-29643 - Cross Site Scripting (XSS) vulnerability in PerfreeBlog 3.1.2 allows attackers to execute arbitrary code via the Post function.
    Published: May 01, 2023; 12:15:11 PM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2023-25783 - Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex Moss FireCask Like & Share Button plugin <= 1.1.5 versions.
    Published: May 03, 2023; 7:15:13 AM -0400

    V3.1: 4.8 MEDIUM

  • CVE-2023-2425 - A vulnerability was found in SourceCodester Simple Student Information System 1.0. It has been classified as problematic. This affects an unknown part of the file /classes/Master.php?f=save_course of the component Add New Course. The manipulation ... read CVE-2023-2425
    Published: April 29, 2023; 4:15:11 AM -0400

    V3.1: 4.8 MEDIUM