U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
The letters N V D typed out in binary
New 2.0 APIs
Emphasis on APIs for web automation
2022-23 Change Timeline
Icon for CISA Known Exploited Vulnerabilities Catalog Announcement
New Parameters

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2023-32823 - In rpmb , there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07912966; Issue... read CVE-2023-32823
    Published: October 01, 2023; 11:15:09 PM -0400

    V3.1: 6.7 MEDIUM

  • CVE-2023-32822 - In ftm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07994229; Issue... read CVE-2023-32822
    Published: October 01, 2023; 11:15:09 PM -0400

    V3.1: 6.7 MEDIUM

  • CVE-2023-32821 - In video, there is a possible out of bounds write due to a permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08013430; Issue... read CVE-2023-32821
    Published: October 01, 2023; 11:15:09 PM -0400

    V3.1: 6.7 MEDIUM

  • CVE-2023-32820 - In wlan firmware, there is a possible firmware assertion due to improper input handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS079... read CVE-2023-32820
    Published: October 01, 2023; 11:15:09 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2023-32830 - In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03802522; Issu... read CVE-2023-32830
    Published: October 01, 2023; 11:15:10 PM -0400

    V3.1: 6.7 MEDIUM

  • CVE-2023-32819 - In display, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993705;... read CVE-2023-32819
    Published: October 01, 2023; 11:15:09 PM -0400

    V3.1: 4.4 MEDIUM

  • CVE-2023-20819 - In CDMA PPP protocol, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID... read CVE-2023-20819
    Published: October 01, 2023; 11:15:09 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2023-38871 - The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer has a user enumeration vulnerability in the login and forgot password functionalities. The app reacts differently when a user or email address is valid, and when it's not. This ... read CVE-2023-38871
    Published: September 28, 2023; 12:15:12 AM -0400

    V3.1: 5.3 MEDIUM

  • CVE-2022-47186 - There is an unrestricted upload of file vulnerability in Generex CS141 below 2.06 version. An attacker could upload and/or delete any type of file, without any format restriction and without any authentication, in the "upload" directory.
    Published: September 28, 2023; 10:15:16 AM -0400

    V3.1: 9.1 CRITICAL

  • CVE-2023-43044 - IBM License Metric Tool 9.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: ... read CVE-2023-43044
    Published: September 28, 2023; 2:15:11 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2023-43663 - PrestaShop is an Open Source e-commerce web application. In affected versions any module can be disabled or uninstalled from back office, even with low user right. This allows low privileged users to disable portions of a shops functionality. Comm... read CVE-2023-43663
    Published: September 28, 2023; 3:15:10 PM -0400

    V3.1: 4.3 MEDIUM

  • CVE-2023-43664 - PrestaShop is an Open Source e-commerce web application. In the Prestashop Back office interface, an employee can list all modules without any access rights: method `ajaxProcessGetPossibleHookingListForModule` doesn't check access rights. This iss... read CVE-2023-43664
    Published: September 28, 2023; 3:15:10 PM -0400

    V3.1: 4.3 MEDIUM

  • CVE-2023-38872 - An Insecure Direct Object Reference (IDOR) vulnerability in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the atta... read CVE-2023-38872
    Published: September 28, 2023; 12:15:12 AM -0400

    V3.1: 3.7 LOW

  • CVE-2023-38870 - A SQL injection vulnerability exists in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1. The cash book has a feature to list accomplishments by category, and the 'category_id' parameter is vulnerable to SQL Injection.
    Published: September 28, 2023; 12:15:11 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2023-44273 - Consensys gnark-crypto through 0.11.2 allows Signature Malleability. This occurs because deserialisation of EdDSA and ECDSA signatures does not ensure that the data is in a certain interval.
    Published: September 28, 2023; 12:15:12 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2023-38873 - The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on... read CVE-2023-38873
    Published: September 28, 2023; 12:15:12 AM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2022-47187 - There is a file upload XSS vulnerability in Generex CS141 below 2.06 version. The web application allows file uploading, making it possible to upload a file with HTML content. When HTML files are allowed, XSS payload can be injected into the uploa... read CVE-2022-47187
    Published: September 28, 2023; 10:15:17 AM -0400

    V3.1: 6.1 MEDIUM

  • CVE-2023-44080 - An issue in PGYER codefever v.2023.8.14-2ce4006 allows a remote attacker to execute arbitrary code via a crafted request to the branchList component.
    Published: September 27, 2023; 6:15:11 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2023-5112 - Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "specials_type_name[1]" parameter, potentially leading to unauthorized execution of scripts within a u... read CVE-2023-5112
    Published: September 30, 2023; 7:15:40 PM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2023-5323 - Cross-site Scripting (XSS) - Generic in GitHub repository dolibarr/dolibarr prior to 18.0.
    Published: September 30, 2023; 9:15:24 PM -0400

    V3.1: 6.1 MEDIUM