U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

NOTICE UPDATED - May, 29th 2024

The NVD has a new announcement page with status updates, news, and how to stay connected!


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2024-37988 - Secure Boot Security Feature Bypass Vulnerability
    Published: July 09, 2024; 1:15:26 PM -0400

    V3.1: 8.0 HIGH

  • CVE-2024-37986 - Secure Boot Security Feature Bypass Vulnerability
    Published: July 09, 2024; 1:15:25 PM -0400

    V3.1: 8.0 HIGH

  • CVE-2024-38011 - Secure Boot Security Feature Bypass Vulnerability
    Published: July 09, 2024; 1:15:26 PM -0400

    V3.1: 8.0 HIGH

  • CVE-2024-38010 - Secure Boot Security Feature Bypass Vulnerability
    Published: July 09, 2024; 1:15:26 PM -0400

    V3.1: 8.0 HIGH

  • CVE-2024-37989 - Secure Boot Security Feature Bypass Vulnerability
    Published: July 09, 2024; 1:15:26 PM -0400

    V3.1: 8.0 HIGH

  • CVE-2024-37987 - Secure Boot Security Feature Bypass Vulnerability
    Published: July 09, 2024; 1:15:25 PM -0400

    V3.1: 8.0 HIGH

  • CVE-2024-6035 - A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410. This vulnerability allows an attacker to inject malicious JavaScript code into the chat history file. When a victim uploads this file, the mal... read CVE-2024-6035
    Published: July 11, 2024; 7:15:09 AM -0400

    V3.1: 6.1 MEDIUM

  • CVE-2024-28872 - The TLS certificate validation code is flawed. An attacker can obtain a TLS certificate from the Stork server and use it to connect to the Stork agent. Once this connection is established with the valid certificate, the attacker can send malicious... read CVE-2024-28872
    Published: July 11, 2024; 11:15:11 AM -0400

    V3.1: 8.1 HIGH

  • CVE-2024-37151 - Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Mishandling of multiple fragmented packets using the same IP ID value can lead to packet reassembly failure, which can lead to p... read CVE-2024-37151
    Published: July 11, 2024; 11:15:11 AM -0400

    V3.1: 7.5 HIGH

  • CVE-2024-38534 - Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Crafted modbus traffic can lead to unlimited resource accumulation within a flow. Upgrade to 7.0.6. Set a limited stream.reassemb... read CVE-2024-38534
    Published: July 11, 2024; 11:15:12 AM -0400

    V3.1: 7.5 HIGH

  • CVE-2024-38535 - Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6.
    Published: July 11, 2024; 11:15:12 AM -0400

    V3.1: 7.5 HIGH

  • CVE-2024-38536 - Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. A memory allocation failure due to `http.memcap` being reached leads to a NULL-ptr reference leading to a crash. Upgrade to 7.0.6.
    Published: July 11, 2024; 11:15:12 AM -0400

    V3.1: 7.5 HIGH

  • CVE-2024-40518 - SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_weixin.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vul... read CVE-2024-40518
    Published: July 12, 2024; 12:15:04 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2024-40519 - SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_smtp.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulne... read CVE-2024-40519
    Published: July 12, 2024; 12:15:04 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2024-40520 - SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_config_mark.php directly splicing and writing the user input data into inc_photowatermark_config.php without processing it, which allows authenticated atta... read CVE-2024-40520
    Published: July 12, 2024; 12:15:04 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2024-40521 - SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is due to the fact that although admin_template.php imposes certain restrictions on the edited file, attackers can still bypass the restrictions and write code in some way, a... read CVE-2024-40521
    Published: July 12, 2024; 12:15:05 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2024-40522 - There is a remote code execution vulnerability in SeaCMS 12.9. The vulnerability is caused by phomebak.php writing some variable names passed in without filtering them before writing them into the php file. An authenticated attacker can exploit th... read CVE-2024-40522
    Published: July 12, 2024; 12:15:05 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2024-40539 - my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/user.
    Published: July 12, 2024; 12:15:05 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2024-40540 - my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept.
    Published: July 12, 2024; 12:15:05 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2024-40541 - my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept/build.
    Published: July 12, 2024; 12:15:05 PM -0400

    V3.1: 9.8 CRITICAL

Created September 20, 2022 , Updated June 27, 2024